- Linux-stable-mirror - lists.linaro.org

Patch "MIPS: Implement __multi3 for GCC7 MIPS64r6 builds" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled MIPS: Implement __multi3 for GCC7 MIPS64r6 builds to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mips-implement-__multi3-for-gcc7-mips64r6-builds.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ebabcf17bcd7ce968b1631ebe08236275698f39b Mon Sep 17 00:00:00 2001 From: James Hogan <jhogan(a)kernel.org> Date: Thu, 7 Dec 2017 07:20:46 +0000 Subject: MIPS: Implement __multi3 for GCC7 MIPS64r6 builds From: James Hogan <jhogan(a)kernel.org> commit ebabcf17bcd7ce968b1631ebe08236275698f39b upstream. GCC7 is a bit too eager to generate suboptimal __multi3 calls (128bit multiply with 128bit result) for MIPS64r6 builds, even in code which doesn't explicitly use 128bit types, such as the following: unsigned long func(unsigned long a, unsigned long b) { return a > (~0UL) / b; } Which GCC rearanges to: return (unsigned __int128)a * (unsigned __int128)b > 0xffffffffffffffff; Therefore implement __multi3, but only for MIPS64r6 with GCC7 as under normal circumstances we wouldn't expect any calls to __multi3 to be generated from kernel code. Reported-by: Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> Signed-off-by: James Hogan <jhogan(a)kernel.org> Tested-by: Waldemar Brodkorb <wbx(a)openadk.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Maciej W. Rozycki <macro(a)mips.com> Cc: Matthew Fortune <matthew.fortune(a)mips.com> Cc: Florian Fainelli <florian(a)openwrt.org> Cc: linux-mips(a)linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/17890/ Cc: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/mips/lib/Makefile | 3 +- arch/mips/lib/libgcc.h | 17 +++++++++++++++ arch/mips/lib/multi3.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) --- a/arch/mips/lib/Makefile +++ b/arch/mips/lib/Makefile @@ -15,4 +15,5 @@ obj-$(CONFIG_CPU_R3000) += r3k_dump_tlb obj-$(CONFIG_CPU_TX39XX) += r3k_dump_tlb.o # libgcc-style stuff needed in the kernel -obj-y += ashldi3.o ashrdi3.o bswapsi.o bswapdi.o cmpdi2.o lshrdi3.o ucmpdi2.o +obj-y += ashldi3.o ashrdi3.o bswapsi.o bswapdi.o cmpdi2.o lshrdi3.o multi3.o \ + ucmpdi2.o --- a/arch/mips/lib/libgcc.h +++ b/arch/mips/lib/libgcc.h @@ -9,10 +9,18 @@ typedef int word_type __attribute__ ((mo struct DWstruct { int high, low; }; + +struct TWstruct { + long long high, low; +}; #elif defined(__LITTLE_ENDIAN) struct DWstruct { int low, high; }; + +struct TWstruct { + long long low, high; +}; #else #error I feel sick. #endif @@ -22,4 +30,13 @@ typedef union { long long ll; } DWunion; +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) +typedef int ti_type __attribute__((mode(TI))); + +typedef union { + struct TWstruct s; + ti_type ti; +} TWunion; +#endif + #endif /* __ASM_LIBGCC_H */ --- /dev/null +++ b/arch/mips/lib/multi3.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/export.h> + +#include "libgcc.h" + +/* + * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that + * specific case only we'll implement it here. + * + * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981 + */ +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7) + +/* multiply 64-bit values, low 64-bits returned */ +static inline long long notrace dmulu(long long a, long long b) +{ + long long res; + + asm ("dmulu %0,%1,%2" : "=r" (res) : "r" (a), "r" (b)); + return res; +} + +/* multiply 64-bit unsigned values, high 64-bits of 128-bit result returned */ +static inline long long notrace dmuhu(long long a, long long b) +{ + long long res; + + asm ("dmuhu %0,%1,%2" : "=r" (res) : "r" (a), "r" (b)); + return res; +} + +/* multiply 128-bit values, low 128-bits returned */ +ti_type notrace __multi3(ti_type a, ti_type b) +{ + TWunion res, aa, bb; + + aa.ti = a; + bb.ti = b; + + /* + * a * b = (a.lo * b.lo) + * + 2^64 * (a.hi * b.lo + a.lo * b.hi) + * [+ 2^128 * (a.hi * b.hi)] + */ + res.s.low = dmulu(aa.s.low, bb.s.low); + res.s.high = dmuhu(aa.s.low, bb.s.low); + res.s.high += dmulu(aa.s.high, bb.s.low); + res.s.high += dmulu(aa.s.low, bb.s.high); + + return res.ti; +} +EXPORT_SYMBOL(__multi3); + +#endif /* 64BIT && CPU_MIPSR6 && GCC7 */ Patches currently in stable-queue which might be from jhogan(a)kernel.org are queue-4.9/lib-mpi-fix-umul_ppmm-for-mips64r6.patch queue-4.9/mips-implement-__multi3-for-gcc7-mips64r6-builds.patch

7 years, 2 months

1
0
0 0

Patch "MIPS: Implement __multi3 for GCC7 MIPS64r6 builds" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled MIPS: Implement __multi3 for GCC7 MIPS64r6 builds to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mips-implement-__multi3-for-gcc7-mips64r6-builds.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ebabcf17bcd7ce968b1631ebe08236275698f39b Mon Sep 17 00:00:00 2001 From: James Hogan <jhogan(a)kernel.org> Date: Thu, 7 Dec 2017 07:20:46 +0000 Subject: MIPS: Implement __multi3 for GCC7 MIPS64r6 builds From: James Hogan <jhogan(a)kernel.org> commit ebabcf17bcd7ce968b1631ebe08236275698f39b upstream. GCC7 is a bit too eager to generate suboptimal __multi3 calls (128bit multiply with 128bit result) for MIPS64r6 builds, even in code which doesn't explicitly use 128bit types, such as the following: unsigned long func(unsigned long a, unsigned long b) { return a > (~0UL) / b; } Which GCC rearanges to: return (unsigned __int128)a * (unsigned __int128)b > 0xffffffffffffffff; Therefore implement __multi3, but only for MIPS64r6 with GCC7 as under normal circumstances we wouldn't expect any calls to __multi3 to be generated from kernel code. Reported-by: Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> Signed-off-by: James Hogan <jhogan(a)kernel.org> Tested-by: Waldemar Brodkorb <wbx(a)openadk.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Maciej W. Rozycki <macro(a)mips.com> Cc: Matthew Fortune <matthew.fortune(a)mips.com> Cc: Florian Fainelli <florian(a)openwrt.org> Cc: linux-mips(a)linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/17890/ Cc: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/mips/lib/Makefile | 3 +- arch/mips/lib/libgcc.h | 17 +++++++++++++++ arch/mips/lib/multi3.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) --- a/arch/mips/lib/Makefile +++ b/arch/mips/lib/Makefile @@ -15,4 +15,5 @@ obj-$(CONFIG_CPU_R3000) += r3k_dump_tlb obj-$(CONFIG_CPU_TX39XX) += r3k_dump_tlb.o # libgcc-style stuff needed in the kernel -obj-y += ashldi3.o ashrdi3.o bswapsi.o bswapdi.o cmpdi2.o lshrdi3.o ucmpdi2.o +obj-y += ashldi3.o ashrdi3.o bswapsi.o bswapdi.o cmpdi2.o lshrdi3.o multi3.o \ + ucmpdi2.o --- a/arch/mips/lib/libgcc.h +++ b/arch/mips/lib/libgcc.h @@ -9,10 +9,18 @@ typedef int word_type __attribute__ ((mo struct DWstruct { int high, low; }; + +struct TWstruct { + long long high, low; +}; #elif defined(__LITTLE_ENDIAN) struct DWstruct { int low, high; }; + +struct TWstruct { + long long low, high; +}; #else #error I feel sick. #endif @@ -22,4 +30,13 @@ typedef union { long long ll; } DWunion; +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) +typedef int ti_type __attribute__((mode(TI))); + +typedef union { + struct TWstruct s; + ti_type ti; +} TWunion; +#endif + #endif /* __ASM_LIBGCC_H */ --- /dev/null +++ b/arch/mips/lib/multi3.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/export.h> + +#include "libgcc.h" + +/* + * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that + * specific case only we'll implement it here. + * + * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981 + */ +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7) + +/* multiply 64-bit values, low 64-bits returned */ +static inline long long notrace dmulu(long long a, long long b) +{ + long long res; + + asm ("dmulu %0,%1,%2" : "=r" (res) : "r" (a), "r" (b)); + return res; +} + +/* multiply 64-bit unsigned values, high 64-bits of 128-bit result returned */ +static inline long long notrace dmuhu(long long a, long long b) +{ + long long res; + + asm ("dmuhu %0,%1,%2" : "=r" (res) : "r" (a), "r" (b)); + return res; +} + +/* multiply 128-bit values, low 128-bits returned */ +ti_type notrace __multi3(ti_type a, ti_type b) +{ + TWunion res, aa, bb; + + aa.ti = a; + bb.ti = b; + + /* + * a * b = (a.lo * b.lo) + * + 2^64 * (a.hi * b.lo + a.lo * b.hi) + * [+ 2^128 * (a.hi * b.hi)] + */ + res.s.low = dmulu(aa.s.low, bb.s.low); + res.s.high = dmuhu(aa.s.low, bb.s.low); + res.s.high += dmulu(aa.s.high, bb.s.low); + res.s.high += dmulu(aa.s.low, bb.s.high); + + return res.ti; +} +EXPORT_SYMBOL(__multi3); + +#endif /* 64BIT && CPU_MIPSR6 && GCC7 */ Patches currently in stable-queue which might be from jhogan(a)kernel.org are queue-4.4/lib-mpi-fix-umul_ppmm-for-mips64r6.patch queue-4.4/mips-implement-__multi3-for-gcc7-mips64r6-builds.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/pseries: Enable RAS hotplug events later" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/pseries: Enable RAS hotplug events later to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-pseries-enable-ras-hotplug-events-later.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c9dccf1d074a67d36c510845f663980d69e3409b Mon Sep 17 00:00:00 2001 From: Sam Bobroff <sam.bobroff(a)au1.ibm.com> Date: Mon, 12 Feb 2018 11:19:29 +1100 Subject: powerpc/pseries: Enable RAS hotplug events later From: Sam Bobroff <sam.bobroff(a)au1.ibm.com> commit c9dccf1d074a67d36c510845f663980d69e3409b upstream. Currently if the kernel receives a memory hot-unplug event early enough, it may get stuck in an infinite loop in dissolve_free_huge_pages(). This appears as a stall just after: pseries-hotplug-mem: Attempting to hot-remove XX LMB(s) at YYYYYYYY It appears to be caused by "minimum_order" being uninitialized, due to init_ras_IRQ() executing before hugetlb_init(). To correct this, extract the part of init_ras_IRQ() that enables hotplug event processing and place it in the machine_late_initcall phase, which is guaranteed to be after hugetlb_init() is called. Signed-off-by: Sam Bobroff <sam.bobroff(a)au1.ibm.com> Acked-by: Balbir Singh <bsingharora(a)gmail.com> [mpe: Reorder the functions to make the diff readable] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/platforms/pseries/ras.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) --- a/arch/powerpc/platforms/pseries/ras.c +++ b/arch/powerpc/platforms/pseries/ras.c @@ -49,6 +49,28 @@ static irqreturn_t ras_error_interrupt(i /* + * Enable the hotplug interrupt late because processing them may touch other + * devices or systems (e.g. hugepages) that have not been initialized at the + * subsys stage. + */ +int __init init_ras_hotplug_IRQ(void) +{ + struct device_node *np; + + /* Hotplug Events */ + np = of_find_node_by_path("/event-sources/hot-plug-events"); + if (np != NULL) { + if (dlpar_workqueue_init() == 0) + request_event_sources_irqs(np, ras_hotplug_interrupt, + "RAS_HOTPLUG"); + of_node_put(np); + } + + return 0; +} +machine_late_initcall(pseries, init_ras_hotplug_IRQ); + +/* * Initialize handlers for the set of interrupts caused by hardware errors * and power system events. */ @@ -66,15 +88,6 @@ static int __init init_ras_IRQ(void) of_node_put(np); } - /* Hotplug Events */ - np = of_find_node_by_path("/event-sources/hot-plug-events"); - if (np != NULL) { - if (dlpar_workqueue_init() == 0) - request_event_sources_irqs(np, ras_hotplug_interrupt, - "RAS_HOTPLUG"); - of_node_put(np); - } - /* EPOW Events */ np = of_find_node_by_path("/event-sources/epow-events"); if (np != NULL) { Patches currently in stable-queue which might be from sam.bobroff(a)au1.ibm.com are queue-4.15/powerpc-pseries-enable-ras-hotplug-events-later.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-pseries-make-ras-irq-explicitly-dependent-on-dlpar-wq.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 8 Jan 2018 14:54:32 +1100 Subject: powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ From: Michael Ellerman <mpe(a)ellerman.id.au> [ Upstream commit e2d5915293ffdff977ddcfc12b817b08c53ffa7a ] The hotplug code uses its own workqueue to handle IRQ requests (pseries_hp_wq), however that workqueue is initialized after init_ras_IRQ(). That can lead to a kernel panic if any hotplug interrupts fire after init_ras_IRQ() but before pseries_hp_wq is initialised. eg: UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) NET: Registered protocol family 1 Unpacking initramfs... (qemu) object_add memory-backend-ram,id=mem1,size=10G (qemu) device_add pc-dimm,id=dimm1,memdev=mem1 Unable to handle kernel paging request for data at address 0xf94d03007c421378 Faulting instruction address: 0xc00000000012d744 Oops: Kernel access of bad area, sig: 11 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2-ziviani+ #26 task: (ptrval) task.stack: (ptrval) NIP: c00000000012d744 LR: c00000000012d744 CTR: 0000000000000000 REGS: (ptrval) TRAP: 0380 Not tainted (4.15.0-rc2-ziviani+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28088042 XER: 20040000 CFAR: c00000000012d3c4 SOFTE: 0 ... NIP [c00000000012d744] __queue_work+0xd4/0x5c0 LR [c00000000012d744] __queue_work+0xd4/0x5c0 Call Trace: [c0000000fffefb90] [c00000000012d744] __queue_work+0xd4/0x5c0 (unreliable) [c0000000fffefc70] [c00000000012dce4] queue_work_on+0xb4/0xf0 This commit makes the RAS IRQ registration explicitly dependent on the creation of the pseries_hp_wq. Reported-by: Min Deng <mdeng(a)redhat.com> Reported-by: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com> Tested-by: Jose Ricardo Ziviani <joserz(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/platforms/pseries/dlpar.c | 21 ++++++++++++++++++--- arch/powerpc/platforms/pseries/pseries.h | 2 ++ arch/powerpc/platforms/pseries/ras.c | 3 ++- 3 files changed, 22 insertions(+), 4 deletions(-) --- a/arch/powerpc/platforms/pseries/dlpar.c +++ b/arch/powerpc/platforms/pseries/dlpar.c @@ -586,11 +586,26 @@ static ssize_t dlpar_show(struct class * static CLASS_ATTR_RW(dlpar); -static int __init pseries_dlpar_init(void) +int __init dlpar_workqueue_init(void) { + if (pseries_hp_wq) + return 0; + pseries_hp_wq = alloc_workqueue("pseries hotplug workqueue", - WQ_UNBOUND, 1); + WQ_UNBOUND, 1); + + return pseries_hp_wq ? 0 : -ENOMEM; +} + +static int __init dlpar_sysfs_init(void) +{ + int rc; + + rc = dlpar_workqueue_init(); + if (rc) + return rc; + return sysfs_create_file(kernel_kobj, &class_attr_dlpar.attr); } -machine_device_initcall(pseries, pseries_dlpar_init); +machine_device_initcall(pseries, dlpar_sysfs_init); --- a/arch/powerpc/platforms/pseries/pseries.h +++ b/arch/powerpc/platforms/pseries/pseries.h @@ -98,4 +98,6 @@ static inline unsigned long cmo_get_page return CMO_PageSize; } +int dlpar_workqueue_init(void); + #endif /* _PSERIES_PSERIES_H */ --- a/arch/powerpc/platforms/pseries/ras.c +++ b/arch/powerpc/platforms/pseries/ras.c @@ -69,7 +69,8 @@ static int __init init_ras_IRQ(void) /* Hotplug Events */ np = of_find_node_by_path("/event-sources/hot-plug-events"); if (np != NULL) { - request_event_sources_irqs(np, ras_hotplug_interrupt, + if (dlpar_workqueue_init() == 0) + request_event_sources_irqs(np, ras_hotplug_interrupt, "RAS_HOTPLUG"); of_node_put(np); } Patches currently in stable-queue which might be from mpe(a)ellerman.id.au are queue-4.14/powerpc-pseries-make-ras-irq-explicitly-dependent-on-dlpar-wq.patch

7 years, 2 months

3
4
0 0

Patch "powerpc/pseries: Enable RAS hotplug events later" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/pseries: Enable RAS hotplug events later to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-pseries-enable-ras-hotplug-events-later.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c9dccf1d074a67d36c510845f663980d69e3409b Mon Sep 17 00:00:00 2001 From: Sam Bobroff <sam.bobroff(a)au1.ibm.com> Date: Mon, 12 Feb 2018 11:19:29 +1100 Subject: powerpc/pseries: Enable RAS hotplug events later From: Sam Bobroff <sam.bobroff(a)au1.ibm.com> commit c9dccf1d074a67d36c510845f663980d69e3409b upstream. Currently if the kernel receives a memory hot-unplug event early enough, it may get stuck in an infinite loop in dissolve_free_huge_pages(). This appears as a stall just after: pseries-hotplug-mem: Attempting to hot-remove XX LMB(s) at YYYYYYYY It appears to be caused by "minimum_order" being uninitialized, due to init_ras_IRQ() executing before hugetlb_init(). To correct this, extract the part of init_ras_IRQ() that enables hotplug event processing and place it in the machine_late_initcall phase, which is guaranteed to be after hugetlb_init() is called. Signed-off-by: Sam Bobroff <sam.bobroff(a)au1.ibm.com> Acked-by: Balbir Singh <bsingharora(a)gmail.com> [mpe: Reorder the functions to make the diff readable] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/platforms/pseries/ras.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) --- a/arch/powerpc/platforms/pseries/ras.c +++ b/arch/powerpc/platforms/pseries/ras.c @@ -49,6 +49,28 @@ static irqreturn_t ras_error_interrupt(i /* + * Enable the hotplug interrupt late because processing them may touch other + * devices or systems (e.g. hugepages) that have not been initialized at the + * subsys stage. + */ +int __init init_ras_hotplug_IRQ(void) +{ + struct device_node *np; + + /* Hotplug Events */ + np = of_find_node_by_path("/event-sources/hot-plug-events"); + if (np != NULL) { + if (dlpar_workqueue_init() == 0) + request_event_sources_irqs(np, ras_hotplug_interrupt, + "RAS_HOTPLUG"); + of_node_put(np); + } + + return 0; +} +machine_late_initcall(pseries, init_ras_hotplug_IRQ); + +/* * Initialize handlers for the set of interrupts caused by hardware errors * and power system events. */ @@ -66,15 +88,6 @@ static int __init init_ras_IRQ(void) of_node_put(np); } - /* Hotplug Events */ - np = of_find_node_by_path("/event-sources/hot-plug-events"); - if (np != NULL) { - if (dlpar_workqueue_init() == 0) - request_event_sources_irqs(np, ras_hotplug_interrupt, - "RAS_HOTPLUG"); - of_node_put(np); - } - /* EPOW Events */ np = of_find_node_by_path("/event-sources/epow-events"); if (np != NULL) { Patches currently in stable-queue which might be from sam.bobroff(a)au1.ibm.com are queue-4.14/powerpc-pseries-enable-ras-hotplug-events-later.patch

7 years, 2 months

1
0
0 0

Patch "MIPS: Implement __multi3 for GCC7 MIPS64r6 builds" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled MIPS: Implement __multi3 for GCC7 MIPS64r6 builds to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mips-implement-__multi3-for-gcc7-mips64r6-builds.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ebabcf17bcd7ce968b1631ebe08236275698f39b Mon Sep 17 00:00:00 2001 From: James Hogan <jhogan(a)kernel.org> Date: Thu, 7 Dec 2017 07:20:46 +0000 Subject: MIPS: Implement __multi3 for GCC7 MIPS64r6 builds From: James Hogan <jhogan(a)kernel.org> commit ebabcf17bcd7ce968b1631ebe08236275698f39b upstream. GCC7 is a bit too eager to generate suboptimal __multi3 calls (128bit multiply with 128bit result) for MIPS64r6 builds, even in code which doesn't explicitly use 128bit types, such as the following: unsigned long func(unsigned long a, unsigned long b) { return a > (~0UL) / b; } Which GCC rearanges to: return (unsigned __int128)a * (unsigned __int128)b > 0xffffffffffffffff; Therefore implement __multi3, but only for MIPS64r6 with GCC7 as under normal circumstances we wouldn't expect any calls to __multi3 to be generated from kernel code. Reported-by: Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> Signed-off-by: James Hogan <jhogan(a)kernel.org> Tested-by: Waldemar Brodkorb <wbx(a)openadk.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Maciej W. Rozycki <macro(a)mips.com> Cc: Matthew Fortune <matthew.fortune(a)mips.com> Cc: Florian Fainelli <florian(a)openwrt.org> Cc: linux-mips(a)linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/17890/ Cc: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/mips/lib/Makefile | 3 +- arch/mips/lib/libgcc.h | 17 +++++++++++++++ arch/mips/lib/multi3.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) --- a/arch/mips/lib/Makefile +++ b/arch/mips/lib/Makefile @@ -16,4 +16,5 @@ obj-$(CONFIG_CPU_R3000) += r3k_dump_tlb obj-$(CONFIG_CPU_TX39XX) += r3k_dump_tlb.o # libgcc-style stuff needed in the kernel -obj-y += ashldi3.o ashrdi3.o bswapsi.o bswapdi.o cmpdi2.o lshrdi3.o ucmpdi2.o +obj-y += ashldi3.o ashrdi3.o bswapsi.o bswapdi.o cmpdi2.o lshrdi3.o multi3.o \ + ucmpdi2.o --- a/arch/mips/lib/libgcc.h +++ b/arch/mips/lib/libgcc.h @@ -10,10 +10,18 @@ typedef int word_type __attribute__ ((mo struct DWstruct { int high, low; }; + +struct TWstruct { + long long high, low; +}; #elif defined(__LITTLE_ENDIAN) struct DWstruct { int low, high; }; + +struct TWstruct { + long long low, high; +}; #else #error I feel sick. #endif @@ -23,4 +31,13 @@ typedef union { long long ll; } DWunion; +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) +typedef int ti_type __attribute__((mode(TI))); + +typedef union { + struct TWstruct s; + ti_type ti; +} TWunion; +#endif + #endif /* __ASM_LIBGCC_H */ --- /dev/null +++ b/arch/mips/lib/multi3.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/export.h> + +#include "libgcc.h" + +/* + * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that + * specific case only we'll implement it here. + * + * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981 + */ +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7) + +/* multiply 64-bit values, low 64-bits returned */ +static inline long long notrace dmulu(long long a, long long b) +{ + long long res; + + asm ("dmulu %0,%1,%2" : "=r" (res) : "r" (a), "r" (b)); + return res; +} + +/* multiply 64-bit unsigned values, high 64-bits of 128-bit result returned */ +static inline long long notrace dmuhu(long long a, long long b) +{ + long long res; + + asm ("dmuhu %0,%1,%2" : "=r" (res) : "r" (a), "r" (b)); + return res; +} + +/* multiply 128-bit values, low 128-bits returned */ +ti_type notrace __multi3(ti_type a, ti_type b) +{ + TWunion res, aa, bb; + + aa.ti = a; + bb.ti = b; + + /* + * a * b = (a.lo * b.lo) + * + 2^64 * (a.hi * b.lo + a.lo * b.hi) + * [+ 2^128 * (a.hi * b.hi)] + */ + res.s.low = dmulu(aa.s.low, bb.s.low); + res.s.high = dmuhu(aa.s.low, bb.s.low); + res.s.high += dmulu(aa.s.high, bb.s.low); + res.s.high += dmulu(aa.s.low, bb.s.high); + + return res.ti; +} +EXPORT_SYMBOL(__multi3); + +#endif /* 64BIT && CPU_MIPSR6 && GCC7 */ Patches currently in stable-queue which might be from jhogan(a)kernel.org are queue-4.14/lib-mpi-fix-umul_ppmm-for-mips64r6.patch queue-4.14/mips-implement-__multi3-for-gcc7-mips64r6-builds.patch

7 years, 2 months

1
0
0 0

Please apply commit ebabcf17bcd7 to stable release kernels (4.4..4.14)

by Guenter Roeck

Hi Greg, please apply commit ebabcf17bcd7 ("MIPS: Implement __multi3 for GCC7 MIPS64r6 builds") to linux-4.4.y .. linux-4.14.y to fix the following build problem, seen when building mipsr6 images with gcc 7.3.0. crypto/scompress.o: In function `kmalloc_array': include/linux/slab.h:603: undefined reference to `__multi3' Thanks, Guenter

7 years, 2 months

2
1
0 0

Re: [PATCH v5 2/9] watchdog/hpwdt: Remove legacy NMI sourcing.

by Arnd Bergmann

On Mon, Feb 26, 2018 at 4:22 AM, Jerry Hoemann <jerry.hoemann(a)hpe.com> wrote: > Gen8 and prior Proliant systems supported the "CRU" interface > to firmware. This interfaces allows linux to "call back" into firmware > to source the cause of an NMI. This feature isn't fully utilized > as the actual source of the NMI isn't printed, the driver only > indicates that the source couldn't be determined when the call > fails. > > With the advent of Gen9, iCRU replaces the CRU. The call back > feature is no longer available in firmware. To be compatible and > not attempt to call back into firmware on system not supporting CRU, > the SMBIOS table is consulted to determine if it is safe to > make the call back or not. > > This results in about half of the driver code being devoted > to either making CRU calls or determing if it is safe to make > CRU calls. As noted, the driver isn't really using the results of > the CRU calls. > > Furthermore, as a consequence of the Spectre security issue, the > BIOS/EFI calls are being wrapped into Spectre-disabling section. > Removing the call back in hpwdt_pretimeout assists in this effort. > > As the CRU sourcing of the NMI isn't required for handling the > NMI and there are security concerns with making the call back, remove > the legacy (pre Gen9) NMI sourcing and the DMI code to determine if > the system had the CRU interface. > > Signed-off-by: Jerry Hoemann <jerry.hoemann(a)hpe.com> This avoids a warning in mainline kernels, so that's great: drivers/watchdog/hpwdt.o: warning: objtool: .text+0x24: indirect call found in RETPOLINE build I wonder what we do about stable kernels. Are both this patch and the patch that added the objtool warning message candidates for backports to stable kernels? Arnd

7 years, 2 months

3
5
0 0

[PATCH 4.14] arm64: dts: marvell: mcbin: add comphy references to Ethernet ports

by Mikulas Patocka

Hi I'm submitting this upstream patch for the 4.14 stable branch. It fixes 10Gb ethernet ports on the MacchiatoBIN board. The patch is already included in 4.15. Mikulas commit 760b3843fcd88f2a46e66eec08e2e6023a425809 Author: Antoine Tenart <antoine.tenart(a)free-electrons.com> Date: Thu Sep 21 09:54:07 2017 +0200 arm64: dts: marvell: mcbin: add comphy references to Ethernet ports This patch adds comphy phandles to the Ethernet ports in the mcbin device tree. The comphy is used to configure the serdes PHYs used by these ports. Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: Gregory CLEMENT <gregory.clement(a)free-electrons.com> --- arch/arm64/boot/dts/marvell/armada-8040-mcbin.dts | 9 +++++++++ 1 file changed, 9 insertions(+) Index: linux-4.14.20/arch/arm64/boot/dts/marvell/armada-8040-mcbin.dts =================================================================== --- linux-4.14.20.orig/arch/arm64/boot/dts/marvell/armada-8040-mcbin.dts 2018-02-22 23:43:56.000000000 +0100 +++ linux-4.14.20/arch/arm64/boot/dts/marvell/armada-8040-mcbin.dts 2018-02-22 23:43:56.000000000 +0100 @@ -227,8 +227,11 @@ &cpm_eth0 { status = "okay"; + /* Network PHY */ phy = <&phy0>; phy-mode = "10gbase-kr"; + /* Generic PHY, providing serdes lanes */ + phys = <&cpm_comphy4 0>; }; &cpm_sata0 { @@ -262,15 +265,21 @@ &cps_eth0 { status = "okay"; + /* Network PHY */ phy = <&phy8>; phy-mode = "10gbase-kr"; + /* Generic PHY, providing serdes lanes */ + phys = <&cps_comphy4 0>; }; &cps_eth1 { /* CPS Lane 0 - J5 (Gigabit RJ45) */ status = "okay"; + /* Network PHY */ phy = <&ge_phy>; phy-mode = "sgmii"; + /* Generic PHY, providing serdes lanes */ + phys = <&cps_comphy0 1>; }; &cps_pinctrl {

7 years, 2 months

1
0
0 0

[PATCH 4.14] arm64: dts: marvell: add comphy nodes on cp110 master and slave

by Mikulas Patocka

Hi I'm submitting this upstream patch for the 4.14 stable branch. It fixes 10Gb ethernet ports on the MacchiatoBIN board. The patch is already included in 4.15. Mikulas commit 910d1bf2c68fa1d7dcde0316cb91f62758407e8d Author: Antoine Tenart <antoine.tenart(a)free-electrons.com> Date: Mon Sep 18 09:58:09 2017 +0200 arm64: dts: marvell: add comphy nodes on cp110 master and slave This patch describes the comphy available in the cp110 master and slave. This comphy provides serdes lanes used by various controllers such as the network one. Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)free-electrons.com> --- arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi | 38 +++++++++++++++++++ arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | 38 +++++++++++++++++++ 2 files changed, 76 insertions(+) Index: linux-4.14.20/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi =================================================================== --- linux-4.14.20.orig/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi 2018-02-22 23:50:19.000000000 +0100 +++ linux-4.14.20/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi 2018-02-22 23:50:19.000000000 +0100 @@ -111,6 +111,44 @@ }; }; + cpm_comphy: phy@120000 { + compatible = "marvell,comphy-cp110"; + reg = <0x120000 0x6000>; + marvell,system-controller = <&cpm_syscon0>; + #address-cells = <1>; + #size-cells = <0>; + + cpm_comphy0: phy@0 { + reg = <0>; + #phy-cells = <1>; + }; + + cpm_comphy1: phy@1 { + reg = <1>; + #phy-cells = <1>; + }; + + cpm_comphy2: phy@2 { + reg = <2>; + #phy-cells = <1>; + }; + + cpm_comphy3: phy@3 { + reg = <3>; + #phy-cells = <1>; + }; + + cpm_comphy4: phy@4 { + reg = <4>; + #phy-cells = <1>; + }; + + cpm_comphy5: phy@5 { + reg = <5>; + #phy-cells = <1>; + }; + }; + cpm_mdio: mdio@12a200 { #address-cells = <1>; #size-cells = <0>; Index: linux-4.14.20/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi =================================================================== --- linux-4.14.20.orig/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi 2018-02-22 23:50:19.000000000 +0100 +++ linux-4.14.20/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi 2018-02-22 23:50:19.000000000 +0100 @@ -111,6 +111,44 @@ }; }; + cps_comphy: phy@120000 { + compatible = "marvell,comphy-cp110"; + reg = <0x120000 0x6000>; + marvell,system-controller = <&cps_syscon0>; + #address-cells = <1>; + #size-cells = <0>; + + cps_comphy0: phy@0 { + reg = <0>; + #phy-cells = <1>; + }; + + cps_comphy1: phy@1 { + reg = <1>; + #phy-cells = <1>; + }; + + cps_comphy2: phy@2 { + reg = <2>; + #phy-cells = <1>; + }; + + cps_comphy3: phy@3 { + reg = <3>; + #phy-cells = <1>; + }; + + cps_comphy4: phy@4 { + reg = <4>; + #phy-cells = <1>; + }; + + cps_comphy5: phy@5 { + reg = <5>; + #phy-cells = <1>; + }; + }; + cps_mdio: mdio@12a200 { #address-cells = <1>; #size-cells = <0>;

7 years, 2 months

1
0
0 0

[added to the 4.1 stable tree] Bluetooth: btusb: fix QCA Rome suspend/resume

by Sasha Levin

From: Leif Liddy <leif.linux(a)gmail.com> This patch has been added to the 4.1 stable tree. If you have any objections, please let us know. =============== [ Upstream commit fd865802c66bc451dc515ed89360f84376ce1a56 ] There's been numerous reported instances where BTUSB_QCA_ROME bluetooth controllers stop functioning upon resume from suspend. These devices seem to be losing power during suspend. Patch will detect a status change on resume and perform a reset. Signed-off-by: Leif Liddy <leif.linux(a)gmail.com> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/bluetooth/btusb.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 32f5b87fe93c..b17bd3fc74cb 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3207,6 +3207,12 @@ static int btusb_probe(struct usb_interface *intf, if (id->driver_info & BTUSB_QCA_ROME) { data->setup_on_usb = btusb_setup_qca; hdev->set_bdaddr = btusb_set_bdaddr_ath3012; + + /* QCA Rome devices lose their updated firmware over suspend, + * but the USB hub doesn't notice any status change. + * Explicitly request a device reset on resume. + */ + set_bit(BTUSB_RESET_RESUME, &data->flags); } if (id->driver_info & BTUSB_REALTEK) -- 2.14.1

7 years, 2 months

2
519
0 0

[PATCH] sd_zbc: Fix potential memory leak

by Damien Le Moal

Rework sd_zbc_check_zone_size() to avoid a memory leak due to an early return if sd_zbc_report_zones() fails. Reported-by: David.butterfield <david.butterfield(a)wdc.com> Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Cc: stable(a)vger.kernel.org --- drivers/scsi/sd_zbc.c | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c index 14174f26af98..ec55a255d1a2 100644 --- a/drivers/scsi/sd_zbc.c +++ b/drivers/scsi/sd_zbc.c @@ -366,7 +366,7 @@ static int sd_zbc_check_capacity(struct scsi_disk *sdkp, unsigned char *buf) */ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) { - u64 zone_blocks; + u64 zone_blocks = 0; sector_t block = 0; unsigned char *buf; unsigned char *rec; @@ -384,10 +384,8 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) /* Do a report zone to get the same field */ ret = sd_zbc_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, 0); - if (ret) { - zone_blocks = 0; - goto out; - } + if (ret) + goto out_free; same = buf[4] & 0x0f; if (same > 0) { @@ -427,7 +425,7 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) ret = sd_zbc_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, block); if (ret) - return ret; + goto out_free; } } while (block < sdkp->capacity); @@ -435,35 +433,32 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp) zone_blocks = sdkp->zone_blocks; out: - kfree(buf); - if (!zone_blocks) { if (sdkp->first_scan) sd_printk(KERN_NOTICE, sdkp, "Devices with non constant zone " "size are not supported\n"); - return -ENODEV; - } - - if (!is_power_of_2(zone_blocks)) { + ret = -ENODEV; + } else if (!is_power_of_2(zone_blocks)) { if (sdkp->first_scan) sd_printk(KERN_NOTICE, sdkp, "Devices with non power of 2 zone " "size are not supported\n"); - return -ENODEV; - } - - if (logical_to_sectors(sdkp->device, zone_blocks) > UINT_MAX) { + ret = -ENODEV; + } else if (logical_to_sectors(sdkp->device, zone_blocks) > UINT_MAX) { if (sdkp->first_scan) sd_printk(KERN_NOTICE, sdkp, "Zone size too large\n"); - return -ENODEV; + ret = -ENODEV; + } else { + sdkp->zone_blocks = zone_blocks; + sdkp->zone_shift = ilog2(zone_blocks); } - sdkp->zone_blocks = zone_blocks; - sdkp->zone_shift = ilog2(zone_blocks); +out_free: + kfree(buf); - return 0; + return ret; } /** -- 2.14.3

7 years, 2 months

3
2
0 0

+ bug-exclude-non-bug-warn-exceptions-from-report_bug.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() has been added to the -mm tree. Its filename is bug-exclude-non-bug-warn-exceptions-from-report_bug.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/bug-exclude-non-bug-warn-exception… and later at http://ozlabs.org/~akpm/mmotm/broken-out/bug-exclude-non-bug-warn-exception… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() b8347c219649 ("x86/debug: Handle warnings before the notifier chain, to fix KGDB crash") changed the ordering of fixups, and did not take into account the case of x86 processing non-WARN() and non-BUG() exceptions. This would lead to output of a false BUG line with no other information. In the case of a refcount exception, it would be immediately followed by the refcount WARN(), producing very strange double-"cut here": lkdtm: attempting bad refcount_inc() overflow ------------[ cut here ]------------ Kernel BUG at 0000000065f29de5 [verbose debug info unavailable] ------------[ cut here ]------------ refcount_t overflow at lkdtm_REFCOUNT_INC_OVERFLOW+0x6b/0x90 in cat[3065], uid/euid: 0/0 WARNING: CPU: 0 PID: 3065 at kernel/panic.c:657 refcount_error_report+0x9a/0xa4 ... In the prior ordering, exceptions were searched first: do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, ... if (fixup_exception(regs, trapnr)) return 0; - if (fixup_bug(regs, trapnr)) - return 0; - As a result, fixup_bugs()'s is_valid_bugaddr() didn't take into account needing to search the exception list first, since that had already happened. So, instead of searching the exception list twice (once in is_valid_bugaddr() and then again in fixup_exception()), just add a simple sanity check to report_bug() that will immediately bail out if a BUG() (or WARN()) entry is not found. Link: http://lkml.kernel.org/r/20180301225934.GA34350@beast Fixes: b8347c219649 ("x86/debug: Handle warnings before the notifier chain, to fix KGDB crash") Signed-off-by: Kees Cook <keescook(a)chromium.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Richard Weinberger <richard.weinberger(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/bug.c | 2 ++ 1 file changed, 2 insertions(+) diff -puN lib/bug.c~bug-exclude-non-bug-warn-exceptions-from-report_bug lib/bug.c --- a/lib/bug.c~bug-exclude-non-bug-warn-exceptions-from-report_bug +++ a/lib/bug.c @@ -150,6 +150,8 @@ enum bug_trap_type report_bug(unsigned l return BUG_TRAP_TYPE_NONE; bug = find_bug(bugaddr); + if (!bug) + return BUG_TRAP_TYPE_NONE; file = NULL; line = 0; _ Patches currently in -mm which might be from keescook(a)chromium.org are bug-use-%pb-in-bug-and-stack-protector-failure.patch bug-exclude-non-bug-warn-exceptions-from-report_bug.patch taint-convert-to-indexed-initialization.patch taint-consolidate-documentation.patch taint-add-taint-for-randstruct.patch fork-unconditionally-clear-stack-on-fork.patch exec-pass-stack-rlimit-into-mm-layout-functions.patch exec-introduce-finalize_exec-before-start_thread.patch exec-pin-stack-limit-during-exec.patch

7 years, 2 months

1
0
0 0

+ bug-use-%pb-in-bug-and-stack-protector-failure.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: bug: use %pB in BUG and stack protector failure has been added to the -mm tree. Its filename is bug-use-%pb-in-bug-and-stack-protector-failure.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/bug-use-%25pb-in-bug-and-stack-pro… and later at http://ozlabs.org/~akpm/mmotm/broken-out/bug-use-%25pb-in-bug-and-stack-pro… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: bug: use %pB in BUG and stack protector failure The BUG and stack protector reports were still using a raw %p. This changes it to %pB for more meaningful output. Link: http://lkml.kernel.org/r/20180301225704.GA34198@beast Fixes: ad67b74d2469 ("printk: hash addresses printed with %p") Signed-off-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Richard Weinberger <richard.weinberger(a)gmail.com>, Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/panic.c | 2 +- lib/bug.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff -puN kernel/panic.c~bug-use-%pb-in-bug-and-stack-protector-failure kernel/panic.c --- a/kernel/panic.c~bug-use-%pb-in-bug-and-stack-protector-failure +++ a/kernel/panic.c @@ -629,7 +629,7 @@ device_initcall(register_warn_debugfs); */ __visible void __stack_chk_fail(void) { - panic("stack-protector: Kernel stack is corrupted in: %p\n", + panic("stack-protector: Kernel stack is corrupted in: %pB\n", __builtin_return_address(0)); } EXPORT_SYMBOL(__stack_chk_fail); diff -puN lib/bug.c~bug-use-%pb-in-bug-and-stack-protector-failure lib/bug.c --- a/lib/bug.c~bug-use-%pb-in-bug-and-stack-protector-failure +++ a/lib/bug.c @@ -191,7 +191,7 @@ enum bug_trap_type report_bug(unsigned l if (file) pr_crit("kernel BUG at %s:%u!\n", file, line); else - pr_crit("Kernel BUG at %p [verbose debug info unavailable]\n", + pr_crit("Kernel BUG at %pB [verbose debug info unavailable]\n", (void *)bugaddr); return BUG_TRAP_TYPE_BUG; _ Patches currently in -mm which might be from keescook(a)chromium.org are bug-use-%pb-in-bug-and-stack-protector-failure.patch taint-convert-to-indexed-initialization.patch taint-consolidate-documentation.patch taint-add-taint-for-randstruct.patch fork-unconditionally-clear-stack-on-fork.patch exec-pass-stack-rlimit-into-mm-layout-functions.patch exec-introduce-finalize_exec-before-start_thread.patch exec-pin-stack-limit-during-exec.patch

7 years, 2 months

1
0
0 0

[PATCH 1/3] RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access

by Bart Van Assche

This patch fixes the following KASAN complaint: ================================================================== BUG: KASAN: stack-out-of-bounds in rxe_post_send+0x77d/0x9b0 [rdma_rxe] Read of size 8 at addr ffff880061aef860 by task 01/1080 CPU: 2 PID: 1080 Comm: 01 Not tainted 4.16.0-rc3-dbg+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0x85/0xc7 print_address_description+0x65/0x270 kasan_report+0x231/0x350 rxe_post_send+0x77d/0x9b0 [rdma_rxe] __ib_drain_sq+0x1ad/0x250 [ib_core] ib_drain_qp+0x9/0x30 [ib_core] srp_destroy_qp+0x51/0x70 [ib_srp] srp_free_ch_ib+0xfc/0x380 [ib_srp] srp_create_target+0x1071/0x19e0 [ib_srp] kernfs_fop_write+0x180/0x210 __vfs_write+0xb1/0x2e0 vfs_write+0xf6/0x250 SyS_write+0x99/0x110 do_syscall_64+0xee/0x2b0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 The buggy address belongs to the page: page:ffffea000186bbc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x4000000000000000() raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 ffffea000186bbe0 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880061aef700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff880061aef780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 >ffff880061aef800: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2 ^ ffff880061aef880: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 f2 f2 ffff880061aef900: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Fixes: 765d67748bcf ("IB: new common API for draining queues") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Steve Wise <swise(a)opengridcomputing.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: stable(a)vger.kernel.org --- drivers/infiniband/core/verbs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c index 2c7b0ceb46e6..4e2b231b03f7 100644 --- a/drivers/infiniband/core/verbs.c +++ b/drivers/infiniband/core/verbs.c @@ -2194,7 +2194,13 @@ static void __ib_drain_sq(struct ib_qp *qp) struct ib_cq *cq = qp->send_cq; struct ib_qp_attr attr = { .qp_state = IB_QPS_ERR }; struct ib_drain_cqe sdrain; - struct ib_send_wr swr = {}, *bad_swr; + struct ib_send_wr *bad_swr; + struct ib_rdma_wr swr = { + .wr = { + .opcode = IB_WR_RDMA_WRITE, + .wr_cqe = &sdrain.cqe, + }, + }; int ret; ret = ib_modify_qp(qp, &attr, IB_QP_STATE); @@ -2203,11 +2209,10 @@ static void __ib_drain_sq(struct ib_qp *qp) return; } - swr.wr_cqe = &sdrain.cqe; sdrain.cqe.done = ib_drain_qp_done; init_completion(&sdrain.done); - ret = ib_post_send(qp, &swr, &bad_swr); + ret = ib_post_send(qp, &swr.wr, &bad_swr); if (ret) { WARN_ONCE(ret, "failed to drain send queue: %d\n", ret); return; -- 2.16.2

7 years, 2 months

3
3
0 0

[PATCH] pinctrl: samsung: Validate alias coming from DT

by Krzysztof Kozlowski

Driver uses alias from Device Tree as an index of pin controller data array. In case of a wrong DTB or an out-of-tree DTB, the alias could be outside of this data array leading to out-of-bounds access. Depending on binary and memory layout, this could be handled properly (showing error like "samsung-pinctrl 3860000.pinctrl: driver data not available") or could lead to exceptions. Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> Fixes: 30574f0db1b1 ("pinctrl: add samsung pinctrl and gpiolib driver") Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- Issue is present since first version of this driver so this should be backported as far as possible. Tested on Odroid HC1 (Exynos5422). Tests on S3C24xx, S3C64xx, Exynos ARM64 and any other chips are highly appreciated. Linus, I can take it through samsung/pinctrl tree and later send you again as pull request... or you can apply it directly as I do not have any other pinctrl patches queued so far. --- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 56 +++++++++++++++++++---- drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 14 +++++- drivers/pinctrl/samsung/pinctrl-s3c24xx.c | 28 ++++++++++-- drivers/pinctrl/samsung/pinctrl-s3c64xx.c | 7 ++- drivers/pinctrl/samsung/pinctrl-samsung.c | 61 ++++++++++++++++---------- drivers/pinctrl/samsung/pinctrl-samsung.h | 40 ++++++++++------- 6 files changed, 154 insertions(+), 52 deletions(-) diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c index c32399faff57..90c274490181 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c @@ -124,7 +124,7 @@ static const struct samsung_pin_bank_data s5pv210_pin_bank[] __initconst = { EXYNOS_PIN_BANK_EINTW(8, 0xc60, "gph3", 0x0c), }; -const struct samsung_pin_ctrl s5pv210_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl s5pv210_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = s5pv210_pin_bank, @@ -137,6 +137,11 @@ const struct samsung_pin_ctrl s5pv210_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data s5pv210_of_data __initconst = { + .ctrl = s5pv210_pin_ctrl, + .num_ctrl = ARRAY_SIZE(s5pv210_pin_ctrl), +}; + /* Pad retention control code for accessing PMU regmap */ static atomic_t exynos_shared_retention_refcnt; @@ -199,7 +204,7 @@ static const struct samsung_retention_data exynos3250_retention_data __initconst * Samsung pinctrl driver data for Exynos3250 SoC. Exynos3250 SoC includes * two gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos3250_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos3250_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos3250_pin_banks0, @@ -220,6 +225,11 @@ const struct samsung_pin_ctrl exynos3250_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos3250_of_data __initconst = { + .ctrl = exynos3250_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos3250_pin_ctrl), +}; + /* pin banks of exynos4210 pin-controller 0 */ static const struct samsung_pin_bank_data exynos4210_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), @@ -303,7 +313,7 @@ static const struct samsung_retention_data exynos4_audio_retention_data __initco * Samsung pinctrl driver data for Exynos4210 SoC. Exynos4210 SoC includes * three gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos4210_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos4210_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos4210_pin_banks0, @@ -329,6 +339,11 @@ const struct samsung_pin_ctrl exynos4210_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos4210_of_data __initconst = { + .ctrl = exynos4210_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos4210_pin_ctrl), +}; + /* pin banks of exynos4x12 pin-controller 0 */ static const struct samsung_pin_bank_data exynos4x12_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), @@ -391,7 +406,7 @@ static const struct samsung_pin_bank_data exynos4x12_pin_banks3[] __initconst = * Samsung pinctrl driver data for Exynos4x12 SoC. Exynos4x12 SoC includes * four gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos4x12_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos4x12_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos4x12_pin_banks0, @@ -427,6 +442,11 @@ const struct samsung_pin_ctrl exynos4x12_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos4x12_of_data __initconst = { + .ctrl = exynos4x12_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos4x12_pin_ctrl), +}; + /* pin banks of exynos5250 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5250_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), @@ -487,7 +507,7 @@ static const struct samsung_pin_bank_data exynos5250_pin_banks3[] __initconst = * Samsung pinctrl driver data for Exynos5250 SoC. Exynos5250 SoC includes * four gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos5250_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos5250_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos5250_pin_banks0, @@ -523,6 +543,11 @@ const struct samsung_pin_ctrl exynos5250_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos5250_of_data __initconst = { + .ctrl = exynos5250_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos5250_pin_ctrl), +}; + /* pin banks of exynos5260 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5260_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTG(4, 0x000, "gpa0", 0x00), @@ -567,7 +592,7 @@ static const struct samsung_pin_bank_data exynos5260_pin_banks2[] __initconst = * Samsung pinctrl driver data for Exynos5260 SoC. Exynos5260 SoC includes * three gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos5260_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos5260_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos5260_pin_banks0, @@ -587,6 +612,11 @@ const struct samsung_pin_ctrl exynos5260_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos5260_of_data __initconst = { + .ctrl = exynos5260_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos5260_pin_ctrl), +}; + /* pin banks of exynos5410 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), @@ -657,7 +687,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks3[] __initconst = * Samsung pinctrl driver data for Exynos5410 SoC. Exynos5410 SoC includes * four gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos5410_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos5410_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos5410_pin_banks0, @@ -690,6 +720,11 @@ const struct samsung_pin_ctrl exynos5410_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos5410_of_data __initconst = { + .ctrl = exynos5410_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos5410_pin_ctrl), +}; + /* pin banks of exynos5420 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5420_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpy7", 0x00), @@ -774,7 +809,7 @@ static const struct samsung_retention_data exynos5420_retention_data __initconst * Samsung pinctrl driver data for Exynos5420 SoC. Exynos5420 SoC includes * four gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos5420_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos5420_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos5420_pin_banks0, @@ -808,3 +843,8 @@ const struct samsung_pin_ctrl exynos5420_pin_ctrl[] __initconst = { .retention_data = &exynos4_audio_retention_data, }, }; + +const struct samsung_pinctrl_of_match_data exynos5420_of_data __initconst = { + .ctrl = exynos5420_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos5420_pin_ctrl), +}; diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c index fc8f7833bec0..71c9d1d9f345 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c @@ -175,7 +175,7 @@ static const struct samsung_retention_data exynos5433_fsys_retention_data __init * Samsung pinctrl driver data for Exynos5433 SoC. Exynos5433 SoC includes * ten gpio/pin-mux/pinconfig controllers. */ -const struct samsung_pin_ctrl exynos5433_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos5433_pin_ctrl[] __initconst = { { /* pin-controller instance 0 data */ .pin_banks = exynos5433_pin_banks0, @@ -260,6 +260,11 @@ const struct samsung_pin_ctrl exynos5433_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data exynos5433_of_data __initconst = { + .ctrl = exynos5433_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos5433_pin_ctrl), +}; + /* pin banks of exynos7 pin-controller - ALIVE */ static const struct samsung_pin_bank_data exynos7_pin_banks0[] __initconst = { EXYNOS_PIN_BANK_EINTW(8, 0x000, "gpa0", 0x00), @@ -339,7 +344,7 @@ static const struct samsung_pin_bank_data exynos7_pin_banks9[] __initconst = { EXYNOS_PIN_BANK_EINTG(4, 0x020, "gpz1", 0x04), }; -const struct samsung_pin_ctrl exynos7_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl exynos7_pin_ctrl[] __initconst = { { /* pin-controller instance 0 Alive data */ .pin_banks = exynos7_pin_banks0, @@ -392,3 +397,8 @@ const struct samsung_pin_ctrl exynos7_pin_ctrl[] __initconst = { .eint_gpio_init = exynos_eint_gpio_init, }, }; + +const struct samsung_pinctrl_of_match_data exynos7_of_data __initconst = { + .ctrl = exynos7_pin_ctrl, + .num_ctrl = ARRAY_SIZE(exynos7_pin_ctrl), +}; diff --git a/drivers/pinctrl/samsung/pinctrl-s3c24xx.c b/drivers/pinctrl/samsung/pinctrl-s3c24xx.c index 10187cb0e9b9..7e824e4d20f4 100644 --- a/drivers/pinctrl/samsung/pinctrl-s3c24xx.c +++ b/drivers/pinctrl/samsung/pinctrl-s3c24xx.c @@ -565,7 +565,7 @@ static const struct samsung_pin_bank_data s3c2412_pin_banks[] __initconst = { PIN_BANK_2BIT(13, 0x080, "gpj"), }; -const struct samsung_pin_ctrl s3c2412_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl s3c2412_pin_ctrl[] __initconst = { { .pin_banks = s3c2412_pin_banks, .nr_banks = ARRAY_SIZE(s3c2412_pin_banks), @@ -573,6 +573,11 @@ const struct samsung_pin_ctrl s3c2412_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data s3c2412_of_data __initconst = { + .ctrl = s3c2412_pin_ctrl, + .num_ctrl = ARRAY_SIZE(s3c2412_pin_ctrl), +}; + static const struct samsung_pin_bank_data s3c2416_pin_banks[] __initconst = { PIN_BANK_A(27, 0x000, "gpa"), PIN_BANK_2BIT(11, 0x010, "gpb"), @@ -587,7 +592,7 @@ static const struct samsung_pin_bank_data s3c2416_pin_banks[] __initconst = { PIN_BANK_2BIT(2, 0x100, "gpm"), }; -const struct samsung_pin_ctrl s3c2416_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl s3c2416_pin_ctrl[] __initconst = { { .pin_banks = s3c2416_pin_banks, .nr_banks = ARRAY_SIZE(s3c2416_pin_banks), @@ -595,6 +600,11 @@ const struct samsung_pin_ctrl s3c2416_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data s3c2416_of_data __initconst = { + .ctrl = s3c2416_pin_ctrl, + .num_ctrl = ARRAY_SIZE(s3c2416_pin_ctrl), +}; + static const struct samsung_pin_bank_data s3c2440_pin_banks[] __initconst = { PIN_BANK_A(25, 0x000, "gpa"), PIN_BANK_2BIT(11, 0x010, "gpb"), @@ -607,7 +617,7 @@ static const struct samsung_pin_bank_data s3c2440_pin_banks[] __initconst = { PIN_BANK_2BIT(13, 0x0d0, "gpj"), }; -const struct samsung_pin_ctrl s3c2440_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl s3c2440_pin_ctrl[] __initconst = { { .pin_banks = s3c2440_pin_banks, .nr_banks = ARRAY_SIZE(s3c2440_pin_banks), @@ -615,6 +625,11 @@ const struct samsung_pin_ctrl s3c2440_pin_ctrl[] __initconst = { }, }; +const struct samsung_pinctrl_of_match_data s3c2440_of_data __initconst = { + .ctrl = s3c2440_pin_ctrl, + .num_ctrl = ARRAY_SIZE(s3c2440_pin_ctrl), +}; + static const struct samsung_pin_bank_data s3c2450_pin_banks[] __initconst = { PIN_BANK_A(28, 0x000, "gpa"), PIN_BANK_2BIT(11, 0x010, "gpb"), @@ -630,10 +645,15 @@ static const struct samsung_pin_bank_data s3c2450_pin_banks[] __initconst = { PIN_BANK_2BIT(2, 0x100, "gpm"), }; -const struct samsung_pin_ctrl s3c2450_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl s3c2450_pin_ctrl[] __initconst = { { .pin_banks = s3c2450_pin_banks, .nr_banks = ARRAY_SIZE(s3c2450_pin_banks), .eint_wkup_init = s3c24xx_eint_init, }, }; + +const struct samsung_pinctrl_of_match_data s3c2450_of_data __initconst = { + .ctrl = s3c2450_pin_ctrl, + .num_ctrl = ARRAY_SIZE(s3c2450_pin_ctrl), +}; diff --git a/drivers/pinctrl/samsung/pinctrl-s3c64xx.c b/drivers/pinctrl/samsung/pinctrl-s3c64xx.c index 679628ac4b31..288e6567ceb1 100644 --- a/drivers/pinctrl/samsung/pinctrl-s3c64xx.c +++ b/drivers/pinctrl/samsung/pinctrl-s3c64xx.c @@ -789,7 +789,7 @@ static const struct samsung_pin_bank_data s3c64xx_pin_banks0[] __initconst = { * Samsung pinctrl driver data for S3C64xx SoC. S3C64xx SoC includes * one gpio/pin-mux/pinconfig controller. */ -const struct samsung_pin_ctrl s3c64xx_pin_ctrl[] __initconst = { +static const struct samsung_pin_ctrl s3c64xx_pin_ctrl[] __initconst = { { /* pin-controller instance 1 data */ .pin_banks = s3c64xx_pin_banks0, @@ -798,3 +798,8 @@ const struct samsung_pin_ctrl s3c64xx_pin_ctrl[] __initconst = { .eint_wkup_init = s3c64xx_eint_eint0_init, }, }; + +const struct samsung_pinctrl_of_match_data s3c64xx_of_data __initconst = { + .ctrl = s3c64xx_pin_ctrl, + .num_ctrl = ARRAY_SIZE(s3c64xx_pin_ctrl), +}; diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.c b/drivers/pinctrl/samsung/pinctrl-samsung.c index da58e4554137..336e88d7bdb9 100644 --- a/drivers/pinctrl/samsung/pinctrl-samsung.c +++ b/drivers/pinctrl/samsung/pinctrl-samsung.c @@ -942,12 +942,33 @@ static int samsung_gpiolib_register(struct platform_device *pdev, return 0; } +static const struct samsung_pin_ctrl * +samsung_pinctrl_get_soc_data_for_of_alias(struct platform_device *pdev) +{ + struct device_node *node = pdev->dev.of_node; + const struct samsung_pinctrl_of_match_data *of_data; + int id; + + id = of_alias_get_id(node, "pinctrl"); + if (id < 0) { + dev_err(&pdev->dev, "failed to get alias id\n"); + return NULL; + } + + of_data = of_device_get_match_data(&pdev->dev); + if (id >= of_data->num_ctrl) { + dev_err(&pdev->dev, "invalid alias id %d\n", id); + return NULL; + } + + return &(of_data->ctrl[id]); +} + /* retrieve the soc specific data */ static const struct samsung_pin_ctrl * samsung_pinctrl_get_soc_data(struct samsung_pinctrl_drv_data *d, struct platform_device *pdev) { - int id; struct device_node *node = pdev->dev.of_node; struct device_node *np; const struct samsung_pin_bank_data *bdata; @@ -957,13 +978,9 @@ samsung_pinctrl_get_soc_data(struct samsung_pinctrl_drv_data *d, void __iomem *virt_base[SAMSUNG_PINCTRL_NUM_RESOURCES]; unsigned int i; - id = of_alias_get_id(node, "pinctrl"); - if (id < 0) { - dev_err(&pdev->dev, "failed to get alias id\n"); + ctrl = samsung_pinctrl_get_soc_data_for_of_alias(pdev); + if (!ctrl) return ERR_PTR(-ENOENT); - } - ctrl = of_device_get_match_data(&pdev->dev); - ctrl += id; d->suspend = ctrl->suspend; d->resume = ctrl->resume; @@ -1188,41 +1205,41 @@ static int __maybe_unused samsung_pinctrl_resume(struct device *dev) static const struct of_device_id samsung_pinctrl_dt_match[] = { #ifdef CONFIG_PINCTRL_EXYNOS_ARM { .compatible = "samsung,exynos3250-pinctrl", - .data = exynos3250_pin_ctrl }, + .data = &exynos3250_of_data }, { .compatible = "samsung,exynos4210-pinctrl", - .data = exynos4210_pin_ctrl }, + .data = &exynos4210_of_data }, { .compatible = "samsung,exynos4x12-pinctrl", - .data = exynos4x12_pin_ctrl }, + .data = &exynos4x12_of_data }, { .compatible = "samsung,exynos5250-pinctrl", - .data = exynos5250_pin_ctrl }, + .data = &exynos5250_of_data }, { .compatible = "samsung,exynos5260-pinctrl", - .data = exynos5260_pin_ctrl }, + .data = &exynos5260_of_data }, { .compatible = "samsung,exynos5410-pinctrl", - .data = exynos5410_pin_ctrl }, + .data = &exynos5410_of_data }, { .compatible = "samsung,exynos5420-pinctrl", - .data = exynos5420_pin_ctrl }, + .data = &exynos5420_of_data }, { .compatible = "samsung,s5pv210-pinctrl", - .data = s5pv210_pin_ctrl }, + .data = &s5pv210_of_data }, #endif #ifdef CONFIG_PINCTRL_EXYNOS_ARM64 { .compatible = "samsung,exynos5433-pinctrl", - .data = exynos5433_pin_ctrl }, + .data = &exynos5433_of_data }, { .compatible = "samsung,exynos7-pinctrl", - .data = exynos7_pin_ctrl }, + .data = &exynos7_of_data }, #endif #ifdef CONFIG_PINCTRL_S3C64XX { .compatible = "samsung,s3c64xx-pinctrl", - .data = s3c64xx_pin_ctrl }, + .data = &s3c64xx_of_data }, #endif #ifdef CONFIG_PINCTRL_S3C24XX { .compatible = "samsung,s3c2412-pinctrl", - .data = s3c2412_pin_ctrl }, + .data = &s3c2412_of_data }, { .compatible = "samsung,s3c2416-pinctrl", - .data = s3c2416_pin_ctrl }, + .data = &s3c2416_of_data }, { .compatible = "samsung,s3c2440-pinctrl", - .data = s3c2440_pin_ctrl }, + .data = &s3c2440_of_data }, { .compatible = "samsung,s3c2450-pinctrl", - .data = s3c2450_pin_ctrl }, + .data = &s3c2450_of_data }, #endif {}, }; diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.h b/drivers/pinctrl/samsung/pinctrl-samsung.h index e204f609823b..f0cda9424dfe 100644 --- a/drivers/pinctrl/samsung/pinctrl-samsung.h +++ b/drivers/pinctrl/samsung/pinctrl-samsung.h @@ -281,6 +281,16 @@ struct samsung_pinctrl_drv_data { void (*resume)(struct samsung_pinctrl_drv_data *); }; +/** + * struct samsung_pinctrl_of_match_data: OF match device specific configuration data. + * @ctrl: array of pin controller data. + * @num_ctrl: size of array @ctrl. + */ +struct samsung_pinctrl_of_match_data { + const struct samsung_pin_ctrl *ctrl; + unsigned int num_ctrl; +}; + /** * struct samsung_pin_group: represent group of pins of a pinmux function. * @name: name of the pin group, used to lookup the group. @@ -309,20 +319,20 @@ struct samsung_pmx_func { }; /* list of all exported SoC specific data */ -extern const struct samsung_pin_ctrl exynos3250_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos4210_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos4x12_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos5250_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos5260_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos5410_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos5420_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos5433_pin_ctrl[]; -extern const struct samsung_pin_ctrl exynos7_pin_ctrl[]; -extern const struct samsung_pin_ctrl s3c64xx_pin_ctrl[]; -extern const struct samsung_pin_ctrl s3c2412_pin_ctrl[]; -extern const struct samsung_pin_ctrl s3c2416_pin_ctrl[]; -extern const struct samsung_pin_ctrl s3c2440_pin_ctrl[]; -extern const struct samsung_pin_ctrl s3c2450_pin_ctrl[]; -extern const struct samsung_pin_ctrl s5pv210_pin_ctrl[]; +extern const struct samsung_pinctrl_of_match_data exynos3250_of_data; +extern const struct samsung_pinctrl_of_match_data exynos4210_of_data; +extern const struct samsung_pinctrl_of_match_data exynos4x12_of_data; +extern const struct samsung_pinctrl_of_match_data exynos5250_of_data; +extern const struct samsung_pinctrl_of_match_data exynos5260_of_data; +extern const struct samsung_pinctrl_of_match_data exynos5410_of_data; +extern const struct samsung_pinctrl_of_match_data exynos5420_of_data; +extern const struct samsung_pinctrl_of_match_data exynos5433_of_data; +extern const struct samsung_pinctrl_of_match_data exynos7_of_data; +extern const struct samsung_pinctrl_of_match_data s3c64xx_of_data; +extern const struct samsung_pinctrl_of_match_data s3c2412_of_data; +extern const struct samsung_pinctrl_of_match_data s3c2416_of_data; +extern const struct samsung_pinctrl_of_match_data s3c2440_of_data; +extern const struct samsung_pinctrl_of_match_data s3c2450_of_data; +extern const struct samsung_pinctrl_of_match_data s5pv210_of_data; #endif /* __PINCTRL_SAMSUNG_H */ -- 2.14.1

7 years, 2 months

4
3
0 0

[PATCH 3/3] IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()

by Bart Van Assche

Avoid triggering an out-of-bounds stack access by changing the type of 'wr' from ib_send_wr into ib_rdma_wr. This patch fixes the following KASAN bug report: BUG: KASAN: stack-out-of-bounds in rxe_post_send+0x7a9/0x9a0 [rdma_rxe] Read of size 8 at addr ffff880068197a48 by task kworker/2:1/44 Workqueue: ib_cm cm_work_handler [ib_cm] Call Trace: dump_stack+0x8e/0xcd print_address_description+0x6f/0x280 kasan_report+0x25a/0x380 __asan_load8+0x54/0x90 rxe_post_send+0x7a9/0x9a0 [rdma_rxe] srpt_zerolength_write+0xf0/0x180 [ib_srpt] srpt_cm_rtu_recv+0x68/0x110 [ib_srpt] srpt_rdma_cm_handler+0xbb/0x15b [ib_srpt] cma_ib_handler+0x1aa/0x4a0 [rdma_cm] cm_process_work+0x30/0x100 [ib_cm] cm_work_handler+0xa86/0x351b [ib_cm] process_one_work+0x475/0x9f0 worker_thread+0x69/0x690 kthread+0x1ad/0x1d0 ret_from_fork+0x3a/0x50 Fixes: aaf45bd83eba ("IB/srpt: Detect session shutdown reliably") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: stable(a)vger.kernel.org --- drivers/infiniband/ulp/srpt/ib_srpt.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 4339ab0607b7..6305da34b5de 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -848,16 +848,19 @@ static int srpt_post_recv(struct srpt_device *sdev, struct srpt_rdma_ch *ch, */ static int srpt_zerolength_write(struct srpt_rdma_ch *ch) { - struct ib_send_wr wr, *bad_wr; + struct ib_send_wr *bad_wr; + struct ib_rdma_wr wr = { + .wr = { + .opcode = IB_WR_RDMA_WRITE, + .wr_cqe = &ch->zw_cqe, + .send_flags = IB_SEND_SIGNALED, + } + }; pr_debug("%s-%d: queued zerolength write\n", ch->sess_name, ch->qp->qp_num); - memset(&wr, 0, sizeof(wr)); - wr.opcode = IB_WR_RDMA_WRITE; - wr.wr_cqe = &ch->zw_cqe; - wr.send_flags = IB_SEND_SIGNALED; - return ib_post_send(ch->qp, &wr, &bad_wr); + return ib_post_send(ch->qp, &wr.wr, &bad_wr); } static void srpt_zerolength_write_done(struct ib_cq *cq, struct ib_wc *wc) -- 2.16.2

7 years, 2 months

1
0
0 0

[PATCH 2/3] RDMA/rxe: Fix an out-of-bounds read

by Bart Van Assche

This patch avoids that KASAN reports the following when the SRP initiator calls srp_post_send(): ================================================================== BUG: KASAN: stack-out-of-bounds in rxe_post_send+0x5c4/0x980 [rdma_rxe] Read of size 8 at addr ffff880066606e30 by task 02-mq/1074 CPU: 2 PID: 1074 Comm: 02-mq Not tainted 4.16.0-rc3-dbg+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0x85/0xc7 print_address_description+0x65/0x270 kasan_report+0x231/0x350 rxe_post_send+0x5c4/0x980 [rdma_rxe] srp_post_send.isra.16+0x149/0x190 [ib_srp] srp_queuecommand+0x94d/0x1670 [ib_srp] scsi_dispatch_cmd+0x1c2/0x550 [scsi_mod] scsi_queue_rq+0x843/0xa70 [scsi_mod] blk_mq_dispatch_rq_list+0x143/0xac0 blk_mq_do_dispatch_ctx+0x1c5/0x260 blk_mq_sched_dispatch_requests+0x2bf/0x2f0 __blk_mq_run_hw_queue+0xdb/0x160 __blk_mq_delay_run_hw_queue+0xba/0x100 blk_mq_run_hw_queue+0xf2/0x190 blk_mq_sched_insert_request+0x163/0x2f0 blk_execute_rq+0xb0/0x130 scsi_execute+0x14e/0x260 [scsi_mod] scsi_probe_and_add_lun+0x366/0x13d0 [scsi_mod] __scsi_scan_target+0x18a/0x810 [scsi_mod] scsi_scan_target+0x11e/0x130 [scsi_mod] srp_create_target+0x1522/0x19e0 [ib_srp] kernfs_fop_write+0x180/0x210 __vfs_write+0xb1/0x2e0 vfs_write+0xf6/0x250 SyS_write+0x99/0x110 do_syscall_64+0xee/0x2b0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 The buggy address belongs to the page: page:ffffea0001998180 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x4000000000000000() raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880066606d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ffff880066606d80: f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 >ffff880066606e00: f2 00 00 00 00 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 ^ ffff880066606e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff880066606f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Moni Shoua <monis(a)mellanox.com> Cc: stable(a)vger.kernel.org --- drivers/infiniband/sw/rxe/rxe_verbs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.c b/drivers/infiniband/sw/rxe/rxe_verbs.c index 3d99965e54fe..753d281b8321 100644 --- a/drivers/infiniband/sw/rxe/rxe_verbs.c +++ b/drivers/infiniband/sw/rxe/rxe_verbs.c @@ -711,9 +711,8 @@ static int init_send_wqe(struct rxe_qp *qp, const struct ib_send_wr *ibwr, memcpy(wqe->dma.sge, ibwr->sg_list, num_sge * sizeof(struct ib_sge)); - wqe->iova = (mask & WR_ATOMIC_MASK) ? - atomic_wr(ibwr)->remote_addr : - rdma_wr(ibwr)->remote_addr; + wqe->iova = mask & WR_ATOMIC_MASK ? atomic_wr(ibwr)->remote_addr : + mask & WR_READ_OR_WRITE_MASK ? rdma_wr(ibwr)->remote_addr : 0; wqe->mask = mask; wqe->dma.length = length; wqe->dma.resid = length; -- 2.16.2

7 years, 2 months

1
0
0 0

[merged] mm-dont-defer-struct-page-initialization-for-xen-pv-guests.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: don't defer struct page initialization for Xen pv guests has been removed from the -mm tree. Its filename was mm-dont-defer-struct-page-initialization-for-xen-pv-guests.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Juergen Gross <jgross(a)suse.com> Subject: mm: don't defer struct page initialization for Xen pv guests f7f99100d8d95d ("mm: stop zeroing memory during allocation in vmemmap") broke Xen pv domains in some configurations, as the "Pinned" information in struct page of early page tables could get lost. This will lead to the kernel trying to write directly into the page tables instead of asking the hypervisor to do so. The result is a crash like the following: [ 0.004000] BUG: unable to handle kernel paging request at ffff8801ead19008 [ 0.004000] IP: xen_set_pud+0x4e/0xd0 [ 0.004000] PGD 1c0a067 P4D 1c0a067 PUD 23a0067 PMD 1e9de0067 PTE 80100001ead19065 [ 0.004000] Oops: 0003 [#1] PREEMPT SMP [ 0.004000] Modules linked in: [ 0.004000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.0-default+ #271 [ 0.004000] Hardware name: Dell Inc. Latitude E6440/0159N7, BIOS A07 06/26/2014 [ 0.004000] task: ffffffff81c10480 task.stack: ffffffff81c00000 [ 0.004000] RIP: e030:xen_set_pud+0x4e/0xd0 [ 0.004000] RSP: e02b:ffffffff81c03cd8 EFLAGS: 00010246 [ 0.004000] RAX: 002ffff800000800 RBX: ffff88020fd31000 RCX: 0000000000000000 [ 0.004000] RDX: ffffea0000000000 RSI: 00000001b8308067 RDI: ffff8801ead19008 [ 0.004000] RBP: ffff8801ead19008 R08: aaaaaaaaaaaaaaaa R09: 00000000063f4c80 [ 0.004000] R10: aaaaaaaaaaaaaaaa R11: 0720072007200720 R12: 00000001b8308067 [ 0.004000] R13: ffffffff81c8a9cc R14: ffff88018fd31000 R15: 000077ff80000000 [ 0.004000] FS: 0000000000000000(0000) GS:ffff88020f600000(0000) knlGS:0000000000000000 [ 0.004000] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.004000] CR2: ffff8801ead19008 CR3: 0000000001c09000 CR4: 0000000000042660 [ 0.004000] Call Trace: [ 0.004000] __pmd_alloc+0x128/0x140 [ 0.004000] ? acpi_os_map_iomem+0x175/0x1b0 [ 0.004000] ioremap_page_range+0x3f4/0x410 [ 0.004000] ? acpi_os_map_iomem+0x175/0x1b0 [ 0.004000] __ioremap_caller+0x1c3/0x2e0 [ 0.004000] acpi_os_map_iomem+0x175/0x1b0 [ 0.004000] acpi_tb_acquire_table+0x39/0x66 [ 0.004000] acpi_tb_validate_table+0x44/0x7c [ 0.004000] acpi_tb_verify_temp_table+0x45/0x304 [ 0.004000] ? acpi_ut_acquire_mutex+0x12a/0x1c2 [ 0.004000] acpi_reallocate_root_table+0x12d/0x141 [ 0.004000] acpi_early_init+0x4d/0x10a [ 0.004000] start_kernel+0x3eb/0x4a1 [ 0.004000] ? set_init_arg+0x55/0x55 [ 0.004000] xen_start_kernel+0x528/0x532 [ 0.004000] Code: 48 01 e8 48 0f 42 15 a2 fd be 00 48 01 d0 48 ba 00 00 00 00 00 ea ff ff 48 c1 e8 0c 48 c1 e0 06 48 01 d0 48 8b 00 f6 c4 02 75 5d <4c> 89 65 00 5b 5d 41 5c c3 65 8b 05 52 9f fe 7e 89 c0 48 0f a3 [ 0.004000] RIP: xen_set_pud+0x4e/0xd0 RSP: ffffffff81c03cd8 [ 0.004000] CR2: ffff8801ead19008 [ 0.004000] ---[ end trace 38eca2e56f1b642e ]--- Avoid this problem by not deferring struct page initialization when running as Xen pv guest. Pavel said: : This is unique for Xen, so this particular issue won't effect other : configurations. I am going to investigate if there is a way to : re-enable deferred page initialization on xen guests. [akpm(a)linux-foundation.org: explicitly include xen.h] Link: http://lkml.kernel.org/r/20180216154101.22865-1-jgross@suse.com Fixes: f7f99100d8d95d ("mm: stop zeroing memory during allocation in vmemmap") Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Bob Picco <bob.picco(a)oracle.com> Cc: <stable(a)vger.kernel.org> [4.15.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 4 ++++ 1 file changed, 4 insertions(+) diff -puN mm/page_alloc.c~mm-dont-defer-struct-page-initialization-for-xen-pv-guests mm/page_alloc.c --- a/mm/page_alloc.c~mm-dont-defer-struct-page-initialization-for-xen-pv-guests +++ a/mm/page_alloc.c @@ -46,6 +46,7 @@ #include <linux/stop_machine.h> #include <linux/sort.h> #include <linux/pfn.h> +#include <xen/xen.h> #include <linux/backing-dev.h> #include <linux/fault-inject.h> #include <linux/page-isolation.h> @@ -347,6 +348,9 @@ static inline bool update_defer_init(pg_ /* Always populate low zones for address-constrained allocations */ if (zone_end < pgdat_end_pfn(pgdat)) return true; + /* Xen PV domains need page structures early */ + if (xen_pv_domain()) + return true; (*nr_initialised)++; if ((*nr_initialised > pgdat->static_init_pgcnt) && (pfn & (PAGES_PER_SECTION - 1)) == 0) { _ Patches currently in -mm which might be from jgross(a)suse.com are

7 years, 2 months

1
0
0 0

[merged] vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems has been removed from the -mm tree. Its filename was vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems Kai Heng Feng has noticed that BUG_ON(PageHighMem(pg)) triggers in drivers/media/common/saa7146/saa7146_core.c since 19809c2da28a ("mm, vmalloc: use __GFP_HIGHMEM implicitly"). saa7146_vmalloc_build_pgtable uses vmalloc_32 and it is reasonable to expect that the resulting page is not in highmem. The above commit aimed to add __GFP_HIGHMEM only for those requests which do not specify any zone modifier gfp flag. vmalloc_32 relies on GFP_VMALLOC32 which should do the right thing. Except it has been missed that GFP_VMALLOC32 is an alias for GFP_KERNEL on 32b architectures. Thanks to Matthew to notice this. Fix the problem by unconditionally setting GFP_DMA32 in GFP_VMALLOC32 for !64b arches (as a bailout). This should do the right thing and use ZONE_NORMAL which should be always below 4G on 32b systems. Debugged by Matthew Wilcox. [akpm(a)linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20180212095019.GX21609@dhcp22.suse.cz Fixes: 19809c2da28a ("mm, vmalloc: use __GFP_HIGHMEM implicitly”) Signed-off-by: Michal Hocko <mhocko(a)suse.com> Reported-by: Kai Heng Feng <kai.heng.feng(a)canonical.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Laura Abbott <labbott(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff -puN mm/vmalloc.c~vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems mm/vmalloc.c --- a/mm/vmalloc.c~vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems +++ a/mm/vmalloc.c @@ -1943,11 +1943,15 @@ void *vmalloc_exec(unsigned long size) } #if defined(CONFIG_64BIT) && defined(CONFIG_ZONE_DMA32) -#define GFP_VMALLOC32 GFP_DMA32 | GFP_KERNEL +#define GFP_VMALLOC32 (GFP_DMA32 | GFP_KERNEL) #elif defined(CONFIG_64BIT) && defined(CONFIG_ZONE_DMA) -#define GFP_VMALLOC32 GFP_DMA | GFP_KERNEL +#define GFP_VMALLOC32 (GFP_DMA | GFP_KERNEL) #else -#define GFP_VMALLOC32 GFP_KERNEL +/* + * 64b systems should always have either DMA or DMA32 zones. For others + * GFP_DMA32 should do the right thing and use the normal zone. + */ +#define GFP_VMALLOC32 GFP_DMA32 | GFP_KERNEL #endif /** _ Patches currently in -mm which might be from mhocko(a)suse.com are hugetlb-fix-surplus-pages-accounting.patch mm-oom-docs-describe-the-cgroup-aware-oom-killer-fix-2.patch mm-numa-rework-do_pages_move.patch mm-migrate-remove-reason-argument-from-new_page_t.patch mm-unclutter-thp-migration.patch mm-introduce-map_fixed_safe.patch fs-elf-drop-map_fixed-usage-from-elf_map.patch elf-enforce-map_fixed-on-overlaying-elf-segments.patch

7 years, 2 months

1
0
0 0

[merged] mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, swap, frontswap: fix THP swap if frontswap enabled has been removed from the -mm tree. Its filename was mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Huang Ying <huang.ying.caritas(a)gmail.com> Subject: mm, swap, frontswap: fix THP swap if frontswap enabled It was reported by Sergey Senozhatsky that if THP (Transparent Huge Page) and frontswap (via zswap) are both enabled, when memory goes low so that swap is triggered, segfault and memory corruption will occur in random user space applications as follow, kernel: urxvt[338]: segfault at 20 ip 00007fc08889ae0d sp 00007ffc73a7fc40 error 6 in libc-2.26.so[7fc08881a000+1ae000] #0 0x00007fc08889ae0d _int_malloc (libc.so.6) #1 0x00007fc08889c2f3 malloc (libc.so.6) #2 0x0000560e6004bff7 _Z14rxvt_wcstoutf8PKwi (urxvt) #3 0x0000560e6005e75c n/a (urxvt) #4 0x0000560e6007d9f1 _ZN16rxvt_perl_interp6invokeEP9rxvt_term9hook_typez (urxvt) #5 0x0000560e6003d988 _ZN9rxvt_term9cmd_parseEv (urxvt) #6 0x0000560e60042804 _ZN9rxvt_term6pty_cbERN2ev2ioEi (urxvt) #7 0x0000560e6005c10f _Z17ev_invoke_pendingv (urxvt) #8 0x0000560e6005cb55 ev_run (urxvt) #9 0x0000560e6003b9b9 main (urxvt) #10 0x00007fc08883af4a __libc_start_main (libc.so.6) #11 0x0000560e6003f9da _start (urxvt) After bisection, it was found the first bad commit is bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out"). The root cause is as follows: When the pages are written to swap device during swapping out in swap_writepage(), zswap (fontswap) is tried to compress the pages to improve performance. But zswap (frontswap) will treat THP as a normal page, so only the head page is saved. After swapping in, tail pages will not be restored to their original contents, causing memory corruption in the applications. This is fixed by refusing to save page in the frontswap store functions if the page is a THP. So that the THP will be swapped out to swap device. Another choice is to split THP if frontswap is enabled. But it is found that the frontswap enabling isn't flexible. For example, if CONFIG_ZSWAP=y (cannot be module), frontswap will be enabled even if zswap itself isn't enabled. Frontswap has multiple backends, to make it easy for one backend to enable THP support, the THP checking is put in backend frontswap store functions instead of the general interfaces. Link: http://lkml.kernel.org/r/20180209084947.22749-1-ying.huang@intel.com Fixes: bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Reported-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Tested-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Suggested-by: Minchan Kim <minchan(a)kernel.org> [put THP checking in backend] Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Shaohua Li <shli(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: <stable(a)vger.kernel.org> [4.14] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/xen/tmem.c | 4 ++++ mm/zswap.c | 6 ++++++ 2 files changed, 10 insertions(+) diff -puN drivers/xen/tmem.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 drivers/xen/tmem.c --- a/drivers/xen/tmem.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 +++ a/drivers/xen/tmem.c @@ -284,6 +284,10 @@ static int tmem_frontswap_store(unsigned int pool = tmem_frontswap_poolid; int ret; + /* THP isn't supported */ + if (PageTransHuge(page)) + return -1; + if (pool < 0) return -1; if (ind64 != ind) diff -puN mm/zswap.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 mm/zswap.c --- a/mm/zswap.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 +++ a/mm/zswap.c @@ -1007,6 +1007,12 @@ static int zswap_frontswap_store(unsigne u8 *src, *dst; struct zswap_header zhdr = { .swpentry = swp_entry(type, offset) }; + /* THP isn't supported */ + if (PageTransHuge(page)) { + ret = -EINVAL; + goto reject; + } + if (!zswap_enabled || !tree) { ret = -ENODEV; goto reject; _ Patches currently in -mm which might be from huang.ying.caritas(a)gmail.com are

7 years, 2 months

1
0
0 0

[merged] kbuild-always-define-endianess-in-kconfigh.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: Kbuild: always define endianess in kconfig.h has been removed from the -mm tree. Its filename was kbuild-always-define-endianess-in-kconfigh.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: Kbuild: always define endianess in kconfig.h Build testing with LTO found a couple of files that get compiled differently depending on whether asm/byteorder.h gets included early enough or not. In particular, include/asm-generic/qrwlock_types.h is affected by this, but there are probably others as well. The symptom is a series of LTO link time warnings, including these: net/netlabel/netlabel_unlabeled.h:223: error: type of 'netlbl_unlhsh_add' does not match original declaration [-Werror=lto-type-mismatch] int netlbl_unlhsh_add(struct net *net, net/netlabel/netlabel_unlabeled.c:377: note: 'netlbl_unlhsh_add' was previously declared here include/net/ipv6.h:360: error: type of 'ipv6_renew_options_kern' does not match original declaration [-Werror=lto-type-mismatch] ipv6_renew_options_kern(struct sock *sk, net/ipv6/exthdrs.c:1162: note: 'ipv6_renew_options_kern' was previously declared here net/core/dev.c:761: note: 'dev_get_by_name_rcu' was previously declared here struct net_device *dev_get_by_name_rcu(struct net *net, const char *name) net/core/dev.c:761: note: code may be misoptimized unless -fno-strict-aliasing is used drivers/gpu/drm/i915/i915_drv.h:3377: error: type of 'i915_gem_object_set_to_wc_domain' does not match original declaration [-Werror=lto-type-mismatch] i915_gem_object_set_to_wc_domain(struct drm_i915_gem_object *obj, bool write); drivers/gpu/drm/i915/i915_gem.c:3639: note: 'i915_gem_object_set_to_wc_domain' was previously declared here include/linux/debugfs.h:92:9: error: type of 'debugfs_attr_read' does not match original declaration [-Werror=lto-type-mismatch] ssize_t debugfs_attr_read(struct file *file, char __user *buf, fs/debugfs/file.c:318: note: 'debugfs_attr_read' was previously declared here include/linux/rwlock_api_smp.h:30: error: type of '_raw_read_unlock' does not match original declaration [-Werror=lto-type-mismatch] void __lockfunc _raw_read_unlock(rwlock_t *lock) __releases(lock); kernel/locking/spinlock.c:246:26: note: '_raw_read_unlock' was previously declared here include/linux/fs.h:3308:5: error: type of 'simple_attr_open' does not match original declaration [-Werror=lto-type-mismatch] int simple_attr_open(struct inode *inode, struct file *file, fs/libfs.c:795: note: 'simple_attr_open' was previously declared here All of the above are caused by include/asm-generic/qrwlock_types.h failing to include asm/byteorder.h after commit e0d02285f16e ("locking/qrwlock: Use 'struct qrwlock' instead of 'struct __qrwlock'") in linux-4.15. Similar bugs may or may not exist in older kernels as well, but there is no easy way to test those with link-time optimizations, and kernels before 4.14 are harder to fix because they don't have Babu's patch series We had similar issues with CONFIG_ symbols in the past and ended up always including the configuration headers though linux/kconfig.h. This works around the issue through that same file, defining either __BIG_ENDIAN or __LITTLE_ENDIAN depending on CONFIG_CPU_BIG_ENDIAN, which is now always set on all architectures since commit 4c97a0c8fee3 ("arch: define CPU_BIG_ENDIAN for all fixed big endian archs"). Link: http://lkml.kernel.org/r/20180202154104.1522809-2-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Cc: Babu Moger <babu.moger(a)amd.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: Nicolas Pitre <nico(a)linaro.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will.deacon(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kconfig.h | 6 ++++++ 1 file changed, 6 insertions(+) diff -puN include/linux/kconfig.h~kbuild-always-define-endianess-in-kconfigh include/linux/kconfig.h --- a/include/linux/kconfig.h~kbuild-always-define-endianess-in-kconfigh +++ a/include/linux/kconfig.h @@ -4,6 +4,12 @@ #include <generated/autoconf.h> +#ifdef CONFIG_CPU_BIG_ENDIAN +#define __BIG_ENDIAN 4321 +#else +#define __LITTLE_ENDIAN 1234 +#endif + #define __ARG_PLACEHOLDER_1 0, #define __take_second_arg(__ignored, val, ...) val _ Patches currently in -mm which might be from arnd(a)arndb.de are

7 years, 2 months

1
0
0 0

[PATCH] bcache: decouple emitting a cached_dev CHANGE uevent

by Joseph Salisbury

From: Ryan Harper <ryan.harper(a)canonical.com> BugLink: http://bugs.launchpad.net/bugs/1729145 A bug is preventing /dev/bcache/by-uuid links from being created after reboot. It appears that since the initramfs loads the bcache module which probes and finds all of the cache devices and backing devices then once the rootfs is mounted and udev gets to run, the bcache kernel module does not emit the CACHED_UUID value into the environment if the underlying devices are already registered. With this patch, instead of just failing with "device already registered" the kernel emits another uevent with CACHED_UUID which would be processed another time to set up a symlink. - decouple emitting a cached_dev CHANGE uevent which includes dev.uuid and dev.label from bch_cached_dev_run() which only happens when a bcacheX device is bound to the actual backing block device (bcache0 -> vdb) - update bch_cached_dev_run() to invoke bch_cached_dev_emit_change() as needed; no functional code path changes here - Modify register_bcache to detect a re-registering of a bcache cached_dev, and in that case call bcache_cached_dev_emit_change() to Cc: stable(a)vger.kernel.org Signed-off-by: Ryan Harper <ryan.harper(a)canonical.com> Signed-off-by: Joseph Salisbury <joseph.salisbury(a)canonical.com> --- drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/super.c | 53 +++++++++++++++++++++++++++++++++++++--------- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 02619ca..8ed7e7a 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -906,6 +906,7 @@ int bch_flash_dev_create(struct cache_set *c, uint64_t size); int bch_cached_dev_attach(struct cached_dev *, struct cache_set *); void bch_cached_dev_detach(struct cached_dev *); +void bch_cached_dev_emit_change(struct cached_dev *); void bch_cached_dev_run(struct cached_dev *); void bcache_device_stop(struct bcache_device *); diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 04608da..9ff0aac 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -834,7 +834,7 @@ static void calc_cached_dev_sectors(struct cache_set *c) c->cached_dev_sectors = sectors; } -void bch_cached_dev_run(struct cached_dev *dc) +void bch_cached_dev_emit_change(struct cached_dev *dc) { struct bcache_device *d = &dc->disk; char buf[SB_LABEL_SIZE + 1]; @@ -849,9 +849,18 @@ void bch_cached_dev_run(struct cached_dev *dc) buf[SB_LABEL_SIZE] = '\0'; env[2] = kasprintf(GFP_KERNEL, "CACHED_LABEL=%s", buf); + /* won't show up in the uevent file, use udevadm monitor -e instead + * only class / kset properties are persistent */ + kobject_uevent_env(&disk_to_dev(d->disk)->kobj, KOBJ_CHANGE, env); + kfree(env[1]); + kfree(env[2]); + +} + +void bch_cached_dev_run(struct cached_dev *dc) +{ + struct bcache_device *d = &dc->disk; if (atomic_xchg(&dc->running, 1)) { - kfree(env[1]); - kfree(env[2]); return; } @@ -867,11 +876,9 @@ void bch_cached_dev_run(struct cached_dev *dc) add_disk(d->disk); bd_link_disk_holder(dc->bdev, dc->disk.disk); - /* won't show up in the uevent file, use udevadm monitor -e instead - * only class / kset properties are persistent */ - kobject_uevent_env(&disk_to_dev(d->disk)->kobj, KOBJ_CHANGE, env); - kfree(env[1]); - kfree(env[2]); + + /* emit change event */ + bch_cached_dev_emit_change(dc); if (sysfs_create_link(&d->kobj, &disk_to_dev(d->disk)->kobj, "dev") || sysfs_create_link(&disk_to_dev(d->disk)->kobj, &d->kobj, "bcache")) @@ -1916,6 +1923,21 @@ static bool bch_is_open_backing(struct block_device *bdev) { return false; } +static struct cached_dev *bch_find_cached_dev(struct block_device *bdev) { + struct cache_set *c, *tc; + struct cached_dev *dc, *t; + + list_for_each_entry_safe(c, tc, &bch_cache_sets, list) + list_for_each_entry_safe(dc, t, &c->cached_devs, list) + if (dc->bdev == bdev) + return dc; + list_for_each_entry_safe(dc, t, &uncached_devices, list) + if (dc->bdev == bdev) + return dc; + + return NULL; +} + static bool bch_is_open_cache(struct block_device *bdev) { struct cache_set *c, *tc; struct cache *ca; @@ -1941,6 +1963,7 @@ static ssize_t register_bcache(struct kobject *k, struct kobj_attribute *attr, struct cache_sb *sb = NULL; struct block_device *bdev = NULL; struct page *sb_page = NULL; + struct cached_dev *dc = NULL; if (!try_module_get(THIS_MODULE)) return -EBUSY; @@ -1957,10 +1980,20 @@ static ssize_t register_bcache(struct kobject *k, struct kobj_attribute *attr, if (bdev == ERR_PTR(-EBUSY)) { bdev = lookup_bdev(strim(path), 0); mutex_lock(&bch_register_lock); - if (!IS_ERR(bdev) && bch_is_open(bdev)) + if (!IS_ERR(bdev) && bch_is_open(bdev)) { err = "device already registered"; - else + /* emit CHANGE event for backing devices to export + * CACHED_{UUID/LABEL} values to udev */ + if (bch_is_open_backing(bdev)) { + dc = bch_find_cached_dev(bdev); + if (dc) { + bch_cached_dev_emit_change(dc); + err = "device already registered (emitting change event)"; + } + } + } else { err = "device busy"; + } mutex_unlock(&bch_register_lock); if (!IS_ERR(bdev)) bdput(bdev); -- 2.7.4

7 years, 2 months

1
0
0 0

[added to the stable tree] Bluetooth: btusb: fix QCA Rome suspend/resume

by Sasha Levin

From: Leif Liddy <leif.linux(a)gmail.com> This patch has been added to the stable tree. If you have any objections, please let us know. =============== [ Upstream commit fd865802c66bc451dc515ed89360f84376ce1a56 ] There's been numerous reported instances where BTUSB_QCA_ROME bluetooth controllers stop functioning upon resume from suspend. These devices seem to be losing power during suspend. Patch will detect a status change on resume and perform a reset. Signed-off-by: Leif Liddy <leif.linux(a)gmail.com> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/bluetooth/btusb.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 32f5b87fe93c..b17bd3fc74cb 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3207,6 +3207,12 @@ static int btusb_probe(struct usb_interface *intf, if (id->driver_info & BTUSB_QCA_ROME) { data->setup_on_usb = btusb_setup_qca; hdev->set_bdaddr = btusb_set_bdaddr_ath3012; + + /* QCA Rome devices lose their updated firmware over suspend, + * but the USB hub doesn't notice any status change. + * Explicitly request a device reset on resume. + */ + set_bit(BTUSB_RESET_RESUME, &data->flags); } if (id->driver_info & BTUSB_REALTEK) -- 2.14.1

7 years, 2 months

1
56
0 0

[PATCH] KVM: x86: fix vcpu initialization with userspace lapic

by Radim Krčmář

Moving the code around broke this rare configuration. Use this opportunity to finally call lapic reset from vcpu reset. Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Suggested-by: Paolo Bonzini <pbonzini(a)redhat.com> Fixes: 0b2e9904c159 ("KVM: x86: move LAPIC initialization after VMCS creation") Cc: stable(a)vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> --- arch/x86/kvm/lapic.c | 10 ++++------ arch/x86/kvm/x86.c | 3 ++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index cc5fe7a50dde..391dda8d43b7 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2002,14 +2002,13 @@ void kvm_lapic_set_base(struct kvm_vcpu *vcpu, u64 value) void kvm_lapic_reset(struct kvm_vcpu *vcpu, bool init_event) { - struct kvm_lapic *apic; + struct kvm_lapic *apic = vcpu->arch.apic; int i; - apic_debug("%s\n", __func__); + if (!apic) + return; - ASSERT(vcpu); - apic = vcpu->arch.apic; - ASSERT(apic != NULL); + apic_debug("%s\n", __func__); /* Stop the timer in case it's a reset to an active apic */ hrtimer_cancel(&apic->lapic_timer.timer); @@ -2568,7 +2567,6 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu) pe = xchg(&apic->pending_events, 0); if (test_bit(KVM_APIC_INIT, &pe)) { - kvm_lapic_reset(vcpu, true); kvm_vcpu_reset(vcpu, true); if (kvm_vcpu_is_bsp(apic->vcpu)) vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1a3ed81031f1..3f96b51d0495 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -8123,7 +8123,6 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu) kvm_vcpu_mtrr_init(vcpu); vcpu_load(vcpu); kvm_vcpu_reset(vcpu, false); - kvm_lapic_reset(vcpu, false); kvm_mmu_setup(vcpu); vcpu_put(vcpu); return 0; @@ -8166,6 +8165,8 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) { + kvm_lapic_reset(vcpu, init_event); + vcpu->arch.hflags = 0; vcpu->arch.smi_pending = 0; -- 2.15.1

7 years, 2 months

3
2
0 0

[Linux-stable-mirror] FAILED: patch "[PATCH] tpm-dev-common: Reject too short writes" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ee70bc1e7b63ac8023c9ff9475d8741e397316e7 Mon Sep 17 00:00:00 2001 From: Alexander Steffen <Alexander.Steffen(a)infineon.com> Date: Fri, 8 Sep 2017 17:21:32 +0200 Subject: [PATCH] tpm-dev-common: Reject too short writes tpm_transmit() does not offer an explicit interface to indicate the number of valid bytes in the communication buffer. Instead, it relies on the commandSize field in the TPM header that is encoded within the buffer. Therefore, ensure that a) enough data has been written to the buffer, so that the commandSize field is present and b) the commandSize field does not announce more data than has been written to the buffer. This should have been fixed with CVE-2011-1161 long ago, but apparently a correct version of that patch never made it into the kernel. Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Steffen <Alexander.Steffen(a)infineon.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c index 610638a80383..461bf0b8a094 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -110,6 +110,12 @@ ssize_t tpm_common_write(struct file *file, const char __user *buf, return -EFAULT; } + if (in_size < 6 || + in_size < be32_to_cpu(*((__be32 *) (priv->data_buffer + 2)))) { + mutex_unlock(&priv->buffer_mutex); + return -EINVAL; + } + /* atomic tpm command send and result receive. We only hold the ops * lock during this period so that the tpm can be unregistered even if * the char dev is held open.

7 years, 2 months

3
2
0 0

[PATCH] drm/i915/perf: fix perf stream opening lock

by Lionel Landwerlin

We're seeing on CI that some contexts don't have the programmed OA period timer that directs the OA unit on how often to write reports. The issue is that we're not holding the drm lock from when we edit the context images down to when we set the exclusive_stream variable. This leaves a window for the deferred context allocation to call i915_oa_init_reg_state() that will not program the expected OA timer value, because we haven't set the exclusive_stream yet. Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Fixes: 701f8231a2f ("drm/i915/perf: prune OA configs") Cc: <stable(a)vger.kernel.org> # v4.14+ Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102254 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103715 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103755 --- drivers/gpu/drm/i915/i915_perf.c | 41 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index 2741b1bc7095..7016abfc8ba9 100644 --- a/drivers/gpu/drm/i915/i915_perf.c +++ b/drivers/gpu/drm/i915/i915_perf.c @@ -1757,21 +1757,16 @@ static int gen8_switch_to_updated_kernel_context(struct drm_i915_private *dev_pr */ static int gen8_configure_all_contexts(struct drm_i915_private *dev_priv, const struct i915_oa_config *oa_config, - bool interruptible) + bool need_lock) { struct i915_gem_context *ctx; int ret; unsigned int wait_flags = I915_WAIT_LOCKED; - if (interruptible) { - ret = i915_mutex_lock_interruptible(&dev_priv->drm); - if (ret) - return ret; - - wait_flags |= I915_WAIT_INTERRUPTIBLE; - } else { + if (need_lock) mutex_lock(&dev_priv->drm.struct_mutex); - } + + lockdep_assert_held(&dev_priv->drm.struct_mutex); /* Switch away from any user context. */ ret = gen8_switch_to_updated_kernel_context(dev_priv, oa_config); @@ -1819,7 +1814,8 @@ static int gen8_configure_all_contexts(struct drm_i915_private *dev_priv, } out: - mutex_unlock(&dev_priv->drm.struct_mutex); + if (need_lock) + mutex_unlock(&dev_priv->drm.struct_mutex); return ret; } @@ -1863,7 +1859,7 @@ static int gen8_enable_metric_set(struct drm_i915_private *dev_priv, * to make sure all slices/subslices are ON before writing to NOA * registers. */ - ret = gen8_configure_all_contexts(dev_priv, oa_config, true); + ret = gen8_configure_all_contexts(dev_priv, oa_config, false); if (ret) return ret; @@ -1878,7 +1874,7 @@ static int gen8_enable_metric_set(struct drm_i915_private *dev_priv, static void gen8_disable_metric_set(struct drm_i915_private *dev_priv) { /* Reset all contexts' slices/subslices configurations. */ - gen8_configure_all_contexts(dev_priv, NULL, false); + gen8_configure_all_contexts(dev_priv, NULL, true); I915_WRITE(GDT_CHICKEN_BITS, (I915_READ(GDT_CHICKEN_BITS) & ~GT_NOA_ENABLE)); @@ -1888,7 +1884,7 @@ static void gen8_disable_metric_set(struct drm_i915_private *dev_priv) static void gen10_disable_metric_set(struct drm_i915_private *dev_priv) { /* Reset all contexts' slices/subslices configurations. */ - gen8_configure_all_contexts(dev_priv, NULL, false); + gen8_configure_all_contexts(dev_priv, NULL, true); /* Make sure we disable noa to save power. */ I915_WRITE(RPM_CONFIG1, @@ -2138,13 +2134,6 @@ static int i915_oa_stream_init(struct i915_perf_stream *stream, if (ret) goto err_oa_buf_alloc; - ret = dev_priv->perf.oa.ops.enable_metric_set(dev_priv, - stream->oa_config); - if (ret) - goto err_enable; - - stream->ops = &i915_oa_stream_ops; - /* Lock device for exclusive_stream access late because * enable_metric_set() might lock as well on gen8+. */ @@ -2152,16 +2141,24 @@ static int i915_oa_stream_init(struct i915_perf_stream *stream, if (ret) goto err_lock; + ret = dev_priv->perf.oa.ops.enable_metric_set(dev_priv, + stream->oa_config); + if (ret) + goto err_enable; + + stream->ops = &i915_oa_stream_ops; + dev_priv->perf.oa.exclusive_stream = stream; mutex_unlock(&dev_priv->drm.struct_mutex); return 0; -err_lock: +err_enable: + mutex_unlock(&dev_priv->drm.struct_mutex); dev_priv->perf.oa.ops.disable_metric_set(dev_priv); -err_enable: +err_lock: free_oa_buffer(dev_priv); err_oa_buf_alloc: -- 2.16.1

7 years, 2 months

3
3
0 0

[PATCH v3] pwm: mediatek: fix up PWM4 and PWM5 malfunction on MT7623

by sean.wang＠mediatek.com

From: Sean Wang <sean.wang(a)mediatek.com> Since the offset for both registers, PWMDWIDTH and PWMTHRES, used to control PWM4 or PWM5 are distinct from the other PWMs, whose wrong programming on PWM hardware causes waveform cannot be output as expected. Thus, the patch adds the extra condition for fixing up the weird case to let PWM4 or PWM5 able to work on MT7623. v1 -> v2: use pwm45_fixup naming instead of pwm45_quirk v2 -> v3: add more tags for Reviewed-by, Fixes, and Cc stable Cc: stable(a)vger.kernel.org Fixes: caf065f8fd58 ("pwm: Add MediaTek PWM support") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Reviewed-by: Matthias Brugger <matthias.bgg(a)gmail.com> Cc: Zhi Mao <zhi.mao(a)mediatek.com> Cc: John Crispin <john(a)phrozen.org> Cc: Matthias Brugger <matthias.bgg(a)gmail.com> --- drivers/pwm/pwm-mediatek.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/drivers/pwm/pwm-mediatek.c b/drivers/pwm/pwm-mediatek.c index f5d97e0..796baea 100644 --- a/drivers/pwm/pwm-mediatek.c +++ b/drivers/pwm/pwm-mediatek.c @@ -29,7 +29,9 @@ #define PWMGDUR 0x0c #define PWMWAVENUM 0x28 #define PWMDWIDTH 0x2c +#define PWM45DWIDTH_FIXUP 0x30 #define PWMTHRES 0x30 +#define PWM45THRES_FIXUP 0x34 #define PWM_CLK_DIV_MAX 7 @@ -54,6 +56,7 @@ static const char * const mtk_pwm_clk_name[MTK_CLK_MAX] = { struct mtk_pwm_platform_data { unsigned int num_pwms; + bool pwm45_fixup; }; /** @@ -66,6 +69,7 @@ struct mtk_pwm_chip { struct pwm_chip chip; void __iomem *regs; struct clk *clks[MTK_CLK_MAX]; + const struct mtk_pwm_platform_data *soc; }; static const unsigned int mtk_pwm_reg_offset[] = { @@ -131,7 +135,8 @@ static int mtk_pwm_config(struct pwm_chip *chip, struct pwm_device *pwm, { struct mtk_pwm_chip *pc = to_mtk_pwm_chip(chip); struct clk *clk = pc->clks[MTK_CLK_PWM1 + pwm->hwpwm]; - u32 resolution, clkdiv = 0; + u32 resolution, clkdiv = 0, reg_width = PWMDWIDTH, + reg_thres = PWMTHRES; int ret; ret = mtk_pwm_clk_enable(chip, pwm); @@ -151,9 +156,18 @@ static int mtk_pwm_config(struct pwm_chip *chip, struct pwm_device *pwm, return -EINVAL; } + if (pc->soc->pwm45_fixup && pwm->hwpwm > 2) { + /* + * PWM[4,5] has distinct offset for PWMDWIDTH and PWMTHRES + * from the other PWMs on MT7623. + */ + reg_width = PWM45DWIDTH_FIXUP; + reg_thres = PWM45THRES_FIXUP; + } + mtk_pwm_writel(pc, pwm->hwpwm, PWMCON, BIT(15) | clkdiv); - mtk_pwm_writel(pc, pwm->hwpwm, PWMDWIDTH, period_ns / resolution); - mtk_pwm_writel(pc, pwm->hwpwm, PWMTHRES, duty_ns / resolution); + mtk_pwm_writel(pc, pwm->hwpwm, reg_width, period_ns / resolution); + mtk_pwm_writel(pc, pwm->hwpwm, reg_thres, duty_ns / resolution); mtk_pwm_clk_disable(chip, pwm); @@ -211,6 +225,7 @@ static int mtk_pwm_probe(struct platform_device *pdev) data = of_device_get_match_data(&pdev->dev); if (data == NULL) return -EINVAL; + pc->soc = data; res = platform_get_resource(pdev, IORESOURCE_MEM, 0); pc->regs = devm_ioremap_resource(&pdev->dev, res); @@ -251,14 +266,17 @@ static int mtk_pwm_remove(struct platform_device *pdev) static const struct mtk_pwm_platform_data mt2712_pwm_data = { .num_pwms = 8, + .pwm45_fixup = false, }; static const struct mtk_pwm_platform_data mt7622_pwm_data = { .num_pwms = 6, + .pwm45_fixup = false, }; static const struct mtk_pwm_platform_data mt7623_pwm_data = { .num_pwms = 5, + .pwm45_fixup = true, }; static const struct of_device_id mtk_pwm_of_match[] = { -- 2.7.4

7 years, 2 months

1
0
0 0

[PATCH] drm/amdgpu: used cached pcie gen info for SI (v2)

by Alex Deucher

Rather than querying it every time we need it. Also fixes a crash in VM pass through if there is no root bridge because the cached value fetch already checks this properly. v2: fix includes Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=105244 Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/si.c | 22 ++++++++-------- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 50 ++++++++++--------------------------- 2 files changed, 23 insertions(+), 49 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c index f20c4b7414e8..6e61b56bfbfc 100644 --- a/drivers/gpu/drm/amd/amdgpu/si.c +++ b/drivers/gpu/drm/amd/amdgpu/si.c @@ -31,6 +31,7 @@ #include "amdgpu_uvd.h" #include "amdgpu_vce.h" #include "atom.h" +#include "amd_pcie.h" #include "amdgpu_powerplay.h" #include "sid.h" #include "si_ih.h" @@ -1484,8 +1485,8 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev) { struct pci_dev *root = adev->pdev->bus->self; int bridge_pos, gpu_pos; - u32 speed_cntl, mask, current_data_rate; - int ret, i; + u32 speed_cntl, current_data_rate; + int i; u16 tmp16; if (pci_is_root_bus(adev->pdev->bus)) @@ -1497,23 +1498,20 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev) if (adev->flags & AMD_IS_APU) return; - ret = drm_pcie_get_speed_cap_mask(adev->ddev, &mask); - if (ret != 0) - return; - - if (!(mask & (DRM_PCIE_SPEED_50 | DRM_PCIE_SPEED_80))) + if (!(adev->pm.pcie_gen_mask & (CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2 | + CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3))) return; speed_cntl = RREG32_PCIE_PORT(PCIE_LC_SPEED_CNTL); current_data_rate = (speed_cntl & LC_CURRENT_DATA_RATE_MASK) >> LC_CURRENT_DATA_RATE_SHIFT; - if (mask & DRM_PCIE_SPEED_80) { + if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) { if (current_data_rate == 2) { DRM_INFO("PCIE gen 3 link speeds already enabled\n"); return; } DRM_INFO("enabling PCIE gen 3 link speeds, disable with amdgpu.pcie_gen2=0\n"); - } else if (mask & DRM_PCIE_SPEED_50) { + } else if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2) { if (current_data_rate == 1) { DRM_INFO("PCIE gen 2 link speeds already enabled\n"); return; @@ -1529,7 +1527,7 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev) if (!gpu_pos) return; - if (mask & DRM_PCIE_SPEED_80) { + if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) { if (current_data_rate != 2) { u16 bridge_cfg, gpu_cfg; u16 bridge_cfg2, gpu_cfg2; @@ -1612,9 +1610,9 @@ static void si_pcie_gen3_enable(struct amdgpu_device *adev) pci_read_config_word(adev->pdev, gpu_pos + PCI_EXP_LNKCTL2, &tmp16); tmp16 &= ~0xf; - if (mask & DRM_PCIE_SPEED_80) + if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) tmp16 |= 3; - else if (mask & DRM_PCIE_SPEED_50) + else if (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN2) tmp16 |= 2; else tmp16 |= 1; diff --git a/drivers/gpu/drm/amd/amdgpu/si_dpm.c b/drivers/gpu/drm/amd/amdgpu/si_dpm.c index 8138053fcef1..8137c02fd16a 100644 --- a/drivers/gpu/drm/amd/amdgpu/si_dpm.c +++ b/drivers/gpu/drm/amd/amdgpu/si_dpm.c @@ -26,6 +26,7 @@ #include "amdgpu_pm.h" #include "amdgpu_dpm.h" #include "amdgpu_atombios.h" +#include "amd_pcie.h" #include "sid.h" #include "r600_dpm.h" #include "si_dpm.h" @@ -3331,29 +3332,6 @@ static void btc_apply_voltage_delta_rules(struct amdgpu_device *adev, } } -static enum amdgpu_pcie_gen r600_get_pcie_gen_support(struct amdgpu_device *adev, - u32 sys_mask, - enum amdgpu_pcie_gen asic_gen, - enum amdgpu_pcie_gen default_gen) -{ - switch (asic_gen) { - case AMDGPU_PCIE_GEN1: - return AMDGPU_PCIE_GEN1; - case AMDGPU_PCIE_GEN2: - return AMDGPU_PCIE_GEN2; - case AMDGPU_PCIE_GEN3: - return AMDGPU_PCIE_GEN3; - default: - if ((sys_mask & DRM_PCIE_SPEED_80) && (default_gen == AMDGPU_PCIE_GEN3)) - return AMDGPU_PCIE_GEN3; - else if ((sys_mask & DRM_PCIE_SPEED_50) && (default_gen == AMDGPU_PCIE_GEN2)) - return AMDGPU_PCIE_GEN2; - else - return AMDGPU_PCIE_GEN1; - } - return AMDGPU_PCIE_GEN1; -} - static void r600_calculate_u_and_p(u32 i, u32 r_c, u32 p_b, u32 *p, u32 *u) { @@ -5028,10 +5006,11 @@ static int si_populate_smc_acpi_state(struct amdgpu_device *adev, table->ACPIState.levels[0].vddc.index, &table->ACPIState.levels[0].std_vddc); } - table->ACPIState.levels[0].gen2PCIE = (u8)r600_get_pcie_gen_support(adev, - si_pi->sys_pcie_mask, - si_pi->boot_pcie_gen, - AMDGPU_PCIE_GEN1); + table->ACPIState.levels[0].gen2PCIE = + (u8)amdgpu_get_pcie_gen_support(adev, + si_pi->sys_pcie_mask, + si_pi->boot_pcie_gen, + AMDGPU_PCIE_GEN1); if (si_pi->vddc_phase_shed_control) si_populate_phase_shedding_value(adev, @@ -7168,10 +7147,10 @@ static void si_parse_pplib_clock_info(struct amdgpu_device *adev, pl->vddc = le16_to_cpu(clock_info->si.usVDDC); pl->vddci = le16_to_cpu(clock_info->si.usVDDCI); pl->flags = le32_to_cpu(clock_info->si.ulFlags); - pl->pcie_gen = r600_get_pcie_gen_support(adev, - si_pi->sys_pcie_mask, - si_pi->boot_pcie_gen, - clock_info->si.ucPCIEGen); + pl->pcie_gen = amdgpu_get_pcie_gen_support(adev, + si_pi->sys_pcie_mask, + si_pi->boot_pcie_gen, + clock_info->si.ucPCIEGen); /* patch up vddc if necessary */ ret = si_get_leakage_voltage_from_leakage_index(adev, pl->vddc, @@ -7326,7 +7305,6 @@ static int si_dpm_init(struct amdgpu_device *adev) struct si_power_info *si_pi; struct atom_clock_dividers dividers; int ret; - u32 mask; si_pi = kzalloc(sizeof(struct si_power_info), GFP_KERNEL); if (si_pi == NULL) @@ -7336,11 +7314,9 @@ static int si_dpm_init(struct amdgpu_device *adev) eg_pi = &ni_pi->eg; pi = &eg_pi->rv7xx; - ret = drm_pcie_get_speed_cap_mask(adev->ddev, &mask); - if (ret) - si_pi->sys_pcie_mask = 0; - else - si_pi->sys_pcie_mask = mask; + si_pi->sys_pcie_mask = + (adev->pm.pcie_gen_mask & CAIL_PCIE_LINK_SPEED_SUPPORT_MASK) >> + CAIL_PCIE_LINK_SPEED_SUPPORT_SHIFT; si_pi->force_pcie_gen = AMDGPU_PCIE_GEN_INVALID; si_pi->boot_pcie_gen = si_get_current_pcie_speed(adev); -- 2.13.6

7 years, 2 months

2
1
0 0

[PATCH] Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

by Kai-Heng Feng

The issue can be reproduced before commit fd865802c66b ("Bluetooth: btusb: fix QCA Rome suspend/resume") gets introduced, so the reset resume quirk is still needed for this system. T: Bus=01 Lev=01 Prnt=01 Port=13 Cnt=01 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 2.01 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0cf3 ProdID=e007 Rev=00.01 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb Cc: stable(a)vger.kernel.org Cc: Brian Norris <briannorris(a)chromium.org> Cc: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/bluetooth/btusb.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index c5cebf53eae5..e98fb5343a00 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -389,6 +389,13 @@ static const struct usb_device_id blacklist_table[] = { * the module itself. So we use a DMI list to match known broken platforms. */ static const struct dmi_system_id btusb_needs_reset_resume_table[] = { + { + /* Dell OptiPlex 3060 (QCA ROME device 0cf3:e007) */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), + DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 3060"), + }, + }, {} }; -- 2.15.1

7 years, 2 months

2
1
0 0

[PATCH] Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table

by Hans de Goede

Commit 55a9c95d70ab ("Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking"), added the Lenovo Yoga 920 to the btusb_needs_reset_resume_table. Testing has shown that this is a false positive and the problems where caused by issues with the initial fix: commit fd865802c66b ("Bluetooth: btusb: fix QCA Rome suspend/resume"), which has already been reverted. So the QCA Rome BT in the Yoga 920 does not need a reset-resume quirk at all and this commit removes it from the btusb_needs_reset_resume_table. Note that after this commit the btusb_needs_reset_resume_table is now empty. It is kept around on purpose, since this whole series of commits started for a reason and there are actually broken platforms around, which need to be added to it. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1514836 Fixes: 55a9c95d70ab ("Bluetooth: btusb: Use DMI matching for QCA ...") Cc: stable(a)vger.kernel.org Cc: Brian Norris <briannorris(a)chromium.org> Cc: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Tested-by: Kevin Fenzi <kevin(a)scrye.com> Suggested-by: Brian Norris <briannorris(a)chromium.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/bluetooth/btusb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index a4b62f0a93cc..418550eb1522 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -386,13 +386,6 @@ static const struct usb_device_id blacklist_table[] = { * the module itself. So we use a DMI list to match known broken platforms. */ static const struct dmi_system_id btusb_needs_reset_resume_table[] = { - { - /* Lenovo Yoga 920 (QCA Rome device 0cf3:e300) */ - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 920"), - }, - }, {} }; -- 2.14.3

7 years, 2 months

4
3
0 0

[PATCH 01/99] ZBOOT: fix stack protector in compressed boot phase

by Huacai Chen

Call __stack_chk_guard_setup() in decompress_kernel() is too late that stack checking always fails for decompress_kernel() itself. So remove __stack_chk_guard_setup() and initialize __stack_chk_guard at where we define it. Original code comes from ARM but also used for MIPS and SH, so fix them together. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/arm/boot/compressed/misc.c | 9 +-------- arch/mips/boot/compressed/decompress.c | 9 +-------- arch/sh/boot/compressed/misc.c | 9 +-------- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 16a8a80..43aca75 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -128,12 +128,7 @@ asmlinkage void __div0(void) error("Attempting division by 0!"); } -unsigned long __stack_chk_guard; - -void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} +unsigned long __stack_chk_guard = 0x000a0dff; void __stack_chk_fail(void) { @@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, { int ret; - __stack_chk_guard_setup(); - output_data = (unsigned char *)output_start; free_mem_ptr = free_mem_ptr_p; free_mem_end_ptr = free_mem_ptr_end_p; diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c index fdf99e9..0694b3f 100644 --- a/arch/mips/boot/compressed/decompress.c +++ b/arch/mips/boot/compressed/decompress.c @@ -76,12 +76,7 @@ void error(char *x) #include "../../../../lib/decompress_unxz.c" #endif -unsigned long __stack_chk_guard; - -void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} +unsigned long __stack_chk_guard = 0x000a0dff; void __stack_chk_fail(void) { @@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start) { unsigned long zimage_start, zimage_size; - __stack_chk_guard_setup(); - zimage_start = (unsigned long)(&__image_begin); zimage_size = (unsigned long)(&__image_end) - (unsigned long)(&__image_begin); diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c index 627ce8e..2c564c2 100644 --- a/arch/sh/boot/compressed/misc.c +++ b/arch/sh/boot/compressed/misc.c @@ -104,12 +104,7 @@ static void error(char *x) while(1); /* Halt */ } -unsigned long __stack_chk_guard; - -void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} +unsigned long __stack_chk_guard = 0x000a0dff; void __stack_chk_fail(void) { @@ -130,8 +125,6 @@ void decompress_kernel(void) { unsigned long output_addr; - __stack_chk_guard_setup(); - #ifdef CONFIG_SUPERH64 output_addr = (CONFIG_MEMORY_START + 0x2000); #else -- 2.7.0

7 years, 2 months

1
1
0 0

[PATCH 0/2 v3] mmc: dw_mmc: Fix DTO/STO timeout overflow calculation

by Evgeniy Didin

For some 32-bit architectures calculation of DTO and STO timeout can be incorrect due to multiply overflow. Lets prevent this by casting multiply and result to u64. Suggested by Jisheng Zhang. Switch DIV_ROUND_UP macro to DIV_ROUND_UP_ULL is not reasonable because overflow happens on multiply and DIV_ROUND_UP_ULL helps with sum overflow. --- Changes since v2: -add fix for cto_ms Evgeniy Didin (2): mmc: dw_mmc: Fix the DTO timeout overflow calculation for 32-bit systems mmc: dw_mmc: Fix the CTO overflow calculation for 32-bit systems drivers/mmc/host/dw_mmc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.11.0

7 years, 2 months

6
14
0 0

v4.9.85 build: 0 failures 0 warnings (v4.9.85)

by Build bot for Mark Brown

Tree/Branch: v4.9.85 Git describe: v4.9.85 Commit: c426a717c3 Linux 4.9.85 Build Time: 92 min 40 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

v4.4.119 build: 0 failures 0 warnings (v4.4.119)

by Build bot for Mark Brown

Tree/Branch: v4.4.119 Git describe: v4.4.119 Commit: 5e0c4113fc Linux 4.4.119 Build Time: 67 min 19 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

v4.15.7 build: 0 failures 1 warnings (v4.15.7)

by Build bot for Mark Brown

Tree/Branch: v4.15.7 Git describe: v4.15.7 Commit: cb4a115a42 Linux 4.15.7 Build Time: 112 min 48 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 1 1 ../include/linux/sched/mm.h:188:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/sched/mm.h:188:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 2 months

1
0
0 0

[PATCH 3.16 000/254] 3.16.55-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.55 release. There are 254 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 02 18:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Aaron Ma (2): Input: elantech - add new icbody type 15 [10d900303f1c3a821eb0bef4e7b7ece16768fba4] Input: trackpoint - force 3 buttons if 0 button is reported [f5d07b9e98022d50720e38aa936fc11c67868ece] Adam Wallis (2): dmaengine: dmatest: move callback wait queue to thread context [6f6a23a213be51728502b88741ba6a10cda2441d] dmaengine: dmatest: warn user when dma test times out [a9df21e34b422f79d9a9fa5c3eff8c2a53491be6] Alan Stern (3): USB: Gadget core: fix inconsistency in the interface tousb_add_gadget_udc_release() [afd7fd81f22bf90474216515dbd6088f9bd70343] USB: UDC core: fix double-free in usb_add_gadget_udc_release [7ae2c3c280db183ca9ada2675c34ec2f7378abfa] usb: udc: core: add device_del() call to error pathway [c93e64e91248becd0edb8f01723dff9da890e2ab] Alexey Kodanev (1): dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state [dd5684ecae3bd8e44b644f50e2c12c7e57fdfef5] Andrew Bresticker (1): mac80211_hwsim: fix compiler warning on MIPS [5d26b50813ea6206a7bbab2e645e68044f101ac5] Andrew Honig (1): KVM: x86: Add memory barrier on vmcs field lookup [75f139aaf896d6fdeec2e468ddfa4b2fe469bf40] Anshuman Khandual (1): mm/mprotect: add a cond_resched() inside change_pmd_range() [4991c09c7c812dba13ea9be79a68b4565bb1fa4e] Arnd Bergmann (1): mmc: s3mci: mark debug_regs[] as static [2bd7b4aacdb6efa5ccd4749c365c171b884791d2] Bart Van Assche (1): IB/srpt: Disable RDMA access by the initiator [bec40c26041de61162f7be9d2ce548c756ce0f65] Ben Hutchings (3): ASoC: wm_adsp: Fix validation of firmware and coeff lengths [50dd2ea8ef67a1617e0c0658bcbec4b9fb03b936] nfsd: auth: Fix gid sorting when rootsquash enabled [1995266727fa8143897e89b55f5d3c79aa828420] of: fdt: Fix return with value in void function [not upstream; fixes incorrect backport] Benjamin Herrenschmidt (1): powerpc: Don't preempt_disable() in show_cpuinfo() [349524bc0da698ec77f2057cf4a4948eb6349265] Benjamin Poirier (2): e1000e: Fix e1000_check_for_copper_link_ich8lan return value. [4110e02eb45ea447ec6f5459c9934de0a273fb91] e1000e: Separate signaling for link check/link up [19110cfbb34d4af0cdfe14cd243f3b09dc95b013] Bin Liu (1): usb: musb: da8xx: fix babble condition handling [bd3486ded7a0c313a6575343e6c2b21d14476645] Chandan Rajendra (1): ext4: fix crash when a directory's i_size is too small [9d5afec6b8bd46d6ed821aa1579634437f58ef1f] Christian Holl (1): USB: serial: cp210x: add new device ID ELV ALC 8xxx [d14ac576d10f865970bb1324d337e5e24d79aaf4] Christoph Hellwig (1): scsi: dma-mapping: always provide dma_get_cache_alignment [860dd4424f344400b491b212ee4acb3a358ba9d9] Christoph Paasch (1): tcp md5sig: Use skb's saddr when replying to an incoming segment [30791ac41927ebd3e75486f9504b6d2280463bf0] Christophe JAILLET (1): mdio-sun4i: Fix a memory leak [56c0290202ab94a2f2780c449395d4ae8495fab4] Christophe Leroy (1): net: fs_enet: do not call phy_stop() in interrupts [f8b39039cbf2a15f2b8c9f081e1cbd5dee00aaf5] Colin Ian King (2): usb: gadget: don't dereference g until after it has been null checked [b2fc059fa549fe6881d4c1f8d698b0f50bcd16ec] usb: host: fix incorrect updating of offset [1d5a31582ef046d3b233f0da1a68ae26519b2f0a] Cong Wang (1): 8021q: fix a memory leak for VLAN 0 device [78bbb15f2239bc8e663aa20bbe1987c91a0b75f6] Daniel Mentz (2): media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic [a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a] media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha [025a26fa14f8fd55d50ab284a30c016a5be953d0] Daniel Thompson (2): kdb: Fix handling of kallsyms_symbol_next() return value [c07d35338081d107e57cf37572d8cc931a8e32e2] usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 [da99706689481717998d1d48edd389f339eea979] Daniele Palmas (1): USB: serial: option: add support for Telit ME910 PID 0x1101 [08933099e6404f588f81c2050bfec7313e06eeaf] Dave Martin (2): arm64: fpsimd: Prevent registers leaking from dead tasks [071b6d4a5d343046f253a5a8835d477d93992002] mips/ptrace: Preserve previous registers for short regset write [d614fd58a2834cfe4efa472c33c8f3ce2338b09b] David Howells (1): fscache: Fix the default for fscache_maybe_release_page() [98801506552593c9b8ac11021b0cdad12cab4f6b] David Kozub (1): USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID [62354454625741f0569c2cbe45b2d192f8fd258e] David Woodhouse (1): x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm [b9e705ef7cfaf22db0daab91ad3cd33b0fa32eb9] Dennis Yang (1): dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 [490ae017f54e55bde382d45ea24bddfb6d1a0aaf] Denys Vlasenko (1): include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header [3876488444e71238e287459c39d7692b6f718c3e] Diego Elio Pettenò (1): USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ [4307413256ac1e09b8f53e8715af3df9e49beec3] Dmitry Fleytman Dmitry Fleytman (1): usb: Add device quirk for Logitech HD Pro Webcam C925e [7f038d256c723dd390d2fca942919573995f4cfd] Dominik Brodowski (1): nl80211: take RCU read lock when calling ieee80211_bss_get_ie() [7a94b8c2eee7083ddccd0515830f8c81a8e44b1a] Erez Shitrit (1): IB/ipoib: Fix race condition in neigh creation [16ba3defb8bd01a9464ba4820a487f5b196b455b] Eric Biggers (8): 509: fix printing uninitialized stack memory when OID is empty [8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1] ASN.1: check for error from ASN1_OP_END__ACT actions [81a7be2cd69b412ab6aeacfe5ebf1bb6e5bce955] ASN.1: fix out-of-bounds read when parsing indefinite length item [e0058f3a874ebb48b25be7ff79bc3b4e59929f90] X.509: fix buffer overflow detection in sprint_oid() [47e0a208fb9d91e3f3c86309e752b13a36470ae8] X.509: reject invalid BIT STRING for subjectPublicKey [0f30cbea005bd3077bd98cd29277d7fc2699c1da] af_key: fix buffer overread in parse_exthdrs() [4e765b4972af7b07adcb1feb16e7a525ce1f6b28] af_key: fix buffer overread in verify_address_len() [06b335cb51af018d5feeff5dd4fd53847ddb675a] crypto: algapi - fix NULL dereference in crypto_remove_spawns() [9a00674213a3f00394f4e3221b88f2d21fc05789] Eric Dumazet (1): net/packet: fix a race in packet_bind() and packet_notifier() [15fe076edea787807a7cdc168df832544b58eba6] Eryu Guan (1): ext4: fix fdatasync(2) after fallocate(2) operation [c894aa97577e47d3066b27b32499ecf899bfa8b0] Eugenia Emantayev (1): net/mlx5: Fix misspelling in the error message and comment [777ec2b2a3f2760505db395de1a9fa4115d74548] Felix Fietkau (1): net: igmp: fix source address check for IGMPv3 reports [ad23b750933ea7bf962678972a286c78a8fa36aa] Florian Fainelli (1): net: phy: Add phy_interface_is_rgmii helper [e463d88c36d42211aa72ed76d32fb8bf37820ef1] Greg Kroah-Hartman (2): ACPI: sbshc: remove raw pointer from printk() message [43cdd1b716b26f6af16da4e145b6578f98798bf6] efi: Move some sysfs files to be read-only by root [af97a77bc01ce49a466f9d4c0125479e2e2230b6] Guennadi Liakhovetski (1): [media] V4L2: fix VIDIOC_CREATE_BUFS 32-bit compatibility mode data copy-back [6ed9b28504326f8cf542e6b68245b2f7ce009216] Guillaume Nault (1): pppoe: take ->needed_headroom of lower device into account on xmit [02612bb05e51df8489db5e94d0cf8d1c81f87b0c] H. Nikolaus Schaller (1): Input: twl6040-vibra - fix DT node memory management [c52c545ead97fcc2f4f8ea38f1ae3c23211e09a8] Hans Verkuil (13): [media] v4l2-compat-ioctl32: fix sparse warnings [8ae632b11775254c5e555ee8c42b7d19baeb1473] adv7604: use correct drive strength defines [not upstream; fixes incorrect backport] media: v4l2-compat-ioctl32.c: add capabilities field to, v4l2_input32 [037e0865c2ecbaa4558feba239ece08d7e457ec0] media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF [3ee6d040719ae09110e5cdf24d5386abe5d1b776] media: v4l2-compat-ioctl32.c: avoid sizeof(type) [333b1e9f96ce05f7498b581509bb30cde03018bf] media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 [8ed5a59dcb47a6f76034ee760b36e089f3e82529] media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 [a751be5b142ef6bcbbb96d9899516f4d9c8d0ef4] media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors [d83a8243aaefe62ace433e4384a4f077bed86acb] media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type [169f24ca68bf0f247d111aef07af00dd3a02ae88] media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer [b8c601e8af2d08f733d74defa8465303391bb930] media: v4l2-compat-ioctl32.c: fix the indentation [b7b957d429f601d6d1942122b339474f31191d75] media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 [486c521510c44a04cd756a9267e7d1e271c8a4ba] media: v4l2-ioctl.c: don't copy back the result for -ENOTTY [181a4a2d5a0a7b43cab08a70710d727e7764ccdd] Hans de Goede (1): uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices [7fee72d5e8f1e7b8d8212e28291b1a0243ecf2f1] Heiko Carstens (1): s390: always save and restore all registers on context switch [fbbd7f1a51965b50dd12924841da0d478f3da71b] Heiner Kallweit (1): eeprom: at24: check at24_read/write arguments [d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0] Helge Deller (1): parisc: Hide Diva-built-in serial aux and graphics card [bcf3f1752a622f1372d3252d0fea8855d89812e7] Herbert Xu (5): ipv4: Avoid reading user iov twice after raw_probe_proto_opt [c008ba5bdc9fa830e1a349b20b0be5a137bdef7a] ipv4: Use standard iovec primitive in raw_probe_proto_opt [32b5913a931fd753faf3d4e1124b2bc2edb364da] xfrm: Reinject transport-mode packets through tasklet [acf568ee859f098279eadf551612f103afdacb4e] xfrm: Return error on unknown encap_type in init_state [bcfd09f7837f5240c30fd2f52ee7293516641faa] xfrm: Use __skb_queue_tail in xfrm_trans_queue [d16b46e4fd8bc6063624605f25b8c0835bb1fbe3] Huacai Chen (2): scsi: libsas: align sata_device's rps_resp on a cacheline [c2e8fbf908afd81ad502b567a6639598f92c9b9d] scsi: use dma_get_cache_alignment() as minimum DMA alignment [90addc6b3c9cda0146fbd62a08e234c2b224a80c] Hui Wang (1): ALSA: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines [322f74ede933b3e2cb78768b6a6fdbfbf478a0c1] Håkon Bugge (1): rds: Fix NULL pointer dereference in __rds_rdma_map [f3069c6d33f6ae63a1668737bc78aaaa51bff7ca] Icenowy Zheng (1): uas: ignore UAS for Norelsys NS1068(X) chips [928afc85270753657b5543e052cc270c279a3fe9] Iyappan Subramanian (1): phy: Add helper function to check phy interface mode [32d0f7830d9be5b1652a718e050d808b4908155f] Jaejoong Kim (2): ALSA: usb-audio: Add check return value for usb_string() [89b89d121ffcf8d9546633b98ded9d18b8f75891] ALSA: usb-audio: Fix out-of-bound error [251552a2b0d454badc8f486e6d79100970c744b0] James Hogan (3): MIPS: CPS: Fix r1 .set mt assembler warning [17278a91e04f858155d54bee5528ba4fbcec6f87] MIPS: Clear [MSA]FPE CSR.Cause after notify_die() [64bedffe496820dbb6b53302d80dd0f04db33d8e] MIPS: lose_fpu(): Disable FPU when MSA enabled [acaf6a97d623af123314c2f8ce4cf7254f6b2fc1] Jan Engelhardt (1): crypto: n2 - cure use after free [203f45003a3d03eea8fa28d74cfc74c354416fdb] Jann Horn (1): netfilter: xt_bpf: add overflow checks [6ab405114b0b229151ef06f4e31c7834dd09d0c0] Jeff Mahoney (1): btrfs: fix missing error return in btrfs_drop_snapshot [e19182c0fff451e3744c1107d98f072e7ca377a0] Jens Axboe (1): blktrace: fix trace mutex deadlock [2967acbb257a6a9bf912f4778b727e00972eac9b] Jeremy Compostella (1): i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA [89c6efa61f5709327ecfa24bff18e57a4e80c7fa] Jerome Brunet (1): net: stmmac: enable EEE in MII, GMII or RGMII only [879626e3a52630316d817cbda7cec9a5446d1d82] Jia Zhang (2): x86/microcode/intel: Extend BDW late-loading further with LLC size check [7e702d17ed138cf4ae7c00e8c00681ed464587c7] x86/microcode/intel: Extend BDW late-loading with a revision check [b94b7373317164402ff7728d10f7023127a02b60] Jimmy Assarsson (3): can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() [e84f44eb5523401faeb9cc1c97895b68e3cfb78d] can: kvaser_usb: free buf in error paths [435019b48033138581a6171093b181fc6b4d3d30] can: kvaser_usb: ratelimit errors if incomplete messages are received [8bd13bd522ff7dfa0eb371921aeb417155f7a3be] Jing Xia (1): tracing: Fix crash when it fails to alloc ring buffer [24f2aaf952ee0b59f31c3a18b8b36c9e3d3c2cf5] Joe Perches (1): stddef.h: move offsetofend inside #ifndef/#endif guard, neaten [8c7fbe5795a016259445a61e072eb0118aaf6a61] Joe Thornber (1): dm btree: fix serious bug in btree_split_beneath() [bc68d0a43560e950850fc69b58f0f8254b28f6d6] Johan Hovold (6): ASoC: twl4030: fix child-node lookup [15f8c5f2415bfac73f33a14bcd83422bcbfb5298] Input: 88pm860x-ts - fix child-node lookup [906bf7daa0618d0ef39f4872ca42218c29a3631f] Input: twl4030-vibra - fix sibling-node lookup [5b189201993ab03001a398de731045bfea90c689] Input: twl6040-vibra - fix child-node lookup [dcaf12a8b0bbdbfcfa2be8dff2c4948d9844b4ad] mfd: twl4030-audio: Fix sibling-node lookup [0a423772de2f3d7b00899987884f62f63ae00dcb] mfd: twl6040: Fix child-node lookup [85e9b13cbb130a3209f21bd7933933399c389ffe] Johannes Berg (4): cfg80211: check dev_set_name() return value [59b179b48ce2a6076448a44531242ac2b3f6cef2] cfg80211: fix station info handling bugs [5762d7d3eda25c03cc2d9d45227be3f5ab6bec9e] mac80211_hwsim: validate number of different channels [51a1aaa631c90223888d8beac4d649dc11d2ca55] nl80211: fix nl80211_send_iface() error paths [4564b187c16327045d87596e8980c65ba7b84c50] Johannes Thumshirn (1): dm mpath: simplify failure path of dm_multipath_init() [ff658e9c1aae9a84dd06d46f847dc0cd2bf0dd11] Jon Hunter (1): mfd: cros ec: spi: Don't send first message too soon [15d8374874ded0bec37ef27f8301a6d54032c0e5] Josef Bacik (1): btrfs: clear space cache inode generation always [8e138e0d92c6c9d3d481674fb14e3439b495be37] Juan Zea (1): usbip: fix usbip bind writing random string after command in match_busid [544c4605acc5ae4afe7dd5914147947db182f2fb] Kai-Heng Feng (1): usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub [e43a12f1793ae1fe006e26fe9327a8840a92233c] Kevin Cernekee (1): net: igmp: Use correct source address on IGMPv3 reports [a46182b00290839fa3fa159d54fd3237bd8669f0] Kristina Martsenko (1): arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one [26aa7b3b1c0fb3f1a6176a0c1847204ef4355693] Lan Tianyu (1): KVM/x86: Check input paging mode when cs.l is set [f29810335965ac1f7bcb501ee2af5f039f792416] Laurent Caumont (1): media: dvb: i2c transfers over usb cannot be done from stack [6d33377f2abbf9f0e561b116dd468d1c3ff36a6a] Li Jinyue (1): futex: Prevent overflow by strengthen input validation [fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a] Linus Torvalds (2): kbuild: add '-fno-stack-check' to kernel build options [3ce120b16cc548472f80cf8644f90eda958cf1b6] n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) [966031f340185eddd05affcf72b740549f056348] Liran Alon (3): KVM: x86: Don't re-execute instruction when not passing CR2 value [9b8ae63798cb97e785a667ff27e43fa6220cb734] KVM: x86: Exit to user-mode on #UD intercept when emulator requires [61cb57c9ed631c95b54f8e9090c89d18b3695b3c] KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure [1f4dcb3b213235e642088709a1c54964d23365e9] Lixin Wang (1): i2c: core: decrease reference count of device node in i2c_unregister_device [e0638fa400eaccf9fa8060f67140264c4e276552] Maciej S. Szmigiero (2): ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure [695b78b548d8a26288f041e907ff17758df9e1d5] ASoC: fsl_ssi: add AC'97 ops setting check and cleanup [04143d614f3af84a3f39e79a24a7ca740bd39efd] Maciej W. Rozycki (13): MIPS: Always clear FCSR cause bits after emulation [443c44032a54f9acf027a8e688380fddc809bc19] MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses [c8c5a3a24d395b14447a9a89d61586a913840a3b] MIPS: Factor out NT_PRFPREG regset access helpers [a03fe72572c12e98f4173f8a535f32468e48b6ec] MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue [5a1aca4469fdccd5b74ba0b4e490173b2b447895] MIPS: Fix a preemption issue with thread's FPU defaults [03dce595270f22d59a6f37e9170287c1afd94bc2] MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA [be07a6a1188372b6d19a3307ec33211fc9c9439d] MIPS: Guard against any partial write attempt with PTRACE_SETREGSET [dc24d0edf33c3e15099688b6bbdf7bdc24bf6e91] MIPS: Respect the FCSR exception mask for `si_code' [ed2d72c1eb3643b7c109bdf387563d9b9a30c279] MIPS: Respect the ISA level in FCSR handling [9b26616c8d9dae53fbac7f7cb2c6dd1308102976] MIPS: Set `si_code' for SIGFPE signals sent from emulation too [304acb717e5b67cf56f05bc5b21123758e1f7ea0] MIPS: math-emu: Define IEEE 754-2008 feature control bits [f1f3b7ebac08161761c352fd070cfa07b7b94c54] MIPS: ptrace: Fix FP context restoration FCSR regression [4249548454f7ba4581aeee26bd83f42b48a14d15] MIPS: ptrace: Prevent writes to read-only FCSR bits [abf378be49f38c4d3e23581d3df3fa9f1b1b11d2] Marc Kleine-Budde (2): can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once [8cb68751c115d176ec851ca56ecfbb411568c9e8] can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once [d4689846881d160a4d12a514e991a740bcb5d65a] Marc Zyngier (3): KVM: arm/arm64: Fix HYP unmapping going off limits [7839c672e58bf62da8f2f0197fefb442c02ba1dd] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls [acfb3b883f6d6a4b5d27ad7fdded11f6a09ae6dd] arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one [5553b142be11e794ebc0805950b2e8313f93d718] Marek Belisko (1): Input: twl4030-vibra - fix ERROR: Bad of_node_put() warning [e661d0a04462dd98667f8947141bd8defab5b34a] Martin Kelly (4): can: ems_usb: cancel urb on -EPIPE and -EPROTO [bd352e1adfe0d02d3ea7c8e3fb19183dc317e679] can: esd_usb2: cancel urb on -EPIPE and -EPROTO [7a31ced3de06e9878e4f9c3abe8f87d9344d8144] can: kvaser_usb: cancel urb on -EPIPE and -EPROTO [6aa8d5945502baf4687d80de59b7ac865e9e666b] can: usb_8dev: cancel urb on -EPIPE and -EPROTO [12147edc434c9e4c7c2f5fee2e5519b2e5ac34ce] Masakazu Mokuno (1): USB: core: Add type-specific length check of BOS descriptors [81cf4a45360f70528f1f64ba018d61cb5767249a] Mathias Nyman (2): xhci: Don't add a virt_dev to the devs array before it's fully allocated [5d9b70f7d52eb14bb37861c663bae44de9521c35] xhci: Don't show incorrect WARN message about events for empty rings [e4ec40ec4b260efcca15089de4285a0a3411259b] Matt Wilson (1): serial: 8250_pci: Add Amazon PCI serial device ID [3bfd1300abfe3adb18e84a89d97a0e82a22124bb] Max Schulze (1): USB: serial: ftdi_sio: add id for Airbus DS P8GR [c6a36ad383559a60a249aa6016cebf3cb8b6c485] Mike Looijmans (1): usb: hub: Cycle HUB power when initialization fails [973593a960ddac0f14f0d8877d2d0abe0afda795] Ming Lei (1): blk-mq: fix race between timeout and freeing request [0048b4837affd153897ed1222283492070027aa9] Mohamed Ghannam (1): net: ipv4: fix for a race condition in raw_sendmsg [8f659a03a0ba9289b9aeb9b4470e6fb263d6f483] Monty_pavel(a)Sina.Com (1): dm: fix various targets to dm_register_target after module __init resources created [7e6358d244e4706fe612a77b9c36519a33600ac0] Moshe Shemesh (2): net/mlx5: Cleanup IRQs in case of unload failure [d6b2785cd55ee72e9608762650b3ef299f801b1b] net/mlx5: Stay in polling mode when command EQ destroy fails [a2fba188fd5eadd6061bef4f2f2577a43231ebf3] Nicolai Stange (1): net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() [20b50d79974ea3192e8c3ab7faf4e536e5f14d8f] Nikolay Aleksandrov (1): net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks [84aeb437ab98a2bce3d4b2111c79723aedfceb33] Nikolay Borisov (1): btrfs: Fix possible off-by-one in btrfs_search_path_in_tree [c8bcbfbd239ed60a6562964b58034ac8a25f4c31] Nogah Frankel (2): net_sched: red: Avoid devision by zero [5c472203421ab4f928aa1ae9e1dbcfdd80324148] net_sched: red: Avoid illegal values [8afa10cbe281b10371fee5a87ab266e48d71a7f9] Oleg Nesterov (1): kernel/acct.c: fix the acct->needcheck check in check_free_space() [4d9570158b6260f449e317a5f9ed030c2504a615] Oliver Neukum (2): USB: usbfs: Filter flags passed in from user space [446f666da9f019ce2ffd03800995487e79a91462] usb: add RESET_RESUME for ELSA MicroLink 56K [b9096d9f15c142574ebebe8fbb137012bb9d99c2] Oliver Stäbler (1): can: ti_hecc: Fix napi poll return value for repoll [f6c23b174c3c96616514827407769cbcfc8005cf] Omar Sandoval (1): Btrfs: disable FUA if mounted with nobarrier [1b9e619c5bc8235cfba3dc4ced2fb0e3554a05d4] Oscar Campos (1): Input: trackpoint - assume 3 buttons when buttons detection fails [293b915fd9bebf33cdc906516fb28d54649a25ac] Paul Burton (2): MIPS: clear MSACSR cause bits when handling MSA FP exception [091be550a70a086c3b4420c6155e733dc410f190] MIPS: prevent FP context set via ptrace being discarded [ac9ad83bc318635ed7496e9dff30beaa522eaec7] Paul Meyer (1): hv: kvp: Avoid reading past allocated blocks from KVP file [297d6b6e56c2977fc504c61bbeeaa21296923f89] Pete Zaitcev (1): USB: fix usbmon BUG trigger [46eb14a6e1585d99c1b9f58d0e7389082a5f466b] Petri Gynther (1): net: bcmgenet: fix bcmgenet_open() [fac25940c5e0d6f31d56bb2a704fadad6d5e382a] Rafael J. Wysocki (2): PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() [5839ee7389e893a31e4e3c9cf17b50d14103c902] x86/PCI: Make broadcom_postcore_init() check acpi_disabled [ddec3bdee05b06f1dda20ded003c3e10e4184cab] Ralf Baechle (1): MIPS: MSA: bugfix - disable MSA correctly for new threads/processes. [9cc719ab3f4f639d629ac8ff09e9b998bc006f68] Ravi Bangoria (1): powerpc/perf: Dereference BHRB entries safely [f41d84dddc66b164ac16acf3f584c276146f1c48] Ricardo Ribalda (1): vb2: V4L2_BUF_FLAG_DONE is set after DQBUF [3171cc2b4eb9831ab4df1d80d0410a945b8bc84e] Richard Fitzgerald (1): ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data [1cab2a84f470e15ecc8e5143bfe9398c6e888032] Robb Glasser (1): ALSA: pcm: prevent UAF in snd_pcm_info [362bca57f5d78220f8b5907b875961af9436e229] Robert Lippert (1): hwmon: (pmbus) Use 64bit math for DIRECT format values [bd467e4eababe4c04272c1e646f066db02734c79] Robin Murphy (1): iommu/vt-d: Fix scatterlist offset handling [29a90b70893817e2f2bb3cea40a29f5308e21b21] Rui Hua (1): bcache: recover data from backing when data is clean [e393aa2446150536929140739f09c6ecbcbea7f0] SZ Lin (1): USB: serial: option: adding support for YUGA CLM920-NC5 [3920bb713038810f25770e7545b79f204685c8f2] Sebastian Sjoholm (1): USB: serial: option: add Quectel BG96 id [c654b21ede93845863597de9ad774fd30db5f2ab] Sergei Shtylyov (5): SolutionEngine771x: add Ether TSU resource [f9a531d6731d74f1e24298d9641c2dc1fef2631b] SolutionEngine771x: fix Ether platform data [195e2addbce09e5afbc766efc1e6567c9ce840d3] sh_eth: fix SH7757 GEther initialization [5133550296d43236439494aa955bfb765a89f615] sh_eth: fix TSU resource handling [dfe8266b8dd10e12a731c985b725fcf7f0e537f0] sh_eth: fix TXALCR1 offsets [50f3d740d376f664f6accc7e86c9afd8f1c7e1e4] Shuah Khan (4): usbip: prevent leaking socket pointer address in messages [90120d15f4c397272aaf41077960a157fc4212bf] usbip: remove kernel addresses from usb device and urb debug msgs [e1346fd87c71a1f61de1fe476ec8df1425ac931c] usbip: stub: stop printing kernel pointer addresses in messages [248a22044366f588d46754c54dfe29ffe4f8b4df] usbip: vhci: stop printing kernel pointer addresses in messages [8272d099d05f7ab2776cf56a2ab9f9443be18907] Stefan Agner (1): usb: misc: usb3503: make sure reset is low for at least 100us [b8626f1dc29d3eee444bfaa92146ec7b291ef41c] Steve Wise (1): iw_cxgb4: Only validate the MSN for successful completions [f55688c45442bc863f40ad678c638785b26cdce6] Steven Rostedt (2): ring-buffer: Mask out the info bits when returning buffer page length [45d8b80c2ac5d21cd1e2954431fb676bc2b1e099] tracing: Fix possible double free on failure of allocating trace buffer [4397f04575c44e1440ec2e49b6302785c95fd2f8] Sven Eckelmann (1): batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq [5ba7dcfe77037b67016263ea597a8b431692ecab] Takashi Iwai (15): ACPI: APEI / ERST: Fix missing error handling in erst_reader() [bb82e0b4a7e96494f0c1004ce50cec3d7b5fb3d1] ALSA: aloop: Fix inconsistent format due to incomplete rule [b088b53e20c7d09b5ab84c5688e609f478e5c417] ALSA: aloop: Fix racy hw constraints adjustment [898dfe4687f460ba337a01c11549f87269a13fa2] ALSA: aloop: Release cable upon open error path [9685347aa0a5c2869058ca6ab79fd8e93084a67f] ALSA: hda - Apply the existing quirk to iMac 14,1 [031f335cda879450095873003abb03ae8ed3b74a] ALSA: pcm: Abort properly at pending signal in OSS read/write loops [29159a4ed7044c52e3e2cf1a9fb55cec4745c60b] ALSA: pcm: Add missing error checks in OSS emulation plugin builder [6708913750344a900f2e73bfe4a4d6dbbce4fe8d] ALSA: pcm: Allow aborting mutex lock at OSS read/write loops [900498a34a3ac9c611e9b425094c8106bdd7dc1c] ALSA: pcm: Remove incorrect snd_BUG_ON() usages [fe08f34d066f4404934a509b6806db1a4f700c86] ALSA: pcm: Remove yet superfluous WARN_ON() [23b19b7b50fe1867da8d431eea9cd3e4b6328c2c] ALSA: rawmidi: Avoid racy info ioctl via ctl device [c1cfd9025cc394fd137a01159d74335c5ac978ce] ALSA: seq: Fix regression by incorrect ioctl_mutex usages [not upstream; fixes incorrect backport] ALSA: seq: Remove spurious WARN_ON() at timer check [43a3542870328601be02fcc9d27b09db467336ef] ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU [5a15f289ee87eaf33f13f08a4909ec99d837ec5f] lib/oid_registry.c: X.509: fix the buffer overflow in the utility function for OID string [afdb05e9d61905220f09268535235288e6ba3a16] Tetsuo Handa (1): quota: Check for register_shrinker() failure. [88bc0ede8d35edc969350852894dc864a2dc1859] Thiago Rafael Becker (1): kernel: make groups_sort calling a responsibility group_info allocators [bdcf0a423ea1c40bbb40e7ee483b50fc8aa3d758] Thomas Gleixner (4): hrtimer: Reset hrtimer cpu base proper on CPU hotplug [d5421ea43d30701e03cadc56a38854c36a8b4433] nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() [5d62c183f9e9df1deeea0906d099a94e8a43047a] posix-timer: Properly check sigevent->sigev_notify [cef31d9af908243421258f1df35a4a644604efbe] x86/mce: Make machine check speculation protected [6f41c34d69eb005e7848716bbcafc979b35037d5] Thomas Petazzoni (1): ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 [56aeb07c914a616ab84357d34f8414a69b140cdf] Tianyu Lan (1): KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and X86_CR4_PAE_BIT in kvm_valid_sregs() [37b95951c58fdf08dc10afa9d02066ed9f176fb5] Tiffany Lin (1): [media] media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32 [baf43c6eace43868e490f18560287fa3481b2159] Tobias Jordan (2): dmaengine: jz4740: disable/unprepare clk if probe fails [eb9436966fdc84cebdf222952a99898ab46d9bb0] net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case [589bf32f09852041fbd3b7ce1a9e703f95c230ba] Tonghao Zhang (1): sctp: Replace use of sockets_allocated with specified macro. [8cb38a602478e9f806571f6920b0a3298aabf042] Ville Syrjälä (2): drm/i915: Don't try indexed reads to alternate slave addresses [c4deb62d7821672265b87952bcd1c808f3bf3e8f] drm/i915: Prevent zero length "index" write [bb9e0d4bca50f429152e74a459160b41f3d60fb2] Wanpeng Li (1): KVM: X86: Fix load RFLAGS w/o the fixed bit [d73235d17ba63b53dc0e1051dbc10a1f1be91b71] Weiping Zhang (1): virtio: release virtio index when fail to device_register [e60ea67bb60459b95a50a156296041a13e0e380e] William Breathitt Gray (1): isa: Prevent NULL dereference in isa_bus driver callbacks [5a244727f428a06634f22bb890e78024ab0c89f3] Wolfgang Grandegger (1): can: gs_usb: fix return value of the "set_bittiming" callback [d5b42e6607661b198d8b26a0c30969605b1bf5c7] Xin Long (4): sctp: do not allow the v4 socket to bind a v4mapped v6 address [c5006b8aa74599ce19104b31d322d2ea9ff887cc] sctp: force the params with right types for sctp csum apis [af2697a0273f7665429c47d71ab26f2412af924e] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf [a0ff660058b88d12625a783ce9e5c1371c87951f] sctp: use the right sk after waking up from wait_buf sleep [cea0cc80a6777beb6eb643d4ad53690e1ad1d4ff] Yelena Krivosheev (1): net: mvneta: clear interface link status on port disable [4423c18e466afdfb02a36ee8b9f901d144b3c607] Yu Chen (1): usb: xhci: fix panic in xhci_free_virt_devices_depth_first [80e457699a8dbdd70f2d26911e46f538645c55fc] Zhao Qiang (1): net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well. [c505873eaece2b4aefd07d339dc7e1400e0235ac] Makefile | 7 +- arch/arm/boot/dts/kirkwood-openblocks_a7.dts | 10 +- arch/arm/include/asm/kvm_arm.h | 3 +- arch/arm/kvm/mmu.c | 10 +- arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/kernel/process.c | 9 + arch/arm64/kvm/handle_exit.c | 4 +- arch/mips/include/asm/cpu-info.h | 2 + arch/mips/include/asm/elf.h | 7 + arch/mips/include/asm/fpu.h | 6 +- arch/mips/include/asm/fpu_emulator.h | 18 +- arch/mips/include/asm/kdebug.h | 3 +- arch/mips/include/asm/mipsregs.h | 14 +- arch/mips/include/asm/switch_to.h | 21 +- arch/mips/kernel/cps-vec.S | 2 + arch/mips/kernel/cpu-probe.c | 55 +- arch/mips/kernel/genex.S | 15 +- arch/mips/kernel/ptrace.c | 197 +++- arch/mips/kernel/r2300_switch.S | 7 +- arch/mips/kernel/r4k_switch.S | 7 +- arch/mips/kernel/traps.c | 153 ++- arch/mips/kernel/unaligned.c | 4 +- arch/mips/math-emu/cp1emu.c | 8 +- arch/mips/math-emu/ieee754.h | 12 +- arch/powerpc/kernel/setup-common.c | 11 - arch/powerpc/perf/core-book3s.c | 8 +- arch/s390/include/asm/switch_to.h | 24 +- arch/s390/kernel/compat_linux.c | 1 + arch/sh/boards/mach-se/770x/setup.c | 24 +- arch/sh/include/mach-se/mach/se.h | 1 + arch/x86/include/asm/alternative.h | 4 +- arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/include/asm/traps.h | 1 + arch/x86/kernel/cpu/mcheck/mce.c | 6 + arch/x86/kernel/cpu/microcode/intel.c | 29 +- arch/x86/kernel/entry_64.S | 2 +- arch/x86/kvm/svm.c | 2 + arch/x86/kvm/vmx.c | 16 +- arch/x86/kvm/x86.c | 30 +- arch/x86/pci/broadcom_bus.c | 2 +- block/blk-flush.c | 6 + block/blk-mq-tag.h | 12 + block/blk-mq.c | 16 +- crypto/algapi.c | 12 + crypto/asymmetric_keys/x509_cert_parser.c | 2 + drivers/acpi/apei/erst.c | 2 +- drivers/acpi/sbshc.c | 4 +- drivers/base/isa.c | 10 +- drivers/crypto/n2_core.c | 3 + drivers/dma/dma-jz4740.c | 4 +- drivers/dma/dmatest.c | 54 +- drivers/firmware/efi/efi.c | 3 +- drivers/firmware/efi/runtime-map.c | 10 +- drivers/gpu/drm/i915/intel_i2c.c | 4 +- drivers/hwmon/pmbus/pmbus_core.c | 21 +- drivers/i2c/i2c-core.c | 17 +- drivers/infiniband/hw/cxgb4/cq.c | 6 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 25 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 5 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/misc/twl4030-vibra.c | 7 +- drivers/input/misc/twl6040-vibra.c | 2 +- drivers/input/mouse/elantech.c | 2 +- drivers/input/mouse/trackpoint.c | 7 +- drivers/input/touchscreen/88pm860x-ts.c | 16 +- drivers/iommu/intel-iommu.c | 8 +- drivers/md/bcache/request.c | 13 +- drivers/md/dm-cache-target.c | 12 +- drivers/md/dm-mpath.c | 34 +- drivers/md/dm-snap.c | 48 +- drivers/md/dm-thin-metadata.c | 6 +- drivers/md/dm-thin.c | 22 +- drivers/md/persistent-data/dm-btree.c | 19 +- drivers/media/i2c/adv7604.c | 6 +- drivers/media/usb/dvb-usb/dibusb-common.c | 16 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1025 ++++++++++++-------- drivers/media/v4l2-core/v4l2-ioctl.c | 5 +- drivers/media/v4l2-core/videobuf2-core.c | 5 + drivers/mfd/cros_ec_spi.c | 4 + drivers/mfd/twl4030-audio.c | 9 +- drivers/mfd/twl6040.c | 12 +- drivers/misc/eeprom/at24.c | 6 + drivers/mmc/host/s3cmci.c | 6 +- drivers/net/can/ti_hecc.c | 3 + drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/can/usb/kvaser_usb.c | 13 +- drivers/net/can/usb/usb_8dev.c | 2 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 2 +- .../net/ethernet/freescale/fs_enet/fs_enet-main.c | 16 +- drivers/net/ethernet/freescale/fs_enet/fs_enet.h | 1 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 +- drivers/net/ethernet/intel/e1000e/mac.c | 11 +- drivers/net/ethernet/intel/e1000e/netdev.c | 2 +- drivers/net/ethernet/marvell/mvmdio.c | 3 +- drivers/net/ethernet/marvell/mvneta.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/eq.c | 17 +- drivers/net/ethernet/renesas/sh_eth.c | 33 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 + drivers/net/phy/marvell.c | 2 +- drivers/net/phy/mdio-sun4i.c | 6 +- drivers/net/ppp/pppoe.c | 11 +- drivers/net/wireless/mac80211_hwsim.c | 14 +- drivers/of/fdt.c | 2 +- drivers/parisc/lba_pci.c | 33 + drivers/pci/pci-driver.c | 7 +- drivers/scsi/scsi_lib.c | 10 +- drivers/staging/usbip/stub_dev.c | 3 +- drivers/staging/usbip/stub_main.c | 5 +- drivers/staging/usbip/stub_rx.c | 7 +- drivers/staging/usbip/stub_tx.c | 4 +- drivers/staging/usbip/usbip_common.c | 31 +- drivers/staging/usbip/userspace/src/utils.c | 9 +- drivers/staging/usbip/vhci_hcd.c | 12 +- drivers/staging/usbip/vhci_rx.c | 23 +- drivers/staging/usbip/vhci_tx.c | 3 +- drivers/tty/n_tty.c | 4 +- drivers/tty/serial/8250/8250_pci.c | 3 + drivers/usb/core/config.c | 16 +- drivers/usb/core/devio.c | 14 +- drivers/usb/core/hub.c | 9 + drivers/usb/core/quirks.c | 9 +- drivers/usb/gadget/composite.c | 7 +- drivers/usb/gadget/udc-core.c | 32 +- drivers/usb/host/ehci-dbg.c | 2 +- drivers/usb/host/xhci-mem.c | 24 +- drivers/usb/host/xhci-pci.c | 3 + drivers/usb/host/xhci-ring.c | 12 +- drivers/usb/misc/usb3503.c | 2 + drivers/usb/mon/mon_bin.c | 8 +- drivers/usb/musb/da8xx.c | 10 +- drivers/usb/serial/cp210x.c | 2 + drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 20 + drivers/usb/storage/uas-detect.h | 4 + drivers/usb/storage/unusual_devs.h | 7 + drivers/usb/storage/unusual_uas.h | 14 + drivers/virtio/virtio.c | 2 + fs/btrfs/disk-io.c | 9 +- fs/btrfs/extent-tree.c | 15 +- fs/btrfs/ioctl.c | 2 +- fs/ext4/extents.c | 1 + fs/ext4/namei.c | 4 + fs/nfsd/auth.c | 3 + fs/quota/dquot.c | 3 +- include/asm-generic/dma-mapping-broken.h | 3 - include/linux/blkdev.h | 6 + include/linux/cred.h | 1 + include/linux/dma-mapping.h | 2 - include/linux/fscache.h | 2 +- include/linux/mlx5/driver.h | 2 +- include/linux/phy.h | 21 + include/linux/sh_eth.h | 1 - include/linux/stddef.h | 15 +- include/linux/sysfs.h | 6 + include/linux/vfio.h | 13 - include/net/cfg80211.h | 2 + include/net/red.h | 13 +- include/net/sctp/checksum.h | 13 +- include/net/xfrm.h | 1 + include/scsi/libsas.h | 2 +- include/uapi/linux/usb/ch9.h | 2 + kernel/acct.c | 2 +- kernel/debug/kdb/kdb_io.c | 2 +- kernel/futex.c | 3 + kernel/groups.c | 5 +- kernel/hrtimer.c | 2 + kernel/posix-timers.c | 37 +- kernel/time/tick-sched.c | 19 +- kernel/trace/blktrace.c | 4 +- kernel/trace/ring_buffer.c | 6 +- kernel/trace/trace.c | 3 + kernel/uid16.c | 1 + lib/asn1_decoder.c | 45 +- lib/oid_registry.c | 16 +- mm/mprotect.c | 6 +- net/8021q/vlan.c | 7 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/bridge/br_netlink.c | 7 +- net/can/af_can.c | 22 +- net/dccp/ccids/ccid2.c | 3 + net/ipv4/esp4.c | 1 + net/ipv4/igmp.c | 20 +- net/ipv4/raw.c | 121 ++- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/xfrm4_input.c | 11 +- net/ipv6/esp6.c | 3 +- net/ipv6/tcp_ipv6.c | 2 +- net/ipv6/xfrm6_input.c | 9 +- net/key/af_key.c | 8 + net/netfilter/xt_bpf.c | 6 +- net/packet/af_packet.c | 5 + net/rds/rdma.c | 2 +- net/sched/sch_choke.c | 3 + net/sched/sch_gred.c | 3 + net/sched/sch_red.c | 2 + net/sched/sch_sfq.c | 3 + net/sctp/socket.c | 31 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 1 + net/sunrpc/auth_gss/svcauth_gss.c | 1 + net/sunrpc/svcauth_unix.c | 2 + net/wireless/core.c | 7 +- net/wireless/core.h | 2 - net/wireless/nl80211.c | 15 +- net/wireless/wext-compat.c | 3 +- net/xfrm/xfrm_input.c | 56 ++ sound/core/oss/pcm_oss.c | 41 +- sound/core/oss/pcm_plugin.c | 14 +- sound/core/pcm.c | 2 + sound/core/pcm_lib.c | 5 +- sound/core/rawmidi.c | 15 +- sound/core/seq/seq_clientmgr.c | 15 +- sound/core/seq/seq_timer.c | 2 +- sound/drivers/aloop.c | 98 +- sound/pci/hda/patch_cirrus.c | 1 + sound/pci/hda/patch_conexant.c | 29 + sound/soc/codecs/twl4030.c | 4 +- sound/soc/codecs/wm_adsp.c | 29 +- sound/soc/fsl/fsl_ssi.c | 17 +- sound/usb/mixer.c | 26 +- tools/hv/hv_kvp_daemon.c | 70 +- 223 files changed, 2532 insertions(+), 1264 deletions(-) -- Ben Hutchings If the facts do not conform to your theory, they must be disposed of.

7 years, 2 months

3
256
0 0

[PATCH] KVM: arm/arm64: Fix check for hugepage size when allocating at Stage 2

by Punit Agrawal

Commit 45ee9d5e97a4 ("KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2") lost the check for PMD_SIZE during the backport to 4.9. Fix this by correcting the condition to detect hugepages during stage 2 allocation. Fixes: 45ee9d5e97a4 ("KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2") Reported-by: Ioana Ciornei <ioana.ciornei(a)nxp.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Christoffer Dall <christoffer.dall(a)linaro.org> -- Hi Greg, This patch fixes a commit in the stable tree that was backported from upstream. I am not sure what the tag convention is for such a commit - so sending as a fix. Thanks, Punit --- arch/arm/kvm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c index 2a35c1963f6d..7f868d9bb5ed 100644 --- a/arch/arm/kvm/mmu.c +++ b/arch/arm/kvm/mmu.c @@ -1284,7 +1284,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, return -EFAULT; } - if (vma_kernel_pagesize(vma) && !logging_active) { + if (vma_kernel_pagesize(vma) == PMD_SIZE && !logging_active) { hugetlb = true; gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT; } else { -- 2.16.1

7 years, 2 months

3
2
0 0

Re: [PATCH] rtl8187: Fix NULL pointer dereference in priv->conf_mutex

by Hin-Tak Leung

-------------------------------------------- On Thu, 15/2/18, Sudhir Sreedharan <ssreedharan(a)mvista.com> wrote: ... > Cc: stable(a)vger.kernel.org > Signed-off-by: Sudhir Sreedharan <ssreedharan(a)mvista.com> Acked-by: Hin-Tak Leung <htl10(a)users.sourceforge.net>

7 years, 2 months

1
0
0 0

[PATCH 3.2 000/140] 3.2.100-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.2.100 release. There are 140 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Mar 02 18:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.2.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Aaron Ma (2): Input: elantech - add new icbody type 15 [10d900303f1c3a821eb0bef4e7b7ece16768fba4] Input: trackpoint - force 3 buttons if 0 button is reported [f5d07b9e98022d50720e38aa936fc11c67868ece] Alexey Kodanev (1): dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state [dd5684ecae3bd8e44b644f50e2c12c7e57fdfef5] Andrew Honig (1): KVM: x86: Add memory barrier on vmcs field lookup [75f139aaf896d6fdeec2e468ddfa4b2fe469bf40] Andrzej Hajda (1): [media] v4l2-compat-ioctl32: fix alignment for ARM64 [655e9780ab913a3a06d4a164d55e3b755524186d] Anshuman Khandual (1): mm/mprotect: add a cond_resched() inside change_pmd_range() [4991c09c7c812dba13ea9be79a68b4565bb1fa4e] Arnd Bergmann (1): mmc: s3mci: mark debug_regs[] as static [2bd7b4aacdb6efa5ccd4749c365c171b884791d2] Bart Westgeest (1): staging: usbip: removed dead code from receive function [5a08c5267e45fe936452051a8c126e8418984eb7] Ben Hutchings (2): nfsd: auth: Fix gid sorting when rootsquash enabled [1995266727fa8143897e89b55f5d3c79aa828420] of: fdt: Fix return with value in void function [not upstream; fixes incorrect backport] Benjamin Poirier (2): e1000e: Fix e1000_check_for_copper_link_ich8lan return value. [4110e02eb45ea447ec6f5459c9934de0a273fb91] e1000e: Separate signaling for link check/link up [19110cfbb34d4af0cdfe14cd243f3b09dc95b013] Chandan Rajendra (1): ext4: fix crash when a directory's i_size is too small [9d5afec6b8bd46d6ed821aa1579634437f58ef1f] Christian Holl (1): USB: serial: cp210x: add new device ID ELV ALC 8xxx [d14ac576d10f865970bb1324d337e5e24d79aaf4] Christoph Hellwig (1): scsi: dma-mapping: always provide dma_get_cache_alignment [860dd4424f344400b491b212ee4acb3a358ba9d9] Christoph Paasch (1): tcp md5sig: Use skb's saddr when replying to an incoming segment [30791ac41927ebd3e75486f9504b6d2280463bf0] Christophe Leroy (1): net: fs_enet: do not call phy_stop() in interrupts [f8b39039cbf2a15f2b8c9f081e1cbd5dee00aaf5] Colin Ian King (1): usb: host: fix incorrect updating of offset [1d5a31582ef046d3b233f0da1a68ae26519b2f0a] Cong Wang (1): 8021q: fix a memory leak for VLAN 0 device [78bbb15f2239bc8e663aa20bbe1987c91a0b75f6] Dan Williams (1): [SCSI] libsas: remove unused ata_task_resp fields [95ac7fd189b7e81a200b4d00b2bb6669b31acf3a] Daniel Mentz (2): media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic [a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a] media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha [025a26fa14f8fd55d50ab284a30c016a5be953d0] Daniel Thompson (1): kdb: Fix handling of kallsyms_symbol_next() return value [c07d35338081d107e57cf37572d8cc931a8e32e2] David Howells (1): fscache: Fix the default for fscache_maybe_release_page() [98801506552593c9b8ac11021b0cdad12cab4f6b] David Kozub (1): USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID [62354454625741f0569c2cbe45b2d192f8fd258e] Dennis Yang (1): dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 [490ae017f54e55bde382d45ea24bddfb6d1a0aaf] Denys Vlasenko (1): include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header [3876488444e71238e287459c39d7692b6f718c3e] Diego Elio Pettenò (1): USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ [4307413256ac1e09b8f53e8715af3df9e49beec3] Dmitry Fleytman Dmitry Fleytman (1): usb: Add device quirk for Logitech HD Pro Webcam C925e [7f038d256c723dd390d2fca942919573995f4cfd] Eric Biggers (3): af_key: fix buffer overread in parse_exthdrs() [4e765b4972af7b07adcb1feb16e7a525ce1f6b28] af_key: fix buffer overread in verify_address_len() [06b335cb51af018d5feeff5dd4fd53847ddb675a] crypto: algapi - fix NULL dereference in crypto_remove_spawns() [9a00674213a3f00394f4e3221b88f2d21fc05789] Eric Dumazet (1): net/packet: fix a race in packet_bind() and packet_notifier() [15fe076edea787807a7cdc168df832544b58eba6] Felix Fietkau (1): net: igmp: fix source address check for IGMPv3 reports [ad23b750933ea7bf962678972a286c78a8fa36aa] Geert Uytterhoeven (1): m32r: fix 'fix breakage from "m32r: use generic ptrace_resume code"' fallout [a6b202979661eb32646048aeaad7be7b70c2cd22] Gleb Natapov (2): KVM: VMX: do not try to reexecute failed instruction while emulating invalid guest state [991eebf9f8e523e7ff1e4d31ac80641582b2e57a] KVM: apic: fix LDR calculation in x2apic mode [7f46ddbd487e0d0528d89534fdfb31d885977804] Greg Kroah-Hartman (1): ACPI: sbshc: remove raw pointer from printk() message [43cdd1b716b26f6af16da4e145b6578f98798bf6] Guennadi Liakhovetski (1): [media] V4L2: fix VIDIOC_CREATE_BUFS 32-bit compatibility mode data copy-back [6ed9b28504326f8cf542e6b68245b2f7ce009216] Guillaume Nault (1): pppoe: take ->needed_headroom of lower device into account on xmit [02612bb05e51df8489db5e94d0cf8d1c81f87b0c] Hans Verkuil (12): [media] v4l2-compat-ioctl32: fix sparse warnings [8ae632b11775254c5e555ee8c42b7d19baeb1473] media: v4l2-compat-ioctl32.c: add capabilities field to, v4l2_input32 [037e0865c2ecbaa4558feba239ece08d7e457ec0] media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF [3ee6d040719ae09110e5cdf24d5386abe5d1b776] media: v4l2-compat-ioctl32.c: avoid sizeof(type) [333b1e9f96ce05f7498b581509bb30cde03018bf] media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 [8ed5a59dcb47a6f76034ee760b36e089f3e82529] media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 [a751be5b142ef6bcbbb96d9899516f4d9c8d0ef4] media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors [d83a8243aaefe62ace433e4384a4f077bed86acb] media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type [169f24ca68bf0f247d111aef07af00dd3a02ae88] media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer [b8c601e8af2d08f733d74defa8465303391bb930] media: v4l2-compat-ioctl32.c: fix the indentation [b7b957d429f601d6d1942122b339474f31191d75] media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 [486c521510c44a04cd756a9267e7d1e271c8a4ba] media: v4l2-ioctl.c: don't copy back the result for -ENOTTY [181a4a2d5a0a7b43cab08a70710d727e7764ccdd] Heiko Carstens (1): s390: always save and restore all registers on context switch [fbbd7f1a51965b50dd12924841da0d478f3da71b] Heiner Kallweit (1): eeprom: at24: check at24_read/write arguments [d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0] Helge Deller (1): parisc: Hide Diva-built-in serial aux and graphics card [bcf3f1752a622f1372d3252d0fea8855d89812e7] Herbert Xu (5): ipv4: Avoid reading user iov twice after raw_probe_proto_opt [c008ba5bdc9fa830e1a349b20b0be5a137bdef7a] ipv4: Use standard iovec primitive in raw_probe_proto_opt [32b5913a931fd753faf3d4e1124b2bc2edb364da] xfrm: Reinject transport-mode packets through tasklet [acf568ee859f098279eadf551612f103afdacb4e] xfrm: Return error on unknown encap_type in init_state [bcfd09f7837f5240c30fd2f52ee7293516641faa] xfrm: Use __skb_queue_tail in xfrm_trans_queue [d16b46e4fd8bc6063624605f25b8c0835bb1fbe3] Huacai Chen (2): scsi: libsas: align sata_device's rps_resp on a cacheline [c2e8fbf908afd81ad502b567a6639598f92c9b9d] scsi: use dma_get_cache_alignment() as minimum DMA alignment [90addc6b3c9cda0146fbd62a08e234c2b224a80c] Håkon Bugge (1): rds: Fix NULL pointer dereference in __rds_rdma_map [f3069c6d33f6ae63a1668737bc78aaaa51bff7ca] Jaejoong Kim (2): ALSA: usb-audio: Add check return value for usb_string() [89b89d121ffcf8d9546633b98ded9d18b8f75891] ALSA: usb-audio: Fix out-of-bound error [251552a2b0d454badc8f486e6d79100970c744b0] Jan Engelhardt (1): crypto: n2 - cure use after free [203f45003a3d03eea8fa28d74cfc74c354416fdb] Jeremy Compostella (1): i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA [89c6efa61f5709327ecfa24bff18e57a4e80c7fa] Joe Thornber (2): dm btree: fix serious bug in btree_split_beneath() [bc68d0a43560e950850fc69b58f0f8254b28f6d6] dm thin metadata: introduce THIN_MAX_CONCURRENT_LOCKS [8c971178a788c70e8d6db5c3a813de1a1f54e5b7] Johannes Berg (2): cfg80211: check dev_set_name() return value [59b179b48ce2a6076448a44531242ac2b3f6cef2] cfg80211: fix station info handling bugs [5762d7d3eda25c03cc2d9d45227be3f5ab6bec9e] Johannes Thumshirn (1): dm mpath: simplify failure path of dm_multipath_init() [ff658e9c1aae9a84dd06d46f847dc0cd2bf0dd11] Josef Bacik (1): btrfs: clear space cache inode generation always [8e138e0d92c6c9d3d481674fb14e3439b495be37] Juan Zea (1): usbip: fix usbip bind writing random string after command in match_busid [544c4605acc5ae4afe7dd5914147947db182f2fb] Kevin Cernekee (1): net: igmp: Use correct source address on IGMPv3 reports [a46182b00290839fa3fa159d54fd3237bd8669f0] Lan Tianyu (1): KVM/x86: Check input paging mode when cs.l is set [f29810335965ac1f7bcb501ee2af5f039f792416] Laurent Caumont (1): media: dvb: i2c transfers over usb cannot be done from stack [6d33377f2abbf9f0e561b116dd468d1c3ff36a6a] Li Jinyue (1): futex: Prevent overflow by strengthen input validation [fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a] Linus Torvalds (2): kbuild: add '-fno-stack-check' to kernel build options [3ce120b16cc548472f80cf8644f90eda958cf1b6] n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) [966031f340185eddd05affcf72b740549f056348] Liran Alon (1): KVM: x86: Don't re-execute instruction when not passing CR2 value [9b8ae63798cb97e785a667ff27e43fa6220cb734] Marc Kleine-Budde (1): can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once [8cb68751c115d176ec851ca56ecfbb411568c9e8] Martin Kelly (2): can: ems_usb: cancel urb on -EPIPE and -EPROTO [bd352e1adfe0d02d3ea7c8e3fb19183dc317e679] can: esd_usb2: cancel urb on -EPIPE and -EPROTO [7a31ced3de06e9878e4f9c3abe8f87d9344d8144] Masakazu Mokuno (1): USB: core: Add type-specific length check of BOS descriptors [81cf4a45360f70528f1f64ba018d61cb5767249a] Mathias Nyman (2): xhci: Don't add a virt_dev to the devs array before it's fully allocated [5d9b70f7d52eb14bb37861c663bae44de9521c35] xhci: Don't show incorrect WARN message about events for empty rings [e4ec40ec4b260efcca15089de4285a0a3411259b] Matt Wilson (1): serial: 8250_pci: Add Amazon PCI serial device ID [3bfd1300abfe3adb18e84a89d97a0e82a22124bb] Max Schulze (1): USB: serial: ftdi_sio: add id for Airbus DS P8GR [c6a36ad383559a60a249aa6016cebf3cb8b6c485] Mohamed Ghannam (1): net: ipv4: fix for a race condition in raw_sendmsg [8f659a03a0ba9289b9aeb9b4470e6fb263d6f483] Monty_pavel(a)Sina.Com (1): dm: fix various targets to dm_register_target after module __init resources created [7e6358d244e4706fe612a77b9c36519a33600ac0] Nicolai Stange (1): net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() [20b50d79974ea3192e8c3ab7faf4e536e5f14d8f] Nikolay Aleksandrov (1): net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks [84aeb437ab98a2bce3d4b2111c79723aedfceb33] Nikolay Borisov (1): btrfs: Fix possible off-by-one in btrfs_search_path_in_tree [c8bcbfbd239ed60a6562964b58034ac8a25f4c31] Nogah Frankel (1): net_sched: red: Avoid illegal values [8afa10cbe281b10371fee5a87ab266e48d71a7f9] Oliver Neukum (2): USB: usbfs: Filter flags passed in from user space [446f666da9f019ce2ffd03800995487e79a91462] usb: add RESET_RESUME for ELSA MicroLink 56K [b9096d9f15c142574ebebe8fbb137012bb9d99c2] Oliver Stäbler (1): can: ti_hecc: Fix napi poll return value for repoll [f6c23b174c3c96616514827407769cbcfc8005cf] Oscar Campos (1): Input: trackpoint - assume 3 buttons when buttons detection fails [293b915fd9bebf33cdc906516fb28d54649a25ac] Pete Zaitcev (1): USB: fix usbmon BUG trigger [46eb14a6e1585d99c1b9f58d0e7389082a5f466b] Rafael J. Wysocki (1): PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() [5839ee7389e893a31e4e3c9cf17b50d14103c902] Robb Glasser (1): ALSA: pcm: prevent UAF in snd_pcm_info [362bca57f5d78220f8b5907b875961af9436e229] Robert Lippert (1): hwmon: (pmbus) Use 64bit math for DIRECT format values [bd467e4eababe4c04272c1e646f066db02734c79] Robin Murphy (1): iommu/vt-d: Fix scatterlist offset handling [29a90b70893817e2f2bb3cea40a29f5308e21b21] SZ Lin (1): USB: serial: option: adding support for YUGA CLM920-NC5 [3920bb713038810f25770e7545b79f204685c8f2] Sebastian Sjoholm (1): USB: serial: option: add Quectel BG96 id [c654b21ede93845863597de9ad774fd30db5f2ab] Sergei Shtylyov (2): SolutionEngine771x: add Ether TSU resource [f9a531d6731d74f1e24298d9641c2dc1fef2631b] SolutionEngine771x: fix Ether platform data [195e2addbce09e5afbc766efc1e6567c9ce840d3] Shuah Khan (4): usbip: prevent leaking socket pointer address in messages [90120d15f4c397272aaf41077960a157fc4212bf] usbip: remove kernel addresses from usb device and urb debug msgs [e1346fd87c71a1f61de1fe476ec8df1425ac931c] usbip: stub: stop printing kernel pointer addresses in messages [248a22044366f588d46754c54dfe29ffe4f8b4df] usbip: vhci: stop printing kernel pointer addresses in messages [8272d099d05f7ab2776cf56a2ab9f9443be18907] Steve Wise (1): iw_cxgb4: Only validate the MSN for successful completions [f55688c45442bc863f40ad678c638785b26cdce6] Steven Rostedt (1): ring-buffer: Mask out the info bits when returning buffer page length [45d8b80c2ac5d21cd1e2954431fb676bc2b1e099] Sven Eckelmann (1): batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq [5ba7dcfe77037b67016263ea597a8b431692ecab] Takashi Iwai (13): ACPI: APEI / ERST: Fix missing error handling in erst_reader() [bb82e0b4a7e96494f0c1004ce50cec3d7b5fb3d1] ALSA: aloop: Fix inconsistent format due to incomplete rule [b088b53e20c7d09b5ab84c5688e609f478e5c417] ALSA: aloop: Fix racy hw constraints adjustment [898dfe4687f460ba337a01c11549f87269a13fa2] ALSA: aloop: Release cable upon open error path [9685347aa0a5c2869058ca6ab79fd8e93084a67f] ALSA: pcm: Abort properly at pending signal in OSS read/write loops [29159a4ed7044c52e3e2cf1a9fb55cec4745c60b] ALSA: pcm: Add missing error checks in OSS emulation plugin builder [6708913750344a900f2e73bfe4a4d6dbbce4fe8d] ALSA: pcm: Allow aborting mutex lock at OSS read/write loops [900498a34a3ac9c611e9b425094c8106bdd7dc1c] ALSA: pcm: Remove incorrect snd_BUG_ON() usages [fe08f34d066f4404934a509b6806db1a4f700c86] ALSA: pcm: Remove yet superfluous WARN_ON() [23b19b7b50fe1867da8d431eea9cd3e4b6328c2c] ALSA: rawmidi: Avoid racy info ioctl via ctl device [c1cfd9025cc394fd137a01159d74335c5ac978ce] ALSA: seq: Fix regression by incorrect ioctl_mutex usages [not upstream; fixes incorrect backport] ALSA: seq: Remove spurious WARN_ON() at timer check [43a3542870328601be02fcc9d27b09db467336ef] ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU [5a15f289ee87eaf33f13f08a4909ec99d837ec5f] Thiago Rafael Becker (1): kernel: make groups_sort calling a responsibility group_info allocators [bdcf0a423ea1c40bbb40e7ee483b50fc8aa3d758] Thomas Gleixner (3): hrtimer: Reset hrtimer cpu base proper on CPU hotplug [d5421ea43d30701e03cadc56a38854c36a8b4433] posix-timer: Properly check sigevent->sigev_notify [cef31d9af908243421258f1df35a4a644604efbe] x86/mce: Make machine check speculation protected [6f41c34d69eb005e7848716bbcafc979b35037d5] Tianyu Lan (1): KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and X86_CR4_PAE_BIT in kvm_valid_sregs() [37b95951c58fdf08dc10afa9d02066ed9f176fb5] Tiffany Lin (1): [media] media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32 [baf43c6eace43868e490f18560287fa3481b2159] Wanpeng Li (1): KVM: X86: Fix load RFLAGS w/o the fixed bit [d73235d17ba63b53dc0e1051dbc10a1f1be91b71] William Breathitt Gray (1): isa: Prevent NULL dereference in isa_bus driver callbacks [5a244727f428a06634f22bb890e78024ab0c89f3] Xin Long (3): sctp: do not allow the v4 socket to bind a v4mapped v6 address [c5006b8aa74599ce19104b31d322d2ea9ff887cc] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf [a0ff660058b88d12625a783ce9e5c1371c87951f] sctp: use the right sk after waking up from wait_buf sleep [cea0cc80a6777beb6eb643d4ad53690e1ad1d4ff] Zhao Qiang (1): net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well. [c505873eaece2b4aefd07d339dc7e1400e0235ac] Makefile | 7 +- arch/m32r/kernel/ptrace.c | 7 +- arch/s390/include/asm/system.h | 18 +- arch/s390/kernel/compat_linux.c | 1 + arch/sh/boards/mach-se/770x/setup.c | 24 +- arch/sh/include/mach-se/mach/se.h | 1 + arch/x86/include/asm/kvm_host.h | 4 +- arch/x86/include/asm/traps.h | 1 + arch/x86/kernel/cpu/mcheck/mce.c | 5 + arch/x86/kernel/entry_64.S | 2 +- arch/x86/kvm/lapic.c | 2 +- arch/x86/kvm/vmx.c | 12 +- arch/x86/kvm/x86.c | 38 +- crypto/algapi.c | 12 + drivers/acpi/apei/erst.c | 2 +- drivers/acpi/sbshc.c | 4 +- drivers/base/isa.c | 10 +- drivers/crypto/n2_core.c | 3 + drivers/hwmon/pmbus/pmbus_core.c | 21 +- drivers/i2c/i2c-core.c | 13 +- drivers/infiniband/hw/cxgb4/cq.c | 6 +- drivers/input/mouse/elantech.c | 2 +- drivers/input/mouse/trackpoint.c | 7 +- drivers/iommu/intel-iommu.c | 8 +- drivers/md/dm-mpath.c | 34 +- drivers/md/dm-snap.c | 48 +- drivers/md/dm-thin-metadata.c | 18 +- drivers/md/persistent-data/dm-btree.c | 19 +- drivers/media/dvb/dvb-usb/dibusb-common.c | 16 +- drivers/media/video/Makefile | 7 +- drivers/media/video/v4l2-compat-ioctl32.c | 973 +++++++++++++-------- drivers/media/video/v4l2-ioctl.c | 6 +- drivers/misc/eeprom/at24.c | 6 + drivers/mmc/host/s3cmci.c | 6 +- drivers/net/can/ti_hecc.c | 3 + drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + .../net/ethernet/freescale/fs_enet/fs_enet-main.c | 16 +- drivers/net/ethernet/freescale/fs_enet/fs_enet.h | 1 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 10 +- drivers/net/ethernet/intel/e1000e/lib.c | 11 +- drivers/net/ethernet/intel/e1000e/netdev.c | 2 +- drivers/net/phy/marvell.c | 2 +- drivers/net/ppp/pppoe.c | 11 +- drivers/of/fdt.c | 2 +- drivers/parisc/lba_pci.c | 33 + drivers/pci/pci-driver.c | 7 +- drivers/scsi/libsas/sas_ata.c | 4 - drivers/scsi/scsi_lib.c | 10 +- drivers/staging/usbip/stub_dev.c | 3 +- drivers/staging/usbip/stub_main.c | 5 +- drivers/staging/usbip/stub_rx.c | 9 +- drivers/staging/usbip/stub_tx.c | 4 +- drivers/staging/usbip/usbip_common.c | 85 +- drivers/staging/usbip/usbip_common.h | 3 +- drivers/staging/usbip/userspace/src/utils.c | 9 +- drivers/staging/usbip/vhci_hcd.c | 12 +- drivers/staging/usbip/vhci_rx.c | 26 +- drivers/staging/usbip/vhci_tx.c | 3 +- drivers/tty/n_tty.c | 4 +- drivers/tty/serial/8250_pci.c | 3 + drivers/usb/core/config.c | 16 +- drivers/usb/core/devio.c | 14 +- drivers/usb/core/quirks.c | 6 +- drivers/usb/host/ehci-dbg.c | 2 +- drivers/usb/host/xhci-mem.c | 17 +- drivers/usb/host/xhci-ring.c | 12 +- drivers/usb/mon/mon_bin.c | 8 +- drivers/usb/serial/cp210x.c | 2 + drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 12 + drivers/usb/storage/unusual_devs.h | 7 + fs/btrfs/extent-tree.c | 14 +- fs/btrfs/ioctl.c | 2 +- fs/ext4/namei.c | 4 + fs/nfsd/auth.c | 3 + include/asm-generic/dma-mapping-broken.h | 3 - include/linux/cred.h | 1 + include/linux/dma-mapping.h | 2 - include/linux/fscache.h | 2 +- include/linux/stddef.h | 10 + include/linux/usb/ch9.h | 2 + include/net/red.h | 11 + include/net/xfrm.h | 1 + include/scsi/libsas.h | 9 +- kernel/debug/kdb/kdb_io.c | 2 +- kernel/futex.c | 3 + kernel/groups.c | 5 +- kernel/hrtimer.c | 2 + kernel/posix-timers.c | 37 +- kernel/trace/ring_buffer.c | 6 +- kernel/uid16.c | 1 + mm/mprotect.c | 6 +- net/8021q/vlan.c | 6 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/bridge/br_netlink.c | 7 +- net/can/af_can.c | 12 +- net/dccp/ccids/ccid2.c | 3 + net/ipv4/esp4.c | 1 + net/ipv4/igmp.c | 20 +- net/ipv4/raw.c | 119 ++- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/xfrm4_input.c | 11 +- net/ipv6/esp6.c | 3 +- net/ipv6/tcp_ipv6.c | 2 +- net/ipv6/xfrm6_input.c | 9 +- net/key/af_key.c | 8 + net/packet/af_packet.c | 5 + net/rds/rdma.c | 2 +- net/sched/sch_choke.c | 3 + net/sched/sch_gred.c | 3 + net/sched/sch_red.c | 2 + net/sctp/socket.c | 27 +- net/sunrpc/auth_gss/svcauth_gss.c | 1 + net/sunrpc/svcauth_unix.c | 2 + net/wireless/core.c | 7 +- net/wireless/wext-compat.c | 3 +- net/xfrm/xfrm_input.c | 56 ++ sound/core/oss/pcm_oss.c | 41 +- sound/core/oss/pcm_plugin.c | 14 +- sound/core/pcm.c | 2 + sound/core/pcm_lib.c | 5 +- sound/core/rawmidi.c | 15 +- sound/core/seq/seq_clientmgr.c | 15 +- sound/core/seq/seq_timer.c | 2 +- sound/drivers/aloop.c | 98 ++- sound/usb/mixer.c | 27 +- 128 files changed, 1509 insertions(+), 882 deletions(-) -- Ben Hutchings If the facts do not conform to your theory, they must be disposed of.

7 years, 2 months

2
141
0 0

[Linux-stable-mirror] [PATCH 4.4 00/53] 4.4.113-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.113 release. There are 53 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 24 08:38:52 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.113-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.113-rc1 Andi Kleen <ak(a)linux.intel.com> x86/retpoline: Optimize inline assembler for vmexit_fill_RSB zhenwei.pi <zhenwei.pi(a)youruncloud.com> x86/pti: Document fix wrong index Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Disable optimizing on the function jumps to indirect thunk Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Blacklist indirect thunk functions for kprobes Masami Hiramatsu <mhiramat(a)kernel.org> retpoline: Introduce start/end markers of indirect thunk Thomas Gleixner <tglx(a)linutronix.de> x86/mce: Make machine check speculation protected Nicholas Piggin <npiggin(a)gmail.com> kbuild: modversions for EXPORT_SYMBOL() for asm Tom Lendacky <thomas.lendacky(a)amd.com> x86/cpu, x86/pti: Do not enable PTI on AMD processors Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls Dennis Yang <dennisyang(a)qnap.com> dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 Joe Thornber <thornber(a)redhat.com> dm btree: fix serious bug in btree_split_beneath() Xinyu Lin <xinyu0123(a)gmail.com> libata: apply MAX_SEC_1024 to all LITEON EP1 series devices Stephane Grosjean <s.grosjean(a)peak-system.com> can: peak: fix potential bug in packet fragmentation Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 Arnd Bergmann <arnd(a)arndb.de> phy: work around 'phys' references to usb-nop-xceiv devices Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix converting enum's from the map in trace_event_eval_update() Johan Hovold <johan(a)kernel.org> Input: twl4030-vibra - fix sibling-node lookup Johan Hovold <johan(a)kernel.org> Input: twl6040-vibra - fix child-node lookup H. Nikolaus Schaller <hns(a)goldelico.com> Input: twl6040-vibra - fix DT node memory management Johan Hovold <johan(a)kernel.org> Input: 88pm860x-ts - fix child-node lookup Thomas Gleixner <tglx(a)linutronix.de> x86/apic/vector: Fix off by one in error path Joe Lawrence <joe.lawrence(a)redhat.com> pipe: avoid round_pipe_size() nr_pages overflow on 32-bit Andi Kleen <ak(a)linux.intel.com> module: Add retpoline tag to VERMAGIC Tom Lendacky <thomas.lendacky(a)amd.com> x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros Xunlei Pang <xlpang(a)redhat.com> sched/deadline: Zero out positive runtime after throttling constrained tasks Tomas Henzl <thenzl(a)redhat.com> scsi: hpsa: fix volume offline state Eric Biggers <ebiggers(a)google.com> af_key: fix buffer overread in parse_exthdrs() Eric Biggers <ebiggers(a)google.com> af_key: fix buffer overread in verify_address_len() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Apply the existing quirk to iMac 14,1 Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Remove yet superfluous WARN_ON() Li Jinyue <lijinyue(a)huawei.com> futex: Prevent overflow by strengthen input validation Hannes Reinecke <hare(a)suse.de> scsi: sg: disable SET_FORCE_LOW_DMA Thomas Gleixner <tglx(a)linutronix.de> x86/retpoline: Remove compile time warning David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline: Fill return stack buffer on vmexit Andi Kleen <ak(a)linux.intel.com> x86/retpoline/irq32: Convert assembler indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline/checksum32: Convert assembler indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline/xen: Convert Xen hypercall indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline/hyperv: Convert assembler indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline/ftrace: Convert ftrace assembler indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline/entry: Convert entry assembler indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline/crypto: Convert crypto assembler indirect jumps David Woodhouse <dwmw(a)amazon.co.uk> x86/spectre: Add boot time option to select Spectre v2 mitigation David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline: Add initial retpoline support Masahiro Yamada <yamada.masahiro(a)socionext.com> kconfig.h: use __is_defined() to check if MODULE is defined Al Viro <viro(a)zeniv.linux.org.uk> EXPORT_SYMBOL() for asm Andy Lutomirski <luto(a)kernel.org> x86/asm: Make asm/alternative.h safe from assembly Adam Borowski <kilobyte(a)angband.pl> x86/kbuild: enable modversions for symbols exported from asm Andrey Ryabinin <aryabinin(a)virtuozzo.com> x86/asm: Use register variable to get stack pointer value Andy Lutomirski <luto(a)kernel.org> x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier Tom Lendacky <thomas.lendacky(a)amd.com> x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC Tom Lendacky <thomas.lendacky(a)amd.com> x86/cpu/AMD: Make LFENCE a serializing instruction Arnd Bergmann <arnd(a)arndb.de> gcov: disable for COMPILE_TEST ------------- Diffstat: Documentation/kernel-parameters.txt | 28 ++++ Documentation/x86/pti.txt | 2 +- Makefile | 4 +- arch/arm/boot/dts/kirkwood-openblocks_a7.dts | 10 +- arch/arm64/kvm/handle_exit.c | 4 +- arch/x86/Kconfig | 13 ++ arch/x86/Makefile | 8 ++ arch/x86/crypto/aesni-intel_asm.S | 5 +- arch/x86/crypto/camellia-aesni-avx-asm_64.S | 3 +- arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 3 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 3 +- arch/x86/entry/entry_32.S | 11 +- arch/x86/entry/entry_64.S | 16 ++- arch/x86/include/asm/alternative.h | 4 + arch/x86/include/asm/asm-prototypes.h | 41 ++++++ arch/x86/include/asm/asm.h | 11 ++ arch/x86/include/asm/cpufeature.h | 2 + arch/x86/include/asm/msr-index.h | 3 + arch/x86/include/asm/nospec-branch.h | 198 +++++++++++++++++++++++++++ arch/x86/include/asm/thread_info.h | 11 -- arch/x86/include/asm/traps.h | 1 + arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/apic/vector.c | 7 +- arch/x86/kernel/cpu/amd.c | 28 +++- arch/x86/kernel/cpu/bugs.c | 166 ++++++++++++++++++++-- arch/x86/kernel/cpu/common.c | 12 +- arch/x86/kernel/cpu/mcheck/mce.c | 5 + arch/x86/kernel/irq_32.c | 15 +- arch/x86/kernel/kprobes/opt.c | 23 +++- arch/x86/kernel/mcount_64.S | 7 +- arch/x86/kernel/traps.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 7 + arch/x86/kvm/svm.c | 4 + arch/x86/kvm/vmx.c | 4 + arch/x86/lib/Makefile | 1 + arch/x86/lib/checksum_32.S | 7 +- arch/x86/lib/retpoline.S | 49 +++++++ drivers/ata/libata-core.c | 1 + drivers/hv/hv.c | 11 +- drivers/input/misc/twl4030-vibra.c | 6 +- drivers/input/misc/twl6040-vibra.c | 2 +- drivers/input/touchscreen/88pm860x-ts.c | 16 ++- drivers/md/dm-thin-metadata.c | 6 +- drivers/md/persistent-data/dm-btree.c | 19 +-- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 21 +-- drivers/phy/phy-core.c | 4 + drivers/scsi/hpsa.c | 1 + drivers/scsi/sg.c | 30 ++-- fs/pipe.c | 18 ++- include/asm-generic/asm-prototypes.h | 7 + include/asm-generic/export.h | 94 +++++++++++++ include/linux/kconfig.h | 11 +- include/linux/vermagic.h | 8 +- include/scsi/sg.h | 1 - kernel/futex.c | 3 + kernel/gcov/Kconfig | 1 + kernel/sched/deadline.c | 2 + kernel/trace/trace_events.c | 16 ++- net/key/af_key.c | 8 ++ scripts/Makefile.build | 87 +++++++++++- sound/core/pcm_lib.c | 1 - sound/pci/hda/patch_cirrus.c | 1 + sound/pci/hda/patch_realtek.c | 1 + 63 files changed, 960 insertions(+), 139 deletions(-)

7 years, 2 months

9
68
0 0

[Linux-stable-mirror] [PATCH 4.9 00/66] 4.9.79-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.79 release. There are 66 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 31 12:38:12 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.79-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.79-rc1 Daniel Borkmann <daniel(a)iogearbox.net> bpf: reject stores into ctx via st and xadd Alexei Starovoitov <ast(a)kernel.org> bpf: fix 32-bit divide by zero Eric Dumazet <edumazet(a)google.com> bpf: fix divides by zero Daniel Borkmann <daniel(a)iogearbox.net> bpf: avoid false sharing of map refcount with max_entries Daniel Borkmann <daniel(a)iogearbox.net> bpf: arsh is not supported in 32 bit alu thus reject it Alexei Starovoitov <ast(a)kernel.org> bpf: introduce BPF_JIT_ALWAYS_ON config Alexei Starovoitov <ast(a)fb.com> bpf: fix bpf_tail_call() x64 JIT Eric Dumazet <edumazet(a)google.com> x86: bpf_jit: small optimization in emit_bpf_tail_call() Thomas Gleixner <tglx(a)linutronix.de> hrtimer: Reset hrtimer cpu base proper on CPU hotplug Jia Zhang <zhang.jia(a)linux.alibaba.com> x86/microcode/intel: Extend BDW late-loading further with LLC size check Xiao Liang <xiliang(a)redhat.com> perf/x86/amd/power: Do not load AMD power module on !AMD platforms Eric Dumazet <edumazet(a)google.com> flow_dissector: properly cap thoff field Cong Wang <xiyou.wangcong(a)gmail.com> tun: fix a memory leak for tfile->tx_array Yuval Mintz <yuvalm(a)mellanox.com> mlxsw: spectrum_router: Don't log an error on missing neighbor Willem de Bruijn <willemb(a)google.com> gso: validate gso_type in GSO handlers Alexey Kodanev <alexey.kodanev(a)oracle.com> ip6_gre: init dev->mtu and dev->hard_header_len correctly Ivan Vecera <cera(a)cera.cz> be2net: restore properly promisc mode after queues reconfiguration Guillaume Nault <g.nault(a)alphalink.fr> ppp: unlock all_ppp_mutex before registering device Jim Westfall <jwestfall(a)surrealistic.net> ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY Jim Westfall <jwestfall(a)surrealistic.net> net: Allow neigh contructor functions ability to modify the primary_key Neil Horman <nhorman(a)tuxdriver.com> vmxnet3: repair memory leak Cong Wang <xiyou.wangcong(a)gmail.com> tipc: fix a memory leak in tipc_nl_node_get_link() Xin Long <lucien.xin(a)gmail.com> sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf Xin Long <lucien.xin(a)gmail.com> sctp: do not allow the v4 socket to bind a v4mapped v6 address Francois Romieu <romieu(a)fr.zoreil.com> r8169: fix memory corruption on retrieval of hardware statistics. Guillaume Nault <g.nault(a)alphalink.fr> pppoe: take ->needed_headroom of lower device into account on xmit Dan Streetman <ddstreet(a)ieee.org> net: tcp: close sock if net namespace is exiting Eric Dumazet <edumazet(a)google.com> net: qdisc_pkt_len_init() should be more robust Felix Fietkau <nbd(a)nbd.name> net: igmp: fix source address check for IGMPv3 reports Yuiko Oshino <yuiko.oshino(a)microchip.com> lan78xx: Fix failure in USB Full Speed Eric Dumazet <edumazet(a)google.com> ipv6: ip6_make_skb() needs to clear cork.base.dst Mike Maloney <maloney(a)google.com> ipv6: fix udpv6 sendmsg crash caused by too small MTU Ben Hutchings <ben.hutchings(a)codethink.co.uk> ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state Greg KH <gregkh(a)linuxfoundation.org> eventpoll.h: add missing epoll event masks Ben Hutchings <ben.hutchings(a)codethink.co.uk> vsyscall: Fix permissions for emulate mode with KAISER/PTI Thomas Meyer <thomas(a)m3y3r.de> um: link vmlinux with -no-pie Martin Brandenburg <martin(a)omnibond.com> orangefs: fix deadlock; do not write i_size in read_iter Aaron Ma <aaron.ma(a)canonical.com> Input: trackpoint - force 3 buttons if 0 button is reported Johannes Weiner <hannes(a)cmpxchg.org> mm: fix 100% CPU kswapd busyloop on unreclaimable nodes Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "module: Add retpoline tag to VERMAGIC" Johannes Thumshirn <jthumshirn(a)suse.de> scsi: libiscsi: fix shifting of DID_REQUEUE host byte Jiri Slaby <jslaby(a)suse.cz> fs/fcntl: f_setown, avoid undefined behaviour Jeff Mahoney <jeffm(a)suse.com> reiserfs: don't preallocate blocks for extended attributes Jeff Mahoney <jeffm(a)suse.com> reiserfs: fix race in prealloc discard Kevin Cernekee <cernekee(a)chromium.org> netfilter: xt_osf: Add missing permission checks Kevin Cernekee <cernekee(a)chromium.org> netfilter: nfnetlink_cthelper: Add missing permission checks Seunghun Han <kkamagui(a)gmail.com> ACPICA: Namespace: fix operand cache leak Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI / scan: Prefer devices without _HID/_CID for _ADR matching Jiri Slaby <jslaby(a)suse.cz> ipc: msg, make msgrcv work with LONG_MIN Vlastimil Babka <vbabka(a)suse.cz> mm, page_alloc: fix potential false positive in __zone_watermark_ok Doug Berger <opendmb(a)gmail.com> cma: fix calculation of aligned offset Michal Hocko <mhocko(a)suse.com> hwpoison, memcg: forcibly uncharge LRU pages Michal Hocko <mhocko(a)suse.com> mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack Sudeep Holla <sudeep.holla(a)arm.com> drivers: base: cacheinfo: fix boot error message when acpi is enabled Sudeep Holla <sudeep.holla(a)arm.com> drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled Janakarajan Natarajan <Janakarajan.Natarajan(a)amd.com> Prevent timer value 0 for MWAITX Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 Marc Kleine-Budde <mkl(a)pengutronix.de> can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once Marc Kleine-Budde <mkl(a)pengutronix.de> can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once Jonathan Dieter <jdieter(a)lesbg.com> usbip: Fix potential format overflow in userspace tools Jonathan Dieter <jdieter(a)lesbg.com> usbip: Fix implicit fallthrough warning Shuah Khan <shuah(a)kernel.org> usbip: prevent vhci_hcd driver from leaking a socket pointer address Martin Brandenburg <martin(a)omnibond.com> orangefs: initialize op on loop restart in orangefs_devreq_read Martin Brandenburg <martin(a)omnibond.com> orangefs: use list_for_each_entry_safe in purge_waiting_ops Andy Lutomirski <luto(a)kernel.org> x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels ------------- Diffstat: Makefile | 4 +- arch/arm/kvm/mmu.c | 2 +- arch/um/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 7 ++-- arch/x86/events/amd/power.c | 2 +- arch/x86/include/asm/processor.h | 2 +- arch/x86/include/asm/vsyscall.h | 1 + arch/x86/kernel/cpu/intel_cacheinfo.c | 2 + arch/x86/kernel/cpu/microcode/intel.c | 20 ++++++++- arch/x86/lib/delay.c | 7 ++++ arch/x86/mm/kaiser.c | 2 +- arch/x86/net/bpf_jit_comp.c | 13 +++--- drivers/acpi/acpica/nsutils.c | 23 +++++------ drivers/acpi/glue.c | 12 +++--- drivers/base/cacheinfo.c | 15 +++++-- drivers/input/mouse/trackpoint.c | 3 ++ drivers/net/ethernet/emulex/benet/be_main.c | 9 +++++ .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 5 +-- drivers/net/ethernet/realtek/r8169.c | 9 +---- drivers/net/ppp/ppp_generic.c | 5 ++- drivers/net/ppp/pppoe.c | 11 ++--- drivers/net/tun.c | 15 ++++++- drivers/net/usb/lan78xx.c | 1 + drivers/net/vmxnet3/vmxnet3_drv.c | 2 +- drivers/scsi/libiscsi.c | 2 +- drivers/usb/usbip/usbip_common.h | 1 + drivers/usb/usbip/vhci_sysfs.c | 25 +++++++----- fs/fcntl.c | 4 ++ fs/orangefs/devorangefs-req.c | 3 +- fs/orangefs/file.c | 7 +--- fs/orangefs/orangefs-kernel.h | 11 ----- fs/orangefs/waitqueue.c | 4 +- fs/reiserfs/bitmap.c | 14 +++++-- include/linux/bpf.h | 16 ++++++-- include/linux/cacheinfo.h | 1 + include/linux/mmzone.h | 2 + include/linux/vermagic.h | 8 +--- include/net/arp.h | 3 ++ include/net/ipv6.h | 1 + include/net/net_namespace.h | 10 +++++ include/uapi/linux/eventpoll.h | 13 ++++++ init/Kconfig | 7 ++++ ipc/msg.c | 5 ++- kernel/bpf/core.c | 24 +++++++++-- kernel/bpf/verifier.c | 42 +++++++++++++++++++ kernel/time/hrtimer.c | 3 ++ lib/test_bpf.c | 11 +++-- mm/cma.c | 15 +++---- mm/internal.h | 6 +++ mm/memcontrol.c | 2 +- mm/memory-failure.c | 7 ++++ mm/mmap.c | 6 ++- mm/page_alloc.c | 15 +++---- mm/vmscan.c | 47 +++++++++++++++------- mm/vmstat.c | 2 +- net/can/af_can.c | 22 +++++----- net/core/dev.c | 19 +++++++-- net/core/filter.c | 10 +++-- net/core/flow_dissector.c | 3 +- net/core/neighbour.c | 4 +- net/core/sysctl_net_core.c | 6 +++ net/dccp/ccids/ccid2.c | 3 ++ net/ipv4/arp.c | 7 +++- net/ipv4/igmp.c | 2 +- net/ipv4/tcp.c | 3 ++ net/ipv4/tcp_offload.c | 3 ++ net/ipv4/tcp_timer.c | 15 +++++++ net/ipv4/udp_offload.c | 3 ++ net/ipv6/ip6_gre.c | 14 +++---- net/ipv6/ip6_output.c | 9 +++-- net/ipv6/ipv6_sockglue.c | 2 +- net/ipv6/tcpv6_offload.c | 3 ++ net/ipv6/udp_offload.c | 3 ++ net/netfilter/nfnetlink_cthelper.c | 10 +++++ net/netfilter/xt_osf.c | 7 ++++ net/sctp/offload.c | 3 ++ net/sctp/socket.c | 30 ++++++-------- net/socket.c | 9 +++++ net/tipc/node.c | 26 ++++++------ tools/usb/usbip/libsrc/usbip_common.c | 9 ++++- tools/usb/usbip/libsrc/usbip_host_common.c | 28 ++++++++++--- tools/usb/usbip/libsrc/vhci_driver.c | 8 ++-- tools/usb/usbip/src/usbip.c | 2 + 83 files changed, 523 insertions(+), 231 deletions(-)

7 years, 2 months

6
71
0 0

Patch "xfs: quota: fix missed destroy of qi_tree_lock" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: quota: fix missed destroy of qi_tree_lock to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Date: Thu, 21 Dec 2017 13:18:26 -0800 Subject: xfs: quota: fix missed destroy of qi_tree_lock From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [ Upstream commit 2196881566225f3c3428d1a5f847a992944daa5b ] xfs_qm_destroy_quotainfo() does not destroy quotainfo->qi_tree_lock while destroys quotainfo->qi_quotaofflock. Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_qm.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -736,6 +736,7 @@ xfs_qm_destroy_quotainfo( IRELE(qi->qi_pquotaip); qi->qi_pquotaip = NULL; } + mutex_destroy(&qi->qi_tree_lock); mutex_destroy(&qi->qi_quotaofflock); kmem_free(qi); mp->m_quotainfo = NULL; Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are queue-4.14/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch queue-4.14/xfs-quota-check-result-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "xfs: quota: check result of register_shrinker()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: quota: check result of register_shrinker() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-quota-check-result-of-register_shrinker.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Date: Thu, 21 Dec 2017 13:18:26 -0800 Subject: xfs: quota: check result of register_shrinker() From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [ Upstream commit 3a3882ff26fbdbaf5f7e13f6a0bccfbf7121041d ] xfs_qm_init_quotainfo() does not check result of register_shrinker() which was tagged as __must_check recently, reported by sparse. Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [darrick: move xfs_qm_destroy_quotainos nearer xfs_qm_init_quotainos] Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_qm.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -48,7 +48,7 @@ STATIC int xfs_qm_init_quotainos(xfs_mount_t *); STATIC int xfs_qm_init_quotainfo(xfs_mount_t *); - +STATIC void xfs_qm_destroy_quotainos(xfs_quotainfo_t *qi); STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); /* * We use the batch lookup interface to iterate over the dquots as it @@ -695,9 +695,17 @@ xfs_qm_init_quotainfo( qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan; qinf->qi_shrinker.seeks = DEFAULT_SEEKS; qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE; - register_shrinker(&qinf->qi_shrinker); + + error = register_shrinker(&qinf->qi_shrinker); + if (error) + goto out_free_inos; + return 0; +out_free_inos: + mutex_destroy(&qinf->qi_quotaofflock); + mutex_destroy(&qinf->qi_tree_lock); + xfs_qm_destroy_quotainos(qinf); out_free_lru: list_lru_destroy(&qinf->qi_lru); out_free_qinf: @@ -706,7 +714,6 @@ out_free_qinf: return error; } - /* * Gets called when unmounting a filesystem or when all quotas get * turned off. @@ -723,19 +730,7 @@ xfs_qm_destroy_quotainfo( unregister_shrinker(&qi->qi_shrinker); list_lru_destroy(&qi->qi_lru); - - if (qi->qi_uquotaip) { - IRELE(qi->qi_uquotaip); - qi->qi_uquotaip = NULL; /* paranoia */ - } - if (qi->qi_gquotaip) { - IRELE(qi->qi_gquotaip); - qi->qi_gquotaip = NULL; - } - if (qi->qi_pquotaip) { - IRELE(qi->qi_pquotaip); - qi->qi_pquotaip = NULL; - } + xfs_qm_destroy_quotainos(qi); mutex_destroy(&qi->qi_tree_lock); mutex_destroy(&qi->qi_quotaofflock); kmem_free(qi); @@ -1601,6 +1596,24 @@ error_rele: } STATIC void +xfs_qm_destroy_quotainos( + xfs_quotainfo_t *qi) +{ + if (qi->qi_uquotaip) { + IRELE(qi->qi_uquotaip); + qi->qi_uquotaip = NULL; /* paranoia */ + } + if (qi->qi_gquotaip) { + IRELE(qi->qi_gquotaip); + qi->qi_gquotaip = NULL; + } + if (qi->qi_pquotaip) { + IRELE(qi->qi_pquotaip); + qi->qi_pquotaip = NULL; + } +} + +STATIC void xfs_qm_dqfree_one( struct xfs_dquot *dqp) { Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are queue-4.14/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch queue-4.14/xfs-quota-check-result-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "xfrm: Reinject transport-mode packets through tasklet" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfrm: Reinject transport-mode packets through tasklet to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfrm-reinject-transport-mode-packets-through-tasklet.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Herbert Xu <herbert(a)gondor.apana.org.au> Date: Fri, 15 Dec 2017 16:40:44 +1100 Subject: xfrm: Reinject transport-mode packets through tasklet From: Herbert Xu <herbert(a)gondor.apana.org.au> [ Upstream commit acf568ee859f098279eadf551612f103afdacb4e ] This is an old bugbear of mine: https://www.mail-archive.com/netdev@vger.kernel.org/msg03894.html By crafting special packets, it is possible to cause recursion in our kernel when processing transport-mode packets at levels that are only limited by packet size. The easiest one is with DNAT, but an even worse one is where UDP encapsulation is used in which case you just have to insert an UDP encapsulation header in between each level of recursion. This patch avoids this problem by reinjecting tranport-mode packets through a tasklet. Fixes: b05e106698d9 ("[IPV4/6]: Netfilter IPsec input hooks") Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/net/xfrm.h | 3 ++ net/ipv4/xfrm4_input.c | 12 +++++++++- net/ipv6/xfrm6_input.c | 10 +++++++- net/xfrm/xfrm_input.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 80 insertions(+), 2 deletions(-) --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1570,6 +1570,9 @@ int xfrm_init_state(struct xfrm_state *x int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb); int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type); int xfrm_input_resume(struct sk_buff *skb, int nexthdr); +int xfrm_trans_queue(struct sk_buff *skb, + int (*finish)(struct net *, struct sock *, + struct sk_buff *)); int xfrm_output_resume(struct sk_buff *skb, int err); int xfrm_output(struct sock *sk, struct sk_buff *skb); int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb); --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c @@ -23,6 +23,12 @@ int xfrm4_extract_input(struct xfrm_stat return xfrm4_extract_header(skb); } +static int xfrm4_rcv_encap_finish2(struct net *net, struct sock *sk, + struct sk_buff *skb) +{ + return dst_input(skb); +} + static inline int xfrm4_rcv_encap_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { @@ -33,7 +39,11 @@ static inline int xfrm4_rcv_encap_finish iph->tos, skb->dev)) goto drop; } - return dst_input(skb); + + if (xfrm_trans_queue(skb, xfrm4_rcv_encap_finish2)) + goto drop; + + return 0; drop: kfree_skb(skb); return NET_RX_DROP; --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c @@ -32,6 +32,14 @@ int xfrm6_rcv_spi(struct sk_buff *skb, i } EXPORT_SYMBOL(xfrm6_rcv_spi); +static int xfrm6_transport_finish2(struct net *net, struct sock *sk, + struct sk_buff *skb) +{ + if (xfrm_trans_queue(skb, ip6_rcv_finish)) + __kfree_skb(skb); + return -1; +} + int xfrm6_transport_finish(struct sk_buff *skb, int async) { struct xfrm_offload *xo = xfrm_offload(skb); @@ -56,7 +64,7 @@ int xfrm6_transport_finish(struct sk_buf NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, dev_net(skb->dev), NULL, skb, skb->dev, NULL, - ip6_rcv_finish); + xfrm6_transport_finish2); return -1; } --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -8,15 +8,29 @@ * */ +#include <linux/bottom_half.h> +#include <linux/interrupt.h> #include <linux/slab.h> #include <linux/module.h> #include <linux/netdevice.h> +#include <linux/percpu.h> #include <net/dst.h> #include <net/ip.h> #include <net/xfrm.h> #include <net/ip_tunnels.h> #include <net/ip6_tunnel.h> +struct xfrm_trans_tasklet { + struct tasklet_struct tasklet; + struct sk_buff_head queue; +}; + +struct xfrm_trans_cb { + int (*finish)(struct net *net, struct sock *sk, struct sk_buff *skb); +}; + +#define XFRM_TRANS_SKB_CB(__skb) ((struct xfrm_trans_cb *)&((__skb)->cb[0])) + static struct kmem_cache *secpath_cachep __read_mostly; static DEFINE_SPINLOCK(xfrm_input_afinfo_lock); @@ -25,6 +39,8 @@ static struct xfrm_input_afinfo const __ static struct gro_cells gro_cells; static struct net_device xfrm_napi_dev; +static DEFINE_PER_CPU(struct xfrm_trans_tasklet, xfrm_trans_tasklet); + int xfrm_input_register_afinfo(const struct xfrm_input_afinfo *afinfo) { int err = 0; @@ -477,9 +493,41 @@ int xfrm_input_resume(struct sk_buff *sk } EXPORT_SYMBOL(xfrm_input_resume); +static void xfrm_trans_reinject(unsigned long data) +{ + struct xfrm_trans_tasklet *trans = (void *)data; + struct sk_buff_head queue; + struct sk_buff *skb; + + __skb_queue_head_init(&queue); + skb_queue_splice_init(&trans->queue, &queue); + + while ((skb = __skb_dequeue(&queue))) + XFRM_TRANS_SKB_CB(skb)->finish(dev_net(skb->dev), NULL, skb); +} + +int xfrm_trans_queue(struct sk_buff *skb, + int (*finish)(struct net *, struct sock *, + struct sk_buff *)) +{ + struct xfrm_trans_tasklet *trans; + + trans = this_cpu_ptr(&xfrm_trans_tasklet); + + if (skb_queue_len(&trans->queue) >= netdev_max_backlog) + return -ENOBUFS; + + XFRM_TRANS_SKB_CB(skb)->finish = finish; + skb_queue_tail(&trans->queue, skb); + tasklet_schedule(&trans->tasklet); + return 0; +} +EXPORT_SYMBOL(xfrm_trans_queue); + void __init xfrm_input_init(void) { int err; + int i; init_dummy_netdev(&xfrm_napi_dev); err = gro_cells_init(&gro_cells, &xfrm_napi_dev); @@ -490,4 +538,13 @@ void __init xfrm_input_init(void) sizeof(struct sec_path), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + + for_each_possible_cpu(i) { + struct xfrm_trans_tasklet *trans; + + trans = &per_cpu(xfrm_trans_tasklet, i); + __skb_queue_head_init(&trans->queue); + tasklet_init(&trans->tasklet, xfrm_trans_reinject, + (unsigned long)trans); + } } Patches currently in stable-queue which might be from herbert(a)gondor.apana.org.au are queue-4.14/lib-mpi-fix-umul_ppmm-for-mips64r6.patch queue-4.14/xfrm-reinject-transport-mode-packets-through-tasklet.patch queue-4.14/crypto-inside-secure-per-request-invalidation.patch queue-4.14/crypto-inside-secure-fix-request-allocations-in-invalidation-path.patch queue-4.14/crypto-af_alg-fix-race-around-ctx-rcvused-by-making-it-atomic_t.patch queue-4.14/crypto-inside-secure-free-requests-even-if-their-handling-failed.patch

7 years, 2 months

1
0
0 0

Patch "xen-netfront: enable device after manual module load" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: enable device after manual module load to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-enable-device-after-manual-module-load.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Eduardo Otubo <otubo(a)redhat.com> Date: Fri, 5 Jan 2018 09:42:16 +0100 Subject: xen-netfront: enable device after manual module load From: Eduardo Otubo <otubo(a)redhat.com> [ Upstream commit b707fda2df4070785d0fa8a278aa13944c5f51f8 ] When loading the module after unloading it, the network interface would not be enabled and thus wouldn't have a backend counterpart and unable to be used by the guest. The guest would face errors like: [root@guest ~]# ethtool -i eth0 Cannot get driver information: No such device [root@guest ~]# ifconfig eth0 eth0: error fetching interface information: Device not found This patch initializes the state of the netfront device whenever it is loaded manually, this state would communicate the netback to create its device and establish the connection between them. Signed-off-by: Eduardo Otubo <otubo(a)redhat.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1326,6 +1326,7 @@ static struct net_device *xennet_create_ netif_carrier_off(netdev); + xenbus_switch_state(dev, XenbusStateInitialising); return netdev; exit: Patches currently in stable-queue which might be from otubo(a)redhat.com are queue-4.14/xen-netfront-enable-device-after-manual-module-load.patch

7 years, 2 months

1
0
0 0

Patch "xen/gntdev: Fix partial gntdev_mmap() cleanup" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/gntdev: Fix partial gntdev_mmap() cleanup to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Date: Tue, 9 Jan 2018 12:10:22 +0000 Subject: xen/gntdev: Fix partial gntdev_mmap() cleanup From: Ross Lagerwall <ross.lagerwall(a)citrix.com> [ Upstream commit cf2acf66ad43abb39735568f55e1f85f9844e990 ] When cleaning up after a partially successful gntdev_mmap(), unmap the successfully mapped grant pages otherwise Xen will kill the domain if in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will kill the process and emit "BUG: Bad page map in process" if Xen is in release mode. This is only needed when use_ptemod is true because gntdev_put_map() will unmap grant pages itself when use_ptemod is false. Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/xen/gntdev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -1071,8 +1071,10 @@ unlock_out: out_unlock_put: mutex_unlock(&priv->lock); out_put_map: - if (use_ptemod) + if (use_ptemod) { map->vma = NULL; + unmap_grant_pages(map, 0, map->count); + } gntdev_put_map(priv, map); return err; } Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are queue-4.14/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-4.14/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch

7 years, 2 months

1
0
0 0

Patch "xen/gntdev: Fix off-by-one error when unmapping with holes" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/gntdev: Fix off-by-one error when unmapping with holes to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Date: Tue, 9 Jan 2018 12:10:21 +0000 Subject: xen/gntdev: Fix off-by-one error when unmapping with holes From: Ross Lagerwall <ross.lagerwall(a)citrix.com> [ Upstream commit 951a010233625b77cde3430b4b8785a9a22968d1 ] If the requested range has a hole, the calculation of the number of pages to unmap is off by one. Fix it. Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/xen/gntdev.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -380,10 +380,8 @@ static int unmap_grant_pages(struct gran } range = 0; while (range < pages) { - if (map->unmap_ops[offset+range].handle == -1) { - range--; + if (map->unmap_ops[offset+range].handle == -1) break; - } range++; } err = __unmap_grant_pages(map, offset, range); Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are queue-4.14/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-4.14/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch

7 years, 2 months

1
0
0 0

Patch "xen/balloon: Mark unallocated host memory as UNUSABLE" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/balloon: Mark unallocated host memory as UNUSABLE to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-balloon-mark-unallocated-host-memory-as-unusable.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Date: Tue, 12 Dec 2017 15:08:21 -0500 Subject: xen/balloon: Mark unallocated host memory as UNUSABLE From: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> [ Upstream commit b3cf8528bb21febb650a7ecbf080d0647be40b9f ] Commit f5775e0b6116 ("x86/xen: discard RAM regions above the maximum reservation") left host memory not assigned to dom0 as available for memory hotplug. Unfortunately this also meant that those regions could be used by others. Specifically, commit fa564ad96366 ("x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f)") may try to map those addresses as MMIO. To prevent this mark unallocated host memory as E820_TYPE_UNUSABLE (thus effectively reverting f5775e0b6116) and keep track of that region as a hostmem resource that can be used for the hotplug. Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/xen/enlighten.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++ arch/x86/xen/setup.c | 6 +-- drivers/xen/balloon.c | 65 ++++++++++++++++++++++++++++++++----- include/xen/balloon.h | 5 ++ 4 files changed, 144 insertions(+), 13 deletions(-) --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -1,8 +1,12 @@ +#ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG +#include <linux/bootmem.h> +#endif #include <linux/cpu.h> #include <linux/kexec.h> #include <xen/features.h> #include <xen/page.h> +#include <xen/interface/memory.h> #include <asm/xen/hypercall.h> #include <asm/xen/hypervisor.h> @@ -331,3 +335,80 @@ void xen_arch_unregister_cpu(int num) } EXPORT_SYMBOL(xen_arch_unregister_cpu); #endif + +#ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG +void __init arch_xen_balloon_init(struct resource *hostmem_resource) +{ + struct xen_memory_map memmap; + int rc; + unsigned int i, last_guest_ram; + phys_addr_t max_addr = PFN_PHYS(max_pfn); + struct e820_table *xen_e820_table; + const struct e820_entry *entry; + struct resource *res; + + if (!xen_initial_domain()) + return; + + xen_e820_table = kmalloc(sizeof(*xen_e820_table), GFP_KERNEL); + if (!xen_e820_table) + return; + + memmap.nr_entries = ARRAY_SIZE(xen_e820_table->entries); + set_xen_guest_handle(memmap.buffer, xen_e820_table->entries); + rc = HYPERVISOR_memory_op(XENMEM_machine_memory_map, &memmap); + if (rc) { + pr_warn("%s: Can't read host e820 (%d)\n", __func__, rc); + goto out; + } + + last_guest_ram = 0; + for (i = 0; i < memmap.nr_entries; i++) { + if (xen_e820_table->entries[i].addr >= max_addr) + break; + if (xen_e820_table->entries[i].type == E820_TYPE_RAM) + last_guest_ram = i; + } + + entry = &xen_e820_table->entries[last_guest_ram]; + if (max_addr >= entry->addr + entry->size) + goto out; /* No unallocated host RAM. */ + + hostmem_resource->start = max_addr; + hostmem_resource->end = entry->addr + entry->size; + + /* + * Mark non-RAM regions between the end of dom0 RAM and end of host RAM + * as unavailable. The rest of that region can be used for hotplug-based + * ballooning. + */ + for (; i < memmap.nr_entries; i++) { + entry = &xen_e820_table->entries[i]; + + if (entry->type == E820_TYPE_RAM) + continue; + + if (entry->addr >= hostmem_resource->end) + break; + + res = kzalloc(sizeof(*res), GFP_KERNEL); + if (!res) + goto out; + + res->name = "Unavailable host RAM"; + res->start = entry->addr; + res->end = (entry->addr + entry->size < hostmem_resource->end) ? + entry->addr + entry->size : hostmem_resource->end; + rc = insert_resource(hostmem_resource, res); + if (rc) { + pr_warn("%s: Can't insert [%llx - %llx) (%d)\n", + __func__, res->start, res->end, rc); + kfree(res); + goto out; + } + } + + out: + kfree(xen_e820_table); +} +#endif /* CONFIG_XEN_BALLOON_MEMORY_HOTPLUG */ --- a/arch/x86/xen/setup.c +++ b/arch/x86/xen/setup.c @@ -808,7 +808,6 @@ char * __init xen_memory_setup(void) addr = xen_e820_table.entries[0].addr; size = xen_e820_table.entries[0].size; while (i < xen_e820_table.nr_entries) { - bool discard = false; chunk_size = size; type = xen_e820_table.entries[i].type; @@ -824,11 +823,10 @@ char * __init xen_memory_setup(void) xen_add_extra_mem(pfn_s, n_pfns); xen_max_p2m_pfn = pfn_s + n_pfns; } else - discard = true; + type = E820_TYPE_UNUSABLE; } - if (!discard) - xen_align_and_add_e820_region(addr, chunk_size, type); + xen_align_and_add_e820_region(addr, chunk_size, type); addr += chunk_size; size -= chunk_size; --- a/drivers/xen/balloon.c +++ b/drivers/xen/balloon.c @@ -257,10 +257,25 @@ static void release_memory_resource(stru kfree(resource); } +/* + * Host memory not allocated to dom0. We can use this range for hotplug-based + * ballooning. + * + * It's a type-less resource. Setting IORESOURCE_MEM will make resource + * management algorithms (arch_remove_reservations()) look into guest e820, + * which we don't want. + */ +static struct resource hostmem_resource = { + .name = "Host RAM", +}; + +void __attribute__((weak)) __init arch_xen_balloon_init(struct resource *res) +{} + static struct resource *additional_memory_resource(phys_addr_t size) { - struct resource *res; - int ret; + struct resource *res, *res_hostmem; + int ret = -ENOMEM; res = kzalloc(sizeof(*res), GFP_KERNEL); if (!res) @@ -269,13 +284,42 @@ static struct resource *additional_memor res->name = "System RAM"; res->flags = IORESOURCE_SYSTEM_RAM | IORESOURCE_BUSY; - ret = allocate_resource(&iomem_resource, res, - size, 0, -1, - PAGES_PER_SECTION * PAGE_SIZE, NULL, NULL); - if (ret < 0) { - pr_err("Cannot allocate new System RAM resource\n"); - kfree(res); - return NULL; + res_hostmem = kzalloc(sizeof(*res), GFP_KERNEL); + if (res_hostmem) { + /* Try to grab a range from hostmem */ + res_hostmem->name = "Host memory"; + ret = allocate_resource(&hostmem_resource, res_hostmem, + size, 0, -1, + PAGES_PER_SECTION * PAGE_SIZE, NULL, NULL); + } + + if (!ret) { + /* + * Insert this resource into iomem. Because hostmem_resource + * tracks portion of guest e820 marked as UNUSABLE noone else + * should try to use it. + */ + res->start = res_hostmem->start; + res->end = res_hostmem->end; + ret = insert_resource(&iomem_resource, res); + if (ret < 0) { + pr_err("Can't insert iomem_resource [%llx - %llx]\n", + res->start, res->end); + release_memory_resource(res_hostmem); + res_hostmem = NULL; + res->start = res->end = 0; + } + } + + if (ret) { + ret = allocate_resource(&iomem_resource, res, + size, 0, -1, + PAGES_PER_SECTION * PAGE_SIZE, NULL, NULL); + if (ret < 0) { + pr_err("Cannot allocate new System RAM resource\n"); + kfree(res); + return NULL; + } } #ifdef CONFIG_SPARSEMEM @@ -287,6 +331,7 @@ static struct resource *additional_memor pr_err("New System RAM resource outside addressable RAM (%lu > %lu)\n", pfn, limit); release_memory_resource(res); + release_memory_resource(res_hostmem); return NULL; } } @@ -765,6 +810,8 @@ static int __init balloon_init(void) set_online_page_callback(&xen_online_page); register_memory_notifier(&xen_memory_nb); register_sysctl_table(xen_root); + + arch_xen_balloon_init(&hostmem_resource); #endif #ifdef CONFIG_XEN_PV --- a/include/xen/balloon.h +++ b/include/xen/balloon.h @@ -44,3 +44,8 @@ static inline void xen_balloon_init(void { } #endif + +#ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG +struct resource; +void arch_xen_balloon_init(struct resource *hostmem_resource); +#endif Patches currently in stable-queue which might be from boris.ostrovsky(a)oracle.com are queue-4.14/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-4.14/xen-balloon-mark-unallocated-host-memory-as-unusable.patch queue-4.14/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch queue-4.14/x86-64-xen-eliminate-w-x-mappings.patch queue-4.14/xen-netfront-enable-device-after-manual-module-load.patch

7 years, 2 months

1
0
0 0

Patch "x86/stacktrace: Make zombie stack traces reliable" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/stacktrace: Make zombie stack traces reliable to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-stacktrace-make-zombie-stack-traces-reliable.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Josh Poimboeuf <jpoimboe(a)redhat.com> Date: Mon, 18 Dec 2017 15:13:44 -0600 Subject: x86/stacktrace: Make zombie stack traces reliable From: Josh Poimboeuf <jpoimboe(a)redhat.com> [ Upstream commit 6454b3bdd138dfc640deb5e7b9a0668fca2d55dd ] Commit: 1959a60182f4 ("x86/dumpstack: Pin the target stack when dumping it") changed the behavior of stack traces for zombies. Before that commit, /proc/<pid>/stack reported the last execution path of the zombie before it died: [<ffffffff8105b877>] do_exit+0x6f7/0xa80 [<ffffffff8105bc79>] do_group_exit+0x39/0xa0 [<ffffffff8105bcf0>] __wake_up_parent+0x0/0x30 [<ffffffff8152dd09>] system_call_fastpath+0x16/0x1b [<00007fd128f9c4f9>] 0x7fd128f9c4f9 [<ffffffffffffffff>] 0xffffffffffffffff After the commit, it just reports an empty stack trace. The new behavior is actually probably more correct. If the stack refcount has gone down to zero, then the task has already gone through do_exit() and isn't going to run anymore. The stack could be freed at any time and is basically gone, so reporting an empty stack makes sense. However, save_stack_trace_tsk_reliable() treats such a missing stack condition as an error. That can cause livepatch transition stalls if there are any unreaped zombies. Instead, just treat it as a reliable, empty stack. Reported-and-tested-by: Miroslav Benes <mbenes(a)suse.cz> Signed-off-by: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: live-patching(a)vger.kernel.org Fixes: af085d9084b4 ("stacktrace/x86: add function for detecting reliable stack traces") Link: http://lkml.kernel.org/r/e4b09e630e99d0c1080528f0821fc9d9dbaeea82.151363162… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/stacktrace.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/stacktrace.c +++ b/arch/x86/kernel/stacktrace.c @@ -160,8 +160,12 @@ int save_stack_trace_tsk_reliable(struct { int ret; + /* + * If the task doesn't have a stack (e.g., a zombie), the stack is + * "reliably" empty. + */ if (!try_get_task_stack(tsk)) - return -EINVAL; + return 0; ret = __save_stack_trace_reliable(trace, tsk); Patches currently in stable-queue which might be from jpoimboe(a)redhat.com are queue-4.14/x86-asm-allow-again-using-asm.h-when-building-for-the-bpf-clang-target.patch queue-4.14/x86-stacktrace-make-zombie-stack-traces-reliable.patch

7 years, 2 months

1
0
0 0

Patch "x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const"" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-platform-intel-mid-revert-make-bt_sfi_data-const.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Date: Thu, 28 Dec 2017 14:25:23 +0200 Subject: x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" From: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> [ Upstream commit 9d0513d82f1a8fe17b41f113ac5922fa57dbaf5c ] So one of the constification patches unearthed a type casting fragility of the underlying code: 276c87054751 ("x86/platform/intel-mid: Make 'bt_sfi_data' const") converted the struct to be const while it is also used as a temporary container for important data that is used to fill 'parent' and 'name' fields in struct platform_device_info. The compiler doesn't notice this due to an explicit type cast that loses the const - which fragility will be fixed separately. This type cast turned a seemingly trivial const propagation patch into a hard to debug data corruptor and crasher bug. Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bhumika Goyal <bhumirks(a)gmail.com> Cc: Darren Hart <dvhart(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: julia.lawall(a)lip6.fr Cc: platform-driver-x86(a)vger.kernel.org Link: http://lkml.kernel.org/r/20171228122523.21802-1-andriy.shevchenko@linux.int… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/platform/intel-mid/device_libs/platform_bt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/platform/intel-mid/device_libs/platform_bt.c +++ b/arch/x86/platform/intel-mid/device_libs/platform_bt.c @@ -60,7 +60,7 @@ static int __init tng_bt_sfi_setup(struc return 0; } -static const struct bt_sfi_data tng_bt_sfi_data __initdata = { +static struct bt_sfi_data tng_bt_sfi_data __initdata = { .setup = tng_bt_sfi_setup, }; Patches currently in stable-queue which might be from andriy.shevchenko(a)linux.intel.com are queue-4.14/x86-platform-intel-mid-revert-make-bt_sfi_data-const.patch queue-4.14/genirq-guard-handle_bad_irq-log-messages.patch

7 years, 2 months

1
0
0 0

Patch "x86/efi: Fix kernel param add_efi_memmap regression" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/efi: Fix kernel param add_efi_memmap regression to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-efi-fix-kernel-param-add_efi_memmap-regression.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Dave Young <dyoung(a)redhat.com> Date: Tue, 2 Jan 2018 17:21:09 +0000 Subject: x86/efi: Fix kernel param add_efi_memmap regression From: Dave Young <dyoung(a)redhat.com> [ Upstream commit 835bcec5fdf3f9e880111b482177e7e70e3596da ] 'add_efi_memmap' is an early param, but do_add_efi_memmap() has no chance to run because the code path is before parse_early_param(). I believe it worked when the param was introduced but probably later some other changes caused the wrong order and nobody noticed it. Move efi_memblock_x86_reserve_range() after parse_early_param() to fix it. Signed-off-by: Dave Young <dyoung(a)redhat.com> Signed-off-by: Matt Fleming <matt(a)codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: Bryan O'Donoghue <pure.logic(a)nexus-software.ie> Cc: Ge Song <ge.song(a)hxt-semitech.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: linux-efi(a)vger.kernel.org Link: http://lkml.kernel.org/r/20180102172110.17018-2-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/setup.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -928,9 +928,6 @@ void __init setup_arch(char **cmdline_p) set_bit(EFI_BOOT, &efi.flags); set_bit(EFI_64BIT, &efi.flags); } - - if (efi_enabled(EFI_BOOT)) - efi_memblock_x86_reserve_range(); #endif x86_init.oem.arch_setup(); @@ -984,6 +981,8 @@ void __init setup_arch(char **cmdline_p) parse_early_param(); + if (efi_enabled(EFI_BOOT)) + efi_memblock_x86_reserve_range(); #ifdef CONFIG_MEMORY_HOTPLUG /* * Memory used by the kernel cannot be hot-removed because Linux Patches currently in stable-queue which might be from dyoung(a)redhat.com are queue-4.14/x86-efi-fix-kernel-param-add_efi_memmap-regression.patch

7 years, 2 months

1
0
0 0

Patch "x86/asm: Allow again using asm.h when building for the 'bpf' clang target" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/asm: Allow again using asm.h when building for the 'bpf' clang target to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-asm-allow-again-using-asm.h-when-building-for-the-bpf-clang-target.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Arnaldo Carvalho de Melo <acme(a)redhat.com> Date: Mon, 4 Dec 2017 13:08:47 -0300 Subject: x86/asm: Allow again using asm.h when building for the 'bpf' clang target From: Arnaldo Carvalho de Melo <acme(a)redhat.com> [ Upstream commit ca26cffa4e4aaeb09bb9e308f95c7835cb149248 ] Up to f5caf621ee35 ("x86/asm: Fix inline asm call constraints for Clang") we were able to use x86 headers to build to the 'bpf' clang target, as done by the BPF code in tools/perf/. With that commit, we ended up with following failure for 'perf test LLVM', this is because "clang ... -target bpf ..." fails since 4.0 does not have bpf inline asm support and 6.0 does not recognize the register 'esp', fix it by guarding that part with an #ifndef __BPF__, that is defined by clang when building to the "bpf" target. # perf test -v LLVM 37: LLVM search and compile : 37.1: Basic BPF llvm compile : --- start --- test child forked, pid 25526 Kernel build dir is set to /lib/modules/4.14.0+/build set env: KBUILD_DIR=/lib/modules/4.14.0+/build unset env: KBUILD_OPTS include option is set to -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/7/include -I/home/acme/git/linux/arch/x86/include -I./arch/x86/include/generated -I/home/acme/git/linux/include -I./include -I/home/acme/git/linux/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/acme/git/linux/include/uapi -I./include/generated/uapi -include /home/acme/git/linux/include/linux/kconfig.h set env: NR_CPUS=4 set env: LINUX_VERSION_CODE=0x40e00 set env: CLANG_EXEC=/usr/local/bin/clang set env: CLANG_OPTIONS=-xc set env: KERNEL_INC_OPTIONS= -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/7/include -I/home/acme/git/linux/arch/x86/include -I./arch/x86/include/generated -I/home/acme/git/linux/include -I./include -I/home/acme/git/linux/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/acme/git/linux/include/uapi -I./include/generated/uapi -include /home/acme/git/linux/include/linux/kconfig.h set env: WORKING_DIR=/lib/modules/4.14.0+/build set env: CLANG_SOURCE=- llvm compiling command template: echo '/* * bpf-script-example.c * Test basic LLVM building */ #ifndef LINUX_VERSION_CODE # error Need LINUX_VERSION_CODE # error Example: for 4.2 kernel, put 'clang-opt="-DLINUX_VERSION_CODE=0x40200" into llvm section of ~/.perfconfig' #endif #define BPF_ANY 0 #define BPF_MAP_TYPE_ARRAY 2 #define BPF_FUNC_map_lookup_elem 1 #define BPF_FUNC_map_update_elem 2 static void *(*bpf_map_lookup_elem)(void *map, void *key) = (void *) BPF_FUNC_map_lookup_elem; static void *(*bpf_map_update_elem)(void *map, void *key, void *value, int flags) = (void *) BPF_FUNC_map_update_elem; struct bpf_map_def { unsigned int type; unsigned int key_size; unsigned int value_size; unsigned int max_entries; }; #define SEC(NAME) __attribute__((section(NAME), used)) struct bpf_map_def SEC("maps") flip_table = { .type = BPF_MAP_TYPE_ARRAY, .key_size = sizeof(int), .value_size = sizeof(int), .max_entries = 1, }; SEC("func=SyS_epoll_wait") int bpf_func__SyS_epoll_wait(void *ctx) { int ind =0; int *flag = bpf_map_lookup_elem(&flip_table, &ind); int new_flag; if (!flag) return 0; /* flip flag and store back */ new_flag = !*flag; bpf_map_update_elem(&flip_table, &ind, &new_flag, BPF_ANY); return new_flag; } char _license[] SEC("license") = "GPL"; int _version SEC("version") = LINUX_VERSION_CODE; ' | $CLANG_EXEC -D__KERNEL__ -D__NR_CPUS__=$NR_CPUS -DLINUX_VERSION_CODE=$LINUX_VERSION_CODE $CLANG_OPTIONS $KERNEL_INC_OPTIONS -Wno-unused-value -Wno-pointer-sign -working-directory $WORKING_DIR -c "$CLANG_SOURCE" -target bpf -O2 -o - test child finished with 0 ---- end ---- LLVM search and compile subtest 0: Ok 37.2: kbuild searching : --- start --- test child forked, pid 25950 Kernel build dir is set to /lib/modules/4.14.0+/build set env: KBUILD_DIR=/lib/modules/4.14.0+/build unset env: KBUILD_OPTS include option is set to -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/7/include -I/home/acme/git/linux/arch/x86/include -I./arch/x86/include/generated -I/home/acme/git/linux/include -I./include -I/home/acme/git/linux/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/acme/git/linux/include/uapi -I./include/generated/uapi -include /home/acme/git/linux/include/linux/kconfig.h set env: NR_CPUS=4 set env: LINUX_VERSION_CODE=0x40e00 set env: CLANG_EXEC=/usr/local/bin/clang set env: CLANG_OPTIONS=-xc set env: KERNEL_INC_OPTIONS= -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/7/include -I/home/acme/git/linux/arch/x86/include -I./arch/x86/include/generated -I/home/acme/git/linux/include -I./include -I/home/acme/git/linux/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/acme/git/linux/include/uapi -I./include/generated/uapi -include /home/acme/git/linux/include/linux/kconfig.h set env: WORKING_DIR=/lib/modules/4.14.0+/build set env: CLANG_SOURCE=- llvm compiling command template: echo '/* * bpf-script-test-kbuild.c * Test include from kernel header */ #ifndef LINUX_VERSION_CODE # error Need LINUX_VERSION_CODE # error Example: for 4.2 kernel, put 'clang-opt="-DLINUX_VERSION_CODE=0x40200" into llvm section of ~/.perfconfig' #endif #define SEC(NAME) __attribute__((section(NAME), used)) #include <uapi/linux/fs.h> #include <uapi/asm/ptrace.h> SEC("func=vfs_llseek") int bpf_func__vfs_llseek(void *ctx) { return 0; } char _license[] SEC("license") = "GPL"; int _version SEC("version") = LINUX_VERSION_CODE; ' | $CLANG_EXEC -D__KERNEL__ -D__NR_CPUS__=$NR_CPUS -DLINUX_VERSION_CODE=$LINUX_VERSION_CODE $CLANG_OPTIONS $KERNEL_INC_OPTIONS -Wno-unused-value -Wno-pointer-sign -working-directory $WORKING_DIR -c "$CLANG_SOURCE" -target bpf -O2 -o - In file included from <stdin>:12: In file included from /home/acme/git/linux/arch/x86/include/uapi/asm/ptrace.h:5: In file included from /home/acme/git/linux/include/linux/compiler.h:242: In file included from /home/acme/git/linux/arch/x86/include/asm/barrier.h:5: In file included from /home/acme/git/linux/arch/x86/include/asm/alternative.h:10: /home/acme/git/linux/arch/x86/include/asm/asm.h:145:50: error: unknown register name 'esp' in asm register unsigned long current_stack_pointer asm(_ASM_SP); ^ /home/acme/git/linux/arch/x86/include/asm/asm.h:44:18: note: expanded from macro '_ASM_SP' #define _ASM_SP __ASM_REG(sp) ^ /home/acme/git/linux/arch/x86/include/asm/asm.h:27:32: note: expanded from macro '__ASM_REG' #define __ASM_REG(reg) __ASM_SEL_RAW(e##reg, r##reg) ^ /home/acme/git/linux/arch/x86/include/asm/asm.h:18:29: note: expanded from macro '__ASM_SEL_RAW' # define __ASM_SEL_RAW(a,b) __ASM_FORM_RAW(a) ^ /home/acme/git/linux/arch/x86/include/asm/asm.h:11:32: note: expanded from macro '__ASM_FORM_RAW' # define __ASM_FORM_RAW(x) #x ^ <scratch space>:4:1: note: expanded from here "esp" ^ 1 error generated. ERROR: unable to compile - Hint: Check error message shown above. Hint: You can also pre-compile it into .o using: clang -target bpf -O2 -c - with proper -I and -D options. Failed to compile test case: 'kbuild searching' test child finished with -1 ---- end ---- LLVM search and compile subtest 1: FAILED! Cc: Adrian Hunter <adrian.hunter(a)intel.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Alexei Starovoitov <alexei.starovoitov(a)gmail.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Daniel Borkmann <daniel(a)iogearbox.net> Cc: David Ahern <dsahern(a)gmail.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Jiri Olsa <jolsa(a)kernel.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthias Kaehlcke <mka(a)chromium.org> Cc: Miguel Bernal Marin <miguel.bernal.marin(a)linux.intel.com> Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Wang Nan <wangnan0(a)huawei.com> Cc: Yonghong Song <yhs(a)fb.com> Link: https://lkml.kernel.org/r/20171128175948.GL3298@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/asm.h | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/x86/include/asm/asm.h +++ b/arch/x86/include/asm/asm.h @@ -136,6 +136,7 @@ #endif #ifndef __ASSEMBLY__ +#ifndef __BPF__ /* * This output constraint should be used for any inline asm which has a "call" * instruction. Otherwise the asm may be inserted before the frame pointer @@ -145,5 +146,6 @@ register unsigned long current_stack_pointer asm(_ASM_SP); #define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer) #endif +#endif #endif /* _ASM_X86_ASM_H */ Patches currently in stable-queue which might be from acme(a)redhat.com are queue-4.14/x86-asm-allow-again-using-asm.h-when-building-for-the-bpf-clang-target.patch

7 years, 2 months

1
0
0 0

Patch "x86-64/Xen: eliminate W+X mappings" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86-64/Xen: eliminate W+X mappings to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-64-xen-eliminate-w-x-mappings.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Jan Beulich <JBeulich(a)suse.com> Date: Mon, 18 Dec 2017 09:37:45 -0700 Subject: x86-64/Xen: eliminate W+X mappings From: Jan Beulich <JBeulich(a)suse.com> [ Upstream commit 2cc42bac1c795f75fcc062b95c6ca7ac1b84d5d8 ] A few thousand such pages are usually left around due to the re-use of L1 tables having been provided by the hypervisor (Dom0) or tool stack (DomU). Set NX in the direct map variant, which needs to be done in L2 due to the dual use of the re-used L1s. For x86_configure_nx() to actually do what it is supposed to do, call get_cpu_cap() first. This was broken by commit 4763ed4d45 ("x86, mm: Clean up and simplify NX enablement") when switching away from the direct EFER read. Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/xen/enlighten_pv.c | 3 +++ arch/x86/xen/mmu_pv.c | 12 ++++++++++++ 2 files changed, 15 insertions(+) --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -88,6 +88,8 @@ #include "multicalls.h" #include "pmu.h" +#include "../kernel/cpu/cpu.h" /* get_cpu_cap() */ + void *xen_initial_gdt; static int xen_cpu_up_prepare_pv(unsigned int cpu); @@ -1257,6 +1259,7 @@ asmlinkage __visible void __init xen_sta __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ + get_cpu_cap(&boot_cpu_data); x86_configure_nx(); /* Get mfn list */ --- a/arch/x86/xen/mmu_pv.c +++ b/arch/x86/xen/mmu_pv.c @@ -1902,6 +1902,18 @@ void __init xen_setup_kernel_pagetable(p /* Graft it onto L4[511][510] */ copy_page(level2_kernel_pgt, l2); + /* + * Zap execute permission from the ident map. Due to the sharing of + * L1 entries we need to do this in the L2. + */ + if (__supported_pte_mask & _PAGE_NX) { + for (i = 0; i < PTRS_PER_PMD; ++i) { + if (pmd_none(level2_ident_pgt[i])) + continue; + level2_ident_pgt[i] = pmd_set_flags(level2_ident_pgt[i], _PAGE_NX); + } + } + /* Copy the initial P->M table mappings if necessary. */ i = pgd_index(xen_start_info->mfn_list); if (i && i < pgd_index(__START_KERNEL_map)) Patches currently in stable-queue which might be from JBeulich(a)suse.com are queue-4.14/x86-64-xen-eliminate-w-x-mappings.patch

7 years, 2 months

1
0
0 0

Patch "wcn36xx: Fix dynamic power saving" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled wcn36xx: Fix dynamic power saving to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: wcn36xx-fix-dynamic-power-saving.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Loic Poulain <loic.poulain(a)linaro.org> Date: Mon, 11 Dec 2017 09:52:22 +0100 Subject: wcn36xx: Fix dynamic power saving From: Loic Poulain <loic.poulain(a)linaro.org> [ Upstream commit 0856655a25476d4431005e39d606e349050066b0 ] Since driver does not report hardware dynamic power saving cap, this is up to the mac80211 to manage power saving timeout and state machine, using the ieee80211 config callback to report PS changes. This patch enables/disables PS mode according to the new configuration. Remove old behaviour enabling PS mode in a static way, this make the device unusable when power save is enabled since device is forced to PS regardless RX/TX traffic. Acked-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Signed-off-by: Loic Poulain <loic.poulain(a)linaro.org> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/ath/wcn36xx/main.c | 23 ++++++++++++----------- drivers/net/wireless/ath/wcn36xx/pmc.c | 6 ++++-- 2 files changed, 16 insertions(+), 13 deletions(-) --- a/drivers/net/wireless/ath/wcn36xx/main.c +++ b/drivers/net/wireless/ath/wcn36xx/main.c @@ -384,6 +384,18 @@ static int wcn36xx_config(struct ieee802 } } + if (changed & IEEE80211_CONF_CHANGE_PS) { + list_for_each_entry(tmp, &wcn->vif_list, list) { + vif = wcn36xx_priv_to_vif(tmp); + if (hw->conf.flags & IEEE80211_CONF_PS) { + if (vif->bss_conf.ps) /* ps allowed ? */ + wcn36xx_pmc_enter_bmps_state(wcn, vif); + } else { + wcn36xx_pmc_exit_bmps_state(wcn, vif); + } + } + } + mutex_unlock(&wcn->conf_mutex); return 0; @@ -747,17 +759,6 @@ static void wcn36xx_bss_info_changed(str vif_priv->dtim_period = bss_conf->dtim_period; } - if (changed & BSS_CHANGED_PS) { - wcn36xx_dbg(WCN36XX_DBG_MAC, - "mac bss PS set %d\n", - bss_conf->ps); - if (bss_conf->ps) { - wcn36xx_pmc_enter_bmps_state(wcn, vif); - } else { - wcn36xx_pmc_exit_bmps_state(wcn, vif); - } - } - if (changed & BSS_CHANGED_BSSID) { wcn36xx_dbg(WCN36XX_DBG_MAC, "mac bss changed_bssid %pM\n", bss_conf->bssid); --- a/drivers/net/wireless/ath/wcn36xx/pmc.c +++ b/drivers/net/wireless/ath/wcn36xx/pmc.c @@ -45,8 +45,10 @@ int wcn36xx_pmc_exit_bmps_state(struct w struct wcn36xx_vif *vif_priv = wcn36xx_vif_to_priv(vif); if (WCN36XX_BMPS != vif_priv->pw_state) { - wcn36xx_err("Not in BMPS mode, no need to exit from BMPS mode!\n"); - return -EINVAL; + /* Unbalanced call or last BMPS enter failed */ + wcn36xx_dbg(WCN36XX_DBG_PMC, + "Not in BMPS mode, no need to exit\n"); + return -EALREADY; } wcn36xx_smd_exit_bmps(wcn, vif); vif_priv->pw_state = WCN36XX_FULL_POWER; Patches currently in stable-queue which might be from loic.poulain(a)linaro.org are queue-4.14/wcn36xx-fix-dynamic-power-saving.patch

7 years, 2 months

1
0
0 0

Patch "vxlan: update skb dst pmtu on tx path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vxlan: update skb dst pmtu on tx path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vxlan-update-skb-dst-pmtu-on-tx-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 18 Dec 2017 14:20:56 +0800 Subject: vxlan: update skb dst pmtu on tx path From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit a93bf0ff449064e6b7f44e58522e940f88c0d966 ] Unlike ip tunnels, now vxlan doesn't do any pmtu update for upper dst pmtu, even if it doesn't match the lower dst pmtu any more. The problem can be reproduced when reducing the vxlan lower dev's pmtu when running netperf. In jianlin's testing, the performance went to 1/7 of the previous. This patch is to update the upper dst pmtu to match the lower dst pmtu on tx path so that packets can be sent out even when lower dev's pmtu has been changed. It also works for metadata dst. Note that this patch doesn't process any pmtu icmp packet. But even in the future, the support for pmtu icmp packets process of udp tunnels will also needs this. The same thing will be done for geneve in another patch. Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/vxlan.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -2155,6 +2155,13 @@ static void vxlan_xmit_one(struct sk_buf } ndst = &rt->dst; + if (skb_dst(skb)) { + int mtu = dst_mtu(ndst) - VXLAN_HEADROOM; + + skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, + skb, mtu); + } + tos = ip_tunnel_ecn_encap(tos, old_iph, skb); ttl = ttl ? : ip4_dst_hoplimit(&rt->dst); err = vxlan_build_skb(skb, ndst, sizeof(struct iphdr), @@ -2190,6 +2197,13 @@ static void vxlan_xmit_one(struct sk_buf goto out_unlock; } + if (skb_dst(skb)) { + int mtu = dst_mtu(ndst) - VXLAN6_HEADROOM; + + skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, + skb, mtu); + } + tos = ip_tunnel_ecn_encap(tos, old_iph, skb); ttl = ttl ? : ip6_dst_hoplimit(ndst); skb_scrub_packet(skb, xnet); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch queue-4.14/vxlan-update-skb-dst-pmtu-on-tx-path.patch queue-4.14/ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "uapi libc compat: add fallback for unsupported libcs" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled uapi libc compat: add fallback for unsupported libcs to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: uapi-libc-compat-add-fallback-for-unsupported-libcs.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Felix Janda <felix.janda(a)posteo.de> Date: Mon, 1 Jan 2018 19:33:20 +0100 Subject: uapi libc compat: add fallback for unsupported libcs From: Felix Janda <felix.janda(a)posteo.de> [ Upstream commit c0bace798436bca0fdc221ff61143f1376a9c3de ] libc-compat.h aims to prevent symbol collisions between uapi and libc headers for each supported libc. This requires continuous coordination between them. The goal of this commit is to improve the situation for libcs (such as musl) which are not yet supported and/or do not wish to be explicitly supported, while not affecting supported libcs. More precisely, with this commit, unsupported libcs can request the suppression of any specific uapi definition by defining the correspondings _UAPI_DEF_* macro as 0. This can fix symbol collisions for them, as long as the libc headers are included before the uapi headers. Inclusion in the other order is outside the scope of this commit. All infrastructure in order to enable this fallback for unsupported libcs is already in place, except that libc-compat.h unconditionally defines all _UAPI_DEF_* macros to 1 for all unsupported libcs so that any previous definitions are ignored. In order to fix this, this commit merely makes these definitions conditional. This commit together with the musl libc commit http://git.musl-libc.org/cgit/musl/commit/?id=04983f2272382af92eb8f8838964f… fixes for example the following compiler errors when <linux/in6.h> is included after musl's <netinet/in.h>: ./linux/in6.h:32:8: error: redefinition of 'struct in6_addr' ./linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6' ./linux/in6.h:59:8: error: redefinition of 'struct ipv6_mreq' The comments referencing glibc are still correct, but this file is not only used for glibc any more. Signed-off-by: Felix Janda <felix.janda(a)posteo.de> Reviewed-by: Hauke Mehrtens <hauke(a)hauke-m.de> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/uapi/linux/libc-compat.h | 55 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) --- a/include/uapi/linux/libc-compat.h +++ b/include/uapi/linux/libc-compat.h @@ -168,46 +168,99 @@ /* If we did not see any headers from any supported C libraries, * or we are being included in the kernel, then define everything - * that we need. */ + * that we need. Check for previous __UAPI_* definitions to give + * unsupported C libraries a way to opt out of any kernel definition. */ #else /* !defined(__GLIBC__) */ /* Definitions for if.h */ +#ifndef __UAPI_DEF_IF_IFCONF #define __UAPI_DEF_IF_IFCONF 1 +#endif +#ifndef __UAPI_DEF_IF_IFMAP #define __UAPI_DEF_IF_IFMAP 1 +#endif +#ifndef __UAPI_DEF_IF_IFNAMSIZ #define __UAPI_DEF_IF_IFNAMSIZ 1 +#endif +#ifndef __UAPI_DEF_IF_IFREQ #define __UAPI_DEF_IF_IFREQ 1 +#endif /* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */ +#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS #define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1 +#endif /* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */ +#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO #define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1 +#endif /* Definitions for in.h */ +#ifndef __UAPI_DEF_IN_ADDR #define __UAPI_DEF_IN_ADDR 1 +#endif +#ifndef __UAPI_DEF_IN_IPPROTO #define __UAPI_DEF_IN_IPPROTO 1 +#endif +#ifndef __UAPI_DEF_IN_PKTINFO #define __UAPI_DEF_IN_PKTINFO 1 +#endif +#ifndef __UAPI_DEF_IP_MREQ #define __UAPI_DEF_IP_MREQ 1 +#endif +#ifndef __UAPI_DEF_SOCKADDR_IN #define __UAPI_DEF_SOCKADDR_IN 1 +#endif +#ifndef __UAPI_DEF_IN_CLASS #define __UAPI_DEF_IN_CLASS 1 +#endif /* Definitions for in6.h */ +#ifndef __UAPI_DEF_IN6_ADDR #define __UAPI_DEF_IN6_ADDR 1 +#endif +#ifndef __UAPI_DEF_IN6_ADDR_ALT #define __UAPI_DEF_IN6_ADDR_ALT 1 +#endif +#ifndef __UAPI_DEF_SOCKADDR_IN6 #define __UAPI_DEF_SOCKADDR_IN6 1 +#endif +#ifndef __UAPI_DEF_IPV6_MREQ #define __UAPI_DEF_IPV6_MREQ 1 +#endif +#ifndef __UAPI_DEF_IPPROTO_V6 #define __UAPI_DEF_IPPROTO_V6 1 +#endif +#ifndef __UAPI_DEF_IPV6_OPTIONS #define __UAPI_DEF_IPV6_OPTIONS 1 +#endif +#ifndef __UAPI_DEF_IN6_PKTINFO #define __UAPI_DEF_IN6_PKTINFO 1 +#endif +#ifndef __UAPI_DEF_IP6_MTUINFO #define __UAPI_DEF_IP6_MTUINFO 1 +#endif /* Definitions for ipx.h */ +#ifndef __UAPI_DEF_SOCKADDR_IPX #define __UAPI_DEF_SOCKADDR_IPX 1 +#endif +#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION #define __UAPI_DEF_IPX_ROUTE_DEFINITION 1 +#endif +#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION #define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1 +#endif +#ifndef __UAPI_DEF_IPX_CONFIG_DATA #define __UAPI_DEF_IPX_CONFIG_DATA 1 +#endif +#ifndef __UAPI_DEF_IPX_ROUTE_DEF #define __UAPI_DEF_IPX_ROUTE_DEF 1 +#endif /* Definitions for xattr.h */ +#ifndef __UAPI_DEF_XATTR #define __UAPI_DEF_XATTR 1 +#endif #endif /* __GLIBC__ */ Patches currently in stable-queue which might be from felix.janda(a)posteo.de are queue-4.14/uapi-libc-compat-add-fallback-for-unsupported-libcs.patch

7 years, 2 months

1
0
0 0

Patch "tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tipc-fix-tipc_mon_delete-oops-in-tipc_enable_bearer-error-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Tommi Rantala <tommi.t.rantala(a)nokia.com> Date: Fri, 22 Dec 2017 09:35:17 +0200 Subject: tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path From: Tommi Rantala <tommi.t.rantala(a)nokia.com> [ Upstream commit 642a8439ddd8423b92f2e71960afe21ee1f66bb6 ] Calling tipc_mon_delete() before the monitor has been created will oops. This can happen in tipc_enable_bearer() error path if tipc_disc_create() fails. [ 48.589074] BUG: unable to handle kernel paging request at 0000000000001008 [ 48.590266] IP: tipc_mon_delete+0xea/0x270 [tipc] [ 48.591223] PGD 1e60c5067 P4D 1e60c5067 PUD 1eb0cf067 PMD 0 [ 48.592230] Oops: 0000 [#1] SMP KASAN [ 48.595610] CPU: 5 PID: 1199 Comm: tipc Tainted: G B 4.15.0-rc4-pc64-dirty #5 [ 48.597176] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014 [ 48.598489] RIP: 0010:tipc_mon_delete+0xea/0x270 [tipc] [ 48.599347] RSP: 0018:ffff8801d827f668 EFLAGS: 00010282 [ 48.600705] RAX: ffff8801ee813f00 RBX: 0000000000000204 RCX: 0000000000000000 [ 48.602183] RDX: 1ffffffff1de6a75 RSI: 0000000000000297 RDI: 0000000000000297 [ 48.604373] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff1dd1533 [ 48.605607] R10: ffffffff8eafbb05 R11: fffffbfff1dd1534 R12: 0000000000000050 [ 48.607082] R13: dead000000000200 R14: ffffffff8e73f310 R15: 0000000000001020 [ 48.608228] FS: 00007fc686484800(0000) GS:ffff8801f5540000(0000) knlGS:0000000000000000 [ 48.610189] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.611459] CR2: 0000000000001008 CR3: 00000001dda70002 CR4: 00000000003606e0 [ 48.612759] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.613831] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.615038] Call Trace: [ 48.615635] tipc_enable_bearer+0x415/0x5e0 [tipc] [ 48.620623] tipc_nl_bearer_enable+0x1ab/0x200 [tipc] [ 48.625118] genl_family_rcv_msg+0x36b/0x570 [ 48.631233] genl_rcv_msg+0x5a/0xa0 [ 48.631867] netlink_rcv_skb+0x1cc/0x220 [ 48.636373] genl_rcv+0x24/0x40 [ 48.637306] netlink_unicast+0x29c/0x350 [ 48.639664] netlink_sendmsg+0x439/0x590 [ 48.642014] SYSC_sendto+0x199/0x250 [ 48.649912] do_syscall_64+0xfd/0x2c0 [ 48.650651] entry_SYSCALL64_slow_path+0x25/0x25 [ 48.651843] RIP: 0033:0x7fc6859848e3 [ 48.652539] RSP: 002b:00007ffd25dff938 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 48.654003] RAX: ffffffffffffffda RBX: 00007ffd25dff990 RCX: 00007fc6859848e3 [ 48.655303] RDX: 0000000000000054 RSI: 00007ffd25dff990 RDI: 0000000000000003 [ 48.656512] RBP: 00007ffd25dff980 R08: 00007fc685c35fc0 R09: 000000000000000c [ 48.657697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000d13010 [ 48.658840] R13: 00007ffd25e009c0 R14: 0000000000000000 R15: 0000000000000000 [ 48.662972] RIP: tipc_mon_delete+0xea/0x270 [tipc] RSP: ffff8801d827f668 [ 48.664073] CR2: 0000000000001008 [ 48.664576] ---[ end trace e811818d54d5ce88 ]--- Acked-by: Ying Xue <ying.xue(a)windriver.com> Acked-by: Jon Maloy <jon.maloy(a)ericsson.com> Signed-off-by: Tommi Rantala <tommi.t.rantala(a)nokia.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/tipc/monitor.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/net/tipc/monitor.c +++ b/net/tipc/monitor.c @@ -633,9 +633,13 @@ void tipc_mon_delete(struct net *net, in { struct tipc_net *tn = tipc_net(net); struct tipc_monitor *mon = tipc_monitor(net, bearer_id); - struct tipc_peer *self = get_self(net, bearer_id); + struct tipc_peer *self; struct tipc_peer *peer, *tmp; + if (!mon) + return; + + self = get_self(net, bearer_id); write_lock_bh(&mon->lock); tn->monitors[bearer_id] = NULL; list_for_each_entry_safe(peer, tmp, &self->list, list) { Patches currently in stable-queue which might be from tommi.t.rantala(a)nokia.com are queue-4.14/perf-x86-intel-plug-memory-leak-in-intel_pmu_init.patch queue-4.14/tipc-error-path-leak-fixes-in-tipc_enable_bearer.patch queue-4.14/tipc-fix-tipc_mon_delete-oops-in-tipc_enable_bearer-error-path.patch

7 years, 2 months

1
0
0 0

Patch "tipc: error path leak fixes in tipc_enable_bearer()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tipc: error path leak fixes in tipc_enable_bearer() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tipc-error-path-leak-fixes-in-tipc_enable_bearer.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Tommi Rantala <tommi.t.rantala(a)nokia.com> Date: Fri, 22 Dec 2017 09:35:16 +0200 Subject: tipc: error path leak fixes in tipc_enable_bearer() From: Tommi Rantala <tommi.t.rantala(a)nokia.com> [ Upstream commit 19142551b2be4a9e13838099fde1351386e5e007 ] Fix memory leak in tipc_enable_bearer() if enable_media() fails, and cleanup with bearer_disable() if tipc_mon_create() fails. Acked-by: Ying Xue <ying.xue(a)windriver.com> Acked-by: Jon Maloy <jon.maloy(a)ericsson.com> Signed-off-by: Tommi Rantala <tommi.t.rantala(a)nokia.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/tipc/bearer.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/net/tipc/bearer.c +++ b/net/tipc/bearer.c @@ -324,6 +324,7 @@ restart: if (res) { pr_warn("Bearer <%s> rejected, enable failure (%d)\n", name, -res); + kfree(b); return -EINVAL; } @@ -347,8 +348,10 @@ restart: if (skb) tipc_bearer_xmit_skb(net, bearer_id, skb, &b->bcast_addr); - if (tipc_mon_create(net, bearer_id)) + if (tipc_mon_create(net, bearer_id)) { + bearer_disable(net, b); return -ENOMEM; + } pr_info("Enabled bearer <%s>, discovery domain %s, priority %u\n", name, Patches currently in stable-queue which might be from tommi.t.rantala(a)nokia.com are queue-4.14/perf-x86-intel-plug-memory-leak-in-intel_pmu_init.patch queue-4.14/tipc-error-path-leak-fixes-in-tipc_enable_bearer.patch queue-4.14/tipc-fix-tipc_mon_delete-oops-in-tipc_enable_bearer-error-path.patch

7 years, 2 months

1
0
0 0

Patch "tg3: Enable PHY reset in MTU change path for 5720" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tg3: Enable PHY reset in MTU change path for 5720 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Date: Fri, 22 Dec 2017 16:05:29 +0530 Subject: tg3: Enable PHY reset in MTU change path for 5720 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> [ Upstream commit e60ee41aaf898584205a6af5c996860d0fe6a836 ] A customer noticed RX path hang when MTU is changed on the fly while running heavy traffic with NCSI enabled for 5717 and 5719. Since 5720 belongs to same ASIC family, we observed same issue and same fix could solve this problem for 5720. Signed-off-by: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/tg3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c @@ -14239,7 +14239,8 @@ static int tg3_change_mtu(struct net_dev */ if (tg3_asic_rev(tp) == ASIC_REV_57766 || tg3_asic_rev(tp) == ASIC_REV_5717 || - tg3_asic_rev(tp) == ASIC_REV_5719) + tg3_asic_rev(tp) == ASIC_REV_5719 || + tg3_asic_rev(tp) == ASIC_REV_5720) reset_phy = true; err = tg3_restart_hw(tp, reset_phy); Patches currently in stable-queue which might be from siva.kallam(a)broadcom.com are queue-4.14/tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch queue-4.14/tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch

7 years, 2 months

1
0
0 0

Patch "tg3: Add workaround to restrict 5762 MRRS to 2048" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tg3: Add workaround to restrict 5762 MRRS to 2048 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Date: Fri, 22 Dec 2017 16:05:28 +0530 Subject: tg3: Add workaround to restrict 5762 MRRS to 2048 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> [ Upstream commit 4419bb1cedcda0272e1dc410345c5a1d1da0e367 ] One of AMD based server with 5762 hangs with jumbo frame traffic. This AMD platform has southbridge limitation which is restricting MRRS to 4000. As a work around, driver to restricts the MRRS to 2048 for this particular 5762 NX1 card. Signed-off-by: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/tg3.c | 10 ++++++++++ drivers/net/ethernet/broadcom/tg3.h | 4 ++++ 2 files changed, 14 insertions(+) --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c @@ -10052,6 +10052,16 @@ static int tg3_reset_hw(struct tg3 *tp, tw32(GRC_MODE, tp->grc_mode | val); + /* On one of the AMD platform, MRRS is restricted to 4000 because of + * south bridge limitation. As a workaround, Driver is setting MRRS + * to 2048 instead of default 4096. + */ + if (tp->pdev->subsystem_vendor == PCI_VENDOR_ID_DELL && + tp->pdev->subsystem_device == TG3PCI_SUBDEVICE_ID_DELL_5762) { + val = tr32(TG3PCI_DEV_STATUS_CTRL) & ~MAX_READ_REQ_MASK; + tw32(TG3PCI_DEV_STATUS_CTRL, val | MAX_READ_REQ_SIZE_2048); + } + /* Setup the timer prescalar register. Clock is always 66Mhz. */ val = tr32(GRC_MISC_CFG); val &= ~0xff; --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -96,6 +96,7 @@ #define TG3PCI_SUBDEVICE_ID_DELL_JAGUAR 0x0106 #define TG3PCI_SUBDEVICE_ID_DELL_MERLOT 0x0109 #define TG3PCI_SUBDEVICE_ID_DELL_SLIM_MERLOT 0x010a +#define TG3PCI_SUBDEVICE_ID_DELL_5762 0x07f0 #define TG3PCI_SUBVENDOR_ID_COMPAQ PCI_VENDOR_ID_COMPAQ #define TG3PCI_SUBDEVICE_ID_COMPAQ_BANSHEE 0x007c #define TG3PCI_SUBDEVICE_ID_COMPAQ_BANSHEE_2 0x009a @@ -281,6 +282,9 @@ #define TG3PCI_STD_RING_PROD_IDX 0x00000098 /* 64-bit */ #define TG3PCI_RCV_RET_RING_CON_IDX 0x000000a0 /* 64-bit */ /* 0xa8 --> 0xb8 unused */ +#define TG3PCI_DEV_STATUS_CTRL 0x000000b4 +#define MAX_READ_REQ_SIZE_2048 0x00004000 +#define MAX_READ_REQ_MASK 0x00007000 #define TG3PCI_DUAL_MAC_CTRL 0x000000b8 #define DUAL_MAC_CTRL_CH_MASK 0x00000003 #define DUAL_MAC_CTRL_ID 0x00000004 Patches currently in stable-queue which might be from siva.kallam(a)broadcom.com are queue-4.14/tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch queue-4.14/tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch

7 years, 2 months

1
0
0 0

Patch "staging: ion: Fix ion_cma_heap allocations" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: ion: Fix ion_cma_heap allocations to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-ion-fix-ion_cma_heap-allocations.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: John Stultz <john.stultz(a)linaro.org> Date: Fri, 15 Dec 2017 19:59:47 -0800 Subject: staging: ion: Fix ion_cma_heap allocations From: John Stultz <john.stultz(a)linaro.org> [ Upstream commit f292b9b28097d8fe870336108e91bd95a14294bf ] In trying to add support for drm_hwcomposer to HiKey, I've needed to utilize the ION CMA heap, and I've noticed problems with allocations on newer kernels failing. It seems back with 204f672255c2 ("ion: Use CMA APIs directly"), the ion_cma_heap code was modified to use the CMA API, but kept the arguments as buffer lengths rather then number of pages. This results in errors as we don't have enough pages in CMA to satisfy the exaggerated requests. This patch converts the ion_cma_heap CMA API usage to properly request pages. It also fixes a minor issue in the allocation where in the error path, the cma_release is called with the buffer->size value which hasn't yet been set. Cc: Laura Abbott <labbott(a)redhat.com> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)linaro.org> Cc: Archit Taneja <architt(a)codeaurora.org> Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dmitry Shmidt <dimitrysh(a)google.com> Cc: Todd Kjos <tkjos(a)google.com> Cc: Amit Pundir <amit.pundir(a)linaro.org> Fixes: 204f672255c2 ("staging: android: ion: Use CMA APIs directly") Acked-by: Laura Abbott <labbott(a)redhat.com> Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ion/Kconfig | 2 +- drivers/staging/android/ion/ion_cma_heap.c | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) --- a/drivers/staging/android/ion/Kconfig +++ b/drivers/staging/android/ion/Kconfig @@ -37,7 +37,7 @@ config ION_CHUNK_HEAP config ION_CMA_HEAP bool "Ion CMA heap support" - depends on ION && CMA + depends on ION && DMA_CMA help Choose this option to enable CMA heaps with Ion. This heap is backed by the Contiguous Memory Allocator (CMA). If your system has these --- a/drivers/staging/android/ion/ion_cma_heap.c +++ b/drivers/staging/android/ion/ion_cma_heap.c @@ -39,9 +39,15 @@ static int ion_cma_allocate(struct ion_h struct ion_cma_heap *cma_heap = to_cma_heap(heap); struct sg_table *table; struct page *pages; + unsigned long size = PAGE_ALIGN(len); + unsigned long nr_pages = size >> PAGE_SHIFT; + unsigned long align = get_order(size); int ret; - pages = cma_alloc(cma_heap->cma, len, 0, GFP_KERNEL); + if (align > CONFIG_CMA_ALIGNMENT) + align = CONFIG_CMA_ALIGNMENT; + + pages = cma_alloc(cma_heap->cma, nr_pages, align, GFP_KERNEL); if (!pages) return -ENOMEM; @@ -53,7 +59,7 @@ static int ion_cma_allocate(struct ion_h if (ret) goto free_mem; - sg_set_page(table->sgl, pages, len, 0); + sg_set_page(table->sgl, pages, size, 0); buffer->priv_virt = pages; buffer->sg_table = table; @@ -62,7 +68,7 @@ static int ion_cma_allocate(struct ion_h free_mem: kfree(table); err: - cma_release(cma_heap->cma, pages, buffer->size); + cma_release(cma_heap->cma, pages, nr_pages); return -ENOMEM; } @@ -70,9 +76,10 @@ static void ion_cma_free(struct ion_buff { struct ion_cma_heap *cma_heap = to_cma_heap(buffer->heap); struct page *pages = buffer->priv_virt; + unsigned long nr_pages = PAGE_ALIGN(buffer->size) >> PAGE_SHIFT; /* release memory */ - cma_release(cma_heap->cma, pages, buffer->size); + cma_release(cma_heap->cma, pages, nr_pages); /* release sg table */ sg_free_table(buffer->sg_table); kfree(buffer->sg_table); Patches currently in stable-queue which might be from john.stultz(a)linaro.org are queue-4.14/hrtimer-ensure-posix-compliance-relative-clock_realtime-hrtimers.patch queue-4.14/staging-ion-fix-ion_cma_heap-allocations.patch

7 years, 2 months

1
0
0 0

Patch "spi: atmel: fixed spin_lock usage inside atmel_spi_remove" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: atmel: fixed spin_lock usage inside atmel_spi_remove to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_remove.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Radu Pirea <radu.pirea(a)microchip.com> Date: Fri, 15 Dec 2017 17:40:17 +0200 Subject: spi: atmel: fixed spin_lock usage inside atmel_spi_remove From: Radu Pirea <radu.pirea(a)microchip.com> [ Upstream commit 66e900a3d225575c8b48b59ae1fe74bb6e5a65cc ] The only part of atmel_spi_remove which needs to be atomic is hardware reset. atmel_spi_stop_dma calls dma_terminate_all and this needs interrupts enabled. atmel_spi_release_dma calls dma_release_channel and dma_release_channel locks a mutex inside of spin_lock. So the call of these functions can't be inside a spin_lock. Reported-by: Jia-Ju Bai <baijiaju1990(a)gmail.com> Signed-off-by: Radu Pirea <radu.pirea(a)microchip.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-atmel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/spi/spi-atmel.c +++ b/drivers/spi/spi-atmel.c @@ -1661,12 +1661,12 @@ static int atmel_spi_remove(struct platf pm_runtime_get_sync(&pdev->dev); /* reset the hardware and block queue progress */ - spin_lock_irq(&as->lock); if (as->use_dma) { atmel_spi_stop_dma(master); atmel_spi_release_dma(master); } + spin_lock_irq(&as->lock); spi_writel(as, CR, SPI_BIT(SWRST)); spi_writel(as, CR, SPI_BIT(SWRST)); /* AT91SAM9263 Rev B workaround */ spi_readl(as, SR); Patches currently in stable-queue which might be from radu.pirea(a)microchip.com are queue-4.14/spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_remove.patch

7 years, 2 months

1
0
0 0

Patch "SolutionEngine771x: fix Ether platform data" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled SolutionEngine771x: fix Ether platform data to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: solutionengine771x-fix-ether-platform-data.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> Date: Sat, 6 Jan 2018 21:53:26 +0300 Subject: SolutionEngine771x: fix Ether platform data From: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [ Upstream commit 195e2addbce09e5afbc766efc1e6567c9ce840d3 ] The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct sh_eth_plat_data *'; pass the latter to the driver in order to fix the bug... Fixes: 71557a37adb5 ("[netdrvr] sh_eth: Add SH7619 support") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/sh/boards/mach-se/770x/setup.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/arch/sh/boards/mach-se/770x/setup.c +++ b/arch/sh/boards/mach-se/770x/setup.c @@ -9,6 +9,7 @@ */ #include <linux/init.h> #include <linux/platform_device.h> +#include <linux/sh_eth.h> #include <mach-se/mach/se.h> #include <mach-se/mach/mrshpc.h> #include <asm/machvec.h> @@ -115,6 +116,11 @@ static struct platform_device heartbeat_ #if defined(CONFIG_CPU_SUBTYPE_SH7710) ||\ defined(CONFIG_CPU_SUBTYPE_SH7712) /* SH771X Ethernet driver */ +static struct sh_eth_plat_data sh_eth_plat = { + .phy = PHY_ID, + .phy_interface = PHY_INTERFACE_MODE_MII, +}; + static struct resource sh_eth0_resources[] = { [0] = { .start = SH_ETH0_BASE, @@ -132,7 +138,7 @@ static struct platform_device sh_eth0_de .name = "sh771x-ether", .id = 0, .dev = { - .platform_data = PHY_ID, + .platform_data = &sh_eth_plat, }, .num_resources = ARRAY_SIZE(sh_eth0_resources), .resource = sh_eth0_resources, @@ -155,7 +161,7 @@ static struct platform_device sh_eth1_de .name = "sh771x-ether", .id = 1, .dev = { - .platform_data = PHY_ID, + .platform_data = &sh_eth_plat, }, .num_resources = ARRAY_SIZE(sh_eth1_resources), .resource = sh_eth1_resources, Patches currently in stable-queue which might be from sergei.shtylyov(a)cogentembedded.com are queue-4.14/solutionengine771x-fix-ether-platform-data.patch

7 years, 2 months

1
0
0 0

Patch "sctp: make use of pre-calculated len" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: make use of pre-calculated len to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-make-use-of-pre-calculated-len.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Date: Mon, 8 Jan 2018 19:02:29 -0200 Subject: sctp: make use of pre-calculated len From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> [ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ] Some sockopt handling functions were calculating the length of the buffer to be written to userspace and then calculating it again when actually writing the buffer, which could lead to some write not using an up-to-date length. This patch updates such places to just make use of the len variable. Also, replace some sizeof(type) to sizeof(var). Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4957,7 +4957,7 @@ static int sctp_getsockopt_autoclose(str len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; - if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) + if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len)) return -EFAULT; return 0; } @@ -5588,6 +5588,9 @@ copy_getaddrs: err = -EFAULT; goto out; } + /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too, + * but we can't change it anymore. + */ if (put_user(bytes_copied, optlen)) err = -EFAULT; out: @@ -6024,7 +6027,7 @@ static int sctp_getsockopt_maxseg(struct params.assoc_id = 0; } else if (len >= sizeof(struct sctp_assoc_value)) { len = sizeof(struct sctp_assoc_value); - if (copy_from_user(&params, optval, sizeof(params))) + if (copy_from_user(&params, optval, len)) return -EFAULT; } else return -EINVAL; @@ -6194,7 +6197,9 @@ static int sctp_getsockopt_active_key(st if (len < sizeof(struct sctp_authkeyid)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) + + len = sizeof(struct sctp_authkeyid); + if (copy_from_user(&val, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, val.scact_assoc_id); @@ -6206,7 +6211,6 @@ static int sctp_getsockopt_active_key(st else val.scact_keynumber = ep->active_key_id; - len = sizeof(struct sctp_authkeyid); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) @@ -6232,7 +6236,7 @@ static int sctp_getsockopt_peer_auth_chu if (len < sizeof(struct sctp_authchunks)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) + if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; to = p->gauth_chunks; @@ -6277,7 +6281,7 @@ static int sctp_getsockopt_local_auth_ch if (len < sizeof(struct sctp_authchunks)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) + if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; to = p->gauth_chunks; Patches currently in stable-queue which might be from marcelo.leitner(a)gmail.com are queue-4.14/sctp-make-use-of-pre-calculated-len.patch queue-4.14/sctp-add-a-ceiling-to-optlen-in-some-sockopts.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "sget(): handle failures of register_shrinker()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sget(): handle failures of register_shrinker() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sget-handle-failures-of-register_shrinker.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Al Viro <viro(a)zeniv.linux.org.uk> Date: Mon, 18 Dec 2017 15:05:07 -0500 Subject: sget(): handle failures of register_shrinker() From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit 9ee332d99e4d5a97548943b81c54668450ce641b ] Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/super.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/fs/super.c +++ b/fs/super.c @@ -522,7 +522,11 @@ retry: hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - register_shrinker(&s->s_shrink); + err = register_shrinker(&s->s_shrink); + if (err) { + deactivate_locked_super(s); + s = ERR_PTR(err); + } return s; } Patches currently in stable-queue which might be from viro(a)zeniv.linux.org.uk are queue-4.14/afs-fix-missing-error-handling-in-afs_write_end.patch queue-4.14/exec-avoid-gcc-8-warning-for-get_task_comm.patch queue-4.14/sget-handle-failures-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 18 Dec 2017 14:07:25 +0800 Subject: sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 5c468674d17056148da06218d4da5d04baf22eac ] Now when reneging events in sctp_ulpq_renege(), the variable freed could be increased by a __u16 value twice while freed is of __u16 type. It means freed may overflow at the second addition. This patch is to fix it by using __u32 type for 'freed', while at it, also to remove 'if (chunk)' check, as all renege commands are generated in sctp_eat_data and it can't be NULL. Reported-by: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Neil Horman <nhorman(a)tuxdriver.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/ulpqueue.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) --- a/net/sctp/ulpqueue.c +++ b/net/sctp/ulpqueue.c @@ -1084,29 +1084,21 @@ void sctp_ulpq_partial_delivery(struct s void sctp_ulpq_renege(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk, gfp_t gfp) { - struct sctp_association *asoc; - __u16 needed, freed; + struct sctp_association *asoc = ulpq->asoc; + __u32 freed = 0; + __u16 needed; - asoc = ulpq->asoc; - - if (chunk) { - needed = ntohs(chunk->chunk_hdr->length); - needed -= sizeof(struct sctp_data_chunk); - } else - needed = SCTP_DEFAULT_MAXWINDOW; - - freed = 0; + needed = ntohs(chunk->chunk_hdr->length) - + sizeof(struct sctp_data_chunk); if (skb_queue_empty(&asoc->base.sk->sk_receive_queue)) { freed = sctp_ulpq_renege_order(ulpq, needed); - if (freed < needed) { + if (freed < needed) freed += sctp_ulpq_renege_frags(ulpq, needed - freed); - } } /* If able to free enough room, accept this chunk. */ - if (chunk && (freed >= needed)) { - int retval; - retval = sctp_ulpq_tail_data(ulpq, chunk, gfp); + if (freed >= needed) { + int retval = sctp_ulpq_tail_data(ulpq, chunk, gfp); /* * Enter partial delivery if chunk has not been * delivered; otherwise, drain the reassembly queue. Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch queue-4.14/vxlan-update-skb-dst-pmtu-on-tx-path.patch queue-4.14/ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "sctp: add a ceiling to optlen in some sockopts" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: add a ceiling to optlen in some sockopts to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-add-a-ceiling-to-optlen-in-some-sockopts.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Date: Mon, 8 Jan 2018 19:02:28 -0200 Subject: sctp: add a ceiling to optlen in some sockopts From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> [ Upstream commit 5960cefab9df76600a1a7d4ff592c59e14616e88 ] Hangbin Liu reported that some sockopt calls could cause the kernel to log a warning on memory allocation failure if the user supplied a large optlen value. That is because some of them called memdup_user() without a ceiling on optlen, allowing it to try to allocate really large buffers. This patch adds a ceiling by limiting optlen to the maximum allowed that would still make sense for these sockopt. Reported-by: Hangbin Liu <haliu(a)redhat.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3494,6 +3494,8 @@ static int sctp_setsockopt_hmac_ident(st if (optlen < sizeof(struct sctp_hmacalgo)) return -EINVAL; + optlen = min_t(unsigned int, optlen, sizeof(struct sctp_hmacalgo) + + SCTP_AUTH_NUM_HMACS * sizeof(u16)); hmacs = memdup_user(optval, optlen); if (IS_ERR(hmacs)) @@ -3532,6 +3534,11 @@ static int sctp_setsockopt_auth_key(stru if (optlen <= sizeof(struct sctp_authkey)) return -EINVAL; + /* authkey->sca_keylength is u16, so optlen can't be bigger than + * this. + */ + optlen = min_t(unsigned int, optlen, USHRT_MAX + + sizeof(struct sctp_authkey)); authkey = memdup_user(optval, optlen); if (IS_ERR(authkey)) @@ -3889,6 +3896,9 @@ static int sctp_setsockopt_reset_streams if (optlen < sizeof(*params)) return -EINVAL; + /* srs_number_streams is u16, so optlen can't be bigger than this. */ + optlen = min_t(unsigned int, optlen, USHRT_MAX + + sizeof(__u16) * sizeof(*params)); params = memdup_user(optval, optlen); if (IS_ERR(params)) Patches currently in stable-queue which might be from marcelo.leitner(a)gmail.com are queue-4.14/sctp-make-use-of-pre-calculated-len.patch queue-4.14/sctp-add-a-ceiling-to-optlen-in-some-sockopts.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-storvsc-fix-scsi_cmd-error-assignments-in-storvsc_handle_error.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Cathy Avery <cavery(a)redhat.com> Date: Tue, 19 Dec 2017 13:32:48 -0500 Subject: scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error From: Cathy Avery <cavery(a)redhat.com> [ Upstream commit d1b8b2391c24751e44f618fcf86fb55d9a9247fd ] When an I/O is returned with an srb_status of SRB_STATUS_INVALID_LUN which has zero good_bytes it must be assigned an error. Otherwise the I/O will be continuously requeued and will cause a deadlock in the case where disks are being hot added and removed. sd_probe_async will wait forever for its I/O to complete while holding scsi_sd_probe_domain. Also returning the default error of DID_TARGET_FAILURE causes multipath to not retry the I/O resulting in applications receiving I/O errors before a failover can occur. Signed-off-by: Cathy Avery <cavery(a)redhat.com> Signed-off-by: Long Li <longli(a)microsoft.com> Reviewed-by: Stephen Hemminger <stephen(a)networkplumber.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/storvsc_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -952,10 +952,11 @@ static void storvsc_handle_error(struct case TEST_UNIT_READY: break; default: - set_host_byte(scmnd, DID_TARGET_FAILURE); + set_host_byte(scmnd, DID_ERROR); } break; case SRB_STATUS_INVALID_LUN: + set_host_byte(scmnd, DID_NO_CONNECT); do_work = true; process_err_fn = storvsc_remove_lun; break; Patches currently in stable-queue which might be from cavery(a)redhat.com are queue-4.14/scsi-storvsc-fix-scsi_cmd-error-assignments-in-storvsc_handle_error.patch

7 years, 2 months

1
0
0 0

Patch "scsi: aacraid: Fix I/O drop during reset" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: aacraid: Fix I/O drop during reset to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-aacraid-fix-i-o-drop-during-reset.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Prasad B Munirathnam <prasad.munirathnam(a)microsemi.com> Date: Tue, 12 Dec 2017 11:40:10 -0800 Subject: scsi: aacraid: Fix I/O drop during reset From: Prasad B Munirathnam <prasad.munirathnam(a)microsemi.com> [ Upstream commit 5771cfffdffe709ae9b403b6f80438ca40bf850e ] "FIB_CONTEXT_FLAG_TIMEDOUT" flag is set in aac_eh_abort to indicate command timeout. Using the same flag in reset handler causes the command to time out and the I/Os were dropped. Define a new flag "FIB_CONTEXT_FLAG_EH_RESET" to make sure I/O is properly handled in eh_reset handler. [mkp: tweaked commit message] Signed-off-by: Prasad B Munirathnam <prasad.munirathnam(a)microsemi.com> Reviewed-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta(a)microsemi.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/aacraid/aacraid.h | 1 + drivers/scsi/aacraid/linit.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --- a/drivers/scsi/aacraid/aacraid.h +++ b/drivers/scsi/aacraid/aacraid.h @@ -1724,6 +1724,7 @@ struct aac_dev #define FIB_CONTEXT_FLAG_NATIVE_HBA (0x00000010) #define FIB_CONTEXT_FLAG_NATIVE_HBA_TMF (0x00000020) #define FIB_CONTEXT_FLAG_SCSI_CMD (0x00000040) +#define FIB_CONTEXT_FLAG_EH_RESET (0x00000080) /* * Define the command values --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -1037,7 +1037,7 @@ static int aac_eh_bus_reset(struct scsi_ info = &aac->hba_map[bus][cid]; if (bus >= AAC_MAX_BUSES || cid >= AAC_MAX_TARGETS || info->devtype != AAC_DEVTYPE_NATIVE_RAW) { - fib->flags |= FIB_CONTEXT_FLAG_TIMED_OUT; + fib->flags |= FIB_CONTEXT_FLAG_EH_RESET; cmd->SCp.phase = AAC_OWNER_ERROR_HANDLER; } } Patches currently in stable-queue which might be from prasad.munirathnam(a)microsemi.com are queue-4.14/scsi-aacraid-fix-i-o-drop-during-reset.patch

7 years, 2 months

1
0
0 0

Patch "s390/dasd: fix wrongly assigned configuration data" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/dasd: fix wrongly assigned configuration data to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-dasd-fix-wrongly-assigned-configuration-data.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Stefan Haberland <sth(a)linux.vnet.ibm.com> Date: Wed, 6 Dec 2017 10:30:39 +0100 Subject: s390/dasd: fix wrongly assigned configuration data From: Stefan Haberland <sth(a)linux.vnet.ibm.com> [ Upstream commit 8a9bd4f8ebc6800bfc0596e28631ff6809a2f615 ] We store per path and per device configuration data to identify the path or device correctly. The per path configuration data might get mixed up if the original request gets into error recovery and is started with a random path mask. This would lead to a wrong identification of a path in case of a CUIR event for example. Fix by copying the path mask from the original request to the error recovery request in case it is a path verification request. Signed-off-by: Stefan Haberland <sth(a)linux.vnet.ibm.com> Reviewed-by: Jan Hoeppner <hoeppner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/block/dasd_3990_erp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/drivers/s390/block/dasd_3990_erp.c +++ b/drivers/s390/block/dasd_3990_erp.c @@ -2803,6 +2803,16 @@ dasd_3990_erp_action(struct dasd_ccw_req erp = dasd_3990_erp_handle_match_erp(cqr, erp); } + + /* + * For path verification work we need to stick with the path that was + * originally chosen so that the per path configuration data is + * assigned correctly. + */ + if (test_bit(DASD_CQR_VERIFY_PATH, &erp->flags) && cqr->lpm) { + erp->lpm = cqr->lpm; + } + if (device->features & DASD_FEATURE_ERPLOG) { /* print current erp_chain */ dev_err(&device->cdev->dev, Patches currently in stable-queue which might be from sth(a)linux.vnet.ibm.com are queue-4.14/s390-dasd-fix-wrongly-assigned-configuration-data.patch

7 years, 2 months

1
0
0 0

Patch "RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: rdma-vmw_pvrdma-call-ib_umem_release-on-destroy-qp-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Bryan Tan <bryantan(a)vmware.com> Date: Wed, 20 Dec 2017 09:49:03 -0800 Subject: RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path From: Bryan Tan <bryantan(a)vmware.com> [ Upstream commit 17748056ce123ee37fb7382bc698fc721e3c4a09 ] The QP cleanup did not previously call ib_umem_release, resulting in a user-triggerable kernel resource leak. Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver") Reviewed-by: Adit Ranadive <aditr(a)vmware.com> Reviewed-by: Aditya Sarwade <asarwade(a)vmware.com> Reviewed-by: Jorgen Hansen <jhansen(a)vmware.com> Signed-off-by: Bryan Tan <bryantan(a)vmware.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c @@ -406,6 +406,13 @@ static void pvrdma_free_qp(struct pvrdma atomic_dec(&qp->refcnt); wait_event(qp->wait, !atomic_read(&qp->refcnt)); + if (!qp->is_kernel) { + if (qp->rumem) + ib_umem_release(qp->rumem); + if (qp->sumem) + ib_umem_release(qp->sumem); + } + pvrdma_page_dir_cleanup(dev, &qp->pdir); kfree(qp); Patches currently in stable-queue which might be from bryantan(a)vmware.com are queue-4.14/rdma-vmw_pvrdma-call-ib_umem_release-on-destroy-qp-path.patch

7 years, 2 months

1
0
0 0

Patch "RDMA/netlink: Fix locking around __ib_get_device_by_index" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled RDMA/netlink: Fix locking around __ib_get_device_by_index to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: rdma-netlink-fix-locking-around-__ib_get_device_by_index.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Leon Romanovsky <leonro(a)mellanox.com> Date: Mon, 1 Jan 2018 13:07:15 +0200 Subject: RDMA/netlink: Fix locking around __ib_get_device_by_index From: Leon Romanovsky <leonro(a)mellanox.com> [ Upstream commit f8978bd95cf92f869f3d9b34c1b699f49253b8c6 ] Holding locks is mandatory when calling __ib_device_get_by_index, otherwise there are races during the list iteration with device removal. Since the locks are static to device.c, __ib_device_get_by_index can never be called correctly by any user out side the file. Make the function static and provide a safe function that gets the correct locks and returns a kref'd pointer. Fix all callers. Fixes: e5c9469efcb1 ("RDMA/netlink: Add nldev device doit implementation") Fixes: c3f66f7b0052 ("RDMA/netlink: Implement nldev port doit callback") Fixes: 7d02f605f0dc ("RDMA/netlink: Add nldev port dumpit implementation") Reviewed-by: Mark Bloch <markb(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/core/core_priv.h | 2 - drivers/infiniband/core/device.c | 18 +++++++++++- drivers/infiniband/core/nldev.c | 54 ++++++++++++++++++++++++------------ 3 files changed, 54 insertions(+), 20 deletions(-) --- a/drivers/infiniband/core/core_priv.h +++ b/drivers/infiniband/core/core_priv.h @@ -314,7 +314,7 @@ static inline int ib_mad_enforce_securit } #endif -struct ib_device *__ib_device_get_by_index(u32 ifindex); +struct ib_device *ib_device_get_by_index(u32 ifindex); /* RDMA device netlink */ void nldev_init(void); void nldev_exit(void); --- a/drivers/infiniband/core/device.c +++ b/drivers/infiniband/core/device.c @@ -134,7 +134,7 @@ static int ib_device_check_mandatory(str return 0; } -struct ib_device *__ib_device_get_by_index(u32 index) +static struct ib_device *__ib_device_get_by_index(u32 index) { struct ib_device *device; @@ -145,6 +145,22 @@ struct ib_device *__ib_device_get_by_ind return NULL; } +/* + * Caller is responsible to return refrerence count by calling put_device() + */ +struct ib_device *ib_device_get_by_index(u32 index) +{ + struct ib_device *device; + + down_read(&lists_rwsem); + device = __ib_device_get_by_index(index); + if (device) + get_device(&device->dev); + + up_read(&lists_rwsem); + return device; +} + static struct ib_device *__ib_device_get_by_name(const char *name) { struct ib_device *device; --- a/drivers/infiniband/core/nldev.c +++ b/drivers/infiniband/core/nldev.c @@ -142,27 +142,34 @@ static int nldev_get_doit(struct sk_buff index = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]); - device = __ib_device_get_by_index(index); + device = ib_device_get_by_index(index); if (!device) return -EINVAL; msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); - if (!msg) - return -ENOMEM; + if (!msg) { + err = -ENOMEM; + goto err; + } nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq, RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_GET), 0, 0); err = fill_dev_info(msg, device); - if (err) { - nlmsg_free(msg); - return err; - } + if (err) + goto err_free; nlmsg_end(msg, nlh); + put_device(&device->dev); return rdma_nl_unicast(msg, NETLINK_CB(skb).portid); + +err_free: + nlmsg_free(msg); +err: + put_device(&device->dev); + return err; } static int _nldev_get_dumpit(struct ib_device *device, @@ -220,31 +227,40 @@ static int nldev_port_get_doit(struct sk return -EINVAL; index = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]); - device = __ib_device_get_by_index(index); + device = ib_device_get_by_index(index); if (!device) return -EINVAL; port = nla_get_u32(tb[RDMA_NLDEV_ATTR_PORT_INDEX]); - if (!rdma_is_port_valid(device, port)) - return -EINVAL; + if (!rdma_is_port_valid(device, port)) { + err = -EINVAL; + goto err; + } msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); - if (!msg) - return -ENOMEM; + if (!msg) { + err = -ENOMEM; + goto err; + } nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq, RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, RDMA_NLDEV_CMD_GET), 0, 0); err = fill_port_info(msg, device, port); - if (err) { - nlmsg_free(msg); - return err; - } + if (err) + goto err_free; nlmsg_end(msg, nlh); + put_device(&device->dev); return rdma_nl_unicast(msg, NETLINK_CB(skb).portid); + +err_free: + nlmsg_free(msg); +err: + put_device(&device->dev); + return err; } static int nldev_port_get_dumpit(struct sk_buff *skb, @@ -265,7 +281,7 @@ static int nldev_port_get_dumpit(struct return -EINVAL; ifindex = nla_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]); - device = __ib_device_get_by_index(ifindex); + device = ib_device_get_by_index(ifindex); if (!device) return -EINVAL; @@ -299,7 +315,9 @@ static int nldev_port_get_dumpit(struct nlmsg_end(skb, nlh); } -out: cb->args[0] = idx; +out: + put_device(&device->dev); + cb->args[0] = idx; return skb->len; } Patches currently in stable-queue which might be from leonro(a)mellanox.com are queue-4.14/ib-mlx4-fix-mlx4_ib_alloc_mr-error-flow.patch queue-4.14/rdma-netlink-fix-locking-around-__ib_get_device_by_index.patch

7 years, 2 months

1
0
0 0

Patch "phy: cpcap-usb: Fix platform_get_irq_byname's error checking." has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled phy: cpcap-usb: Fix platform_get_irq_byname's error checking. to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: phy-cpcap-usb-fix-platform_get_irq_byname-s-error-checking.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Fri, 17 Nov 2017 16:55:35 +0530 Subject: phy: cpcap-usb: Fix platform_get_irq_byname's error checking. From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> [ Upstream commit e796cc6a3a9186c92092e2f5929cf8f65b56cf01 ] The platform_get_irq_byname() function returns negative if an error occurs. zero or positive number on success. platform_get_irq_byname() error checking for zero is not correct. Fixes: 6d6ce40f63af ("phy: cpcap-usb: Add CPCAP PMIC USB support") Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reviewed-by: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Acked-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/phy/motorola/phy-cpcap-usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/phy/motorola/phy-cpcap-usb.c +++ b/drivers/phy/motorola/phy-cpcap-usb.c @@ -310,7 +310,7 @@ static int cpcap_usb_init_irq(struct pla int irq, error; irq = platform_get_irq_byname(pdev, name); - if (!irq) + if (irq < 0) return -ENODEV; error = devm_request_threaded_irq(ddata->dev, irq, NULL, Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-4.14/phy-cpcap-usb-fix-platform_get_irq_byname-s-error-checking.patch

7 years, 2 months

1
0
0 0

Patch "perf/x86/intel: Plug memory leak in intel_pmu_init()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/x86/intel: Plug memory leak in intel_pmu_init() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-x86-intel-plug-memory-leak-in-intel_pmu_init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Wed, 27 Dec 2017 19:45:31 +0100 Subject: perf/x86/intel: Plug memory leak in intel_pmu_init() From: Thomas Gleixner <tglx(a)linutronix.de> [ Upstream commit 7ad1437d6ace0e450a6c1167720608ad660b191d ] A recent commit introduced an extra merge_attr() call in the skylake branch, which causes a memory leak. Store the pointer to the extra allocated memory and free it at the end of the function. Fixes: a5df70c354c2 ("perf/x86: Only show format attributes when supported") Reported-by: Tommi Rantala <tommi.t.rantala(a)nokia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/events/intel/core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -3847,6 +3847,8 @@ static struct attribute *intel_pmu_attrs __init int intel_pmu_init(void) { + struct attribute **extra_attr = NULL; + struct attribute **to_free = NULL; union cpuid10_edx edx; union cpuid10_eax eax; union cpuid10_ebx ebx; @@ -3854,7 +3856,6 @@ __init int intel_pmu_init(void) unsigned int unused; struct extra_reg *er; int version, i; - struct attribute **extra_attr = NULL; char *name; if (!cpu_has(&boot_cpu_data, X86_FEATURE_ARCH_PERFMON)) { @@ -4294,6 +4295,7 @@ __init int intel_pmu_init(void) extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? hsw_format_attr : nhm_format_attr; extra_attr = merge_attr(extra_attr, skl_format_attr); + to_free = extra_attr; x86_pmu.cpu_events = get_hsw_events_attrs(); intel_pmu_pebs_data_source_skl( boot_cpu_data.x86_model == INTEL_FAM6_SKYLAKE_X); @@ -4401,6 +4403,7 @@ __init int intel_pmu_init(void) pr_cont("full-width counters, "); } + kfree(to_free); return 0; } Patches currently in stable-queue which might be from tglx(a)linutronix.de are queue-4.14/exec-avoid-gcc-8-warning-for-get_task_comm.patch queue-4.14/perf-x86-intel-plug-memory-leak-in-intel_pmu_init.patch queue-4.14/x86-efi-fix-kernel-param-add_efi_memmap-regression.patch queue-4.14/x86-platform-intel-mid-revert-make-bt_sfi_data-const.patch queue-4.14/x86-asm-allow-again-using-asm.h-when-building-for-the-bpf-clang-target.patch queue-4.14/x86-stacktrace-make-zombie-stack-traces-reliable.patch queue-4.14/ia64-sched-cputime-fix-build-error-if-config_virt_cpu_accounting_native-y.patch queue-4.14/genirq-guard-handle_bad_irq-log-messages.patch queue-4.14/hrtimer-ensure-posix-compliance-relative-clock_realtime-hrtimers.patch

7 years, 2 months

1
0
0 0

Patch "parisc: Reduce thread stack to 16 kb" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled parisc: Reduce thread stack to 16 kb to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: parisc-reduce-thread-stack-to-16-kb.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: John David Anglin <dave.anglin(a)bell.net> Date: Mon, 13 Nov 2017 19:35:33 -0500 Subject: parisc: Reduce thread stack to 16 kb From: John David Anglin <dave.anglin(a)bell.net> [ Upstream commit da57c5414f49ef9e4bcb9ae0bbafd1d650b31411 ] In testing, I found that the thread stack can be 16 kB when using an irq stack. Without it, the thread stack needs to be 32 kB. Currently, the irq stack is 32 kB. While it probably could be 16 kB, I would prefer to leave it as is for safety. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/parisc/include/asm/thread_info.h | 5 +++++ 1 file changed, 5 insertions(+) --- a/arch/parisc/include/asm/thread_info.h +++ b/arch/parisc/include/asm/thread_info.h @@ -35,7 +35,12 @@ struct thread_info { /* thread information allocation */ +#ifdef CONFIG_IRQSTACKS +#define THREAD_SIZE_ORDER 2 /* PA-RISC requires at least 16k stack */ +#else #define THREAD_SIZE_ORDER 3 /* PA-RISC requires at least 32k stack */ +#endif + /* Be sure to hunt all references to this down when you change the size of * the kernel stack */ #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER) Patches currently in stable-queue which might be from dave.anglin(a)bell.net are queue-4.14/parisc-reduce-thread-stack-to-16-kb.patch

7 years, 2 months

1
0
0 0

Patch "of_mdio: avoid MDIO bus removal when a PHY is missing" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled of_mdio: avoid MDIO bus removal when a PHY is missing to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: of_mdio-avoid-mdio-bus-removal-when-a-phy-is-missing.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Madalin Bucur <madalin.bucur(a)nxp.com> Date: Tue, 9 Jan 2018 14:43:34 +0200 Subject: of_mdio: avoid MDIO bus removal when a PHY is missing From: Madalin Bucur <madalin.bucur(a)nxp.com> [ Upstream commit 95f566de0269a0c59fd6a737a147731302136429 ] If one of the child devices is missing the of_mdiobus_register_phy() call will return -ENODEV. When a missing device is encountered the registration of the remaining PHYs is stopped and the MDIO bus will fail to register. Propagate all errors except ENODEV to avoid it. Signed-off-by: Madalin Bucur <madalin.bucur(a)nxp.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/of/of_mdio.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/drivers/of/of_mdio.c +++ b/drivers/of/of_mdio.c @@ -228,7 +228,12 @@ int of_mdiobus_register(struct mii_bus * rc = of_mdiobus_register_phy(mdio, child, addr); else rc = of_mdiobus_register_device(mdio, child, addr); - if (rc) + + if (rc == -ENODEV) + dev_err(&mdio->dev, + "MDIO device at address %d is missing.\n", + addr); + else if (rc) goto unregister; } @@ -252,7 +257,7 @@ int of_mdiobus_register(struct mii_bus * if (of_mdiobus_child_is_phy(child)) { rc = of_mdiobus_register_phy(mdio, child, addr); - if (rc) + if (rc && rc != -ENODEV) goto unregister; } } Patches currently in stable-queue which might be from madalin.bucur(a)nxp.com are queue-4.14/of_mdio-avoid-mdio-bus-removal-when-a-phy-is-missing.patch

7 years, 2 months

1
0
0 0

Patch "nvme-fc: remove double put reference if admin connect fails" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nvme-fc: remove double put reference if admin connect fails to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nvme-fc-remove-double-put-reference-if-admin-connect-fails.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: James Smart <jsmart2021(a)gmail.com> Date: Wed, 29 Nov 2017 15:11:37 -0800 Subject: nvme-fc: remove double put reference if admin connect fails From: James Smart <jsmart2021(a)gmail.com> [ Upstream commit 4596e752db02d47038cd7c965419789ab15d1985 ] There are two put references in the failure case of initial create_association. The first put actually frees the controller, thus the second put references freed memory. Remove the unnecessary 2nd put. Signed-off-by: James Smart <james.smart(a)broadcom.com> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/nvme/host/fc.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/nvme/host/fc.c +++ b/drivers/nvme/host/fc.c @@ -2876,7 +2876,6 @@ nvme_fc_init_ctrl(struct device *dev, st /* initiate nvme ctrl ref counting teardown */ nvme_uninit_ctrl(&ctrl->ctrl); - nvme_put_ctrl(&ctrl->ctrl); /* Remove core ctrl ref. */ nvme_put_ctrl(&ctrl->ctrl); Patches currently in stable-queue which might be from jsmart2021(a)gmail.com are queue-4.14/nvme-fc-remove-double-put-reference-if-admin-connect-fails.patch

7 years, 2 months

1
0
0 0

Patch "nvme: check hw sectors before setting chunk sectors" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nvme: check hw sectors before setting chunk sectors to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nvme-check-hw-sectors-before-setting-chunk-sectors.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Keith Busch <keith.busch(a)intel.com> Date: Thu, 14 Dec 2017 11:20:14 -0700 Subject: nvme: check hw sectors before setting chunk sectors From: Keith Busch <keith.busch(a)intel.com> [ Upstream commit 249159c5f15812140fa216f9997d799ac0023a1f ] Some devices with IDs matching the "stripe" quirk don't actually have this quirk, and don't have an MDTS value. When MDTS is not set, the driver sets the max sectors to UINT_MAX, which is not a power of 2, hitting a BUG_ON from blk_queue_chunk_sectors. This patch skips setting chunk sectors for such devices. Signed-off-by: Keith Busch <keith.busch(a)intel.com> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/nvme/host/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1515,7 +1515,8 @@ static void nvme_set_queue_limits(struct blk_queue_max_hw_sectors(q, ctrl->max_hw_sectors); blk_queue_max_segments(q, min_t(u32, max_segments, USHRT_MAX)); } - if (ctrl->quirks & NVME_QUIRK_STRIPE_SIZE) + if ((ctrl->quirks & NVME_QUIRK_STRIPE_SIZE) && + is_power_of_2(ctrl->max_hw_sectors)) blk_queue_chunk_sectors(q, ctrl->max_hw_sectors); blk_queue_virt_boundary(q, ctrl->page_size - 1); if (ctrl->vwc & NVME_CTRL_VWC_PRESENT) Patches currently in stable-queue which might be from keith.busch(a)intel.com are queue-4.14/nvme-check-hw-sectors-before-setting-chunk-sectors.patch

7 years, 2 months

1
0
0 0

Patch "nvme-fabrics: initialize default host->id in nvmf_host_default()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nvme-fabrics: initialize default host->id in nvmf_host_default() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nvme-fabrics-initialize-default-host-id-in-nvmf_host_default.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: "Ewan D. Milne" <emilne(a)redhat.com> Date: Fri, 5 Jan 2018 12:44:06 -0500 Subject: nvme-fabrics: initialize default host->id in nvmf_host_default() From: "Ewan D. Milne" <emilne(a)redhat.com> [ Upstream commit 6b018235b4daabae96d855219fae59c3fb8be417 ] The field was uninitialized before use. Signed-off-by: Ewan D. Milne <emilne(a)redhat.com> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/nvme/host/fabrics.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/nvme/host/fabrics.c +++ b/drivers/nvme/host/fabrics.c @@ -74,6 +74,7 @@ static struct nvmf_host *nvmf_host_defau return NULL; kref_init(&host->ref); + uuid_gen(&host->id); snprintf(host->nqn, NVMF_NQN_SIZE, "nqn.2014-08.org.nvmexpress:uuid:%pUb", &host->id); Patches currently in stable-queue which might be from emilne(a)redhat.com are queue-4.14/nvme-fabrics-initialize-default-host-id-in-nvmf_host_default.patch

7 years, 2 months

1
0
0 0

Patch "nl80211: Check for the required netlink attribute presence" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nl80211: Check for the required netlink attribute presence to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nl80211-check-for-the-required-netlink-attribute-presence.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Hao Chen <flank3rsky(a)gmail.com> Date: Wed, 3 Jan 2018 11:00:31 +0800 Subject: nl80211: Check for the required netlink attribute presence From: Hao Chen <flank3rsky(a)gmail.com> [ Upstream commit 3ea15452ee85754f70f3b9fa1f23165ef2e77ba7 ] nl80211_nan_add_func() does not check if the required attribute NL80211_NAN_FUNC_FOLLOW_UP_DEST is present when processing NL80211_CMD_ADD_NAN_FUNCTION request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attribute presence. Signed-off-by: Hao Chen <flank3rsky(a)gmail.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/wireless/nl80211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -11301,7 +11301,8 @@ static int nl80211_nan_add_func(struct s break; case NL80211_NAN_FUNC_FOLLOW_UP: if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || - !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) { + !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || + !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { err = -EINVAL; goto out; } Patches currently in stable-queue which might be from flank3rsky(a)gmail.com are queue-4.14/nl80211-check-for-the-required-netlink-attribute-presence.patch

7 years, 2 months

1
0
0 0

Patch "nfp: always unmask aux interrupts at init" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfp: always unmask aux interrupts at init to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfp-always-unmask-aux-interrupts-at-init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Jakub Kicinski <jakub.kicinski(a)netronome.com> Date: Tue, 9 Jan 2018 18:14:28 -0800 Subject: nfp: always unmask aux interrupts at init From: Jakub Kicinski <jakub.kicinski(a)netronome.com> [ Upstream commit fc2336505fb49a8b932a0a67a9745c408b79992c ] The link state and exception interrupts may be masked when we probe. The firmware should in theory prevent sending (and automasking) those interrupts if the device is disabled, but if my reading of the FW code is correct there are firmwares out there with race conditions in this area. The interrupt may also be masked if previous driver which used the device was malfunctioning and we didn't load the FW (there is no other good way to comprehensively reset the PF). Note that FW unmasks the data interrupts by itself when vNIC is enabled, such helpful operation is not performed for LSC/EXN interrupts. Always unmask the auxiliary interrupts after request_irq(). On the remove path add missing PCI write flush before free_irq(). Fixes: 4c3523623dc0 ("net: add driver for Netronome NFP4000/NFP6000 NIC VFs") Signed-off-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c +++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c @@ -568,6 +568,7 @@ nfp_net_aux_irq_request(struct nfp_net * return err; } nn_writeb(nn, ctrl_offset, entry->entry); + nfp_net_irq_unmask(nn, entry->entry); return 0; } @@ -582,6 +583,7 @@ static void nfp_net_aux_irq_free(struct unsigned int vector_idx) { nn_writeb(nn, ctrl_offset, 0xff); + nn_pci_flush(nn); free_irq(nn->irq_entries[vector_idx].vector, nn); } Patches currently in stable-queue which might be from jakub.kicinski(a)netronome.com are queue-4.14/nfp-always-unmask-aux-interrupts-at-init.patch

7 years, 2 months

1
0
0 0

Patch "netfilter: uapi: correct UNTRACKED conntrack state bit number" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: uapi: correct UNTRACKED conntrack state bit number to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-uapi-correct-untracked-conntrack-state-bit-number.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Florian Westphal <fw(a)strlen.de> Date: Wed, 20 Dec 2017 12:08:33 +0100 Subject: netfilter: uapi: correct UNTRACKED conntrack state bit number From: Florian Westphal <fw(a)strlen.de> [ Upstream commit 4c82fd0abb87e20d0d68ef5237e74732352806c8 ] nft_ct exposes this bit to userspace. This used to be #define NF_CT_STATE_UNTRACKED_BIT (1 << (IP_CT_NUMBER + 1)) (IP_CT_NUMBER is 5, so this was 0x40) .. but this got changed to 8 (0x100) when the untracked object got removed. Replace this with a literal 6 to prevent further incompatible changes in case IP_CT_NUMBER ever increases. Fixes: cc41c84b7e7f2 ("netfilter: kill the fake untracked conntrack objects") Reported-by: Li Shuang <shuali(a)redhat.com> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/uapi/linux/netfilter/nf_conntrack_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/uapi/linux/netfilter/nf_conntrack_common.h +++ b/include/uapi/linux/netfilter/nf_conntrack_common.h @@ -36,7 +36,7 @@ enum ip_conntrack_info { #define NF_CT_STATE_INVALID_BIT (1 << 0) #define NF_CT_STATE_BIT(ctinfo) (1 << ((ctinfo) % IP_CT_IS_REPLY + 1)) -#define NF_CT_STATE_UNTRACKED_BIT (1 << (IP_CT_UNTRACKED + 1)) +#define NF_CT_STATE_UNTRACKED_BIT (1 << 6) /* Bitset representing status of connection. */ enum ip_conntrack_status { Patches currently in stable-queue which might be from fw(a)strlen.de are queue-4.14/netfilter-uapi-correct-untracked-conntrack-state-bit-number.patch

7 years, 2 months

1
0
0 0

Patch "netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nf_tables-fix-potential-null-ptr-deref-in-nf_tables_dump_obj_done.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Hangbin Liu <liuhangbin(a)gmail.com> Date: Mon, 25 Dec 2017 11:34:54 +0800 Subject: netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit 8bea728dce8972e534e6b99fd550f7b5cc3864e8 ] If there is no NFTA_OBJ_TABLE and NFTA_OBJ_TYPE, the c.data will be NULL in nf_tables_getobj(). So before free filter->table in nf_tables_dump_obj_done(), we need to check if filter is NULL first. Fixes: e46abbcc05aa ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Acked-by: Phil Sutter <phil(a)nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/nf_tables_api.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4596,8 +4596,10 @@ static int nf_tables_dump_obj_done(struc { struct nft_obj_filter *filter = cb->data; - kfree(filter->table); - kfree(filter); + if (filter) { + kfree(filter->table); + kfree(filter); + } return 0; } Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are queue-4.14/netfilter-nf_tables-fix-potential-null-ptr-deref-in-nf_tables_dump_obj_done.patch

7 years, 2 months

1
0
0 0

Patch "netfilter: nf_tables: fix chain filter in nf_tables_dump_rules()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nf_tables-fix-chain-filter-in-nf_tables_dump_rules.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Pablo Neira Ayuso <pablo(a)netfilter.org> Date: Tue, 19 Dec 2017 12:01:21 +0100 Subject: netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() From: Pablo Neira Ayuso <pablo(a)netfilter.org> [ Upstream commit 24c0df82ef7919e4d10cf2e4e65d368eb2e8ea21 ] ctx->chain may be null now that we have very large object names, so we cannot check for ctx->chain[0] here. Fixes: b7263e071aba7 ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Acked-by: Phil Sutter <phil(a)nwl.cc> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2072,7 +2072,7 @@ static int nf_tables_dump_rules(struct s continue; list_for_each_entry_rcu(chain, &table->chains, list) { - if (ctx && ctx->chain[0] && + if (ctx && ctx->chain && strcmp(ctx->chain, chain->name) != 0) continue; Patches currently in stable-queue which might be from pablo(a)netfilter.org are queue-4.14/netfilter-uapi-correct-untracked-conntrack-state-bit-number.patch queue-4.14/netfilter-nf_tables-fix-chain-filter-in-nf_tables_dump_rules.patch queue-4.14/netfilter-nf_tables-fix-potential-null-ptr-deref-in-nf_tables_dump_obj_done.patch

7 years, 2 months

1
0
0 0

Patch "net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-usb-qmi_wwan-add-telit-me910-pid-0x1101-support.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Daniele Palmas <dnlplm(a)gmail.com> Date: Thu, 14 Dec 2017 16:56:14 +0100 Subject: net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support From: Daniele Palmas <dnlplm(a)gmail.com> [ Upstream commit c647c0d62c82eb3ddf78a0d8b3d58819d9f552aa ] This patch adds support for Telit ME910 PID 0x1101. Signed-off-by: Daniele Palmas <dnlplm(a)gmail.com> Acked-by: Bjørn Mork <bjorn(a)mork.no> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1211,6 +1211,7 @@ static const struct usb_device_id produc {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ + {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1201, 2)}, /* Telit LE920, LE920A4 */ {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */ Patches currently in stable-queue which might be from dnlplm(a)gmail.com are queue-4.14/net-usb-qmi_wwan-add-telit-me910-pid-0x1101-support.patch

7 years, 2 months

1
0
0 0

Patch "NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-usb-qmi_wwan-add-support-for-yuga-clm920-nc5-pid-0x9625.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: "SZ Lin (林上智)" <sz.lin(a)moxa.com> Date: Fri, 29 Dec 2017 17:02:17 +0800 Subject: NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 From: "SZ Lin (林上智)" <sz.lin(a)moxa.com> [ Upstream commit bd30ffc414e55194ed6149fad69a145550cb7c18 ] This patch adds support for PID 0x9625 of YUGA CLM920-NC5. YUGA CLM920-NC5 needs to enable QMI_WWAN_QUIRK_DTR before QMI operation. qmicli -d /dev/cdc-wdm0 -p --dms-get-revision [/dev/cdc-wdm0] Device revision retrieved: Revision: 'CLM920_NC5-V1 1 [Oct 23 2016 19:00:00]' Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Acked-by: Bjørn Mork <bjorn(a)mork.no> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1100,6 +1100,7 @@ static const struct usb_device_id produc {QMI_FIXED_INTF(0x05c6, 0x9084, 4)}, {QMI_FIXED_INTF(0x05c6, 0x920d, 0)}, {QMI_FIXED_INTF(0x05c6, 0x920d, 5)}, + {QMI_QUIRK_SET_DTR(0x05c6, 0x9625, 4)}, /* YUGA CLM920-NC5 */ {QMI_FIXED_INTF(0x0846, 0x68a2, 8)}, {QMI_FIXED_INTF(0x12d1, 0x140c, 1)}, /* Huawei E173 */ {QMI_FIXED_INTF(0x12d1, 0x14ac, 1)}, /* Huawei E1820 */ Patches currently in stable-queue which might be from sz.lin(a)moxa.com are queue-4.14/net-usb-qmi_wwan-add-support-for-yuga-clm920-nc5-pid-0x9625.patch

7 years, 2 months

1
0
0 0

Patch "net: stmmac: Fix TX timestamp calculation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: stmmac: Fix TX timestamp calculation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-stmmac-fix-tx-timestamp-calculation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Fredrik Hallenberg <megahallon(a)gmail.com> Date: Mon, 18 Dec 2017 23:33:59 +0100 Subject: net: stmmac: Fix TX timestamp calculation From: Fredrik Hallenberg <megahallon(a)gmail.com> [ Upstream commit 200922c93f008e03ddc804c6dacdf26ca1ba86d7 ] When using GMAC4 the value written in PTP_SSIR should be shifted however the shifted value is also used in subsequent calculations which results in a bad timestamp value. Signed-off-by: Fredrik Hallenberg <megahallon(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c @@ -34,6 +34,7 @@ static u32 stmmac_config_sub_second_incr { u32 value = readl(ioaddr + PTP_TCR); unsigned long data; + u32 reg_value; /* For GMAC3.x, 4.x versions, convert the ptp_clock to nano second * formula = (1/ptp_clock) * 1000000000 @@ -50,10 +51,11 @@ static u32 stmmac_config_sub_second_incr data &= PTP_SSIR_SSINC_MASK; + reg_value = data; if (gmac4) - data = data << GMAC4_PTP_SSIR_SSINC_SHIFT; + reg_value <<= GMAC4_PTP_SSIR_SSINC_SHIFT; - writel(data, ioaddr + PTP_SSIR); + writel(reg_value, ioaddr + PTP_SSIR); return data; } Patches currently in stable-queue which might be from megahallon(a)gmail.com are queue-4.14/net-stmmac-fix-tx-timestamp-calculation.patch queue-4.14/net-stmmac-fix-bad-rx-timestamp-extraction.patch

7 years, 2 months

1
0
0 0

Patch "net: stmmac: Fix bad RX timestamp extraction" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: stmmac: Fix bad RX timestamp extraction to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-stmmac-fix-bad-rx-timestamp-extraction.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Fredrik Hallenberg <megahallon(a)gmail.com> Date: Mon, 18 Dec 2017 23:34:00 +0100 Subject: net: stmmac: Fix bad RX timestamp extraction From: Fredrik Hallenberg <megahallon(a)gmail.com> [ Upstream commit a1762456993893795030d911106a7650481db0ef ] As noted in dwmac4_wrback_get_rx_timestamp_status the timestamp is found in the context descriptor following the current descriptor. However the current code looks for the context descriptor in the current descriptor, which will always fail. Signed-off-by: Fredrik Hallenberg <megahallon(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/stmicro/stmmac/common.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 5 +++-- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 3 ++- drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) --- a/drivers/net/ethernet/stmicro/stmmac/common.h +++ b/drivers/net/ethernet/stmicro/stmmac/common.h @@ -409,7 +409,7 @@ struct stmmac_desc_ops { /* get timestamp value */ u64(*get_timestamp) (void *desc, u32 ats); /* get rx timestamp status */ - int (*get_rx_timestamp_status) (void *desc, u32 ats); + int (*get_rx_timestamp_status)(void *desc, void *next_desc, u32 ats); /* Display ring */ void (*display_ring)(void *head, unsigned int size, bool rx); /* set MSS via context descriptor */ --- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c @@ -258,7 +258,8 @@ static int dwmac4_rx_check_timestamp(voi return ret; } -static int dwmac4_wrback_get_rx_timestamp_status(void *desc, u32 ats) +static int dwmac4_wrback_get_rx_timestamp_status(void *desc, void *next_desc, + u32 ats) { struct dma_desc *p = (struct dma_desc *)desc; int ret = -EINVAL; @@ -270,7 +271,7 @@ static int dwmac4_wrback_get_rx_timestam /* Check if timestamp is OK from context descriptor */ do { - ret = dwmac4_rx_check_timestamp(desc); + ret = dwmac4_rx_check_timestamp(next_desc); if (ret < 0) goto exit; i++; --- a/drivers/net/ethernet/stmicro/stmmac/enh_desc.c +++ b/drivers/net/ethernet/stmicro/stmmac/enh_desc.c @@ -400,7 +400,8 @@ static u64 enh_desc_get_timestamp(void * return ns; } -static int enh_desc_get_rx_timestamp_status(void *desc, u32 ats) +static int enh_desc_get_rx_timestamp_status(void *desc, void *next_desc, + u32 ats) { if (ats) { struct dma_extended_desc *p = (struct dma_extended_desc *)desc; --- a/drivers/net/ethernet/stmicro/stmmac/norm_desc.c +++ b/drivers/net/ethernet/stmicro/stmmac/norm_desc.c @@ -265,7 +265,7 @@ static u64 ndesc_get_timestamp(void *des return ns; } -static int ndesc_get_rx_timestamp_status(void *desc, u32 ats) +static int ndesc_get_rx_timestamp_status(void *desc, void *next_desc, u32 ats) { struct dma_desc *p = (struct dma_desc *)desc; --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c @@ -489,7 +489,7 @@ static void stmmac_get_rx_hwtstamp(struc desc = np; /* Check if timestamp is available */ - if (priv->hw->desc->get_rx_timestamp_status(desc, priv->adv_ts)) { + if (priv->hw->desc->get_rx_timestamp_status(p, np, priv->adv_ts)) { ns = priv->hw->desc->get_timestamp(desc, priv->adv_ts); netdev_dbg(priv->dev, "get valid RX hw timestamp %llu\n", ns); shhwtstamp = skb_hwtstamps(skb); Patches currently in stable-queue which might be from megahallon(a)gmail.com are queue-4.14/net-stmmac-fix-tx-timestamp-calculation.patch queue-4.14/net-stmmac-fix-bad-rx-timestamp-extraction.patch

7 years, 2 months

1
0
0 0

Patch "net: phy: xgene: disable clk on error paths" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: phy: xgene: disable clk on error paths to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-phy-xgene-disable-clk-on-error-paths.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Date: Sat, 16 Dec 2017 00:52:39 +0300 Subject: net: phy: xgene: disable clk on error paths From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> [ Upstream commit ab14436065c8066c265540312742390d6d07ddd2 ] There are several error paths in xgene_mdio_probe(), where clk is left undisabled. The patch fixes them. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/phy/mdio-xgene.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) --- a/drivers/net/phy/mdio-xgene.c +++ b/drivers/net/phy/mdio-xgene.c @@ -194,8 +194,11 @@ static int xgene_mdio_reset(struct xgene } ret = xgene_enet_ecc_init(pdata); - if (ret) + if (ret) { + if (pdata->dev->of_node) + clk_disable_unprepare(pdata->clk); return ret; + } xgene_gmac_reset(pdata); return 0; @@ -388,8 +391,10 @@ static int xgene_mdio_probe(struct platf return ret; mdio_bus = mdiobus_alloc(); - if (!mdio_bus) - return -ENOMEM; + if (!mdio_bus) { + ret = -ENOMEM; + goto out_clk; + } mdio_bus->name = "APM X-Gene MDIO bus"; @@ -418,7 +423,7 @@ static int xgene_mdio_probe(struct platf mdio_bus->phy_mask = ~0; ret = mdiobus_register(mdio_bus); if (ret) - goto out; + goto out_mdiobus; acpi_walk_namespace(ACPI_TYPE_DEVICE, ACPI_HANDLE(dev), 1, acpi_register_phy, NULL, mdio_bus, NULL); @@ -426,16 +431,20 @@ static int xgene_mdio_probe(struct platf } if (ret) - goto out; + goto out_mdiobus; pdata->mdio_bus = mdio_bus; xgene_mdio_status = true; return 0; -out: +out_mdiobus: mdiobus_free(mdio_bus); +out_clk: + if (dev->of_node) + clk_disable_unprepare(pdata->clk); + return ret; } Patches currently in stable-queue which might be from khoroshilov(a)ispras.ru are queue-4.14/net-phy-xgene-disable-clk-on-error-paths.patch

7 years, 2 months

1
0
0 0

Patch "net/mlx5e: Fix ETS BW check" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Fix ETS BW check to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-fix-ets-bw-check.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Huy Nguyen <huyn(a)mellanox.com> Date: Thu, 26 Oct 2017 09:56:34 -0500 Subject: net/mlx5e: Fix ETS BW check From: Huy Nguyen <huyn(a)mellanox.com> [ Upstream commit ff0891915cd7b24ab27eee9b360c0452853bf9f6 ] Fix bug that allows ets bw sum to be 0% when ets tc type exists. Fixes: 08fb1dacdd76 ('net/mlx5e: Support DCBNL IEEE ETS') Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Reviewed-by: Huy Nguyen <huyn(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c @@ -259,6 +259,7 @@ int mlx5e_dcbnl_ieee_setets_core(struct static int mlx5e_dbcnl_validate_ets(struct net_device *netdev, struct ieee_ets *ets) { + bool have_ets_tc = false; int bw_sum = 0; int i; @@ -273,11 +274,14 @@ static int mlx5e_dbcnl_validate_ets(stru } /* Validate Bandwidth Sum */ - for (i = 0; i < IEEE_8021QAZ_MAX_TCS; i++) - if (ets->tc_tsa[i] == IEEE_8021QAZ_TSA_ETS) + for (i = 0; i < IEEE_8021QAZ_MAX_TCS; i++) { + if (ets->tc_tsa[i] == IEEE_8021QAZ_TSA_ETS) { + have_ets_tc = true; bw_sum += ets->tc_tx_bw[i]; + } + } - if (bw_sum != 0 && bw_sum != 100) { + if (have_ets_tc && bw_sum != 100) { netdev_err(netdev, "Failed to validate ETS: BW sum is illegal\n"); return -EINVAL; Patches currently in stable-queue which might be from huyn(a)mellanox.com are queue-4.14/net-mlx5e-fix-ets-bw-check.patch

7 years, 2 months

1
0
0 0

Patch "net/mlx5: Stay in polling mode when command EQ destroy fails" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5: Stay in polling mode when command EQ destroy fails to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5-stay-in-polling-mode-when-command-eq-destroy-fails.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Moshe Shemesh <moshe(a)mellanox.com> Date: Mon, 4 Dec 2017 15:23:51 +0200 Subject: net/mlx5: Stay in polling mode when command EQ destroy fails From: Moshe Shemesh <moshe(a)mellanox.com> [ Upstream commit a2fba188fd5eadd6061bef4f2f2577a43231ebf3 ] During unload, on mlx5_stop_eqs we move command interface from events mode to polling mode, but if command interface EQ destroy fail we move back to events mode. That's wrong since even if we fail to destroy command interface EQ, we do release its irq, so no interrupts will be received. Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/eq.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/eq.c @@ -802,11 +802,9 @@ void mlx5_stop_eqs(struct mlx5_core_dev mlx5_cmd_use_polling(dev); err = mlx5_destroy_unmap_eq(dev, &table->cmd_eq); - if (err) { + if (err) mlx5_core_err(dev, "failed to destroy command eq, err(%d)\n", err); - mlx5_cmd_use_events(dev); - } } int mlx5_core_eq_query(struct mlx5_core_dev *dev, struct mlx5_eq *eq, Patches currently in stable-queue which might be from moshe(a)mellanox.com are queue-4.14/net-mlx5e-fix-ets-bw-check.patch queue-4.14/net-mlx5-stay-in-polling-mode-when-command-eq-destroy-fails.patch queue-4.14/net-mlx5-cleanup-irqs-in-case-of-unload-failure.patch

7 years, 2 months

1
0
0 0

Patch "net/mlx5: Cleanup IRQs in case of unload failure" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5: Cleanup IRQs in case of unload failure to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5-cleanup-irqs-in-case-of-unload-failure.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Moshe Shemesh <moshe(a)mellanox.com> Date: Tue, 21 Nov 2017 15:15:51 +0200 Subject: net/mlx5: Cleanup IRQs in case of unload failure From: Moshe Shemesh <moshe(a)mellanox.com> [ Upstream commit d6b2785cd55ee72e9608762650b3ef299f801b1b ] When mlx5_stop_eqs fails to destroy any of the eqs it returns with an error. In such failure flow the function will return without releasing all EQs irqs and then pci_free_irq_vectors will fail. Fix by only warn on destroy EQ failure and continue to release other EQs and their irqs. It fixes the following kernel trace: kernel: kernel BUG at drivers/pci/msi.c:352! ... ... kernel: Call Trace: kernel: pci_disable_msix+0xd3/0x100 kernel: pci_free_irq_vectors+0xe/0x20 kernel: mlx5_load_one.isra.17+0x9f5/0xec0 [mlx5_core] Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 20 +++++++++++++------- include/linux/mlx5/driver.h | 2 +- 2 files changed, 14 insertions(+), 8 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/eq.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/eq.c @@ -776,7 +776,7 @@ err1: return err; } -int mlx5_stop_eqs(struct mlx5_core_dev *dev) +void mlx5_stop_eqs(struct mlx5_core_dev *dev) { struct mlx5_eq_table *table = &dev->priv.eq_table; int err; @@ -785,22 +785,28 @@ int mlx5_stop_eqs(struct mlx5_core_dev * if (MLX5_CAP_GEN(dev, pg)) { err = mlx5_destroy_unmap_eq(dev, &table->pfault_eq); if (err) - return err; + mlx5_core_err(dev, "failed to destroy page fault eq, err(%d)\n", + err); } #endif err = mlx5_destroy_unmap_eq(dev, &table->pages_eq); if (err) - return err; + mlx5_core_err(dev, "failed to destroy pages eq, err(%d)\n", + err); - mlx5_destroy_unmap_eq(dev, &table->async_eq); + err = mlx5_destroy_unmap_eq(dev, &table->async_eq); + if (err) + mlx5_core_err(dev, "failed to destroy async eq, err(%d)\n", + err); mlx5_cmd_use_polling(dev); err = mlx5_destroy_unmap_eq(dev, &table->cmd_eq); - if (err) + if (err) { + mlx5_core_err(dev, "failed to destroy command eq, err(%d)\n", + err); mlx5_cmd_use_events(dev); - - return err; + } } int mlx5_core_eq_query(struct mlx5_core_dev *dev, struct mlx5_eq *eq, --- a/include/linux/mlx5/driver.h +++ b/include/linux/mlx5/driver.h @@ -1017,7 +1017,7 @@ int mlx5_create_map_eq(struct mlx5_core_ enum mlx5_eq_type type); int mlx5_destroy_unmap_eq(struct mlx5_core_dev *dev, struct mlx5_eq *eq); int mlx5_start_eqs(struct mlx5_core_dev *dev); -int mlx5_stop_eqs(struct mlx5_core_dev *dev); +void mlx5_stop_eqs(struct mlx5_core_dev *dev); int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn, unsigned int *irqn); int mlx5_core_attach_mcg(struct mlx5_core_dev *dev, union ib_gid *mgid, u32 qpn); Patches currently in stable-queue which might be from moshe(a)mellanox.com are queue-4.14/net-mlx5e-fix-ets-bw-check.patch queue-4.14/net-mlx5-stay-in-polling-mode-when-command-eq-destroy-fails.patch queue-4.14/net-mlx5-cleanup-irqs-in-case-of-unload-failure.patch

7 years, 2 months

1
0
0 0

Patch "net: mediatek: setup proper state for disabled GMAC on the default" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: mediatek: setup proper state for disabled GMAC on the default to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mediatek-setup-proper-state-for-disabled-gmac-on-the-default.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Sean Wang <sean.wang(a)mediatek.com> Date: Mon, 18 Dec 2017 17:00:17 +0800 Subject: net: mediatek: setup proper state for disabled GMAC on the default From: Sean Wang <sean.wang(a)mediatek.com> [ Upstream commit 7352e252b5bf40d59342494a70354a2d436fd0cd ] The current solution would setup fixed and force link of 1Gbps to the both GMAC on the default. However, The GMAC should always be put to link down state when the GMAC is disabled on certain target boards. Otherwise, the driver possibly receives unexpected data from the floating hardware connection through the unused GMAC. Although the driver had been added certain protection in RX path to get rid of such kind of unexpected data sent to the upper stack. Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c @@ -1959,11 +1959,12 @@ static int mtk_hw_init(struct mtk_eth *e /* set GE2 TUNE */ regmap_write(eth->pctl, GPIO_BIAS_CTRL, 0x0); - /* GE1, Force 1000M/FD, FC ON */ - mtk_w32(eth, MAC_MCR_FIXED_LINK, MTK_MAC_MCR(0)); - - /* GE2, Force 1000M/FD, FC ON */ - mtk_w32(eth, MAC_MCR_FIXED_LINK, MTK_MAC_MCR(1)); + /* Set linkdown as the default for each GMAC. Its own MCR would be set + * up with the more appropriate value when mtk_phy_link_adjust call is + * being invoked. + */ + for (i = 0; i < MTK_MAC_COUNT; i++) + mtk_w32(eth, 0, MTK_MAC_MCR(i)); /* Indicates CDM to parse the MTK special tag from CPU * which also is working out for untag packets. Patches currently in stable-queue which might be from sean.wang(a)mediatek.com are queue-4.14/net-mediatek-setup-proper-state-for-disabled-gmac-on-the-default.patch

7 years, 2 months

1
0
0 0

Patch "net: gianfar_ptp: move set_fipers() to spinlock protecting area" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: gianfar_ptp: move set_fipers() to spinlock protecting area to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-gianfar_ptp-move-set_fipers-to-spinlock-protecting-area.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Yangbo Lu <yangbo.lu(a)nxp.com> Date: Tue, 9 Jan 2018 11:02:33 +0800 Subject: net: gianfar_ptp: move set_fipers() to spinlock protecting area From: Yangbo Lu <yangbo.lu(a)nxp.com> [ Upstream commit 11d827a993a969c3c6ec56758ff63a44ba19b466 ] set_fipers() calling should be protected by spinlock in case that any interrupt breaks related registers setting and the function we expect. This patch is to move set_fipers() to spinlock protecting area in ptp_gianfar_adjtime(). Signed-off-by: Yangbo Lu <yangbo.lu(a)nxp.com> Acked-by: Richard Cochran <richardcochran(a)gmail.com> Reviewed-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/gianfar_ptp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/ethernet/freescale/gianfar_ptp.c +++ b/drivers/net/ethernet/freescale/gianfar_ptp.c @@ -319,11 +319,10 @@ static int ptp_gianfar_adjtime(struct pt now = tmr_cnt_read(etsects); now += delta; tmr_cnt_write(etsects, now); + set_fipers(etsects); spin_unlock_irqrestore(&etsects->lock, flags); - set_fipers(etsects); - return 0; } Patches currently in stable-queue which might be from yangbo.lu(a)nxp.com are queue-4.14/net-gianfar_ptp-move-set_fipers-to-spinlock-protecting-area.patch

7 years, 2 months

1
0
0 0

Patch "net: ena: unmask MSI-X only after device initialization is completed" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ena: unmask MSI-X only after device initialization is completed to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ena-unmask-msi-x-only-after-device-initialization-is-completed.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Netanel Belgazal <netanel(a)amazon.com> Date: Wed, 3 Jan 2018 06:17:29 +0000 Subject: net: ena: unmask MSI-X only after device initialization is completed From: Netanel Belgazal <netanel(a)amazon.com> [ Upstream commit 7853b49ce8e0ef6364d24512b287463841d71bd3 ] Under certain conditions MSI-X interrupt might arrive right after it was unmasked in ena_up(). There is a chance it would be processed by the driver before device ENA_FLAG_DEV_UP flag is set. In such a case the interrupt is ignored. ENA device operates in auto-masked mode, therefore ignoring interrupt leaves it masked for good. Moving unmask of interrupt to be the last step in ena_up(). Signed-off-by: Netanel Belgazal <netanel(a)amazon.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/amazon/ena/ena_netdev.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) --- a/drivers/net/ethernet/amazon/ena/ena_netdev.c +++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c @@ -1565,7 +1565,7 @@ static int ena_rss_configure(struct ena_ static int ena_up_complete(struct ena_adapter *adapter) { - int rc, i; + int rc; rc = ena_rss_configure(adapter); if (rc) @@ -1584,17 +1584,6 @@ static int ena_up_complete(struct ena_ad ena_napi_enable_all(adapter); - /* Enable completion queues interrupt */ - for (i = 0; i < adapter->num_queues; i++) - ena_unmask_interrupt(&adapter->tx_ring[i], - &adapter->rx_ring[i]); - - /* schedule napi in case we had pending packets - * from the last time we disable napi - */ - for (i = 0; i < adapter->num_queues; i++) - napi_schedule(&adapter->ena_napi[i].napi); - return 0; } @@ -1731,7 +1720,7 @@ create_err: static int ena_up(struct ena_adapter *adapter) { - int rc; + int rc, i; netdev_dbg(adapter->netdev, "%s\n", __func__); @@ -1774,6 +1763,17 @@ static int ena_up(struct ena_adapter *ad set_bit(ENA_FLAG_DEV_UP, &adapter->flags); + /* Enable completion queues interrupt */ + for (i = 0; i < adapter->num_queues; i++) + ena_unmask_interrupt(&adapter->tx_ring[i], + &adapter->rx_ring[i]); + + /* schedule napi in case we had pending packets + * from the last time we disable napi + */ + for (i = 0; i < adapter->num_queues; i++) + napi_schedule(&adapter->ena_napi[i].napi); + return rc; err_up: Patches currently in stable-queue which might be from netanel(a)amazon.com are queue-4.14/net-ena-unmask-msi-x-only-after-device-initialization-is-completed.patch

7 years, 2 months

1
0
0 0

Patch "net: arc_emac: fix arc_emac_rx() error paths" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: arc_emac: fix arc_emac_rx() error paths to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-arc_emac-fix-arc_emac_rx-error-paths.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Alexander Kochetkov <al.kochet(a)gmail.com> Date: Fri, 15 Dec 2017 20:20:06 +0300 Subject: net: arc_emac: fix arc_emac_rx() error paths From: Alexander Kochetkov <al.kochet(a)gmail.com> [ Upstream commit e688822d035b494071ecbadcccbd6f3325fb0f59 ] arc_emac_rx() has some issues found by code review. In case netdev_alloc_skb_ip_align() or dma_map_single() failure rx fifo entry will not be returned to EMAC. In case dma_map_single() failure previously allocated skb became lost to driver. At the same time address of newly allocated skb will not be provided to EMAC. Signed-off-by: Alexander Kochetkov <al.kochet(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/arc/emac_main.c | 53 ++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 22 deletions(-) --- a/drivers/net/ethernet/arc/emac_main.c +++ b/drivers/net/ethernet/arc/emac_main.c @@ -210,39 +210,48 @@ static int arc_emac_rx(struct net_device continue; } - pktlen = info & LEN_MASK; - stats->rx_packets++; - stats->rx_bytes += pktlen; - skb = rx_buff->skb; - skb_put(skb, pktlen); - skb->dev = ndev; - skb->protocol = eth_type_trans(skb, ndev); - - dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr), - dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE); - - /* Prepare the BD for next cycle */ - rx_buff->skb = netdev_alloc_skb_ip_align(ndev, - EMAC_BUFFER_SIZE); - if (unlikely(!rx_buff->skb)) { + /* Prepare the BD for next cycle. netif_receive_skb() + * only if new skb was allocated and mapped to avoid holes + * in the RX fifo. + */ + skb = netdev_alloc_skb_ip_align(ndev, EMAC_BUFFER_SIZE); + if (unlikely(!skb)) { + if (net_ratelimit()) + netdev_err(ndev, "cannot allocate skb\n"); + /* Return ownership to EMAC */ + rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE); stats->rx_errors++; - /* Because receive_skb is below, increment rx_dropped */ stats->rx_dropped++; continue; } - /* receive_skb only if new skb was allocated to avoid holes */ - netif_receive_skb(skb); - - addr = dma_map_single(&ndev->dev, (void *)rx_buff->skb->data, + addr = dma_map_single(&ndev->dev, (void *)skb->data, EMAC_BUFFER_SIZE, DMA_FROM_DEVICE); if (dma_mapping_error(&ndev->dev, addr)) { if (net_ratelimit()) - netdev_err(ndev, "cannot dma map\n"); - dev_kfree_skb(rx_buff->skb); + netdev_err(ndev, "cannot map dma buffer\n"); + dev_kfree_skb(skb); + /* Return ownership to EMAC */ + rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE); stats->rx_errors++; + stats->rx_dropped++; continue; } + + /* unmap previosly mapped skb */ + dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr), + dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE); + + pktlen = info & LEN_MASK; + stats->rx_packets++; + stats->rx_bytes += pktlen; + skb_put(rx_buff->skb, pktlen); + rx_buff->skb->dev = ndev; + rx_buff->skb->protocol = eth_type_trans(rx_buff->skb, ndev); + + netif_receive_skb(rx_buff->skb); + + rx_buff->skb = skb; dma_unmap_addr_set(rx_buff, addr, addr); dma_unmap_len_set(rx_buff, len, EMAC_BUFFER_SIZE); Patches currently in stable-queue which might be from al.kochet(a)gmail.com are queue-4.14/net-arc_emac-fix-arc_emac_rx-error-paths.patch

7 years, 2 months

1
0
0 0

Patch "net: aquantia: Fix hardware DMA stream overload on large MRRS" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: aquantia: Fix hardware DMA stream overload on large MRRS to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-aquantia-fix-hardware-dma-stream-overload-on-large-mrrs.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Igor Russkikh <igor.russkikh(a)aquantia.com> Date: Thu, 14 Dec 2017 12:34:41 +0300 Subject: net: aquantia: Fix hardware DMA stream overload on large MRRS From: Igor Russkikh <igor.russkikh(a)aquantia.com> [ Upstream commit 1e366161510f266516107a69db91f1f2edaea11c ] Systems with large MRRS on device (2K, 4K) with high data rates and/or large MTU, atlantic observes DMA packet buffer overflow. On some systems that causes PCIe transaction errors, hardware NMIs or datapath freeze. This patch 1) Limits MRRS from device side to 2K (thats maximum our hardware supports) 2) Limit maximum size of outstanding TX DMA data read requests. This makes hardware buffers running fine. Signed-off-by: Pavel Belous <pavel.belous(a)aquantia.com> Signed-off-by: Igor Russkikh <igor.russkikh(a)aquantia.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 12 ++++++++++ drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_llh_internal.h | 6 +++++ 2 files changed, 18 insertions(+) --- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c +++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c @@ -16,6 +16,7 @@ #include "hw_atl_utils.h" #include "hw_atl_llh.h" #include "hw_atl_b0_internal.h" +#include "hw_atl_llh_internal.h" static int hw_atl_b0_get_hw_caps(struct aq_hw_s *self, struct aq_hw_caps_s *aq_hw_caps, @@ -368,6 +369,7 @@ static int hw_atl_b0_hw_init(struct aq_h }; int err = 0; + u32 val; self->aq_nic_cfg = aq_nic_cfg; @@ -385,6 +387,16 @@ static int hw_atl_b0_hw_init(struct aq_h hw_atl_b0_hw_rss_set(self, &aq_nic_cfg->aq_rss); hw_atl_b0_hw_rss_hash_set(self, &aq_nic_cfg->aq_rss); + /* Force limit MRRS on RDM/TDM to 2K */ + val = aq_hw_read_reg(self, pci_reg_control6_adr); + aq_hw_write_reg(self, pci_reg_control6_adr, (val & ~0x707) | 0x404); + + /* TX DMA total request limit. B0 hardware is not capable to + * handle more than (8K-MRRS) incoming DMA data. + * Value 24 in 256byte units + */ + aq_hw_write_reg(self, tx_dma_total_req_limit_adr, 24); + err = aq_hw_err_from_flags(self); if (err < 0) goto err_exit; --- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_llh_internal.h +++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_llh_internal.h @@ -2343,6 +2343,9 @@ #define tx_dma_desc_base_addrmsw_adr(descriptor) \ (0x00007c04u + (descriptor) * 0x40) +/* tx dma total request limit */ +#define tx_dma_total_req_limit_adr 0x00007b20u + /* tx interrupt moderation control register definitions * Preprocessor definitions for TX Interrupt Moderation Control Register * Base Address: 0x00008980 @@ -2369,6 +2372,9 @@ /* default value of bitfield reg_res_dsbl */ #define pci_reg_res_dsbl_default 0x1 +/* PCI core control register */ +#define pci_reg_control6_adr 0x1014u + /* global microprocessor scratch pad definitions */ #define glb_cpu_scratch_scp_adr(scratch_scp) (0x00000300u + (scratch_scp) * 0x4) Patches currently in stable-queue which might be from igor.russkikh(a)aquantia.com are queue-4.14/net-aquantia-fix-actual-speed-capabilities-reporting.patch queue-4.14/net-aquantia-fix-hardware-dma-stream-overload-on-large-mrrs.patch

7 years, 2 months

1
0
0 0

Patch "net: aquantia: Fix actual speed capabilities reporting" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: aquantia: Fix actual speed capabilities reporting to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-aquantia-fix-actual-speed-capabilities-reporting.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Igor Russkikh <igor.russkikh(a)aquantia.com> Date: Thu, 14 Dec 2017 12:34:40 +0300 Subject: net: aquantia: Fix actual speed capabilities reporting From: Igor Russkikh <igor.russkikh(a)aquantia.com> [ Upstream commit e4d02ca04c6d48ab2226342a1c4ed54f1dbb72bd ] Different hardware device Ids correspond to different maximum speed available. Extra checks were added for devices D108 and D109 to remove unsupported speeds from these device capabilities list. Signed-off-by: Igor Russkikh <igor.russkikh(a)aquantia.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 4 +++- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 7 ++++--- drivers/net/ethernet/aquantia/atlantic/aq_nic.h | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c | 5 +++-- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 13 ++++++++++++- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 13 ++++++++++++- 6 files changed, 35 insertions(+), 9 deletions(-) --- a/drivers/net/ethernet/aquantia/atlantic/aq_hw.h +++ b/drivers/net/ethernet/aquantia/atlantic/aq_hw.h @@ -85,7 +85,9 @@ struct aq_hw_ops { void (*destroy)(struct aq_hw_s *self); int (*get_hw_caps)(struct aq_hw_s *self, - struct aq_hw_caps_s *aq_hw_caps); + struct aq_hw_caps_s *aq_hw_caps, + unsigned short device, + unsigned short subsystem_device); int (*hw_ring_tx_xmit)(struct aq_hw_s *self, struct aq_ring_s *aq_ring, unsigned int frags); --- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c +++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c @@ -222,7 +222,7 @@ static struct net_device *aq_nic_ndev_al struct aq_nic_s *aq_nic_alloc_cold(const struct net_device_ops *ndev_ops, const struct ethtool_ops *et_ops, - struct device *dev, + struct pci_dev *pdev, struct aq_pci_func_s *aq_pci_func, unsigned int port, const struct aq_hw_ops *aq_hw_ops) @@ -242,7 +242,7 @@ struct aq_nic_s *aq_nic_alloc_cold(const ndev->netdev_ops = ndev_ops; ndev->ethtool_ops = et_ops; - SET_NETDEV_DEV(ndev, dev); + SET_NETDEV_DEV(ndev, &pdev->dev); ndev->if_port = port; self->ndev = ndev; @@ -254,7 +254,8 @@ struct aq_nic_s *aq_nic_alloc_cold(const self->aq_hw = self->aq_hw_ops.create(aq_pci_func, self->port, &self->aq_hw_ops); - err = self->aq_hw_ops.get_hw_caps(self->aq_hw, &self->aq_hw_caps); + err = self->aq_hw_ops.get_hw_caps(self->aq_hw, &self->aq_hw_caps, + pdev->device, pdev->subsystem_device); if (err < 0) goto err_exit; --- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.h +++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.h @@ -71,7 +71,7 @@ struct aq_nic_cfg_s { struct aq_nic_s *aq_nic_alloc_cold(const struct net_device_ops *ndev_ops, const struct ethtool_ops *et_ops, - struct device *dev, + struct pci_dev *pdev, struct aq_pci_func_s *aq_pci_func, unsigned int port, const struct aq_hw_ops *aq_hw_ops); --- a/drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c +++ b/drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c @@ -51,7 +51,8 @@ struct aq_pci_func_s *aq_pci_func_alloc( pci_set_drvdata(pdev, self); self->pdev = pdev; - err = aq_hw_ops->get_hw_caps(NULL, &self->aq_hw_caps); + err = aq_hw_ops->get_hw_caps(NULL, &self->aq_hw_caps, pdev->device, + pdev->subsystem_device); if (err < 0) goto err_exit; @@ -59,7 +60,7 @@ struct aq_pci_func_s *aq_pci_func_alloc( for (port = 0; port < self->ports; ++port) { struct aq_nic_s *aq_nic = aq_nic_alloc_cold(ndev_ops, eth_ops, - &pdev->dev, self, + pdev, self, port, aq_hw_ops); if (!aq_nic) { --- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c +++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c @@ -18,9 +18,20 @@ #include "hw_atl_a0_internal.h" static int hw_atl_a0_get_hw_caps(struct aq_hw_s *self, - struct aq_hw_caps_s *aq_hw_caps) + struct aq_hw_caps_s *aq_hw_caps, + unsigned short device, + unsigned short subsystem_device) { memcpy(aq_hw_caps, &hw_atl_a0_hw_caps_, sizeof(*aq_hw_caps)); + + if (device == HW_ATL_DEVICE_ID_D108 && subsystem_device == 0x0001) + aq_hw_caps->link_speed_msk &= ~HW_ATL_A0_RATE_10G; + + if (device == HW_ATL_DEVICE_ID_D109 && subsystem_device == 0x0001) { + aq_hw_caps->link_speed_msk &= ~HW_ATL_A0_RATE_10G; + aq_hw_caps->link_speed_msk &= ~HW_ATL_A0_RATE_5G; + } + return 0; } --- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c +++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c @@ -18,9 +18,20 @@ #include "hw_atl_b0_internal.h" static int hw_atl_b0_get_hw_caps(struct aq_hw_s *self, - struct aq_hw_caps_s *aq_hw_caps) + struct aq_hw_caps_s *aq_hw_caps, + unsigned short device, + unsigned short subsystem_device) { memcpy(aq_hw_caps, &hw_atl_b0_hw_caps_, sizeof(*aq_hw_caps)); + + if (device == HW_ATL_DEVICE_ID_D108 && subsystem_device == 0x0001) + aq_hw_caps->link_speed_msk &= ~HW_ATL_B0_RATE_10G; + + if (device == HW_ATL_DEVICE_ID_D109 && subsystem_device == 0x0001) { + aq_hw_caps->link_speed_msk &= ~HW_ATL_B0_RATE_10G; + aq_hw_caps->link_speed_msk &= ~HW_ATL_B0_RATE_5G; + } + return 0; } Patches currently in stable-queue which might be from igor.russkikh(a)aquantia.com are queue-4.14/net-aquantia-fix-actual-speed-capabilities-reporting.patch queue-4.14/net-aquantia-fix-hardware-dma-stream-overload-on-large-mrrs.patch

7 years, 2 months

1
0
0 0

Patch "mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-gpmi-fix-failure-when-a-erased-page-has-a-bitflip-at-bbm.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Sascha Hauer <s.hauer(a)pengutronix.de> Date: Tue, 5 Dec 2017 11:51:40 +0100 Subject: mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM From: Sascha Hauer <s.hauer(a)pengutronix.de> [ Upstream commit fdf2e821052958a114618a95ab18a300d0b080cb ] When erased subpages are read then the BCH decoder returns STATUS_ERASED if they are all empty, or STATUS_UNCORRECTABLE if there are bitflips. When there are bitflips, we have to set these bits again to show the upper layers a completely erased page. When a bitflip happens in the exact byte where the bad block marker is, then this byte is swapped with another byte in block_mark_swapping(). The correction code then detects a bitflip in another subpage and no longer corrects the bitflip where it really happens. Correct this behaviour by calling block_mark_swapping() after the bitflips have been corrected. In our case UBIFS failed with this bug because it expects erased pages to be really empty: UBIFS error (pid 187): ubifs_scan: corrupt empty space at LEB 36:118735 UBIFS error (pid 187): ubifs_scanned_corruption: corruption at LEB 36:118735 UBIFS error (pid 187): ubifs_scanned_corruption: first 8192 bytes from LEB 36:118735 UBIFS error (pid 187): ubifs_scan: LEB 36 scanning failed UBIFS error (pid 187): do_commit: commit failed, error -117 Signed-off-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Richard Weinberger <richard(a)nod.at> Acked-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1067,9 +1067,6 @@ static int gpmi_ecc_read_page(struct mtd return ret; } - /* handle the block mark swapping */ - block_mark_swapping(this, payload_virt, auxiliary_virt); - /* Loop over status bytes, accumulating ECC status. */ status = auxiliary_virt + nfc_geo->auxiliary_status_offset; @@ -1158,6 +1155,9 @@ static int gpmi_ecc_read_page(struct mtd max_bitflips = max_t(unsigned int, max_bitflips, *status); } + /* handle the block mark swapping */ + block_mark_swapping(this, buf, auxiliary_virt); + if (oob_required) { /* * It's time to deliver the OOB bytes. See gpmi_ecc_read_oob() Patches currently in stable-queue which might be from s.hauer(a)pengutronix.de are queue-4.14/mtd-nand-gpmi-fix-failure-when-a-erased-page-has-a-bitflip-at-bbm.patch

7 years, 2 months

1
0
0 0

Patch "mtd: nand: brcmnand: Zero bitflip is not an error" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: brcmnand: Zero bitflip is not an error to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-brcmnand-zero-bitflip-is-not-an-error.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Albert Hsieh <wen.hsieh(a)broadcom.com> Date: Mon, 20 Nov 2017 11:26:26 +0800 Subject: mtd: nand: brcmnand: Zero bitflip is not an error From: Albert Hsieh <wen.hsieh(a)broadcom.com> [ Upstream commit e44b9a9c135727f3410e029910275f40681dc8bc ] A negative return value of brcmstb_nand_verify_erased_page() indicates a real bitflip error of an erased page, and other return values (>= 0) show the corrected bitflip number. Zero return value means no bitflip, but the current driver code treats it as an error, and eventually leads to falsely reported ECC error. Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflip") Signed-off-by: Albert Hsieh <wen.hsieh(a)broadcom.com> Acked-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/brcmnand/brcmnand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/mtd/nand/brcmnand/brcmnand.c +++ b/drivers/mtd/nand/brcmnand/brcmnand.c @@ -1763,7 +1763,7 @@ try_dmaread: err = brcmstb_nand_verify_erased_page(mtd, chip, buf, addr); /* erased page bitflips corrected */ - if (err > 0) + if (err >= 0) return err; } Patches currently in stable-queue which might be from wen.hsieh(a)broadcom.com are queue-4.14/mtd-nand-brcmnand-zero-bitflip-is-not-an-error.patch

7 years, 2 months

1
0
0 0

Patch "mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mm-frame_vector.c-release-a-semaphore-in-get_vaddr_frames.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Thu, 14 Dec 2017 15:33:08 -0800 Subject: mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 1f704fd0d14043e76e80f6b8b2251b9b2cedcca6 ] A semaphore is acquired before this check, so we must release it before leaving. Link: http://lkml.kernel.org/r/20171211211009.4971-1-christophe.jaillet@wanadoo.fr Fixes: b7f0554a56f2 ("mm: fail get_vaddr_frames() for filesystem-dax mappings") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: David Sterba <dsterba(a)suse.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/frame_vector.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/mm/frame_vector.c +++ b/mm/frame_vector.c @@ -62,8 +62,10 @@ int get_vaddr_frames(unsigned long start * get_user_pages_longterm() and disallow it for filesystem-dax * mappings. */ - if (vma_is_fsdax(vma)) - return -EOPNOTSUPP; + if (vma_is_fsdax(vma)) { + ret = -EOPNOTSUPP; + goto out; + } if (!(vma->vm_flags & (VM_IO | VM_PFNMAP))) { vec->got_ref = true; Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-4.14/mdio-sun4i-fix-a-memory-leak.patch queue-4.14/mm-frame_vector.c-release-a-semaphore-in-get_vaddr_frames.patch

7 years, 2 months

1
0
0 0

Patch "mlxsw: pci: Wait after reset before accessing HW" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mlxsw: pci: Wait after reset before accessing HW to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mlxsw-pci-wait-after-reset-before-accessing-hw.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Yuval Mintz <yuvalm(a)mellanox.com> Date: Wed, 10 Jan 2018 11:42:43 +0100 Subject: mlxsw: pci: Wait after reset before accessing HW From: Yuval Mintz <yuvalm(a)mellanox.com> [ Upstream commit 8e033a93b37f37aa9fca71a370a895155320af60 ] After performing reset driver polls on HW indication until learning that the reset is done, but immediately after reset the device becomes unresponsive which might lead to completion timeout on the first read. Wait for 100ms before starting the polling. Fixes: 233fa44bd67a ("mlxsw: pci: Implement reset done check") Signed-off-by: Yuval Mintz <yuvalm(a)mellanox.com> Reviewed-by: Ido Schimmel <idosch(a)mellanox.com> Signed-off-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlxsw/pci.c | 7 ++++++- drivers/net/ethernet/mellanox/mlxsw/pci_hw.h | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/mellanox/mlxsw/pci.c +++ b/drivers/net/ethernet/mellanox/mlxsw/pci.c @@ -1643,7 +1643,12 @@ static int mlxsw_pci_sw_reset(struct mlx return 0; } - wmb(); /* reset needs to be written before we read control register */ + /* Reset needs to be written before we read control register, and + * we must wait for the HW to become responsive once again + */ + wmb(); + msleep(MLXSW_PCI_SW_RESET_WAIT_MSECS); + end = jiffies + msecs_to_jiffies(MLXSW_PCI_SW_RESET_TIMEOUT_MSECS); do { u32 val = mlxsw_pci_read32(mlxsw_pci, FW_READY); --- a/drivers/net/ethernet/mellanox/mlxsw/pci_hw.h +++ b/drivers/net/ethernet/mellanox/mlxsw/pci_hw.h @@ -59,6 +59,7 @@ #define MLXSW_PCI_SW_RESET 0xF0010 #define MLXSW_PCI_SW_RESET_RST_BIT BIT(0) #define MLXSW_PCI_SW_RESET_TIMEOUT_MSECS 5000 +#define MLXSW_PCI_SW_RESET_WAIT_MSECS 100 #define MLXSW_PCI_FW_READY 0xA1844 #define MLXSW_PCI_FW_READY_MASK 0xFFFF #define MLXSW_PCI_FW_READY_MAGIC 0x5E Patches currently in stable-queue which might be from yuvalm(a)mellanox.com are queue-4.14/mlxsw-pci-wait-after-reset-before-accessing-hw.patch

7 years, 2 months

1
0
0 0

Patch "mdio-sun4i: Fix a memory leak" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mdio-sun4i: Fix a memory leak to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mdio-sun4i-fix-a-memory-leak.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sat, 6 Jan 2018 09:00:09 +0100 Subject: mdio-sun4i: Fix a memory leak From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 56c0290202ab94a2f2780c449395d4ae8495fab4 ] If the probing of the regulator is deferred, the memory allocated by 'mdiobus_alloc_size()' will be leaking. It should be freed before the next call to 'sun4i_mdio_probe()' which will reallocate it. Fixes: 4bdcb1dd9feb ("net: Add MDIO bus driver for the Allwinner EMAC") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/phy/mdio-sun4i.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/phy/mdio-sun4i.c +++ b/drivers/net/phy/mdio-sun4i.c @@ -118,8 +118,10 @@ static int sun4i_mdio_probe(struct platf data->regulator = devm_regulator_get(&pdev->dev, "phy"); if (IS_ERR(data->regulator)) { - if (PTR_ERR(data->regulator) == -EPROBE_DEFER) - return -EPROBE_DEFER; + if (PTR_ERR(data->regulator) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto err_out_free_mdiobus; + } dev_info(&pdev->dev, "no regulator found\n"); data->regulator = NULL; Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-4.14/mdio-sun4i-fix-a-memory-leak.patch queue-4.14/mm-frame_vector.c-release-a-semaphore-in-get_vaddr_frames.patch

7 years, 2 months

1
0
0 0

Patch "macvlan: Fix one possible double free" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled macvlan: Fix one possible double free to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: macvlan-fix-one-possible-double-free.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Gao Feng <gfree.wind(a)vip.163.com> Date: Tue, 26 Dec 2017 21:44:32 +0800 Subject: macvlan: Fix one possible double free From: Gao Feng <gfree.wind(a)vip.163.com> [ Upstream commit d02fd6e7d2933ede6478a15f9e4ce8a93845824e ] Because the macvlan_uninit would free the macvlan port, so there is one double free case in macvlan_common_newlink. When the macvlan port is just created, then register_netdevice or netdev_upper_dev_link failed and they would invoke macvlan_uninit. Then it would reach the macvlan_port_destroy which triggers the double free. Signed-off-by: Gao Feng <gfree.wind(a)vip.163.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/macvlan.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -1441,9 +1441,14 @@ int macvlan_common_newlink(struct net *s return 0; unregister_netdev: + /* macvlan_uninit would free the macvlan port */ unregister_netdevice(dev); + return err; destroy_macvlan_port: - if (create) + /* the macvlan port may be freed by macvlan_uninit when fail to register. + * so we destroy the macvlan port only when it's valid. + */ + if (create && macvlan_port_get_rtnl(dev)) macvlan_port_destroy(port->dev); return err; } Patches currently in stable-queue which might be from gfree.wind(a)vip.163.com are queue-4.14/macvlan-fix-one-possible-double-free.patch

7 years, 2 months

1
0
0 0

Patch "mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211_hwsim-fix-a-possible-sleep-in-atomic-bug-in-hwsim_get_radio_nl.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Jia-Ju Bai <baijiaju1990(a)163.com> Date: Tue, 12 Dec 2017 17:26:36 +0800 Subject: mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl From: Jia-Ju Bai <baijiaju1990(a)163.com> [ Upstream commit 162bd5e5fd921785077b5862d8f2ffabe2fe11e5 ] The driver may sleep under a spinlock. The function call path is: hwsim_get_radio_nl (acquire the spinlock) nlmsg_new(GFP_KERNEL) --> may sleep To fix it, GFP_KERNEL is replaced with GFP_ATOMIC. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai <baijiaju1990(a)163.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/mac80211_hwsim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3220,7 +3220,7 @@ static int hwsim_get_radio_nl(struct sk_ if (!net_eq(wiphy_net(data->hw->wiphy), genl_info_net(info))) continue; - skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); if (!skb) { res = -ENOMEM; goto out_err; Patches currently in stable-queue which might be from baijiaju1990(a)163.com are queue-4.14/mac80211_hwsim-fix-a-possible-sleep-in-atomic-bug-in-hwsim_get_radio_nl.patch

7 years, 2 months

1
0
0 0

Patch "mac80211: mesh: drop frames appearing to be from us" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211: mesh: drop frames appearing to be from us to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211-mesh-drop-frames-appearing-to-be-from-us.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Johannes Berg <johannes.berg(a)intel.com> Date: Thu, 4 Jan 2018 15:51:53 +0100 Subject: mac80211: mesh: drop frames appearing to be from us From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 736a80bbfda709fb3631f5f62056f250a38e5804 ] If there are multiple mesh stations with the same MAC address, they will both get confused and start throwing warnings. Obviously in this case nothing can actually work anyway, so just drop frames that look like they're from ourselves early on. Reported-by: Gui Iribarren <gui(a)altermundi.net> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/mac80211/rx.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -3632,6 +3632,8 @@ static bool ieee80211_accept_frame(struc } return true; case NL80211_IFTYPE_MESH_POINT: + if (ether_addr_equal(sdata->vif.addr, hdr->addr2)) + return false; if (multicast) return true; return ether_addr_equal(sdata->vif.addr, hdr->addr1); Patches currently in stable-queue which might be from johannes.berg(a)intel.com are queue-4.14/mac80211_hwsim-fix-a-possible-sleep-in-atomic-bug-in-hwsim_get_radio_nl.patch queue-4.14/nl80211-check-for-the-required-netlink-attribute-presence.patch queue-4.14/mac80211-mesh-drop-frames-appearing-to-be-from-us.patch

7 years, 2 months

1
0
0 0

Patch "lib/mpi: Fix umul_ppmm() for MIPS64r6" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled lib/mpi: Fix umul_ppmm() for MIPS64r6 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: lib-mpi-fix-umul_ppmm-for-mips64r6.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: James Hogan <jhogan(a)kernel.org> Date: Tue, 5 Dec 2017 23:31:35 +0000 Subject: lib/mpi: Fix umul_ppmm() for MIPS64r6 From: James Hogan <jhogan(a)kernel.org> [ Upstream commit bbc25bee37d2b32cf3a1fab9195b6da3a185614a ] Current MIPS64r6 toolchains aren't able to generate efficient DMULU/DMUHU based code for the C implementation of umul_ppmm(), which performs an unsigned 64 x 64 bit multiply and returns the upper and lower 64-bit halves of the 128-bit result. Instead it widens the 64-bit inputs to 128-bits and emits a __multi3 intrinsic call to perform a 128 x 128 multiply. This is both inefficient, and it results in a link error since we don't include __multi3 in MIPS linux. For example commit 90a53e4432b1 ("cfg80211: implement regdb signature checking") merged in v4.15-rc1 recently broke the 64r6_defconfig and 64r6el_defconfig builds by indirectly selecting MPILIB. The same build errors can be reproduced on older kernels by enabling e.g. CRYPTO_RSA: lib/mpi/generic_mpih-mul1.o: In function `mpihelp_mul_1': lib/mpi/generic_mpih-mul1.c:50: undefined reference to `__multi3' lib/mpi/generic_mpih-mul2.o: In function `mpihelp_addmul_1': lib/mpi/generic_mpih-mul2.c:49: undefined reference to `__multi3' lib/mpi/generic_mpih-mul3.o: In function `mpihelp_submul_1': lib/mpi/generic_mpih-mul3.c:49: undefined reference to `__multi3' lib/mpi/mpih-div.o In function `mpihelp_divrem': lib/mpi/mpih-div.c:205: undefined reference to `__multi3' lib/mpi/mpih-div.c:142: undefined reference to `__multi3' Therefore add an efficient MIPS64r6 implementation of umul_ppmm() using inline assembly and the DMULU/DMUHU instructions, to prevent __multi3 calls being emitted. Fixes: 7fd08ca58ae6 ("MIPS: Add build support for the MIPS R6 ISA") Signed-off-by: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: linux-mips(a)linux-mips.org Cc: linux-crypto(a)vger.kernel.org Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- lib/mpi/longlong.h | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) --- a/lib/mpi/longlong.h +++ b/lib/mpi/longlong.h @@ -671,7 +671,23 @@ do { \ ************** MIPS/64 ************** ***************************************/ #if (defined(__mips) && __mips >= 3) && W_TYPE_SIZE == 64 -#if (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4) +#if defined(__mips_isa_rev) && __mips_isa_rev >= 6 +/* + * GCC ends up emitting a __multi3 intrinsic call for MIPS64r6 with the plain C + * code below, so we special case MIPS64r6 until the compiler can do better. + */ +#define umul_ppmm(w1, w0, u, v) \ +do { \ + __asm__ ("dmulu %0,%1,%2" \ + : "=d" ((UDItype)(w0)) \ + : "d" ((UDItype)(u)), \ + "d" ((UDItype)(v))); \ + __asm__ ("dmuhu %0,%1,%2" \ + : "=d" ((UDItype)(w1)) \ + : "d" ((UDItype)(u)), \ + "d" ((UDItype)(v))); \ +} while (0) +#elif (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4) #define umul_ppmm(w1, w0, u, v) \ do { \ typedef unsigned int __ll_UTItype __attribute__((mode(TI))); \ Patches currently in stable-queue which might be from jhogan(a)kernel.org are queue-4.14/lib-mpi-fix-umul_ppmm-for-mips64r6.patch

7 years, 2 months

1
0
0 0

Patch "leds: core: Fix regression caused by commit 2b83ff96f51d" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled leds: core: Fix regression caused by commit 2b83ff96f51d to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: leds-core-fix-regression-caused-by-commit-2b83ff96f51d.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Jacek Anaszewski <jacek.anaszewski(a)gmail.com> Date: Wed, 3 Jan 2018 21:13:45 +0100 Subject: leds: core: Fix regression caused by commit 2b83ff96f51d From: Jacek Anaszewski <jacek.anaszewski(a)gmail.com> [ Upstream commit 7b6af2c53192f1766892ef40c8f48a413509ed72 ] Commit 2b83ff96f51d ("led: core: Fix brightness setting when setting delay_off=0") replaced del_timer_sync(&led_cdev->blink_timer) with led_stop_software_blink() in led_blink_set(), which additionally clears LED_BLINK_SW flag as well as zeroes blink_delay_on and blink_delay_off properties of the struct led_classdev. Cleansing of the latter ones wasn't required to fix the original issue but wasn't considered harmful. It nonetheless turned out to be so in case when pointer to one or both props is passed to led_blink_set() like in the ledtrig-timer.c. In such cases zeroes are passed later in delay_on and/or delay_off arguments to led_blink_setup(), which results either in stopping the software blinking or setting blinking frequency always to 1Hz. Avoid using led_stop_software_blink() and add a single call required to clear LED_BLINK_SW flag, which was the only needed modification to fix the original issue. Fixes 2b83ff96f51d ("led: core: Fix brightness setting when setting delay_off=0") Signed-off-by: Jacek Anaszewski <jacek.anaszewski(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/leds/led-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/leds/led-core.c +++ b/drivers/leds/led-core.c @@ -187,8 +187,9 @@ void led_blink_set(struct led_classdev * unsigned long *delay_on, unsigned long *delay_off) { - led_stop_software_blink(led_cdev); + del_timer_sync(&led_cdev->blink_timer); + clear_bit(LED_BLINK_SW, &led_cdev->work_flags); clear_bit(LED_BLINK_ONESHOT, &led_cdev->work_flags); clear_bit(LED_BLINK_ONESHOT_STOP, &led_cdev->work_flags); Patches currently in stable-queue which might be from jacek.anaszewski(a)gmail.com are queue-4.14/leds-core-fix-regression-caused-by-commit-2b83ff96f51d.patch

7 years, 2 months

1
0
0 0

Patch "led: core: Fix brightness setting when setting delay_off=0" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled led: core: Fix brightness setting when setting delay_off=0 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: led-core-fix-brightness-setting-when-setting-delay_off-0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Matthieu CASTET <matthieu.castet(a)parrot.com> Date: Tue, 12 Dec 2017 11:10:44 +0100 Subject: led: core: Fix brightness setting when setting delay_off=0 From: Matthieu CASTET <matthieu.castet(a)parrot.com> [ Upstream commit 2b83ff96f51d0b039c4561b9f95c824d7bddb85c ] With the current code, the following sequence won't work : echo timer > trigger echo 0 > delay_off * at this point we call ** led_delay_off_store ** led_blink_set --- drivers/leds/led-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/leds/led-core.c +++ b/drivers/leds/led-core.c @@ -187,7 +187,7 @@ void led_blink_set(struct led_classdev * unsigned long *delay_on, unsigned long *delay_off) { - del_timer_sync(&led_cdev->blink_timer); + led_stop_software_blink(led_cdev); clear_bit(LED_BLINK_ONESHOT, &led_cdev->work_flags); clear_bit(LED_BLINK_ONESHOT_STOP, &led_cdev->work_flags); Patches currently in stable-queue which might be from matthieu.castet(a)parrot.com are queue-4.14/led-core-fix-brightness-setting-when-setting-delay_off-0.patch

7 years, 2 months

1
0
0 0

Patch "ipv6: icmp6: Allow icmp messages to be looped back" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: icmp6: Allow icmp messages to be looped back to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-icmp6-allow-icmp-messages-to-be-looped-back.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Brendan McGrath <redmcg(a)redmandi.dyndns.org> Date: Wed, 13 Dec 2017 22:14:57 +1100 Subject: ipv6: icmp6: Allow icmp messages to be looped back From: Brendan McGrath <redmcg(a)redmandi.dyndns.org> [ Upstream commit 588753f1eb18978512b1c9b85fddb457d46f9033 ] One example of when an ICMPv6 packet is required to be looped back is when a host acts as both a Multicast Listener and a Multicast Router. A Multicast Router will listen on address ff02::16 for MLDv2 messages. Currently, MLDv2 messages originating from a Multicast Listener running on the same host as the Multicast Router are not being delivered to the Multicast Router. This is due to dst.input being assigned the default value of dst_discard. This results in the packet being looped back but discarded before being delivered to the Multicast Router. This patch sets dst.input to ip6_input to ensure a looped back packet is delivered to the Multicast Router. Signed-off-by: Brendan McGrath <redmcg(a)redmandi.dyndns.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/route.c | 1 + 1 file changed, 1 insertion(+) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -1755,6 +1755,7 @@ struct dst_entry *icmp6_dst_alloc(struct } rt->dst.flags |= DST_HOST; + rt->dst.input = ip6_input; rt->dst.output = ip6_output; rt->rt6i_gateway = fl6->daddr; rt->rt6i_dst.addr = fl6->daddr; Patches currently in stable-queue which might be from redmcg(a)redmandi.dyndns.org are queue-4.14/ipv6-icmp6-allow-icmp-messages-to-be-looped-back.patch

7 years, 2 months

1
0
0 0

Patch "ip_gre: remove the incorrect mtu limit for ipgre tap" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip_gre: remove the incorrect mtu limit for ipgre tap to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 18 Dec 2017 14:24:35 +0800 Subject: ip_gre: remove the incorrect mtu limit for ipgre tap From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit cfddd4c33c254954927942599d299b3865743146 ] ipgre tap driver calls ether_setup(), after commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which is [68, 1500] by default. It causes the dev mtu of the ipgre tap device to not be greater than 1500, this limit value is not correct for ipgre tap device. Besides, it's .change_mtu already does the right check. So this patch is just to set max_mtu as 0, and leave the check to it's .change_mtu. Fixes: 61e84623ace3 ("net: centralize net_device min/max MTU checking") Reported-by: Jianlin Shi <jishi(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_gre.c | 1 + 1 file changed, 1 insertion(+) --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -1274,6 +1274,7 @@ static const struct net_device_ops erspa static void ipgre_tap_setup(struct net_device *dev) { ether_setup(dev); + dev->max_mtu = 0; dev->netdev_ops = &gre_tap_netdev_ops; dev->priv_flags &= ~IFF_TX_SKB_SHARING; dev->priv_flags |= IFF_LIVE_ADDR_CHANGE; Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch queue-4.14/vxlan-update-skb-dst-pmtu-on-tx-path.patch queue-4.14/ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "ip6_tunnel: get the min mtu properly in ip6_tnl_xmit" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_tunnel: get the min mtu properly in ip6_tnl_xmit to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 18 Dec 2017 14:26:21 +0800 Subject: ip6_tunnel: get the min mtu properly in ip6_tnl_xmit From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit c9fefa08190fc879fb2e681035d7774e0a8c5170 ] Now it's using IPV6_MIN_MTU as the min mtu in ip6_tnl_xmit, but IPV6_MIN_MTU actually only works when the inner packet is ipv6. With IPV6_MIN_MTU for ipv4 packets, the new pmtu for inner dst couldn't be set less than 1280. It would cause tx_err and the packet to be dropped when the outer dst pmtu is close to 1280. Jianlin found it by running ipv4 traffic with the topo: (client) gre6 <---> eth1 (route) eth2 <---> gre6 (server) After changing eth2 mtu to 1300, the performance became very low, or the connection was even broken. The issue also affects ip4ip6 and ip6ip6 tunnels. So if the inner packet is ipv4, 576 should be considered as the min mtu. Note that for ip4ip6 and ip6ip6 tunnels, the inner packet can only be ipv4 or ipv6, but for gre6 tunnel, it may also be ARP. This patch using 576 as the min mtu for non-ipv6 packet works for all those cases. Reported-by: Jianlin Shi <jishi(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_tunnel.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -1131,8 +1131,13 @@ route_lookup: max_headroom += 8; mtu -= 8; } - if (mtu < IPV6_MIN_MTU) - mtu = IPV6_MIN_MTU; + if (skb->protocol == htons(ETH_P_IPV6)) { + if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; + } else if (mtu < 576) { + mtu = 576; + } + if (skb_dst(skb) && !t->parms.collect_md) skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); if (skb->len - t->tun_hlen - eth_hlen > mtu && !skb_is_gso(skb)) { Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch queue-4.14/vxlan-update-skb-dst-pmtu-on-tx-path.patch queue-4.14/ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "ip6_tunnel: allow ip6gre dev mtu to be set below 1280" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_tunnel: allow ip6gre dev mtu to be set below 1280 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 25 Dec 2017 14:45:12 +0800 Subject: ip6_tunnel: allow ip6gre dev mtu to be set below 1280 From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 2fa771be953a17f8e0a9c39103464c2574444c62 ] Commit 582442d6d5bc ("ipv6: Allow the MTU of ipip6 tunnel to be set below 1280") fixed a mtu setting issue. It works for ipip6 tunnel. But ip6gre dev updates the mtu also with ip6_tnl_change_mtu. Since the inner packet over ip6gre can be ipv4 and it's mtu should also be allowed to set below 1280, the same issue also exists on ip6gre. This patch is to fix it by simply changing to check if parms.proto is IPPROTO_IPV6 in ip6_tnl_change_mtu instead, to make ip6gre to go to 'else' branch. Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_tunnel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -1684,11 +1684,11 @@ int ip6_tnl_change_mtu(struct net_device { struct ip6_tnl *tnl = netdev_priv(dev); - if (tnl->parms.proto == IPPROTO_IPIP) { - if (new_mtu < ETH_MIN_MTU) + if (tnl->parms.proto == IPPROTO_IPV6) { + if (new_mtu < IPV6_MIN_MTU) return -EINVAL; } else { - if (new_mtu < IPV6_MIN_MTU) + if (new_mtu < ETH_MIN_MTU) return -EINVAL; } if (new_mtu > 0xFFF8 - dev->hard_header_len) Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch queue-4.14/vxlan-update-skb-dst-pmtu-on-tx-path.patch queue-4.14/ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "ip6_gre: remove the incorrect mtu limit for ipgre tap" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_gre: remove the incorrect mtu limit for ipgre tap to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 18 Dec 2017 14:25:09 +0800 Subject: ip6_gre: remove the incorrect mtu limit for ipgre tap From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 2c52129a7d74d017320804c6928de770815c5f4a ] The same fix as the patch "ip_gre: remove the incorrect mtu limit for ipgre tap" is also needed for ip6_gre. Fixes: 61e84623ace3 ("net: centralize net_device min/max MTU checking") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_gre.c | 1 + 1 file changed, 1 insertion(+) --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -1335,6 +1335,7 @@ static void ip6gre_tap_setup(struct net_ ether_setup(dev); + dev->max_mtu = 0; dev->netdev_ops = &ip6gre_tap_netdev_ops; dev->needs_free_netdev = true; dev->priv_destructor = ip6gre_dev_free; Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/ip_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_gre-remove-the-incorrect-mtu-limit-for-ipgre-tap.patch queue-4.14/ip6_tunnel-allow-ip6gre-dev-mtu-to-be-set-below-1280.patch queue-4.14/vxlan-update-skb-dst-pmtu-on-tx-path.patch queue-4.14/ip6_tunnel-get-the-min-mtu-properly-in-ip6_tnl_xmit.patch queue-4.14/sctp-fix-the-issue-that-a-__u16-variable-may-overflow-in-sctp_ulpq_renege.patch

7 years, 2 months

1
0
0 0

Patch "Input: xen-kbdfront - do not advertise multi-touch pressure support" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: xen-kbdfront - do not advertise multi-touch pressure support to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-xen-kbdfront-do-not-advertise-multi-touch-pressure-support.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Date: Tue, 2 Jan 2018 09:39:25 -0800 Subject: Input: xen-kbdfront - do not advertise multi-touch pressure support From: Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> [ Upstream commit 02a0d9216d4daf6a58d88642bd2da2c78c327552 ] Some user-space applications expect multi-touch pressure on contact to be reported if it is advertised in device properties. Otherwise, such applications may treat reports not as actual touches, but hovering. Currently this is only advertised, but not reported. Fix this by not advertising that ABS_MT_PRESSURE is supported. Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Signed-off-by: Andrii Chepurnyi <andrii_chepurnyi(a)epam.com> Patchwork-Id: 10140017 Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/misc/xen-kbdfront.c | 2 -- 1 file changed, 2 deletions(-) --- a/drivers/input/misc/xen-kbdfront.c +++ b/drivers/input/misc/xen-kbdfront.c @@ -326,8 +326,6 @@ static int xenkbd_probe(struct xenbus_de 0, width, 0, 0); input_set_abs_params(mtouch, ABS_MT_POSITION_Y, 0, height, 0, 0); - input_set_abs_params(mtouch, ABS_MT_PRESSURE, - 0, 255, 0, 0); ret = input_mt_init_slots(mtouch, num_cont, INPUT_MT_DIRECT); if (ret) { Patches currently in stable-queue which might be from oleksandr_andrushchenko(a)epam.com are queue-4.14/input-xen-kbdfront-do-not-advertise-multi-touch-pressure-support.patch

7 years, 2 months

1
0
0 0

Patch "IB/mlx5: Fix mlx5_ib_alloc_mr error flow" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/mlx5: Fix mlx5_ib_alloc_mr error flow to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-mlx5-fix-mlx5_ib_alloc_mr-error-flow.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Nitzan Carmi <nitzanc(a)mellanox.com> Date: Tue, 26 Dec 2017 11:20:20 +0200 Subject: IB/mlx5: Fix mlx5_ib_alloc_mr error flow From: Nitzan Carmi <nitzanc(a)mellanox.com> [ Upstream commit 45e6ae7ef21b907dacb18da62d5787d74a31d860 ] ibmr.device is being set only after ib_alloc_mr() is (successfully) complete. Therefore, in case mlx5_core_create_mkey() return with error, the error flow calls mlx5_free_priv_descs() which uses ibmr.device (which doesn't exist yet), causing a NULL dereference oops. To fix this, the IB device should be set in the mr struct earlier stage (e.g. prior to calling mlx5_core_create_mkey()). Fixes: 8a187ee52b04 ("IB/mlx5: Support the new memory registration API") Signed-off-by: Max Gurtovoy <maxg(a)mellanox.com> Signed-off-by: Nitzan Carmi <nitzanc(a)mellanox.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/hw/mlx5/mr.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/infiniband/hw/mlx5/mr.c +++ b/drivers/infiniband/hw/mlx5/mr.c @@ -1637,6 +1637,7 @@ struct ib_mr *mlx5_ib_alloc_mr(struct ib MLX5_SET(mkc, mkc, access_mode, mr->access_mode); MLX5_SET(mkc, mkc, umr_en, 1); + mr->ibmr.device = pd->device; err = mlx5_core_create_mkey(dev->mdev, &mr->mmkey, in, inlen); if (err) goto err_destroy_psv; Patches currently in stable-queue which might be from nitzanc(a)mellanox.com are queue-4.14/ib-mlx5-fix-mlx5_ib_alloc_mr-error-flow.patch queue-4.14/ib-mlx4-fix-mlx4_ib_alloc_mr-error-flow.patch

7 years, 2 months

1
0
0 0

Patch "IB/mlx4: Fix mlx4_ib_alloc_mr error flow" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/mlx4: Fix mlx4_ib_alloc_mr error flow to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-mlx4-fix-mlx4_ib_alloc_mr-error-flow.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Leon Romanovsky <leonro(a)mellanox.com> Date: Sun, 31 Dec 2017 15:33:14 +0200 Subject: IB/mlx4: Fix mlx4_ib_alloc_mr error flow From: Leon Romanovsky <leonro(a)mellanox.com> [ Upstream commit 5a371cf87e145b86efd32007e46146e78c1eff6d ] ibmr.device is being set only after ib_alloc_mr() is successfully complete. Therefore, in case imlx4_mr_enable() returns with error, the error flow unwinder calls to mlx4_free_priv_pages(), which uses ibmr.device. Such usage causes to NULL dereference oops and to fix it, the IB device should be set in the mr struct earlier stage (e.g. prior to calling mlx4_free_priv_pages()). Fixes: 1b2cd0fc673c ("IB/mlx4: Support the new memory registration API") Signed-off-by: Nitzan Carmi <nitzanc(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/hw/mlx4/mr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/infiniband/hw/mlx4/mr.c +++ b/drivers/infiniband/hw/mlx4/mr.c @@ -406,7 +406,6 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib goto err_free_mr; mr->max_pages = max_num_sg; - err = mlx4_mr_enable(dev->dev, &mr->mmr); if (err) goto err_free_pl; @@ -417,6 +416,7 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib return &mr->ibmr; err_free_pl: + mr->ibmr.device = pd->device; mlx4_free_priv_pages(mr); err_free_mr: (void) mlx4_mr_free(dev->dev, &mr->mmr); Patches currently in stable-queue which might be from leonro(a)mellanox.com are queue-4.14/ib-mlx4-fix-mlx4_ib_alloc_mr-error-flow.patch queue-4.14/rdma-netlink-fix-locking-around-__ib_get_device_by_index.patch

7 years, 2 months

1
0
0 0

Patch "IB/ipoib: Fix race condition in neigh creation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/ipoib: Fix race condition in neigh creation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-ipoib-fix-race-condition-in-neigh-creation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Erez Shitrit <erezsh(a)mellanox.com> Date: Sun, 31 Dec 2017 15:33:15 +0200 Subject: IB/ipoib: Fix race condition in neigh creation From: Erez Shitrit <erezsh(a)mellanox.com> [ Upstream commit 16ba3defb8bd01a9464ba4820a487f5b196b455b ] When using enhanced mode for IPoIB, two threads may execute xmit in parallel to two different TX queues while the target is the same. In this case, both of them will add the same neighbor to the path's neigh link list and we might see the following message: list_add double add: new=ffff88024767a348, prev=ffff88024767a348... WARNING: lib/list_debug.c:31__list_add_valid+0x4e/0x70 ipoib_start_xmit+0x477/0x680 [ib_ipoib] dev_hard_start_xmit+0xb9/0x3e0 sch_direct_xmit+0xf9/0x250 __qdisc_run+0x176/0x5d0 __dev_queue_xmit+0x1f5/0xb10 __dev_queue_xmit+0x55/0xb10 Analysis: Two SKB are scheduled to be transmitted from two cores. In ipoib_start_xmit, both gets NULL when calling ipoib_neigh_get. Two calls to neigh_add_path are made. One thread takes the spin-lock and calls ipoib_neigh_alloc which creates the neigh structure, then (after the __path_find) the neigh is added to the path's neigh link list. When the second thread enters the critical section it also calls ipoib_neigh_alloc but in this case it gets the already allocated ipoib_neigh structure, which is already linked to the path's neigh link list and adds it again to the list. Which beside of triggering the list, it creates a loop in the linked list. This loop leads to endless loop inside path_rec_completion. Solution: Check list_empty(&neigh->list) before adding to the list. Add a similar fix in "ipoib_multicast.c::ipoib_mcast_send" Fixes: b63b70d87741 ('IPoIB: Use a private hash table for path lookup in xmit path') Signed-off-by: Erez Shitrit <erezsh(a)mellanox.com> Reviewed-by: Alex Vesker <valex(a)mellanox.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 25 ++++++++++++++++++------- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 5 ++++- 2 files changed, 22 insertions(+), 8 deletions(-) --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -903,8 +903,8 @@ static int path_rec_start(struct net_dev return 0; } -static void neigh_add_path(struct sk_buff *skb, u8 *daddr, - struct net_device *dev) +static struct ipoib_neigh *neigh_add_path(struct sk_buff *skb, u8 *daddr, + struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); struct rdma_netdev *rn = netdev_priv(dev); @@ -918,7 +918,15 @@ static void neigh_add_path(struct sk_buf spin_unlock_irqrestore(&priv->lock, flags); ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); - return; + return NULL; + } + + /* To avoid race condition, make sure that the + * neigh will be added only once. + */ + if (unlikely(!list_empty(&neigh->list))) { + spin_unlock_irqrestore(&priv->lock, flags); + return neigh; } path = __path_find(dev, daddr + 4); @@ -957,7 +965,7 @@ static void neigh_add_path(struct sk_buf path->ah->last_send = rn->send(dev, skb, path->ah->ah, IPOIB_QPN(daddr)); ipoib_neigh_put(neigh); - return; + return NULL; } } else { neigh->ah = NULL; @@ -974,7 +982,7 @@ static void neigh_add_path(struct sk_buf spin_unlock_irqrestore(&priv->lock, flags); ipoib_neigh_put(neigh); - return; + return NULL; err_path: ipoib_neigh_free(neigh); @@ -984,6 +992,8 @@ err_drop: spin_unlock_irqrestore(&priv->lock, flags); ipoib_neigh_put(neigh); + + return NULL; } static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, @@ -1092,8 +1102,9 @@ static int ipoib_start_xmit(struct sk_bu case htons(ETH_P_TIPC): neigh = ipoib_neigh_get(dev, phdr->hwaddr); if (unlikely(!neigh)) { - neigh_add_path(skb, phdr->hwaddr, dev); - return NETDEV_TX_OK; + neigh = neigh_add_path(skb, phdr->hwaddr, dev); + if (likely(!neigh)) + return NETDEV_TX_OK; } break; case htons(ETH_P_ARP): --- a/drivers/infiniband/ulp/ipoib/ipoib_multicast.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_multicast.c @@ -816,7 +816,10 @@ void ipoib_mcast_send(struct net_device spin_lock_irqsave(&priv->lock, flags); if (!neigh) { neigh = ipoib_neigh_alloc(daddr, dev); - if (neigh) { + /* Make sure that the neigh will be added only + * once to mcast list. + */ + if (neigh && list_empty(&neigh->list)) { kref_get(&mcast->ah->ref); neigh->ah = mcast->ah; list_add_tail(&neigh->list, &mcast->neigh_list); Patches currently in stable-queue which might be from erezsh(a)mellanox.com are queue-4.14/ib-ipoib-fix-race-condition-in-neigh-creation.patch

7 years, 2 months

1
0
0 0

Patch "ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ia64-sched-cputime-fix-build-error-if-config_virt_cpu_accounting_native-y.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Valentin Ilie <valentin.ilie(a)gmail.com> Date: Fri, 5 Jan 2018 23:12:59 +0000 Subject: ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y From: Valentin Ilie <valentin.ilie(a)gmail.com> [ Upstream commit 7729bebc619307a0233c86f8585a4bf3eadc7ce4 ] Remove the extra parenthesis. This bug was introduced by: e2339a4caa5e: ("ia64: Convert vtime to use nsec units directly") Signed-off-by: Valentin Ilie <valentin.ilie(a)gmail.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: fenghua.yu(a)intel.com Cc: linux-ia64(a)vger.kernel.org Cc: tony.luck(a)intel.com Link: http://lkml.kernel.org/r/1515193979-24873-1-git-send-email-valentin.ilie@gm… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/ia64/kernel/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/ia64/kernel/time.c +++ b/arch/ia64/kernel/time.c @@ -88,7 +88,7 @@ void vtime_flush(struct task_struct *tsk } if (ti->softirq_time) { - delta = cycle_to_nsec(ti->softirq_time)); + delta = cycle_to_nsec(ti->softirq_time); account_system_index_time(tsk, delta, CPUTIME_SOFTIRQ); } Patches currently in stable-queue which might be from valentin.ilie(a)gmail.com are queue-4.14/ia64-sched-cputime-fix-build-error-if-config_virt_cpu_accounting_native-y.patch

7 years, 2 months

1
0
0 0

Patch "i915: Reject CCS modifiers for pipe C on Geminilake" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled i915: Reject CCS modifiers for pipe C on Geminilake to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: i915-reject-ccs-modifiers-for-pipe-c-on-geminilake.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Gabriel Krisman Bertazi <krisman(a)collabora.co.uk> Date: Tue, 19 Dec 2017 22:24:10 -0200 Subject: i915: Reject CCS modifiers for pipe C on Geminilake From: Gabriel Krisman Bertazi <krisman(a)collabora.co.uk> [ Upstream commit 8bc0d7ac934b6f2d0dc8f38a3104d281c9db1e98 ] Current code advertises (on the modifiers blob property) support for CCS modifier for pipe C on GLK, only to reject it later when validating the request before the atomic commit. This fixes the tests igt@kms_ccs@pipe-c-*, which should skip on GLK for pipe C (see bug 104096). A relevant discussion is archived at: https://lists.freedesktop.org/archives/intel-gfx/2017-December/150646.html Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104096 Signed-off-by: Gabriel Krisman Bertazi <krisman(a)collabora.co.uk> Cc: Ben Widawsky <ben(a)bwidawsk.net> Reviewed-by: Ben Widawsky <ben(a)bwidawsk.net> Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20171220002410.5604-1-krisman… (cherry picked from commit f0cbd8bd877f3d8c5b80a6b1add9ca9010d7f9d8) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/i915/intel_display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -13240,7 +13240,7 @@ intel_primary_plane_create(struct drm_i9 primary->frontbuffer_bit = INTEL_FRONTBUFFER_PRIMARY(pipe); primary->check_plane = intel_check_primary_plane; - if (INTEL_GEN(dev_priv) >= 10 || IS_GEMINILAKE(dev_priv)) { + if (INTEL_GEN(dev_priv) >= 10) { intel_primary_formats = skl_primary_formats; num_formats = ARRAY_SIZE(skl_primary_formats); modifiers = skl_format_modifiers_ccs; Patches currently in stable-queue which might be from krisman(a)collabora.co.uk are queue-4.14/i915-reject-ccs-modifiers-for-pipe-c-on-geminilake.patch

7 years, 2 months

1
0
0 0

Patch "i40e/i40evf: Account for frags split over multiple descriptors in check linearize" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled i40e/i40evf: Account for frags split over multiple descriptors in check linearize to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: i40e-i40evf-account-for-frags-split-over-multiple-descriptors-in-check-linearize.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Alexander Duyck <alexander.h.duyck(a)intel.com> Date: Fri, 8 Dec 2017 10:55:04 -0800 Subject: i40e/i40evf: Account for frags split over multiple descriptors in check linearize From: Alexander Duyck <alexander.h.duyck(a)intel.com> [ Upstream commit 248de22e638f10bd5bfc7624a357f940f66ba137 ] The original code for __i40e_chk_linearize didn't take into account the fact that if a fragment is 16K in size or larger it has to be split over 2 descriptors and the smaller of those 2 descriptors will be on the trailing edge of the transmit. As a result we can get into situations where we didn't catch requests that could result in a Tx hang. This patch takes care of that by subtracting the length of all but the trailing edge of the stale fragment before we test for sum. By doing this we can guarantee that we have all cases covered, including the case of a fragment that spans multiple descriptors. We don't need to worry about checking the inner portions of this since 12K is the maximum aligned DMA size and that is larger than any MSS will ever be since the MTU limit for jumbos is something on the order of 9K. Signed-off-by: Alexander Duyck <alexander.h.duyck(a)intel.com> Tested-by: Andrew Bowers <andrewx.bowers(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 26 +++++++++++++++++++++++--- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 26 +++++++++++++++++++++++--- 2 files changed, 46 insertions(+), 6 deletions(-) --- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c +++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c @@ -3048,10 +3048,30 @@ bool __i40e_chk_linearize(struct sk_buff /* Walk through fragments adding latest fragment, testing it, and * then removing stale fragments from the sum. */ - stale = &skb_shinfo(skb)->frags[0]; - for (;;) { + for (stale = &skb_shinfo(skb)->frags[0];; stale++) { + int stale_size = skb_frag_size(stale); + sum += skb_frag_size(frag++); + /* The stale fragment may present us with a smaller + * descriptor than the actual fragment size. To account + * for that we need to remove all the data on the front and + * figure out what the remainder would be in the last + * descriptor associated with the fragment. + */ + if (stale_size > I40E_MAX_DATA_PER_TXD) { + int align_pad = -(stale->page_offset) & + (I40E_MAX_READ_REQ_SIZE - 1); + + sum -= align_pad; + stale_size -= align_pad; + + do { + sum -= I40E_MAX_DATA_PER_TXD_ALIGNED; + stale_size -= I40E_MAX_DATA_PER_TXD_ALIGNED; + } while (stale_size > I40E_MAX_DATA_PER_TXD); + } + /* if sum is negative we failed to make sufficient progress */ if (sum < 0) return true; @@ -3059,7 +3079,7 @@ bool __i40e_chk_linearize(struct sk_buff if (!nr_frags--) break; - sum -= skb_frag_size(stale++); + sum -= stale_size; } return false; --- a/drivers/net/ethernet/intel/i40evf/i40e_txrx.c +++ b/drivers/net/ethernet/intel/i40evf/i40e_txrx.c @@ -2014,10 +2014,30 @@ bool __i40evf_chk_linearize(struct sk_bu /* Walk through fragments adding latest fragment, testing it, and * then removing stale fragments from the sum. */ - stale = &skb_shinfo(skb)->frags[0]; - for (;;) { + for (stale = &skb_shinfo(skb)->frags[0];; stale++) { + int stale_size = skb_frag_size(stale); + sum += skb_frag_size(frag++); + /* The stale fragment may present us with a smaller + * descriptor than the actual fragment size. To account + * for that we need to remove all the data on the front and + * figure out what the remainder would be in the last + * descriptor associated with the fragment. + */ + if (stale_size > I40E_MAX_DATA_PER_TXD) { + int align_pad = -(stale->page_offset) & + (I40E_MAX_READ_REQ_SIZE - 1); + + sum -= align_pad; + stale_size -= align_pad; + + do { + sum -= I40E_MAX_DATA_PER_TXD_ALIGNED; + stale_size -= I40E_MAX_DATA_PER_TXD_ALIGNED; + } while (stale_size > I40E_MAX_DATA_PER_TXD); + } + /* if sum is negative we failed to make sufficient progress */ if (sum < 0) return true; @@ -2025,7 +2045,7 @@ bool __i40evf_chk_linearize(struct sk_bu if (!nr_frags--) break; - sum -= skb_frag_size(stale++); + sum -= stale_size; } return false; Patches currently in stable-queue which might be from alexander.h.duyck(a)intel.com are queue-4.14/i40e-i40evf-account-for-frags-split-over-multiple-descriptors-in-check-linearize.patch

7 years, 2 months

1
0
0 0

Patch "i40e: don't remove netdev->dev_addr when syncing uc list" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled i40e: don't remove netdev->dev_addr when syncing uc list to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: i40e-don-t-remove-netdev-dev_addr-when-syncing-uc-list.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Jacob Keller <jacob.e.keller(a)intel.com> Date: Wed, 20 Dec 2017 11:04:36 -0500 Subject: i40e: don't remove netdev->dev_addr when syncing uc list From: Jacob Keller <jacob.e.keller(a)intel.com> [ Upstream commit 458867b2ca0c987445c5d9adccd1642970e1ba07 ] In some circumstances, such as with bridging, it is possible that the stack will add a devices own MAC address to its unicast address list. If, later, the stack deletes this address, then the i40e driver will receive a request to remove this address. The driver stores its current MAC address as part of the MAC/VLAN hash array, since it is convenient and matches exactly how the hardware expects to be told which traffic to receive. This causes a problem, since for more devices, the MAC address is stored separately, and requests to delete a unicast address should not have the ability to remove the filter for the MAC address. Fix this by forcing a check on every address sync to ensure we do not remove the device address. There is a very narrow possibility of a race between .set_mac and .set_rx_mode, if we don't change netdev->dev_addr before updating our internal MAC list in .set_mac. This might be possible if .set_rx_mode is going to remove MAC "XYZ" from the list, at the same time as .set_mac changes our dev_addr to MAC "XYZ", we might possibly queue a delete, then an add in .set_mac, then queue a delete in .set_rx_mode's dev_uc_sync and then update netdev->dev_addr. We can avoid this by moving the copy into dev_addr prior to the changes to the MAC filter list. A similar race on the other side does not cause problems, as if we're changing our MAC form A to B, and we race with .set_rx_mode, it could queue a delete from A, we'd update our address, and allow the delete. This seems like a race, but in reality we're about to queue a delete of A anyways, so it would not cause any issues. A race in the initialization code is unlikely because the netdevice has not yet been fully initialized and the stack should not be adding or removing addresses yet. Note that we don't (yet) need similar code for the VF driver because it does not make use of __dev_uc_sync and __dev_mc_sync, but instead roles its own method for handling updates to the MAC/VLAN list, which already has code to protect against removal of the hardware address. Signed-off-by: Jacob Keller <jacob.e.keller(a)intel.com> Tested-by: Andrew Bowers <andrewx.bowers(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/i40e/i40e_main.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -1553,11 +1553,18 @@ static int i40e_set_mac(struct net_devic else netdev_info(netdev, "set new mac address %pM\n", addr->sa_data); + /* Copy the address first, so that we avoid a possible race with + * .set_rx_mode(). If we copy after changing the address in the filter + * list, we might open ourselves to a narrow race window where + * .set_rx_mode could delete our dev_addr filter and prevent traffic + * from passing. + */ + ether_addr_copy(netdev->dev_addr, addr->sa_data); + spin_lock_bh(&vsi->mac_filter_hash_lock); i40e_del_mac_filter(vsi, netdev->dev_addr); i40e_add_mac_filter(vsi, addr->sa_data); spin_unlock_bh(&vsi->mac_filter_hash_lock); - ether_addr_copy(netdev->dev_addr, addr->sa_data); if (vsi->type == I40E_VSI_MAIN) { i40e_status ret; @@ -1739,6 +1746,14 @@ static int i40e_addr_unsync(struct net_d struct i40e_netdev_priv *np = netdev_priv(netdev); struct i40e_vsi *vsi = np->vsi; + /* Under some circumstances, we might receive a request to delete + * our own device address from our uc list. Because we store the + * device address in the VSI's MAC/VLAN filter list, we need to ignore + * such requests and not delete our device address from this list. + */ + if (ether_addr_equal(addr, netdev->dev_addr)) + return 0; + i40e_del_mac_filter(vsi, addr); return 0; Patches currently in stable-queue which might be from jacob.e.keller(a)intel.com are queue-4.14/i40e-don-t-remove-netdev-dev_addr-when-syncing-uc-list.patch

7 years, 2 months

1
0
0 0

Patch "genirq: Guard handle_bad_irq log messages" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled genirq: Guard handle_bad_irq log messages to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: genirq-guard-handle_bad_irq-log-messages.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Guenter Roeck <linux(a)roeck-us.net> Date: Sat, 2 Dec 2017 09:13:04 -0800 Subject: genirq: Guard handle_bad_irq log messages From: Guenter Roeck <linux(a)roeck-us.net> [ Upstream commit 11bca0a83f83f6093d816295668e74ef24595944 ] An interrupt storm on a bad interrupt will cause the kernel log to be clogged. [ 60.089234] ->handle_irq(): ffffffffbe2f803f, [ 60.090455] 0xffffffffbf2af380 [ 60.090510] handle_bad_irq+0x0/0x2e5 [ 60.090522] ->irq_data.chip(): ffffffffbf2af380, [ 60.090553] IRQ_NOPROBE set [ 60.090584] ->handle_irq(): ffffffffbe2f803f, [ 60.090590] handle_bad_irq+0x0/0x2e5 [ 60.090596] ->irq_data.chip(): ffffffffbf2af380, [ 60.090602] 0xffffffffbf2af380 [ 60.090608] ->action(): (null) [ 60.090779] handle_bad_irq+0x0/0x2e5 This was seen when running an upstream kernel on Acer Chromebook R11. The system was unstable as result. Guard the log message with __printk_ratelimit to reduce the impact. This won't prevent the interrupt storm from happening, but at least the system remains stable. Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dmitry Torokhov <dtor(a)chromium.org> Cc: Joe Perches <joe(a)perches.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=197953 Link: https://lkml.kernel.org/r/1512234784-21038-1-git-send-email-linux@roeck-us.… Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/debug.h | 5 +++++ 1 file changed, 5 insertions(+) --- a/kernel/irq/debug.h +++ b/kernel/irq/debug.h @@ -12,6 +12,11 @@ static inline void print_irq_desc(unsigned int irq, struct irq_desc *desc) { + static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); + + if (!__ratelimit(&ratelimit)) + return; + printk("irq %d, desc: %p, depth: %d, count: %d, unhandled: %d\n", irq, desc, desc->depth, desc->irq_count, desc->irqs_unhandled); printk("->handle_irq(): %p, ", desc->handle_irq); Patches currently in stable-queue which might be from linux(a)roeck-us.net are queue-4.14/genirq-guard-handle_bad_irq-log-messages.patch

7 years, 2 months

1
0
0 0

Patch "exec: avoid gcc-8 warning for get_task_comm" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled exec: avoid gcc-8 warning for get_task_comm to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: exec-avoid-gcc-8-warning-for-get_task_comm.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Arnd Bergmann <arnd(a)arndb.de> Date: Thu, 14 Dec 2017 15:32:41 -0800 Subject: exec: avoid gcc-8 warning for get_task_comm From: Arnd Bergmann <arnd(a)arndb.de> [ Upstream commit 3756f6401c302617c5e091081ca4d26ab604bec5 ] gcc-8 warns about using strncpy() with the source size as the limit: fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] This is indeed slightly suspicious, as it protects us from source arguments without NUL-termination, but does not guarantee that the destination is terminated. This keeps the strncpy() to ensure we have properly padded target buffer, but ensures that we use the correct length, by passing the actual length of the destination buffer as well as adding a build-time check to ensure it is exactly TASK_COMM_LEN. There are only 23 callsites which I all reviewed to ensure this is currently the case. We could get away with doing only the check or passing the right length, but it doesn't hurt to do both. Link: http://lkml.kernel.org/r/20171205151724.1764896-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Suggested-by: Kees Cook <keescook(a)chromium.org> Acked-by: Kees Cook <keescook(a)chromium.org> Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Serge Hallyn <serge(a)hallyn.com> Cc: James Morris <james.l.morris(a)oracle.com> Cc: Aleksa Sarai <asarai(a)suse.de> Cc: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: Frederic Weisbecker <frederic(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/exec.c | 7 +++---- include/linux/sched.h | 6 +++++- 2 files changed, 8 insertions(+), 5 deletions(-) --- a/fs/exec.c +++ b/fs/exec.c @@ -1216,15 +1216,14 @@ killed: return -EAGAIN; } -char *get_task_comm(char *buf, struct task_struct *tsk) +char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) { - /* buf must be at least sizeof(tsk->comm) in size */ task_lock(tsk); - strncpy(buf, tsk->comm, sizeof(tsk->comm)); + strncpy(buf, tsk->comm, buf_size); task_unlock(tsk); return buf; } -EXPORT_SYMBOL_GPL(get_task_comm); +EXPORT_SYMBOL_GPL(__get_task_comm); /* * These functions flushes out all traces of the currently running executable --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1502,7 +1502,11 @@ static inline void set_task_comm(struct __set_task_comm(tsk, from, false); } -extern char *get_task_comm(char *to, struct task_struct *tsk); +extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk); +#define get_task_comm(buf, tsk) ({ \ + BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN); \ + __get_task_comm(buf, sizeof(buf), tsk); \ +}) #ifdef CONFIG_SMP void scheduler_ipi(void); Patches currently in stable-queue which might be from arnd(a)arndb.de are queue-4.14/exec-avoid-gcc-8-warning-for-get_task_comm.patch queue-4.14/x86-asm-allow-again-using-asm.h-when-building-for-the-bpf-clang-target.patch queue-4.14/arm-dts-ls1021a-fix-incorrect-clock-references.patch

7 years, 2 months

1
0
0 0

Patch "e1000: fix disabling already-disabled warning" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled e1000: fix disabling already-disabled warning to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: e1000-fix-disabling-already-disabled-warning.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Tushar Dave <tushar.n.dave(a)oracle.com> Date: Wed, 6 Dec 2017 02:26:29 +0530 Subject: e1000: fix disabling already-disabled warning From: Tushar Dave <tushar.n.dave(a)oracle.com> [ Upstream commit 0b76aae741abb9d16d2c0e67f8b1e766576f897d ] This patch adds check so that driver does not disable already disabled device. [ 44.637743] advantechwdt: Unexpected close, not stopping watchdog! [ 44.997548] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input6 [ 45.013419] e1000 0000:00:03.0: disabling already-disabled device [ 45.013447] ------------[ cut here ]------------ [ 45.014868] WARNING: CPU: 1 PID: 71 at drivers/pci/pci.c:1641 pci_disable_device+0xa1/0x105: pci_disable_device at drivers/pci/pci.c:1640 [ 45.016171] CPU: 1 PID: 71 Comm: rcu_perf_shutdo Not tainted 4.14.0-01330-g3c07399 #1 [ 45.017197] task: ffff88011bee9e40 task.stack: ffffc90000860000 [ 45.017987] RIP: 0010:pci_disable_device+0xa1/0x105: pci_disable_device at drivers/pci/pci.c:1640 [ 45.018603] RSP: 0000:ffffc90000863e30 EFLAGS: 00010286 [ 45.019282] RAX: 0000000000000035 RBX: ffff88013a230008 RCX: 0000000000000000 [ 45.020182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000203 [ 45.021084] RBP: ffff88013a3f31e8 R08: 0000000000000001 R09: 0000000000000000 [ 45.021986] R10: ffffffff827ec29c R11: 0000000000000002 R12: 0000000000000001 [ 45.022946] R13: ffff88013a230008 R14: ffff880117802b20 R15: ffffc90000863e8f [ 45.023842] FS: 0000000000000000(0000) GS:ffff88013fd00000(0000) knlGS:0000000000000000 [ 45.024863] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.025583] CR2: ffffc900006d4000 CR3: 000000000220f000 CR4: 00000000000006a0 [ 45.026478] Call Trace: [ 45.026811] __e1000_shutdown+0x1d4/0x1e2: __e1000_shutdown at drivers/net/ethernet/intel/e1000/e1000_main.c:5162 [ 45.027344] ? rcu_perf_cleanup+0x2a1/0x2a1: rcu_perf_shutdown at kernel/rcu/rcuperf.c:627 [ 45.027883] e1000_shutdown+0x14/0x3a: e1000_shutdown at drivers/net/ethernet/intel/e1000/e1000_main.c:5235 [ 45.028351] device_shutdown+0x110/0x1aa: device_shutdown at drivers/base/core.c:2807 [ 45.028858] kernel_power_off+0x31/0x64: kernel_power_off at kernel/reboot.c:260 [ 45.029343] rcu_perf_shutdown+0x9b/0xa7: rcu_perf_shutdown at kernel/rcu/rcuperf.c:637 [ 45.029852] ? __wake_up_common_lock+0xa2/0xa2: autoremove_wake_function at kernel/sched/wait.c:376 [ 45.030414] kthread+0x126/0x12e: kthread at kernel/kthread.c:233 [ 45.030834] ? __kthread_bind_mask+0x8e/0x8e: kthread at kernel/kthread.c:190 [ 45.031399] ? ret_from_fork+0x1f/0x30: ret_from_fork at arch/x86/entry/entry_64.S:443 [ 45.031883] ? kernel_init+0xa/0xf5: kernel_init at init/main.c:997 [ 45.032325] ret_from_fork+0x1f/0x30: ret_from_fork at arch/x86/entry/entry_64.S:443 [ 45.032777] Code: 00 48 85 ed 75 07 48 8b ab a8 00 00 00 48 8d bb 98 00 00 00 e8 aa d1 11 00 48 89 ea 48 89 c6 48 c7 c7 d8 e4 0b 82 e8 55 7d da ff <0f> ff b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 f0 b1 61 82 [ 45.035222] ---[ end trace c257137b1b1976ef ]--- [ 45.037838] ACPI: Preparing to enter system sleep state S5 Signed-off-by: Tushar Dave <tushar.n.dave(a)oracle.com> Tested-by: Fengguang Wu <fengguang.wu(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/e1000/e1000.h | 3 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 27 +++++++++++++++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) --- a/drivers/net/ethernet/intel/e1000/e1000.h +++ b/drivers/net/ethernet/intel/e1000/e1000.h @@ -331,7 +331,8 @@ struct e1000_adapter { enum e1000_state_t { __E1000_TESTING, __E1000_RESETTING, - __E1000_DOWN + __E1000_DOWN, + __E1000_DISABLED }; #undef pr_fmt --- a/drivers/net/ethernet/intel/e1000/e1000_main.c +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c @@ -945,7 +945,7 @@ static int e1000_init_hw_struct(struct e static int e1000_probe(struct pci_dev *pdev, const struct pci_device_id *ent) { struct net_device *netdev; - struct e1000_adapter *adapter; + struct e1000_adapter *adapter = NULL; struct e1000_hw *hw; static int cards_found; @@ -955,6 +955,7 @@ static int e1000_probe(struct pci_dev *p u16 tmp = 0; u16 eeprom_apme_mask = E1000_EEPROM_APME; int bars, need_ioport; + bool disable_dev = false; /* do not allocate ioport bars when not needed */ need_ioport = e1000_is_need_ioport(pdev); @@ -1259,11 +1260,13 @@ err_mdio_ioremap: iounmap(hw->ce4100_gbe_mdio_base_virt); iounmap(hw->hw_addr); err_ioremap: + disable_dev = !test_and_set_bit(__E1000_DISABLED, &adapter->flags); free_netdev(netdev); err_alloc_etherdev: pci_release_selected_regions(pdev, bars); err_pci_reg: - pci_disable_device(pdev); + if (!adapter || disable_dev) + pci_disable_device(pdev); return err; } @@ -1281,6 +1284,7 @@ static void e1000_remove(struct pci_dev struct net_device *netdev = pci_get_drvdata(pdev); struct e1000_adapter *adapter = netdev_priv(netdev); struct e1000_hw *hw = &adapter->hw; + bool disable_dev; e1000_down_and_stop(adapter); e1000_release_manageability(adapter); @@ -1299,9 +1303,11 @@ static void e1000_remove(struct pci_dev iounmap(hw->flash_address); pci_release_selected_regions(pdev, adapter->bars); + disable_dev = !test_and_set_bit(__E1000_DISABLED, &adapter->flags); free_netdev(netdev); - pci_disable_device(pdev); + if (disable_dev) + pci_disable_device(pdev); } /** @@ -5156,7 +5162,8 @@ static int __e1000_shutdown(struct pci_d if (netif_running(netdev)) e1000_free_irq(adapter); - pci_disable_device(pdev); + if (!test_and_set_bit(__E1000_DISABLED, &adapter->flags)) + pci_disable_device(pdev); return 0; } @@ -5200,6 +5207,10 @@ static int e1000_resume(struct pci_dev * pr_err("Cannot enable PCI device from suspend\n"); return err; } + + /* flush memory to make sure state is correct */ + smp_mb__before_atomic(); + clear_bit(__E1000_DISABLED, &adapter->flags); pci_set_master(pdev); pci_enable_wake(pdev, PCI_D3hot, 0); @@ -5274,7 +5285,9 @@ static pci_ers_result_t e1000_io_error_d if (netif_running(netdev)) e1000_down(adapter); - pci_disable_device(pdev); + + if (!test_and_set_bit(__E1000_DISABLED, &adapter->flags)) + pci_disable_device(pdev); /* Request a slot slot reset. */ return PCI_ERS_RESULT_NEED_RESET; @@ -5302,6 +5315,10 @@ static pci_ers_result_t e1000_io_slot_re pr_err("Cannot re-enable PCI device after reset.\n"); return PCI_ERS_RESULT_DISCONNECT; } + + /* flush memory to make sure state is correct */ + smp_mb__before_atomic(); + clear_bit(__E1000_DISABLED, &adapter->flags); pci_set_master(pdev); pci_enable_wake(pdev, PCI_D3hot, 0); Patches currently in stable-queue which might be from tushar.n.dave(a)oracle.com are queue-4.14/e1000-fix-disabling-already-disabled-warning.patch

7 years, 2 months

1
0
0 0

Patch "drm/ttm: check the return value of kzalloc" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/ttm: check the return value of kzalloc to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-ttm-check-the-return-value-of-kzalloc.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Xiongwei Song <sxwjean(a)gmail.com> Date: Tue, 2 Jan 2018 21:24:55 +0800 Subject: drm/ttm: check the return value of kzalloc From: Xiongwei Song <sxwjean(a)gmail.com> [ Upstream commit 19d859a7205bc59ffc38303eb25ae394f61d21dc ] In the function ttm_page_alloc_init, kzalloc call is made for variable _manager, we need to check its return value, it may return NULL. Signed-off-by: Xiongwei Song <sxwjean(a)gmail.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/ttm/ttm_page_alloc.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -821,6 +821,8 @@ int ttm_page_alloc_init(struct ttm_mem_g pr_info("Initializing pool allocator\n"); _manager = kzalloc(sizeof(*_manager), GFP_KERNEL); + if (!_manager) + return -ENOMEM; ttm_page_pool_init_locked(&_manager->wc_pool, GFP_HIGHUSER, "wc"); Patches currently in stable-queue which might be from sxwjean(a)gmail.com are queue-4.14/drm-ttm-check-the-return-value-of-kzalloc.patch

7 years, 2 months

1
0
0 0

Patch "drm/nouveau/pci: do a msi rearm on init" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/nouveau/pci: do a msi rearm on init to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-nouveau-pci-do-a-msi-rearm-on-init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Karol Herbst <kherbst(a)redhat.com> Date: Fri, 24 Nov 2017 03:56:26 +0100 Subject: drm/nouveau/pci: do a msi rearm on init From: Karol Herbst <kherbst(a)redhat.com> [ Upstream commit a121027d2747168df0aac0c3da35509eea39f61c ] On my GP107 when I load nouveau after unloading it, for some reason the GPU stopped sending or the CPU stopped receiving interrupts if MSI was enabled. Doing a rearm once before getting any interrupts fixes this. Signed-off-by: Karol Herbst <kherbst(a)redhat.com> Reviewed-by: Thierry Reding <treding(a)nvidia.com> Signed-off-by: Ben Skeggs <bskeggs(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c @@ -136,6 +136,13 @@ nvkm_pci_init(struct nvkm_subdev *subdev return ret; pci->irq = pdev->irq; + + /* Ensure MSI interrupts are armed, for the case where there are + * already interrupts pending (for whatever reason) at load time. + */ + if (pci->msi) + pci->func->msi_rearm(pci); + return ret; } Patches currently in stable-queue which might be from kherbst(a)redhat.com are queue-4.14/drm-nouveau-pci-do-a-msi-rearm-on-init.patch

7 years, 2 months

1
0
0 0

Patch "dmaengine: fsl-edma: disable clks on all error paths" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: fsl-edma: disable clks on all error paths to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-fsl-edma-disable-clks-on-all-error-paths.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Andreas Platschek <andreas.platschek(a)opentech.at> Date: Thu, 14 Dec 2017 12:50:51 +0100 Subject: dmaengine: fsl-edma: disable clks on all error paths From: Andreas Platschek <andreas.platschek(a)opentech.at> [ Upstream commit 2610acf46b9ed528ec2cacd717bc9d354e452b73 ] Previously enabled clks are only disabled if clk_prepare_enable() fails. However, there are other error paths were the previously enabled clocks are not disabled. To fix the problem, fsl_disable_clocks() now takes the number of clocks that shall be disabled + unprepared. For existing calls were all clocks were already successfully prepared + enabled, DMAMUX_NR is passed to disable + unprepare all clocks. In error paths were only some clocks were successfully prepared + enabled the loop counter is passed, in order to disable + unprepare all successfully prepared + enabled clocks. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Andreas Platschek <andreas.platschek(a)opentech.at> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/fsl-edma.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) --- a/drivers/dma/fsl-edma.c +++ b/drivers/dma/fsl-edma.c @@ -863,11 +863,11 @@ static void fsl_edma_irq_exit( } } -static void fsl_disable_clocks(struct fsl_edma_engine *fsl_edma) +static void fsl_disable_clocks(struct fsl_edma_engine *fsl_edma, int nr_clocks) { int i; - for (i = 0; i < DMAMUX_NR; i++) + for (i = 0; i < nr_clocks; i++) clk_disable_unprepare(fsl_edma->muxclk[i]); } @@ -904,25 +904,25 @@ static int fsl_edma_probe(struct platfor res = platform_get_resource(pdev, IORESOURCE_MEM, 1 + i); fsl_edma->muxbase[i] = devm_ioremap_resource(&pdev->dev, res); - if (IS_ERR(fsl_edma->muxbase[i])) + if (IS_ERR(fsl_edma->muxbase[i])) { + /* on error: disable all previously enabled clks */ + fsl_disable_clocks(fsl_edma, i); return PTR_ERR(fsl_edma->muxbase[i]); + } sprintf(clkname, "dmamux%d", i); fsl_edma->muxclk[i] = devm_clk_get(&pdev->dev, clkname); if (IS_ERR(fsl_edma->muxclk[i])) { dev_err(&pdev->dev, "Missing DMAMUX block clock.\n"); + /* on error: disable all previously enabled clks */ + fsl_disable_clocks(fsl_edma, i); return PTR_ERR(fsl_edma->muxclk[i]); } ret = clk_prepare_enable(fsl_edma->muxclk[i]); - if (ret) { - /* disable only clks which were enabled on error */ - for (; i >= 0; i--) - clk_disable_unprepare(fsl_edma->muxclk[i]); - - dev_err(&pdev->dev, "DMAMUX clk block failed.\n"); - return ret; - } + if (ret) + /* on error: disable all previously enabled clks */ + fsl_disable_clocks(fsl_edma, i); } @@ -976,7 +976,7 @@ static int fsl_edma_probe(struct platfor if (ret) { dev_err(&pdev->dev, "Can't register Freescale eDMA engine. (%d)\n", ret); - fsl_disable_clocks(fsl_edma); + fsl_disable_clocks(fsl_edma, DMAMUX_NR); return ret; } @@ -985,7 +985,7 @@ static int fsl_edma_probe(struct platfor dev_err(&pdev->dev, "Can't register Freescale eDMA of_dma. (%d)\n", ret); dma_async_device_unregister(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma); + fsl_disable_clocks(fsl_edma, DMAMUX_NR); return ret; } @@ -1015,7 +1015,7 @@ static int fsl_edma_remove(struct platfo fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma); + fsl_disable_clocks(fsl_edma, DMAMUX_NR); return 0; } Patches currently in stable-queue which might be from andreas.platschek(a)opentech.at are queue-4.14/dmaengine-fsl-edma-disable-clks-on-all-error-paths.patch

7 years, 2 months

1
0
0 0

Patch "crypto: inside-secure - per request invalidation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: inside-secure - per request invalidation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-inside-secure-per-request-invalidation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Ofer Heifetz <oferh(a)marvell.com> Date: Mon, 11 Dec 2017 12:10:55 +0100 Subject: crypto: inside-secure - per request invalidation From: Ofer Heifetz <oferh(a)marvell.com> [ Upstream commit 1eb7b40386c97f6c4d1c62931bf306f4535a4bd6 ] When an invalidation request is needed we currently override the context .send and .handle_result helpers. This is wrong as under high load other requests can already be queued and overriding the context helpers will make them execute the wrong .send and .handle_result functions. This commit fixes this by adding a needs_inv flag in the request to choose the action to perform when sending requests or handling their results. This flag will be set when needed (i.e. when the context flag will be set). Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Signed-off-by: Ofer Heifetz <oferh(a)marvell.com> [Antoine: commit message, and removed non related changes from the original commit] Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/inside-secure/safexcel_cipher.c | 71 ++++++++++++++++++++----- drivers/crypto/inside-secure/safexcel_hash.c | 67 ++++++++++++++++++----- 2 files changed, 111 insertions(+), 27 deletions(-) --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -14,6 +14,7 @@ #include <crypto/aes.h> #include <crypto/skcipher.h> +#include <crypto/internal/skcipher.h> #include "safexcel.h" @@ -33,6 +34,10 @@ struct safexcel_cipher_ctx { unsigned int key_len; }; +struct safexcel_cipher_req { + bool needs_inv; +}; + static void safexcel_cipher_token(struct safexcel_cipher_ctx *ctx, struct crypto_async_request *async, struct safexcel_command_desc *cdesc, @@ -126,9 +131,9 @@ static int safexcel_context_control(stru return 0; } -static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring, - struct crypto_async_request *async, - bool *should_complete, int *ret) +static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int ring, + struct crypto_async_request *async, + bool *should_complete, int *ret) { struct skcipher_request *req = skcipher_request_cast(async); struct safexcel_result_desc *rdesc; @@ -265,7 +270,6 @@ static int safexcel_aes_send(struct cryp spin_unlock_bh(&priv->ring[ring].egress_lock); request->req = &req->base; - ctx->base.handle_result = safexcel_handle_result; *commands = n_cdesc; *results = n_rdesc; @@ -341,8 +345,6 @@ static int safexcel_handle_inv_result(st ring = safexcel_select_ring(priv); ctx->base.ring = ring; - ctx->base.needs_inv = false; - ctx->base.send = safexcel_aes_send; spin_lock_bh(&priv->ring[ring].queue_lock); enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, async); @@ -359,6 +361,26 @@ static int safexcel_handle_inv_result(st return ndesc; } +static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring, + struct crypto_async_request *async, + bool *should_complete, int *ret) +{ + struct skcipher_request *req = skcipher_request_cast(async); + struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); + int err; + + if (sreq->needs_inv) { + sreq->needs_inv = false; + err = safexcel_handle_inv_result(priv, ring, async, + should_complete, ret); + } else { + err = safexcel_handle_req_result(priv, ring, async, + should_complete, ret); + } + + return err; +} + static int safexcel_cipher_send_inv(struct crypto_async_request *async, int ring, struct safexcel_request *request, int *commands, int *results) @@ -368,8 +390,6 @@ static int safexcel_cipher_send_inv(stru struct safexcel_crypto_priv *priv = ctx->priv; int ret; - ctx->base.handle_result = safexcel_handle_inv_result; - ret = safexcel_invalidate_cache(async, &ctx->base, priv, ctx->base.ctxr_dma, ring, request); if (unlikely(ret)) @@ -381,11 +401,29 @@ static int safexcel_cipher_send_inv(stru return 0; } +static int safexcel_send(struct crypto_async_request *async, + int ring, struct safexcel_request *request, + int *commands, int *results) +{ + struct skcipher_request *req = skcipher_request_cast(async); + struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); + int ret; + + if (sreq->needs_inv) + ret = safexcel_cipher_send_inv(async, ring, request, + commands, results); + else + ret = safexcel_aes_send(async, ring, request, + commands, results); + return ret; +} + static int safexcel_cipher_exit_inv(struct crypto_tfm *tfm) { struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); struct safexcel_crypto_priv *priv = ctx->priv; struct skcipher_request req; + struct safexcel_cipher_req *sreq = skcipher_request_ctx(&req); struct safexcel_inv_result result = {}; int ring = ctx->base.ring; @@ -399,7 +437,7 @@ static int safexcel_cipher_exit_inv(stru skcipher_request_set_tfm(&req, __crypto_skcipher_cast(tfm)); ctx = crypto_tfm_ctx(req.base.tfm); ctx->base.exit_inv = true; - ctx->base.send = safexcel_cipher_send_inv; + sreq->needs_inv = true; spin_lock_bh(&priv->ring[ring].queue_lock); crypto_enqueue_request(&priv->ring[ring].queue, &req.base); @@ -424,19 +462,21 @@ static int safexcel_aes(struct skcipher_ enum safexcel_cipher_direction dir, u32 mode) { struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); struct safexcel_crypto_priv *priv = ctx->priv; int ret, ring; + sreq->needs_inv = false; ctx->direction = dir; ctx->mode = mode; if (ctx->base.ctxr) { - if (ctx->base.needs_inv) - ctx->base.send = safexcel_cipher_send_inv; + if (ctx->base.needs_inv) { + sreq->needs_inv = true; + ctx->base.needs_inv = false; + } } else { ctx->base.ring = safexcel_select_ring(priv); - ctx->base.send = safexcel_aes_send; - ctx->base.ctxr = dma_pool_zalloc(priv->context_pool, EIP197_GFP_FLAGS(req->base), &ctx->base.ctxr_dma); @@ -476,6 +516,11 @@ static int safexcel_skcipher_cra_init(st alg.skcipher.base); ctx->priv = tmpl->priv; + ctx->base.send = safexcel_send; + ctx->base.handle_result = safexcel_handle_result; + + crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), + sizeof(struct safexcel_cipher_req)); return 0; } --- a/drivers/crypto/inside-secure/safexcel_hash.c +++ b/drivers/crypto/inside-secure/safexcel_hash.c @@ -32,6 +32,7 @@ struct safexcel_ahash_req { bool last_req; bool finish; bool hmac; + bool needs_inv; int nents; @@ -121,9 +122,9 @@ static void safexcel_context_control(str } } -static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring, - struct crypto_async_request *async, - bool *should_complete, int *ret) +static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv, int ring, + struct crypto_async_request *async, + bool *should_complete, int *ret) { struct safexcel_result_desc *rdesc; struct ahash_request *areq = ahash_request_cast(async); @@ -169,9 +170,9 @@ static int safexcel_handle_result(struct return 1; } -static int safexcel_ahash_send(struct crypto_async_request *async, int ring, - struct safexcel_request *request, int *commands, - int *results) +static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring, + struct safexcel_request *request, + int *commands, int *results) { struct ahash_request *areq = ahash_request_cast(async); struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq); @@ -310,7 +311,6 @@ send_command: req->processed += len; request->req = &areq->base; - ctx->base.handle_result = safexcel_handle_result; *commands = n_cdesc; *results = 1; @@ -394,8 +394,6 @@ static int safexcel_handle_inv_result(st ring = safexcel_select_ring(priv); ctx->base.ring = ring; - ctx->base.needs_inv = false; - ctx->base.send = safexcel_ahash_send; spin_lock_bh(&priv->ring[ring].queue_lock); enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, async); @@ -412,6 +410,26 @@ static int safexcel_handle_inv_result(st return 1; } +static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring, + struct crypto_async_request *async, + bool *should_complete, int *ret) +{ + struct ahash_request *areq = ahash_request_cast(async); + struct safexcel_ahash_req *req = ahash_request_ctx(areq); + int err; + + if (req->needs_inv) { + req->needs_inv = false; + err = safexcel_handle_inv_result(priv, ring, async, + should_complete, ret); + } else { + err = safexcel_handle_req_result(priv, ring, async, + should_complete, ret); + } + + return err; +} + static int safexcel_ahash_send_inv(struct crypto_async_request *async, int ring, struct safexcel_request *request, int *commands, int *results) @@ -420,7 +438,6 @@ static int safexcel_ahash_send_inv(struc struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq)); int ret; - ctx->base.handle_result = safexcel_handle_inv_result; ret = safexcel_invalidate_cache(async, &ctx->base, ctx->priv, ctx->base.ctxr_dma, ring, request); if (unlikely(ret)) @@ -432,11 +449,29 @@ static int safexcel_ahash_send_inv(struc return 0; } +static int safexcel_ahash_send(struct crypto_async_request *async, + int ring, struct safexcel_request *request, + int *commands, int *results) +{ + struct ahash_request *areq = ahash_request_cast(async); + struct safexcel_ahash_req *req = ahash_request_ctx(areq); + int ret; + + if (req->needs_inv) + ret = safexcel_ahash_send_inv(async, ring, request, + commands, results); + else + ret = safexcel_ahash_send_req(async, ring, request, + commands, results); + return ret; +} + static int safexcel_ahash_exit_inv(struct crypto_tfm *tfm) { struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm); struct safexcel_crypto_priv *priv = ctx->priv; struct ahash_request req; + struct safexcel_ahash_req *rctx = ahash_request_ctx(&req); struct safexcel_inv_result result = {}; int ring = ctx->base.ring; @@ -450,7 +485,7 @@ static int safexcel_ahash_exit_inv(struc ahash_request_set_tfm(&req, __crypto_ahash_cast(tfm)); ctx = crypto_tfm_ctx(req.base.tfm); ctx->base.exit_inv = true; - ctx->base.send = safexcel_ahash_send_inv; + rctx->needs_inv = true; spin_lock_bh(&priv->ring[ring].queue_lock); crypto_enqueue_request(&priv->ring[ring].queue, &req.base); @@ -501,14 +536,16 @@ static int safexcel_ahash_enqueue(struct struct safexcel_crypto_priv *priv = ctx->priv; int ret, ring; - ctx->base.send = safexcel_ahash_send; + req->needs_inv = false; if (req->processed && ctx->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ctx->base.needs_inv = safexcel_ahash_needs_inv_get(areq); if (ctx->base.ctxr) { - if (ctx->base.needs_inv) - ctx->base.send = safexcel_ahash_send_inv; + if (ctx->base.needs_inv) { + ctx->base.needs_inv = false; + req->needs_inv = true; + } } else { ctx->base.ring = safexcel_select_ring(priv); ctx->base.ctxr = dma_pool_zalloc(priv->context_pool, @@ -642,6 +679,8 @@ static int safexcel_ahash_cra_init(struc struct safexcel_alg_template, alg.ahash); ctx->priv = tmpl->priv; + ctx->base.send = safexcel_ahash_send; + ctx->base.handle_result = safexcel_handle_result; crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), sizeof(struct safexcel_ahash_req)); Patches currently in stable-queue which might be from oferh(a)marvell.com are queue-4.14/crypto-inside-secure-per-request-invalidation.patch queue-4.14/crypto-inside-secure-fix-request-allocations-in-invalidation-path.patch queue-4.14/crypto-inside-secure-free-requests-even-if-their-handling-failed.patch

7 years, 2 months

1
0
0 0

Patch "crypto: inside-secure - free requests even if their handling failed" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: inside-secure - free requests even if their handling failed to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-inside-secure-free-requests-even-if-their-handling-failed.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: "Antoine Ténart" <antoine.tenart(a)free-electrons.com> Date: Mon, 11 Dec 2017 12:10:56 +0100 Subject: crypto: inside-secure - free requests even if their handling failed From: "Antoine Ténart" <antoine.tenart(a)free-electrons.com> [ Upstream commit 0a02dcca126280595950f3ea809f77c9cb0a235c ] This patch frees the request private data even if its handling failed, as it would never be freed otherwise. Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Suggested-by: Ofer Heifetz <oferh(a)marvell.com> Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/inside-secure/safexcel.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/crypto/inside-secure/safexcel.c +++ b/drivers/crypto/inside-secure/safexcel.c @@ -607,6 +607,7 @@ static inline void safexcel_handle_resul ndesc = ctx->handle_result(priv, ring, sreq->req, &should_complete, &ret); if (ndesc < 0) { + kfree(sreq); dev_err(priv->dev, "failed to handle result (%d)", ndesc); return; } Patches currently in stable-queue which might be from antoine.tenart(a)free-electrons.com are queue-4.14/crypto-inside-secure-per-request-invalidation.patch queue-4.14/crypto-inside-secure-fix-request-allocations-in-invalidation-path.patch queue-4.14/crypto-inside-secure-free-requests-even-if-their-handling-failed.patch

7 years, 2 months

1
0
0 0

Patch "crypto: inside-secure - fix request allocations in invalidation path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: inside-secure - fix request allocations in invalidation path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-inside-secure-fix-request-allocations-in-invalidation-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: "Antoine Ténart" <antoine.tenart(a)free-electrons.com> Date: Mon, 11 Dec 2017 12:10:57 +0100 Subject: crypto: inside-secure - fix request allocations in invalidation path From: "Antoine Ténart" <antoine.tenart(a)free-electrons.com> [ Upstream commit 7cad2fabd5691dbb17762877d4e7f236fe4bc181 ] This patch makes use of the SKCIPHER_REQUEST_ON_STACK and AHASH_REQUEST_ON_STACK helpers to allocate enough memory to contain both the crypto request structures and their embedded context (__ctx). Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Suggested-by: Ofer Heifetz <oferh(a)marvell.com> Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/inside-secure/safexcel_cipher.c | 16 ++++++++-------- drivers/crypto/inside-secure/safexcel_hash.c | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -422,25 +422,25 @@ static int safexcel_cipher_exit_inv(stru { struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm); struct safexcel_crypto_priv *priv = ctx->priv; - struct skcipher_request req; - struct safexcel_cipher_req *sreq = skcipher_request_ctx(&req); + SKCIPHER_REQUEST_ON_STACK(req, __crypto_skcipher_cast(tfm)); + struct safexcel_cipher_req *sreq = skcipher_request_ctx(req); struct safexcel_inv_result result = {}; int ring = ctx->base.ring; - memset(&req, 0, sizeof(struct skcipher_request)); + memset(req, 0, sizeof(struct skcipher_request)); /* create invalidation request */ init_completion(&result.completion); - skcipher_request_set_callback(&req, CRYPTO_TFM_REQ_MAY_BACKLOG, - safexcel_inv_complete, &result); + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, + safexcel_inv_complete, &result); - skcipher_request_set_tfm(&req, __crypto_skcipher_cast(tfm)); - ctx = crypto_tfm_ctx(req.base.tfm); + skcipher_request_set_tfm(req, __crypto_skcipher_cast(tfm)); + ctx = crypto_tfm_ctx(req->base.tfm); ctx->base.exit_inv = true; sreq->needs_inv = true; spin_lock_bh(&priv->ring[ring].queue_lock); - crypto_enqueue_request(&priv->ring[ring].queue, &req.base); + crypto_enqueue_request(&priv->ring[ring].queue, &req->base); spin_unlock_bh(&priv->ring[ring].queue_lock); if (!priv->ring[ring].need_dequeue) --- a/drivers/crypto/inside-secure/safexcel_hash.c +++ b/drivers/crypto/inside-secure/safexcel_hash.c @@ -470,25 +470,25 @@ static int safexcel_ahash_exit_inv(struc { struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm); struct safexcel_crypto_priv *priv = ctx->priv; - struct ahash_request req; - struct safexcel_ahash_req *rctx = ahash_request_ctx(&req); + AHASH_REQUEST_ON_STACK(req, __crypto_ahash_cast(tfm)); + struct safexcel_ahash_req *rctx = ahash_request_ctx(req); struct safexcel_inv_result result = {}; int ring = ctx->base.ring; - memset(&req, 0, sizeof(struct ahash_request)); + memset(req, 0, sizeof(struct ahash_request)); /* create invalidation request */ init_completion(&result.completion); - ahash_request_set_callback(&req, CRYPTO_TFM_REQ_MAY_BACKLOG, + ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, safexcel_inv_complete, &result); - ahash_request_set_tfm(&req, __crypto_ahash_cast(tfm)); - ctx = crypto_tfm_ctx(req.base.tfm); + ahash_request_set_tfm(req, __crypto_ahash_cast(tfm)); + ctx = crypto_tfm_ctx(req->base.tfm); ctx->base.exit_inv = true; rctx->needs_inv = true; spin_lock_bh(&priv->ring[ring].queue_lock); - crypto_enqueue_request(&priv->ring[ring].queue, &req.base); + crypto_enqueue_request(&priv->ring[ring].queue, &req->base); spin_unlock_bh(&priv->ring[ring].queue_lock); if (!priv->ring[ring].need_dequeue) Patches currently in stable-queue which might be from antoine.tenart(a)free-electrons.com are queue-4.14/crypto-inside-secure-per-request-invalidation.patch queue-4.14/crypto-inside-secure-fix-request-allocations-in-invalidation-path.patch queue-4.14/crypto-inside-secure-free-requests-even-if-their-handling-failed.patch

7 years, 2 months

1
0
0 0

Patch "crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-af_alg-fix-race-around-ctx-rcvused-by-making-it-atomic_t.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Tue, 19 Dec 2017 10:27:24 +0000 Subject: crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> [ Upstream commit af955bf15d2c27496b0269b1f05c26f758c68314 ] This variable was increased and decreased without any protection. Result was an occasional misscount and negative wrap around resulting in false resource allocation failures. Fixes: 7d2c3f54e6f6 ("crypto: af_alg - remove locking in async callback") Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Reviewed-by: Stephan Mueller <smueller(a)chronox.de> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- crypto/af_alg.c | 4 ++-- crypto/algif_aead.c | 2 +- crypto/algif_skcipher.c | 2 +- include/crypto/if_alg.h | 5 +++-- 4 files changed, 7 insertions(+), 6 deletions(-) --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -693,7 +693,7 @@ void af_alg_free_areq_sgls(struct af_alg unsigned int i; list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) { - ctx->rcvused -= rsgl->sg_num_bytes; + atomic_sub(rsgl->sg_num_bytes, &ctx->rcvused); af_alg_free_sg(&rsgl->sgl); list_del(&rsgl->list); if (rsgl != &areq->first_rsgl) @@ -1192,7 +1192,7 @@ int af_alg_get_rsgl(struct sock *sk, str areq->last_rsgl = rsgl; len += err; - ctx->rcvused += err; + atomic_add(err, &ctx->rcvused); rsgl->sg_num_bytes = err; iov_iter_advance(&msg->msg_iter, err); } --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -571,7 +571,7 @@ static int aead_accept_parent_nokey(void INIT_LIST_HEAD(&ctx->tsgl_list); ctx->len = len; ctx->used = 0; - ctx->rcvused = 0; + atomic_set(&ctx->rcvused, 0); ctx->more = 0; ctx->merge = 0; ctx->enc = 0; --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -391,7 +391,7 @@ static int skcipher_accept_parent_nokey( INIT_LIST_HEAD(&ctx->tsgl_list); ctx->len = len; ctx->used = 0; - ctx->rcvused = 0; + atomic_set(&ctx->rcvused, 0); ctx->more = 0; ctx->merge = 0; ctx->enc = 0; --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -18,6 +18,7 @@ #include <linux/if_alg.h> #include <linux/scatterlist.h> #include <linux/types.h> +#include <linux/atomic.h> #include <net/sock.h> #include <crypto/aead.h> @@ -155,7 +156,7 @@ struct af_alg_ctx { struct af_alg_completion completion; size_t used; - size_t rcvused; + atomic_t rcvused; bool more; bool merge; @@ -228,7 +229,7 @@ static inline int af_alg_rcvbuf(struct s struct af_alg_ctx *ctx = ask->private; return max_t(int, max_t(int, sk->sk_rcvbuf & PAGE_MASK, PAGE_SIZE) - - ctx->rcvused, 0); + atomic_read(&ctx->rcvused), 0); } /** Patches currently in stable-queue which might be from Jonathan.Cameron(a)huawei.com are queue-4.14/crypto-af_alg-fix-race-around-ctx-rcvused-by-making-it-atomic_t.patch

7 years, 2 months

1
0
0 0

Patch "cgroup: Fix deadlock in cpu hotplug path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cgroup: Fix deadlock in cpu hotplug path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cgroup-fix-deadlock-in-cpu-hotplug-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Prateek Sood <prsood(a)codeaurora.org> Date: Tue, 19 Dec 2017 12:56:57 +0530 Subject: cgroup: Fix deadlock in cpu hotplug path From: Prateek Sood <prsood(a)codeaurora.org> [ Upstream commit 116d2f7496c51b2e02e8e4ecdd2bdf5fb9d5a641 ] Deadlock during cgroup migration from cpu hotplug path when a task T is being moved from source to destination cgroup. kworker/0:0 cpuset_hotplug_workfn() cpuset_hotplug_update_tasks() hotplug_update_tasks_legacy() remove_tasks_in_empty_cpuset() cgroup_transfer_tasks() // stuck in iterator loop cgroup_migrate() cgroup_migrate_add_task() In cgroup_migrate_add_task() it checks for PF_EXITING flag of task T. Task T will not migrate to destination cgroup. css_task_iter_start() will keep pointing to task T in loop waiting for task T cg_list node to be removed. Task T do_exit() exit_signals() // sets PF_EXITING exit_task_namespaces() switch_task_namespaces() free_nsproxy() put_mnt_ns() drop_collected_mounts() namespace_unlock() synchronize_rcu() _synchronize_rcu_expedited() schedule_work() // on cpu0 low priority worker pool wait_event() // waiting for work item to execute Task T inserted a work item in the worklist of cpu0 low priority worker pool. It is waiting for expedited grace period work item to execute. This work item will only be executed once kworker/0:0 complete execution of cpuset_hotplug_workfn(). kworker/0:0 ==> Task T ==>kworker/0:0 In case of PF_EXITING task being migrated from source to destination cgroup, migrate next available task in source cgroup. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/cgroup/cgroup-v1.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/kernel/cgroup/cgroup-v1.c +++ b/kernel/cgroup/cgroup-v1.c @@ -123,7 +123,11 @@ int cgroup_transfer_tasks(struct cgroup */ do { css_task_iter_start(&from->self, 0, &it); - task = css_task_iter_next(&it); + + do { + task = css_task_iter_next(&it); + } while (task && (task->flags & PF_EXITING)); + if (task) get_task_struct(task); css_task_iter_end(&it); Patches currently in stable-queue which might be from prsood(a)codeaurora.org are queue-4.14/cgroup-fix-deadlock-in-cpu-hotplug-path.patch

7 years, 2 months

1
0
0 0

Patch "can: flex_can: Correct the checking for frame length in flexcan_start_xmit()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: flex_can: Correct the checking for frame length in flexcan_start_xmit() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-flex_can-correct-the-checking-for-frame-length-in-flexcan_start_xmit.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Luu An Phu <phu.luuan(a)nxp.com> Date: Tue, 2 Jan 2018 10:44:18 +0700 Subject: can: flex_can: Correct the checking for frame length in flexcan_start_xmit() From: Luu An Phu <phu.luuan(a)nxp.com> [ Upstream commit 13454c14550065fcc1705d6bd4ee6d40e057099f ] The flexcan_start_xmit() function compares the frame length with data register length to write frame content into data[0] and data[1] register. Data register length is 4 bytes and frame maximum length is 8 bytes. Fix the check that compares frame length with 3. Because the register length is 4. Signed-off-by: Luu An Phu <phu.luuan(a)nxp.com> Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/flexcan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/can/flexcan.c +++ b/drivers/net/can/flexcan.c @@ -526,7 +526,7 @@ static int flexcan_start_xmit(struct sk_ data = be32_to_cpup((__be32 *)&cf->data[0]); flexcan_write(data, &priv->tx_mb->data[0]); } - if (cf->can_dlc > 3) { + if (cf->can_dlc > 4) { data = be32_to_cpup((__be32 *)&cf->data[4]); flexcan_write(data, &priv->tx_mb->data[1]); } Patches currently in stable-queue which might be from phu.luuan(a)nxp.com are queue-4.14/can-flex_can-correct-the-checking-for-frame-length-in-flexcan_start_xmit.patch

7 years, 2 months

1
0
0 0

Patch "btrfs: Fix flush bio leak" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled btrfs: Fix flush bio leak to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: btrfs-fix-flush-bio-leak.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Nikolay Borisov <nborisov(a)suse.com> Date: Wed, 13 Dec 2017 13:50:07 +0200 Subject: btrfs: Fix flush bio leak From: Nikolay Borisov <nborisov(a)suse.com> [ Upstream commit beed9263f4000c48a5c48912f26576f6fa091181 ] Commit e0ae99941423 ("btrfs: preallocate device flush bio") reworked the way the flush bio is allocated and used. Concretely it allocates the bio in __alloc_device and then re-uses it multiple times with a very simple endio routine that just calls complete() without consuming a reference. Allocated bios by default come with a ref count of 1, which is then consumed by the endio routine (or not, in which case they should be bio_put by the caller). The way the impleementation works now is that the flush bio has a refcount of 2 and we only ever bio_put it once, leaving it to hang indefinitely. Fix this by removing the extra bio_get in __alloc_device. Fixes: e0ae99941423 ("btrfs: preallocate device flush bio") Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: Liu Bo <bo.li.liu(a)oracle.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/btrfs/volumes.c | 1 - 1 file changed, 1 deletion(-) --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -236,7 +236,6 @@ static struct btrfs_device *__alloc_devi kfree(dev); return ERR_PTR(-ENOMEM); } - bio_get(dev->flush_bio); INIT_LIST_HEAD(&dev->dev_list); INIT_LIST_HEAD(&dev->dev_alloc_list); Patches currently in stable-queue which might be from nborisov(a)suse.com are queue-4.14/btrfs-fix-flush-bio-leak.patch

7 years, 2 months

1
0
0 0

Patch "bpf: sockmap missing NULL psock check" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bpf: sockmap missing NULL psock check to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bpf-sockmap-missing-null-psock-check.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: John Fastabend <john.fastabend(a)gmail.com> Date: Thu, 4 Jan 2018 20:02:09 -0800 Subject: bpf: sockmap missing NULL psock check From: John Fastabend <john.fastabend(a)gmail.com> [ Upstream commit 5731a879d03bdaa00265f8ebc32dfd0e65d25276 ] Add psock NULL check to handle a racing sock event that can get the sk_callback_lock before this case but after xchg happens causing the refcnt to hit zero and sock user data (psock) to be null and queued for garbage collection. Also add a comment in the code because this is a bit subtle and not obvious in my opinion. Signed-off-by: John Fastabend <john.fastabend(a)gmail.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/bpf/sockmap.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/kernel/bpf/sockmap.c +++ b/kernel/bpf/sockmap.c @@ -588,8 +588,15 @@ static void sock_map_free(struct bpf_map write_lock_bh(&sock->sk_callback_lock); psock = smap_psock_sk(sock); - smap_list_remove(psock, &stab->sock_map[i]); - smap_release_sock(psock, sock); + /* This check handles a racing sock event that can get the + * sk_callback_lock before this case but after xchg happens + * causing the refcnt to hit zero and sock user data (psock) + * to be null and queued for garbage collection. + */ + if (likely(psock)) { + smap_list_remove(psock, &stab->sock_map[i]); + smap_release_sock(psock, sock); + } write_unlock_bh(&sock->sk_callback_lock); } rcu_read_unlock(); Patches currently in stable-queue which might be from john.fastabend(a)gmail.com are queue-4.14/bpf-sockmap-missing-null-psock-check.patch

7 years, 2 months

1
0
0 0

Patch "bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine." has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bnxt_en-fix-the-invalid-vf-id-check-in-bnxt_vf_ndo_prep-routine.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> Date: Thu, 4 Jan 2018 18:46:55 -0500 Subject: bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. From: Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> [ Upstream commit 78f300049335ae81a5cc6b4b232481dc5e1f9d41 ] In bnxt_vf_ndo_prep (which is called by bnxt_get_vf_config ndo), there is a check for "Invalid VF id". Currently, the check is done against max_vfs. However, the user doesn't always create max_vfs. So, the check should be against the created number of VFs. The number of bnxt_vf_info structures that are allocated in bnxt_alloc_vf_resources routine is the "number of requested VFs". So, if an "invalid VF id" falls between the requested number of VFs and the max_vfs, the driver will be dereferencing an invalid pointer. Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.") Signed-off-by: Venkat Devvuru <venkatkumar.duvvuru(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c @@ -70,7 +70,7 @@ static int bnxt_vf_ndo_prep(struct bnxt netdev_err(bp->dev, "vf ndo called though sriov is disabled\n"); return -EINVAL; } - if (vf_id >= bp->pf.max_vfs) { + if (vf_id >= bp->pf.active_vfs) { netdev_err(bp->dev, "Invalid VF id %d\n", vf_id); return -EINVAL; } Patches currently in stable-queue which might be from venkatkumar.duvvuru(a)broadcom.com are queue-4.14/bnxt_en-fix-population-of-flow_type-in-bnxt_hwrm_cfa_flow_alloc.patch queue-4.14/bnxt_en-fix-the-invalid-vf-id-check-in-bnxt_vf_ndo_prep-routine.patch

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 0146985addc322ca518d27fecfe98ae5acda7c1e: Linux 4.14.17 (2018-02-03 17:39:25 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-23022018 for you to fetch changes up to 325a9ccd612b7152566373774adaf6ad8f607e5f: mlxsw: pci: Wait after reset before accessing HW (2018-02-03 12:51:56 -0500) - ---------------------------------------------------------------- for-greg-4.14-23022018 - ---------------------------------------------------------------- Abhijeet Kumar (1): ASoC: nau8825: fix issue that pop noise when start capture Al Viro (1): sget(): handle failures of register_shrinker() Albert Hsieh (1): mtd: nand: brcmnand: Zero bitflip is not an error Alexander Duyck (1): i40e/i40evf: Account for frags split over multiple descriptors in check linearize Alexander Kochetkov (1): net: arc_emac: fix arc_emac_rx() error paths Alexey Khoroshilov (1): net: phy: xgene: disable clk on error paths Aliaksei Karaliou (2): xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() Andreas Platschek (1): dmaengine: fsl-edma: disable clks on all error paths Andy Shevchenko (1): x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" Antoine Tenart (2): crypto: inside-secure - free requests even if their handling failed crypto: inside-secure - fix request allocations in invalidation path Arnaldo Carvalho de Melo (1): x86/asm: Allow again using asm.h when building for the 'bpf' clang target Arnd Bergmann (2): exec: avoid gcc-8 warning for get_task_comm ARM: dts: ls1021a: fix incorrect clock references Arvind Yadav (1): phy: cpcap-usb: Fix platform_get_irq_byname's error checking. Bogdan Mirea (1): arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property Boris Ostrovsky (1): xen/balloon: Mark unallocated host memory as UNUSABLE Brendan McGrath (1): ipv6: icmp6: Allow icmp messages to be looped back Bryan Tan (1): RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path Cathy Avery (1): scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error Christophe JAILLET (2): mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' mdio-sun4i: Fix a memory leak Chunyan Zhang (1): ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch Daniele Palmas (1): net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support Dave Young (1): x86/efi: Fix kernel param add_efi_memmap regression David Howells (1): afs: Fix missing error handling in afs_write_end() Eduardo Otubo (1): xen-netfront: enable device after manual module load Erez Shitrit (1): IB/ipoib: Fix race condition in neigh creation Ewan D. Milne (1): nvme-fabrics: initialize default host->id in nvmf_host_default() Felix Janda (1): uapi libc compat: add fallback for unsupported libcs Florian Westphal (1): netfilter: uapi: correct UNTRACKED conntrack state bit number Fredrik Hallenberg (2): net: stmmac: Fix TX timestamp calculation net: stmmac: Fix bad RX timestamp extraction Gabriel Krisman Bertazi (1): i915: Reject CCS modifiers for pipe C on Geminilake Gao Feng (1): macvlan: Fix one possible double free Guenter Roeck (1): genirq: Guard handle_bad_irq log messages Guilherme G. Piccoli (1): bnx2x: Improve reliability in case of nested PCI errors Hangbin Liu (1): netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() Hannes Reinecke (1): scsi: core: check for device state in __scsi_remove_target() Hao Chen (1): nl80211: Check for the required netlink attribute presence Herbert Xu (1): xfrm: Reinject transport-mode packets through tasklet Huy Nguyen (1): net/mlx5e: Fix ETS BW check Igor Russkikh (2): net: aquantia: Fix actual speed capabilities reporting net: aquantia: Fix hardware DMA stream overload on large MRRS Jacek Anaszewski (1): leds: core: Fix regression caused by commit 2b83ff96f51d Jacob Keller (1): i40e: don't remove netdev->dev_addr when syncing uc list Jakub Kicinski (1): nfp: always unmask aux interrupts at init James Hogan (1): lib/mpi: Fix umul_ppmm() for MIPS64r6 James Smart (1): nvme-fc: remove double put reference if admin connect fails Jan Beulich (1): x86-64/Xen: eliminate W+X mappings Jia-Ju Bai (1): mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl Johannes Berg (1): mac80211: mesh: drop frames appearing to be from us John David Anglin (1): parisc: Reduce thread stack to 16 kb John Fastabend (1): bpf: sockmap missing NULL psock check John Stultz (1): staging: ion: Fix ion_cma_heap allocations Jonathan Cameron (1): crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t Josh Poimboeuf (1): x86/stacktrace: Make zombie stack traces reliable Karol Herbst (1): drm/nouveau/pci: do a msi rearm on init Keith Busch (1): nvme: check hw sectors before setting chunk sectors Kuninori Morimoto (1): ASoC: rsnd: fixup ADG register mask Lan Tianyu (1): KVM/x86: Check input paging mode when cs.l is set Leon Romanovsky (2): IB/mlx4: Fix mlx4_ib_alloc_mr error flow RDMA/netlink: Fix locking around __ib_get_device_by_index Loic Poulain (1): wcn36xx: Fix dynamic power saving Luu An Phu (1): can: flex_can: Correct the checking for frame length in flexcan_start_xmit() Madalin Bucur (1): of_mdio: avoid MDIO bus removal when a PHY is missing Marcelo Ricardo Leitner (2): sctp: add a ceiling to optlen in some sockopts sctp: make use of pre-calculated len Matthieu CASTET (1): led: core: Fix brightness setting when setting delay_off=0 Michael Ellerman (1): powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ Ming Lei (1): block: drain queue before waiting for q_usage_counter becoming zero Moshe Shemesh (2): net/mlx5: Cleanup IRQs in case of unload failure net/mlx5: Stay in polling mode when command EQ destroy fails Netanel Belgazal (1): net: ena: unmask MSI-X only after device initialization is completed Nikolay Borisov (1): btrfs: Fix flush bio leak Nitzan Carmi (1): IB/mlx5: Fix mlx5_ib_alloc_mr error flow Ofer Heifetz (1): crypto: inside-secure - per request invalidation Oleksandr Andrushchenko (1): Input: xen-kbdfront - do not advertise multi-touch pressure support Pablo Neira Ayuso (1): netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() Prasad B Munirathnam (1): scsi: aacraid: Fix I/O drop during reset Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Radu Pirea (1): spi: atmel: fixed spin_lock usage inside atmel_spi_remove Ross Lagerwall (2): xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup Russell King (1): net: phy: fix resume handling SZ Lin (æž—ä¸Šæ™º) (1): NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 Sascha Hauer (1): mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM Sean Wang (1): net: mediatek: setup proper state for disabled GMAC on the default Sergei Shtylyov (1): SolutionEngine771x: fix Ether platform data Siva Reddy Kallam (2): tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 Stefan Haberland (1): s390/dasd: fix wrongly assigned configuration data Sunil Challa (1): bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() Tetsuo Handa (1): mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. Thomas Gleixner (1): perf/x86/intel: Plug memory leak in intel_pmu_init() Tommi Rantala (2): tipc: error path leak fixes in tipc_enable_bearer() tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path Tushar Dave (1): e1000: fix disabling already-disabled warning Valentin Ilie (1): ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y Venkat Duvvuru (1): bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. Xin Long (6): sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege vxlan: update skb dst pmtu on tx path ip_gre: remove the incorrect mtu limit for ipgre tap ip6_gre: remove the incorrect mtu limit for ipgre tap ip6_tunnel: get the min mtu properly in ip6_tnl_xmit ip6_tunnel: allow ip6gre dev mtu to be set below 1280 Xiongwei Song (1): drm/ttm: check the return value of kzalloc Yangbo Lu (1): net: gianfar_ptp: move set_fipers() to spinlock protecting area Yuval Mintz (1): mlxsw: pci: Wait after reset before accessing HW arch/arm/boot/dts/ls1021a-qds.dts | 2 +- arch/arm/boot/dts/ls1021a-twr.dts | 2 +- arch/arm/lib/csumpartialcopyuser.S | 4 + arch/arm64/boot/dts/renesas/ulcb.dtsi | 1 - arch/ia64/kernel/time.c | 2 +- arch/parisc/include/asm/thread_info.h | 5 ++ arch/powerpc/platforms/pseries/dlpar.c | 21 +++++- arch/powerpc/platforms/pseries/pseries.h | 2 + arch/powerpc/platforms/pseries/ras.c | 3 +- arch/sh/boards/mach-se/770x/setup.c | 10 ++- arch/x86/events/intel/core.c | 5 +- arch/x86/include/asm/asm.h | 2 + arch/x86/kernel/setup.c | 5 +- arch/x86/kernel/stacktrace.c | 6 +- arch/x86/kvm/x86.c | 26 +++++++ .../platform/intel-mid/device_libs/platform_bt.c | 2 +- arch/x86/xen/enlighten.c | 81 +++++++++++++++++++++ arch/x86/xen/enlighten_pv.c | 3 + arch/x86/xen/mmu_pv.c | 12 +++ arch/x86/xen/setup.c | 6 +- block/blk-core.c | 9 ++- block/blk-mq.c | 2 + block/blk.h | 2 + crypto/af_alg.c | 4 +- crypto/algif_aead.c | 2 +- crypto/algif_skcipher.c | 2 +- drivers/crypto/inside-secure/safexcel.c | 1 + drivers/crypto/inside-secure/safexcel_cipher.c | 85 +++++++++++++++++----- drivers/crypto/inside-secure/safexcel_hash.c | 79 +++++++++++++++----- drivers/dma/fsl-edma.c | 28 +++---- drivers/gpu/drm/i915/intel_display.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c | 7 ++ drivers/gpu/drm/ttm/ttm_page_alloc.c | 2 + drivers/infiniband/core/core_priv.h | 2 +- drivers/infiniband/core/device.c | 18 ++++- drivers/infiniband/core/nldev.c | 54 +++++++++----- drivers/infiniband/hw/mlx4/mr.c | 2 +- drivers/infiniband/hw/mlx5/mr.c | 1 + drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c | 7 ++ drivers/infiniband/ulp/ipoib/ipoib_main.c | 25 +++++-- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 5 +- drivers/input/misc/xen-kbdfront.c | 2 - drivers/leds/led-core.c | 1 + drivers/mtd/nand/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +- drivers/net/can/flexcan.c | 2 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 26 +++---- drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 4 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 7 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.h | 2 +- .../net/ethernet/aquantia/atlantic/aq_pci_func.c | 5 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 13 +++- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 25 ++++++- .../aquantia/atlantic/hw_atl/hw_atl_llh_internal.h | 6 ++ drivers/net/ethernet/arc/emac_main.c | 53 ++++++++------ drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 14 +++- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 2 +- drivers/net/ethernet/broadcom/tg3.c | 13 +++- drivers/net/ethernet/broadcom/tg3.h | 4 + drivers/net/ethernet/freescale/gianfar_ptp.c | 3 +- drivers/net/ethernet/intel/e1000/e1000.h | 3 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 27 +++++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 17 ++++- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 26 ++++++- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 26 ++++++- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 11 +-- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 10 ++- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 18 +++-- drivers/net/ethernet/mellanox/mlxsw/pci.c | 7 +- drivers/net/ethernet/mellanox/mlxsw/pci_hw.h | 1 + .../net/ethernet/netronome/nfp/nfp_net_common.c | 2 + drivers/net/ethernet/stmicro/stmmac/common.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 5 +- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 3 +- drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 2 +- .../net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/macvlan.c | 7 +- drivers/net/phy/at803x.c | 4 - drivers/net/phy/mdio-sun4i.c | 6 +- drivers/net/phy/mdio-xgene.c | 21 ++++-- drivers/net/phy/phy.c | 9 +-- drivers/net/phy/phy_device.c | 10 ++- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/vxlan.c | 14 ++++ drivers/net/wireless/ath/wcn36xx/main.c | 23 +++--- drivers/net/wireless/ath/wcn36xx/pmc.c | 6 +- drivers/net/wireless/mac80211_hwsim.c | 2 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 3 +- drivers/nvme/host/fabrics.c | 1 + drivers/nvme/host/fc.c | 1 - drivers/of/of_mdio.c | 9 ++- drivers/phy/motorola/phy-cpcap-usb.c | 2 +- drivers/s390/block/dasd_3990_erp.c | 10 +++ drivers/scsi/aacraid/aacraid.h | 1 + drivers/scsi/aacraid/linit.c | 2 +- drivers/scsi/scsi_sysfs.c | 5 +- drivers/scsi/storvsc_drv.c | 3 +- drivers/spi/spi-atmel.c | 2 +- drivers/staging/android/ion/Kconfig | 2 +- drivers/staging/android/ion/ion_cma_heap.c | 15 +++- drivers/xen/balloon.c | 65 ++++++++++++++--- drivers/xen/gntdev.c | 8 +- fs/afs/write.c | 8 +- fs/btrfs/volumes.c | 1 - fs/exec.c | 7 +- fs/super.c | 6 +- fs/xfs/xfs_qm.c | 46 ++++++++---- include/crypto/if_alg.h | 5 +- include/linux/mlx5/driver.h | 2 +- include/linux/sched.h | 6 +- include/net/xfrm.h | 3 + include/uapi/linux/libc-compat.h | 55 +++++++++++++- include/uapi/linux/netfilter/nf_conntrack_common.h | 2 +- include/xen/balloon.h | 5 ++ kernel/bpf/sockmap.c | 11 ++- kernel/cgroup/cgroup-v1.c | 6 +- kernel/irq/debug.h | 5 ++ lib/mpi/longlong.h | 18 ++++- mm/frame_vector.c | 6 +- mm/vmscan.c | 3 + net/ipv4/ip_gre.c | 1 + net/ipv4/xfrm4_input.c | 12 ++- net/ipv6/ip6_gre.c | 1 + net/ipv6/ip6_tunnel.c | 15 ++-- net/ipv6/route.c | 1 + net/ipv6/xfrm6_input.c | 10 ++- net/mac80211/rx.c | 2 + net/netfilter/nf_tables_api.c | 8 +- net/sctp/socket.c | 26 +++++-- net/sctp/ulpqueue.c | 24 ++---- net/tipc/bearer.c | 5 +- net/tipc/monitor.c | 6 +- net/wireless/nl80211.c | 3 +- net/xfrm/xfrm_input.c | 57 +++++++++++++++ sound/soc/codecs/nau8825.c | 1 + sound/soc/sh/rcar/adg.c | 6 +- 140 files changed, 1165 insertions(+), 345 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJakgpRAAoJEN6mb/eXdyzcm8wP/i0X4jER2p2QUfO7HNKbq1mc GTCqqf/3DalsNaS0VAAg4hWTA1MpzsauARE5IxzADaOcThSxNOQflr8Q8N1Th4QL Ta7aeksQtmS9Jal6kI8wSFJ3ZLKKZUFjTC9eDQmrmDyRj69uzAv4PWPGzVIk5V9E temdeMaygrHF/xAFkuXD/eYFIsSAWiRRhEk1A0M/pr+FoX3Cn6w0+xCBGrE8SJDU 0h87PboerYXiXafou0/jN4o82Vy1ZSntlWd8+c/XvYP4Yijan7M2A4mAV+JLXjxv OzEHMNAXyei5NxmpWms4Q0bnwm0cauK4bxA4HvLaNqVA5V6aKeDImPq8lu5FoKk/ On5QgayNTc1AFUqwp/D+kiiD+HMHwU+qjYYK85GNrNaP7CQryOQ8BLLryjoN9uLZ 8x4T8pWJpv1totIT+MKjq5TIQhBs2wxM4hb7RdcYP6tGndu293W8u6icjgji1ItF rfa/gTODV/uFYuZHqjZ37FEObsi/X8JCwzhHWhiPiKVtgypJN+n93RWJ+glSwllT ftTV91rsH/f+3V8sMPmawszr5cvojB0S/wlMwSNTMZ6QRpj2Gn5QEysVOQGR8iuZ LZ0MUG07kV5w/ZFn/b04iQ8quFMCnOkxo4yW48Lr4OvM7QCu1/vq1P5YLBMv5L3v FxWgZ0TDUS8oOBC6qcNZ =waOz -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

Patch "bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bnxt_en-fix-population-of-flow_type-in-bnxt_hwrm_cfa_flow_alloc.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Sunil Challa <sunilkumar.challa(a)broadcom.com> Date: Thu, 4 Jan 2018 18:46:54 -0500 Subject: bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() From: Sunil Challa <sunilkumar.challa(a)broadcom.com> [ Upstream commit 7deea450eb912f269d999de62c8ab922d1461748 ] flow_type in HWRM_FLOW_ALLOC is not being populated correctly due to incorrect passing of pointer and size of l3_mask argument of is_wildcard(). Fixed this. Fixes: db1d36a27324 ("bnxt_en: add TC flower offload flow_alloc/free FW cmds") Signed-off-by: Sunil Challa <sunilkumar.challa(a)broadcom.com> Reviewed-by: Sathya Perla <sathya.perla(a)broadcom.com> Reviewed-by: Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c @@ -327,7 +327,7 @@ static int bnxt_hwrm_cfa_flow_alloc(stru } /* If all IP and L4 fields are wildcarded then this is an L2 flow */ - if (is_wildcard(&l3_mask, sizeof(l3_mask)) && + if (is_wildcard(l3_mask, sizeof(*l3_mask)) && is_wildcard(&flow->l4_mask, sizeof(flow->l4_mask))) { flow_flags |= CFA_FLOW_ALLOC_REQ_FLAGS_FLOWTYPE_L2; } else { Patches currently in stable-queue which might be from sunilkumar.challa(a)broadcom.com are queue-4.14/bnxt_en-fix-population-of-flow_type-in-bnxt_hwrm_cfa_flow_alloc.patch

7 years, 2 months

1
0
0 0

Patch "bnx2x: Improve reliability in case of nested PCI errors" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bnx2x: Improve reliability in case of nested PCI errors to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bnx2x-improve-reliability-in-case-of-nested-pci-errors.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: "Guilherme G. Piccoli" <gpiccoli(a)linux.vnet.ibm.com> Date: Fri, 22 Dec 2017 13:01:39 -0200 Subject: bnx2x: Improve reliability in case of nested PCI errors From: "Guilherme G. Piccoli" <gpiccoli(a)linux.vnet.ibm.com> [ Upstream commit f7084059a9cb9e56a186e1677b1dcffd76c2cd24 ] While in recovery process of PCI error (called EEH on PowerPC arch), another PCI transaction could be corrupted causing a situation of nested PCI errors. Also, this scenario could be reproduced with error injection mechanisms (for debug purposes). We observe that in case of nested PCI errors, bnx2x might attempt to initialize its shmem and cause a kernel crash due to bad addresses read from MCP. Multiple different stack traces were observed depending on the point the second PCI error happens. This patch avoids the crashes by: * failing PCI recovery in case of nested errors (since multiple PCI errors in a row are not expected to lead to a functional adapter anyway), and by, * preventing access to adapter FW when MCP is failed (we mark it as failed when shmem cannot get initialized properly). Reported-by: Abdul Haleem <abdhalee(a)linux.vnet.ibm.com> Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)linux.vnet.ibm.com> Acked-by: Shahed Shaikh <Shahed.Shaikh(a)cavium.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 4 ++-- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 14 +++++++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c @@ -3030,7 +3030,7 @@ int bnx2x_nic_unload(struct bnx2x *bp, i del_timer_sync(&bp->timer); - if (IS_PF(bp)) { + if (IS_PF(bp) && !BP_NOMCP(bp)) { /* Set ALWAYS_ALIVE bit in shmem */ bp->fw_drv_pulse_wr_seq |= DRV_PULSE_ALWAYS_ALIVE; bnx2x_drv_pulse(bp); @@ -3116,7 +3116,7 @@ int bnx2x_nic_unload(struct bnx2x *bp, i bp->cnic_loaded = false; /* Clear driver version indication in shmem */ - if (IS_PF(bp)) + if (IS_PF(bp) && !BP_NOMCP(bp)) bnx2x_update_mng_version(bp); /* Check if there are pending parity attentions. If there are - set --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c @@ -9578,6 +9578,15 @@ static int bnx2x_init_shmem(struct bnx2x do { bp->common.shmem_base = REG_RD(bp, MISC_REG_SHARED_MEM_ADDR); + + /* If we read all 0xFFs, means we are in PCI error state and + * should bail out to avoid crashes on adapter's FW reads. + */ + if (bp->common.shmem_base == 0xFFFFFFFF) { + bp->flags |= NO_MCP_FLAG; + return -ENODEV; + } + if (bp->common.shmem_base) { val = SHMEM_RD(bp, validity_map[BP_PORT(bp)]); if (val & SHR_MEM_VALIDITY_MB) @@ -14315,7 +14324,10 @@ static pci_ers_result_t bnx2x_io_slot_re BNX2X_ERR("IO slot reset --> driver unload\n"); /* MCP should have been reset; Need to wait for validity */ - bnx2x_init_shmem(bp); + if (bnx2x_init_shmem(bp)) { + rtnl_unlock(); + return PCI_ERS_RESULT_DISCONNECT; + } if (IS_PF(bp) && SHMEM2_HAS(bp, drv_capabilities_flag)) { u32 v; Patches currently in stable-queue which might be from gpiccoli(a)linux.vnet.ibm.com are queue-4.14/bnx2x-improve-reliability-in-case-of-nested-pci-errors.patch

7 years, 2 months

1
0
0 0

Patch "block: drain queue before waiting for q_usage_counter becoming zero" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled block: drain queue before waiting for q_usage_counter becoming zero to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: block-drain-queue-before-waiting-for-q_usage_counter-becoming-zero.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Ming Lei <ming.lei(a)redhat.com> Date: Thu, 30 Nov 2017 07:56:35 +0800 Subject: block: drain queue before waiting for q_usage_counter becoming zero From: Ming Lei <ming.lei(a)redhat.com> [ Upstream commit 454be724f6f99cc7e7bbf15067128be9868186c6 ] Now we track legacy requests with .q_usage_counter in commit 055f6e18e08f ("block: Make q_usage_counter also track legacy requests"), but that commit never runs and drains legacy queue before waiting for this counter becoming zero, then IO hang is caused in the test of pulling disk during IO. This patch fixes the issue by draining requests before waiting for q_usage_counter becoming zero, both Mauricio and chenxiang reported this issue, and observed that it can be fixed by this patch. Link: https://marc.info/?l=linux-block&m=151192424731797&w=2 Fixes: 055f6e18e08f("block: Make q_usage_counter also track legacy requests") Cc: Wen Xiong <wenxiong(a)us.ibm.com> Tested-by: "chenxiang (M)" <chenxiang66(a)hisilicon.com> Tested-by: Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/blk-core.c | 9 +++++++-- block/blk-mq.c | 2 ++ block/blk.h | 2 ++ 3 files changed, 11 insertions(+), 2 deletions(-) --- a/block/blk-core.c +++ b/block/blk-core.c @@ -531,6 +531,13 @@ static void __blk_drain_queue(struct req } } +void blk_drain_queue(struct request_queue *q) +{ + spin_lock_irq(q->queue_lock); + __blk_drain_queue(q, true); + spin_unlock_irq(q->queue_lock); +} + /** * blk_queue_bypass_start - enter queue bypass mode * @q: queue of interest @@ -655,8 +662,6 @@ void blk_cleanup_queue(struct request_qu */ blk_freeze_queue(q); spin_lock_irq(lock); - if (!q->mq_ops) - __blk_drain_queue(q, true); queue_flag_set(QUEUE_FLAG_DEAD, q); spin_unlock_irq(lock); --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -159,6 +159,8 @@ void blk_freeze_queue(struct request_que * exported to drivers as the only user for unfreeze is blk_mq. */ blk_freeze_queue_start(q); + if (!q->mq_ops) + blk_drain_queue(q); blk_mq_freeze_queue_wait(q); } --- a/block/blk.h +++ b/block/blk.h @@ -362,4 +362,6 @@ static inline void blk_queue_bounce(stru } #endif /* CONFIG_BOUNCE */ +extern void blk_drain_queue(struct request_queue *q); + #endif /* BLK_INTERNAL_H */ Patches currently in stable-queue which might be from ming.lei(a)redhat.com are queue-4.14/block-drain-queue-before-waiting-for-q_usage_counter-becoming-zero.patch

7 years, 2 months

1
0
0 0

Patch "ASoC: nau8825: fix issue that pop noise when start capture" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ASoC: nau8825: fix issue that pop noise when start capture to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: asoc-nau8825-fix-issue-that-pop-noise-when-start-capture.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Abhijeet Kumar <abhijeet.kumar(a)intel.com> Date: Tue, 12 Dec 2017 00:40:25 +0530 Subject: ASoC: nau8825: fix issue that pop noise when start capture From: Abhijeet Kumar <abhijeet.kumar(a)intel.com> [ Upstream commit d070f7c703ef26e3db613f24206823f916272fc6 ] In skylake platform, we hear a loud pop noise(0 dB) at start of audio capture power up sequence. This patch removes the pop noise from the recording by adding a delay before enabling ADC. Signed-off-by: Abhijeet Kumar <abhijeet.kumar(a)intel.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/soc/codecs/nau8825.c | 1 + 1 file changed, 1 insertion(+) --- a/sound/soc/codecs/nau8825.c +++ b/sound/soc/codecs/nau8825.c @@ -905,6 +905,7 @@ static int nau8825_adc_event(struct snd_ switch (event) { case SND_SOC_DAPM_POST_PMU: + msleep(125); regmap_update_bits(nau8825->regmap, NAU8825_REG_ENA_CTRL, NAU8825_ENABLE_ADC, NAU8825_ENABLE_ADC); break; Patches currently in stable-queue which might be from abhijeet.kumar(a)intel.com are queue-4.14/asoc-nau8825-fix-issue-that-pop-noise-when-start-capture.patch

7 years, 2 months

1
0
0 0

Patch "ASoC: rsnd: fixup ADG register mask" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ASoC: rsnd: fixup ADG register mask to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: asoc-rsnd-fixup-adg-register-mask.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Date: Wed, 20 Dec 2017 06:11:59 +0000 Subject: ASoC: rsnd: fixup ADG register mask From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> [ Upstream commit d5aa24825da5711f8cb829f873160ddf1a29b19c ] BRGCKR should use 0x80770000, instead of 0x80FF0000. R-Car Gen2 xxx_TIMSEL should use 0x0F1F, R-Car Gen3 xxx_TIMSEL should use 0x1F1F. Here, Gen3 doesn't support AVD, thus, both case can use 0x0F1F. Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Reviewed-by: Hiroyuki Yokoyama <hiroyuki.yokoyama.vx(a)renesas.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/soc/sh/rcar/adg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/sound/soc/sh/rcar/adg.c +++ b/sound/soc/sh/rcar/adg.c @@ -216,7 +216,7 @@ int rsnd_adg_set_cmd_timsel_gen2(struct NULL, &val, NULL); val = val << shift; - mask = 0xffff << shift; + mask = 0x0f1f << shift; rsnd_mod_bset(adg_mod, CMDOUT_TIMSEL, mask, val); @@ -244,7 +244,7 @@ int rsnd_adg_set_src_timesel_gen2(struct in = in << shift; out = out << shift; - mask = 0xffff << shift; + mask = 0x0f1f << shift; switch (id / 2) { case 0: @@ -374,7 +374,7 @@ int rsnd_adg_ssi_clk_try_start(struct rs ckr = 0x80000000; } - rsnd_mod_bset(adg_mod, BRGCKR, 0x80FF0000, adg->ckr | ckr); + rsnd_mod_bset(adg_mod, BRGCKR, 0x80770000, adg->ckr | ckr); rsnd_mod_write(adg_mod, BRRA, adg->rbga); rsnd_mod_write(adg_mod, BRRB, adg->rbgb); Patches currently in stable-queue which might be from kuninori.morimoto.gx(a)renesas.com are queue-4.14/asoc-rsnd-fixup-adg-register-mask.patch

7 years, 2 months

1
0
0 0

Patch "arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-dts-renesas-ulcb-remove-renesas-no-ether-link-property.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Bogdan Mirea <Bogdan-Stefan_Mirea(a)mentor.com> Date: Thu, 21 Dec 2017 17:18:59 +0200 Subject: arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property From: Bogdan Mirea <Bogdan-Stefan_Mirea(a)mentor.com> [ Upstream commit 7d2901f809c110bd9a261e879d59efe62e3bc758 ] The present change is a bug fix for AVB link iteratively up/down. Steps to reproduce: - start AVB TX stream (Using aplay via MSE), - disconnect+reconnect the eth cable, - after a reconnection the eth connection goes iteratively up/down without user interaction, - this may heal after some seconds or even stay for minutes. As the documentation specifies, the "renesas,no-ether-link" option should be used when a board does not provide a proper AVB_LINK signal. There is no need for this option enabled on RCAR H3/M3 Salvator-X/XS and ULCB starter kits since the AVB_LINK is correctly handled by HW. Choosing to keep or remove the "renesas,no-ether-link" option will have impact on the code flow in the following ways: - keeping this option enabled may lead to unexpected behavior since the RX & TX are enabled/disabled directly from adjust_link function without any HW interrogation, - removing this option, the RX & TX will only be enabled/disabled after HW interrogation. The HW check is made through the LMON pin in PSR register which specifies AVB_LINK signal value (0 - at low level; 1 - at high level). In conclusion, the present change is also a safety improvement because it removes the "renesas,no-ether-link" option leading to a proper way of detecting the link state based on HW interrogation and not on software heuristic. Fixes: dc36965a8905 ("arm64: dts: r8a7796: salvator-x: Enable EthernetAVB") Fixes: 6fa501c549aa ("arm64: dts: r8a7795: enable EthernetAVB on Salvator-X") Signed-off-by: Bogdan Mirea <Bogdan-Stefan_Mirea(a)mentor.com> Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> Signed-off-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/boot/dts/renesas/ulcb.dtsi | 1 - 1 file changed, 1 deletion(-) --- a/arch/arm64/boot/dts/renesas/ulcb.dtsi +++ b/arch/arm64/boot/dts/renesas/ulcb.dtsi @@ -145,7 +145,6 @@ &avb { pinctrl-0 = <&avb_pins>; pinctrl-names = "default"; - renesas,no-ether-link; phy-handle = <&phy0>; status = "okay"; Patches currently in stable-queue which might be from Bogdan-Stefan_Mirea(a)mentor.com are queue-4.14/arm64-dts-renesas-ulcb-remove-renesas-no-ether-link-property.patch

7 years, 2 months

1
0
0 0

Patch "ARM: dts: ls1021a: fix incorrect clock references" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: ls1021a: fix incorrect clock references to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-ls1021a-fix-incorrect-clock-references.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Arnd Bergmann <arnd(a)arndb.de> Date: Thu, 21 Dec 2017 22:35:19 +0100 Subject: ARM: dts: ls1021a: fix incorrect clock references From: Arnd Bergmann <arnd(a)arndb.de> [ Upstream commit 506e8a912661c97b41adc8a286b875d01323ec45 ] dtc warns about two 'clocks' properties that have an extraneous '1' at the end: arch/arm/boot/dts/ls1021a-qds.dtb: Warning (clocks_property): arch/arm/boot/dts/ls1021a-twr.dtb: Warning (clocks_property): Property 'clocks', cell 1 is not a phandle reference in /soc/i2c@2180000/mux@77/i2c@4/sgtl5000@2a arch/arm/boot/dts/ls1021a-qds.dtb: Warning (clocks_property): Missing property '#clock-cells' in node /soc/interrupt-controller@1400000 or bad phandle (referred from /soc/i2c@2180000/mux@77/i2c@4/sgtl5000@2a:clocks[1]) Property 'clocks', cell 1 is not a phandle reference in /soc/i2c@2190000/sgtl5000@a arch/arm/boot/dts/ls1021a-twr.dtb: Warning (clocks_property): Missing property '#clock-cells' in node /soc/interrupt-controller@1400000 or bad phandle (referred from /soc/i2c@2190000/sgtl5000@a:clocks[1]) The clocks that get referenced here are fixed-rate, so they do not take any argument, and dtc interprets the next cell as a phandle, which is invalid. Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/ls1021a-qds.dts | 2 +- arch/arm/boot/dts/ls1021a-twr.dts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm/boot/dts/ls1021a-qds.dts +++ b/arch/arm/boot/dts/ls1021a-qds.dts @@ -215,7 +215,7 @@ reg = <0x2a>; VDDA-supply = <&reg_3p3v>; VDDIO-supply = <&reg_3p3v>; - clocks = <&sys_mclk 1>; + clocks = <&sys_mclk>; }; }; }; --- a/arch/arm/boot/dts/ls1021a-twr.dts +++ b/arch/arm/boot/dts/ls1021a-twr.dts @@ -187,7 +187,7 @@ reg = <0x0a>; VDDA-supply = <&reg_3p3v>; VDDIO-supply = <&reg_3p3v>; - clocks = <&sys_mclk 1>; + clocks = <&sys_mclk>; }; }; Patches currently in stable-queue which might be from arnd(a)arndb.de are queue-4.14/exec-avoid-gcc-8-warning-for-get_task_comm.patch queue-4.14/x86-asm-allow-again-using-asm.h-when-building-for-the-bpf-clang-target.patch queue-4.14/arm-dts-ls1021a-fix-incorrect-clock-references.patch

7 years, 2 months

1
0
0 0

Patch "ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8731-1-fix-csum_partial_copy_from_user-stack-mismatch.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Chunyan Zhang <zhang.lyra(a)gmail.com> Date: Fri, 1 Dec 2017 03:51:04 +0100 Subject: ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch From: Chunyan Zhang <zhang.lyra(a)gmail.com> [ Upstream commit 36b0cb84ee858f02c256d26f0cb4229c78e3399e ] An additional 'ip' will be pushed to the stack, for restoring the DACR later, if CONFIG_CPU_SW_DOMAIN_PAN defined. However, the fixup still get the err_ptr by add #8*4 to sp, which results in the fact that the code area pointed by the LR will be overwritten, or the kernel will crash if CONFIG_DEBUG_RODATA is enabled. This patch fixes the stack mismatch. Fixes: a5e090acbf54 ("ARM: software-based priviledged-no-access support") Signed-off-by: Lvqiang Huang <Lvqiang.Huang(a)spreadtrum.com> Signed-off-by: Chunyan Zhang <zhang.lyra(a)gmail.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/lib/csumpartialcopyuser.S | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm/lib/csumpartialcopyuser.S +++ b/arch/arm/lib/csumpartialcopyuser.S @@ -85,7 +85,11 @@ .pushsection .text.fixup,"ax" .align 4 9001: mov r4, #-EFAULT +#ifdef CONFIG_CPU_SW_DOMAIN_PAN + ldr r5, [sp, #9*4] @ *err_ptr +#else ldr r5, [sp, #8*4] @ *err_ptr +#endif str r4, [r5] ldmia sp, {r1, r2} @ retrieve dst, len add r2, r2, r1 Patches currently in stable-queue which might be from zhang.lyra(a)gmail.com are queue-4.14/arm-8731-1-fix-csum_partial_copy_from_user-stack-mismatch.patch

7 years, 2 months

1
0
0 0

Patch "afs: Fix missing error handling in afs_write_end()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled afs: Fix missing error handling in afs_write_end() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: afs-fix-missing-error-handling-in-afs_write_end.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: David Howells <dhowells(a)redhat.com> Date: Tue, 2 Jan 2018 10:02:19 +0000 Subject: afs: Fix missing error handling in afs_write_end() From: David Howells <dhowells(a)redhat.com> [ Upstream commit afae457d874860a7e299d334f59eede5f3ad4b47 ] afs_write_end() is missing page unlock and put if afs_fill_page() fails. Reported-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/afs/write.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/fs/afs/write.c +++ b/fs/afs/write.c @@ -282,7 +282,7 @@ int afs_write_end(struct file *file, str ret = afs_fill_page(vnode, key, pos + copied, len - copied, page); if (ret < 0) - return ret; + goto out; } SetPageUptodate(page); } @@ -290,10 +290,12 @@ int afs_write_end(struct file *file, str set_page_dirty(page); if (PageDirty(page)) _debug("dirtied"); + ret = copied; + +out: unlock_page(page); put_page(page); - - return copied; + return ret; } /* Patches currently in stable-queue which might be from dhowells(a)redhat.com are queue-4.14/afs-fix-missing-error-handling-in-afs_write_end.patch

7 years, 2 months

1
0
0 0

Patch "xfs: quota: fix missed destroy of qi_tree_lock" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: quota: fix missed destroy of qi_tree_lock to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Date: Thu, 21 Dec 2017 13:18:26 -0800 Subject: xfs: quota: fix missed destroy of qi_tree_lock From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [ Upstream commit 2196881566225f3c3428d1a5f847a992944daa5b ] xfs_qm_destroy_quotainfo() does not destroy quotainfo->qi_tree_lock while destroys quotainfo->qi_quotaofflock. Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_qm.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -701,6 +701,7 @@ xfs_qm_destroy_quotainfo( IRELE(qi->qi_pquotaip); qi->qi_pquotaip = NULL; } + mutex_destroy(&qi->qi_tree_lock); mutex_destroy(&qi->qi_quotaofflock); kmem_free(qi); mp->m_quotainfo = NULL; Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are queue-4.4/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch queue-4.4/xfs-quota-check-result-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "xen-netfront: enable device after manual module load" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: enable device after manual module load to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-enable-device-after-manual-module-load.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Eduardo Otubo <otubo(a)redhat.com> Date: Fri, 5 Jan 2018 09:42:16 +0100 Subject: xen-netfront: enable device after manual module load From: Eduardo Otubo <otubo(a)redhat.com> [ Upstream commit b707fda2df4070785d0fa8a278aa13944c5f51f8 ] When loading the module after unloading it, the network interface would not be enabled and thus wouldn't have a backend counterpart and unable to be used by the guest. The guest would face errors like: [root@guest ~]# ethtool -i eth0 Cannot get driver information: No such device [root@guest ~]# ifconfig eth0 eth0: error fetching interface information: Device not found This patch initializes the state of the netfront device whenever it is loaded manually, this state would communicate the netback to create its device and establish the connection between them. Signed-off-by: Eduardo Otubo <otubo(a)redhat.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1331,6 +1331,7 @@ static struct net_device *xennet_create_ netif_carrier_off(netdev); + xenbus_switch_state(dev, XenbusStateInitialising); return netdev; exit: Patches currently in stable-queue which might be from otubo(a)redhat.com are queue-4.4/xen-netfront-enable-device-after-manual-module-load.patch

7 years, 2 months

1
0
0 0

Patch "xfs: quota: check result of register_shrinker()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: quota: check result of register_shrinker() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-quota-check-result-of-register_shrinker.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Date: Thu, 21 Dec 2017 13:18:26 -0800 Subject: xfs: quota: check result of register_shrinker() From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [ Upstream commit 3a3882ff26fbdbaf5f7e13f6a0bccfbf7121041d ] xfs_qm_init_quotainfo() does not check result of register_shrinker() which was tagged as __must_check recently, reported by sparse. Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [darrick: move xfs_qm_destroy_quotainos nearer xfs_qm_init_quotainos] Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_qm.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -47,7 +47,7 @@ STATIC int xfs_qm_init_quotainos(xfs_mount_t *); STATIC int xfs_qm_init_quotainfo(xfs_mount_t *); - +STATIC void xfs_qm_destroy_quotainos(xfs_quotainfo_t *qi); STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); /* * We use the batch lookup interface to iterate over the dquots as it @@ -660,9 +660,17 @@ xfs_qm_init_quotainfo( qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan; qinf->qi_shrinker.seeks = DEFAULT_SEEKS; qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE; - register_shrinker(&qinf->qi_shrinker); + + error = register_shrinker(&qinf->qi_shrinker); + if (error) + goto out_free_inos; + return 0; +out_free_inos: + mutex_destroy(&qinf->qi_quotaofflock); + mutex_destroy(&qinf->qi_tree_lock); + xfs_qm_destroy_quotainos(qinf); out_free_lru: list_lru_destroy(&qinf->qi_lru); out_free_qinf: @@ -671,7 +679,6 @@ out_free_qinf: return error; } - /* * Gets called when unmounting a filesystem or when all quotas get * turned off. @@ -688,19 +695,7 @@ xfs_qm_destroy_quotainfo( unregister_shrinker(&qi->qi_shrinker); list_lru_destroy(&qi->qi_lru); - - if (qi->qi_uquotaip) { - IRELE(qi->qi_uquotaip); - qi->qi_uquotaip = NULL; /* paranoia */ - } - if (qi->qi_gquotaip) { - IRELE(qi->qi_gquotaip); - qi->qi_gquotaip = NULL; - } - if (qi->qi_pquotaip) { - IRELE(qi->qi_pquotaip); - qi->qi_pquotaip = NULL; - } + xfs_qm_destroy_quotainos(qi); mutex_destroy(&qi->qi_tree_lock); mutex_destroy(&qi->qi_quotaofflock); kmem_free(qi); @@ -1563,6 +1558,24 @@ error_rele: } STATIC void +xfs_qm_destroy_quotainos( + xfs_quotainfo_t *qi) +{ + if (qi->qi_uquotaip) { + IRELE(qi->qi_uquotaip); + qi->qi_uquotaip = NULL; /* paranoia */ + } + if (qi->qi_gquotaip) { + IRELE(qi->qi_gquotaip); + qi->qi_gquotaip = NULL; + } + if (qi->qi_pquotaip) { + IRELE(qi->qi_pquotaip); + qi->qi_pquotaip = NULL; + } +} + +STATIC void xfs_qm_dqfree_one( struct xfs_dquot *dqp) { Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are queue-4.4/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch queue-4.4/xfs-quota-check-result-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "xen/gntdev: Fix partial gntdev_mmap() cleanup" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/gntdev: Fix partial gntdev_mmap() cleanup to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Date: Tue, 9 Jan 2018 12:10:22 +0000 Subject: xen/gntdev: Fix partial gntdev_mmap() cleanup From: Ross Lagerwall <ross.lagerwall(a)citrix.com> [ Upstream commit cf2acf66ad43abb39735568f55e1f85f9844e990 ] When cleaning up after a partially successful gntdev_mmap(), unmap the successfully mapped grant pages otherwise Xen will kill the domain if in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will kill the process and emit "BUG: Bad page map in process" if Xen is in release mode. This is only needed when use_ptemod is true because gntdev_put_map() will unmap grant pages itself when use_ptemod is false. Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/xen/gntdev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -874,8 +874,10 @@ unlock_out: out_unlock_put: mutex_unlock(&priv->lock); out_put_map: - if (use_ptemod) + if (use_ptemod) { map->vma = NULL; + unmap_grant_pages(map, 0, map->count); + } gntdev_put_map(priv, map); return err; } Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are queue-4.4/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-4.4/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch

7 years, 2 months

1
0
0 0

Patch "xen/gntdev: Fix off-by-one error when unmapping with holes" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/gntdev: Fix off-by-one error when unmapping with holes to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Date: Tue, 9 Jan 2018 12:10:21 +0000 Subject: xen/gntdev: Fix off-by-one error when unmapping with holes From: Ross Lagerwall <ross.lagerwall(a)citrix.com> [ Upstream commit 951a010233625b77cde3430b4b8785a9a22968d1 ] If the requested range has a hole, the calculation of the number of pages to unmap is off by one. Fix it. Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/xen/gntdev.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -378,10 +378,8 @@ static int unmap_grant_pages(struct gran } range = 0; while (range < pages) { - if (map->unmap_ops[offset+range].handle == -1) { - range--; + if (map->unmap_ops[offset+range].handle == -1) break; - } range++; } err = __unmap_grant_pages(map, offset, range); Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are queue-4.4/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-4.4/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch

7 years, 2 months

1
0
0 0

Patch "tg3: Add workaround to restrict 5762 MRRS to 2048" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tg3: Add workaround to restrict 5762 MRRS to 2048 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Date: Fri, 22 Dec 2017 16:05:28 +0530 Subject: tg3: Add workaround to restrict 5762 MRRS to 2048 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> [ Upstream commit 4419bb1cedcda0272e1dc410345c5a1d1da0e367 ] One of AMD based server with 5762 hangs with jumbo frame traffic. This AMD platform has southbridge limitation which is restricting MRRS to 4000. As a work around, driver to restricts the MRRS to 2048 for this particular 5762 NX1 card. Signed-off-by: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/tg3.c | 10 ++++++++++ drivers/net/ethernet/broadcom/tg3.h | 4 ++++ 2 files changed, 14 insertions(+) --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c @@ -10051,6 +10051,16 @@ static int tg3_reset_hw(struct tg3 *tp, tw32(GRC_MODE, tp->grc_mode | val); + /* On one of the AMD platform, MRRS is restricted to 4000 because of + * south bridge limitation. As a workaround, Driver is setting MRRS + * to 2048 instead of default 4096. + */ + if (tp->pdev->subsystem_vendor == PCI_VENDOR_ID_DELL && + tp->pdev->subsystem_device == TG3PCI_SUBDEVICE_ID_DELL_5762) { + val = tr32(TG3PCI_DEV_STATUS_CTRL) & ~MAX_READ_REQ_MASK; + tw32(TG3PCI_DEV_STATUS_CTRL, val | MAX_READ_REQ_SIZE_2048); + } + /* Setup the timer prescalar register. Clock is always 66Mhz. */ val = tr32(GRC_MISC_CFG); val &= ~0xff; --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -95,6 +95,7 @@ #define TG3PCI_SUBDEVICE_ID_DELL_JAGUAR 0x0106 #define TG3PCI_SUBDEVICE_ID_DELL_MERLOT 0x0109 #define TG3PCI_SUBDEVICE_ID_DELL_SLIM_MERLOT 0x010a +#define TG3PCI_SUBDEVICE_ID_DELL_5762 0x07f0 #define TG3PCI_SUBVENDOR_ID_COMPAQ PCI_VENDOR_ID_COMPAQ #define TG3PCI_SUBDEVICE_ID_COMPAQ_BANSHEE 0x007c #define TG3PCI_SUBDEVICE_ID_COMPAQ_BANSHEE_2 0x009a @@ -280,6 +281,9 @@ #define TG3PCI_STD_RING_PROD_IDX 0x00000098 /* 64-bit */ #define TG3PCI_RCV_RET_RING_CON_IDX 0x000000a0 /* 64-bit */ /* 0xa8 --> 0xb8 unused */ +#define TG3PCI_DEV_STATUS_CTRL 0x000000b4 +#define MAX_READ_REQ_SIZE_2048 0x00004000 +#define MAX_READ_REQ_MASK 0x00007000 #define TG3PCI_DUAL_MAC_CTRL 0x000000b8 #define DUAL_MAC_CTRL_CH_MASK 0x00000003 #define DUAL_MAC_CTRL_ID 0x00000004 Patches currently in stable-queue which might be from siva.kallam(a)broadcom.com are queue-4.4/tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch queue-4.4/tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch

7 years, 2 months

1
0
0 0

Patch "tg3: Enable PHY reset in MTU change path for 5720" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tg3: Enable PHY reset in MTU change path for 5720 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Date: Fri, 22 Dec 2017 16:05:29 +0530 Subject: tg3: Enable PHY reset in MTU change path for 5720 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> [ Upstream commit e60ee41aaf898584205a6af5c996860d0fe6a836 ] A customer noticed RX path hang when MTU is changed on the fly while running heavy traffic with NCSI enabled for 5717 and 5719. Since 5720 belongs to same ASIC family, we observed same issue and same fix could solve this problem for 5720. Signed-off-by: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/tg3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c @@ -14240,7 +14240,8 @@ static int tg3_change_mtu(struct net_dev */ if (tg3_asic_rev(tp) == ASIC_REV_57766 || tg3_asic_rev(tp) == ASIC_REV_5717 || - tg3_asic_rev(tp) == ASIC_REV_5719) + tg3_asic_rev(tp) == ASIC_REV_5719 || + tg3_asic_rev(tp) == ASIC_REV_5720) reset_phy = true; err = tg3_restart_hw(tp, reset_phy); Patches currently in stable-queue which might be from siva.kallam(a)broadcom.com are queue-4.4/tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch queue-4.4/tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch

7 years, 2 months

1
0
0 0

Patch "spi: atmel: fixed spin_lock usage inside atmel_spi_remove" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: atmel: fixed spin_lock usage inside atmel_spi_remove to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_remove.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Radu Pirea <radu.pirea(a)microchip.com> Date: Fri, 15 Dec 2017 17:40:17 +0200 Subject: spi: atmel: fixed spin_lock usage inside atmel_spi_remove From: Radu Pirea <radu.pirea(a)microchip.com> [ Upstream commit 66e900a3d225575c8b48b59ae1fe74bb6e5a65cc ] The only part of atmel_spi_remove which needs to be atomic is hardware reset. atmel_spi_stop_dma calls dma_terminate_all and this needs interrupts enabled. atmel_spi_release_dma calls dma_release_channel and dma_release_channel locks a mutex inside of spin_lock. So the call of these functions can't be inside a spin_lock. Reported-by: Jia-Ju Bai <baijiaju1990(a)gmail.com> Signed-off-by: Radu Pirea <radu.pirea(a)microchip.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-atmel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/spi/spi-atmel.c +++ b/drivers/spi/spi-atmel.c @@ -1669,12 +1669,12 @@ static int atmel_spi_remove(struct platf pm_runtime_get_sync(&pdev->dev); /* reset the hardware and block queue progress */ - spin_lock_irq(&as->lock); if (as->use_dma) { atmel_spi_stop_dma(as); atmel_spi_release_dma(as); } + spin_lock_irq(&as->lock); spi_writel(as, CR, SPI_BIT(SWRST)); spi_writel(as, CR, SPI_BIT(SWRST)); /* AT91SAM9263 Rev B workaround */ spi_readl(as, SR); Patches currently in stable-queue which might be from radu.pirea(a)microchip.com are queue-4.4/spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_remove.patch

7 years, 2 months

1
0
0 0

Patch "SolutionEngine771x: fix Ether platform data" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled SolutionEngine771x: fix Ether platform data to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: solutionengine771x-fix-ether-platform-data.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> Date: Sat, 6 Jan 2018 21:53:26 +0300 Subject: SolutionEngine771x: fix Ether platform data From: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [ Upstream commit 195e2addbce09e5afbc766efc1e6567c9ce840d3 ] The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct sh_eth_plat_data *'; pass the latter to the driver in order to fix the bug... Fixes: 71557a37adb5 ("[netdrvr] sh_eth: Add SH7619 support") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/sh/boards/mach-se/770x/setup.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/arch/sh/boards/mach-se/770x/setup.c +++ b/arch/sh/boards/mach-se/770x/setup.c @@ -8,6 +8,7 @@ */ #include <linux/init.h> #include <linux/platform_device.h> +#include <linux/sh_eth.h> #include <mach-se/mach/se.h> #include <mach-se/mach/mrshpc.h> #include <asm/machvec.h> @@ -114,6 +115,11 @@ static struct platform_device heartbeat_ #if defined(CONFIG_CPU_SUBTYPE_SH7710) ||\ defined(CONFIG_CPU_SUBTYPE_SH7712) /* SH771X Ethernet driver */ +static struct sh_eth_plat_data sh_eth_plat = { + .phy = PHY_ID, + .phy_interface = PHY_INTERFACE_MODE_MII, +}; + static struct resource sh_eth0_resources[] = { [0] = { .start = SH_ETH0_BASE, @@ -131,7 +137,7 @@ static struct platform_device sh_eth0_de .name = "sh771x-ether", .id = 0, .dev = { - .platform_data = PHY_ID, + .platform_data = &sh_eth_plat, }, .num_resources = ARRAY_SIZE(sh_eth0_resources), .resource = sh_eth0_resources, @@ -154,7 +160,7 @@ static struct platform_device sh_eth1_de .name = "sh771x-ether", .id = 1, .dev = { - .platform_data = PHY_ID, + .platform_data = &sh_eth_plat, }, .num_resources = ARRAY_SIZE(sh_eth1_resources), .resource = sh_eth1_resources, Patches currently in stable-queue which might be from sergei.shtylyov(a)cogentembedded.com are queue-4.4/solutionengine771x-fix-ether-platform-data.patch

7 years, 2 months

1
0
0 0

Patch "sget(): handle failures of register_shrinker()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sget(): handle failures of register_shrinker() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sget-handle-failures-of-register_shrinker.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Al Viro <viro(a)zeniv.linux.org.uk> Date: Mon, 18 Dec 2017 15:05:07 -0500 Subject: sget(): handle failures of register_shrinker() From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit 9ee332d99e4d5a97548943b81c54668450ce641b ] Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/super.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/fs/super.c +++ b/fs/super.c @@ -497,7 +497,11 @@ retry: hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - register_shrinker(&s->s_shrink); + err = register_shrinker(&s->s_shrink); + if (err) { + deactivate_locked_super(s); + s = ERR_PTR(err); + } return s; } Patches currently in stable-queue which might be from viro(a)zeniv.linux.org.uk are queue-4.4/sget-handle-failures-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-storvsc-fix-scsi_cmd-error-assignments-in-storvsc_handle_error.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Cathy Avery <cavery(a)redhat.com> Date: Tue, 19 Dec 2017 13:32:48 -0500 Subject: scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error From: Cathy Avery <cavery(a)redhat.com> [ Upstream commit d1b8b2391c24751e44f618fcf86fb55d9a9247fd ] When an I/O is returned with an srb_status of SRB_STATUS_INVALID_LUN which has zero good_bytes it must be assigned an error. Otherwise the I/O will be continuously requeued and will cause a deadlock in the case where disks are being hot added and removed. sd_probe_async will wait forever for its I/O to complete while holding scsi_sd_probe_domain. Also returning the default error of DID_TARGET_FAILURE causes multipath to not retry the I/O resulting in applications receiving I/O errors before a failover can occur. Signed-off-by: Cathy Avery <cavery(a)redhat.com> Signed-off-by: Long Li <longli(a)microsoft.com> Reviewed-by: Stephen Hemminger <stephen(a)networkplumber.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/storvsc_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -890,10 +890,11 @@ static void storvsc_handle_error(struct case TEST_UNIT_READY: break; default: - set_host_byte(scmnd, DID_TARGET_FAILURE); + set_host_byte(scmnd, DID_ERROR); } break; case SRB_STATUS_INVALID_LUN: + set_host_byte(scmnd, DID_NO_CONNECT); do_work = true; process_err_fn = storvsc_remove_lun; break; Patches currently in stable-queue which might be from cavery(a)redhat.com are queue-4.4/scsi-storvsc-fix-scsi_cmd-error-assignments-in-storvsc_handle_error.patch

7 years, 2 months

1
0
0 0

Patch "sctp: make use of pre-calculated len" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: make use of pre-calculated len to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-make-use-of-pre-calculated-len.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Date: Mon, 8 Jan 2018 19:02:29 -0200 Subject: sctp: make use of pre-calculated len From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> [ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ] Some sockopt handling functions were calculating the length of the buffer to be written to userspace and then calculating it again when actually writing the buffer, which could lead to some write not using an up-to-date length. This patch updates such places to just make use of the len variable. Also, replace some sizeof(type) to sizeof(var). Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4445,7 +4445,7 @@ static int sctp_getsockopt_autoclose(str len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; - if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) + if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len)) return -EFAULT; return 0; } @@ -5022,6 +5022,9 @@ copy_getaddrs: err = -EFAULT; goto out; } + /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too, + * but we can't change it anymore. + */ if (put_user(bytes_copied, optlen)) err = -EFAULT; out: @@ -5458,7 +5461,7 @@ static int sctp_getsockopt_maxseg(struct params.assoc_id = 0; } else if (len >= sizeof(struct sctp_assoc_value)) { len = sizeof(struct sctp_assoc_value); - if (copy_from_user(&params, optval, sizeof(params))) + if (copy_from_user(&params, optval, len)) return -EFAULT; } else return -EINVAL; @@ -5627,7 +5630,9 @@ static int sctp_getsockopt_active_key(st if (len < sizeof(struct sctp_authkeyid)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) + + len = sizeof(struct sctp_authkeyid); + if (copy_from_user(&val, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, val.scact_assoc_id); @@ -5639,7 +5644,6 @@ static int sctp_getsockopt_active_key(st else val.scact_keynumber = ep->active_key_id; - len = sizeof(struct sctp_authkeyid); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) @@ -5665,7 +5669,7 @@ static int sctp_getsockopt_peer_auth_chu if (len < sizeof(struct sctp_authchunks)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) + if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; to = p->gauth_chunks; @@ -5710,7 +5714,7 @@ static int sctp_getsockopt_local_auth_ch if (len < sizeof(struct sctp_authchunks)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) + if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; to = p->gauth_chunks; Patches currently in stable-queue which might be from marcelo.leitner(a)gmail.com are queue-4.4/sctp-make-use-of-pre-calculated-len.patch

7 years, 2 months

1
0
0 0

Patch "s390/dasd: fix wrongly assigned configuration data" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/dasd: fix wrongly assigned configuration data to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-dasd-fix-wrongly-assigned-configuration-data.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Stefan Haberland <sth(a)linux.vnet.ibm.com> Date: Wed, 6 Dec 2017 10:30:39 +0100 Subject: s390/dasd: fix wrongly assigned configuration data From: Stefan Haberland <sth(a)linux.vnet.ibm.com> [ Upstream commit 8a9bd4f8ebc6800bfc0596e28631ff6809a2f615 ] We store per path and per device configuration data to identify the path or device correctly. The per path configuration data might get mixed up if the original request gets into error recovery and is started with a random path mask. This would lead to a wrong identification of a path in case of a CUIR event for example. Fix by copying the path mask from the original request to the error recovery request in case it is a path verification request. Signed-off-by: Stefan Haberland <sth(a)linux.vnet.ibm.com> Reviewed-by: Jan Hoeppner <hoeppner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/block/dasd_3990_erp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/drivers/s390/block/dasd_3990_erp.c +++ b/drivers/s390/block/dasd_3990_erp.c @@ -2743,6 +2743,16 @@ dasd_3990_erp_action(struct dasd_ccw_req erp = dasd_3990_erp_handle_match_erp(cqr, erp); } + + /* + * For path verification work we need to stick with the path that was + * originally chosen so that the per path configuration data is + * assigned correctly. + */ + if (test_bit(DASD_CQR_VERIFY_PATH, &erp->flags) && cqr->lpm) { + erp->lpm = cqr->lpm; + } + if (device->features & DASD_FEATURE_ERPLOG) { /* print current erp_chain */ dev_err(&device->cdev->dev, Patches currently in stable-queue which might be from sth(a)linux.vnet.ibm.com are queue-4.4/s390-dasd-fix-wrongly-assigned-configuration-data.patch

7 years, 2 months

1
0
0 0

Patch "net: arc_emac: fix arc_emac_rx() error paths" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: arc_emac: fix arc_emac_rx() error paths to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-arc_emac-fix-arc_emac_rx-error-paths.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Alexander Kochetkov <al.kochet(a)gmail.com> Date: Fri, 15 Dec 2017 20:20:06 +0300 Subject: net: arc_emac: fix arc_emac_rx() error paths From: Alexander Kochetkov <al.kochet(a)gmail.com> [ Upstream commit e688822d035b494071ecbadcccbd6f3325fb0f59 ] arc_emac_rx() has some issues found by code review. In case netdev_alloc_skb_ip_align() or dma_map_single() failure rx fifo entry will not be returned to EMAC. In case dma_map_single() failure previously allocated skb became lost to driver. At the same time address of newly allocated skb will not be provided to EMAC. Signed-off-by: Alexander Kochetkov <al.kochet(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/arc/emac_main.c | 53 ++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 22 deletions(-) --- a/drivers/net/ethernet/arc/emac_main.c +++ b/drivers/net/ethernet/arc/emac_main.c @@ -250,39 +250,48 @@ static int arc_emac_rx(struct net_device continue; } - pktlen = info & LEN_MASK; - stats->rx_packets++; - stats->rx_bytes += pktlen; - skb = rx_buff->skb; - skb_put(skb, pktlen); - skb->dev = ndev; - skb->protocol = eth_type_trans(skb, ndev); - - dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr), - dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE); - - /* Prepare the BD for next cycle */ - rx_buff->skb = netdev_alloc_skb_ip_align(ndev, - EMAC_BUFFER_SIZE); - if (unlikely(!rx_buff->skb)) { + /* Prepare the BD for next cycle. netif_receive_skb() + * only if new skb was allocated and mapped to avoid holes + * in the RX fifo. + */ + skb = netdev_alloc_skb_ip_align(ndev, EMAC_BUFFER_SIZE); + if (unlikely(!skb)) { + if (net_ratelimit()) + netdev_err(ndev, "cannot allocate skb\n"); + /* Return ownership to EMAC */ + rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE); stats->rx_errors++; - /* Because receive_skb is below, increment rx_dropped */ stats->rx_dropped++; continue; } - /* receive_skb only if new skb was allocated to avoid holes */ - netif_receive_skb(skb); - - addr = dma_map_single(&ndev->dev, (void *)rx_buff->skb->data, + addr = dma_map_single(&ndev->dev, (void *)skb->data, EMAC_BUFFER_SIZE, DMA_FROM_DEVICE); if (dma_mapping_error(&ndev->dev, addr)) { if (net_ratelimit()) - netdev_err(ndev, "cannot dma map\n"); - dev_kfree_skb(rx_buff->skb); + netdev_err(ndev, "cannot map dma buffer\n"); + dev_kfree_skb(skb); + /* Return ownership to EMAC */ + rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE); stats->rx_errors++; + stats->rx_dropped++; continue; } + + /* unmap previosly mapped skb */ + dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr), + dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE); + + pktlen = info & LEN_MASK; + stats->rx_packets++; + stats->rx_bytes += pktlen; + skb_put(rx_buff->skb, pktlen); + rx_buff->skb->dev = ndev; + rx_buff->skb->protocol = eth_type_trans(rx_buff->skb, ndev); + + netif_receive_skb(rx_buff->skb); + + rx_buff->skb = skb; dma_unmap_addr_set(rx_buff, addr, addr); dma_unmap_len_set(rx_buff, len, EMAC_BUFFER_SIZE); Patches currently in stable-queue which might be from al.kochet(a)gmail.com are queue-4.4/net-arc_emac-fix-arc_emac_rx-error-paths.patch

7 years, 2 months

1
0
0 0

Patch "net: gianfar_ptp: move set_fipers() to spinlock protecting area" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: gianfar_ptp: move set_fipers() to spinlock protecting area to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-gianfar_ptp-move-set_fipers-to-spinlock-protecting-area.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Yangbo Lu <yangbo.lu(a)nxp.com> Date: Tue, 9 Jan 2018 11:02:33 +0800 Subject: net: gianfar_ptp: move set_fipers() to spinlock protecting area From: Yangbo Lu <yangbo.lu(a)nxp.com> [ Upstream commit 11d827a993a969c3c6ec56758ff63a44ba19b466 ] set_fipers() calling should be protected by spinlock in case that any interrupt breaks related registers setting and the function we expect. This patch is to move set_fipers() to spinlock protecting area in ptp_gianfar_adjtime(). Signed-off-by: Yangbo Lu <yangbo.lu(a)nxp.com> Acked-by: Richard Cochran <richardcochran(a)gmail.com> Reviewed-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/gianfar_ptp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/ethernet/freescale/gianfar_ptp.c +++ b/drivers/net/ethernet/freescale/gianfar_ptp.c @@ -314,11 +314,10 @@ static int ptp_gianfar_adjtime(struct pt now = tmr_cnt_read(etsects); now += delta; tmr_cnt_write(etsects, now); + set_fipers(etsects); spin_unlock_irqrestore(&etsects->lock, flags); - set_fipers(etsects); - return 0; } Patches currently in stable-queue which might be from yangbo.lu(a)nxp.com are queue-4.4/net-gianfar_ptp-move-set_fipers-to-spinlock-protecting-area.patch

7 years, 2 months

1
0
0 0

Patch "mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-gpmi-fix-failure-when-a-erased-page-has-a-bitflip-at-bbm.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Sascha Hauer <s.hauer(a)pengutronix.de> Date: Tue, 5 Dec 2017 11:51:40 +0100 Subject: mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM From: Sascha Hauer <s.hauer(a)pengutronix.de> [ Upstream commit fdf2e821052958a114618a95ab18a300d0b080cb ] When erased subpages are read then the BCH decoder returns STATUS_ERASED if they are all empty, or STATUS_UNCORRECTABLE if there are bitflips. When there are bitflips, we have to set these bits again to show the upper layers a completely erased page. When a bitflip happens in the exact byte where the bad block marker is, then this byte is swapped with another byte in block_mark_swapping(). The correction code then detects a bitflip in another subpage and no longer corrects the bitflip where it really happens. Correct this behaviour by calling block_mark_swapping() after the bitflips have been corrected. In our case UBIFS failed with this bug because it expects erased pages to be really empty: UBIFS error (pid 187): ubifs_scan: corrupt empty space at LEB 36:118735 UBIFS error (pid 187): ubifs_scanned_corruption: corruption at LEB 36:118735 UBIFS error (pid 187): ubifs_scanned_corruption: first 8192 bytes from LEB 36:118735 UBIFS error (pid 187): ubifs_scan: LEB 36 scanning failed UBIFS error (pid 187): do_commit: commit failed, error -117 Signed-off-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Richard Weinberger <richard(a)nod.at> Acked-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1029,9 +1029,6 @@ static int gpmi_ecc_read_page(struct mtd return ret; } - /* handle the block mark swapping */ - block_mark_swapping(this, payload_virt, auxiliary_virt); - /* Loop over status bytes, accumulating ECC status. */ status = auxiliary_virt + nfc_geo->auxiliary_status_offset; @@ -1047,6 +1044,9 @@ static int gpmi_ecc_read_page(struct mtd max_bitflips = max_t(unsigned int, max_bitflips, *status); } + /* handle the block mark swapping */ + block_mark_swapping(this, buf, auxiliary_virt); + if (oob_required) { /* * It's time to deliver the OOB bytes. See gpmi_ecc_read_oob() Patches currently in stable-queue which might be from s.hauer(a)pengutronix.de are queue-4.4/mtd-nand-gpmi-fix-failure-when-a-erased-page-has-a-bitflip-at-bbm.patch

7 years, 2 months

1
0
0 0

Patch "mac80211: mesh: drop frames appearing to be from us" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211: mesh: drop frames appearing to be from us to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211-mesh-drop-frames-appearing-to-be-from-us.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Johannes Berg <johannes.berg(a)intel.com> Date: Thu, 4 Jan 2018 15:51:53 +0100 Subject: mac80211: mesh: drop frames appearing to be from us From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 736a80bbfda709fb3631f5f62056f250a38e5804 ] If there are multiple mesh stations with the same MAC address, they will both get confused and start throwing warnings. Obviously in this case nothing can actually work anyway, so just drop frames that look like they're from ourselves early on. Reported-by: Gui Iribarren <gui(a)altermundi.net> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/mac80211/rx.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -3367,6 +3367,8 @@ static bool ieee80211_accept_frame(struc } return true; case NL80211_IFTYPE_MESH_POINT: + if (ether_addr_equal(sdata->vif.addr, hdr->addr2)) + return false; if (multicast) return true; return ether_addr_equal(sdata->vif.addr, hdr->addr1); Patches currently in stable-queue which might be from johannes.berg(a)intel.com are queue-4.4/mac80211-mesh-drop-frames-appearing-to-be-from-us.patch

7 years, 2 months

1
0
0 0

Patch "mdio-sun4i: Fix a memory leak" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mdio-sun4i: Fix a memory leak to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mdio-sun4i-fix-a-memory-leak.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sat, 6 Jan 2018 09:00:09 +0100 Subject: mdio-sun4i: Fix a memory leak From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 56c0290202ab94a2f2780c449395d4ae8495fab4 ] If the probing of the regulator is deferred, the memory allocated by 'mdiobus_alloc_size()' will be leaking. It should be freed before the next call to 'sun4i_mdio_probe()' which will reallocate it. Fixes: 4bdcb1dd9feb ("net: Add MDIO bus driver for the Allwinner EMAC") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/phy/mdio-sun4i.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/phy/mdio-sun4i.c +++ b/drivers/net/phy/mdio-sun4i.c @@ -128,8 +128,10 @@ static int sun4i_mdio_probe(struct platf data->regulator = devm_regulator_get(&pdev->dev, "phy"); if (IS_ERR(data->regulator)) { - if (PTR_ERR(data->regulator) == -EPROBE_DEFER) - return -EPROBE_DEFER; + if (PTR_ERR(data->regulator) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto err_out_free_mdiobus; + } dev_info(&pdev->dev, "no regulator found\n"); } else { Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-4.4/mdio-sun4i-fix-a-memory-leak.patch

7 years, 2 months

1
0
0 0

Patch "lib/mpi: Fix umul_ppmm() for MIPS64r6" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled lib/mpi: Fix umul_ppmm() for MIPS64r6 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: lib-mpi-fix-umul_ppmm-for-mips64r6.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: James Hogan <jhogan(a)kernel.org> Date: Tue, 5 Dec 2017 23:31:35 +0000 Subject: lib/mpi: Fix umul_ppmm() for MIPS64r6 From: James Hogan <jhogan(a)kernel.org> [ Upstream commit bbc25bee37d2b32cf3a1fab9195b6da3a185614a ] Current MIPS64r6 toolchains aren't able to generate efficient DMULU/DMUHU based code for the C implementation of umul_ppmm(), which performs an unsigned 64 x 64 bit multiply and returns the upper and lower 64-bit halves of the 128-bit result. Instead it widens the 64-bit inputs to 128-bits and emits a __multi3 intrinsic call to perform a 128 x 128 multiply. This is both inefficient, and it results in a link error since we don't include __multi3 in MIPS linux. For example commit 90a53e4432b1 ("cfg80211: implement regdb signature checking") merged in v4.15-rc1 recently broke the 64r6_defconfig and 64r6el_defconfig builds by indirectly selecting MPILIB. The same build errors can be reproduced on older kernels by enabling e.g. CRYPTO_RSA: lib/mpi/generic_mpih-mul1.o: In function `mpihelp_mul_1': lib/mpi/generic_mpih-mul1.c:50: undefined reference to `__multi3' lib/mpi/generic_mpih-mul2.o: In function `mpihelp_addmul_1': lib/mpi/generic_mpih-mul2.c:49: undefined reference to `__multi3' lib/mpi/generic_mpih-mul3.o: In function `mpihelp_submul_1': lib/mpi/generic_mpih-mul3.c:49: undefined reference to `__multi3' lib/mpi/mpih-div.o In function `mpihelp_divrem': lib/mpi/mpih-div.c:205: undefined reference to `__multi3' lib/mpi/mpih-div.c:142: undefined reference to `__multi3' Therefore add an efficient MIPS64r6 implementation of umul_ppmm() using inline assembly and the DMULU/DMUHU instructions, to prevent __multi3 calls being emitted. Fixes: 7fd08ca58ae6 ("MIPS: Add build support for the MIPS R6 ISA") Signed-off-by: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: linux-mips(a)linux-mips.org Cc: linux-crypto(a)vger.kernel.org Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- lib/mpi/longlong.h | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) --- a/lib/mpi/longlong.h +++ b/lib/mpi/longlong.h @@ -671,7 +671,23 @@ do { \ ************** MIPS/64 ************** ***************************************/ #if (defined(__mips) && __mips >= 3) && W_TYPE_SIZE == 64 -#if (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4) +#if defined(__mips_isa_rev) && __mips_isa_rev >= 6 +/* + * GCC ends up emitting a __multi3 intrinsic call for MIPS64r6 with the plain C + * code below, so we special case MIPS64r6 until the compiler can do better. + */ +#define umul_ppmm(w1, w0, u, v) \ +do { \ + __asm__ ("dmulu %0,%1,%2" \ + : "=d" ((UDItype)(w0)) \ + : "d" ((UDItype)(u)), \ + "d" ((UDItype)(v))); \ + __asm__ ("dmuhu %0,%1,%2" \ + : "=d" ((UDItype)(w1)) \ + : "d" ((UDItype)(u)), \ + "d" ((UDItype)(v))); \ +} while (0) +#elif (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4) #define umul_ppmm(w1, w0, u, v) \ do { \ typedef unsigned int __ll_UTItype __attribute__((mode(TI))); \ Patches currently in stable-queue which might be from jhogan(a)kernel.org are queue-4.4/lib-mpi-fix-umul_ppmm-for-mips64r6.patch

7 years, 2 months

1
0
0 0

Patch "ipv6: icmp6: Allow icmp messages to be looped back" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: icmp6: Allow icmp messages to be looped back to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-icmp6-allow-icmp-messages-to-be-looped-back.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Brendan McGrath <redmcg(a)redmandi.dyndns.org> Date: Wed, 13 Dec 2017 22:14:57 +1100 Subject: ipv6: icmp6: Allow icmp messages to be looped back From: Brendan McGrath <redmcg(a)redmandi.dyndns.org> [ Upstream commit 588753f1eb18978512b1c9b85fddb457d46f9033 ] One example of when an ICMPv6 packet is required to be looped back is when a host acts as both a Multicast Listener and a Multicast Router. A Multicast Router will listen on address ff02::16 for MLDv2 messages. Currently, MLDv2 messages originating from a Multicast Listener running on the same host as the Multicast Router are not being delivered to the Multicast Router. This is due to dst.input being assigned the default value of dst_discard. This results in the packet being looped back but discarded before being delivered to the Multicast Router. This patch sets dst.input to ip6_input to ensure a looped back packet is delivered to the Multicast Router. Signed-off-by: Brendan McGrath <redmcg(a)redmandi.dyndns.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/route.c | 1 + 1 file changed, 1 insertion(+) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -1614,6 +1614,7 @@ struct dst_entry *icmp6_dst_alloc(struct } rt->dst.flags |= DST_HOST; + rt->dst.input = ip6_input; rt->dst.output = ip6_output; atomic_set(&rt->dst.__refcnt, 1); rt->rt6i_gateway = fl6->daddr; Patches currently in stable-queue which might be from redmcg(a)redmandi.dyndns.org are queue-4.4/ipv6-icmp6-allow-icmp-messages-to-be-looped-back.patch

7 years, 2 months

1
0
0 0

Patch "led: core: Fix brightness setting when setting delay_off=0" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled led: core: Fix brightness setting when setting delay_off=0 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: led-core-fix-brightness-setting-when-setting-delay_off-0.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Matthieu CASTET <matthieu.castet(a)parrot.com> Date: Tue, 12 Dec 2017 11:10:44 +0100 Subject: led: core: Fix brightness setting when setting delay_off=0 From: Matthieu CASTET <matthieu.castet(a)parrot.com> [ Upstream commit 2b83ff96f51d0b039c4561b9f95c824d7bddb85c ] With the current code, the following sequence won't work : echo timer > trigger echo 0 > delay_off * at this point we call ** led_delay_off_store ** led_blink_set --- drivers/leds/led-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/leds/led-core.c +++ b/drivers/leds/led-core.c @@ -149,7 +149,7 @@ void led_blink_set(struct led_classdev * unsigned long *delay_on, unsigned long *delay_off) { - del_timer_sync(&led_cdev->blink_timer); + led_stop_software_blink(led_cdev); led_cdev->flags &= ~LED_BLINK_ONESHOT; led_cdev->flags &= ~LED_BLINK_ONESHOT_STOP; Patches currently in stable-queue which might be from matthieu.castet(a)parrot.com are queue-4.4/led-core-fix-brightness-setting-when-setting-delay_off-0.patch

7 years, 2 months

1
0
0 0

Patch "IB/mlx4: Fix mlx4_ib_alloc_mr error flow" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/mlx4: Fix mlx4_ib_alloc_mr error flow to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-mlx4-fix-mlx4_ib_alloc_mr-error-flow.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Leon Romanovsky <leonro(a)mellanox.com> Date: Sun, 31 Dec 2017 15:33:14 +0200 Subject: IB/mlx4: Fix mlx4_ib_alloc_mr error flow From: Leon Romanovsky <leonro(a)mellanox.com> [ Upstream commit 5a371cf87e145b86efd32007e46146e78c1eff6d ] ibmr.device is being set only after ib_alloc_mr() is successfully complete. Therefore, in case imlx4_mr_enable() returns with error, the error flow unwinder calls to mlx4_free_priv_pages(), which uses ibmr.device. Such usage causes to NULL dereference oops and to fix it, the IB device should be set in the mr struct earlier stage (e.g. prior to calling mlx4_free_priv_pages()). Fixes: 1b2cd0fc673c ("IB/mlx4: Support the new memory registration API") Signed-off-by: Nitzan Carmi <nitzanc(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/hw/mlx4/mr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/infiniband/hw/mlx4/mr.c +++ b/drivers/infiniband/hw/mlx4/mr.c @@ -424,7 +424,6 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib goto err_free_mr; mr->max_pages = max_num_sg; - err = mlx4_mr_enable(dev->dev, &mr->mmr); if (err) goto err_free_pl; @@ -435,6 +434,7 @@ struct ib_mr *mlx4_ib_alloc_mr(struct ib return &mr->ibmr; err_free_pl: + mr->ibmr.device = pd->device; mlx4_free_priv_pages(mr); err_free_mr: (void) mlx4_mr_free(dev->dev, &mr->mmr); Patches currently in stable-queue which might be from leonro(a)mellanox.com are queue-4.4/ib-mlx4-fix-mlx4_ib_alloc_mr-error-flow.patch

7 years, 2 months

1
0
0 0

Patch "IB/ipoib: Fix race condition in neigh creation" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/ipoib: Fix race condition in neigh creation to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-ipoib-fix-race-condition-in-neigh-creation.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Erez Shitrit <erezsh(a)mellanox.com> Date: Sun, 31 Dec 2017 15:33:15 +0200 Subject: IB/ipoib: Fix race condition in neigh creation From: Erez Shitrit <erezsh(a)mellanox.com> [ Upstream commit 16ba3defb8bd01a9464ba4820a487f5b196b455b ] When using enhanced mode for IPoIB, two threads may execute xmit in parallel to two different TX queues while the target is the same. In this case, both of them will add the same neighbor to the path's neigh link list and we might see the following message: list_add double add: new=ffff88024767a348, prev=ffff88024767a348... WARNING: lib/list_debug.c:31__list_add_valid+0x4e/0x70 ipoib_start_xmit+0x477/0x680 [ib_ipoib] dev_hard_start_xmit+0xb9/0x3e0 sch_direct_xmit+0xf9/0x250 __qdisc_run+0x176/0x5d0 __dev_queue_xmit+0x1f5/0xb10 __dev_queue_xmit+0x55/0xb10 Analysis: Two SKB are scheduled to be transmitted from two cores. In ipoib_start_xmit, both gets NULL when calling ipoib_neigh_get. Two calls to neigh_add_path are made. One thread takes the spin-lock and calls ipoib_neigh_alloc which creates the neigh structure, then (after the __path_find) the neigh is added to the path's neigh link list. When the second thread enters the critical section it also calls ipoib_neigh_alloc but in this case it gets the already allocated ipoib_neigh structure, which is already linked to the path's neigh link list and adds it again to the list. Which beside of triggering the list, it creates a loop in the linked list. This loop leads to endless loop inside path_rec_completion. Solution: Check list_empty(&neigh->list) before adding to the list. Add a similar fix in "ipoib_multicast.c::ipoib_mcast_send" Fixes: b63b70d87741 ('IPoIB: Use a private hash table for path lookup in xmit path') Signed-off-by: Erez Shitrit <erezsh(a)mellanox.com> Reviewed-by: Alex Vesker <valex(a)mellanox.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 25 ++++++++++++++++++------- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 5 ++++- 2 files changed, 22 insertions(+), 8 deletions(-) --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -844,8 +844,8 @@ static int path_rec_start(struct net_dev return 0; } -static void neigh_add_path(struct sk_buff *skb, u8 *daddr, - struct net_device *dev) +static struct ipoib_neigh *neigh_add_path(struct sk_buff *skb, u8 *daddr, + struct net_device *dev) { struct ipoib_dev_priv *priv = netdev_priv(dev); struct ipoib_path *path; @@ -858,7 +858,15 @@ static void neigh_add_path(struct sk_buf spin_unlock_irqrestore(&priv->lock, flags); ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); - return; + return NULL; + } + + /* To avoid race condition, make sure that the + * neigh will be added only once. + */ + if (unlikely(!list_empty(&neigh->list))) { + spin_unlock_irqrestore(&priv->lock, flags); + return neigh; } path = __path_find(dev, daddr + 4); @@ -896,7 +904,7 @@ static void neigh_add_path(struct sk_buf spin_unlock_irqrestore(&priv->lock, flags); ipoib_send(dev, skb, path->ah, IPOIB_QPN(daddr)); ipoib_neigh_put(neigh); - return; + return NULL; } } else { neigh->ah = NULL; @@ -913,7 +921,7 @@ static void neigh_add_path(struct sk_buf spin_unlock_irqrestore(&priv->lock, flags); ipoib_neigh_put(neigh); - return; + return NULL; err_path: ipoib_neigh_free(neigh); @@ -923,6 +931,8 @@ err_drop: spin_unlock_irqrestore(&priv->lock, flags); ipoib_neigh_put(neigh); + + return NULL; } static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, @@ -1028,8 +1038,9 @@ static int ipoib_start_xmit(struct sk_bu case htons(ETH_P_TIPC): neigh = ipoib_neigh_get(dev, phdr->hwaddr); if (unlikely(!neigh)) { - neigh_add_path(skb, phdr->hwaddr, dev); - return NETDEV_TX_OK; + neigh = neigh_add_path(skb, phdr->hwaddr, dev); + if (likely(!neigh)) + return NETDEV_TX_OK; } break; case htons(ETH_P_ARP): --- a/drivers/infiniband/ulp/ipoib/ipoib_multicast.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_multicast.c @@ -775,7 +775,10 @@ void ipoib_mcast_send(struct net_device spin_lock_irqsave(&priv->lock, flags); if (!neigh) { neigh = ipoib_neigh_alloc(daddr, dev); - if (neigh) { + /* Make sure that the neigh will be added only + * once to mcast list. + */ + if (neigh && list_empty(&neigh->list)) { kref_get(&mcast->ah->ref); neigh->ah = mcast->ah; list_add_tail(&neigh->list, &mcast->neigh_list); Patches currently in stable-queue which might be from erezsh(a)mellanox.com are queue-4.4/ib-ipoib-fix-race-condition-in-neigh-creation.patch

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit f0feeec9c246f6518e168daec66d92a4a6bf0965: Linux 4.4.115 (2018-02-03 17:04:31 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-23022018 for you to fetch changes up to fe97cb78dea3e4e268b48c130b34a700291b03a6: net: gianfar_ptp: move set_fipers() to spinlock protecting area (2018-02-03 12:55:15 -0500) - ---------------------------------------------------------------- for-greg-4.4-23022018 - ---------------------------------------------------------------- Al Viro (1): sget(): handle failures of register_shrinker() Alexander Kochetkov (1): net: arc_emac: fix arc_emac_rx() error paths Aliaksei Karaliou (2): xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() Arnd Bergmann (1): ARM: dts: ls1021a: fix incorrect clock references Brendan McGrath (1): ipv6: icmp6: Allow icmp messages to be looped back Cathy Avery (1): scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error Christophe JAILLET (1): mdio-sun4i: Fix a memory leak Chunyan Zhang (1): ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch Eduardo Otubo (1): xen-netfront: enable device after manual module load Erez Shitrit (1): IB/ipoib: Fix race condition in neigh creation Guilherme G. Piccoli (1): bnx2x: Improve reliability in case of nested PCI errors James Hogan (1): lib/mpi: Fix umul_ppmm() for MIPS64r6 Johannes Berg (1): mac80211: mesh: drop frames appearing to be from us Karol Herbst (1): drm/nouveau/pci: do a msi rearm on init Leon Romanovsky (1): IB/mlx4: Fix mlx4_ib_alloc_mr error flow Luu An Phu (1): can: flex_can: Correct the checking for frame length in flexcan_start_xmit() Marcelo Ricardo Leitner (1): sctp: make use of pre-calculated len Matthieu CASTET (1): led: core: Fix brightness setting when setting delay_off=0 Radu Pirea (1): spi: atmel: fixed spin_lock usage inside atmel_spi_remove Ross Lagerwall (2): xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup Sascha Hauer (1): mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM Sergei Shtylyov (1): SolutionEngine771x: fix Ether platform data Siva Reddy Kallam (2): tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 Stefan Haberland (1): s390/dasd: fix wrongly assigned configuration data Tetsuo Handa (1): mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. Tushar Dave (1): e1000: fix disabling already-disabled warning Venkat Duvvuru (1): bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. Xiongwei Song (1): drm/ttm: check the return value of kzalloc Yangbo Lu (1): net: gianfar_ptp: move set_fipers() to spinlock protecting area arch/arm/boot/dts/ls1021a-qds.dts | 2 +- arch/arm/boot/dts/ls1021a-twr.dts | 2 +- arch/arm/lib/csumpartialcopyuser.S | 4 ++ arch/sh/boards/mach-se/770x/setup.c | 10 ++++- drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c | 7 ++++ drivers/gpu/drm/ttm/ttm_page_alloc.c | 2 + drivers/infiniband/hw/mlx4/mr.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 25 +++++++---- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 5 ++- drivers/leds/led-core.c | 2 +- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +-- drivers/net/can/flexcan.c | 2 +- drivers/net/ethernet/arc/emac_main.c | 53 ++++++++++++++---------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 14 ++++++- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 2 +- drivers/net/ethernet/broadcom/tg3.c | 13 +++++- drivers/net/ethernet/broadcom/tg3.h | 4 ++ drivers/net/ethernet/freescale/gianfar_ptp.c | 3 +- drivers/net/ethernet/intel/e1000/e1000.h | 3 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 27 +++++++++--- drivers/net/phy/mdio-sun4i.c | 6 ++- drivers/net/xen-netfront.c | 1 + drivers/s390/block/dasd_3990_erp.c | 10 +++++ drivers/scsi/storvsc_drv.c | 3 +- drivers/spi/spi-atmel.c | 2 +- drivers/xen/gntdev.c | 8 ++-- fs/super.c | 6 ++- fs/xfs/xfs_qm.c | 46 +++++++++++++------- lib/mpi/longlong.h | 18 +++++++- mm/vmscan.c | 3 ++ net/ipv6/route.c | 1 + net/mac80211/rx.c | 2 + net/sctp/socket.c | 16 ++++--- 34 files changed, 229 insertions(+), 85 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJakgpjAAoJEN6mb/eXdyzcS9oQAJI/yJKMCQMGj5wSCOvJAs7M 7DY9x1j7z5bKyn8tSAz4rj9RQWx8G9DhzcFwbK33OHFkdxTdsqskiETH+Lze2YSb tlBEn39BU2h2RoDyTqvn9gFcRSY5W0uIadxA4HATSjpU+dk9H9wuBR8abskN3xjR c1fi/CeEa2n1yieHTE+bIh3nXPWPCW49KjLKtMUvowdQy38rzHN2wPin2prKg18U vOfXMwCybR6SjDn0UNmmI0yYS8JdXxhqsChp2DJ0K+krIzMQVm3l3V5ZB03VL4l2 csWUcuocOpMuM0lK6IZoQoIG7wDdZ5w90omeG7trx2gzpMDP9rFfTwuqurebN1Xt LF7kfdD4zSKbAqfNcoHgdwHHeZIKS586UddA6tsGrOWQ3jsZPL9y3DXGorD8OXan AgL8K4ekBQmLsiwrtS7XYivuXblB52qvwaYVvAjXEbeE2pxZi3ToQHPBiZUFjBrd TUXqsHhydUt9R8+TTGE5FthVAIttQ/lSdarlm7e8V/D7We5XPbcbyyB0vCQN7jPi WVEz53vSe7UeurD6HD1g9l2HbDM2wx+VmzNEUjAsPIHdAaPaO9SE9FYK1wpuDp45 xK8d9sPo5PCLN8iWKhEqfaB7cBs4tRHx2kmalY7G6uDlOP75v9tsse8oyBQokMVW H/+ouRzwpb4a2k6RsgsW =u5Rc -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

Patch "e1000: fix disabling already-disabled warning" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled e1000: fix disabling already-disabled warning to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: e1000-fix-disabling-already-disabled-warning.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Tushar Dave <tushar.n.dave(a)oracle.com> Date: Wed, 6 Dec 2017 02:26:29 +0530 Subject: e1000: fix disabling already-disabled warning From: Tushar Dave <tushar.n.dave(a)oracle.com> [ Upstream commit 0b76aae741abb9d16d2c0e67f8b1e766576f897d ] This patch adds check so that driver does not disable already disabled device. [ 44.637743] advantechwdt: Unexpected close, not stopping watchdog! [ 44.997548] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input6 [ 45.013419] e1000 0000:00:03.0: disabling already-disabled device [ 45.013447] ------------[ cut here ]------------ [ 45.014868] WARNING: CPU: 1 PID: 71 at drivers/pci/pci.c:1641 pci_disable_device+0xa1/0x105: pci_disable_device at drivers/pci/pci.c:1640 [ 45.016171] CPU: 1 PID: 71 Comm: rcu_perf_shutdo Not tainted 4.14.0-01330-g3c07399 #1 [ 45.017197] task: ffff88011bee9e40 task.stack: ffffc90000860000 [ 45.017987] RIP: 0010:pci_disable_device+0xa1/0x105: pci_disable_device at drivers/pci/pci.c:1640 [ 45.018603] RSP: 0000:ffffc90000863e30 EFLAGS: 00010286 [ 45.019282] RAX: 0000000000000035 RBX: ffff88013a230008 RCX: 0000000000000000 [ 45.020182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000203 [ 45.021084] RBP: ffff88013a3f31e8 R08: 0000000000000001 R09: 0000000000000000 [ 45.021986] R10: ffffffff827ec29c R11: 0000000000000002 R12: 0000000000000001 [ 45.022946] R13: ffff88013a230008 R14: ffff880117802b20 R15: ffffc90000863e8f [ 45.023842] FS: 0000000000000000(0000) GS:ffff88013fd00000(0000) knlGS:0000000000000000 [ 45.024863] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.025583] CR2: ffffc900006d4000 CR3: 000000000220f000 CR4: 00000000000006a0 [ 45.026478] Call Trace: [ 45.026811] __e1000_shutdown+0x1d4/0x1e2: __e1000_shutdown at drivers/net/ethernet/intel/e1000/e1000_main.c:5162 [ 45.027344] ? rcu_perf_cleanup+0x2a1/0x2a1: rcu_perf_shutdown at kernel/rcu/rcuperf.c:627 [ 45.027883] e1000_shutdown+0x14/0x3a: e1000_shutdown at drivers/net/ethernet/intel/e1000/e1000_main.c:5235 [ 45.028351] device_shutdown+0x110/0x1aa: device_shutdown at drivers/base/core.c:2807 [ 45.028858] kernel_power_off+0x31/0x64: kernel_power_off at kernel/reboot.c:260 [ 45.029343] rcu_perf_shutdown+0x9b/0xa7: rcu_perf_shutdown at kernel/rcu/rcuperf.c:637 [ 45.029852] ? __wake_up_common_lock+0xa2/0xa2: autoremove_wake_function at kernel/sched/wait.c:376 [ 45.030414] kthread+0x126/0x12e: kthread at kernel/kthread.c:233 [ 45.030834] ? __kthread_bind_mask+0x8e/0x8e: kthread at kernel/kthread.c:190 [ 45.031399] ? ret_from_fork+0x1f/0x30: ret_from_fork at arch/x86/entry/entry_64.S:443 [ 45.031883] ? kernel_init+0xa/0xf5: kernel_init at init/main.c:997 [ 45.032325] ret_from_fork+0x1f/0x30: ret_from_fork at arch/x86/entry/entry_64.S:443 [ 45.032777] Code: 00 48 85 ed 75 07 48 8b ab a8 00 00 00 48 8d bb 98 00 00 00 e8 aa d1 11 00 48 89 ea 48 89 c6 48 c7 c7 d8 e4 0b 82 e8 55 7d da ff <0f> ff b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 f0 b1 61 82 [ 45.035222] ---[ end trace c257137b1b1976ef ]--- [ 45.037838] ACPI: Preparing to enter system sleep state S5 Signed-off-by: Tushar Dave <tushar.n.dave(a)oracle.com> Tested-by: Fengguang Wu <fengguang.wu(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/e1000/e1000.h | 3 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 27 +++++++++++++++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) --- a/drivers/net/ethernet/intel/e1000/e1000.h +++ b/drivers/net/ethernet/intel/e1000/e1000.h @@ -331,7 +331,8 @@ struct e1000_adapter { enum e1000_state_t { __E1000_TESTING, __E1000_RESETTING, - __E1000_DOWN + __E1000_DOWN, + __E1000_DISABLED }; #undef pr_fmt --- a/drivers/net/ethernet/intel/e1000/e1000_main.c +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c @@ -940,7 +940,7 @@ static int e1000_init_hw_struct(struct e static int e1000_probe(struct pci_dev *pdev, const struct pci_device_id *ent) { struct net_device *netdev; - struct e1000_adapter *adapter; + struct e1000_adapter *adapter = NULL; struct e1000_hw *hw; static int cards_found = 0; @@ -950,6 +950,7 @@ static int e1000_probe(struct pci_dev *p u16 tmp = 0; u16 eeprom_apme_mask = E1000_EEPROM_APME; int bars, need_ioport; + bool disable_dev = false; /* do not allocate ioport bars when not needed */ need_ioport = e1000_is_need_ioport(pdev); @@ -1250,11 +1251,13 @@ err_mdio_ioremap: iounmap(hw->ce4100_gbe_mdio_base_virt); iounmap(hw->hw_addr); err_ioremap: + disable_dev = !test_and_set_bit(__E1000_DISABLED, &adapter->flags); free_netdev(netdev); err_alloc_etherdev: pci_release_selected_regions(pdev, bars); err_pci_reg: - pci_disable_device(pdev); + if (!adapter || disable_dev) + pci_disable_device(pdev); return err; } @@ -1272,6 +1275,7 @@ static void e1000_remove(struct pci_dev struct net_device *netdev = pci_get_drvdata(pdev); struct e1000_adapter *adapter = netdev_priv(netdev); struct e1000_hw *hw = &adapter->hw; + bool disable_dev; e1000_down_and_stop(adapter); e1000_release_manageability(adapter); @@ -1290,9 +1294,11 @@ static void e1000_remove(struct pci_dev iounmap(hw->flash_address); pci_release_selected_regions(pdev, adapter->bars); + disable_dev = !test_and_set_bit(__E1000_DISABLED, &adapter->flags); free_netdev(netdev); - pci_disable_device(pdev); + if (disable_dev) + pci_disable_device(pdev); } /** @@ -5135,7 +5141,8 @@ static int __e1000_shutdown(struct pci_d if (netif_running(netdev)) e1000_free_irq(adapter); - pci_disable_device(pdev); + if (!test_and_set_bit(__E1000_DISABLED, &adapter->flags)) + pci_disable_device(pdev); return 0; } @@ -5179,6 +5186,10 @@ static int e1000_resume(struct pci_dev * pr_err("Cannot enable PCI device from suspend\n"); return err; } + + /* flush memory to make sure state is correct */ + smp_mb__before_atomic(); + clear_bit(__E1000_DISABLED, &adapter->flags); pci_set_master(pdev); pci_enable_wake(pdev, PCI_D3hot, 0); @@ -5253,7 +5264,9 @@ static pci_ers_result_t e1000_io_error_d if (netif_running(netdev)) e1000_down(adapter); - pci_disable_device(pdev); + + if (!test_and_set_bit(__E1000_DISABLED, &adapter->flags)) + pci_disable_device(pdev); /* Request a slot slot reset. */ return PCI_ERS_RESULT_NEED_RESET; @@ -5281,6 +5294,10 @@ static pci_ers_result_t e1000_io_slot_re pr_err("Cannot re-enable PCI device after reset.\n"); return PCI_ERS_RESULT_DISCONNECT; } + + /* flush memory to make sure state is correct */ + smp_mb__before_atomic(); + clear_bit(__E1000_DISABLED, &adapter->flags); pci_set_master(pdev); pci_enable_wake(pdev, PCI_D3hot, 0); Patches currently in stable-queue which might be from tushar.n.dave(a)oracle.com are queue-4.4/e1000-fix-disabling-already-disabled-warning.patch

7 years, 2 months

1
0
0 0

Patch "drm/ttm: check the return value of kzalloc" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/ttm: check the return value of kzalloc to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-ttm-check-the-return-value-of-kzalloc.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Xiongwei Song <sxwjean(a)gmail.com> Date: Tue, 2 Jan 2018 21:24:55 +0800 Subject: drm/ttm: check the return value of kzalloc From: Xiongwei Song <sxwjean(a)gmail.com> [ Upstream commit 19d859a7205bc59ffc38303eb25ae394f61d21dc ] In the function ttm_page_alloc_init, kzalloc call is made for variable _manager, we need to check its return value, it may return NULL. Signed-off-by: Xiongwei Song <sxwjean(a)gmail.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/ttm/ttm_page_alloc.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -818,6 +818,8 @@ int ttm_page_alloc_init(struct ttm_mem_g pr_info("Initializing pool allocator\n"); _manager = kzalloc(sizeof(*_manager), GFP_KERNEL); + if (!_manager) + return -ENOMEM; ttm_page_pool_init_locked(&_manager->wc_pool, GFP_HIGHUSER, "wc"); Patches currently in stable-queue which might be from sxwjean(a)gmail.com are queue-4.4/drm-ttm-check-the-return-value-of-kzalloc.patch

7 years, 2 months

1
0
0 0

Patch "drm/nouveau/pci: do a msi rearm on init" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/nouveau/pci: do a msi rearm on init to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-nouveau-pci-do-a-msi-rearm-on-init.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Karol Herbst <kherbst(a)redhat.com> Date: Fri, 24 Nov 2017 03:56:26 +0100 Subject: drm/nouveau/pci: do a msi rearm on init From: Karol Herbst <kherbst(a)redhat.com> [ Upstream commit a121027d2747168df0aac0c3da35509eea39f61c ] On my GP107 when I load nouveau after unloading it, for some reason the GPU stopped sending or the CPU stopped receiving interrupts if MSI was enabled. Doing a rearm once before getting any interrupts fixes this. Signed-off-by: Karol Herbst <kherbst(a)redhat.com> Reviewed-by: Thierry Reding <treding(a)nvidia.com> Signed-off-by: Ben Skeggs <bskeggs(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pci/base.c @@ -127,6 +127,13 @@ nvkm_pci_init(struct nvkm_subdev *subdev return ret; pci->irq = pdev->irq; + + /* Ensure MSI interrupts are armed, for the case where there are + * already interrupts pending (for whatever reason) at load time. + */ + if (pci->msi) + pci->func->msi_rearm(pci); + return ret; } Patches currently in stable-queue which might be from kherbst(a)redhat.com are queue-4.4/drm-nouveau-pci-do-a-msi-rearm-on-init.patch

7 years, 2 months

1
0
0 0

Patch "can: flex_can: Correct the checking for frame length in flexcan_start_xmit()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: flex_can: Correct the checking for frame length in flexcan_start_xmit() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-flex_can-correct-the-checking-for-frame-length-in-flexcan_start_xmit.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Luu An Phu <phu.luuan(a)nxp.com> Date: Tue, 2 Jan 2018 10:44:18 +0700 Subject: can: flex_can: Correct the checking for frame length in flexcan_start_xmit() From: Luu An Phu <phu.luuan(a)nxp.com> [ Upstream commit 13454c14550065fcc1705d6bd4ee6d40e057099f ] The flexcan_start_xmit() function compares the frame length with data register length to write frame content into data[0] and data[1] register. Data register length is 4 bytes and frame maximum length is 8 bytes. Fix the check that compares frame length with 3. Because the register length is 4. Signed-off-by: Luu An Phu <phu.luuan(a)nxp.com> Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/flexcan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/can/flexcan.c +++ b/drivers/net/can/flexcan.c @@ -493,7 +493,7 @@ static int flexcan_start_xmit(struct sk_ data = be32_to_cpup((__be32 *)&cf->data[0]); flexcan_write(data, &regs->mb[FLEXCAN_TX_BUF_ID].data[0]); } - if (cf->can_dlc > 3) { + if (cf->can_dlc > 4) { data = be32_to_cpup((__be32 *)&cf->data[4]); flexcan_write(data, &regs->mb[FLEXCAN_TX_BUF_ID].data[1]); } Patches currently in stable-queue which might be from phu.luuan(a)nxp.com are queue-4.4/can-flex_can-correct-the-checking-for-frame-length-in-flexcan_start_xmit.patch

7 years, 2 months

1
0
0 0

Patch "bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine." has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bnxt_en-fix-the-invalid-vf-id-check-in-bnxt_vf_ndo_prep-routine.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> Date: Thu, 4 Jan 2018 18:46:55 -0500 Subject: bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. From: Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> [ Upstream commit 78f300049335ae81a5cc6b4b232481dc5e1f9d41 ] In bnxt_vf_ndo_prep (which is called by bnxt_get_vf_config ndo), there is a check for "Invalid VF id". Currently, the check is done against max_vfs. However, the user doesn't always create max_vfs. So, the check should be against the created number of VFs. The number of bnxt_vf_info structures that are allocated in bnxt_alloc_vf_resources routine is the "number of requested VFs". So, if an "invalid VF id" falls between the requested number of VFs and the max_vfs, the driver will be dereferencing an invalid pointer. Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.") Signed-off-by: Venkat Devvuru <venkatkumar.duvvuru(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c @@ -29,7 +29,7 @@ static int bnxt_vf_ndo_prep(struct bnxt netdev_err(bp->dev, "vf ndo called though sriov is disabled\n"); return -EINVAL; } - if (vf_id >= bp->pf.max_vfs) { + if (vf_id >= bp->pf.active_vfs) { netdev_err(bp->dev, "Invalid VF id %d\n", vf_id); return -EINVAL; } Patches currently in stable-queue which might be from venkatkumar.duvvuru(a)broadcom.com are queue-4.4/bnxt_en-fix-the-invalid-vf-id-check-in-bnxt_vf_ndo_prep-routine.patch

7 years, 2 months

1
0
0 0

Patch "bnx2x: Improve reliability in case of nested PCI errors" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bnx2x: Improve reliability in case of nested PCI errors to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bnx2x-improve-reliability-in-case-of-nested-pci-errors.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: "Guilherme G. Piccoli" <gpiccoli(a)linux.vnet.ibm.com> Date: Fri, 22 Dec 2017 13:01:39 -0200 Subject: bnx2x: Improve reliability in case of nested PCI errors From: "Guilherme G. Piccoli" <gpiccoli(a)linux.vnet.ibm.com> [ Upstream commit f7084059a9cb9e56a186e1677b1dcffd76c2cd24 ] While in recovery process of PCI error (called EEH on PowerPC arch), another PCI transaction could be corrupted causing a situation of nested PCI errors. Also, this scenario could be reproduced with error injection mechanisms (for debug purposes). We observe that in case of nested PCI errors, bnx2x might attempt to initialize its shmem and cause a kernel crash due to bad addresses read from MCP. Multiple different stack traces were observed depending on the point the second PCI error happens. This patch avoids the crashes by: * failing PCI recovery in case of nested errors (since multiple PCI errors in a row are not expected to lead to a functional adapter anyway), and by, * preventing access to adapter FW when MCP is failed (we mark it as failed when shmem cannot get initialized properly). Reported-by: Abdul Haleem <abdhalee(a)linux.vnet.ibm.com> Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)linux.vnet.ibm.com> Acked-by: Shahed Shaikh <Shahed.Shaikh(a)cavium.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 4 ++-- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 14 +++++++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c @@ -3052,7 +3052,7 @@ int bnx2x_nic_unload(struct bnx2x *bp, i del_timer_sync(&bp->timer); - if (IS_PF(bp)) { + if (IS_PF(bp) && !BP_NOMCP(bp)) { /* Set ALWAYS_ALIVE bit in shmem */ bp->fw_drv_pulse_wr_seq |= DRV_PULSE_ALWAYS_ALIVE; bnx2x_drv_pulse(bp); @@ -3134,7 +3134,7 @@ int bnx2x_nic_unload(struct bnx2x *bp, i bp->cnic_loaded = false; /* Clear driver version indication in shmem */ - if (IS_PF(bp)) + if (IS_PF(bp) && !BP_NOMCP(bp)) bnx2x_update_mng_version(bp); /* Check if there are pending parity attentions. If there are - set --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c @@ -9570,6 +9570,15 @@ static int bnx2x_init_shmem(struct bnx2x do { bp->common.shmem_base = REG_RD(bp, MISC_REG_SHARED_MEM_ADDR); + + /* If we read all 0xFFs, means we are in PCI error state and + * should bail out to avoid crashes on adapter's FW reads. + */ + if (bp->common.shmem_base == 0xFFFFFFFF) { + bp->flags |= NO_MCP_FLAG; + return -ENODEV; + } + if (bp->common.shmem_base) { val = SHMEM_RD(bp, validity_map[BP_PORT(bp)]); if (val & SHR_MEM_VALIDITY_MB) @@ -14214,7 +14223,10 @@ static pci_ers_result_t bnx2x_io_slot_re BNX2X_ERR("IO slot reset --> driver unload\n"); /* MCP should have been reset; Need to wait for validity */ - bnx2x_init_shmem(bp); + if (bnx2x_init_shmem(bp)) { + rtnl_unlock(); + return PCI_ERS_RESULT_DISCONNECT; + } if (IS_PF(bp) && SHMEM2_HAS(bp, drv_capabilities_flag)) { u32 v; Patches currently in stable-queue which might be from gpiccoli(a)linux.vnet.ibm.com are queue-4.4/bnx2x-improve-reliability-in-case-of-nested-pci-errors.patch

7 years, 2 months

1
0
0 0

Patch "ARM: dts: ls1021a: fix incorrect clock references" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: ls1021a: fix incorrect clock references to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-ls1021a-fix-incorrect-clock-references.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Arnd Bergmann <arnd(a)arndb.de> Date: Thu, 21 Dec 2017 22:35:19 +0100 Subject: ARM: dts: ls1021a: fix incorrect clock references From: Arnd Bergmann <arnd(a)arndb.de> [ Upstream commit 506e8a912661c97b41adc8a286b875d01323ec45 ] dtc warns about two 'clocks' properties that have an extraneous '1' at the end: arch/arm/boot/dts/ls1021a-qds.dtb: Warning (clocks_property): arch/arm/boot/dts/ls1021a-twr.dtb: Warning (clocks_property): Property 'clocks', cell 1 is not a phandle reference in /soc/i2c@2180000/mux@77/i2c@4/sgtl5000@2a arch/arm/boot/dts/ls1021a-qds.dtb: Warning (clocks_property): Missing property '#clock-cells' in node /soc/interrupt-controller@1400000 or bad phandle (referred from /soc/i2c@2180000/mux@77/i2c@4/sgtl5000@2a:clocks[1]) Property 'clocks', cell 1 is not a phandle reference in /soc/i2c@2190000/sgtl5000@a arch/arm/boot/dts/ls1021a-twr.dtb: Warning (clocks_property): Missing property '#clock-cells' in node /soc/interrupt-controller@1400000 or bad phandle (referred from /soc/i2c@2190000/sgtl5000@a:clocks[1]) The clocks that get referenced here are fixed-rate, so they do not take any argument, and dtc interprets the next cell as a phandle, which is invalid. Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/ls1021a-qds.dts | 2 +- arch/arm/boot/dts/ls1021a-twr.dts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm/boot/dts/ls1021a-qds.dts +++ b/arch/arm/boot/dts/ls1021a-qds.dts @@ -215,7 +215,7 @@ reg = <0x2a>; VDDA-supply = <&reg_3p3v>; VDDIO-supply = <&reg_3p3v>; - clocks = <&sys_mclk 1>; + clocks = <&sys_mclk>; }; }; }; --- a/arch/arm/boot/dts/ls1021a-twr.dts +++ b/arch/arm/boot/dts/ls1021a-twr.dts @@ -167,7 +167,7 @@ reg = <0x0a>; VDDA-supply = <&reg_3p3v>; VDDIO-supply = <&reg_3p3v>; - clocks = <&sys_mclk 1>; + clocks = <&sys_mclk>; }; }; Patches currently in stable-queue which might be from arnd(a)arndb.de are queue-4.4/arm-dts-ls1021a-fix-incorrect-clock-references.patch

7 years, 2 months

1
0
0 0

Patch "ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8731-1-fix-csum_partial_copy_from_user-stack-mismatch.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:19:30 CET 2018 From: Chunyan Zhang <zhang.lyra(a)gmail.com> Date: Fri, 1 Dec 2017 03:51:04 +0100 Subject: ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch From: Chunyan Zhang <zhang.lyra(a)gmail.com> [ Upstream commit 36b0cb84ee858f02c256d26f0cb4229c78e3399e ] An additional 'ip' will be pushed to the stack, for restoring the DACR later, if CONFIG_CPU_SW_DOMAIN_PAN defined. However, the fixup still get the err_ptr by add #8*4 to sp, which results in the fact that the code area pointed by the LR will be overwritten, or the kernel will crash if CONFIG_DEBUG_RODATA is enabled. This patch fixes the stack mismatch. Fixes: a5e090acbf54 ("ARM: software-based priviledged-no-access support") Signed-off-by: Lvqiang Huang <Lvqiang.Huang(a)spreadtrum.com> Signed-off-by: Chunyan Zhang <zhang.lyra(a)gmail.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/lib/csumpartialcopyuser.S | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/arm/lib/csumpartialcopyuser.S +++ b/arch/arm/lib/csumpartialcopyuser.S @@ -85,7 +85,11 @@ .pushsection .text.fixup,"ax" .align 4 9001: mov r4, #-EFAULT +#ifdef CONFIG_CPU_SW_DOMAIN_PAN + ldr r5, [sp, #9*4] @ *err_ptr +#else ldr r5, [sp, #8*4] @ *err_ptr +#endif str r4, [r5] ldmia sp, {r1, r2} @ retrieve dst, len add r2, r2, r1 Patches currently in stable-queue which might be from zhang.lyra(a)gmail.com are queue-4.4/arm-8731-1-fix-csum_partial_copy_from_user-stack-mismatch.patch

7 years, 2 months

1
0
0 0

Patch "xfs: quota: check result of register_shrinker()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: quota: check result of register_shrinker() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-quota-check-result-of-register_shrinker.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Date: Thu, 21 Dec 2017 13:18:26 -0800 Subject: xfs: quota: check result of register_shrinker() From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [ Upstream commit 3a3882ff26fbdbaf5f7e13f6a0bccfbf7121041d ] xfs_qm_init_quotainfo() does not check result of register_shrinker() which was tagged as __must_check recently, reported by sparse. Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [darrick: move xfs_qm_destroy_quotainos nearer xfs_qm_init_quotainos] Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_qm.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -49,7 +49,7 @@ STATIC int xfs_qm_init_quotainos(xfs_mount_t *); STATIC int xfs_qm_init_quotainfo(xfs_mount_t *); - +STATIC void xfs_qm_destroy_quotainos(xfs_quotainfo_t *qi); STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); /* * We use the batch lookup interface to iterate over the dquots as it @@ -662,9 +662,17 @@ xfs_qm_init_quotainfo( qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan; qinf->qi_shrinker.seeks = DEFAULT_SEEKS; qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE; - register_shrinker(&qinf->qi_shrinker); + + error = register_shrinker(&qinf->qi_shrinker); + if (error) + goto out_free_inos; + return 0; +out_free_inos: + mutex_destroy(&qinf->qi_quotaofflock); + mutex_destroy(&qinf->qi_tree_lock); + xfs_qm_destroy_quotainos(qinf); out_free_lru: list_lru_destroy(&qinf->qi_lru); out_free_qinf: @@ -673,7 +681,6 @@ out_free_qinf: return error; } - /* * Gets called when unmounting a filesystem or when all quotas get * turned off. @@ -690,19 +697,7 @@ xfs_qm_destroy_quotainfo( unregister_shrinker(&qi->qi_shrinker); list_lru_destroy(&qi->qi_lru); - - if (qi->qi_uquotaip) { - IRELE(qi->qi_uquotaip); - qi->qi_uquotaip = NULL; /* paranoia */ - } - if (qi->qi_gquotaip) { - IRELE(qi->qi_gquotaip); - qi->qi_gquotaip = NULL; - } - if (qi->qi_pquotaip) { - IRELE(qi->qi_pquotaip); - qi->qi_pquotaip = NULL; - } + xfs_qm_destroy_quotainos(qi); mutex_destroy(&qi->qi_tree_lock); mutex_destroy(&qi->qi_quotaofflock); kmem_free(qi); @@ -1574,6 +1569,24 @@ error_rele: } STATIC void +xfs_qm_destroy_quotainos( + xfs_quotainfo_t *qi) +{ + if (qi->qi_uquotaip) { + IRELE(qi->qi_uquotaip); + qi->qi_uquotaip = NULL; /* paranoia */ + } + if (qi->qi_gquotaip) { + IRELE(qi->qi_gquotaip); + qi->qi_gquotaip = NULL; + } + if (qi->qi_pquotaip) { + IRELE(qi->qi_pquotaip); + qi->qi_pquotaip = NULL; + } +} + +STATIC void xfs_qm_dqfree_one( struct xfs_dquot *dqp) { Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are queue-3.18/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch queue-3.18/xfs-quota-check-result-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "xfs: quota: fix missed destroy of qi_tree_lock" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: quota: fix missed destroy of qi_tree_lock to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Date: Thu, 21 Dec 2017 13:18:26 -0800 Subject: xfs: quota: fix missed destroy of qi_tree_lock From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> [ Upstream commit 2196881566225f3c3428d1a5f847a992944daa5b ] xfs_qm_destroy_quotainfo() does not destroy quotainfo->qi_tree_lock while destroys quotainfo->qi_quotaofflock. Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com> Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_qm.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -703,6 +703,7 @@ xfs_qm_destroy_quotainfo( IRELE(qi->qi_pquotaip); qi->qi_pquotaip = NULL; } + mutex_destroy(&qi->qi_tree_lock); mutex_destroy(&qi->qi_quotaofflock); kmem_free(qi); mp->m_quotainfo = NULL; Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are queue-3.18/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch queue-3.18/xfs-quota-check-result-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "xen-netfront: enable device after manual module load" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: enable device after manual module load to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-enable-device-after-manual-module-load.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Eduardo Otubo <otubo(a)redhat.com> Date: Fri, 5 Jan 2018 09:42:16 +0100 Subject: xen-netfront: enable device after manual module load From: Eduardo Otubo <otubo(a)redhat.com> [ Upstream commit b707fda2df4070785d0fa8a278aa13944c5f51f8 ] When loading the module after unloading it, the network interface would not be enabled and thus wouldn't have a backend counterpart and unable to be used by the guest. The guest would face errors like: [root@guest ~]# ethtool -i eth0 Cannot get driver information: No such device [root@guest ~]# ifconfig eth0 eth0: error fetching interface information: Device not found This patch initializes the state of the netfront device whenever it is loaded manually, this state would communicate the netback to create its device and establish the connection between them. Signed-off-by: Eduardo Otubo <otubo(a)redhat.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1358,6 +1358,7 @@ static struct net_device *xennet_create_ netif_carrier_off(netdev); + xenbus_switch_state(dev, XenbusStateInitialising); return netdev; exit: Patches currently in stable-queue which might be from otubo(a)redhat.com are queue-3.18/xen-netfront-enable-device-after-manual-module-load.patch

7 years, 2 months

1
0
0 0

Patch "xen/gntdev: Fix partial gntdev_mmap() cleanup" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/gntdev: Fix partial gntdev_mmap() cleanup to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Date: Tue, 9 Jan 2018 12:10:22 +0000 Subject: xen/gntdev: Fix partial gntdev_mmap() cleanup From: Ross Lagerwall <ross.lagerwall(a)citrix.com> [ Upstream commit cf2acf66ad43abb39735568f55e1f85f9844e990 ] When cleaning up after a partially successful gntdev_mmap(), unmap the successfully mapped grant pages otherwise Xen will kill the domain if in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will kill the process and emit "BUG: Bad page map in process" if Xen is in release mode. This is only needed when use_ptemod is true because gntdev_put_map() will unmap grant pages itself when use_ptemod is false. Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/xen/gntdev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -817,8 +817,10 @@ unlock_out: out_unlock_put: mutex_unlock(&priv->lock); out_put_map: - if (use_ptemod) + if (use_ptemod) { map->vma = NULL; + unmap_grant_pages(map, 0, map->count); + } gntdev_put_map(priv, map); return err; } Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are queue-3.18/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-3.18/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 90aaf2f25609f99b63fcbed280716f80b4bc5f56: Linux 3.18.93 (2018-01-31 14:46:16 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-23022018 for you to fetch changes up to 43a01c3be74bd139deae455046a7112b43ad307e: net: gianfar_ptp: move set_fipers() to spinlock protecting area (2018-02-03 12:58:09 -0500) - ---------------------------------------------------------------- for-greg-3.18-23022018 - ---------------------------------------------------------------- Al Viro (1): sget(): handle failures of register_shrinker() Alexander Kochetkov (1): net: arc_emac: fix arc_emac_rx() error paths Aliaksei Karaliou (2): xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() Brendan McGrath (1): ipv6: icmp6: Allow icmp messages to be looped back Cathy Avery (1): scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error Christophe JAILLET (1): mdio-sun4i: Fix a memory leak Eduardo Otubo (1): xen-netfront: enable device after manual module load Guilherme G. Piccoli (1): bnx2x: Improve reliability in case of nested PCI errors Linus Torvalds (1): loop: fix concurrent lo_open/lo_release Marcelo Ricardo Leitner (1): sctp: make use of pre-calculated len Matthieu CASTET (1): led: core: Fix brightness setting when setting delay_off=0 Radu Pirea (1): spi: atmel: fixed spin_lock usage inside atmel_spi_remove Ross Lagerwall (2): xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup Sascha Hauer (1): mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM Sergei Shtylyov (1): SolutionEngine771x: fix Ether platform data Siva Reddy Kallam (2): tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 Stefan Haberland (1): s390/dasd: fix wrongly assigned configuration data Tetsuo Handa (1): mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. Tushar Dave (1): e1000: fix disabling already-disabled warning Xiongwei Song (1): drm/ttm: check the return value of kzalloc Yangbo Lu (1): net: gianfar_ptp: move set_fipers() to spinlock protecting area arch/sh/boards/mach-se/770x/setup.c | 10 ++++- drivers/block/loop.c | 10 ++++- drivers/gpu/drm/ttm/ttm_page_alloc.c | 2 + drivers/leds/led-core.c | 2 +- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +-- drivers/net/ethernet/arc/emac_main.c | 53 ++++++++++++++---------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 14 ++++++- drivers/net/ethernet/broadcom/tg3.c | 13 +++++- drivers/net/ethernet/broadcom/tg3.h | 4 ++ drivers/net/ethernet/freescale/gianfar_ptp.c | 3 +- drivers/net/ethernet/intel/e1000/e1000.h | 3 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 27 +++++++++--- drivers/net/phy/mdio-sun4i.c | 6 ++- drivers/net/xen-netfront.c | 1 + drivers/s390/block/dasd_3990_erp.c | 10 +++++ drivers/scsi/storvsc_drv.c | 3 +- drivers/spi/spi-atmel.c | 2 +- drivers/xen/gntdev.c | 8 ++-- fs/super.c | 6 ++- fs/xfs/xfs_qm.c | 46 +++++++++++++------- mm/vmscan.c | 3 ++ net/ipv6/route.c | 1 + net/sctp/socket.c | 16 ++++--- 24 files changed, 180 insertions(+), 73 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJakgprAAoJEN6mb/eXdyzcW9oQAJtuQGqvMGRhyMWKZD+zJRJ4 YGl3UPPa7l4VHGsP6c8b264egiohAg/mFw3Scbfvk+JOF6d4wsTK/kEklGNIa8wd 9PnKQsC/onFxRpLiWt71DKrhCQtD4/yEP/e0K5Q98JufboLVvmf9paGmamfBFzvE oY+dQvleMnjQ7eaKmS3dw6EfVoQN2Z63QiaDA8pRcgpmsRymBy0aAY1/D1gOjsGz rp6jyIupz5VsTsQDE3Iz/It1YTyQ7UbRTYsja05+NKd2OH4HO4b4VOWf6Id65xtd t2lb00Hw+R57wbOU+EaoQse23Nq0G+hD+KKVaPh/dsMS1QIYAmNwbUvcNQBeOB0b rpZaLVP6hD7aDpGsNwLEBu5vLWHA2rzlfVkxqpxxVgiqglr/8rHEXBOtoWjKWC64 qc3XzMPWySyp5LBXgqW+SBQSfIswpkpLFjr2zYNGUJNbPzGnsm+bRCl/vhqFQ92C CKVkrZXmJr4rA5wYlNXjmEr2niH4W/BTyEVk3XD1S6lpbu/ucsGeGR1bfPa406cR 9tdd9WpvqnfNFwiKdxWhMpYUrHT9b95IeO4RYotJq2oHXAC7Fe/nEmF03Gu8TpEh qwK2QZ0Xys8wyfhfS5Ht9RUpdDZ4ef6w+ugXHuLeUuFj3P9OMcrTQGMNCEZwyQDe 3/8rzAlTKwFUkUjQMqV9 =Iz+N -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

Patch "tg3: Enable PHY reset in MTU change path for 5720" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tg3: Enable PHY reset in MTU change path for 5720 to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Date: Fri, 22 Dec 2017 16:05:29 +0530 Subject: tg3: Enable PHY reset in MTU change path for 5720 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> [ Upstream commit e60ee41aaf898584205a6af5c996860d0fe6a836 ] A customer noticed RX path hang when MTU is changed on the fly while running heavy traffic with NCSI enabled for 5717 and 5719. Since 5720 belongs to same ASIC family, we observed same issue and same fix could solve this problem for 5720. Signed-off-by: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/tg3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c @@ -14214,7 +14214,8 @@ static int tg3_change_mtu(struct net_dev */ if (tg3_asic_rev(tp) == ASIC_REV_57766 || tg3_asic_rev(tp) == ASIC_REV_5717 || - tg3_asic_rev(tp) == ASIC_REV_5719) + tg3_asic_rev(tp) == ASIC_REV_5719 || + tg3_asic_rev(tp) == ASIC_REV_5720) reset_phy = true; err = tg3_restart_hw(tp, reset_phy); Patches currently in stable-queue which might be from siva.kallam(a)broadcom.com are queue-3.18/tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch queue-3.18/tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch

7 years, 2 months

1
0
0 0

Patch "xen/gntdev: Fix off-by-one error when unmapping with holes" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/gntdev: Fix off-by-one error when unmapping with holes to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Date: Tue, 9 Jan 2018 12:10:21 +0000 Subject: xen/gntdev: Fix off-by-one error when unmapping with holes From: Ross Lagerwall <ross.lagerwall(a)citrix.com> [ Upstream commit 951a010233625b77cde3430b4b8785a9a22968d1 ] If the requested range has a hole, the calculation of the number of pages to unmap is off by one. Fix it. Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/xen/gntdev.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -348,10 +348,8 @@ static int unmap_grant_pages(struct gran } range = 0; while (range < pages) { - if (map->unmap_ops[offset+range].handle == -1) { - range--; + if (map->unmap_ops[offset+range].handle == -1) break; - } range++; } err = __unmap_grant_pages(map, offset, range); Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are queue-3.18/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch queue-3.18/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch

7 years, 2 months

1
0
0 0

Patch "spi: atmel: fixed spin_lock usage inside atmel_spi_remove" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: atmel: fixed spin_lock usage inside atmel_spi_remove to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_remove.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Radu Pirea <radu.pirea(a)microchip.com> Date: Fri, 15 Dec 2017 17:40:17 +0200 Subject: spi: atmel: fixed spin_lock usage inside atmel_spi_remove From: Radu Pirea <radu.pirea(a)microchip.com> [ Upstream commit 66e900a3d225575c8b48b59ae1fe74bb6e5a65cc ] The only part of atmel_spi_remove which needs to be atomic is hardware reset. atmel_spi_stop_dma calls dma_terminate_all and this needs interrupts enabled. atmel_spi_release_dma calls dma_release_channel and dma_release_channel locks a mutex inside of spin_lock. So the call of these functions can't be inside a spin_lock. Reported-by: Jia-Ju Bai <baijiaju1990(a)gmail.com> Signed-off-by: Radu Pirea <radu.pirea(a)microchip.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-atmel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/spi/spi-atmel.c +++ b/drivers/spi/spi-atmel.c @@ -1416,12 +1416,12 @@ static int atmel_spi_remove(struct platf struct atmel_spi *as = spi_master_get_devdata(master); /* reset the hardware and block queue progress */ - spin_lock_irq(&as->lock); if (as->use_dma) { atmel_spi_stop_dma(as); atmel_spi_release_dma(as); } + spin_lock_irq(&as->lock); spi_writel(as, CR, SPI_BIT(SWRST)); spi_writel(as, CR, SPI_BIT(SWRST)); /* AT91SAM9263 Rev B workaround */ spi_readl(as, SR); Patches currently in stable-queue which might be from radu.pirea(a)microchip.com are queue-3.18/spi-atmel-fixed-spin_lock-usage-inside-atmel_spi_remove.patch

7 years, 2 months

1
0
0 0

Patch "tg3: Add workaround to restrict 5762 MRRS to 2048" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tg3: Add workaround to restrict 5762 MRRS to 2048 to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Date: Fri, 22 Dec 2017 16:05:28 +0530 Subject: tg3: Add workaround to restrict 5762 MRRS to 2048 From: Siva Reddy Kallam <siva.kallam(a)broadcom.com> [ Upstream commit 4419bb1cedcda0272e1dc410345c5a1d1da0e367 ] One of AMD based server with 5762 hangs with jumbo frame traffic. This AMD platform has southbridge limitation which is restricting MRRS to 4000. As a work around, driver to restricts the MRRS to 2048 for this particular 5762 NX1 card. Signed-off-by: Siva Reddy Kallam <siva.kallam(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/tg3.c | 10 ++++++++++ drivers/net/ethernet/broadcom/tg3.h | 4 ++++ 2 files changed, 14 insertions(+) --- a/drivers/net/ethernet/broadcom/tg3.c +++ b/drivers/net/ethernet/broadcom/tg3.c @@ -10028,6 +10028,16 @@ static int tg3_reset_hw(struct tg3 *tp, tw32(GRC_MODE, tp->grc_mode | val); + /* On one of the AMD platform, MRRS is restricted to 4000 because of + * south bridge limitation. As a workaround, Driver is setting MRRS + * to 2048 instead of default 4096. + */ + if (tp->pdev->subsystem_vendor == PCI_VENDOR_ID_DELL && + tp->pdev->subsystem_device == TG3PCI_SUBDEVICE_ID_DELL_5762) { + val = tr32(TG3PCI_DEV_STATUS_CTRL) & ~MAX_READ_REQ_MASK; + tw32(TG3PCI_DEV_STATUS_CTRL, val | MAX_READ_REQ_SIZE_2048); + } + /* Setup the timer prescalar register. Clock is always 66Mhz. */ val = tr32(GRC_MISC_CFG); val &= ~0xff; --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -95,6 +95,7 @@ #define TG3PCI_SUBDEVICE_ID_DELL_JAGUAR 0x0106 #define TG3PCI_SUBDEVICE_ID_DELL_MERLOT 0x0109 #define TG3PCI_SUBDEVICE_ID_DELL_SLIM_MERLOT 0x010a +#define TG3PCI_SUBDEVICE_ID_DELL_5762 0x07f0 #define TG3PCI_SUBVENDOR_ID_COMPAQ PCI_VENDOR_ID_COMPAQ #define TG3PCI_SUBDEVICE_ID_COMPAQ_BANSHEE 0x007c #define TG3PCI_SUBDEVICE_ID_COMPAQ_BANSHEE_2 0x009a @@ -280,6 +281,9 @@ #define TG3PCI_STD_RING_PROD_IDX 0x00000098 /* 64-bit */ #define TG3PCI_RCV_RET_RING_CON_IDX 0x000000a0 /* 64-bit */ /* 0xa8 --> 0xb8 unused */ +#define TG3PCI_DEV_STATUS_CTRL 0x000000b4 +#define MAX_READ_REQ_SIZE_2048 0x00004000 +#define MAX_READ_REQ_MASK 0x00007000 #define TG3PCI_DUAL_MAC_CTRL 0x000000b8 #define DUAL_MAC_CTRL_CH_MASK 0x00000003 #define DUAL_MAC_CTRL_ID 0x00000004 Patches currently in stable-queue which might be from siva.kallam(a)broadcom.com are queue-3.18/tg3-enable-phy-reset-in-mtu-change-path-for-5720.patch queue-3.18/tg3-add-workaround-to-restrict-5762-mrrs-to-2048.patch

7 years, 2 months

1
0
0 0

Patch "sget(): handle failures of register_shrinker()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sget(): handle failures of register_shrinker() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sget-handle-failures-of-register_shrinker.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Al Viro <viro(a)zeniv.linux.org.uk> Date: Mon, 18 Dec 2017 15:05:07 -0500 Subject: sget(): handle failures of register_shrinker() From: Al Viro <viro(a)zeniv.linux.org.uk> [ Upstream commit 9ee332d99e4d5a97548943b81c54668450ce641b ] Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/super.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/fs/super.c +++ b/fs/super.c @@ -476,7 +476,11 @@ retry: hlist_add_head(&s->s_instances, &type->fs_supers); spin_unlock(&sb_lock); get_filesystem(type); - register_shrinker(&s->s_shrink); + err = register_shrinker(&s->s_shrink); + if (err) { + deactivate_locked_super(s); + s = ERR_PTR(err); + } return s; } Patches currently in stable-queue which might be from viro(a)zeniv.linux.org.uk are queue-3.18/sget-handle-failures-of-register_shrinker.patch

7 years, 2 months

1
0
0 0

Patch "SolutionEngine771x: fix Ether platform data" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled SolutionEngine771x: fix Ether platform data to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: solutionengine771x-fix-ether-platform-data.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> Date: Sat, 6 Jan 2018 21:53:26 +0300 Subject: SolutionEngine771x: fix Ether platform data From: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [ Upstream commit 195e2addbce09e5afbc766efc1e6567c9ce840d3 ] The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct sh_eth_plat_data *'; pass the latter to the driver in order to fix the bug... Fixes: 71557a37adb5 ("[netdrvr] sh_eth: Add SH7619 support") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/sh/boards/mach-se/770x/setup.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- a/arch/sh/boards/mach-se/770x/setup.c +++ b/arch/sh/boards/mach-se/770x/setup.c @@ -8,6 +8,7 @@ */ #include <linux/init.h> #include <linux/platform_device.h> +#include <linux/sh_eth.h> #include <mach-se/mach/se.h> #include <mach-se/mach/mrshpc.h> #include <asm/machvec.h> @@ -114,6 +115,11 @@ static struct platform_device heartbeat_ #if defined(CONFIG_CPU_SUBTYPE_SH7710) ||\ defined(CONFIG_CPU_SUBTYPE_SH7712) /* SH771X Ethernet driver */ +static struct sh_eth_plat_data sh_eth_plat = { + .phy = PHY_ID, + .phy_interface = PHY_INTERFACE_MODE_MII, +}; + static struct resource sh_eth0_resources[] = { [0] = { .start = SH_ETH0_BASE, @@ -131,7 +137,7 @@ static struct platform_device sh_eth0_de .name = "sh771x-ether", .id = 0, .dev = { - .platform_data = PHY_ID, + .platform_data = &sh_eth_plat, }, .num_resources = ARRAY_SIZE(sh_eth0_resources), .resource = sh_eth0_resources, @@ -154,7 +160,7 @@ static struct platform_device sh_eth1_de .name = "sh771x-ether", .id = 1, .dev = { - .platform_data = PHY_ID, + .platform_data = &sh_eth_plat, }, .num_resources = ARRAY_SIZE(sh_eth1_resources), .resource = sh_eth1_resources, Patches currently in stable-queue which might be from sergei.shtylyov(a)cogentembedded.com are queue-3.18/solutionengine771x-fix-ether-platform-data.patch

7 years, 2 months

1
0
0 0

Patch "scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-storvsc-fix-scsi_cmd-error-assignments-in-storvsc_handle_error.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Cathy Avery <cavery(a)redhat.com> Date: Tue, 19 Dec 2017 13:32:48 -0500 Subject: scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error From: Cathy Avery <cavery(a)redhat.com> [ Upstream commit d1b8b2391c24751e44f618fcf86fb55d9a9247fd ] When an I/O is returned with an srb_status of SRB_STATUS_INVALID_LUN which has zero good_bytes it must be assigned an error. Otherwise the I/O will be continuously requeued and will cause a deadlock in the case where disks are being hot added and removed. sd_probe_async will wait forever for its I/O to complete while holding scsi_sd_probe_domain. Also returning the default error of DID_TARGET_FAILURE causes multipath to not retry the I/O resulting in applications receiving I/O errors before a failover can occur. Signed-off-by: Cathy Avery <cavery(a)redhat.com> Signed-off-by: Long Li <longli(a)microsoft.com> Reviewed-by: Stephen Hemminger <stephen(a)networkplumber.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/storvsc_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -1029,10 +1029,11 @@ static void storvsc_handle_error(struct case TEST_UNIT_READY: break; default: - set_host_byte(scmnd, DID_TARGET_FAILURE); + set_host_byte(scmnd, DID_ERROR); } break; case SRB_STATUS_INVALID_LUN: + set_host_byte(scmnd, DID_NO_CONNECT); do_work = true; process_err_fn = storvsc_remove_lun; break; Patches currently in stable-queue which might be from cavery(a)redhat.com are queue-3.18/scsi-storvsc-fix-scsi_cmd-error-assignments-in-storvsc_handle_error.patch

7 years, 2 months

1
0
0 0

Patch "sctp: make use of pre-calculated len" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: make use of pre-calculated len to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-make-use-of-pre-calculated-len.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Date: Mon, 8 Jan 2018 19:02:29 -0200 Subject: sctp: make use of pre-calculated len From: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> [ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ] Some sockopt handling functions were calculating the length of the buffer to be written to userspace and then calculating it again when actually writing the buffer, which could lead to some write not using an up-to-date length. This patch updates such places to just make use of the len variable. Also, replace some sizeof(type) to sizeof(var). Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4458,7 +4458,7 @@ static int sctp_getsockopt_autoclose(str len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; - if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) + if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len)) return -EFAULT; return 0; } @@ -5035,6 +5035,9 @@ copy_getaddrs: err = -EFAULT; goto out; } + /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too, + * but we can't change it anymore. + */ if (put_user(bytes_copied, optlen)) err = -EFAULT; out: @@ -5471,7 +5474,7 @@ static int sctp_getsockopt_maxseg(struct params.assoc_id = 0; } else if (len >= sizeof(struct sctp_assoc_value)) { len = sizeof(struct sctp_assoc_value); - if (copy_from_user(&params, optval, sizeof(params))) + if (copy_from_user(&params, optval, len)) return -EFAULT; } else return -EINVAL; @@ -5635,7 +5638,9 @@ static int sctp_getsockopt_active_key(st if (len < sizeof(struct sctp_authkeyid)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) + + len = sizeof(struct sctp_authkeyid); + if (copy_from_user(&val, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, val.scact_assoc_id); @@ -5647,7 +5652,6 @@ static int sctp_getsockopt_active_key(st else val.scact_keynumber = ep->active_key_id; - len = sizeof(struct sctp_authkeyid); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) @@ -5673,7 +5677,7 @@ static int sctp_getsockopt_peer_auth_chu if (len < sizeof(struct sctp_authchunks)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) + if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; to = p->gauth_chunks; @@ -5718,7 +5722,7 @@ static int sctp_getsockopt_local_auth_ch if (len < sizeof(struct sctp_authchunks)) return -EINVAL; - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) + if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; to = p->gauth_chunks; Patches currently in stable-queue which might be from marcelo.leitner(a)gmail.com are queue-3.18/sctp-make-use-of-pre-calculated-len.patch

7 years, 2 months

1
0
0 0

Patch "s390/dasd: fix wrongly assigned configuration data" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/dasd: fix wrongly assigned configuration data to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-dasd-fix-wrongly-assigned-configuration-data.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Stefan Haberland <sth(a)linux.vnet.ibm.com> Date: Wed, 6 Dec 2017 10:30:39 +0100 Subject: s390/dasd: fix wrongly assigned configuration data From: Stefan Haberland <sth(a)linux.vnet.ibm.com> [ Upstream commit 8a9bd4f8ebc6800bfc0596e28631ff6809a2f615 ] We store per path and per device configuration data to identify the path or device correctly. The per path configuration data might get mixed up if the original request gets into error recovery and is started with a random path mask. This would lead to a wrong identification of a path in case of a CUIR event for example. Fix by copying the path mask from the original request to the error recovery request in case it is a path verification request. Signed-off-by: Stefan Haberland <sth(a)linux.vnet.ibm.com> Reviewed-by: Jan Hoeppner <hoeppner(a)linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/block/dasd_3990_erp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/drivers/s390/block/dasd_3990_erp.c +++ b/drivers/s390/block/dasd_3990_erp.c @@ -2743,6 +2743,16 @@ dasd_3990_erp_action(struct dasd_ccw_req erp = dasd_3990_erp_handle_match_erp(cqr, erp); } + + /* + * For path verification work we need to stick with the path that was + * originally chosen so that the per path configuration data is + * assigned correctly. + */ + if (test_bit(DASD_CQR_VERIFY_PATH, &erp->flags) && cqr->lpm) { + erp->lpm = cqr->lpm; + } + if (device->features & DASD_FEATURE_ERPLOG) { /* print current erp_chain */ dev_err(&device->cdev->dev, Patches currently in stable-queue which might be from sth(a)linux.vnet.ibm.com are queue-3.18/s390-dasd-fix-wrongly-assigned-configuration-data.patch

7 years, 2 months

1
0
0 0

Patch "net: arc_emac: fix arc_emac_rx() error paths" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: arc_emac: fix arc_emac_rx() error paths to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-arc_emac-fix-arc_emac_rx-error-paths.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Alexander Kochetkov <al.kochet(a)gmail.com> Date: Fri, 15 Dec 2017 20:20:06 +0300 Subject: net: arc_emac: fix arc_emac_rx() error paths From: Alexander Kochetkov <al.kochet(a)gmail.com> [ Upstream commit e688822d035b494071ecbadcccbd6f3325fb0f59 ] arc_emac_rx() has some issues found by code review. In case netdev_alloc_skb_ip_align() or dma_map_single() failure rx fifo entry will not be returned to EMAC. In case dma_map_single() failure previously allocated skb became lost to driver. At the same time address of newly allocated skb will not be provided to EMAC. Signed-off-by: Alexander Kochetkov <al.kochet(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/arc/emac_main.c | 53 ++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 22 deletions(-) --- a/drivers/net/ethernet/arc/emac_main.c +++ b/drivers/net/ethernet/arc/emac_main.c @@ -250,39 +250,48 @@ static int arc_emac_rx(struct net_device continue; } - pktlen = info & LEN_MASK; - stats->rx_packets++; - stats->rx_bytes += pktlen; - skb = rx_buff->skb; - skb_put(skb, pktlen); - skb->dev = ndev; - skb->protocol = eth_type_trans(skb, ndev); - - dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr), - dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE); - - /* Prepare the BD for next cycle */ - rx_buff->skb = netdev_alloc_skb_ip_align(ndev, - EMAC_BUFFER_SIZE); - if (unlikely(!rx_buff->skb)) { + /* Prepare the BD for next cycle. netif_receive_skb() + * only if new skb was allocated and mapped to avoid holes + * in the RX fifo. + */ + skb = netdev_alloc_skb_ip_align(ndev, EMAC_BUFFER_SIZE); + if (unlikely(!skb)) { + if (net_ratelimit()) + netdev_err(ndev, "cannot allocate skb\n"); + /* Return ownership to EMAC */ + rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE); stats->rx_errors++; - /* Because receive_skb is below, increment rx_dropped */ stats->rx_dropped++; continue; } - /* receive_skb only if new skb was allocated to avoid holes */ - netif_receive_skb(skb); - - addr = dma_map_single(&ndev->dev, (void *)rx_buff->skb->data, + addr = dma_map_single(&ndev->dev, (void *)skb->data, EMAC_BUFFER_SIZE, DMA_FROM_DEVICE); if (dma_mapping_error(&ndev->dev, addr)) { if (net_ratelimit()) - netdev_err(ndev, "cannot dma map\n"); - dev_kfree_skb(rx_buff->skb); + netdev_err(ndev, "cannot map dma buffer\n"); + dev_kfree_skb(skb); + /* Return ownership to EMAC */ + rxbd->info = cpu_to_le32(FOR_EMAC | EMAC_BUFFER_SIZE); stats->rx_errors++; + stats->rx_dropped++; continue; } + + /* unmap previosly mapped skb */ + dma_unmap_single(&ndev->dev, dma_unmap_addr(rx_buff, addr), + dma_unmap_len(rx_buff, len), DMA_FROM_DEVICE); + + pktlen = info & LEN_MASK; + stats->rx_packets++; + stats->rx_bytes += pktlen; + skb_put(rx_buff->skb, pktlen); + rx_buff->skb->dev = ndev; + rx_buff->skb->protocol = eth_type_trans(rx_buff->skb, ndev); + + netif_receive_skb(rx_buff->skb); + + rx_buff->skb = skb; dma_unmap_addr_set(rx_buff, addr, addr); dma_unmap_len_set(rx_buff, len, EMAC_BUFFER_SIZE); Patches currently in stable-queue which might be from al.kochet(a)gmail.com are queue-3.18/net-arc_emac-fix-arc_emac_rx-error-paths.patch

7 years, 2 months

1
0
0 0

Patch "net: gianfar_ptp: move set_fipers() to spinlock protecting area" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: gianfar_ptp: move set_fipers() to spinlock protecting area to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-gianfar_ptp-move-set_fipers-to-spinlock-protecting-area.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Yangbo Lu <yangbo.lu(a)nxp.com> Date: Tue, 9 Jan 2018 11:02:33 +0800 Subject: net: gianfar_ptp: move set_fipers() to spinlock protecting area From: Yangbo Lu <yangbo.lu(a)nxp.com> [ Upstream commit 11d827a993a969c3c6ec56758ff63a44ba19b466 ] set_fipers() calling should be protected by spinlock in case that any interrupt breaks related registers setting and the function we expect. This patch is to move set_fipers() to spinlock protecting area in ptp_gianfar_adjtime(). Signed-off-by: Yangbo Lu <yangbo.lu(a)nxp.com> Acked-by: Richard Cochran <richardcochran(a)gmail.com> Reviewed-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/gianfar_ptp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/ethernet/freescale/gianfar_ptp.c +++ b/drivers/net/ethernet/freescale/gianfar_ptp.c @@ -314,11 +314,10 @@ static int ptp_gianfar_adjtime(struct pt now = tmr_cnt_read(etsects); now += delta; tmr_cnt_write(etsects, now); + set_fipers(etsects); spin_unlock_irqrestore(&etsects->lock, flags); - set_fipers(etsects); - return 0; } Patches currently in stable-queue which might be from yangbo.lu(a)nxp.com are queue-3.18/net-gianfar_ptp-move-set_fipers-to-spinlock-protecting-area.patch

7 years, 2 months

1
0
0 0

Patch "mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-gpmi-fix-failure-when-a-erased-page-has-a-bitflip-at-bbm.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Sascha Hauer <s.hauer(a)pengutronix.de> Date: Tue, 5 Dec 2017 11:51:40 +0100 Subject: mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM From: Sascha Hauer <s.hauer(a)pengutronix.de> [ Upstream commit fdf2e821052958a114618a95ab18a300d0b080cb ] When erased subpages are read then the BCH decoder returns STATUS_ERASED if they are all empty, or STATUS_UNCORRECTABLE if there are bitflips. When there are bitflips, we have to set these bits again to show the upper layers a completely erased page. When a bitflip happens in the exact byte where the bad block marker is, then this byte is swapped with another byte in block_mark_swapping(). The correction code then detects a bitflip in another subpage and no longer corrects the bitflip where it really happens. Correct this behaviour by calling block_mark_swapping() after the bitflips have been corrected. In our case UBIFS failed with this bug because it expects erased pages to be really empty: UBIFS error (pid 187): ubifs_scan: corrupt empty space at LEB 36:118735 UBIFS error (pid 187): ubifs_scanned_corruption: corruption at LEB 36:118735 UBIFS error (pid 187): ubifs_scanned_corruption: first 8192 bytes from LEB 36:118735 UBIFS error (pid 187): ubifs_scan: LEB 36 scanning failed UBIFS error (pid 187): do_commit: commit failed, error -117 Signed-off-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Richard Weinberger <richard(a)nod.at> Acked-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1025,9 +1025,6 @@ static int gpmi_ecc_read_page(struct mtd return ret; } - /* handle the block mark swapping */ - block_mark_swapping(this, payload_virt, auxiliary_virt); - /* Loop over status bytes, accumulating ECC status. */ status = auxiliary_virt + nfc_geo->auxiliary_status_offset; @@ -1043,6 +1040,9 @@ static int gpmi_ecc_read_page(struct mtd max_bitflips = max_t(unsigned int, max_bitflips, *status); } + /* handle the block mark swapping */ + block_mark_swapping(this, buf, auxiliary_virt); + if (oob_required) { /* * It's time to deliver the OOB bytes. See gpmi_ecc_read_oob() Patches currently in stable-queue which might be from s.hauer(a)pengutronix.de are queue-3.18/mtd-nand-gpmi-fix-failure-when-a-erased-page-has-a-bitflip-at-bbm.patch

7 years, 2 months

1
0
0 0

Patch "led: core: Fix brightness setting when setting delay_off=0" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled led: core: Fix brightness setting when setting delay_off=0 to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: led-core-fix-brightness-setting-when-setting-delay_off-0.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Matthieu CASTET <matthieu.castet(a)parrot.com> Date: Tue, 12 Dec 2017 11:10:44 +0100 Subject: led: core: Fix brightness setting when setting delay_off=0 From: Matthieu CASTET <matthieu.castet(a)parrot.com> [ Upstream commit 2b83ff96f51d0b039c4561b9f95c824d7bddb85c ] With the current code, the following sequence won't work : echo timer > trigger echo 0 > delay_off * at this point we call ** led_delay_off_store ** led_blink_set --- drivers/leds/led-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/leds/led-core.c +++ b/drivers/leds/led-core.c @@ -76,7 +76,7 @@ void led_blink_set(struct led_classdev * unsigned long *delay_on, unsigned long *delay_off) { - del_timer_sync(&led_cdev->blink_timer); + led_stop_software_blink(led_cdev); led_cdev->flags &= ~LED_BLINK_ONESHOT; led_cdev->flags &= ~LED_BLINK_ONESHOT_STOP; Patches currently in stable-queue which might be from matthieu.castet(a)parrot.com are queue-3.18/led-core-fix-brightness-setting-when-setting-delay_off-0.patch

7 years, 2 months

1
0
0 0

Patch "mdio-sun4i: Fix a memory leak" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mdio-sun4i: Fix a memory leak to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mdio-sun4i-fix-a-memory-leak.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sat, 6 Jan 2018 09:00:09 +0100 Subject: mdio-sun4i: Fix a memory leak From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 56c0290202ab94a2f2780c449395d4ae8495fab4 ] If the probing of the regulator is deferred, the memory allocated by 'mdiobus_alloc_size()' will be leaking. It should be freed before the next call to 'sun4i_mdio_probe()' which will reallocate it. Fixes: 4bdcb1dd9feb ("net: Add MDIO bus driver for the Allwinner EMAC") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/phy/mdio-sun4i.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/phy/mdio-sun4i.c +++ b/drivers/net/phy/mdio-sun4i.c @@ -128,8 +128,10 @@ static int sun4i_mdio_probe(struct platf data->regulator = devm_regulator_get(&pdev->dev, "phy"); if (IS_ERR(data->regulator)) { - if (PTR_ERR(data->regulator) == -EPROBE_DEFER) - return -EPROBE_DEFER; + if (PTR_ERR(data->regulator) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto err_out_free_mdiobus; + } dev_info(&pdev->dev, "no regulator found\n"); } else { Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-3.18/mdio-sun4i-fix-a-memory-leak.patch

7 years, 2 months

1
0
0 0

Patch "ipv6: icmp6: Allow icmp messages to be looped back" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: icmp6: Allow icmp messages to be looped back to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-icmp6-allow-icmp-messages-to-be-looped-back.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:16:23 CET 2018 From: Brendan McGrath <redmcg(a)redmandi.dyndns.org> Date: Wed, 13 Dec 2017 22:14:57 +1100 Subject: ipv6: icmp6: Allow icmp messages to be looped back From: Brendan McGrath <redmcg(a)redmandi.dyndns.org> [ Upstream commit 588753f1eb18978512b1c9b85fddb457d46f9033 ] One example of when an ICMPv6 packet is required to be looped back is when a host acts as both a Multicast Listener and a Multicast Router. A Multicast Router will listen on address ff02::16 for MLDv2 messages. Currently, MLDv2 messages originating from a Multicast Listener running on the same host as the Multicast Router are not being delivered to the Multicast Router. This is due to dst.input being assigned the default value of dst_discard. This results in the packet being looped back but discarded before being delivered to the Multicast Router. This patch sets dst.input to ip6_input to ensure a looped back packet is delivered to the Multicast Router. Signed-off-by: Brendan McGrath <redmcg(a)redmandi.dyndns.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/route.c | 1 + 1 file changed, 1 insertion(+) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -1367,6 +1367,7 @@ struct dst_entry *icmp6_dst_alloc(struct } rt->dst.flags |= DST_HOST; + rt->dst.input = ip6_input; rt->dst.output = ip6_output; atomic_set(&rt->dst.__refcnt, 1); rt->rt6i_gateway = fl6->daddr; Patches currently in stable-queue which might be from redmcg(a)redmandi.dyndns.org are queue-3.18/ipv6-icmp6-allow-icmp-messages-to-be-looped-back.patch

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror