- Linux-stable-mirror - lists.linaro.org

[PATCH] usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage

by Adam Thomson

Current code mistakenly checks against max current to determine order but this should be max voltage. This commit fixes the issue so order is correctly determined, thus avoiding failure based on a higher voltage PPS APDO having a lower maximum current output, which is actually valid. Fixes: 2eadc33f40d4 ("typec: tcpm: Add core support for sink side PPS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Adam Thomson <Adam.Thomson.Opensource(a)diasemi.com> --- Code based on usb-testing branch (ae8a2ca8a2215c7e31e6d874f7303801bb15fbb) drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 4f1f421..c11b3be 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1430,8 +1430,8 @@ static enum pdo_err tcpm_caps_err(struct tcpm_port *port, const u32 *pdo, if (pdo_apdo_type(pdo[i]) != APDO_TYPE_PPS) break; - if (pdo_pps_apdo_max_current(pdo[i]) < - pdo_pps_apdo_max_current(pdo[i - 1])) + if (pdo_pps_apdo_max_voltage(pdo[i]) < + pdo_pps_apdo_max_voltage(pdo[i - 1])) return PDO_ERR_PPS_APDO_NOT_SORTED; else if (pdo_pps_apdo_min_voltage(pdo[i]) == pdo_pps_apdo_min_voltage(pdo[i - 1]) && -- 1.9.1

7 years, 3 months

3
2
0 0

FAILED: patch "[PATCH] USB: serial: ti_usb_3410_5052: fix array underflow in" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5dfdd24eb3d39d815bc952ae98128e967c9bba49 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Tue, 21 Aug 2018 11:59:53 +0200 Subject: [PATCH] USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Similarly to a recently reported bug in io_ti, a malicious USB device could set port_number to a negative value and we would underflow the port array in the interrupt completion handler. As these devices only have one or two ports, fix this by making sure we only consider the seventh bit when determining the port number (and ignore bits 0xb0 which are typically set to 0x30). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c index 3010878f7f8e..e3c5832337e0 100644 --- a/drivers/usb/serial/ti_usb_3410_5052.c +++ b/drivers/usb/serial/ti_usb_3410_5052.c @@ -1119,7 +1119,7 @@ static void ti_break(struct tty_struct *tty, int break_state) static int ti_get_port_from_code(unsigned char code) { - return (code >> 4) - 3; + return (code >> 6) & 0x01; } static int ti_get_func_from_code(unsigned char code)

7 years, 3 months

3
2
0 0

[PATCH v2 3/6] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..87ce772ae7f8 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -409,6 +409,7 @@ struct intel_connector { void *port; /* store this opaque as its illegal to dereference it */ struct intel_dp *mst_port; + bool mst_port_gone; /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

7 years, 3 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c0305995d3676c8f7764eb79a7f99de8d18c591a: Linux 3.18.122 (2018-09-09 20:07:57 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-23092018 for you to fetch changes up to a82a0e3c4908b0371fb7b5a0a44b9e272691eeca: IB/nes: Fix a compiler warning (2018-09-14 01:45:39 -0400) - ---------------------------------------------------------------- for-greg-3.18-23092018 - ---------------------------------------------------------------- Bart Van Assche (1): IB/nes: Fix a compiler warning Dan Carpenter (1): drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Jann Horn (1): mtdchar: fix overflows in adjustment of `count` Julia Lawall (1): parport: sunbpp: fix error return code Maciej W. Rozycki (1): binfmt_elf: Respect error return from `regset->active' Nicholas Mc Guire (2): ARM: hisi: handle of_iomap and fix missing of_node_put ARM: hisi: check of_iomap and fix missing of_node_put Paul Burton (1): MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Ronny Chevalier (1): audit: fix use-after-free in audit_add_watch Timo Wischer (1): ALSA: pcm: Fix snd_interval_refine first/last with open min/max Zhouyang Jia (1): rtc: bq4802: add error handling for devm_ioremap arch/arm/mach-hisi/hotplug.c | 33 +++++++++++++++++--------- arch/mips/loongson/common/cs5536/cs5536_ohci.c | 2 +- drivers/gpu/drm/panel/panel-s6e8aa0.c | 2 +- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/mtd/mtdchar.c | 10 +++++--- drivers/parport/parport_sunbpp.c | 8 +++++-- drivers/rtc/rtc-bq4802.c | 4 ++++ fs/binfmt_elf.c | 2 +- kernel/audit_watch.c | 12 +++++++++- sound/core/pcm_lib.c | 14 +++++++---- 10 files changed, 64 insertions(+), 25 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluoN34ACgkQ3qZv95d3 LNwHFQ/+J3t+u+OeERAOffJZ/bff/5HVZpeXwADooavWc+rdn1q+pg+CfoDoySOU 10XaPEZjRzrM8oUJ+yD7k7VSx6SwiwPOyIIMsLbcZJ7y+hUFdnismXx/b/U8WX74 2CuyM7KTv/0+0FbVTLFDaSVvYzU80iBGBB7/8Jh1EMTYJrbAyym/lr8WJjaHsae+ AeyMXm7AJ9zjtu/aitnsfluHkIO7/nf3vo+JVVxS5rSiTDSlZ9UIjTAbJqQWTP65 AULIWKjjPeNvKUhPkUUxlpULrwJjqlvWax4b0/yrKEnD1XxbSWHouZcx4/o0Lm7v 2reU4hOemtvN0IykEaUwsShA7TUSx7g6/Zvh/bLDZinjM/apLjX8a/hfVDkxPxDh 4oICtaEo8QvkUAy67hyYKJaYV3fHz17iZaLhH1eIv7WV8HXD6snriX6xPAwDlIEL wnJ6ibOx/tKg0cglw8O7/9iVmjXhHZD1IXHc/Ikql6j4bvmEBLpCso0Q4hRFFcAG 4b1Cwt01O+1FRcF2bdIjgzjtTrNVb6bd2DxTr9+FH/qtI/hC0RWkDuZ0HIu3yv35 cz12V3dxP9piuTE1IgHOGemuJDVtOF5e6T+A7TTA67Xy4j4srL1QH0+nsHTcmbHu hE4mRwCFaKtb+2zn/C/WyLd6sJFViIrCXu/n5yq6xLEV/8vQon8= =Il6C -----END PGP SIGNATURE-----

7 years, 3 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c40a7b3592b3b7519eadc130c5583db2aaf70f68: Linux 4.4.156 (2018-09-15 09:40:42 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-23092018 for you to fetch changes up to 504442cb2577cba67540eb860d90d07ae5e00589: pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (2018-09-19 22:40:06 -0400) - ---------------------------------------------------------------- for-greg-4.4-23092018 - ---------------------------------------------------------------- Andy Shevchenko (1): gpiolib: Mark gpio_suffixes array with __maybe_unused Bart Van Assche (1): IB/nes: Fix a compiler warning Dan Carpenter (1): drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Douglas Anderson (1): pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Jann Horn (1): mtdchar: fix overflows in adjustment of `count` John Stultz (1): selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Julia Lawall (1): parport: sunbpp: fix error return code Maciej W. Rozycki (1): binfmt_elf: Respect error return from `regset->active' Nicholas Mc Guire (3): ARM: hisi: handle of_iomap and fix missing of_node_put ARM: hisi: fix error handling and missing of_node_put ARM: hisi: check of_iomap and fix missing of_node_put Paul Burton (1): MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Robin Murphy (1): coresight: tpiu: Fix disabling timeouts Ronny Chevalier (1): audit: fix use-after-free in audit_add_watch Suzuki K Poulose (1): coresight: Handle errors in finding input/output ports Thierry Reding (1): drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Timo Wischer (1): ALSA: pcm: Fix snd_interval_refine first/last with open min/max Wei Lu (1): drm/amdkfd: Fix error codes in kfd_get_process Zhouyang Jia (1): rtc: bq4802: add error handling for devm_ioremap arch/arm/mach-hisi/hotplug.c | 41 ++++++++++++++-------- arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 +++++++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/hwtracing/coresight/coresight-tpiu.c | 7 ++-- drivers/hwtracing/coresight/coresight.c | 7 ++-- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/mtd/mtdchar.c | 10 ++++-- drivers/parport/parport_sunbpp.c | 8 +++-- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 ++++++++++++----- drivers/rtc/rtc-bq4802.c | 4 +++ fs/binfmt_elf.c | 2 +- kernel/audit_watch.c | 12 ++++++- sound/core/pcm_lib.c | 14 +++++--- tools/testing/selftests/timers/raw_skew.c | 5 +++ 17 files changed, 122 insertions(+), 43 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluoN3YACgkQ3qZv95d3 LNzzexAArz3U9pc2hnP+0/gLlU4OZfAPpKDEA7qWD4P64yfDXKnIM8iCB1eyb08f +JOMQpTGuej7ve9TA0EM7rkchVVu6d2xuxrWKa9mtoga8LzC9V+ECt6E3m0216/C Vujd32YM36d2tNeu3QfIy5DG5DoOICJLr6YiOMRg/CNOGGk2nh3SW3M/4DhuDP5b 4mBVeqyEgsrzzzxnCj7rZyYpZ55OeWRiMbotYS578yA6J2TgzlJHWIEtmimqsPyH EFVcLPJOawNEoVgxbBP0ojP6gC+PFQ53EXa1YwUwByGc+QRQtS6bfuwlzOpL3MnG vK5d3rfjw7ovks/sqyPhtrTPRXSNCaS8CaL+SWo+Q/g8Ug8ETbVKqA79lpJJzyZd QQB+rBmA1r6dMi9KJM9vq9hEcPv6HskUBqcSteP3+wtUsYIm07YxcPgIVF0c2YzY ajujPv1SFmssyV0+1fpxd1E2BInHfVOe9+7eadzZm6ufoxrrW2EEbskNomzgEpGJ TvWDUDj0sPjruFwzzHIFg3kfWAEikBD0ulGCofP0coE9GgieQXSDKKu9fDqlLrtF OL9an1IdyXE4RSo6ZCJqYhhyaKcDiMdfwADYWLVNRgE+jue+tMcSqhHktctr9aUw bL27Mw7YAZlaXEmli0C7DS+JWWvQ+7cxcMFySw9hSk2lFWHf/8Y= =f7/I -----END PGP SIGNATURE-----

7 years, 3 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 927556eb3a72306db1ba5ab8b9bb9914433302ba: Linux 4.9.127 (2018-09-15 09:43:07 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-23092018 for you to fetch changes up to 0ae21019c823235f7ad90ea18952acf99535aab6: pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (2018-09-23 20:58:26 -0400) - ---------------------------------------------------------------- for-greg-4.9-23092018 - ---------------------------------------------------------------- Andy Shevchenko (2): gpiolib: Mark gpio_suffixes array with __maybe_unused gpiolib: Respect error code of ->get_direction() Ard Biesheuvel (1): efi/esrt: Only call efi_mem_reserve() for boot services memory Arvind Yadav (1): PM / devfreq: use put_device() instead of kfree() Bart Van Assche (1): IB/nes: Fix a compiler warning Dan Carpenter (1): drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Douglas Anderson (1): pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Enrico Scholz (1): gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Jann Horn (1): mtdchar: fix overflows in adjustment of `count` John Stultz (1): selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Julia Lawall (1): parport: sunbpp: fix error return code Maciej W. Rozycki (1): binfmt_elf: Respect error return from `regset->active' Matthew Garrett (1): evm: Don't deadlock if a crypto algorithm is unavailable Mike Christie (1): configfs: fix registered group removal Nicholas Mc Guire (3): ARM: hisi: handle of_iomap and fix missing of_node_put ARM: hisi: fix error handling and missing of_node_put ARM: hisi: check of_iomap and fix missing of_node_put Paul Burton (1): MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Paul E. McKenney (1): rcu: Fix grace-period hangs due to race with CPU offline Peter Rosin (2): mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Robin Murphy (1): coresight: tpiu: Fix disabling timeouts Ronny Chevalier (1): audit: fix use-after-free in audit_add_watch Stefan Agner (2): mmc: tegra: prevent HS200 on Tegra 3 mmc: sdhci: do not try to use 3.3V signaling if not supported Suzuki K Poulose (1): coresight: Handle errors in finding input/output ports Thierry Reding (1): drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Timo Wischer (1): ALSA: pcm: Fix snd_interval_refine first/last with open min/max Wei Lu (1): drm/amdkfd: Fix error codes in kfd_get_process Wei Yongjun (1): gpio: pxa: Fix potential NULL dereference Zhouyang Jia (1): rtc: bq4802: add error handling for devm_ioremap arch/arm/mach-hisi/hotplug.c | 41 ++++++++++++++-------- arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- crypto/api.c | 2 +- drivers/devfreq/devfreq.c | 4 ++- drivers/firmware/efi/esrt.c | 3 +- drivers/gpio/gpio-pxa.c | 2 ++ drivers/gpio/gpiolib.c | 6 ++++ drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 +++++++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/gpu/ipu-v3/ipu-csi.c | 20 ++++++++--- drivers/hwtracing/coresight/coresight-tpiu.c | 7 ++-- drivers/hwtracing/coresight/coresight.c | 7 ++-- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/input/touchscreen/rohm_bu21023.c | 4 +-- drivers/mfd/88pm860x-i2c.c | 8 ++--- drivers/mmc/host/sdhci-tegra.c | 3 +- drivers/mmc/host/sdhci.c | 9 ++++- drivers/mtd/mtdchar.c | 10 ++++-- drivers/parport/parport_sunbpp.c | 8 +++-- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 ++++++++++++----- drivers/rtc/rtc-bq4802.c | 4 +++ fs/binfmt_elf.c | 2 +- fs/configfs/dir.c | 11 ++++++ include/linux/crypto.h | 5 +++ kernel/audit_watch.c | 12 ++++++- kernel/rcu/tree.c | 6 ++++ kernel/rcu/tree.h | 4 +++ security/integrity/evm/evm_crypto.c | 3 +- sound/core/pcm_lib.c | 14 +++++--- tools/testing/selftests/timers/raw_skew.c | 5 +++ 32 files changed, 196 insertions(+), 59 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluoN3AACgkQ3qZv95d3 LNx/ZBAAjF/oxXDsE6qX5HgjHZdt2ELxjOwU8B1KuYGSleSyz2H5mUjXUqJBgBfV MPIzNa8DZNEUYbzQOVHjP+Mhg6N2gvnFv3r7PWpBv/ndjjHjrvXHeyO7NUAjM0/S O1n6gF62M7sulTGol25/YwRAjg2oa4xEwOfMYwG6V1xo2KlpQ11cLQkhz3hECfQk v4j1KIKF7ERY++369X5z7PeyeuhMrhzo6d5eKbiCeF3vGqd5oQYssaMx8uLvcPnJ iB+X/zGow3u3bAFbX3O10TVuOl6DKadQrkkeAix2+NLoNInJ+whOWLzFPdjkjlOB DQrRvIIAMYHrozh5ZJXqliO1f3rHET7p8VVHiLdCZrkN18Zp1dEIAaBPTAlY/sD+ ClRiWnKPhIX5Hw278A2GWD4QqPtSero89B9R5d734X3ETfv7pl5yXz/9jAf24Dci ifPz5fMG6gRKlsw4YPB+5K0DWnTBPzrDUrccGqk5iVkzdhrxzBkAlWIy1B0HADSg e1kSv8tUOOtJGZnUpodoDxBm9/hbIrJdJjumuS2LI9UDZZ2bHDzpc46co4g0QqZ5 jeqqPnWA+4ZZ9iX7BMkooktzjJbYP158A9WKKBUI2xbs2NqwDyK6U4zFysWn6BAN QSdJ0Iu5TiWmM20hPmCXolW/mZdgJfh+pU6wsv7BYonf0iNaWxQ= =vg19 -----END PGP SIGNATURE-----

7 years, 3 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 5dfe87ac34e2326ae2957fc68b63212d84f78701: Linux 4.14.70 (2018-09-15 09:45:37 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-23092018 for you to fetch changes up to bd02a23bf0470d825f51394a7febfe5d888cc903: clk: tegra: bpmp: Don't crash when a clock fails to register (2018-09-23 20:57:54 -0400) - ---------------------------------------------------------------- for-greg-4.14-23092018 - ---------------------------------------------------------------- Andrea Parri (1): sched/core: Use smp_mb() in wake_woken_function() Andy Shevchenko (2): gpiolib: Mark gpio_suffixes array with __maybe_unused gpiolib: Respect error code of ->get_direction() Ard Biesheuvel (1): efi/esrt: Only call efi_mem_reserve() for boot services memory Arvind Yadav (1): PM / devfreq: use put_device() instead of kfree() Bart Van Assche (1): IB/nes: Fix a compiler warning Dan Carpenter (1): drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Douglas Anderson (2): pinctrl: msm: Fix msm_config_group_get() to be compliant pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Enrico Scholz (1): gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Eric Biggers (1): security: check for kstrdup() failure in lsm_append() Hannes Reinecke (1): scsi: libfc: fixup 'sleeping function called from invalid context' Jann Horn (1): mtdchar: fix overflows in adjustment of `count` Johan Hovold (2): tty: fix termios input-speed encoding when using BOTHER tty: fix termios input-speed encoding John Stultz (1): selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Julia Lawall (1): parport: sunbpp: fix error return code Karol Herbst (1): drm/nouveau/debugfs: Wake up GPU before doing any reclocking Laurentiu Tudor (1): mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips Lyude Paul (1): drm/nouveau: Fix runtime PM leak in drm_open() Maciej W. Rozycki (1): binfmt_elf: Respect error return from `regset->active' Matthew Garrett (1): evm: Don't deadlock if a crypto algorithm is unavailable Mike Christie (1): configfs: fix registered group removal Mikko Perttunen (1): clk: tegra: bpmp: Don't crash when a clock fails to register Miklos Szeredi (1): vfs: fix freeze protection in mnt_want_write_file() for overlayfs Ming Lei (2): blk-mq: only attempt to merge bio if there is rq in sw queue blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() Nicholas Mc Guire (4): KVM: PPC: Book3S HV: Add of_node_put() in success path ARM: hisi: handle of_iomap and fix missing of_node_put ARM: hisi: fix error handling and missing of_node_put ARM: hisi: check of_iomap and fix missing of_node_put Noa Osherovich (1): net/mlx5: Add missing SET_DRIVER_VERSION command translation Paul Burton (1): MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Paul E. McKenney (1): rcu: Fix grace-period hangs due to race with CPU offline Peter Rosin (2): mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Philipp Puschmann (1): Bluetooth: Use lock_sock_nested in bt_accept_enqueue Quentin Perret (1): sched/fair: Fix util_avg of new tasks for asymmetric systems Rick Farrington (1): liquidio: fix hang when re-binding VF host drv after running DPDK VF driver Robin Murphy (1): coresight: tpiu: Fix disabling timeouts Ronny Chevalier (1): audit: fix use-after-free in audit_add_watch Stefan Agner (2): mmc: tegra: prevent HS200 on Tegra 3 mmc: sdhci: do not try to use 3.3V signaling if not supported Suzuki K Poulose (2): coresight: Handle errors in finding input/output ports coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 Thierry Reding (1): drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Timo Wischer (1): ALSA: pcm: Fix snd_interval_refine first/last with open min/max Tony Lindgren (2): pinctrl: rza1: Fix selector use for groups and functions pinctrl: pinmux: Return selector to the pinctrl driver Tuomas Tynkkynen (1): staging: bcm2835-audio: Don't leak workqueue if open fails Viresh Kumar (1): arm64: dts: uniphier: Add missing cooling device properties for CPUs Wei Lu (1): drm/amdkfd: Fix error codes in kfd_get_process Wei Yongjun (1): gpio: pxa: Fix potential NULL dereference Zhouyang Jia (1): rtc: bq4802: add error handling for devm_ioremap arch/arm/mach-hisi/hotplug.c | 41 ++++++++++++------- arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 + arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- arch/powerpc/kvm/book3s_hv.c | 2 + block/blk-core.c | 8 +++- block/blk-mq-sched.c | 3 +- crypto/api.c | 2 +- drivers/clk/tegra/clk-bpmp.c | 12 ++++-- drivers/devfreq/devfreq.c | 4 +- drivers/firmware/efi/esrt.c | 3 +- drivers/gpio/gpio-pxa.c | 2 + drivers/gpio/gpiolib.c | 6 +++ drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 + drivers/gpu/drm/nouveau/nouveau_debugfs.c | 4 ++ drivers/gpu/drm/nouveau/nouveau_drm.c | 6 ++- drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 ++++++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/gpu/ipu-v3/ipu-csi.c | 20 +++++++-- drivers/hwtracing/coresight/coresight-etm4x.c | 31 +++++++------- drivers/hwtracing/coresight/coresight-tpiu.c | 7 ++-- drivers/hwtracing/coresight/coresight.c | 7 +++- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/input/touchscreen/rohm_bu21023.c | 4 +- drivers/mfd/88pm860x-i2c.c | 8 ++-- drivers/mmc/host/sdhci-of-esdhc.c | 6 +++ drivers/mmc/host/sdhci-tegra.c | 3 +- drivers/mmc/host/sdhci.c | 9 ++++- drivers/mtd/mtdchar.c | 10 +++-- .../ethernet/cavium/liquidio/cn23xx_pf_device.c | 3 ++ .../ethernet/cavium/liquidio/cn23xx_vf_device.c | 3 ++ drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + drivers/parport/parport_sunbpp.c | 8 +++- drivers/pinctrl/pinctrl-rza1.c | 24 ++++++----- drivers/pinctrl/pinmux.c | 16 ++++++-- drivers/pinctrl/qcom/pinctrl-msm.c | 14 +++++-- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 +++++++++++---- drivers/rtc/rtc-bq4802.c | 4 ++ drivers/scsi/libfc/fc_disc.c | 7 ++-- .../vc04_services/bcm2835-audio/bcm2835-vchiq.c | 16 +++++--- drivers/tty/tty_baudrate.c | 13 ++++-- fs/binfmt_elf.c | 2 +- fs/configfs/dir.c | 11 +++++ fs/namespace.c | 7 ++-- include/linux/crypto.h | 5 +++ kernel/audit_watch.c | 12 +++++- kernel/rcu/tree.c | 6 +++ kernel/rcu/tree.h | 4 ++ kernel/sched/fair.c | 10 +++-- kernel/sched/wait.c | 47 ++++++++++------------ net/bluetooth/af_bluetooth.c | 2 +- security/integrity/evm/evm_crypto.c | 3 +- security/security.c | 2 + sound/core/pcm_lib.c | 14 +++++-- tools/testing/selftests/timers/raw_skew.c | 5 +++ 55 files changed, 346 insertions(+), 148 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluoN2kACgkQ3qZv95d3 LNzH0A/+Nky1OtBall6Lm+Otwod6CtqU/cV7LH53rKqgGxD6nYVaV0Tx5GI9hly0 tQvSmigvgc2ws08MHKVLlr8elFiJAsv0QVUvRNtkprunxdVMHyxtale1lDN+023n TqdJyEj6cgome9zyE6Ye68HtILijB4DO6bkSqK7NbaB5CRarfacQlPchx94Zj1V7 9S97Z1F70N7lauFlb/PEV8Voqk3mbGGH6ZWjhP8K7gbxRGYJk+8tWG1kY2X63mbY dtBreIjiWM6Kw+7LI4Hid5v5j/Y6YBFsbMVYEM2mskZK9ezC2vV6xcdFB87K2+eG HkpKF/kX7c7PAylVRDhHLB6Z7epA0GHOW23e8ZXNbVuCzGdMGiri0v9W3+bKFOX7 WONaFuYHDFc4TLOdI5R9AuAm/s6K3Juzurt6DgGmTbQPjBCMsvb6JeKE5OBz5z5c IJBHplCJGHVrj1SjZwHWZetXEqqYZ248Wod8RyCgSOf4t3Lx7HGYSOY1irPvTuRR QIIV1ukwY/wvLJ2LoNdTtJRGr8f8y6Ul25bzc0//TI9IJW4KvoMDo+83Rt3+iDfs tH/UFnz6kNTopgYKrN+9E9tOGSra5GBFcAqLvXvvIbAsh4hXDFQ0hjjSuyhrNKjT D5JmUd2WJ9kWju93ZePU7f6f/VRa9CQ04y4jyroeUgeVW3zr5jk= =fsBE -----END PGP SIGNATURE-----

7 years, 3 months

1
0
0 0

[PATCH AUTOSEL 4.9 01/34] binfmt_elf: Respect error return from `regset->active'

by Sasha Levin

From: "Maciej W. Rozycki" <macro(a)mips.com> [ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ] The regset API documented in <linux/regset.h> defines -ENODEV as the result of the `->active' handler to be used where the feature requested is not available on the hardware found. However code handling core file note generation in `fill_thread_core_info' interpretes any non-zero result from the `->active' handler as the regset requested being active. Consequently processing continues (and hopefully gracefully fails later on) rather than being abandoned right away for the regset requested. Fix the problem then by making the code proceed only if a positive result is returned from the `->active' handler. Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 4206d3aa1978 ("elf core dump: notes user_regset") Patchwork: https://patchwork.linux-mips.org/patch/19332/ Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-fsdevel(a)vger.kernel.org Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index a4fabf60d5ee..e7e25a86bbff 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1706,7 +1706,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && regset->get && - (!regset->active || regset->active(t->task, regset))) { + (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset->n * regset->size; void *data = kmalloc(size, GFP_KERNEL); -- 2.17.1

7 years, 3 months

2
36
0 0

[PATCH 4/4] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> A cpumask structure on the stack can cause a warning with CONFIG_NR_CPUS=8192 (e.g. Ubuntu 16.04 and 18.04 use this): drivers/hv//channel_mgmt.c: In function ‘init_vp_index’: drivers/hv//channel_mgmt.c:702:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=] Nowadays it looks most distros enable CONFIG_CPUMASK_OFFSTACK=y, and hence we can work around the warning by using cpumask_var_t. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/channel_mgmt.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index e7598b569bea..d943fa022e34 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -601,16 +601,18 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) bool perf_chn = vmbus_devs[dev_type].perf_device; struct vmbus_channel *primary = channel->primary_channel; int next_node; - struct cpumask available_mask; + cpumask_var_t available_mask; struct cpumask *alloced_mask; if ((vmbus_proto_version == VERSION_WS2008) || - (vmbus_proto_version == VERSION_WIN7) || (!perf_chn)) { + (vmbus_proto_version == VERSION_WIN7) || (!perf_chn) || + !alloc_cpumask_var(&available_mask, GFP_KERNEL)) { /* * Prior to win8, all channel interrupts are * delivered on cpu 0. * Also if the channel is not a performance critical * channel, bind it to cpu 0. + * In case alloc_cpumask_var() fails, bind it to cpu 0. */ channel->numa_node = 0; channel->target_cpu = 0; @@ -648,7 +650,7 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) cpumask_clear(alloced_mask); } - cpumask_xor(&available_mask, alloced_mask, + cpumask_xor(available_mask, alloced_mask, cpumask_of_node(primary->numa_node)); cur_cpu = -1; @@ -666,10 +668,10 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) } while (true) { - cur_cpu = cpumask_next(cur_cpu, &available_mask); + cur_cpu = cpumask_next(cur_cpu, available_mask); if (cur_cpu >= nr_cpu_ids) { cur_cpu = -1; - cpumask_copy(&available_mask, + cpumask_copy(available_mask, cpumask_of_node(primary->numa_node)); continue; } @@ -699,6 +701,8 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type) channel->target_cpu = cur_cpu; channel->target_vp = hv_cpu_number_to_vp_number(cur_cpu); + + free_cpumask_var(available_mask); } static void vmbus_wait_for_unload(void) -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH 3/4] Drivers: hv: kvp: Fix two "this statement may fall through" warnings

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> We don't need to call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO in kvp_send_key(), because here we just need to pass on the op code from the host to the userspace; when the userspace returns the info requested by the host, we pass the info on to the host in kvp_respond_to_host() -> process_ob_ipinfo(). BTW, the current buggy code actually doesn't cause any harm, because only message->kvp_hdr.operation is used by the userspace, in the case of KVP_OP_GET_IP_INFO. The patch also adds a missing "break;" in kvp_send_key(). BTW, the current buggy code actually doesn't cause any harm, because in the case of KVP_OP_SET, the unexpected fall-through corrupts message->body.kvp_set.data.key_size, but that is not really used: see the definition of struct hv_kvp_exchg_msg_value. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/hv_kvp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 023bd185d21a..a7513a8a8e37 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,7 +353,6 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; - default: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -406,7 +405,7 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); + /* We only need to pass on message->kvp_hdr.operation. */ break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,6 +445,9 @@ kvp_send_key(struct work_struct *dummy) break; } + + break; + case KVP_OP_GET: message->body.kvp_set.data.key_size = utf16s_to_utf8s( -- 2.18.0

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] cifs: integer overflow in in SMB2_ioctl()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2d204ee9d671327915260071c19350d84344e096 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Mon, 10 Sep 2018 14:12:07 +0300 Subject: [PATCH] cifs: integer overflow in in SMB2_ioctl() The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and wrap around to a smaller value which looks like it would lead to an information leak. Fixes: 4a72dafa19ba ("SMB2 FSCTL and IOCTL worker function") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Reviewed-by: Aurelien Aptel <aaptel(a)suse.com> CC: Stable <stable(a)vger.kernel.org> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 6f0e6b42599c..f54d07bda067 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2459,14 +2459,14 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, /* We check for obvious errors in the output buffer length and offset */ if (*plen == 0) goto ioctl_exit; /* server returned no data */ - else if (*plen > 0xFF00) { + else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) { cifs_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); *plen = 0; rc = -EIO; goto ioctl_exit; } - if (rsp_iov.iov_len < le32_to_cpu(rsp->OutputOffset) + *plen) { + if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) { cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, le32_to_cpu(rsp->OutputOffset)); *plen = 0;

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] cifs: integer overflow in in SMB2_ioctl()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2d204ee9d671327915260071c19350d84344e096 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Mon, 10 Sep 2018 14:12:07 +0300 Subject: [PATCH] cifs: integer overflow in in SMB2_ioctl() The "le32_to_cpu(rsp->OutputOffset) + *plen" addition can overflow and wrap around to a smaller value which looks like it would lead to an information leak. Fixes: 4a72dafa19ba ("SMB2 FSCTL and IOCTL worker function") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Reviewed-by: Aurelien Aptel <aaptel(a)suse.com> CC: Stable <stable(a)vger.kernel.org> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 6f0e6b42599c..f54d07bda067 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2459,14 +2459,14 @@ SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, /* We check for obvious errors in the output buffer length and offset */ if (*plen == 0) goto ioctl_exit; /* server returned no data */ - else if (*plen > 0xFF00) { + else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) { cifs_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); *plen = 0; rc = -EIO; goto ioctl_exit; } - if (rsp_iov.iov_len < le32_to_cpu(rsp->OutputOffset) + *plen) { + if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) { cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, le32_to_cpu(rsp->OutputOffset)); *plen = 0;

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 432061b3da64e488be3403124a72a9250bbe96d4 Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Wed, 5 Sep 2018 09:17:45 -0400 Subject: [PATCH] dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock There's a XFS on dm-crypt deadlock, recursing back to itself due to the crypto subsystems use of GFP_KERNEL, reported here: https://bugzilla.kernel.org/show_bug.cgi?id=200835 * dm-crypt calls crypt_convert in xts mode * init_crypt from xts.c calls kmalloc(GFP_KERNEL) * kmalloc(GFP_KERNEL) recurses into the XFS filesystem, the filesystem tries to submit some bios and wait for them, causing a deadlock Fix this by updating both the DM crypt and integrity targets to no longer use the CRYPTO_TFM_REQ_MAY_SLEEP flag, which will change the crypto allocations from GFP_KERNEL to GFP_ATOMIC, therefore they can't recurse into a filesystem. A GFP_ATOMIC allocation can fail, but init_crypt() in xts.c handles the allocation failure gracefully - it will fall back to preallocated buffer if the allocation fails. The crypto API maintainer says that the crypto API only needs to allocate memory when dealing with unaligned buffers and therefore turning CRYPTO_TFM_REQ_MAY_SLEEP off is safe (see this discussion: https://www.redhat.com/archives/dm-devel/2018-August/msg00195.html ) Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index f266c81f396f..0481223b1deb 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -332,7 +332,7 @@ static int crypt_iv_essiv_init(struct crypt_config *cc) int err; desc->tfm = essiv->hash_tfm; - desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + desc->flags = 0; err = crypto_shash_digest(desc, cc->key, cc->key_size, essiv->salt); shash_desc_zero(desc); @@ -606,7 +606,7 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv, int i, r; desc->tfm = lmk->hash_tfm; - desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + desc->flags = 0; r = crypto_shash_init(desc); if (r) @@ -768,7 +768,7 @@ static int crypt_iv_tcw_whitening(struct crypt_config *cc, /* calculate crc32 for every 32bit part and xor it */ desc->tfm = tcw->crc32_tfm; - desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + desc->flags = 0; for (i = 0; i < 4; i++) { r = crypto_shash_init(desc); if (r) @@ -1251,7 +1251,7 @@ static void crypt_alloc_req_skcipher(struct crypt_config *cc, * requests if driver request queue is full. */ skcipher_request_set_callback(ctx->r.req, - CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, + CRYPTO_TFM_REQ_MAY_BACKLOG, kcryptd_async_done, dmreq_of_req(cc, ctx->r.req)); } @@ -1268,7 +1268,7 @@ static void crypt_alloc_req_aead(struct crypt_config *cc, * requests if driver request queue is full. */ aead_request_set_callback(ctx->r.req_aead, - CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, + CRYPTO_TFM_REQ_MAY_BACKLOG, kcryptd_async_done, dmreq_of_req(cc, ctx->r.req_aead)); } diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 378878599466..89ccb64342de 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -532,7 +532,7 @@ static void section_mac(struct dm_integrity_c *ic, unsigned section, __u8 result unsigned j, size; desc->tfm = ic->journal_mac; - desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + desc->flags = 0; r = crypto_shash_init(desc); if (unlikely(r)) { @@ -676,7 +676,7 @@ static void complete_journal_encrypt(struct crypto_async_request *req, int err) static bool do_crypt(bool encrypt, struct skcipher_request *req, struct journal_completion *comp) { int r; - skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, complete_journal_encrypt, comp); if (likely(encrypt)) r = crypto_skcipher_encrypt(req);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: omap_hsmmc: fix wakeirq handling on removal" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c398f3c3bef21961eaaeb93227fa66d440dc83d Mon Sep 17 00:00:00 2001 From: Andreas Kemnade <andreas(a)kemnade.info> Date: Sun, 2 Sep 2018 09:30:58 +0200 Subject: [PATCH] mmc: omap_hsmmc: fix wakeirq handling on removal after unbinding mmc I get things like this: [ 185.294067] mmc1: card 0001 removed [ 185.305206] omap_hsmmc 480b4000.mmc: wake IRQ with no resume: -13 The wakeirq stays in /proc-interrupts rebinding shows this: [ 289.795959] genirq: Flags mismatch irq 112. 0000200a (480b4000.mmc:wakeup) vs. 0000200a (480b4000.mmc:wakeup) [ 289.808959] omap_hsmmc 480b4000.mmc: Unable to request wake IRQ [ 289.815338] omap_hsmmc 480b4000.mmc: no SDIO IRQ support, falling back to polling That bug seems to be introduced by switching from devm_request_irq() to generic wakeirq handling. So let us cleanup at removal. Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Fixes: 5b83b2234be6 ("mmc: omap_hsmmc: Change wake-up interrupt to use generic wakeirq") Cc: stable(a)vger.kernel.org # v4.2+ Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c index 071693ebfe18..68760d4a5d3d 100644 --- a/drivers/mmc/host/omap_hsmmc.c +++ b/drivers/mmc/host/omap_hsmmc.c @@ -2177,6 +2177,7 @@ static int omap_hsmmc_remove(struct platform_device *pdev) dma_release_channel(host->tx_chan); dma_release_channel(host->rx_chan); + dev_pm_clear_wake_irq(host->dev); pm_runtime_dont_use_autosuspend(host->dev); pm_runtime_put_sync(host->dev); pm_runtime_disable(host->dev);

7 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] iw_cxgb4: only allow 1 flush on user qps" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 308aa2b8f7b7db3332a7d41099fd37851fb793b2 Mon Sep 17 00:00:00 2001 From: Steve Wise <swise(a)opengridcomputing.com> Date: Fri, 31 Aug 2018 07:15:56 -0700 Subject: [PATCH] iw_cxgb4: only allow 1 flush on user qps Once the qp has been flushed, it cannot be flushed again. The user qp flush logic wasn't enforcing it however. The bug can cause touch-after-free crashes like: Unable to handle kernel paging request for data at address 0x000001ec Faulting instruction address: 0xc008000016069100 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c008000016069100] flush_qp+0x80/0x480 [iw_cxgb4] LR [c00800001606cd6c] c4iw_modify_qp+0x71c/0x11d0 [iw_cxgb4] Call Trace: [c00800001606cd6c] c4iw_modify_qp+0x71c/0x11d0 [iw_cxgb4] [c00800001606e868] c4iw_ib_modify_qp+0x118/0x200 [iw_cxgb4] [c0080000119eae80] ib_security_modify_qp+0xd0/0x3d0 [ib_core] [c0080000119c4e24] ib_modify_qp+0xc4/0x2c0 [ib_core] [c008000011df0284] iwcm_modify_qp_err+0x44/0x70 [iw_cm] [c008000011df0fec] destroy_cm_id+0xcc/0x370 [iw_cm] [c008000011ed4358] rdma_destroy_id+0x3c8/0x520 [rdma_cm] [c0080000134b0540] ucma_close+0x90/0x1b0 [rdma_ucm] [c000000000444da4] __fput+0xe4/0x2f0 So fix flush_qp() to only flush the wq once. Cc: stable(a)vger.kernel.org Signed-off-by: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c index b3203afa3b1d..347fe18b1a41 100644 --- a/drivers/infiniband/hw/cxgb4/qp.c +++ b/drivers/infiniband/hw/cxgb4/qp.c @@ -1685,6 +1685,12 @@ static void flush_qp(struct c4iw_qp *qhp) schp = to_c4iw_cq(qhp->ibqp.send_cq); if (qhp->ibqp.uobject) { + + /* for user qps, qhp->wq.flushed is protected by qhp->mutex */ + if (qhp->wq.flushed) + return; + + qhp->wq.flushed = 1; t4_set_wq_in_error(&qhp->wq, 0); t4_set_cq_in_error(&rchp->cq); spin_lock_irqsave(&rchp->comp_handler_lock, flag);

7 years, 3 months

1
0
0 0

[char-misc v4.18.y] mei: bus: type promotion bug in mei_nfc_if_version()

by Tomas Winkler

From: Dan Carpenter <dan.carpenter(a)oracle.com> commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> v4.18 Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index 0208c4b027c5..fa0236a5e59a 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -267,7 +267,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.14.4

7 years, 3 months

1
0
0 0

[char-misc v4.14.y] mei: bus: type promotion bug in mei_nfc_if_version()

by Tomas Winkler

From: Dan Carpenter <dan.carpenter(a)oracle.com> commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> # 4.14 Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index 0208c4b027c5..fa0236a5e59a 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -267,7 +267,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.14.4

7 years, 3 months

1
0
0 0

[char-misc v4.9.y] mei: bus: type promotion bug in mei_nfc_if_version()

by Tomas Winkler

From: Dan Carpenter <dan.carpenter(a)oracle.com> commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> # 4.9 Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index 75b9d4ac8b1e..371f5f66a9d6 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -178,7 +178,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.14.4

7 years, 3 months

1
0
0 0

[PATCH 3.16 00/63] 3.16.58-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.58 release. There are 63 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Sep 24 00:15:41 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() [a45b599ad808c3c982fdcdc12b0b8611c2f92824] Alexey Khoroshilov (1): usbip: fix error handling in stub_probe() [3ff67445750a84de67faaf52c6e1895cb09f2c56] Andy Lutomirski (1): x86/entry/64: Remove %ebx handling from error_entry/exit [b3681dd548d06deb2e1573890829dff4b15abf46] Ben Hutchings (2): Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" [not upstream; the reverted commit was correct for upstream] x86/fpu: Default eagerfpu if FPU and FXSR are enabled [58122bf1d856a4ea9581d62a07c557d997d46a19] Borislav Petkov (1): x86/cpu/AMD: Fix erratum 1076 (CPB bit) [f7f3dc00f61261cdc9ccd8b886f21bc4dffd6fd9] Christoph Paasch (1): net: Set sk_prot_creator when cloning sockets to the right proto [9d538fa60bad4f7b23193c89e843797a1cf71ef3] Cong Wang (1): infiniband: fix a possible use-after-free bug [cb2595c1393b4a5211534e6f0a0fbad369e21ad8] Dave Chinner (2): xfs: catch inode allocation state mismatch corruption [ee457001ed6c6f31ddad69c24c1da8f377d8472d] xfs: validate cached inodes are free when allocated [afca6c5b2595fc44383919fba740c194b0b76aff] Eric Sandeen (2): xfs: don't call xfs_da_shrink_inode with NULL bp [bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a] xfs: set format back to extents if xfs_bmap_extents_to_btree [2c4306f719b083d17df2963bc761777576b8ad1b] Ernesto A . Fernández (1): hfsplus: fix NULL dereference in hfsplus_lookup() [a7ec7a4193a2eb3b5341243fc0b621c1ac9e4ec4] Ingo Molnar (2): x86/fpu: Fix the 'nofxsr' boot parameter to also clear X86_FEATURE_FXSR_OPT [d364a7656c1855c940dfa4baf4ebcc3c6a9e6fd2] x86/speculation: Clean up various Spectre related details [21e433bdb95bdf3aa48226fd3d33af608437f293] Jann Horn (1): USB: yurex: fix out-of-bounds uaccess in read handler [f1e255d60ae66a9f672ff9a207ee6cd8e33d2679] Jason Yan (1): scsi: libsas: defer ata device eh commands to libata [318aaf34f1179b39fa9c30fa0f3288b645beee39] Jens Axboe (1): sr: pass down correctly sized SCSI sense buffer [f7068114d45ec55996b9040e98111afa56e010fe] Jiri Kosina (1): x86/speculation: Protect against userspace-userspace spectreRSB [fdf82a7856b32d905c39afc85e34364491e46346] Kees Cook (5): seccomp: add "seccomp" syscall [48dc92b9fc3926844257316e75ba11eb5c742b2c] seccomp: create internal mode-setting function [d78ab02c2c194257a03355fbb79eb721b381d105] seccomp: extract check/assign mode helpers [1f41b450416e689b9b7c8bfb750a98604f687a9b] seccomp: split mode setting routines [3b23dd12846215eff4afb073366b80c0c4d7543e] video: uvesafb: Fix integer overflow in allocation [9f645bcc566a1e9f921bdae7528a01ced5bc3713] Kyle Huey (2): x86/process: Correct and optimize TIF_BLOCKSTEP switch [b9894a2f5bd18b1691cb6872c9afe32b148d0132] x86/process: Optimize TIF checks in __switch_to_xtra() [af8b3cd3934ec60f4c2a420d19a9d416554f140b] Linus Torvalds (2): Fix up non-directory creation in SGID directories [0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7] mm: get rid of vmacache_flush_all() entirely [7a9cdebdcc17e426fb5287e4a82db1dfe86339b2] Mark Salyzyn (1): Bluetooth: hidp: buffer overflow in hidp_process_report [7992c18810e568b95c869b227137a2215702a805] Mel Gorman (2): futex: Remove requirement for lock_page() in get_futex_key() [65d8fc777f6dcfee12785c057a6b57f679641c90] futex: Remove unnecessary warning from get_futex_key [48fb6f4db940e92cfb16cd878cddd59ea6120d06] Nadav Amit (1): KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR [e37a75a13cdae5deaa2ea2cbf8d55b5dd08638b6] Paolo Bonzini (4): KVM: x86: introduce linear_{read,write}_system [79367a65743975e5cac8d24d08eccc7fdae832b0] KVM: x86: introduce num_emulated_msrs [62ef68bb4d00f1a662e487f3fc44ce8521c416aa] KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system [ce14e868a54edeb2e30cb7a7b104a2fc4b9d76ca] kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access [3c9fa24ca7c9c47605672916491f79e8ccacb9e6] Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests [5800dc5c19f34e6e03b5adab1282535cb102fafd] Piotr Luc (1): x86/cpu/intel: Add Knights Mill to Intel family [0047f59834e5947d45f34f5f12eb330d158f700b] Qu Wenruo (1): btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized [389305b2aa68723c754f88d9dbd268a400e10664] Sanjeev Sharma (1): uas: replace WARN_ON_ONCE() with lockdep_assert_held() [ab945eff8396bc3329cc97274320e8d2c6585077] Scott Bauer (1): cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status [8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4] Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size [92d34134193e5b129dc24f8d79cb9196626e8d7a] Shuah Khan (6): usbip: usbip_host: delete device from busid_table after rebind [1e180f167d4e413afccbbb4a421b48b2de832549] usbip: usbip_host: fix NULL-ptr deref and use-after-free errors [22076557b07c12086eeb16b8ce2b0b735f7a27e7] usbip: usbip_host: fix bad unlock balance during stub_probe() [c171654caa875919be3c533d3518da8be5be966e] usbip: usbip_host: fix to hold parent lock for device_attach() calls [4bfb141bc01312a817d36627cc47c93f801c216d] usbip: usbip_host: refine probe and disconnect debug msgs to be useful [28b68acc4a88dcf91fd1dcf2577371dc9bf574cc] usbip: usbip_host: run rebind from exit when module is removed [7510df3f29d44685bab7b1918b61a8ccd57126a9] Takashi Iwai (1): ALSA: rawmidi: Change resized buffers atomically [39675f7a7c7e7702f7d5341f1e0d01db746543a0] Theodore Ts'o (14): ext4: add corruption check in ext4_xattr_set_entry() [5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d] ext4: add more inode number paranoia checks [c37e9e013469521d9adb932d17a1795c139b36db] ext4: always check block group bounds in ext4_init_block_bitmap() [819b23f1c501b17b9694325471789e6b5cc2d0d2] ext4: always verify the magic number in xattr blocks [513f86d73855ce556ea9522b6bfd79f87356dc3a] ext4: avoid running out of journal credits when appending to an inline file [8bc1379b82b8e809eef77a9fedbb75c6c297be19] ext4: clear i_data in ext4_inode_info when removing inline data [6e8ab72a812396996035a37e5ca4b3b99b5d214b] ext4: don't allow r/w mounts if metadata blocks overlap the superblock [18db4b4e6fc31eda838dd1c1296d67dbcb3dc957] ext4: fix check to prevent initializing reserved inodes [5012284700775a4e6e3fbe7eac4c543c4874b559] ext4: fix false negatives *and* false positives in ext4_check_descriptors() [44de022c4382541cebdd6de4465d1f4f465ff1dd] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors [77260807d1170a8cf35dbb06e07461a655f67eee] ext4: never move the system.data xattr out of the inode body [8cdb5240ec5928b20490a2bb34cb87e9a5f40226] ext4: only look at the bg_flags field if it is valid [8844618d8aa7a9973e7b527d038a2a589665002c] ext4: verify the depth of extent tree in ext4_find_extent() [bc890a60247171294acc0bd67d211fa4b88d40ba] jbd2: don't mark block as modified if the handle is out of credits [e09463f220ca9a1a1ecfda84fcda658f99a1f12a] Makefile | 4 +- arch/Kconfig | 1 + arch/x86/include/asm/intel-family.h | 1 + arch/x86/include/asm/kvm_emulate.h | 6 +- arch/x86/include/uapi/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 13 +++ arch/x86/kernel/cpu/bugs.c | 59 ++++---------- arch/x86/kernel/cpu/common.c | 17 ++-- arch/x86/kernel/entry_64.S | 13 +-- arch/x86/kernel/i387.c | 24 ++++++ arch/x86/kernel/paravirt.c | 14 +++- arch/x86/kernel/process.c | 62 +++++++++------ arch/x86/kernel/xsave.c | 24 +----- arch/x86/kvm/emulate.c | 76 ++++++++++-------- arch/x86/kvm/vmx.c | 20 +++-- arch/x86/kvm/x86.c | 91 ++++++++++++++------- arch/x86/kvm/x86.h | 4 +- arch/x86/syscalls/syscall_32.tbl | 1 + arch/x86/syscalls/syscall_64.tbl | 1 + drivers/cdrom/cdrom.c | 2 +- drivers/infiniband/core/ucma.c | 6 +- drivers/scsi/libsas/sas_scsi_host.c | 33 +++----- drivers/scsi/sg.c | 2 +- drivers/scsi/sr_ioctl.c | 21 ++--- drivers/staging/usbip/stub.h | 2 + drivers/staging/usbip/stub_dev.c | 69 +++++++++------- drivers/staging/usbip/stub_main.c | 100 +++++++++++++++++++++-- drivers/usb/misc/yurex.c | 23 ++---- drivers/usb/storage/uas.c | 8 +- drivers/video/fbdev/uvesafb.c | 3 +- fs/btrfs/relocation.c | 23 +++--- fs/ext4/balloc.c | 21 +++-- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 39 +-------- fs/ext4/inode.c | 3 +- fs/ext4/mballoc.c | 6 +- fs/ext4/super.c | 41 +++++++++- fs/ext4/xattr.c | 49 ++++++------ fs/hfsplus/dir.c | 4 +- fs/inode.c | 6 ++ fs/jbd2/transaction.c | 2 +- fs/jfs/xattr.c | 10 ++- fs/xfs/xfs_attr_leaf.c | 5 +- fs/xfs/xfs_bmap.c | 2 + fs/xfs/xfs_icache.c | 58 ++++++++++++-- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/syscalls.h | 2 + include/linux/vmacache.h | 5 -- include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/seccomp.h | 4 + kernel/futex.c | 99 +++++++++++++++++++++-- kernel/seccomp.c | 146 ++++++++++++++++++++++++++++------ kernel/sys_ni.c | 3 + mm/vmacache.c | 36 --------- net/bluetooth/hidp/core.c | 4 +- net/core/sock.c | 2 + net/ipv4/ip_vti.c | 1 + sound/core/rawmidi.c | 20 +++-- 62 files changed, 847 insertions(+), 487 deletions(-) -- Ben Hutchings Any sufficiently advanced bug is indistinguishable from a feature.

7 years, 3 months

4
70
0 0

[PATCH] w1: omap-hdq: fix missing bus unregister at removal

by Andreas Kemnade

The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.11.0

7 years, 3 months

1
0
0 0

Re: [PATCH v2 1/2] printk: Fix panic caused by passing log_buf_len to command line

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Build OK! v4.9.127: Build OK! v4.4.156: Build OK! v3.18.122: Build failed! Errors: Please let us know how to resolve this. -- Thanks, Sasha

7 years, 3 months

2
1
0 0

Re: [PATCH] mm/page_alloc: Fix panic caused by passing debug_guardpage_minorder or kernelcore to command line

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Build OK! v4.9.127: Build OK! v4.4.156: Failed to apply! Possible dependencies: 342332e6a925 ("mm/page_alloc.c: introduce kernelcore=mirror option") v3.18.122: Failed to apply! Possible dependencies: 342332e6a925 ("mm/page_alloc.c: introduce kernelcore=mirror option") Please let us know how to resolve this. -- Thanks, Sasha

7 years, 3 months

2
1
0 0

[PATCH 3/6] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..87ce772ae7f8 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -409,6 +409,7 @@ struct intel_connector { void *port; /* store this opaque as its illegal to dereference it */ struct intel_dp *mst_port; + bool mst_port_gone; /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

7 years, 3 months

3
5
0 0

[PATCH resend] uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> Since this header is in "include/uapi/linux/", apparently people want to use it in userspace programs -- even in C++ ones. However, the header uses a C++ reserved keyword ("private"), so change that to "dh_private" instead to allow the header file to be used in C++ userspace. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051 Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: David Howells <dhowells(a)redhat.com> Cc: James Morris <jmorris(a)namei.org> Cc: "Serge E. Hallyn" <serge(a)hallyn.com> Cc: keyrings(a)vger.kernel.org Cc: linux-security-module(a)vger.kernel.org Cc: Mat Martineau <mathew.j.martineau(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- include/uapi/linux/keyctl.h | 2 +- security/keys/dh.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- lnx-416.orig/include/uapi/linux/keyctl.h +++ lnx-416/include/uapi/linux/keyctl.h @@ -65,7 +65,7 @@ /* keyctl structures */ struct keyctl_dh_params { - __s32 private; + __s32 dh_private; __s32 prime; __s32 base; }; --- lnx-416.orig/security/keys/dh.c +++ lnx-416/security/keys/dh.c @@ -307,7 +307,7 @@ long __keyctl_dh_compute(struct keyctl_d } dh_inputs.g_size = dlen; - dlen = dh_data_from_key(pcopy.private, &dh_inputs.key); + dlen = dh_data_from_key(pcopy.dh_private, &dh_inputs.key); if (dlen < 0) { ret = dlen; goto out2;

7 years, 3 months

5
5
0 0

[merged] ocfs2-fix-ocfs2-read-block-panic.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix ocfs2 read block panic has been removed from the -mm tree. Its filename was ocfs2-fix-ocfs2-read-block-panic.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Junxiao Bi <junxiao.bi(a)oracle.com> Subject: ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[<ffffffffa05e9f09>] [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [<ffffffffa0609f52>] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [<ffffffffa05eca00>] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [<ffffffffa05ec0cb>] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [<ffffffffa05f0fbf>] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [<ffffffffa065660f>] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [<ffffffffa05f4f3a>] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [<ffffffffa05f442e>] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [<ffffffffa061b2f2>] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [<ffffffffa061c385>] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [<ffffffff8121714b>] vfs_create+0xdb/0x150 [203748.713518] [<ffffffff8121b225>] do_last+0x815/0x1210 [203748.713772] [<ffffffff812192e9>] ? path_init+0xb9/0x450 [203748.714123] [<ffffffff8121bca0>] path_openat+0x80/0x600 [203748.714378] [<ffffffff811bcd45>] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [<ffffffff8121d7ba>] do_filp_open+0x3a/0xb0 [203748.714888] [<ffffffff8122a767>] ? __alloc_fd+0xa7/0x130 [203748.715143] [<ffffffff81209ffc>] do_sys_open+0x12c/0x220 [203748.715403] [<ffffffff81026ddb>] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [<ffffffff816f0c9f>] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [<ffffffff8120a10e>] SyS_open+0x1e/0x20 [203748.716184] [<ffffffff816f0d5e>] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP <ffff88006ff4b818> Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic fs/ocfs2/buffer_head_io.c --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic +++ a/fs/ocfs2/buffer_head_io.c @@ -342,6 +342,7 @@ int ocfs2_read_blocks(struct ocfs2_cachi * for this bh as it's not marked locally * uptodate. */ status = -EIO; + clear_buffer_needs_validate(bh); put_bh(bh); bhs[i] = NULL; continue; _ Patches currently in -mm which might be from junxiao.bi(a)oracle.com are

7 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror