- Linux-stable-mirror - lists.linaro.org

patch "Drivers: hv: kvp: Fix two "this statement may fall through" warnings" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: kvp: Fix two "this statement may fall through" warnings to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:43 +0000 Subject: Drivers: hv: kvp: Fix two "this statement may fall through" warnings We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.19.0

7 years, 2 months

1
0
0 0

patch "w1: omap-hdq: fix missing bus unregister at removal" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: omap-hdq: fix missing bus unregister at removal to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From a007734618fee1bf35556c04fa498d41d42c7301 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sat, 22 Sep 2018 21:20:54 +0200 Subject: w1: omap-hdq: fix missing bus unregister at removal The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.19.0

7 years, 2 months

1
0
0 0

[PATCH] drm: fb-helper: Validate requested pixel format against bpp

by Eugeniy Paltsev

Validate requested pixel format against bits_per_pixel to reject invalid formats with subcomponents length sum is greater than requested bits_per_pixel. weston 5.0.0 with fbdev backend tries to set up an ARGB x8r8g8b8 pixel format without bits_per_pixel updating. So it can request x8r8g8b8 with 16 bpp which is obviously incorrect and should be rejected. Cc: stable(a)vger.kernel.org Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> --- drivers/gpu/drm/drm_fb_helper.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 16ec93b75dbf..4f39da07f053 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -1610,6 +1610,13 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, return -EINVAL; } + if ((var->green.length + var->blue.length + var->red.length + + var->transp.length) > var->bits_per_pixel) { + DRM_DEBUG("fb requested pixel format can't fit in %d bpp\n", + var->bits_per_pixel); + return -EINVAL; + } + switch (var->bits_per_pixel) { case 16: depth = (var->green.length == 6) ? 16 : 15; -- 2.14.4

7 years, 2 months

4
5
0 0

Linux 3.16.59

by Ben Hutchings

I'm announcing the release of the 3.16.59 kernel. All users of the 3.16 kernel series should upgrade. The updated 3.16.y git tree can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git The diff from 3.16.58 is attached to this message. Ben. ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/cachetlb.txt | 8 +- Documentation/kernel-parameters.txt | 45 +++ Documentation/spec_ctrl.rst | 94 +++++ Documentation/vm/remap_file_pages.txt | 7 +- Makefile | 2 +- arch/alpha/include/asm/pgtable.h | 7 - arch/arc/include/asm/pgtable.h | 13 +- arch/arm/include/asm/pgtable-2level.h | 1 - arch/arm/include/asm/pgtable-3level.h | 1 - arch/arm/include/asm/pgtable-nommu.h | 2 - arch/arm/include/asm/pgtable.h | 20 +- arch/arm/mm/proc-macros.S | 2 +- arch/arm64/include/asm/pgtable.h | 22 +- arch/avr32/include/asm/pgtable.h | 25 -- arch/blackfin/include/asm/pgtable.h | 5 - arch/c6x/include/asm/pgtable.h | 5 - arch/cris/include/arch-v10/arch/mmu.h | 3 - arch/cris/include/arch-v32/arch/mmu.h | 3 - arch/cris/include/asm/pgtable.h | 4 - arch/frv/include/asm/pgtable.h | 27 +- arch/hexagon/include/asm/pgtable.h | 60 +-- arch/ia64/include/asm/pgtable.h | 25 +- arch/m32r/include/asm/pgtable-2level.h | 4 - arch/m32r/include/asm/pgtable.h | 11 - arch/m68k/include/asm/mcf_pgtable.h | 23 +- arch/m68k/include/asm/motorola_pgtable.h | 15 - arch/m68k/include/asm/pgtable_no.h | 2 - arch/m68k/include/asm/sun3_pgtable.h | 15 - arch/metag/include/asm/pgtable.h | 6 - arch/microblaze/include/asm/pgtable.h | 11 - arch/mips/include/asm/pgtable-32.h | 39 -- arch/mips/include/asm/pgtable-64.h | 9 - arch/mips/include/asm/pgtable-bits.h | 10 - arch/mips/include/asm/pgtable.h | 2 - arch/mn10300/include/asm/pgtable.h | 17 +- arch/openrisc/include/asm/pgtable.h | 8 - arch/openrisc/kernel/head.S | 5 - arch/parisc/include/asm/pgtable.h | 10 - arch/powerpc/include/asm/pgtable-ppc32.h | 9 +- arch/powerpc/include/asm/pgtable-ppc64.h | 5 +- arch/powerpc/include/asm/pgtable.h | 1 - arch/powerpc/include/asm/pte-40x.h | 1 - arch/powerpc/include/asm/pte-44x.h | 5 - arch/powerpc/include/asm/pte-8xx.h | 1 - arch/powerpc/include/asm/pte-book3e.h | 1 - arch/powerpc/include/asm/pte-fsl-booke.h | 3 - arch/powerpc/include/asm/pte-hash32.h | 1 - arch/powerpc/include/asm/pte-hash64.h | 1 - arch/powerpc/mm/pgtable_64.c | 2 +- arch/s390/include/asm/pgtable.h | 29 +- arch/score/include/asm/pgtable-bits.h | 1 - arch/score/include/asm/pgtable.h | 18 +- arch/sh/include/asm/pgtable_32.h | 30 +- arch/sh/include/asm/pgtable_64.h | 9 +- arch/sparc/include/asm/pgtable_32.h | 24 -- arch/sparc/include/asm/pgtable_64.h | 40 -- arch/sparc/include/asm/pgtsrmmu.h | 14 +- arch/tile/include/asm/pgtable.h | 11 - arch/tile/mm/homecache.c | 4 - arch/um/include/asm/pgtable-2level.h | 9 - arch/um/include/asm/pgtable-3level.h | 20 - arch/um/include/asm/pgtable.h | 9 - arch/unicore32/include/asm/pgtable-hwdef.h | 1 - arch/unicore32/include/asm/pgtable.h | 14 - arch/x86/include/asm/cpufeature.h | 21 +- arch/x86/include/asm/io.h | 6 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/nospec-branch.h | 43 +- arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 55 +-- arch/x86/include/asm/pgtable-3level.h | 49 ++- arch/x86/include/asm/pgtable-invert.h | 41 ++ arch/x86/include/asm/pgtable.h | 144 +++++-- arch/x86/include/asm/pgtable_64.h | 60 ++- arch/x86/include/asm/pgtable_types.h | 13 +- arch/x86/include/asm/processor.h | 5 + arch/x86/include/asm/spec-ctrl.h | 80 ++++ arch/x86/include/asm/thread_info.h | 10 +- arch/x86/include/uapi/asm/msr-index.h | 9 + arch/x86/kernel/cpu/amd.c | 22 + arch/x86/kernel/cpu/bugs.c | 441 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 97 ++++- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process.c | 146 +++++++ arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/cpuid.h | 16 +- arch/x86/kvm/svm.c | 72 +++- arch/x86/kvm/vmx.c | 27 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/init.c | 24 ++ arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pat.c | 14 + arch/x86/tools/relocs.c | 5 +- arch/x86/xen/smp.c | 5 + arch/xtensa/include/asm/pgtable.h | 10 - drivers/base/cpu.c | 16 + drivers/block/floppy.c | 3 + drivers/gpu/drm/ast/ast_ttm.c | 6 + drivers/gpu/drm/cirrus/cirrus_ttm.c | 7 + drivers/gpu/drm/drm_vma_manager.c | 3 +- drivers/gpu/drm/mgag200/mgag200_ttm.c | 7 + drivers/gpu/drm/nouveau/nouveau_ttm.c | 8 + drivers/gpu/drm/radeon/radeon_object.c | 5 + drivers/hid/hid-debug.c | 8 +- drivers/macintosh/via-cuda.c | 16 +- drivers/target/iscsi/iscsi_target_auth.c | 30 +- fs/9p/vfs_file.c | 2 - fs/btrfs/file.c | 1 - fs/ceph/addr.c | 1 - fs/cifs/file.c | 1 - fs/exec.c | 11 +- fs/ext4/file.c | 1 - fs/f2fs/file.c | 1 - fs/fuse/file.c | 1 - fs/gfs2/file.c | 1 - fs/inode.c | 1 - fs/nfs/file.c | 1 - fs/nilfs2/file.c | 1 - fs/ocfs2/mmap.c | 1 - fs/proc/array.c | 26 ++ fs/proc/task_mmu.c | 15 - fs/ubifs/file.c | 1 - fs/xfs/xfs_file.c | 1 - include/asm-generic/pgtable.h | 27 +- include/linux/cpu.h | 4 + include/linux/fs.h | 6 +- include/linux/io.h | 22 + include/linux/mm.h | 50 +-- include/linux/mm_types.h | 12 +- include/linux/nospec.h | 10 + include/linux/rmap.h | 2 - include/linux/sched.h | 10 +- include/linux/seccomp.h | 2 + include/linux/swapfile.h | 2 + include/linux/swapops.h | 4 +- include/linux/vm_event_item.h | 2 - include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 3 + kernel/fork.c | 8 +- kernel/seccomp.c | 16 +- kernel/sys.c | 23 ++ mm/Makefile | 2 +- mm/filemap.c | 1 - mm/filemap_xip.c | 1 - mm/fremap.c | 283 ------------- mm/gup.c | 2 +- mm/interval_tree.c | 34 +- mm/ksm.c | 2 +- mm/madvise.c | 13 +- mm/memcontrol.c | 7 +- mm/memory.c | 285 ++++++------- mm/migrate.c | 32 -- mm/mincore.c | 9 +- mm/mmap.c | 117 +++++- mm/mprotect.c | 51 ++- mm/mremap.c | 2 - mm/msync.c | 5 +- mm/nommu.c | 8 - mm/pagewalk.c | 213 +++++----- mm/rmap.c | 222 +---------- mm/shmem.c | 1 - mm/swap.c | 4 +- mm/swapfile.c | 46 ++- net/irda/af_irda.c | 13 +- 170 files changed, 2214 insertions(+), 1884 deletions(-) Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andy Lutomirski (2): mm: Add vm_insert_pfn_prot() mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Ben Hutchings (4): x86/cpufeatures: Show KAISER in cpuinfo x86: mm: Add PUD functions x86/speculation/l1tf: Protect NUMA-balance entries against L1TF Linux 3.16.59 Borislav Petkov (3): Documentation/spec_ctrl: Do some minor cleanups x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} Dan Williams (1): mm: fix cache mode tracking in vm_insert_mixed() Daniel Rosenberg (1): HID: debug: check length before copy_to_user() Dave Airlie (2): x86/io: add interface to reserve io memtype for a resource range. (v1.1) drm/drivers: add support for using the arch wc mapping API. Dave Hansen (1): x86/mm: Move swap offset/type up in PTE to work around erratum Finn Thain (1): via-cuda: Use spinlock_irq_save/restore instead of enable/disable_irq Jim Mattson (1): x86/cpu: Make alternative_msr_write work for 32-bit code Jiri Kosina (3): x86/bugs: Fix __ssb_select_mitigation() return type x86/bugs: Make cpu_show_common() static x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kees Cook (6): nospec: Allow getting/setting on non-current task proc: Provide details on speculation flaw mitigations seccomp: Enable speculation flaw mitigations seccomp: Add filter flag to opt-out of SSB mitigation x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass exec: Limit arg stack to at most 75% of _STK_LIM Kirill A. Shutemov (39): mm: replace remap_file_pages() syscall with emulation mm: fix regression in remap_file_pages() emulation mm: drop support of non-linear mapping from unmap/zap codepath mm: drop support of non-linear mapping from fault codepath mm: drop vm_ops->remap_pages and generic_file_remap_pages() stub proc: drop handling non-linear mappings rmap: drop support of non-linear mappings mm: replace vma->sharead.linear with vma->shared mm: remove rest usage of VM_NONLINEAR and pte_file() asm-generic: drop unused pte_file* helpers alpha: drop _PAGE_FILE and pte_file()-related helpers arc: drop _PAGE_FILE and pte_file()-related helpers arm64: drop PTE_FILE and pte_file()-related helpers arm: drop L_PTE_FILE and pte_file()-related helpers avr32: drop _PAGE_FILE and pte_file()-related helpers blackfin: drop pte_file() c6x: drop pte_file() cris: drop _PAGE_FILE and pte_file()-related helpers frv: drop _PAGE_FILE and pte_file()-related helpers hexagon: drop _PAGE_FILE and pte_file()-related helpers ia64: drop _PAGE_FILE and pte_file()-related helpers m32r: drop _PAGE_FILE and pte_file()-related helpers m68k: drop _PAGE_FILE and pte_file()-related helpers metag: drop _PAGE_FILE and pte_file()-related helpers microblaze: drop _PAGE_FILE and pte_file()-related helpers mips: drop _PAGE_FILE and pte_file()-related helpers mn10300: drop _PAGE_FILE and pte_file()-related helpers openrisc: drop _PAGE_FILE and pte_file()-related helpers parisc: drop _PAGE_FILE and pte_file()-related helpers s390: drop pte_file()-related helpers score: drop _PAGE_FILE and pte_file()-related helpers sh: drop _PAGE_FILE and pte_file()-related helpers sparc: drop pte_file()-related helpers tile: drop pte_file()-related helpers um: drop _PAGE_FILE and pte_file()-related helpers unicore32: drop pte_file()-related helpers x86: drop _PAGE_FILE and pte_file()-related helpers xtensa: drop _PAGE_FILE and pte_file()-related helpers powerpc: drop _PAGE_FILE and pte_file()-related helpers Konrad Rzeszutek Wilk (17): x86/bugs: Concentrate bug detection into a separate function x86/bugs: Concentrate bug reporting into a separate function x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits x86/bugs, KVM: Support the combination of guest and host IBRS x86/bugs: Expose /sys/../spec_store_bypass x86/cpufeatures: Add X86_FEATURE_RDS x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation x86/bugs/intel: Set proper CPU features and setup RDS x86/bugs: Whitelist allowed SPEC_CTRL MSR values x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest x86/bugs: Rename _RDS to _SSBD proc: Use underscores for SSBD in 'status' x86/bugs: Fix the parameters alignment and missing void x86/bugs: Rename SSBD_NO to SSB_NO KVM/VMX: Expose SSBD properly to guests x86/bugs: Move the l1tf function and define pr_fmt properly Linus Torvalds (3): x86/nospec: Simplify alternative_msr_write() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Markus Trippelsdorf (1): x86/tools: Fix gcc-7 warning in relocs.c Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (3): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 mm/pagewalk: remove pgd_entry() and pud_entry() pagewalk: improve vma handling Sean Christopherson (1): x86/speculation/l1tf: Exempt zeroed PTEs from inversion Thomas Gleixner (19): x86/speculation: Create spec-ctrl.h to avoid include hell prctl: Add speculation control prctls x86/process: Allow runtime control of Speculative Store Bypass x86/speculation: Add prctl for Speculative Store Bypass mitigation prctl: Add force disable speculation seccomp: Use PR_SPEC_FORCE_DISABLE seccomp: Move speculation migitation control to arch code KVM: SVM: Move spec control call after restore of GS x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS x86/cpufeatures: Disentangle SSBD enumeration x86/cpufeatures: Add FEATURE_ZEN x86/speculation: Handle HT correctly on AMD x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL x86/speculation: Rework speculative_store_bypass_update() x86/bugs: Expose x86_spec_ctrl_base directly x86/bugs: Remove x86_spec_ctrl_set() x86/bugs: Rework spec_ctrl base and mask logic x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Tom Lendacky (2): x86/speculation: Add virtualized speculative store bypass disable support KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Tyler Hicks (2): irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Vincent Pelletier (1): scsi: target: iscsi: Use hex2bin instead of a re-implementation Vlastimil Babka (6): x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM x86/speculation/l1tf: Suggest what to do on systems with too much RAM

7 years, 2 months

1
0
0 0

[PATCH v2] f2fs: fix to recover cold bit of inode block during POR

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> Testcase to reproduce this bug: 1. mkfs.f2fs /dev/sdd 2. mount -t f2fs /dev/sdd /mnt/f2fs 3. touch /mnt/f2fs/file 4. sync 5. chattr +A /mnt/f2fs/file 6. xfs_io -f /mnt/f2fs/file -c "fsync" 7. godown /mnt/f2fs 8. umount /mnt/f2fs 9. mount -t f2fs /dev/sdd /mnt/f2fs 10. chattr -A /mnt/f2fs/file 11. xfs_io -f /mnt/f2fs/file -c "fsync" 12. umount /mnt/f2fs 13. mount -t f2fs /dev/sdd /mnt/f2fs 14. lsattr /mnt/f2fs/file -----------------N- /mnt/f2fs/file But actually, we expect the corrct result is: -------A---------N- /mnt/f2fs/file The reason is in step 9) we missed to recover cold bit flag in inode block, so later, in fsync, we will skip write inode block due to below condition check, result in lossing data in another SPOR. f2fs_fsync_node_pages() if (!IS_DNODE(page) || !is_cold_node(page)) continue; Note that, I guess that some non-dir inode has already lost cold bit during POR, so in order to reenable recovery for those inode, let's try to recover cold bit in f2fs_iget() to save more fsynced data. Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()") Cc: <stable(a)vger.kernel.org> 4.17+ Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- v2: - call set_page_dirty to recalculate checksum. fs/f2fs/inode.c | 6 ++++++ fs/f2fs/node.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 86e7333d60c1..4edfa03f3807 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -365,6 +365,12 @@ static int do_read_inode(struct inode *inode) if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode)) __recover_inline_status(inode, node_page); + /* try to recover cold bit for non-dir inode */ + if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) { + set_cold_node(node_page, false); + set_page_dirty(node_page); + } + /* get rdev by using inline_info */ __get_inode_rdev(inode, ri); diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index b1e3ff8147f6..033ce067509e 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2542,7 +2542,7 @@ int f2fs_recover_inode_page(struct f2fs_sb_info *sbi, struct page *page) if (!PageUptodate(ipage)) SetPageUptodate(ipage); fill_node_footer(ipage, ino, ino, 0, true); - set_cold_node(page, false); + set_cold_node(ipage, false); src = F2FS_INODE(page); dst = F2FS_INODE(ipage); -- 2.18.0

7 years, 2 months

1
0
0 0

v3.16.59 build: 0 failures 17 warnings (v3.16.59)

by Build bot for Mark Brown

Tree/Branch: v3.16.59 Git describe: v3.16.59 Commit: 58fb9b51d6 Linux 3.16.59 Build Time: 33 min 49 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 17 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 5 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : x86_64-defconfig 6 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : x86_64-allnoconfig 9 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 17 7 <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] 2 ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] 2 ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] 2 ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 2 ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] 1 ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function] 1 ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function] 1 ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label] 1 ../arch/x86/kernel/cpu/common.c:1160:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../drivers/platform/x86/eeepc-laptop.c:279:10: warning: 'value' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ../drivers/media/platform/davinci/vpfe_capture.c:1718:1: warning: label 'unlock_out' defined but not used [-Wunused-label] ../drivers/media/platform/davinci/vpfe_capture.c:291:12: warning: 'vpfe_get_ccdc_image_format' defined but not used [-Wunused-function] ../drivers/mtd/nand/omap2.c:1318:12: warning: 'omap_calculate_ecc_bch_multi' defined but not used [-Wunused-function] ../drivers/net/ethernet/broadcom/genet/bcmgenet.c:1346:17: warning: unused variable 'kdev' [-Wunused-variable] <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp] ------------------------------------------------------------------------------- x86_64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../arch/x86/kernel/cpu/common.c:1160:13: warning: 'syscall32_cpu_init' defined but not used [-Wunused-function] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 9 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/drxd_hard.c:2631:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/media/dvb-frontends/drxk_hard.c:2223:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/scsi/fnic/fnic_fcs.c:104:6: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/net/wireless/rtlwifi/rtl8723be/hw.c:1132:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:524:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/rtl8192ee/hw.c:529:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/rtl8192ee/btcoexist/halbtc8821a2ant.c:2338:2: warning: this 'else' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/main_usb.c:1101:7: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ../drivers/staging/vt6656/dpc.c:712:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] ../ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig

7 years, 2 months

1
0
0 0

[PULL 1/1] s390/cio: Fix how vfio-ccw checks pinned pages

by Cornelia Huck

From: Eric Farman <farman(a)linux.ibm.com> We have two nested loops to check the entries within the pfn_array_table arrays. But we mistakenly use the outer array as an index in our check, and completely ignore the indexing performed by the inner loop. Cc: stable(a)vger.kernel.org Signed-off-by: Eric Farman <farman(a)linux.ibm.com> Message-Id: <20181002010235.42483-1-farman(a)linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> --- drivers/s390/cio/vfio_ccw_cp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c index dbe7c7ac9ac8..fd77e46eb3b2 100644 --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -163,7 +163,7 @@ static bool pfn_array_table_iova_pinned(struct pfn_array_table *pat, for (i = 0; i < pat->pat_nr; i++, pa++) for (j = 0; j < pa->pa_nr; j++) - if (pa->pa_iova_pfn[i] == iova_pfn) + if (pa->pa_iova_pfn[j] == iova_pfn) return true; return false; -- 2.14.4

7 years, 2 months

2
1
0 0

[PATCH] selinux: fix race when removing selinuxfs entries

by Ondrej Mosnacek

Letting the following set of commands run long enough on a multi-core machine causes soft lockups in the kernel: (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & while true; do load_policy; echo -n .; sleep 0.1; done The problem is that sel_remove_entries() calls d_genocide() to remove the whole contents of certain subdirectories in /sys/fs/selinux/. This function is apparently only intended for removing filesystem entries that are no longer accessible to userspace, because it doesn't follow the rule that any code removing entries from a directory must hold the write lock on the directory's inode RW semaphore (formerly this was a mutex, see 9902af79c01a ("parallel lookups: actual switch to rwsem")). In order to fix this, I had to open-code d_genocide() again, adding the necessary parent inode locking. I based the new implementation on d_walk() (fs/dcache.c), the original code from before ad52184b705c ("selinuxfs: don't open-code d_genocide()"), and with a slight inspiration from debugfs_remove() (fs/debugfs/inode.c). The new code no longer triggers soft lockups with the above reproducer and it also gives no warnings when run with CONFIG_PROVE_LOCKING=y. Note that I am adding Fixes: on the commit that replaced the open-coded version with d_genocide(), but the bug is present also in the original code that dates back to pre-2.6 times... This patch obviously doesn't apply to this older code so pre-4.0 kernels will need a dedicated patch (just adding the parent inode locks should be sufficient there). Link: https://github.com/SELinuxProject/selinux-kernel/issues/42 Fixes: ad52184b705c ("selinuxfs: don't open-code d_genocide()") Cc: <stable(a)vger.kernel.org> # 4.0+ Cc: Stephen Smalley <sds(a)tycho.nsa.gov> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/selinuxfs.c | 88 ++++++++++++++++++++++++++++++++++-- 1 file changed, 85 insertions(+), 3 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..4ac9b17e24d1 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1316,10 +1316,92 @@ static const struct file_operations sel_commit_bools_ops = { .llseek = generic_file_llseek, }; -static void sel_remove_entries(struct dentry *de) +/* removes all children of the given dentry (but not itself) */ +static void sel_remove_entries(struct dentry *root) { - d_genocide(de); - shrink_dcache_parent(de); + struct dentry *parent = root; + struct dentry *child; + struct list_head *next; + + spin_lock(&parent->d_lock); + +repeat: + next = parent->d_subdirs.next; + + while (next != &parent->d_subdirs) { + child = list_entry(next, struct dentry, d_child); + next = next->next; + + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + + if (!list_empty(&child->d_subdirs)) { + /* Current entry has children, we need to remove those + * first. We unlock the parent but keep the child locked + * (it will become the new parent). */ + spin_unlock(&parent->d_lock); + + /* we need to re-lock the child (new parent) in a + * special way (see d_walk() in fs/dcache.c) */ + spin_release(&child->d_lock.dep_map, 1, _RET_IP_); + parent = child; + spin_acquire(&parent->d_lock.dep_map, 0, 1, _RET_IP_); + + goto repeat; + } + +resume: + if (child->d_inode) { + /* acquire a reference to the child */ + dget_dlock(child); + + /* drop all locks (someof the callees will try to + * acquire them) */ + spin_unlock(&child->d_lock); + spin_unlock(&parent->d_lock); + + /* IMPORTANT: we need to hold the parent's inode lock + * because some functions (namely dcache_readdir) assume + * holding this lock means children won't be removed */ + inode_lock_nested(parent->d_inode, I_MUTEX_PARENT); + + /* now unlink the child */ + if (d_is_dir(child)) + simple_rmdir(d_inode(parent), child); + else + simple_unlink(d_inode(parent), child); + d_delete(child); + + inode_unlock(parent->d_inode); + + /* drop our extra reference */ + dput(child); + + /* re-lock only the parent */ + spin_lock(&parent->d_lock); + } else + spin_unlock(&child->d_lock); + } + + if (parent != root) { + /* we processed contents of a subdirectory, ascend and continue + * by removing the subdirectory itself (now empty) */ + child = parent; + parent = child->d_parent; + + /* we have to re-lock the child after locking the parent */ + spin_unlock(&child->d_lock); + spin_lock(&parent->d_lock); + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + + /* set next to the next sibling */ + next = child->d_child.next; + goto resume; + } + + spin_unlock(&root->d_lock); + + /* try to clean up the stale entries */ + shrink_dcache_parent(root); } #define BOOL_DIR_NAME "booleans" -- 2.17.1

7 years, 2 months

3
3
0 0

[PATCH 2/4] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 3d5554f14dfd..ed8c16cbfaa4 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.19.0

7 years, 2 months

2
4
0 0

[git:media_tree/fixes] media: v4l: event: Prevent freeing event subscriptions while accessed

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: event: Prevent freeing event subscriptions while accessed Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Tue Sep 11 05:32:37 2018 -0400 The event subscriptions are added to the subscribed event list while holding a spinlock, but that lock is subsequently released while still accessing the subscription object. This makes it possible to unsubscribe the event --- and freeing the subscription object's memory --- while the subscription object is simultaneously accessed. Prevent this by adding a mutex to serialise the event subscription and unsubscription. This also gives a guarantee to the callback ops that the add op has returned before the del op is called. This change also results in making the elems field less special: subscriptions are only added to the event list once they are fully initialised. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Cc: stable(a)vger.kernel.org # for 4.14 and up Fixes: c3b5b0241f62 ("V4L/DVB: V4L: Events: Add backend") Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/v4l2-core/v4l2-event.c | 38 +++++++++++++++++++----------------- drivers/media/v4l2-core/v4l2-fh.c | 2 ++ include/media/v4l2-fh.h | 4 ++++ 3 files changed, 26 insertions(+), 18 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-event.c b/drivers/media/v4l2-core/v4l2-event.c index 127fe6eb91d9..a3ef1f50a4b3 100644 --- a/drivers/media/v4l2-core/v4l2-event.c +++ b/drivers/media/v4l2-core/v4l2-event.c @@ -115,14 +115,6 @@ static void __v4l2_event_queue_fh(struct v4l2_fh *fh, const struct v4l2_event *e if (sev == NULL) return; - /* - * If the event has been added to the fh->subscribed list, but its - * add op has not completed yet elems will be 0, treat this as - * not being subscribed. - */ - if (!sev->elems) - return; - /* Increase event sequence number on fh. */ fh->sequence++; @@ -208,6 +200,7 @@ int v4l2_event_subscribe(struct v4l2_fh *fh, struct v4l2_subscribed_event *sev, *found_ev; unsigned long flags; unsigned i; + int ret = 0; if (sub->type == V4L2_EVENT_ALL) return -EINVAL; @@ -225,31 +218,36 @@ int v4l2_event_subscribe(struct v4l2_fh *fh, sev->flags = sub->flags; sev->fh = fh; sev->ops = ops; + sev->elems = elems; + + mutex_lock(&fh->subscribe_lock); spin_lock_irqsave(&fh->vdev->fh_lock, flags); found_ev = v4l2_event_subscribed(fh, sub->type, sub->id); - if (!found_ev) - list_add(&sev->list, &fh->subscribed); spin_unlock_irqrestore(&fh->vdev->fh_lock, flags); if (found_ev) { + /* Already listening */ kvfree(sev); - return 0; /* Already listening */ + goto out_unlock; } if (sev->ops && sev->ops->add) { - int ret = sev->ops->add(sev, elems); + ret = sev->ops->add(sev, elems); if (ret) { - sev->ops = NULL; - v4l2_event_unsubscribe(fh, sub); - return ret; + kvfree(sev); + goto out_unlock; } } - /* Mark as ready for use */ - sev->elems = elems; + spin_lock_irqsave(&fh->vdev->fh_lock, flags); + list_add(&sev->list, &fh->subscribed); + spin_unlock_irqrestore(&fh->vdev->fh_lock, flags); - return 0; +out_unlock: + mutex_unlock(&fh->subscribe_lock); + + return ret; } EXPORT_SYMBOL_GPL(v4l2_event_subscribe); @@ -288,6 +286,8 @@ int v4l2_event_unsubscribe(struct v4l2_fh *fh, return 0; } + mutex_lock(&fh->subscribe_lock); + spin_lock_irqsave(&fh->vdev->fh_lock, flags); sev = v4l2_event_subscribed(fh, sub->type, sub->id); @@ -305,6 +305,8 @@ int v4l2_event_unsubscribe(struct v4l2_fh *fh, if (sev && sev->ops && sev->ops->del) sev->ops->del(sev); + mutex_unlock(&fh->subscribe_lock); + kvfree(sev); return 0; diff --git a/drivers/media/v4l2-core/v4l2-fh.c b/drivers/media/v4l2-core/v4l2-fh.c index 3895999bf880..c91a7bd3ecfc 100644 --- a/drivers/media/v4l2-core/v4l2-fh.c +++ b/drivers/media/v4l2-core/v4l2-fh.c @@ -45,6 +45,7 @@ void v4l2_fh_init(struct v4l2_fh *fh, struct video_device *vdev) INIT_LIST_HEAD(&fh->available); INIT_LIST_HEAD(&fh->subscribed); fh->sequence = -1; + mutex_init(&fh->subscribe_lock); } EXPORT_SYMBOL_GPL(v4l2_fh_init); @@ -90,6 +91,7 @@ void v4l2_fh_exit(struct v4l2_fh *fh) return; v4l_disable_media_source(fh->vdev); v4l2_event_unsubscribe_all(fh); + mutex_destroy(&fh->subscribe_lock); fh->vdev = NULL; } EXPORT_SYMBOL_GPL(v4l2_fh_exit); diff --git a/include/media/v4l2-fh.h b/include/media/v4l2-fh.h index ea73fef8bdc0..8586cfb49828 100644 --- a/include/media/v4l2-fh.h +++ b/include/media/v4l2-fh.h @@ -38,10 +38,13 @@ struct v4l2_ctrl_handler; * @prio: priority of the file handler, as defined by &enum v4l2_priority * * @wait: event' s wait queue + * @subscribe_lock: serialise changes to the subscribed list; guarantee that + * the add and del event callbacks are orderly called * @subscribed: list of subscribed events * @available: list of events waiting to be dequeued * @navailable: number of available events at @available list * @sequence: event sequence number + * * @m2m_ctx: pointer to &struct v4l2_m2m_ctx */ struct v4l2_fh { @@ -52,6 +55,7 @@ struct v4l2_fh { /* Events */ wait_queue_head_t wait; + struct mutex subscribe_lock; struct list_head subscribed; struct list_head available; unsigned int navailable;

7 years, 2 months

1
0
0 0

[PATCH 4.14 000/165] 4.14.68-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.68 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 5 16:56:19 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.68-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.68-rc1 Kees Cook <keescook(a)chromium.org> gcc-plugins: Use dynamic initializers Valdis Kletnieks <valdis.kletnieks(a)vt.edu> gcc-plugins: Add include required by GCC release 8 Scott Bauer <scott.bauer(a)intel.com> cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Vincent Whitchurch <vincent.whitchurch(a)axis.com> watchdog: Mark watchdog touch functions as notrace H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: check for duplicate properties copied from iio channels H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: fix out-of-bounds write when copying channel properties Dan Carpenter <dan.carpenter(a)oracle.com> PM / clk: signedness bug in of_pm_clk_add_clks() Alberto Panizzo <alberto(a)amarulasolutions.com> clk: rockchip: fix clk_i2sout parent selection bits on rk3399 Mike Christie <mchristi(a)redhat.com> iscsi target: fix session creation failure handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: mpt3sas: Fix _transport_smp_handler() error path Ricardo Schwarzmeier <Ricardo.Schwarzmeier(a)infineon.com> tpm: Return the actual size when receiving an unsupported command Paul Burton <paul.burton(a)mips.com> MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Huacai Chen <chenhc(a)lemote.com> MIPS: Change definition of cpu_relax() for Loongson-3 Paul Burton <paul.burton(a)mips.com> MIPS: Always use -march=<arch>, not -<arch> shortcuts Maciej W. Rozycki <macro(a)mips.com> MIPS: Correct the 64-bit DSP accumulator register size Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Make list and blacklist root user read only Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm: Fix %p uses in error messages Sebastian Ott <sebott(a)linux.ibm.com> s390/pci: fix out of bounds access during irq setup Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/numa: move initial setup of node_to_cpumask_map Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: reset old sbal_state flags Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: fix br_r1_trampoline for machines without exrl Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/mm: fix addressing exception after suspend/resume Jann Horn <jannh(a)google.com> x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() Gustavo A. R. Silva <gustavo(a)embeddedor.com> hwmon: (nct6775) Fix potential Spectre v1 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Andi Kleen <ak(a)linux.intel.com> x86/spectre: Add missing family 6 check to microcode check Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Mark native_restore_fl extern inline Andy Lutomirski <luto(a)kernel.org> x86/nmi: Fix NMI uaccess race against CR3 switching Samuel Neves <sneves(a)dei.uc.pt> x86/vdso: Fix lsl operand order Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: sirf: Fix potential NULL pointer dereference Takashi Iwai <tiwai(a)suse.de> ASoC: zte: Fix incorrect PCM format bit usages Jerome Brunet <jbrunet(a)baylibre.com> ASoC: dpcm: don't merge format from invalid codec dai Michael Buesch <m(a)bues.ch> b43/leds: Ensure NUL-termination of LED name string Michael Buesch <m(a)bues.ch> b43legacy/leds: Ensure NUL-termination of LED name string Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: avoid division Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: fix crash due to uninitialized memory Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: handle allocation failure Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: change down_interruptible to down Kirill Tkhai <ktkhai(a)virtuozzo.com> fuse: Add missed unlock_page() to fuse_readpages_fill() Miklos Szeredi <mszeredi(a)redhat.com> fuse: Fix oops at process_init_reply() Miklos Szeredi <mszeredi(a)redhat.com> fuse: umount should wait for all requests Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix unlocked access to processing queue Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix double request_end() Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix initial parallel dirops Andrey Ryabinin <aryabinin(a)virtuozzo.com> fuse: Don't access pipe->buffers without pipe_lock() Josh Poimboeuf <jpoimboe(a)redhat.com> x86/kvm/vmx: Remove duplicate l1d flush definitions Thomas Gleixner <tglx@xxxxxxxxxxxxx> KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Rian Hunter <rian(a)alum.mit.edu> x86/process: Re-export start_thread() Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO build if a retpoline is emitted Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Suggest what to do on systems with too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit Peter Zijlstra <peterz(a)infradead.org> mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Takashi Iwai <tiwai(a)suse.de> platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too Michal Wnukowski <wnukowski(a)google.com> nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event Eric Sandeen <sandeen(a)redhat.com> ext4: reset error code in ext4_find_entry in fallback Arnd Bergmann <arnd(a)arndb.de> ext4: sysfs: print ext4_super_block fields as little-endian Theodore Ts'o <tytso(a)mit.edu> ext4: check for NUL characters in extended attribute's name Prasad Sodagudi <psodagud(a)codeaurora.org> stop_machine: Atomically queue and wake stopper threads Peter Zijlstra <peterz(a)infradead.org> stop_machine: Reflow cpu_stop_queue_two_works() Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> s390/kvm: fix deadlock when killed by oom Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PTE entry if no change Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PMD entry if no change Huibin Hong <huibin.hong(a)rock-chips.com> arm64: dts: rockchip: corrected uart1 clock-names for rk3328 Greg Hackmann <ghackmann(a)android.com> arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm64: Fix %p uses in error messages Petr Mladek <pmladek(a)suse.com> printk/nmi: Prevent deadlock when accessing the main log buffer in NMI Petr Mladek <pmladek(a)suse.com> printk: Create helper function to queue deferred console handling Petr Mladek <pmladek(a)suse.com> printk: Split the code for storing a message into the log buffer Vivek Gautam <vivek.gautam(a)codeaurora.org> iommu/arm-smmu: Error out only if not enough context interrupts Josef Bacik <jbacik(a)fb.com> Btrfs: fix btrfs_write_inode vs delayed iput deadlock Josef Bacik <josef(a)toxicpanda.com> btrfs: don't leak ret from do_chunk_alloc Ethan Lien <ethanlien(a)synology.com> btrfs: use correct compare function of dirty_metadata_bytes Steve French <stfrench(a)microsoft.com> smb3: fill in statfs fsid and correct namelen Steve French <stfrench(a)microsoft.com> smb3: don't request leases in symlink creation and query Steve French <stfrench(a)microsoft.com> smb3: Do not send SMB3 SET_INFO if nothing changed Steve French <stfrench(a)microsoft.com> smb3: enumerating snapshots was leaving part of the data off end Nicholas Mc Guire <hofrat(a)osadl.org> cifs: check kmalloc before use Steve French <stfrench(a)microsoft.com> cifs: add missing debug entries for kconfig options Alexander Usyskin <alexander.usyskin(a)intel.com> mei: don't update offset in write jie@chenjie6@huwei.com <jie@chenjie6@huwei.com> mm/memory.c: check return value of ioremap_prot Jim Gill <jgill(a)vmware.com> scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: drop frames in ELS LOGO error path Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send Benjamin Tissoires <benjamin.tissoires(a)redhat.com> gpiolib-acpi: make sure we trigger edge events at least once on boot Kirill Tkhai <ktkhai(a)virtuozzo.com> memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Colin Ian King <colin.king(a)canonical.com> drivers: net: lmc: fix case value for target abort error Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: Compute expected length from inode size rather than block length Hugh Dickins <hughd(a)google.com> mm: delete historical BUG from zap_pmd_range() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs metadata 2: electric boogaloo Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: do not call enic_change_mtu in enic_probe Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> sparc: use asm-generic version of msi.h Steven Rostedt (VMware) <rostedt(a)goodmis.org> sparc/time: Add missing __init to init_tick_ops() Randy Dunlap <rdunlap(a)infradead.org> arc: fix type warnings in arc/mm/cache.c Randy Dunlap <rdunlap(a)infradead.org> arc: fix build errors in arc/include/asm/delay.h Randy Dunlap <rdunlap(a)infradead.org> arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c Randy Dunlap <rdunlap(a)infradead.org> arc: [plat-eznps] fix data type errors in platform headers Ofer Levi <oferle(a)mellanox.com> ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: handle mtu change for vf properly John Hurley <john.hurley(a)netronome.com> nfp: flower: fix port metadata conversion bug Taehee Yoo <ap420073(a)gmail.com> bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Rafał Miłecki <rafal(a)milecki.pl> Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Calvin Walton <calvin.walton(a)kepstin.ca> tools/power turbostat: Read extended processor family from CPUID Li Wang <liwang(a)redhat.com> zswap: re-check zswap_is_full() after do zswap_shrink() Davidlohr Bueso <dave(a)stgolabs.net> ipc/sem.c: prevent queue.status tearing in semop dann frazier <dann.frazier(a)canonical.com> hinic: Link the logical network device to the pci device in sysfs Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Add snapshot and tracing_on test case Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Fix refcounting bug in backing-file read monitoring Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> fscache: Allow cancelled operations to be enqueued Kees Cook <keescook(a)chromium.org> x86/boot: Fix if_changed build flip/flop bug Hailong Liu <liu.hailong6(a)zte.com.cn> sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Peter Rosin <peda(a)axentia.se> i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Rosin <peda(a)axentia.se> locking/rtmutex: Allow specifying a subclass for nested locking Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> net: axienet: Fix double deregister of mdio Aleksander Morgado <aleksander(a)aleksander.es> qmi_wwan: fix interface number for DW5821e production firmware Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix invalid memory access in rss hash config path. Guenter Roeck <linux(a)roeck-us.net> media: staging: omap4iss: Include asm/cacheflush.h after generic includes Thomas Gleixner <tglx(a)linutronix.de> perf/x86/amd/ibs: Don't access non-started event Alexander Sverdlin <alexander.sverdlin(a)nokia.com> i2c: davinci: Avoid zero value of CLKH Faiz Abbas <faiz_abbas(a)ti.com> can: m_can: Move accessing of message ram to after clocks are enabled Nicholas Mc Guire <hofrat(a)osadl.org> can: mpc5xxx_can: check of_iomap return before use Randy Dunlap <rdunlap(a)infradead.org> net: prevent ISA drivers from building on PPC32 Florian Westphal <fw(a)strlen.de> atl1c: reserve min skb headroom Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Correct Multicast API to reflect existence of 256 approximate buckets. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible race for the link state value. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix link flap issue due to mismatching EEE capabilities. YueHaibing <yuehaibing(a)huawei.com> net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Len Brown <len.brown(a)intel.com> tools/power turbostat: fix -S on UP systems Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't allow to rename to already-pending name Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix memory leaks on chain rename Daniel Borkmann <daniel(a)iogearbox.net> bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Taehee Yoo <ap420073(a)gmail.com> netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() Eugeniu Rosca <roscaeugeniu(a)gmail.com> usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Peter Senna Tschudin <peter.senna(a)gmail.com> tools: usb: ffs-test: Fix build on big endian systems Randy Dunlap <rdunlap(a)infradead.org> usb/phy: fix PPC64 build errors in phy-fsl-usb.c Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: protect stream runtime fields with stream spinlock Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: remove cached period bytes value Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> usb: gadget: u_audio: remove caching of stream buffer parameters Joshua Frkuska <joshua_frkuska(a)mentor.com> usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() Eugeniu Rosca <erosca(a)de.adit-jv.com> usb: gadget: f_uac2: fix error handling in afunc_bind (again) Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() Josef Bacik <josef(a)toxicpanda.com> nbd: handle unexpected replies better Josef Bacik <josef(a)toxicpanda.com> nbd: don't requeue the same request twice. Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: check if channel is enabled before printing warning Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: disable LDB on driver bind Varun Prakash <varun(a)chelsio.com> scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Varun Prakash <varun(a)chelsio.com> scsi: target: iscsi: cxgbit: fix max iso npdu calculation Sean Paul <seanpaul(a)chromium.org> drm/bridge: adv7511: Reset registers on hotplug Bernd Edlinger <bernd.edlinger(a)hotmail.de> nl80211: Add a missing break in parse_station_flags Theodore Ts'o <tytso(a)mit.edu> ext4: clear mmp sequence number when remounting read-only mpubbise(a)codeaurora.org <mpubbise(a)codeaurora.org> mac80211: add stations tied to AP_VLANs during hw reconfig Zhen Lei <thunder.leizhen(a)huawei.com> esp6: fix memleak on error path in esp6_input Florian Westphal <fw(a)strlen.de> xfrm: free skb if nlsk pointer is NULL Tommi Rantala <tommi.t.rantala(a)nokia.com> xfrm: fix missing dst_release() after policy blocking lbcast and multicast Eyal Birger <eyal.birger(a)gmail.com> vti6: fix PMTU caching and reporting on xmit Paulo Flabiano Smorigo <pfsmorigo(a)linux.vnet.ibm.com> crypto: vmx - Use skcipher for ctr fallback ------------- Diffstat: Makefile | 8 +- arch/Kconfig | 3 + arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/arm/probes/kprobes/core.c | 4 +- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 +- arch/arm64/kernel/probes/kprobes.c | 2 +- arch/arm64/mm/init.c | 6 +- arch/mips/Makefile | 12 +-- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/mips/include/asm/processor.h | 15 +++- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- arch/mips/lib/multi3.c | 6 +- arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/s390/include/asm/qdio.h | 1 - arch/s390/mm/fault.c | 2 + arch/s390/mm/page-states.c | 2 +- arch/s390/net/bpf_jit_comp.c | 2 - arch/s390/numa/numa.c | 16 +--- arch/s390/pci/pci.c | 2 + arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/Kconfig | 1 + arch/x86/boot/compressed/Makefile | 8 +- arch/x86/entry/vdso/Makefile | 6 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/irqflags.h | 3 +- arch/x86/include/asm/processor.h | 6 +- arch/x86/include/asm/tlbflush.h | 40 +++++++++ arch/x86/include/asm/vgtod.h | 2 +- arch/x86/kernel/cpu/bugs.c | 50 +++++++++-- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/dumpstack.c | 4 + arch/x86/kernel/process_64.c | 1 + arch/x86/kvm/svm.c | 8 +- arch/x86/kvm/vmx.c | 18 ++-- arch/x86/lib/usercopy.c | 5 ++ arch/x86/mm/init.c | 4 +- arch/x86/mm/mmap.c | 2 +- arch/x86/mm/tlb.c | 7 ++ drivers/base/power/clock_ops.c | 2 +- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/cdrom/cdrom.c | 2 +- drivers/char/tpm/tpm-interface.c | 2 +- drivers/clk/rockchip/clk-rk3399.c | 2 +- drivers/crypto/vmx/aes_ctr.c | 31 +++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/gpu/drm/udl/udl_drv.h | 2 +- drivers/gpu/drm/udl/udl_fb.c | 17 ++-- drivers/gpu/drm/udl/udl_main.c | 35 ++++---- drivers/gpu/drm/udl/udl_transfer.c | 39 ++++----- drivers/hwmon/nct6775.c | 2 + drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/iommu/arm-smmu.c | 16 ++-- drivers/misc/mei/main.c | 1 - drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/net/wireless/broadcom/b43/leds.c | 2 +- drivers/net/wireless/broadcom/b43legacy/leds.c | 2 +- drivers/nvme/host/pci.c | 8 ++ drivers/pinctrl/freescale/pinctrl-imx1-core.c | 2 +- drivers/platform/x86/ideapad-laptop.c | 4 +- drivers/power/supply/generic-adc-battery.c | 25 +++--- drivers/s390/cio/qdio_main.c | 5 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/mpt3sas/mpt3sas_transport.c | 5 +- drivers/scsi/scsi_sysfs.c | 20 ++++- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/target/iscsi/iscsi_target_login.c | 35 ++++---- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/btrfs/disk-io.c | 10 ++- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 26 ------ fs/btrfs/super.c | 1 - fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/cifs/cifs_debug.c | 30 +++++-- fs/cifs/cifsfs.c | 18 ++-- fs/cifs/inode.c | 2 + fs/cifs/link.c | 4 +- fs/cifs/sess.c | 6 ++ fs/cifs/smb2inode.c | 2 +- fs/cifs/smb2ops.c | 36 ++++++-- fs/cifs/smb2pdu.c | 8 ++ fs/cifs/smb2pdu.h | 11 +++ fs/ext4/mmp.c | 7 +- fs/ext4/namei.c | 1 + fs/ext4/super.c | 2 + fs/ext4/sysfs.c | 13 ++- fs/ext4/xattr.c | 2 + fs/fscache/operation.c | 6 +- fs/fuse/dev.c | 39 +++++++-- fs/fuse/dir.c | 10 ++- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 5 +- fs/fuse/inode.c | 37 +++++---- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- fs/sysfs/file.c | 44 ++++++++++ include/linux/printk.h | 4 + include/linux/rtmutex.h | 7 ++ include/linux/sysfs.h | 14 ++++ ipc/sem.c | 2 +- kernel/kprobes.c | 4 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/printk/internal.h | 9 +- kernel/printk/printk.c | 57 ++++++++----- kernel/printk/printk_safe.c | 58 ++++++++----- kernel/sched/rt.c | 2 + kernel/stop_machine.c | 43 ++++++---- kernel/trace/trace.c | 4 +- kernel/watchdog.c | 4 +- kernel/watchdog_hld.c | 2 +- kernel/workqueue.c | 2 +- lib/nmi_backtrace.c | 3 - mm/memcontrol.c | 15 +++- mm/memory.c | 27 +++++- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 10 ++- scripts/gcc-plugins/gcc-common.h | 4 + scripts/gcc-plugins/latent_entropy_plugin.c | 17 ++-- scripts/gcc-plugins/randomize_layout_plugin.c | 75 +++++------------ scripts/gcc-plugins/structleak_plugin.c | 19 ++--- sound/soc/sirf/sirf-usp.c | 7 +- sound/soc/soc-pcm.c | 8 ++ sound/soc/zte/zx-tdm.c | 4 +- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- virt/kvm/arm/mmu.c | 42 +++++++--- 178 files changed, 1394 insertions(+), 774 deletions(-)

7 years, 2 months

7
172
0 0

[PATCH] drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl

by Kai-Heng Feng

There's another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk for the panel to fix it. BugLink: https://bugs.launchpad.net/bugs/1794387 Cc: <stable(a)vger.kernel.org> # v4.8+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index 3c9fc99648b7..1e2b9407c8d0 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -113,6 +113,9 @@ static const struct edid_quirk { /* AEO model 0 reports 8 bpc, but is a 6 bpc panel */ { "AEO", 0, EDID_QUIRK_FORCE_6BPC }, + /* BOE model on HP Pavilion 15-n233sl reports 8 bpc, but is a 6 bpc panel */ + { "BOE", 0x78b, EDID_QUIRK_FORCE_6BPC }, + /* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */ { "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC }, -- 2.17.1

7 years, 2 months

2
1
0 0

[PATCH v2] mtd: rawnand: marvell: check for RDY bits after enabling the IRQ

by Daniel Mack

At least on PXA3xx platforms, enabling RDY interrupts in the NDCR register will only cause the IRQ to latch when the RDY lanes are changing, and not in case they are already asserted. This means that if the controller finished the command in flight before marvell_nfc_wait_op() is called, that function will wait for a change in the bit that can't ever happen as it is already set. To address this race, check for the RDY bits after the IRQ was enabled, and complete the completion immediately if the condition is already met. This fixes a bug that was observed with a NAND chip that holds a UBIFS parition on which file system stress tests were executed. When marvell_nfc_wait_op() reports an error, UBI/UBIFS will eventually mount the filesystem read-only, reporting lots of warnings along the way. Fixes: 02f26ecf8c77 mtd: nand: add reworked Marvell NAND controller driver Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Mack <daniel(a)zonque.org> --- v1 → v2: * Use complete(&nfc->complete) when the condition is met, and do wait_for_completion_timeout() in all cases. Suggested by Boris Brezillon. drivers/mtd/nand/raw/marvell_nand.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 666f34b58dec..4870b5bae296 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -614,6 +614,7 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) { struct marvell_nfc *nfc = to_marvell_nfc(chip->controller); int ret; + u32 st; /* Timeout is expressed in ms */ if (!timeout_ms) @@ -622,6 +623,15 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) init_completion(&nfc->complete); marvell_nfc_enable_int(nfc, NDCR_RDYM); + + /* + * Check if the NDSR_RDY bits have already been set before the + * interrupt was enabled. + */ + st = readl_relaxed(nfc->regs + NDSR); + if (st & (NDSR_RDY(0) | NDSR_RDY(1))) + complete(&nfc->complete); + ret = wait_for_completion_timeout(&nfc->complete, msecs_to_jiffies(timeout_ms)); marvell_nfc_disable_int(nfc, NDCR_RDYM); -- 2.17.1

7 years, 2 months

4
27
0 0

[PATCH] mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus

by Ahmad Fatoum

fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read() doesn't check for error codes with the result that -EINVAL could find itself signalled over the bus. In conjunction with the LS1046A SoC's A-009283 errata ("Illegal accesses to SPI flash memory can result in a system hang") this illegal access to SPI flash memory results in a system hang if userspace attempts reading later on. Avoid this by always checking fsl_qspi_get_seqid()'s return value and bail out otherwise. Cc: stable(a)vger.kernel.org Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/mtd/spi-nor/fsl-quadspi.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c7ff6c..1bb42e40c38b 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -543,6 +543,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 cmd, unsigned int addr, int len) /* trigger the LUT now */ seqid = fsl_qspi_get_seqid(q, cmd); + if (seqid < 0) + return seqid; + qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len, base + QUADSPI_IPCR); @@ -671,7 +674,7 @@ static void fsl_qspi_set_map_addr(struct fsl_qspi *q) * causes the controller to clear the buffer, and use the sequence pointed * by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash. */ -static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) +static int fsl_qspi_init_ahb_read(struct fsl_qspi *q) { void __iomem *base = q->iobase; int seqid; @@ -696,8 +699,12 @@ static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) /* Set the default lut sequence for AHB Read. */ seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode); + if (seqid < 0) + return seqid; + qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT, q->iobase + QUADSPI_BFGENCR); + return 0; } /* This function was used to prepare and enable QSPI clock */ @@ -805,9 +812,7 @@ static int fsl_qspi_nor_setup_last(struct fsl_qspi *q) fsl_qspi_init_lut(q); /* Init for AHB read */ - fsl_qspi_init_ahb_read(q); - - return 0; + return fsl_qspi_init_ahb_read(q); } static const struct of_device_id fsl_qspi_dt_ids[] = { -- 2.19.0

7 years, 2 months

2
1
0 0

[PATCH] x86/vdso: Only enable vDSO retpolines when enabled and supported

by Andy Lutomirski

When I fixed the vDSO build to use inline retpolines, I messed up the Makefile logic and made it unconditional. It should have depended on CONFIG_RETPOLINE and on the availability of compiler support. This broke the build on some older compilers. Fixes: 2e549b2ee0e3 ("x86/vdso: Fix vDSO build if a retpoline is emitted") Cc: stable(a)vger.kernel.org Reported-by: nikola.ciprich(a)linuxbox.cz Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: jason.vas.dias(a)gmail.com Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: nikola.ciprich(a)linuxbox.cz Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- arch/x86/entry/vdso/Makefile | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index fa3f439f0a92..141d415a8c80 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,7 +68,13 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + +ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_VDSO_CFLAGS),) + CFL += $(RETPOLINE_VDSO_CFLAGS) +endif +endif $(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) @@ -138,7 +144,13 @@ KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING -KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) + +ifdef CONFIG_RETPOLINE +ifneq ($(RETPOLINE_VDSO_CFLAGS),) + KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) +endif +endif + $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \ -- 2.17.1

7 years, 2 months

1
0
0 0

[PATCH v2 1/1] pinctrl: mcp23s08: fix irq and irqchip setup order

by Marco Felsch

Since 'commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' the irq request isn't the last devm_* allocation. Without a deeper look at the irq and testing this isn't a good solution. Since this driver relies on the devm mechanism, requesting a interrupt should be the last thing to avoid memory corruptions during unbinding. 'Commit 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")' fixed the order for the interrupt-controller use case only. The mcp23s08_irq_setup() must be split into two to fix it for the interrupt-controller use case and to register the irq at last. So the irq will be freed first during unbind. Cc: stable(a)vger.kernel.org Cc: Phil Reid <preid(a)electromag.com.au> Cc: Jan Kundrát <jan.kundrat(a)cesnet.cz> Cc: Dmitry Mastykin <mastichi(a)gmail.com> Cc: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Fixes: 82039d244f87 ("pinctrl: mcp23s08: add pinconf support") Fixes: 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order") Signed-off-by: Marco Felsch <m.felsch(a)pengutronix.de> --- drivers/pinctrl/pinctrl-mcp23s08.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c index 4a8a8efadefa..cf73a403d22d 100644 --- a/drivers/pinctrl/pinctrl-mcp23s08.c +++ b/drivers/pinctrl/pinctrl-mcp23s08.c @@ -636,6 +636,14 @@ static int mcp23s08_irq_setup(struct mcp23s08 *mcp) return err; } + return 0; +} + +static int mcp23s08_irqchip_setup(struct mcp23s08 *mcp) +{ + struct gpio_chip *chip = &mcp->chip; + int err; + err = gpiochip_irqchip_add_nested(chip, &mcp23s08_irq_chip, 0, @@ -912,7 +920,7 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev, } if (mcp->irq && mcp->irq_controller) { - ret = mcp23s08_irq_setup(mcp); + ret = mcp23s08_irqchip_setup(mcp); if (ret) goto fail; } @@ -944,6 +952,9 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev, goto fail; } + if (mcp->irq) + ret = mcp23s08_irq_setup(mcp); + fail: if (ret < 0) dev_dbg(dev, "can't setup chip %d, --> %d\n", addr, ret); -- 2.19.0

7 years, 2 months

2
1
0 0

[PATCH] f2fs: fix to recover cold bit of inode block during POR

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> Testcase to reproduce this bug: 1. mkfs.f2fs /dev/sdd 2. mount -t f2fs /dev/sdd /mnt/f2fs 3. touch /mnt/f2fs/file 4. sync 5. chattr +A /mnt/f2fs/file 6. xfs_io -f /mnt/f2fs/file -c "fsync" 7. godown /mnt/f2fs 8. umount /mnt/f2fs 9. mount -t f2fs /dev/sdd /mnt/f2fs 10. chattr -A /mnt/f2fs/file 11. xfs_io -f /mnt/f2fs/file -c "fsync" 12. umount /mnt/f2fs 13. mount -t f2fs /dev/sdd /mnt/f2fs 14. lsattr /mnt/f2fs/file -----------------N- /mnt/f2fs/file But actually, we expect the corrct result is: -------A---------N- /mnt/f2fs/file The reason is in step 9) we missed to recover cold bit flag in inode block, so later, in fsync, we will skip write inode block due to below condition check, result in lossing data in another SPOR. f2fs_fsync_node_pages() if (!IS_DNODE(page) || !is_cold_node(page)) continue; Note that, I guess that some non-dir inode has already lost cold bit during POR, so in order to reenable recovery for those inode, let's try to recover cold bit in f2fs_iget() to save more fsynced data. Fixes: c56675750d7c ("f2fs: remove unneeded set_cold_node()") Cc: <stable(a)vger.kernel.org> 4.17+ Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- fs/f2fs/inode.c | 4 ++++ fs/f2fs/node.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 3c278e63d1a3..4ce4d6b298f9 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -365,6 +365,10 @@ static int do_read_inode(struct inode *inode) if (f2fs_has_inline_data(inode) && !f2fs_exist_data(inode)) __recover_inline_status(inode, node_page); + /* try to recover cold bit for non-dir inode */ + if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) + set_cold_node(node_page, false); + /* get rdev by using inline_info */ __get_inode_rdev(inode, ri); diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index b3cf18eb12f0..b1edc7525597 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -2549,7 +2549,7 @@ int f2fs_recover_inode_page(struct f2fs_sb_info *sbi, struct page *page) if (!PageUptodate(ipage)) SetPageUptodate(ipage); fill_node_footer(ipage, ino, ino, 0, true); - set_cold_node(page, false); + set_cold_node(ipage, false); src = F2FS_INODE(page); dst = F2FS_INODE(ipage); -- 2.18.0

7 years, 2 months

2
1
0 0

+ ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been added to the -mm tree. Its filename is ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/ocfs2-fix-locking-for-res-tracking… and later at http://ozlabs.org/~akpm/mmotm/broken-out/ocfs2-fix-locking-for-res-tracking… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch

7 years, 2 months

1
0
0 0

patch "Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 25355252607ca288f329ee033f387764883393f6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:44 +0000 Subject: Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A cpumask structure on the stack can cause a warning with CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this): drivers/hv//channel_mgmt.c: In function ‘init_vp_index’: drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=] Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and hence we can work around the warning by using cpumask_var_t. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 6f3e6af5e891..6277597d3d58 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -594,16 +594,18 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) bool perf_chn = vmbus_devs[dev_type].perf_device; struct vmbus_channel *primary = channel->primary_channel; int next_node; - struct cpumask available_mask; + cpumask_var_t available_mask; struct cpumask *alloced_mask; if ((vmbus_proto_version == VERSION_WS2008) || - (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) { + (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) || + !alloc_cpumask_var(&available_mask, GFP_KERNEL)) { /* * Prior to win8, all channel interrupts are * delivered on cpu 0. * Also if the channel is not a performance critical * channel, bind it to cpu 0. + * In case alloc_cpumask_var() fails, bind it to cpu 0. */ channel->numa_node = 0; channel->target_cpu = 0; @@ -641,7 +643,7 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) cpumask_clear(alloced_mask); } - cpumask_xor(&available_mask, alloced_mask, + cpumask_xor(available_mask, alloced_mask, cpumask_of_node(primary->numa_node)); cur_cpu = -1; @@ -659,10 +661,10 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) } while (true) { - cur_cpu = cpumask_next(cur_cpu, &available_mask); + cur_cpu = cpumask_next(cur_cpu, available_mask); if (cur_cpu >= nr_cpu_ids) { cur_cpu = -1; - cpumask_copy(&available_mask, + cpumask_copy(available_mask, cpumask_of_node(primary->numa_node)); continue; } @@ -692,6 +694,8 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) channel->target_cpu = cur_cpu; channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu); + + free_cpumask_var(available_mask); } static void vmbus_wait_for_unload(void) -- 2.19.0

7 years, 2 months

1
0
0 0

patch "Drivers: hv: kvp: Fix two "this statement may fall through" warnings" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: kvp: Fix two "this statement may fall through" warnings to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From fc62c3b1977d62e6374fd6e28d371bb42dfa5c9d Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Sun, 23 Sep 2018 21:10:43 +0000 Subject: Drivers: hv: kvp: Fix two "this statement may fall through" warnings We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.19.0

7 years, 2 months

1
0
0 0

patch "w1: omap-hdq: fix missing bus unregister at removal" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: omap-hdq: fix missing bus unregister at removal to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From a007734618fee1bf35556c04fa498d41d42c7301 Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sat, 22 Sep 2018 21:20:54 +0200 Subject: w1: omap-hdq: fix missing bus unregister at removal The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.19.0

7 years, 2 months

1
0
0 0

+ mm-vmstat-skip-nr_tlb_remote_flush-properly.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been added to the -mm tree. Its filename is mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-vmstat-skip-nr_tlb_remote_flush… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-vmstat-skip-nr_tlb_remote_flush… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are proc-restrict-kernel-stack-dumps-to-root.patch mm-vmstat-fix-outdated-vmstat_text.patch mm-vmstat-skip-nr_tlb_remote_flush-properly.patch mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix unitialized timer reset on migration" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8604895a34d92f5e186ceb931b0d1b384030ea3d Mon Sep 17 00:00:00 2001 From: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Date: Thu, 20 Sep 2018 11:45:13 -0500 Subject: [PATCH] powerpc/pseries: Fix unitialized timer reset on migration After migration of a powerpc LPAR, the kernel executes code to update the system state to reflect new platform characteristics. Such changes include modifications to device tree properties provided to the system by PHYP. Property notifications received by the post_mobility_fixup() code are passed along to the kernel in general through a call to of_update_property() which in turn passes such events back to all modules through entries like the '.notifier_call' function within the NUMA module. When the NUMA module updates its state, it resets its event timer. If this occurs after a previous call to stop_topology_update() or on a system without VPHN enabled, the code runs into an unitialized timer structure and crashes. This patch adds a safety check along this path toward the problem code. An example crash log is as follows. ibmvscsi 30000081: Re-enabling adapter! ------------[ cut here ]------------ kernel BUG at kernel/time/timer.c:958! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179 ... NIP mod_timer+0x4c/0x400 LR reset_topology_timer+0x40/0x60 Call Trace: 0xc0000003f9407830 (unreliable) reset_topology_timer+0x40/0x60 dt_update_callback+0x100/0x120 notifier_call_chain+0x90/0x100 __blocking_notifier_call_chain+0x60/0x90 of_property_notify+0x90/0xd0 of_update_property+0x104/0x150 update_dt_property+0xdc/0x1f0 pseries_devicetree_update+0x2d0/0x510 post_mobility_fixup+0x7c/0xf0 migration_store+0xa4/0xc0 kobj_attr_store+0x30/0x60 sysfs_kf_write+0x64/0xa0 kernfs_fop_write+0x16c/0x240 __vfs_write+0x40/0x200 vfs_write+0xc8/0x240 ksys_write+0x5c/0x100 system_call+0x58/0x6c Fixes: 5d88aa85c00b ("powerpc/pseries: Update CPU maps when device tree is updated") Cc: stable(a)vger.kernel.org # v3.10+ Signed-off-by: Michael Bringmann <mwb(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c index 35ac5422903a..b5a71baedbc2 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -1452,7 +1452,8 @@ static struct timer_list topology_timer; static void reset_topology_timer(void) { - mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); + if (vphn_enabled) + mod_timer(&topology_timer, jiffies + topology_timer_secs * HZ); } #ifdef CONFIG_SMP

7 years, 2 months

3
6
0 0

patch "usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 1b6af2f58c2b1522e0804b150ca95e50a9e80ea7 Mon Sep 17 00:00:00 2001 From: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Date: Fri, 21 Sep 2018 16:04:11 +0100 Subject: usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage Current code mistakenly checks against max current to determine order but this should be max voltage. This commit fixes the issue so order is correctly determined, thus avoiding failure based on a higher voltage PPS APDO having a lower maximum current output, which is actually valid. Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4f1f4215f3d6..c11b3befa87f 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct tcpm_port *port, const u32 *pdo, if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS) break; - if (pdo_pps_apdo_max_current(pdo[i]) < - pdo_pps_apdo_max_current(pdo[i - 1])) + if (pdo_pps_apdo_max_voltage(pdo[i]) < + pdo_pps_apdo_max_voltage(pdo[i - 1])) return PDO_ERR_PPS_APDO_NOT_SORTED; else if (pdo_pps_apdo_min_voltage(pdo[i]) == pdo_pps_apdo_min_voltage(pdo[i - 1]) && -- 2.19.0

7 years, 2 months

1
0
0 0

[PATCH 3.18-stable] arm64: KVM: Sanitize PSTATE.M when being set from userspace

by Marc Zyngier

commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream. Not all execution modes are valid for a guest, and some of them depend on what the HW actually supports. Let's verify that what userspace provides is compatible with both the VM settings and the HW capabilities. Cc: <stable(a)vger.kernel.org> Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Reviewed-by: Christoffer Dall <christoffer.dall(a)arm.com> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Dave Martin <Dave.Martin(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- arch/arm64/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/kvm/guest.c | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 865a7e28ea2d..3d0098d7b47e 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -38,6 +38,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu); void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); +static inline bool vcpu_el1_is_32bit(struct kvm_vcpu *vcpu) +{ + return !(vcpu->arch.hcr_el2 & HCR_RW); +} + static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) { vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 5d93c9f24847..286453f462df 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -141,17 +141,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { - u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK; + u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK; switch (mode) { case COMPAT_PSR_MODE_USR: + if ((read_cpuid(ID_AA64PFR0_EL1) & 0xf) != 2) + return -EINVAL; + break; case COMPAT_PSR_MODE_FIQ: case COMPAT_PSR_MODE_IRQ: case COMPAT_PSR_MODE_SVC: case COMPAT_PSR_MODE_ABT: case COMPAT_PSR_MODE_UND: + if (!vcpu_el1_is_32bit(vcpu)) + return -EINVAL; + break; case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: + if (vcpu_el1_is_32bit(vcpu)) + return -EINVAL; break; default: err = -EINVAL; -- 2.19.0

7 years, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror