- Linux-stable-mirror - lists.linaro.org

[PATCH 4.18 000/228] 4.18.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.12 release. There are 228 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:08 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.12-rc1 Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/pseries: Fix unitialized timer reset on migration Thiago Jung Bauermann <bauerman(a)linux.ibm.com> powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: fix csum_ipv6_magic() on little endian platforms Michael Neuling <mikey(a)neuling.org> KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Akshu Agrawal <akshu.agrawal(a)amd.com> clk: x86: Set default parent to 48Mhz Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Need to set moved to true when evict bo Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Ganesh Goudar <ganeshgr(a)chelsio.com> crypto: chtls - fix null dereference chtls_free_uld() Jacob Keller <jacob.e.keller(a)intel.com> i40e: fix condition of WARN_ONCE for stat strings Martyna Szapar <martyna.szapar(a)intel.com> i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Sebastian Basierski <sebastianx.basierski(a)intel.com> ixgbe: fix driver behaviour after issuing VFLR Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: Fix potential return of uninitialized value Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix a few null pointer dereference issues Quentin Monnet <quentin.monnet(a)netronome.com> tools: bpftool: return from do_event_pipe() on bad arguments Brett Creeley <brett.creeley(a)intel.com> ice: Set VLAN flags correctly Jacob Keller <jacob.e.keller(a)intel.com> ice: Use order_base_2 to calculate higher power of 2 Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix bugs in control queue processing Preethi Banala <preethi.banala(a)intel.com> ice: Clean control queues only when they are initialized Jacob Keller <jacob.e.keller(a)intel.com> ice: Report stats for allocated queues via ethtool stats Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix multiple static analyser warnings Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Kevin Yang <yyd(a)google.com> tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Kevin Yang <yyd(a)google.com> tcp_bbr: add bbr_check_probe_rtt_done() helper Samuel Mendoza-Jonas <sam(a)mendozajonas.com> net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Emily Deng <Emily.Deng(a)amd.com> amdgpu: fix multi-process hang issue Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix preamble handling Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix VM clearing for the root PD John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix vibrations on Droid 4 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix no_console_suspend handling Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix module register ioremap for larger offsets Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix module address for modules using mpu_rt_idx Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix null hwmod for ti-sysc debug Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix destroy_qp hang after a link down Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Matthew Wilcox <willy(a)infradead.org> filesystem-dax: Fix use of zero page Toshi Kani <toshi.kani(a)hpe.com> ext2, dax: set ext2_dax_aops for dax files Dave Jiang <dave.jiang(a)intel.com> uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Harry Pan <harry.pan(a)intel.com> usb: core: safely deal with the dynamic quirk lists Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: roles: Take care of driver module reference counting Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Marek Szyprowski <m.szyprowski(a)samsung.com> regulator: Fix 'do-nothing' value for regulators without suspend state Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix resource handling for ACPI glue layer Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Damien Le Moal <damien.lemoal(a)wdc.com> block: fix deadline elevator drain for zoned block devices Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Fix tegra_gpio_irq_set_type() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix indexing when invoking subtests Maxime Ripard <maxime.ripard(a)bootlin.com> drm/vc4: plane: Expand the lower bits by repeating the higher bits Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Eric Anholt <eric(a)anholt.net> drm/vc4: Add missing formats to vc4_format_mod_supported(). William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Colin Ian King <colin.king(a)canonical.com> ath10k: fix memory leak of tpc_stats Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Brian Norris <briannorris(a)chromium.org> ath10k: snoc: use correct bus-specific pointer in RX retry YueHaibing <yuehaibing(a)huawei.com> ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Hugo Lefeuvre <hle(a)owl.eu.com> staging: pi433: fix race condition in pi433_ioctl Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI parent cares SWSP bit Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: rt1305: Use ULL suffixes for 64-bit constants Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Jan Kundrát <jan.kundrat(a)cesnet.cz> spi: orion: fix CS GPIO handling again Xiaofei Tan <tanxiaofei(a)huawei.com> scsi: hisi_sas: Fix the conflict between dev gone and host reset Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Eric Anholt <eric(a)anholt.net> drm/v3d: Take a lock across GPU scheduler job creation and queuing. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> arm64: dts: renesas: Fix VSPD registers range Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Stephen Boyd <swboyd(a)chromium.org> HID: i2c-hid: Use devm to allocate i2c_hid struct Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Frederic Weisbecker <frederic(a)kernel.org> perf/hw_breakpoint: Split attribute parse and commit Randy Dunlap <rdunlap(a)infradead.org> Documentation/process: fix reST table border error Leon Romanovsky <leon(a)kernel.org> RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/omap: gem: Fix mm_list locking Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Johannes Berg <johannes(a)sipsolutions.net> bitfield: fix *_encode_bits() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Enable DW HDMI PHY clock Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: qdafe: fix some off by one bugs Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Rosen Penev <rosenp(a)gmail.com> staging: mt7621-dts: Fix remaining pcie warnings Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> serial: pxa: Fix an error handling path in 'serial_pxa_probe()' Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Kamal Heib <kamalheib1(a)gmail.com> staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: add checks for register read errors Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Bob Copeland <me(a)bobcopeland.com> ath10k: use locked skb_dequeue for rx completions Petr Machata <petrm(a)mellanox.com> selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Ravi Chandra Sadineni <ravisadineni(a)chromium.org> ACPI / button: increment wakeup count only when notified João Paulo Rechi Vita <jprvita(a)endlessm.com> platform/x86: asus-wireless: Fix uninitialized symbol usage Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Jean-Christophe Dubois <jcd(a)tribudubois.net> thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Bart Van Assche <bart.vanassche(a)wdc.com> include/rdma/opa_addr.h: Fix an endianness issue Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Fix GRE flow specification Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> vhost_net: Avoid tx vring kicks during busyloop Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c Leon Romanovsky <leon(a)kernel.org> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: Fix the condition to check if the card is T5 Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Wesley Chalmers <Wesley.Chalmers(a)amd.com> drm/amd/display: fix use of uninitialized memory Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amd/display/dc/dce: Fix multiple potential integer overflows Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix get_vector ops in hclgevf_main module Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix warning bug when doing lp selftest Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for mac pause not disable in pfc mode Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Fix for mailbox message truncated problem Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> siox: don't create a thread without starting it Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Wei Yongjun <weiyongjun1(a)huawei.com> misc: ibmvmc: Use GFP_ATOMIC under spin lock Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Documentation/process/2.Process.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/exceptions-64s.S | 4 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/lib/checksum_64.S | 3 + arch/powerpc/mm/numa.c | 3 +- arch/powerpc/mm/pkeys.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- block/elevator.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/acpi/button.c | 13 +- drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/bus/ti-sysc.c | 37 ++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/edac/altera_edac.c | 3 +- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpio/gpio-tegra.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 + drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 + drivers/gpu/drm/omapdrm/omap_drv.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.h | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 15 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +- drivers/gpu/drm/v3d/v3d_drv.h | 5 + drivers/gpu/drm/v3d/v3d_gem.c | 4 + drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/i2c-hid/i2c-hid.c | 9 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/chip.c | 6 +- drivers/infiniband/hw/hfi1/pio.c | 51 ++++-- drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/ov772x.c | 40 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 +-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 +++- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 ++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 13 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/pci/hotplug/acpiphp_glue.c | 11 +- drivers/platform/x86/asus-wireless.c | 23 +-- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 4 +- drivers/regulator/of_regulator.c | 2 - drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/hisi_sas/hisi_sas.h | 1 + drivers/scsi/hisi_sas/hisi_sas_main.c | 6 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/siox/siox-core.c | 10 +- drivers/spi/spi-orion.c | 77 +++++---- drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/mt7621-dts/gbpc1.dts | 2 + drivers/staging/mt7621-dts/mt7621.dtsi | 21 +-- drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 +- drivers/staging/pi433/pi433_if.c | 7 +- drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/imx_thermal.c | 5 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/mvebu-uart.c | 1 + drivers/tty/serial/pxa.c | 3 +- drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/common/roles.c | 15 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/vhost/net.c | 35 ++-- fs/dax.c | 13 +- fs/ext2/inode.c | 2 +- fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++-- include/linux/bitfield.h | 6 +- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/regulator/machine.h | 6 +- include/linux/uio.h | 2 +- include/rdma/opa_addr.h | 2 +- kernel/bpf/sockmap.c | 11 +- kernel/events/hw_breakpoint.c | 57 +++++-- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- net/6lowpan/iphc.c | 1 + net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/rt1305.c | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/qcom/qdsp6/q6afe.c | 6 +- sound/soc/sh/rcar/ssi.c | 32 ++-- sound/soc/soc-dapm.c | 7 + tools/bpf/bpftool/map_perf_ring.c | 5 +- tools/perf/tests/builtin-test.c | 2 +- .../net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 +- .../selftests/net/forwarding/mirror_gre_lib.sh | 2 +- .../net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 +- 241 files changed, 1730 insertions(+), 789 deletions(-)

7 years, 2 months

6
242
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

7 years, 2 months

1
0
0 0

[PATCH stable v2 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete and immediate problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. SPARC, and PowerPC. v2: the CBAUDEX masking-as-fallback code was wrong, but it could never be exercised on any architecture anyway (gcc would not even emit it) so just remove it. There are thus no object code changes from v1. --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 182 ++++++++++++--------------------- 7 files changed, 114 insertions(+), 117 deletions(-) Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org>

7 years, 2 months

2
7
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-08102018 for you to fetch changes up to 880c04da777b6fab0bb97d8fccf7aed9c223db5e: x86/APM: Fix build warning when PROC_FS is not enabled (2018-10-03 22:23:29 -0400) - ---------------------------------------------------------------- for-greg-4.18-08102018 - ---------------------------------------------------------------- Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (1): netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ include/asm-generic/io.h | 3 +- kernel/sched/topology.c | 5 +- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 77 files changed, 709 insertions(+), 404 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cW8ACgkQ3qZv95d3 LNxYhQ/+IIWI+gqynHl33wBHO24BHgCzM0qUdEfofRfQe3sz4Fhs16b4mK8Yeaw0 Yag+8wh7fVccHI4VBIWkldzAyDm8+NQRuuqvE0JCofVNYm4C5lUmO+gf3inVwLmh FRdiWyk6EdcXFn3C540rfj9PXXkO8Kdn2iDHd0cQJx1+3rrBN1CwFzCv1pWozJVh 2bIoutp13EbiS3RxFoxEI0GLzVy6lyRV6v2Qrv+2bpHkfRBl3lZlLUpSZy9V+Kza kKDZTJC99F3jOj7Wy2kGzCdToDtk0Q4V9XTuB09Rdgj28rxoVSxSdx6qGvV73qxG 4PEV0tbpdJW2pUbGx2bvfx6LMkADxcFykujg4dYenErXbLTHnh2597Ryc6VXUdiL bZtbBbWNBx1OPx29vvghj1364O8rnpXRzU4aIT/P0fSofB2QTQsVEKjadNASDz0B OsMAKlsu4Z/6W5UGeG4Uoz7B6Qi3QKxxa/pt2OM8rdHMb8L6LY6g5j4RGUEbXspq 7vbzGWiibD1cPT+k/xtgRZ2mWwrRu0Ivx73vHp/Pm2TdKj2J7WwUXh6xaXnXWN5M TknNELY/rcZw35ThhKNCvpqgoYb+hoWTjL5amvY+JgduVcxxQG8fETlTZoYIoDOt HdV4RAKwlydKV9QUhiotaH6Gqir4VjY4cew8j8XTw6HjKJ+SOJc= =pn2C -----END PGP SIGNATURE-----

7 years, 2 months

2
1
0 0

[PATCH AUTOSEL 3.18 1/4] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 1896ab218b11..efc1545bf29e 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 2 months

1
3
0 0

[PATCH AUTOSEL 4.4 1/9] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 6e02a15d39ce..abddb621d9e6 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 2 months

1
8
0 0

[PATCH AUTOSEL 4.9 01/23] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 8961dd732522..64be30d53847 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -406,8 +406,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 2 months

1
22
0 0

[PATCH AUTOSEL 4.14 01/32] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 666d319d3d1a..1f6c1eefe389 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -402,8 +402,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, if (msg[0].addr == state->af9033_i2c_addr[1]) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

7 years, 2 months

1
31
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-08102018 for you to fetch changes up to 9ea48c2937d91b2c0d6ce1a7c047798298de6701: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-28 10:16:27 -0400) - ---------------------------------------------------------------- for-greg-3.18-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- drivers/infiniband/core/ucma.c | 6 +++ drivers/md/dm-thin-metadata.c | 36 +++++++++++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++++++++++++++++++---- drivers/net/ethernet/realtek/r8169.c | 9 +++-- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++++--- drivers/usb/misc/yurex.c | 3 ++ drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 ++- fs/cifs/cifssmb.c | 11 ++++-- fs/cifs/misc.c | 8 ++++ 15 files changed, 175 insertions(+), 28 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7caEACgkQ3qZv95d3 LNwjIRAAg+Kz3Igp9uJpAc9uUri/IxF3qwXL00FZT92BJTi0FqUEyJIQqtCbu7mo hyTNwNjw0PBQfrXcnDGWHTFcl5vICdd4KiFm5NRZB3UNdhYy+ATaBPWFA56Y7dSK oFd/IBWt9XQT/OWLJslul1PXR+JsulaRhFHYJPWJ0K9oys8jbTyTVBSvos1Wshzk wMJ9X3tTtQ/NfoXega1xdxgHIIwV9L4gR2jfTSMz0t5DnypGddUDlAR8/800yJGH J23tXprXRI7AZ5sf9qM2ybhL6MGvgU/86nd4DsA3Igkspi9jQDjXiV9FMGFx+PiB BjQraiLfXVI0bPsswsWBYKWwuZwheTf0WxlofAjO/Ct5aAZ14zlwg/HVOvFOpU5O PpxLGrJ2e28lsinhVSd8aLbJu1Jc4GpkAwp+0OHuolWqZlUTrbLrfKHho+SMANNs Y6smRnSYpgzhYI1l/9W8xoFMyP7CNRqihPGAZY2PKbPRPy4CXgQcGMC0OM8hLA+e Mf/g+GglCwqUZw3l6V8wZY83+X6gB/qhoSryrPgi2n2u9onA/aXtUOWynjmzXOKY oU0lW2CW5yThgo73pBTKLDW8bc5Vy9QuMFmnuXoaUsMIXJ3FjR799pFsyRaZMd/1 AuRnQ16Uw2N+W9xZLRTE3F8l9eapA47N+DTbOKVgJRFmhNjv7xM= =dYwu -----END PGP SIGNATURE-----

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-08102018 for you to fetch changes up to 78c9795a56513a101b1620f0e34d89c114a7a59a: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-29 13:03:41 -0400) - ---------------------------------------------------------------- for-greg-4.4-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- 19 files changed, 190 insertions(+), 39 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZoACgkQ3qZv95d3 LNwdwQ//dsOKScH3qjTVEsX+fIwRTTnw9qTnQeCobQm2C2ibPnoVKST+oqaXoffQ 7QwdtrIXxNc/i4Ga4JuqV4AZUSuyrgsppueoHwoF+8v5Pa5hiwexlbSBJ0CmtTg9 mma8c6QGjyObaxtytWohX0AZ/1awLrmh2RYYngGTeMyTyfylRDwZoj9DA1lzT1Vv M9Qm+aDV7IApjiQW0Jb7UHZVGV8pyps0NRm0MUiwzNeoTTTOBW+s3uY1yu7pytpt +Gw1s39pmaAwmPfrxsjyzZMbFVogK9KFa/0nSVN56oo+qamq3IzvFYFIj78GJv1P hPhCH1T1OVprZPt3FAdYPnpuWvb/4maogGyrEu1LME09erC9NpLs9ovTiORTmc5h ucUJmgtHF7EXb53R//m8jLcWKWnlIRPezKxIGv/vUx5N86LOWixX/yFtZU3QanMj yKbQBz/eBYhe0Mj8G+roI3kIN0naplH5FuluissaMWRzdBXTDUMe+YKmEEYWVIHs V2KX2aiYbaAojv4/JLaKnPV0HMIG6+DUJq/h8yFDxMn8kUeiKyW7JVpNWrNgz38p oIYK5qf/JO9RqKbQK1qLOi8HkFNTq9VOFoEBz9SnEHwiJq39wLs3W3wZIAGcLnhd sfy1yJM5ihbGX51oSAbc4O/5bxzmnPzycq8AA84JnYfN65zYBjw= =+003 -----END PGP SIGNATURE-----

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-08102018 for you to fetch changes up to 3c29b011970e1edb3d203e2e2517daad893c8ed4: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:44 -0400) - ---------------------------------------------------------------- for-greg-4.9-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- 30 files changed, 263 insertions(+), 54 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZMACgkQ3qZv95d3 LNyMbQ//fC/jcjVOdeQmwRDBUo13zt25Eb/MeXdLdAS2NleK44wY+/e804oq3CBV qACG1CIWtP0tV0V295NrblM6xWxroPnGU8X3GdXgfT97MIByGkGEv3kU+4Nsc4c6 Gv/QlBRHcZM5QFLAk6J6nOwzEk5BKNh/XyJuaniz9DNnQGTfDMLFpN4xpFJHIZlU 5NFlcTeycPnU8ljPFxfupGQ78XVQp1QCJKT3Zrc9iPnMUDlxMdW3ERHIi3uYkyva RXrYIZJ8KYSq2RqLT8nMMiNybKy3F+20/UdfTIl7uk71AkLUB75JjWFMu9MkOWCm k0KRJ89whIN9pH5imEt7pcqFKwkyjyVT0Zk+SJQJ4Xi6+Yc0Q8p2uBteopcerwJ9 tShMyUcOSgmEctg4ujchfUalOXB2CWewV+CKyblhiiURqSTBjPZFxKtwwQF8SF/r 28MlCx8gHL9zjNpGL6z0TEp9CSPlrCjggdKca07aYZj/XJz9rV0zXh7DHNa1gUTt s7mYPZDK9RryNHVaJMss/W5eIfdy2JE1vpsQlyFgVxWxkFKmWT4iZgZwO+NqTtjd 1x1nVtw1KRnGQP748d3iBtUApsH9jS1PDer9ZJXyjVEy2jfiK6exHRcC7HGkCtz4 UTLoqw65N+bTUfGvAnlOJ8EqD9hjqLFZyTKNQ1uiK19/UDzhdp0= =nX+I -----END PGP SIGNATURE-----

7 years, 2 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-08102018 for you to fetch changes up to 3ab4f07c10e5c704c2c46d772debf0b2fb7c3467: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:37 -0400) - ---------------------------------------------------------------- for-greg-4.14-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++--- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 +++++++ drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +-- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 ++- drivers/scsi/qedi/qedi_main.c | 28 +++++---- drivers/target/iscsi/iscsi_target_login.c | 8 +-- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +-- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +-- net/netfilter/nf_conntrack_proto_dccp.c | 12 ++-- net/netfilter/nf_conntrack_proto_generic.c | 8 +-- net/netfilter/nf_conntrack_proto_gre.c | 8 +-- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++--- net/netfilter/nf_conntrack_proto_tcp.c | 12 ++-- net/netfilter/nf_conntrack_proto_udp.c | 20 +++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 ++++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 52 files changed, 408 insertions(+), 142 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cYwACgkQ3qZv95d3 LNwxIg//XuOMBAUlGyM9sgqUgbHSoTCeq+NssR49ijpiK/Qa068KIBCcBFUHd9SX fBdxDbF80d56CVC34EbdltN7OjafPlVPbOnA2MAUel64pvrNNkBEEecXKXk7rOrq xnSX4wbQX/vJcdbPf1RgE4RQuSCLhRVpbCSL74W+MP9FZv9gHlF9Cfle6tVnWR6j nSVYw8Uyh4Hh3vAncf8tdBwrm2+eg7QEAalssD2mGiNdVnxWcuw30y8eUDyPI8p9 iBYhmLMrXKdrcupBHRMYv7bA/BA3fW9fBb2iOQYiuWCRe82dyFrcp6Zqu0MlzGQn TzgxnROGvujDMkRyMTcwPEISrirDWnMwUyyk4cCKl+K/sxsT+PTW/yMkLgluldLv KHmyeYNGyTXxOozTUSUmF3VcXanxM++xUGVsEP/zGn5UjO919iVjF71mqgZPUXpC bUfdcI0bdmpDnbayVQDoztidg+Ru9aRKA1DmMdBX2B/MSE6/xAZ8my3FPUJ+/Nkq YH8SypNLG4v45KGwLaVO4mPZqhMW6bFc8l/edrtNoaPuDtSwd/2YREvIY0W039Ux 6PkWPwrIa+L4eW8MjpCCmRstgma3CrMFfOwHNmvtvsvCgtxMMnSvrdqqm3PtE3Pv FylEUBHdkuU0XUJAV2kd5XwiczsokrN7G1WENuvylWYwJ+39io0= =jkO/ -----END PGP SIGNATURE-----

7 years, 2 months

1
0
0 0

[PATCH] kernel/bounds: Provide prototype for foo

by Kieran Bingham

kernel/bounds.c is recompiled on every build, and shows the following warning when compiling with W=1: CC kernel/bounds.s linux/kernel/bounds.c:16:6: warning: no previous prototype for ‘foo’ [-Wmissing-prototypes] void foo(void) ^~~ Provide a prototype to satisfy the compiler. Signed-off-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: stable(a)vger.kernel.org --- I compile all of my incremental builds with W=1, which allows me to know instantly if I add a new compiler warning in code I generate. This warning always comes up and seems trivial to clean up. --- kernel/bounds.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bounds.c b/kernel/bounds.c index c373e887c066..60136d937800 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -13,6 +13,8 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> +void foo(void); + void foo(void) { /* The enum constants to put into include/generated/bounds.h */ -- 2.17.1

7 years, 2 months

7
16
0 0

[PATCH v2] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Changes in v2: * Only update nr_pages if the last entry in the pagevec is multi-order. fs/dax.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..0fb270f0a0ef 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,15 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* + * Account for multi-order entries at + * the end of the pagevec. + */ + if (i + 1 >= pagevec_count(&pvec)) + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +705,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

7 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ out: } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

7 years, 2 months

1
0
0 0

[PATCH stable 4.14, 4.18] bpf: 32-bit RSH verification must truncate input before the ALU op

by Daniel Borkmann

From: Jann Horn <jannh(a)google.com> [ upstream commit b799207e1e1816b09e7a5920fbb2d5fcf6edd681 ] When I wrote commit 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification"), I assumed that, in order to emulate 64-bit arithmetic with 32-bit logic, it is sufficient to just truncate the output to 32 bits; and so I just moved the register size coercion that used to be at the start of the function to the end of the function. That assumption is true for almost every op, but not for 32-bit right shifts, because those can propagate information towards the least significant bit. Fix it by always truncating inputs for 32-bit ops to 32 bits. Also get rid of the coerce_reg_to_size() after the ALU op, since that has no effect. Fixes: 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification") Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- kernel/bpf/verifier.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index adbe21c..82e8ede 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2865,6 +2865,15 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, u64 umin_val, umax_val; u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32; + if (insn_bitness == 32) { + /* Relevant for 32-bit RSH: Information can propagate towards + * LSB, so it isn't sufficient to only truncate the output to + * 32 bits. + */ + coerce_reg_to_size(dst_reg, 4); + coerce_reg_to_size(&src_reg, 4); + } + smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; @@ -3100,7 +3109,6 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, if (BPF_CLASS(insn->code) != BPF_ALU64) { /* 32-bit ALU ops are (32,32)->32 */ coerce_reg_to_size(dst_reg, 4); - coerce_reg_to_size(&src_reg, 4); } __reg_deduce_bounds(dst_reg); -- 2.9.5

7 years, 2 months

2
1
0 0

Re: [PATCH 03/16] vfs: don't evict uninitialized inode

by Amir Goldstein

> Miklos, > > Seeing that it wasn't fixed in 4.18.. > > > I've nothing against applying "new primitive: discard_new_inode() now > > + this patch, but if it is deemed too risky at this point, we could > > just revert the buggy commit 80ea09a002bf ("vfs: factor out > > inode_insert5()") and its dependencies. > > > > Should we propose for stable the upstream commits: > e950564b97fd vfs: don't evict uninitialized inode > c2b6d621c4ff new primitive: discard_new_inode() > > Or should we go with the independent v1 patch: > https://patchwork.kernel.org/patch/10511969/ > Greg, To fix a 4.18 overlayfs regression please apply the following 3 upstream commits (in apply order): c2b6d621c4ff new primitive: discard_new_inode() e950564b97fd vfs: don't evict uninitialized inode 6faf05c2b2b4 ovl: set I_CREATING on inode being created Thanks, Amir.

7 years, 2 months

3
2
0 0

[PATCH 08/15] bcache: fix miss key refill->end in writeback

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> refill->end record the last key of writeback, for example, at the first time, keys (1,128K) to (1,1024K) are flush to the backend device, but the end key (1,1024K) is not included, since the bellow code: if (bkey_cmp(k, refill->end) >= 0) { ret = MAP_DONE; goto out; } And in the next time when we refill writeback keybuf again, we searched key start from (1,1024K), and got a key bigger than it, so the key (1,1024K) missed. This patch modify the above code, and let the end key to be included to the writeback key buffer. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index e7d4817681f2..3f4211b5cd33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -2434,7 +2434,7 @@ static int refill_keybuf_fn(struct btree_op *op, struct btree *b, struct keybuf *buf = refill->buf; int ret = MAP_CONTINUE; - if (bkey_cmp(k, refill->end) >= 0) { + if (bkey_cmp(k, refill->end) > 0) { ret = MAP_DONE; goto out; } -- 2.19.0

7 years, 2 months

1
0
0 0

[PATCH 06/15] bcache: correct dirty data statistics

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When bcache device is clean, dirty keys may still exist after journal replay, so we need to count these dirty keys even device in clean status, otherwise after writeback, the amount of dirty data would be incorrect. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/super.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index a99af19d2f91..4989c7d4d4d0 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1152,11 +1152,12 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, } if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) { - bch_sectors_dirty_init(&dc->disk); atomic_set(&dc->has_dirty, 1); bch_writeback_queue(dc); } + bch_sectors_dirty_init(&dc->disk); + bch_cached_dev_run(dc); bcache_device_link(&dc->disk, c, "bdev"); atomic_inc(&c->attached_dev_nr); -- 2.19.0

7 years, 2 months

1
0
0 0

[PATCH 04/15] bcache: fix ioctl in flash device

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When doing ioctl in flash device, it will call ioctl_dev() in super.c, then we should not to get cached device since flash only device has no backend device. This patch just move the jugement dc->io_disable to cached_dev_ioctl() to make ioctl in flash device correctly. Fixes: 0f0709e6bfc3c ("bcache: stop bcache device when backing device is offline") Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 3 +++ drivers/md/bcache/super.c | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index ee15fb039fd0..3bf35914bb57 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -1218,6 +1218,9 @@ static int cached_dev_ioctl(struct bcache_device *d, fmode_t mode, { struct cached_dev *dc = container_of(d, struct cached_dev, disk); + if (dc->io_disable) + return -EIO; + return __blkdev_driver_ioctl(dc->bdev, mode, cmd, arg); } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 448e531e8c2d..a99af19d2f91 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -647,10 +647,6 @@ static int ioctl_dev(struct block_device *b, fmode_t mode, unsigned int cmd, unsigned long arg) { struct bcache_device *d = b->bd_disk->private_data; - struct cached_dev *dc = container_of(d, struct cached_dev, disk); - - if (dc->io_disable) - return -EIO; return d->ioctl(d, mode, cmd, arg); } -- 2.19.0

7 years, 2 months

1
0
0 0

[PATCH 02/15] bcache: trace missed reading by cache_missed

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> Missed reading IOs are identified by s->cache_missed, not the s->cache_miss, so in trace_bcache_read() using trace_bcache_read to identify whether the IO is missed or not. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 51be355a3309..4946d486f734 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -850,7 +850,7 @@ static void cached_dev_read_done_bh(struct closure *cl) bch_mark_cache_accounting(s->iop.c, s->d, !s->cache_missed, s->iop.bypass); - trace_bcache_read(s->orig_bio, !s->cache_miss, s->iop.bypass); + trace_bcache_read(s->orig_bio, !s->cache_missed, s->iop.bypass); if (s->iop.status) continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq); -- 2.19.0

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror