- Linux-stable-mirror - lists.linaro.org

patch "vmbus: don't return values for uninitalized channels" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vmbus: don't return values for uninitalized channels to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 6712cc9c22117a8af9f3df272b4a44fd2e4201cd Mon Sep 17 00:00:00 2001 From: Stephen Hemminger <stephen(a)networkplumber.org> Date: Mon, 20 Aug 2018 21:16:40 +0000 Subject: vmbus: don't return values for uninitalized channels For unsupported device types, the vmbus channel ringbuffer is never initialized, and therefore reading the sysfs files will return garbage or cause a kernel OOPS. Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info") Signed-off-by: Stephen Hemminger <sthemmin(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Cc: <stable(a)vger.kernel.org> # 4.15 Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/vmbus_drv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index b1b548a21f91..c71cc857b649 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1291,6 +1291,9 @@ static ssize_t vmbus_chan_attr_show(struct kobject *kobj, if (!attribute->show) return -EIO; + if (chan->state != CHANNEL_OPENED_STATE) + return -EINVAL; + return attribute->show(chan, buf); } -- 2.18.0

7 years, 3 months

1
0
0 0

patch "Tools: hv: Fix a bug in the key delete code" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Tools: hv: Fix a bug in the key delete code to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 86503bd35dec0ce363e9fdbf5299927422ed3899 Mon Sep 17 00:00:00 2001 From: "K. Y. Srinivasan" <kys(a)microsoft.com> Date: Fri, 10 Aug 2018 23:06:07 +0000 Subject: Tools: hv: Fix a bug in the key delete code Fix a bug in the key delete code - the num_records range from 0 to num_records-1. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Reported-by: David Binderman <dcb314(a)hotmail.com> Cc: <stable(a)vger.kernel.org> Reviewed-by: Michael Kelley <mikelley(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/hv/hv_kvp_daemon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index dbf6e8bd98ba..bbb2a8ef367c 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -286,7 +286,7 @@ static int kvp_key_delete(int pool, const __u8 *key, int key_size) * Found a match; just move the remaining * entries up. */ - if (i == num_records) { + if (i == (num_records - 1)) { kvp_file_info[pool].num_records--; kvp_update_file(pool); return 0; -- 2.18.0

7 years, 3 months

1
0
0 0

patch "misc: ibmvsm: Fix wrong assignment of return code" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled misc: ibmvsm: Fix wrong assignment of return code to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c55e9318871cd06e4aa10f5023cc2dcdfbb08577 Mon Sep 17 00:00:00 2001 From: "Bryant G. Ly" <bryantly(a)linux.ibm.com> Date: Mon, 6 Aug 2018 08:31:00 -0500 Subject: misc: ibmvsm: Fix wrong assignment of return code Currently the assignment is flipped and rc is always 0. Signed-off-by: Bryant G. Ly <bryantly(a)linux.ibm.com> Fixes: 0eca353e7ae7 ("misc: IBM Virtual Management Channel Driver (VMC)") Reviewed-by: Bradley Warrum <bwarrum(a)us.ibm.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/ibmvmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/ibmvmc.c b/drivers/misc/ibmvmc.c index 8f82bb9d11e2..b8aaa684c397 100644 --- a/drivers/misc/ibmvmc.c +++ b/drivers/misc/ibmvmc.c @@ -2131,7 +2131,7 @@ static int ibmvmc_init_crq_queue(struct crq_server_adapter *adapter) retrc = plpar_hcall_norets(H_REG_CRQ, vdev->unit_address, queue->msg_token, PAGE_SIZE); - retrc = rc; + rc = retrc; if (rc == H_RESOURCE) rc = ibmvmc_reset_crq_queue(adapter); -- 2.18.0

7 years, 3 months

1
0
0 0

patch "android: binder: fix the race mmap and alloc_new_buf_locked" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled android: binder: fix the race mmap and alloc_new_buf_locked to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From da1b9564e85b1d7baf66cbfabcab27e183a1db63 Mon Sep 17 00:00:00 2001 From: Minchan Kim <minchan(a)kernel.org> Date: Thu, 23 Aug 2018 14:29:56 +0900 Subject: android: binder: fix the race mmap and alloc_new_buf_locked There is RaceFuzzer report like below because we have no lock to close below the race between binder_mmap and binder_alloc_new_buf_locked. To close the race, let's use memory barrier so that if someone see alloc->vma is not NULL, alloc->vma_vm_mm should be never NULL. (I didn't add stable mark intentionallybecause standard android userspace libraries that interact with binder (libbinder & libhwbinder) prevent the mmap/ioctl race. - from Todd) " Thread interleaving: CPU0 (binder_alloc_mmap_handler) CPU1 (binder_alloc_new_buf_locked) ===== ===== // drivers/android/binder_alloc.c // #L718 (v4.18-rc3) alloc->vma = vma; // drivers/android/binder_alloc.c // #L346 (v4.18-rc3) if (alloc->vma == NULL) { ... // alloc->vma is not NULL at this point return ERR_PTR(-ESRCH); } ... // #L438 binder_update_page_range(alloc, 0, (void *)PAGE_ALIGN((uintptr_t)buffer->data), end_page_addr); // In binder_update_page_range() #L218 // But still alloc->vma_vm_mm is NULL here if (need_mm && mmget_not_zero(alloc->vma_vm_mm)) alloc->vma_vm_mm = vma->vm_mm; Crash Log: ================================================================== BUG: KASAN: null-ptr-deref in __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline] BUG: KASAN: null-ptr-deref in atomic_add_unless include/linux/atomic.h:533 [inline] BUG: KASAN: null-ptr-deref in mmget_not_zero include/linux/sched/mm.h:75 [inline] BUG: KASAN: null-ptr-deref in binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218 Write of size 4 at addr 0000000000000058 by task syz-executor0/11184 CPU: 1 PID: 11184 Comm: syz-executor0 Not tainted 4.18.0-rc3 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16e/0x22c lib/dump_stack.c:113 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x163/0x380 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x140/0x1a0 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 __atomic_add_unless include/asm-generic/atomic-instrumented.h:89 [inline] atomic_add_unless include/linux/atomic.h:533 [inline] mmget_not_zero include/linux/sched/mm.h:75 [inline] binder_update_page_range+0xece/0x18e0 drivers/android/binder_alloc.c:218 binder_alloc_new_buf_locked drivers/android/binder_alloc.c:443 [inline] binder_alloc_new_buf+0x467/0xc30 drivers/android/binder_alloc.c:513 binder_transaction+0x125b/0x4fb0 drivers/android/binder.c:2957 binder_thread_write+0xc08/0x2770 drivers/android/binder.c:3528 binder_ioctl_write_read.isra.39+0x24f/0x8e0 drivers/android/binder.c:4456 binder_ioctl+0xa86/0xf34 drivers/android/binder.c:4596 vfs_ioctl fs/ioctl.c:46 [inline] do_vfs_ioctl+0x154/0xd40 fs/ioctl.c:686 ksys_ioctl+0x94/0xb0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:706 do_syscall_64+0x167/0x4b0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe " Signed-off-by: Todd Kjos <tkjos(a)google.com> Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Martijn Coenen <maco(a)android.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder_alloc.c | 43 +++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 3f3b7b253445..64fd96eada31 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -332,6 +332,35 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate, return vma ? -ENOMEM : -ESRCH; } + +static inline void binder_alloc_set_vma(struct binder_alloc *alloc, + struct vm_area_struct *vma) +{ + if (vma) + alloc->vma_vm_mm = vma->vm_mm; + /* + * If we see alloc->vma is not NULL, buffer data structures set up + * completely. Look at smp_rmb side binder_alloc_get_vma. + * We also want to guarantee new alloc->vma_vm_mm is always visible + * if alloc->vma is set. + */ + smp_wmb(); + alloc->vma = vma; +} + +static inline struct vm_area_struct *binder_alloc_get_vma( + struct binder_alloc *alloc) +{ + struct vm_area_struct *vma = NULL; + + if (alloc->vma) { + /* Look at description in binder_alloc_set_vma */ + smp_rmb(); + vma = alloc->vma; + } + return vma; +} + static struct binder_buffer *binder_alloc_new_buf_locked( struct binder_alloc *alloc, size_t data_size, @@ -348,7 +377,7 @@ static struct binder_buffer *binder_alloc_new_buf_locked( size_t size, data_offsets_size; int ret; - if (alloc->vma == NULL) { + if (!binder_alloc_get_vma(alloc)) { binder_alloc_debug(BINDER_DEBUG_USER_ERROR, "%d: binder_alloc_buf, no vma\n", alloc->pid); @@ -723,9 +752,7 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc, buffer->free = 1; binder_insert_free_buffer(alloc, buffer); alloc->free_async_space = alloc->buffer_size / 2; - barrier(); - alloc->vma = vma; - alloc->vma_vm_mm = vma->vm_mm; + binder_alloc_set_vma(alloc, vma); mmgrab(alloc->vma_vm_mm); return 0; @@ -754,10 +781,10 @@ void binder_alloc_deferred_release(struct binder_alloc *alloc) int buffers, page_count; struct binder_buffer *buffer; - BUG_ON(alloc->vma); - buffers = 0; mutex_lock(&alloc->mutex); + BUG_ON(alloc->vma); + while ((n = rb_first(&alloc->allocated_buffers))) { buffer = rb_entry(n, struct binder_buffer, rb_node); @@ -900,7 +927,7 @@ int binder_alloc_get_allocated_count(struct binder_alloc *alloc) */ void binder_alloc_vma_close(struct binder_alloc *alloc) { - WRITE_ONCE(alloc->vma, NULL); + binder_alloc_set_vma(alloc, NULL); } /** @@ -935,7 +962,7 @@ enum lru_status binder_alloc_free_page(struct list_head *item, index = page - alloc->pages; page_addr = (uintptr_t)alloc->buffer + index * PAGE_SIZE; - vma = alloc->vma; + vma = binder_alloc_get_vma(alloc); if (vma) { if (!mmget_not_zero(alloc->vma_vm_mm)) goto err_mmget; -- 2.18.0

7 years, 3 months

1
0
0 0

patch "mei: bus: need to unlink client before freeing" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: bus: need to unlink client before freeing to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 34f1166afd67f9f48a08c52f36180048908506a4 Mon Sep 17 00:00:00 2001 From: Tomas Winkler <tomas.winkler(a)intel.com> Date: Mon, 27 Aug 2018 22:40:16 +0300 Subject: mei: bus: need to unlink client before freeing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case a client fails to connect in mei_cldev_enable(), the caller won't call the mei_cldev_disable leaving the client in a linked stated. Upon driver unload the client structure will be freed in mei_cl_bus_dev_release(), leaving a stale pointer on a fail_list. This will eventually end up in crash during power down flow in mei_cl_set_disonnected(). RIP: mei_cl_set_disconnected+0x5/0x260[mei] Call trace: mei_cl_all_disconnect+0x22/0x30 mei_reset+0x194/0x250 __synchronize_hardirq+0x43/0x50 _cond_resched+0x15/0x30 mei_me_intr_clear+0x20/0x100 mei_stop+0x76/0xb0 mei_me_shutdown+0x3f/0x80 pci_device_shutdown+0x34/0x60 kernel_restart+0x0e/0x30 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Fixes: 'c110cdb17148 ("mei: bus: make a client pointer always available")' Cc: <stable(a)vger.kernel.org> 4.10+ Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 13c6c9a2248a..fc3872fe7b25 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -521,17 +521,15 @@ int mei_cldev_enable(struct mei_cl_device *cldev) cl = cldev->cl; + mutex_lock(&bus->device_lock); if (cl->state == MEI_FILE_UNINITIALIZED) { - mutex_lock(&bus->device_lock); ret = mei_cl_link(cl); - mutex_unlock(&bus->device_lock); if (ret) - return ret; + goto out; /* update pointers */ cl->cldev = cldev; } - mutex_lock(&bus->device_lock); if (mei_cl_is_connected(cl)) { ret = 0; goto out; @@ -875,12 +873,13 @@ static void mei_cl_bus_dev_release(struct device *dev) mei_me_cl_put(cldev->me_cl); mei_dev_bus_put(cldev->bus); + mei_cl_unlink(cldev->cl); kfree(cldev->cl); kfree(cldev); } static const struct device_type mei_cl_device_type = { - .release = mei_cl_bus_dev_release, + .release = mei_cl_bus_dev_release, }; /** -- 2.18.0

7 years, 3 months

1
0
0 0

patch "mei: bus: fix hw module get/put balance" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: bus: fix hw module get/put balance to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 69bf5313035926b0b6a6578de4f3168a8f5c19b8 Mon Sep 17 00:00:00 2001 From: Tomas Winkler <tomas.winkler(a)intel.com> Date: Mon, 27 Aug 2018 22:40:15 +0300 Subject: mei: bus: fix hw module get/put balance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case the device is not connected it doesn't 'get' hw module and hence should not 'put' it on disable. Cc: <stable(a)vger.kernel.org> 4.16+ Fixes:'commit 257355a44b99 ("mei: make module referencing local to the bus.c")' Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 7bba62a72921..13c6c9a2248a 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -616,9 +616,8 @@ int mei_cldev_disable(struct mei_cl_device *cldev) if (err < 0) dev_err(bus->dev, "Could not disconnect from the ME client\n"); -out: mei_cl_bus_module_put(cldev); - +out: /* Flush queues and remove any pending read */ mei_cl_flush_queues(cl, NULL); mei_cl_unlink(cl); -- 2.18.0

7 years, 3 months

1
0
0 0

patch "mei: ignore not found client in the enumeration" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: ignore not found client in the enumeration to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 8d2d8935d30cc2acc57a3196dc10dfa8d5cbcdab Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Mon, 6 Aug 2018 17:47:33 +0300 Subject: mei: ignore not found client in the enumeration Some of the ME clients are available only for BIOS operation and are removed during hand off to an OS. However the removal is not instant. A client may be visible on the client list when the mei driver requests for enumeration, while the subsequent request for properties will be answered with client not found error value. The default behavior for an error is to perform client reset while this error is harmless and the link reset should be prevented. This issue started to be visible due to suspend/resume timing changes. Currently reported only on the Haswell based system. Fixes: [33.564957] mei_me 0000:00:16.0: hbm: properties response: wrong status = 1 CLIENT_NOT_FOUND [33.564978] mei_me 0000:00:16.0: mei_irq_read_handler ret = -71. [33.565270] mei_me 0000:00:16.0: unexpected reset: dev_state = INIT_CLIENTS fw status = 1E000255 60002306 00000200 00004401 00000000 00000010 Cc: <stable(a)vger.kernel.org> Reported-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/hbm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/misc/mei/hbm.c b/drivers/misc/mei/hbm.c index 09e233d4c0de..e56f3e72d57a 100644 --- a/drivers/misc/mei/hbm.c +++ b/drivers/misc/mei/hbm.c @@ -1161,15 +1161,18 @@ int mei_hbm_dispatch(struct mei_device *dev, struct mei_msg_hdr *hdr) props_res = (struct hbm_props_response *)mei_msg; - if (props_res->status) { + if (props_res->status == MEI_HBMS_CLIENT_NOT_FOUND) { + dev_dbg(dev->dev, "hbm: properties response: %d CLIENT_NOT_FOUND\n", + props_res->me_addr); + } else if (props_res->status) { dev_err(dev->dev, "hbm: properties response: wrong status = %d %s\n", props_res->status, mei_hbm_status_str(props_res->status)); return -EPROTO; + } else { + mei_hbm_me_cl_add(dev, props_res); } - mei_hbm_me_cl_add(dev, props_res); - /* request property for the next client */ if (mei_hbm_prop_req(dev, props_res->me_addr + 1)) return -EIO; -- 2.18.0

7 years, 3 months

1
0
0 0

Re: [PATCH] x86/EISA: Don't probe EISA bus for Xen PV guests

by Boris Ostrovsky

On 9/11/18 4:20 PM, Thomas Gleixner wrote: > On Tue, 11 Sep 2018, Boris Ostrovsky wrote: > >> For unprivileged Xen PV guests this is normal memory and ioremap will >> not be able to properly map it. >> >> While at it, since ioremap may return NULL, add a test for pointer's >> validity. > I assume this goes back to very dead kernels, so that should go with a Cc > stable, right? > Yes, I forgot to add those (and now I did), thanks for pointing this out. It has to go at least all the way back to 4.13 since before f7eaf6e00fd58 ("x86/boot: Move EISA setup to a separate file"), just by luck, early_ioremap() worked for the guests. -boris

7 years, 3 months

1
0
0 0

[PATCH for-rc 0/2] IB/hfi1: RC patches

by Dennis Dalessandro

Hi Doug and Jason, Here are two patches that should probably land in the RC. The first one ensures we don't index beyond the end of an array. The other is more subtle but arguably more important. The bug it fixes results in incorrect IRQ bits to be set and the result is we do not get an interrupt for an error and have to wait for another interrupt to fire to see said error. --- Dennis Dalessandro (1): IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds Michael J. Ruhl (1): IB/hfi1: set_intr_bits uses incorrect source for register modification drivers/infiniband/hw/hfi1/chip.c | 2 +- drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) -- -Denny

7 years, 3 months

2
5
0 0

[PATCH 4.4 000/124] 4.4.146-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.146 release. There are 124 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:39 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.146-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.146-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> tcp: add one more quick ack after after ECN events Yousuk Seung <ysseung(a)google.com> tcp: refactor tcp_ecn_check_ce to remove sk type cast Eric Dumazet <edumazet(a)google.com> tcp: do not aggressively quick ack after ECN events Eric Dumazet <edumazet(a)google.com> tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode Eric Dumazet <edumazet(a)google.com> tcp: do not force quickack when receiving out-of-order packets Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> NET: stmmac: align DMA stuff to largest cache line length Dmitry Safonov <dima(a)arista.com> netlink: Don't shift with UB on nlk->ngroups Dmitry Safonov <dima(a)arista.com> netlink: Do not subscribe to non-existent groups Xiao Liang <xiliang(a)redhat.com> xen-netfront: wait xenbus state change when load module manually Stefan Wahren <stefan.wahren(a)i2se.com> net: lan78xx: fix rx handling before first packet is send tangpengpeng <tangpengpeng(a)higon.com> net: fix amd-xgbe flow-control issue Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv4: remove BUG_ON() from fib_compute_spec_dst Andrea Adami <andrea.adami(a)gmail.com> ASoC: pxa: Fix module autoload for platform drivers Eric Engestrom <eric.engestrom(a)imgtec.com> dmaengine: pxa_dma: remove duplicate const qualifier Theodore Ts'o <tytso(a)mit.edu> ext4: check for allocation block validity with block group locked Theodore Ts'o <tytso(a)mit.edu> ext4: fix inline data updates with checksums enabled Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: be more careful about metadata corruption Theodore Ts'o <tytso(a)mit.edu> random: mix rdrand with entropy sent in from userspace José Roberto de Souza <jose.souza(a)intel.com> drm: Add DP PSR2 sink enable bit Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: si470x: fix __be16 annotations Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: scsi_dh: replace too broad "TP9" string with the exact models Suman Anna <s-anna(a)ti.com> media: omap3isp: fix unbalanced dma_iommu_mapping Tudor-Dan Ambarus <tudor.ambarus(a)microchip.com> crypto: authenc - don't leak pointers to authenc keys Tudor-Dan Ambarus <tudor.ambarus(a)microchip.com> crypto: authencesn - don't leak pointers to authenc keys Dominik Bozek <dominikx.bozek(a)intel.com> usb: hub: Don't wait for connect state at resume for powered-off ports Michal Simek <michal.simek(a)xilinx.com> microblaze: Fix simpleImage format generation Ondrej Mosnáček <omosnace(a)redhat.com> audit: allow not equal op for audit by executable Siva Rebbagondla <siva.rebbagondla(a)redpinesignals.com> rsi: Fix 'invalid vdd' warning in mmc Chris Novakovic <chris(a)chrisn.me.uk> ipconfig: Correctly initialise ic_nameservers Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> drm/gma500: fix psb_intel_lvds_mode_valid()'s return type Dmitry Osipenko <digetx(a)gmail.com> memory: tegra: Apply interrupts mask per SoC Dmitry Osipenko <digetx(a)gmail.com> memory: tegra: Do not handle spurious interrupts Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: hda/ca0132: fix build failure when a local macro is defined Satendra Singh Thakur <satendra.t(a)samsung.com> drm/atomic: Handling the case when setting old crtc for plane Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: siano: get rid of __le32/__le16 cast warnings Jakub Kicinski <jakub.kicinski(a)netronome.com> bpf: fix references to free_bpf_prog_info() in comments Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> thermal: exynos: fix setting rising_threshold for Exynos5433 Dan Carpenter <dan.carpenter(a)oracle.com> scsi: megaraid: silence a static checker bug Wenwen Wang <wang6495(a)umn.edu> scsi: 3w-xxxx: fix a missing-check bug Wenwen Wang <wang6495(a)umn.edu> scsi: 3w-9xxx: fix a missing-check bug Thomas Richter <tmricht(a)linux.ibm.com> perf: fix invalid bit in diagnostic entry Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Add data entry sizes to sampling trailer entry Sean Lanigan <sean(a)lano.id.au> brcmfmac: Add support for bcm43364 wireless chipset Jane Wan <Jane.Wan(a)nokia.com> mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages Brad Love <brad(a)nextdimension.cc> media: saa7164: Fix driver name in debug output Damien Le Moal <damien.lemoal(a)wdc.com> libata: Fix command retry decision Wei Yongjun <yongjun_wei(a)trendmicro.com.cn> media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() Marc Zyngier <marc.zyngier(a)arm.com> dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA DaeRyong Jeong <threeearcat(a)gmail.com> tty: Fix data race in tty_insert_flip_string_fixed_flag Dmitry Torokhov <dtor(a)chromium.org> HID: i2c-hid: check if device is there before really probing Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> drm/radeon: fix mode_valid's return type Terry Junge <terry.junge(a)plantronics.com> HID: hid-plantronics: Re-resend Update to map button for PTT products Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback Colin Ian King <colin.king(a)canonical.com> media: smiapp: fix timeout checking in smiapp_read_nvm Yufen Yu <yuyufen(a)huawei.com> md: fix NULL dereference of mddev->pers in remove_and_add_spares() Anson Huang <Anson.Huang(a)nxp.com> regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops Takashi Iwai <tiwai(a)suse.de> ALSA: emu10k1: Rate-limit error messages about page errors Maya Erez <merez(a)codeaurora.org> scsi: ufs: fix exception event handling Xinming Hu <huxm(a)marvell.com> mwifiex: correct histogram data with appropriate index Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Request control of native hotplug only if supported Julia Lawall <Julia.Lawall(a)lip6.fr> pinctrl: at91-pio4: add missing of_node_put Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/8xx: fix invalid register expression in head_8xx.S Mathieu Malaterre <malat(a)debian.org> powerpc/powermac: Mark variable x as unused Mathieu Malaterre <malat(a)debian.org> powerpc/powermac: Add missing prototype for note_bootable_part() Mathieu Malaterre <malat(a)debian.org> powerpc/chrp/time: Make some functions static, add missing header include Mathieu Malaterre <malat(a)debian.org> powerpc/32: Add a missing include header Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Bahamas Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Bermuda Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Serbia Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Tanzania Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Uganda Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for APL2_FCCA Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for APL13_WORLD Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for ETSI8_WORLD Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for FCC3_ETSIC Christoph Hellwig <hch(a)lst.de> PCI: Prevent sysfs disable of device while driver is attached Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Finish rescan when hit the last leaf of extent tree David Sterba <dsterba(a)suse.com> btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups Hans Verkuil <hans.verkuil(a)cisco.com> media: videobuf2-core: don't call memop 'finish' when queueing Eyal Reizer <eyalreizer(a)gmail.com> wlcore: sdio: check for valid platform device data before suspend Ganapathi Bhat <gbhat(a)marvell.com> mwifiex: handle race during mwifiex_usb_disconnect Vincent Palatin <vpalatin(a)chromium.org> mfd: cros_ec: Fail early if we cannot identify the EC Kai Chieh Chuang <kaichieh.chuang(a)mediatek.com> ASoC: dpcm: fix BE dai not hw_free and shutdown Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 Thierry Escande <thierry.escande(a)linaro.org> Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning Shaul Triebitz <shaul.triebitz(a)intel.com> iwlwifi: pcie: fix race in Rx buffer allocator Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Correct fixed counter index check for NHM Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Correct fixed counter index check in generic code Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_detach: Fix memory, udev context and udev leak Chao Yu <yuchao0(a)huawei.com> f2fs: fix to don't trigger writeback during recovery Anatoly Pugachev <matorola(a)gmail.com> disable loading f2fs module on PAGE_SIZE > 4KB Leon Romanovsky <leonro(a)mellanox.com> RDMA/mad: Convert BUG_ONs to error flows Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix compiler store ordering to SLB shadow area Stewart Smith <stewart(a)linux.ibm.com> hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() Cong Wang <xiyou.wangcong(a)gmail.com> infiniband: fix a possible use-after-free bug Jozsef Kadlecsik <kadlec(a)blackhole.kfki.hu> netfilter: ipset: List timing out entries with "timeout 1" instead of zero Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ensure rtc_set_alarm fails when alarms are not supported Mathieu Malaterre <malat(a)debian.org> mm/slub.c: add __printf verification to slab_err() Chintan Pandya <cpandya(a)codeaurora.org> mm: vmalloc: avoid racy handling of debugobjects in vunmap Scott Mayhew <smayhew(a)redhat.com> nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo Zhouyang Jia <jiazhouyang09(a)gmail.com> ALSA: fm801: add error handling for snd_ctl_add Zhouyang Jia <jiazhouyang09(a)gmail.com> ALSA: emu10k1: add error handling for snd_ctl_add Juergen Gross <jgross(a)suse.com> xen/netfront: raise max number of slots in xennet_get_responses() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Quiet gcc warning about maybe unused link variable Artem Savkov <asavkov(a)redhat.com> tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix possible double free in event_enable_trigger_func() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix double free of event_trigger_data KT Liao <kt.liao(a)emc.com.tw> Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST Chen-Yu Tsai <wens(a)csie.org> Input: i8042 - add Lenovo LaVie Z to the i8042 reset list Donald Shanty III <dshanty(a)protonmail.com> Input: elan_i2c - add ACPI ID for lenovo ideapad 330 Paul Burton <paul.burton(a)mips.com> MIPS: Fix off-by-one in pci_resource_to_user() ------------- Diffstat: Makefile | 4 +- arch/microblaze/boot/Makefile | 10 +++-- arch/mips/include/asm/pci.h | 2 +- arch/powerpc/kernel/head_8xx.S | 2 +- arch/powerpc/kernel/pci_32.c | 1 + arch/powerpc/mm/slb.c | 8 ++-- arch/powerpc/platforms/chrp/time.c | 6 ++- arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 5 +++ arch/powerpc/platforms/powermac/bootx_init.c | 4 +- arch/powerpc/platforms/powermac/setup.c | 1 + arch/s390/include/asm/cpu_mf.h | 6 ++- arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +- .../x86/kernel/cpu/perf_event_intel_uncore_nhmex.c | 2 +- arch/x86/kvm/vmx.c | 7 ++-- crypto/authenc.c | 1 + crypto/authencesn.c | 1 + drivers/acpi/pci_root.c | 4 +- drivers/ata/libata-eh.c | 12 ++++-- drivers/bluetooth/btusb.c | 3 ++ drivers/bluetooth/hci_qca.c | 2 +- drivers/char/random.c | 10 ++++- drivers/crypto/padlock-aes.c | 8 +++- drivers/dma/pxa_dma.c | 2 +- drivers/gpu/drm/drm_atomic.c | 4 +- drivers/gpu/drm/gma500/psb_intel_drv.h | 2 +- drivers/gpu/drm/gma500/psb_intel_lvds.c | 2 +- drivers/gpu/drm/radeon/radeon_connectors.c | 10 ++--- drivers/hid/hid-plantronics.c | 6 ++- drivers/hid/i2c-hid/i2c-hid.c | 8 ++++ drivers/infiniband/core/mad.c | 11 +++-- drivers/infiniband/core/ucma.c | 6 ++- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/input/serio/i8042-x86ia64io.h | 7 ++++ drivers/md/md.c | 3 ++ drivers/media/common/siano/smsendian.c | 14 +++---- drivers/media/i2c/smiapp/smiapp-core.c | 11 +++-- drivers/media/pci/saa7164/saa7164-fw.c | 3 +- drivers/media/platform/omap3isp/isp.c | 7 ++-- drivers/media/platform/rcar_jpu.c | 4 +- drivers/media/radio/si470x/radio-si470x-i2c.c | 6 +-- drivers/media/v4l2-core/videobuf2-core.c | 9 ++-- drivers/memory/tegra/mc.c | 22 +++------- drivers/memory/tegra/mc.h | 9 ++++ drivers/memory/tegra/tegra114.c | 2 + drivers/memory/tegra/tegra124.c | 6 +++ drivers/memory/tegra/tegra210.c | 3 ++ drivers/memory/tegra/tegra30.c | 2 + drivers/mfd/cros_ec.c | 6 ++- drivers/mtd/nand/fsl_ifc_nand.c | 17 ++++---- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/usb/lan78xx.c | 2 + drivers/net/wireless/ath/regd.h | 5 +++ drivers/net/wireless/ath/regd_common.h | 13 ++++++ drivers/net/wireless/brcm80211/brcmfmac/bcmsdh.c | 1 + drivers/net/wireless/iwlwifi/pcie/rx.c | 2 + drivers/net/wireless/mwifiex/usb.c | 3 ++ drivers/net/wireless/mwifiex/util.c | 8 ++-- drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 - drivers/net/wireless/ti/wlcore/sdio.c | 5 +++ drivers/net/xen-netfront.c | 10 ++++- drivers/pci/pci-sysfs.c | 15 ++++--- drivers/pinctrl/pinctrl-at91-pio4.c | 4 +- drivers/regulator/pfuze100-regulator.c | 1 + drivers/rtc/interface.c | 5 +++ drivers/scsi/3w-9xxx.c | 5 +++ drivers/scsi/3w-xxxx.c | 3 ++ drivers/scsi/megaraid.c | 3 ++ drivers/scsi/megaraid/megaraid_sas_fusion.c | 3 ++ drivers/scsi/scsi_dh.c | 5 ++- drivers/scsi/sg.c | 1 + drivers/scsi/ufs/ufshcd.c | 2 + drivers/thermal/samsung/exynos_tmu.c | 1 + drivers/tty/hvc/hvc_opal.c | 1 - drivers/tty/pty.c | 3 ++ drivers/usb/core/hub.c | 4 ++ drivers/virtio/virtio_balloon.c | 2 + fs/btrfs/qgroup.c | 19 +++++++++ fs/btrfs/tree-log.c | 10 ++++- fs/ext4/balloc.c | 3 ++ fs/ext4/ialloc.c | 3 ++ fs/ext4/inline.c | 19 +++++---- fs/ext4/inode.c | 16 ++++---- fs/f2fs/segment.c | 3 ++ fs/f2fs/super.c | 6 +++ fs/nfsd/nfs4xdr.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/cache.c | 3 ++ fs/squashfs/file.c | 8 +++- fs/squashfs/fragment.c | 17 ++++---- fs/squashfs/squashfs_fs.h | 6 +++ fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 ++- include/drm/drm_dp_helper.h | 1 + include/linux/dma-iommu.h | 1 + include/linux/mmc/sdio_ids.h | 1 + include/linux/netfilter/ipset/ip_set_timeout.h | 10 ++++- include/net/tcp.h | 2 +- include/soc/tegra/mc.h | 2 + kernel/auditfilter.c | 2 +- kernel/auditsc.c | 2 + kernel/bpf/verifier.c | 4 +- kernel/trace/trace_events_trigger.c | 18 +++++--- kernel/trace/trace_kprobe.c | 15 ++++++- mm/slub.c | 2 +- mm/vmalloc.c | 3 +- net/dsa/slave.c | 6 +++ net/ipv4/fib_frontend.c | 4 +- net/ipv4/inet_fragment.c | 10 ++--- net/ipv4/ipconfig.c | 13 ++++++ net/ipv4/tcp_dctcp.c | 4 +- net/ipv4/tcp_input.c | 48 +++++++++++----------- net/netlink/af_netlink.c | 7 ++++ net/socket.c | 2 + sound/pci/emu10k1/emupcm.c | 4 +- sound/pci/emu10k1/memory.c | 6 +-- sound/pci/fm801.c | 16 ++++++-- sound/pci/hda/patch_ca0132.c | 8 +++- sound/soc/pxa/brownstone.c | 1 + sound/soc/pxa/mioa701_wm9713.c | 1 + sound/soc/pxa/mmp-pcm.c | 1 + sound/soc/pxa/mmp-sspa.c | 1 + sound/soc/pxa/palm27x.c | 1 + sound/soc/pxa/pxa-ssp.c | 1 + sound/soc/pxa/pxa2xx-ac97.c | 1 + sound/soc/pxa/pxa2xx-pcm.c | 1 + sound/soc/soc-pcm.c | 6 ++- sound/usb/pcm.c | 2 +- tools/usb/usbip/src/usbip_detach.c | 9 ++-- 130 files changed, 532 insertions(+), 208 deletions(-)

7 years, 3 months

10
143
0 0

[PATCH] of: fix phandle cache creation for DTs with no phandles

by Rob Herring

With commit 0b3ce78e90fc ("of: cache phandle nodes to reduce cost of of_find_node_by_phandle()"), a G3 PowerMac fails to boot. The root cause is the DT for this system has no phandle properties when booted with BootX. of_populate_phandle_cache() does not handle the case of no phandles correctly. The problem is roundup_pow_of_two() for 0 is undefined. The implementation subtracts 1 underflowing and then things are in the weeds. Fixes: 0b3ce78e90fc ("of: cache phandle nodes to reduce cost of of_find_node_by_phandle()") Cc: stable(a)vger.kernel.org # 4.17+ Reported-by: Finn Thain <fthain(a)telegraphics.com.au> Tested-by: Stan Johnson <userm57(a)yahoo.com> Cc: Frank Rowand <frowand.list(a)gmail.com> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Signed-off-by: Rob Herring <robh(a)kernel.org> --- Here's a formal patch of what Stan tested. Will send to Linus this week. Rob drivers/of/base.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/of/base.c b/drivers/of/base.c index a055cd1ef96d..17ae594b7014 100644 --- a/drivers/of/base.c +++ b/drivers/of/base.c @@ -140,6 +140,9 @@ void of_populate_phandle_cache(void) if (np->phandle && np->phandle != OF_PHANDLE_ILLEGAL) phandles++; + if (!phandles) + goto out; + cache_entries = roundup_pow_of_two(phandles); phandle_cache_mask = cache_entries - 1; -- 2.17.1

7 years, 3 months

2
1
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 96158f3a9e7027056a2e35cff5212434294b3b34: Linux 4.18.5 (2018-08-24 13:04:51 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-10092018 for you to fetch changes up to 3b1e50a5e5450260aeb29ff819b638cd90e5ec80: btrfs: fix mount and ioctl device scan ioctl race (2018-09-06 20:20:27 -0400) - ---------------------------------------------------------------- for-greg-4.18-10092018 - ---------------------------------------------------------------- Aleh Filipovich (1): platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Anand Jain (5): btrfs: fix in-memory value of total_devices after seed device deletion btrfs: do btrfs_free_stale_devices outside of device_list_add btrfs: extend locked section when adding a new device in device_list_add btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( btrfs: use device_list_mutex when removing stale devices Andrey Ryabinin (1): mm/fadvise.c: fix signed overflow UBSAN complaint Anton Vasilyev (1): pinctrl: axp209: Fix NULL pointer dereference after allocation Arnd Bergmann (3): fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds reiserfs: change j_timestamp type to time64_t x86/mce: Add notifier_block forward declaration Aurelien Aptel (1): CIFS: fix memory leak and remove dead code Bart Van Assche (2): cfq: Suppress compiler warnings about comparisons btrfs: Fix a C compliance issue Benno Evers (1): perf tools: Check for null when copying nsinfo. Breno Leitao (1): selftests/powerpc: Kill child processes on SIGINT Chao Yu (3): f2fs: avoid race between zero_range and background GC f2fs: fix avoid race between truncate and background GC f2fs: fix to clear PG_checked flag in set_page_dirty() Dan Carpenter (4): apparmor: fix an error code in __aa_create_ns() irqchip/stm32: Fix init error handling powerpc: Fix size calculation using resource_size() scsi: aic94xx: fix an error code in aic94xx_init() Daniel Borkmann (5): bpf, sockmap: fix map elem deletion race with smap_stop_sock tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist bpf, sockmap: fix leakage of smap_psock_map_entry tcp, ulp: add alias for all ulp modules David Francis (1): drm/amd/display: Read back max backlight value at boot David Sterba (5): btrfs: lift uuid_mutex to callers of btrfs_open_devices btrfs: lift uuid_mutex to callers of btrfs_scan_one_device btrfs: lift uuid_mutex to callers of btrfs_parse_early_options btrfs: reorder initialization before the mount locks uuid_mutex btrfs: fix mount and ioctl device scan ioctl race Denis Efremov (1): coccicheck: return proper error code on fail Dmitry Torokhov (1): Input: do not use WARN() in input_alloc_absinfo() Erik Schmauss (1): ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value Ernesto A. FernÃ¡ndez (2): hfs: prevent crash on exit from failed search hfsplus: fix NULL dereference in hfsplus_lookup() Florian Westphal (2): netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses netfilter: fix memory leaks on netlink_dump_start error Gal Pressman (1): RDMA/hns: Fix usage of bitmap allocation functions return values Greg Edwards (1): block: bvec_nr_vecs() returns value for wrong slab Guenter Roeck (1): mfd: sm501: Set coherent_dma_mask when creating subdevices Hans de Goede (2): i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value ACPI / scan: Initialize status to ACPI_STA_DEFAULT Ian Abbott (1): staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice James Morse (1): fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries Jann Horn (1): fork: don't copy inconsistent signal handler state to child Jean-Philippe Brucker (1): net/9p: fix error path of p9_virtio_probe Jens Axboe (1): block: don't warn for flush on read-only device Jerome Brunet (1): pwm: meson: Fix mux clock names Jesper Dangaard Brouer (1): samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM Jian Shen (1): net: hns3: Fix for phy link issue when using marvell phy driver Jianchao Wang (1): blk-mq: count the hctx as active before allocating tag Jim Mattson (1): kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Jiri Olsa (1): perf python: Fix pyrf_evlist__read_on_cpu() interface Johannes Berg (2): workqueue: skip lockdep wq dependency in cancel_work_sync() workqueue: re-add lockdep dependencies for flushing John Pittman (1): dm kcopyd: avoid softlockup in run_complete_job Jonas Gorski (1): irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Kim Phillips (1): perf arm spe: Fix uninitialized record error variable Laura Abbott (1): sunrpc: Don't use stack buffer with scatterlist Levin Du (1): clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Lucas Stach (1): drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement Mahesh Salgaonkar (1): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Marc Zyngier (4): iommu/rockchip: Handle errors returned from PM framework iommu/rockchip: Move irq request past pm_runtime_enable arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems Masahiro Yamada (1): um: fix parallel building with O= option Matthias Kaehlcke (1): ASoC: rt5677: Fix initialization of rt5677_of_match.data Michael Ellerman (2): powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc/64s: Make rfi_flush_fallback a little more robust Michael J. Ruhl (1): IB/hfi1: Invalid NUMA node information can cause a divide by zero Michal Hocko (1): netfilter: x_tables: do not fail xt_alloc_table_info too easilly Mike Rapoport (1): mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM Misono Tomohiro (1): btrfs: replace: Reset on-disk dev stats value after replace Myron Stowe (1): PCI: Match Root Port's MPS to endpoint's MPSS as necessary Nicholas Kazlauskas (1): drm/amd/display: Guard against null crtc in CRC IRQ OGAWA Hirofumi (1): fat: validate ->i_start before using Palmer Dabbelt (1): RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO Peter Zijlstra (1): mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Philipp Rudo (1): s390/kdump: Fix memleak in nt_vmcoreinfo Qu Wenruo (5): btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: tree-checker: Detect invalid and empty essential trees btrfs: check-integrity: Fix NULL pointer dereference for degraded mount btrfs: Don't remove block group that still has pinned down bytes Ralf Goebel (1): iommu/omap: Fix cache flushes on L2 table entries Randy Dunlap (3): scripts: modpost: check memory allocation results platform/x86: intel_punit_ipc: fix build errors powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Richard Weinberger (1): ubi: Initialize Fastmap checkmapping correctly Roger Pau Monne (1): xen/balloon: fix balloon initialization for PVH Dom0 Ronnie Sahlberg (1): cifs: check if SMB2 PDU size has been padded and suppress the warning Sandipan Das (1): perf probe powerpc: Fix trace event post-processing Sean Christopherson (1): KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Srikar Dronamraju (1): powerpc/topology: Get topology for shared processors at boot Stefan Haberland (2): s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing Steve French (3): smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS smb3: if server does not support posix do not allow posix mount option Suzuki K Poulose (1): virtio: pci-legacy: Validate queue pfn Tan Hu (1): ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Tariq Toukan (1): net/xdp: Fix suspicious RCU usage warning Tetsuo Handa (2): hfsplus: don't return 0 when fill_super() failed fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Thomas Petazzoni (1): PCI: mvebu: Fix I/O space end address calculation Tomas Bortoli (1): net/9p/trans_fd.c: fix race by holding the lock Vasily Gorbik (1): tracing: Handle CC_FLAGS_FTRACE more accurately Wei Yongjun (1): NFSv4: Fix error handling in nfs4_sp4_select_mode() Winnie Chang (1): brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference Xi Wang (1): net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Yonghong Song (1): bpf: fix bpffs non-array map seq_show issue YueHaibing (1): RDS: IB: fix 'passing zero to ERR_PTR()' warning nixiaoming (1): selinux: cleanup dentry and inodes on error in selinuxfs Makefile | 11 +- arch/Kconfig | 3 + arch/arm/mach-rockchip/Kconfig | 1 + arch/arm64/Kconfig.platforms | 1 + arch/powerpc/include/asm/topology.h | 5 + arch/powerpc/include/asm/uaccess.h | 13 ++- arch/powerpc/kernel/exceptions-64s.S | 6 ++ arch/powerpc/kernel/smp.c | 5 + arch/powerpc/mm/numa.c | 20 ++-- arch/powerpc/platforms/85xx/t1042rdb_diu.c | 4 + arch/powerpc/platforms/pseries/ras.c | 2 +- arch/powerpc/sysdev/mpic_msgr.c | 2 +- arch/riscv/kernel/vdso/Makefile | 4 +- arch/s390/kernel/crash_dump.c | 17 ++- arch/um/Makefile | 3 +- arch/x86/Kconfig | 1 + arch/x86/include/asm/mce.h | 1 + arch/x86/kvm/vmx.c | 26 +++-- block/bio.c | 2 +- block/blk-core.c | 4 +- block/blk-mq-tag.c | 3 + block/blk-mq.c | 8 +- block/cfq-iosched.c | 22 ++-- drivers/acpi/acpica/hwregs.c | 9 +- drivers/acpi/scan.c | 5 +- drivers/clk/rockchip/clk-rk3399.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 10 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 1 + drivers/i2c/i2c-core-acpi.c | 8 +- drivers/infiniband/hw/hfi1/affinity.c | 24 ++++- drivers/infiniband/hw/hns/hns_roce_pd.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 5 +- drivers/input/input.c | 16 ++- drivers/iommu/omap-iommu.c | 4 +- drivers/iommu/rockchip-iommu.c | 45 +++++--- drivers/irqchip/irq-bcm7038-l1.c | 4 + drivers/irqchip/irq-stm32-exti.c | 25 ++--- drivers/md/dm-kcopyd.c | 2 + drivers/mfd/sm501.c | 1 + drivers/mtd/ubi/vtbl.c | 20 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +- drivers/pci/controller/pci-mvebu.c | 2 +- drivers/pci/probe.c | 12 ++- drivers/pinctrl/pinctrl-axp209.c | 26 +++-- drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/platform/x86/intel_punit_ipc.c | 1 + drivers/pwm/pwm-meson.c | 3 +- drivers/s390/block/dasd_eckd.c | 10 +- drivers/scsi/aic94xx/aic94xx_init.c | 4 +- drivers/staging/comedi/drivers/ni_mio_common.c | 3 +- drivers/virtio/virtio_pci_legacy.c | 14 ++- drivers/xen/xen-balloon.c | 2 +- fs/btrfs/check-integrity.c | 7 +- fs/btrfs/dev-replace.c | 6 ++ fs/btrfs/extent-tree.c | 2 +- fs/btrfs/relocation.c | 23 ++-- fs/btrfs/super.c | 44 +++++--- fs/btrfs/tree-checker.c | 15 ++- fs/btrfs/volumes.c | 94 ++++++++++------ fs/cifs/cifs_debug.c | 8 ++ fs/cifs/connect.c | 8 +- fs/cifs/smb2misc.c | 7 ++ fs/cifs/smb2pdu.c | 103 +++++++++--------- fs/dcache.c | 3 +- fs/f2fs/data.c | 8 ++ fs/f2fs/file.c | 48 ++++++--- fs/fat/cache.c | 19 ++-- fs/fat/fat.h | 5 + fs/fat/fatent.c | 6 +- fs/hfs/brec.c | 7 +- fs/hfsplus/dir.c | 4 +- fs/hfsplus/super.c | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/proc/kcore.c | 4 +- fs/proc/vmcore.c | 2 + fs/reiserfs/reiserfs.h | 2 +- include/net/tcp.h | 4 + kernel/bpf/inode.c | 8 +- kernel/bpf/sockmap.c | 120 ++++++++++++--------- kernel/fork.c | 2 + kernel/workqueue.c | 45 +++++--- mm/Kconfig | 2 +- mm/fadvise.c | 8 +- mm/memory.c | 18 ++++ net/9p/trans_fd.c | 10 +- net/9p/trans_virtio.c | 3 +- net/core/xdp.c | 14 +-- net/ipv4/tcp_ulp.c | 4 +- net/ipv6/netfilter/ip6t_rpfilter.c | 12 ++- net/netfilter/ipvs/ip_vs_core.c | 15 ++- net/netfilter/nf_conntrack_netlink.c | 26 +++-- net/netfilter/nfnetlink_acct.c | 29 +++-- net/netfilter/x_tables.c | 7 +- net/rds/ib_frmr.c | 1 + net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 ++- net/tls/tls_main.c | 1 + samples/bpf/xdp_redirect_cpu_user.c | 3 +- samples/bpf/xdp_rxq_info_user.c | 3 +- scripts/coccicheck | 5 +- scripts/mod/modpost.c | 8 +- security/apparmor/policy_ns.c | 2 +- security/selinux/selinuxfs.c | 33 ++++-- sound/soc/codecs/rt5677.c | 2 +- tools/perf/arch/arm64/util/arm-spe.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/namespaces.c | 3 + tools/perf/util/python.c | 20 +++- tools/testing/selftests/powerpc/harness.c | 18 ++-- 111 files changed, 867 insertions(+), 444 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluWf24ACgkQ3qZv95d3 LNxuFBAAr+l/WNnmTQhFbp5xDf2nIDxLkbO2rw+xfMvCx5XYSrFYEXpZJAiqZr0A a8dBrxraHh20ay2bdPp7W/63PwT0zP9SLQVqwUYrPWO41CTPFytmPLN5dPZiLoa1 YxTz+ytbW5/3PTKSkX46oHxC7yXEfKVxhN32cDQETFcHvjYXohN4aI5cGX2ePgDx VF1WRBEHm2jgZZdCAlY2vPStckijpc2/tSOFHCAXl7vk/PpL2sPuE4atGq7jzK4I 3saGuWSebQuvBy7Hx0P2E1BJpvu0HnJmdAK2ba2xjNclO7Yta6dwgi4KK0a1MsjS rnkDjNFtFw486zuBVwPxkP5B2sNC8YjJ6yuEeU6ExVwkByOFqk4lVJxuIZop9a+3 cncSrVQEYY1USbdmQKb5egVJXj0FgBA940OiP4egQV97nK4VXi70Pk+RhPbGGbvJ tZlqbi6P9ssqm257a2mnvRqB1P+lVA/eL/2wHU3HbUTnfTaXSISYsiYekL9iSWGR rGfj6LPhswXu7J9Q78Aplc1JAhiSFbF1wyY4LVcfFE+8cwtwzhrjx88OvT1YluEz uLE1NIwzRNWJOnF6Vvmhn+j2qNMv2nEcKTzaSSGYjB4A1TIZG5wYwJNBAxgHYfiv lRC4eaQz58Ggf+1F0tu7BhODb3ShEva9yb4MvDZM0WpsIX7Wt2s= =iX5M -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

Missing mei patches

by Georg Müller

Is there a chance of getting the two mei patches into 4.19 and 4.18.y? https://www.spinics.net/lists/stable/msg253484.html https://www.spinics.net/lists/stable/msg253485.html Bugzilla entries: https://bugzilla.kernel.org/show_bug.cgi?id=200455 https://bugzilla.redhat.com/show_bug.cgi?id=1597481 Even if maybe only a couple of systems are affected, this is causing a dead system on second suspend which could cause data loss. Maybe the patches were not merged because of a typo in the subject (4.9 instead of 4.19)? Best regards, Georg

7 years, 3 months

2
1
0 0

[PATCHv3 0/6] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

Hi all, Three fixes that worth to have in the @stable, as we've hit them on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. The last patch is optional and probably, timeout can be dropped for read_lock(). I'll do it if everyone agrees. Rong Chen, could you kindly re-run this version to see if the lockup from v1 still happens? I wasn't able to reproduce it.. Thanks, Dima Changes since v2: - Added reviewed-by tags - Hopefully, fixed reported by 0-day issue. - Added optional fix for wait_readers decrement Changes since v1: - Added tested-by/reported-by tags - Dropped 3/4 (locking tty pair for lockdep sake), Because of that - not adding lockdep_assert_held() in tty_ldisc_open() - Added 4/4 cleanup to inc tty->count only on success of tty_ldisc_reinit() - lock ldisc without (5*HZ) timeout in tty_reopen() v1 link: lkml.kernel.org/r/<20180829022353.23568-1-dima(a)arista.com> Huuge cc list: Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Nathan March <nathan(a)gt.net> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: "Rong, Chen" <rong.a.chen(a)intel.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (6): tty: Drop tty->count on tty_reopen() failure tty/ldsem: Update waiter->task before waking up reader tty: Hold tty_ldisc_lock() during tty_reopen() tty/lockdep: Add ldisc_sem asserts tty: Simplify tty->count math in tty_reopen() tty/ldsem: Decrement wait_readers on timeouted down_read() drivers/tty/tty_io.c | 12 ++++++++---- drivers/tty/tty_ldisc.c | 5 +++++ drivers/tty/tty_ldsem.c | 5 ++++- 3 files changed, 17 insertions(+), 5 deletions(-) -- 2.13.6

7 years, 3 months

5
12
0 0

[PATCH 04/26] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 2835cacd0d08..9789f4ff8c32 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.19.0.rc2

7 years, 3 months

1
0
0 0

[PATCH v4 02/10] usb: roles: Handle driver reference counting

by Heikki Krogerus

This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/common/roles.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/roles.c b/drivers/usb/common/roles.c index 15cc76e22123..99116af07f1d 100644 --- a/drivers/usb/common/roles.c +++ b/drivers/usb/common/roles.c @@ -109,8 +109,15 @@ static void *usb_role_switch_match(struct device_connection *con, int ep, */ struct usb_role_switch *usb_role_switch_get(struct device *dev) { - return device_connection_find_match(dev, "usb-role-switch", NULL, - usb_role_switch_match); + struct usb_role_switch *sw; + + sw = device_connection_find_match(dev, "usb-role-switch", NULL, + usb_role_switch_match); + + if (!IS_ERR_OR_NULL(sw)) + WARN_ON(!try_module_get(sw->dev.parent->driver->owner)); + + return sw; } EXPORT_SYMBOL_GPL(usb_role_switch_get); @@ -122,8 +129,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_get); */ void usb_role_switch_put(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { put_device(&sw->dev); + module_put(sw->dev.parent->driver->owner); + } } EXPORT_SYMBOL_GPL(usb_role_switch_put); -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v4 01/10] usb: typec: Take care of driver module reference counting

by Heikki Krogerus

Functions typec_mux_get() and typec_switch_get() already make sure that the mux device reference count is incremented, but the same must be done to the driver module as well to prevent the drivers from being unloaded in the middle of operation. This fixes a potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: 93dd2112c7b2 ("usb: typec: mux: Get the mux identifier from function parameter") Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/mux.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/mux.c b/drivers/usb/typec/mux.c index ddaac63ecf12..d990aa510fab 100644 --- a/drivers/usb/typec/mux.c +++ b/drivers/usb/typec/mux.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/list.h> +#include <linux/module.h> #include <linux/mutex.h> #include <linux/usb/typec_mux.h> @@ -49,8 +50,10 @@ struct typec_switch *typec_switch_get(struct device *dev) mutex_lock(&switch_lock); sw = device_connection_find_match(dev, "typec-switch", NULL, typec_switch_match); - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + WARN_ON(!try_module_get(sw->dev->driver->owner)); get_device(sw->dev); + } mutex_unlock(&switch_lock); return sw; @@ -65,8 +68,10 @@ EXPORT_SYMBOL_GPL(typec_switch_get); */ void typec_switch_put(struct typec_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + module_put(sw->dev->driver->owner); put_device(sw->dev); + } } EXPORT_SYMBOL_GPL(typec_switch_put); @@ -136,8 +141,10 @@ struct typec_mux *typec_mux_get(struct device *dev, const char *name) mutex_lock(&mux_lock); mux = device_connection_find_match(dev, name, NULL, typec_mux_match); - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + WARN_ON(!try_module_get(mux->dev->driver->owner)); get_device(mux->dev); + } mutex_unlock(&mux_lock); return mux; @@ -152,8 +159,10 @@ EXPORT_SYMBOL_GPL(typec_mux_get); */ void typec_mux_put(struct typec_mux *mux) { - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + module_put(mux->dev->driver->owner); put_device(mux->dev); + } } EXPORT_SYMBOL_GPL(typec_mux_put); -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.17 and v4.18 -stable, respectively. Thanks!

7 years, 3 months

2
1
0 0

Editing 5

by Aaron

Hi, If you have photos for editing, please send email to: hansrekan(a)outlook.com We have 12 in house image editors and we can help you for cutting out your photos, or path the photos. Includes retouching if needed. Used for products photos or portrait photos, catalog photos. You may drop us one photo, we can send you the testing work. Thanks, Aaron Williams Email: hansrekan(a)outlook.com

7 years, 3 months

1
0
0 0

Editing 4

by Aaron

Hi, If you have photos for editing, please send email to: hansrekan(a)outlook.com We have 12 in house image editors and we can help you for cutting out your photos, or path the photos. Includes retouching if needed. Used for products photos or portrait photos, catalog photos. You may drop us one photo, we can send you the testing work. Thanks, Aaron Williams Email: hansrekan(a)outlook.com

7 years, 3 months

1
0
0 0

Editing 6

by Aaron

Hi, If you have photos for editing, please send email to: hansrekan(a)outlook.com We have 12 in house image editors and we can help you for cutting out your photos, or path the photos. Includes retouching if needed. Used for products photos or portrait photos, catalog photos. You may drop us one photo, we can send you the testing work. Thanks, Aaron Williams Email: hansrekan(a)outlook.com

7 years, 3 months

1
0
0 0

[PATCH 0/4] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

Two fixes for potential and real issues. Looks worth to have in stables as we've hit it on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. I couldn't verify that holding write lock fixes the issue as we've hit it only once and I've failed in reproducing it. But searching in lkml, Cc'ing here people who probably had the same crash (and in hope someone of them could give tested-by): Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (4): tty: Drop tty->count on tty_reopen() failure tty: Hold tty_ldisc_lock() during tty_reopen() tty: Lock tty pair in tty_init_dev() tty/lockdep: Add ldisc_sem asserts drivers/tty/tty_io.c | 21 +++++++++++++++------ drivers/tty/tty_ldisc.c | 12 ++++++++---- include/linux/tty.h | 4 ++++ 3 files changed, 27 insertions(+), 10 deletions(-) -- 2.13.6

7 years, 3 months

9
23
0 0

patch "Revert "cdc-acm: implement put_char() and flush_chars()"" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "cdc-acm: implement put_char() and flush_chars()" to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From df3aa13c7bbb307e172c37f193f9a7aa058d4739 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Wed, 5 Sep 2018 17:56:46 +0200 Subject: Revert "cdc-acm: implement put_char() and flush_chars()" This reverts commit a81cf9799ad7299b03a4dff020d9685f9ac5f3e0. The patch causes a regression, which I cannot find the reason for. So let's revert for now, as a revert hurts only performance. Original report: I was trying to resolve the problem with Oliver but we don't get any conclusion for 5 months, so I am now sending this to mail list and cdc_acm authors. I am using simple request-response protocol to obtain the boiller parameters in constant intervals. A simple one transaction is: 1. opening the /dev/ttyACM0 2. sending the following 10-bytes request to the device: unsigned char req[] = {0x02, 0xfe, 0x01, 0x05, 0x08, 0x02, 0x01, 0x69, 0xab, 0x03}; 3. reading response (frame of 74 bytes length). 4. closing the descriptor I am doing this transaction with 5 seconds intervals. Before the bad commit everything was working correctly: I've got a requests and a responses in a timely manner. After the bad commit more time I am using the kernel module, more problems I have. The graph [2] is showing the problem. As you can see after module load all seems fine but after about 30 minutes I've got a plenty of EAGAINs when doing read()'s and trying to read back the data. When I rmmod and insmod the cdc_acm module again, then the situation is starting over again: running ok shortly after load, and more time it is running, more EAGAINs I have when calling read(). As a bonus I can see the problem on the device itself: The device is configured as you can see here on this screen [3]. It has two transmision LEDs: TX and RX. Blink duration is set for 100ms. This is a recording before the bad commit when all is working fine: [4] And this is with the bad commit: [5] As you can see the TX led is blinking wrongly long (indicating transmission?) and I have problems doing read() calls (EAGAIN). Reported-by: Mariusz Bialonczyk <manio(a)skyboo.net> Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: a81cf9799ad7 ("cdc-acm: implement put_char() and flush_chars()") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 73 ------------------------------------- drivers/usb/class/cdc-acm.h | 1 - 2 files changed, 74 deletions(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 27346d69f393..f9b40a9dc4d3 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -780,20 +780,9 @@ static int acm_tty_write(struct tty_struct *tty, } if (acm->susp_count) { - if (acm->putbuffer) { - /* now to preserve order */ - usb_anchor_urb(acm->putbuffer->urb, &acm->delayed); - acm->putbuffer = NULL; - } usb_anchor_urb(wb->urb, &acm->delayed); spin_unlock_irqrestore(&acm->write_lock, flags); return count; - } else { - if (acm->putbuffer) { - /* at this point there is no good way to handle errors */ - acm_start_wb(acm, acm->putbuffer); - acm->putbuffer = NULL; - } } stat = acm_start_wb(acm, wb); @@ -804,66 +793,6 @@ static int acm_tty_write(struct tty_struct *tty, return count; } -static void acm_tty_flush_chars(struct tty_struct *tty) -{ - struct acm *acm = tty->driver_data; - struct acm_wb *cur; - int err; - unsigned long flags; - - spin_lock_irqsave(&acm->write_lock, flags); - - cur = acm->putbuffer; - if (!cur) /* nothing to do */ - goto out; - - acm->putbuffer = NULL; - err = usb_autopm_get_interface_async(acm->control); - if (err < 0) { - cur->use = 0; - acm->putbuffer = cur; - goto out; - } - - if (acm->susp_count) - usb_anchor_urb(cur->urb, &acm->delayed); - else - acm_start_wb(acm, cur); -out: - spin_unlock_irqrestore(&acm->write_lock, flags); - return; -} - -static int acm_tty_put_char(struct tty_struct *tty, unsigned char ch) -{ - struct acm *acm = tty->driver_data; - struct acm_wb *cur; - int wbn; - unsigned long flags; - -overflow: - cur = acm->putbuffer; - if (!cur) { - spin_lock_irqsave(&acm->write_lock, flags); - wbn = acm_wb_alloc(acm); - if (wbn >= 0) { - cur = &acm->wb[wbn]; - acm->putbuffer = cur; - } - spin_unlock_irqrestore(&acm->write_lock, flags); - if (!cur) - return 0; - } - - if (cur->len == acm->writesize) { - acm_tty_flush_chars(tty); - goto overflow; - } - - cur->buf[cur->len++] = ch; - return 1; -} - static int acm_tty_write_room(struct tty_struct *tty) { struct acm *acm = tty->driver_data; @@ -1987,8 +1916,6 @@ static const struct tty_operations acm_ops = { .cleanup = acm_tty_cleanup, .hangup = acm_tty_hangup, .write = acm_tty_write, - .put_char = acm_tty_put_char, - .flush_chars = acm_tty_flush_chars, .write_room = acm_tty_write_room, .ioctl = acm_tty_ioctl, .throttle = acm_tty_throttle, diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h index eacc116e83da..ca06b20d7af9 100644 --- a/drivers/usb/class/cdc-acm.h +++ b/drivers/usb/class/cdc-acm.h @@ -96,7 +96,6 @@ struct acm { unsigned long read_urbs_free; struct urb *read_urbs[ACM_NR]; struct acm_rb read_buffers[ACM_NR]; - struct acm_wb *putbuffer; /* for acm_tty_put_char() */ int rx_buflimit; spinlock_t read_lock; u8 *notification_buffer; /* to reassemble fragmented notifications */ -- 2.18.0

7 years, 3 months

1
0
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Reviewed-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len" -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum" -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and "opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum" -Adjust the formatting alignment of the code -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)" Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index e43842c..eb72dba 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -346,10 +346,25 @@ EXPORT_SYMBOL_GPL(spi_mem_get_name); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 3 months

3
5
0 0

[PATCH 4.18 000/145] 4.18.7-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.7 release. There are 145 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Sep 9 21:08:26 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.7-rc1 James Morse <james.morse(a)arm.com> arm64: mm: always enable CONFIG_HOLES_IN_ZONE Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Retain tick when shallow state is selected Jan Kara <jack(a)suse.cz> udf: Fix mounting of Win7 created UDF filesystems Jeremy Cline <jcline(a)redhat.com> fs/quota: Fix spectre gadget in do_quotactl Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/qi - fix error path in xts setkey Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix descriptor DMA unmapping Horia Geantă <horia.geanta(a)nxp.com> crypto: caam - fix DMA mapping direction for RSA forms 2 & 3 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> crypto: arm64/sm4-ce - check for the right CPU feature bit Dave Watson <davejwatson(a)fb.com> crypto: aesni - Use unaligned loads from gcm_context_data Ondrej Mosnacek <omosnace(a)redhat.com> crypto: vmx - Fix sleep-in-atomic bugs Adrian Hunter <adrian.hunter(a)intel.com> perf auxtrace: Fix queue resize Dan Williams <dan.j.williams(a)intel.com> mm, dev_pagemap: Do not clear ->mapping on final put Eddie.Horng <eddie.horng(a)mediatek.com> cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() Masahiro Yamada <yamada.masahiro(a)socionext.com> kconfig: fix "Can't open ..." in parallel build Shan Hai <shan.hai(a)oracle.com> bcache: release dc->writeback_lock properly in bch_writeback_thread() Vishal Verma <vishal.l.verma(a)intel.com> libnvdimm: fix ars_status output length calculation Keith Busch <keith.busch(a)intel.com> libnvdimm: Use max contiguous area for namespace size Christian Brauner <christian(a)brauner.io> getxattr: use correct xattr length Mikulas Patocka <mpatocka(a)redhat.com> udlfb: set line_length in dlfb_ops_set_par Mikulas Patocka <mpatocka(a)redhat.com> udlfb: handle allocation failure Mikulas Patocka <mpatocka(a)redhat.com> udlfb: make a local copy of fb_ops Mikulas Patocka <mpatocka(a)redhat.com> udlfb: set optimal write delay Mikulas Patocka <mpatocka(a)redhat.com> udlfb: don't switch if we are switching to the same videomode Mikulas Patocka <mpatocka(a)redhat.com> udlfb: fix display corruption of the last line Mikulas Patocka <mpatocka(a)redhat.com> udlfb: fix semaphore value leak Mikulas Patocka <mpatocka(a)redhat.com> fb: fix lost console when the user unplugs a USB adapter Vignesh R <vigneshr(a)ti.com> pwm: tiehrpwm: Fix disabling of output of PWMs Vignesh R <vigneshr(a)ti.com> pwm: tiehrpwm: Don't use emulation mode bits to control PWM output Richard Weinberger <richard(a)nod.at> ubifs: Fix synced_i_size calculation for xattr inodes Richard Weinberger <richard(a)nod.at> ubifs: Fix directory size calculation for symlinks Richard Weinberger <richard(a)nod.at> ubifs: xattr: Don't operate on deleted inodes Richard Weinberger <richard(a)nod.at> ubifs: Check data node size before truncate Richard Weinberger <richard(a)nod.at> Revert "UBIFS: Fix potential integer overflow in allocation" Richard Weinberger <richard(a)nod.at> ubifs: Fix memory leak in lprobs self-check Jann Horn <jannh(a)google.com> userns: move user access out of the mutex Jann Horn <jannh(a)google.com> sys: don't hold uts_sem while accessing userspace memory Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Fix dev iotlb pfsid use Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Add definitions for PFSID Dmitry Osipenko <digetx(a)gmail.com> iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-VMSA Peter Zijlstra <peterz(a)infradead.org> mm/tlb: Remove tlb_remove_table() non-concurrent condition David Rivshin <DRivshin(a)allworx.com> pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data Roger Quadros <rogerq(a)ti.com> ARM: dts: am57xx-idk: Enable dual role for USB2 port Jon Hunter <jonathanh(a)nvidia.com> ARM: tegra: Fix Tegra30 Cardhu PCA954x reset Trond Myklebust <trondmy(a)gmail.com> NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() Trond Myklebust <trondmy(a)gmail.com> NFSv4: Fix locking in pnfs_generic_recover_commit_reqs Bill Baker <Bill.Baker(a)Oracle.com> NFSv4 client live hangs after live data migration recovery Amir Goldstein <amir73il(a)gmail.com> nfsd: fix leaked file lock with nfs exported overlayfs Dan Carpenter <dan.carpenter(a)oracle.com> pnfs/blocklayout: off by one in bl_map_stripe() Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> block, bfq: return nbytes and not zero from struct cftype .write() method Max Filippov <jcmvbkbc(a)gmail.com> xtensa: increase ranges in ___invalidate_{i,d}cache_all Max Filippov <jcmvbkbc(a)gmail.com> xtensa: limit offsets in __loop_cache_{all,page} Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: fixes for vmentry_l1d_flush module parameter Hans de Goede <hdegoede(a)redhat.com> i2c: designware: Re-init controllers with pm_disabled set on resume Lihua Yao <ylhuajnu(a)163.com> ALSA: ac97: fix unbalanced pm_runtime_enable Lihua Yao <ylhuajnu(a)163.com> ALSA: ac97: fix check of pm_runtime_get_sync failure Lihua Yao <ylhuajnu(a)163.com> ALSA: ac97: fix device initialization in the compat layer zhangyi (F) <yi.zhang(a)huawei.com> PM / sleep: wakeup: Fix build error caused by missing SRCU support Henry Willard <henry.willard(a)oracle.com> cpufreq: governor: Avoid accessing invalid governor_data Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Handle stopped tick more aggressively Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> sched: idle: Avoid retaining the tick when it has been stopped Peter Kalauskas <peskal(a)google.com> drivers/block/zram/zram_drv.c: fix bug storing backing_dev Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Clear status of all events when entering sleep states Erik Schmauss <erik.schmauss(a)intel.com> ACPICA: AML Parser: skip opcodes that open a scope upon parse failure Amir Goldstein <amir73il(a)gmail.com> ovl: fix wrong use of impure dir cache in ovl_iterate() Rafael David Tinoco <rafael.tinoco(a)linaro.org> mfd: hi655x: Fix regmap area declared size for hi655x Steven Rostedt (VMware) <rostedt(a)goodmis.org> uprobes: Use synchronize_rcu() not synchronize_sched() Kamalesh Babulal <kamalesh(a)linux.vnet.ibm.com> livepatch: Validate module/old func name length Steven Rostedt (VMware) <rostedt(a)goodmis.org> printk/tracing: Do not trace printk_nmi_enter() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/blktrace: Fix to allow setting same value Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Do not call start/stop() functions when tracing_on does not change Johan Hovold <johan(a)kernel.org> rtc: omap: fix potential crash on power off Johan Hovold <johan(a)kernel.org> rtc: omap: fix resource leak in registration error path Nadav Amit <namit(a)vmware.com> vmw_balloon: fix VMCI use when balloon built into kernel Nadav Amit <namit(a)vmware.com> vmw_balloon: VMCI_DOORBELL_SET does not check status Nadav Amit <namit(a)vmware.com> vmw_balloon: do not use 2MB without batching Nadav Amit <namit(a)vmware.com> vmw_balloon: fix inflation of 64-bit GFNs Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> eventpoll.h: wrap casts in () properly Chanwoo Choi <cw00.choi(a)samsung.com> extcon: Release locking when sending the notification of connector state Lars-Peter Clausen <lars(a)metafoo.de> iio: ad9523: Fix return value for ad952x_store() Lars-Peter Clausen <lars(a)metafoo.de> iio: ad9523: Fix displayed phase Gustavo A. R. Silva <gustavo(a)embeddedor.com> iio: sca3000: Fix missing return in switch Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() Tycho Andersen <tycho(a)tycho.ws> uart: fix race between uart_put_char() and uart_shutdown() Mikulas Patocka <mpatocka(a)redhat.com> dm writecache: fix a crash due to reading past end of dirty_bitmap Mikulas Patocka <mpatocka(a)redhat.com> dm crypt: don't decrease device limits Ilya Dryomov <idryomov(a)gmail.com> dm cache metadata: set dirty on all cache blocks after a crash Mike Snitzer <snitzer(a)redhat.com> dm cache metadata: save in-core policy_hint_size to on-disk superblock Hou Tao <houtao1(a)huawei.com> dm thin: stop no_space_timeout worker when switching to write-mode Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: change 'suspending' variable from bool to int Tomas Bortoli <tomasbortoli(a)gmail.com> net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() Tomas Bortoli <tomasbortoli(a)gmail.com> net/9p/client.c: version pointer uninitialized jiangyiwen <jiangyiwen(a)huawei.com> 9p/virtio: fix off-by-one error in sg list bounds check piaojun <piaojun(a)huawei.com> fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed Tomas Bortoli <tomasbortoli(a)gmail.com> 9p: fix multiple NULL-pointer-dereferences Bart Van Assche <bart.vanassche(a)wdc.com> RDMA/rxe: Set wqe->status correctly if an unexpected response is received Bart Van Assche <bart.vanassche(a)wdc.com> ib_srpt: Fix a use-after-free in __srpt_close_all_ch() Bart Van Assche <bart.vanassche(a)wdc.com> ib_srpt: Fix a use-after-free in srpt_close_ch() Leon Romanovsky <leon(a)kernel.org> RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq Jason Gunthorpe <jgg(a)ziepe.ca> overflow.h: Add arithmetic shift helper Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Support HCAs with more than two ports Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Fix srpt_cm_req_recv() error path (2/2) Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Fix srpt_cm_req_recv() error path (1/2) Jason Gunthorpe <jgg(a)ziepe.ca> IB/mlx5: Fix leaking stack memory to userspace Parav Pandit <parav(a)mellanox.com> IB/mlx5: Honor cnt_set_id_valid flag instead of set_id Frederic Barrat <fbarrat(a)linux.ibm.com> ocxl: Fix page fault handler in case of fault on dying process Vaibhav Jain <vaibhav(a)linux.ibm.com> cxl: Fix wrong comparison in cxl_adapter_context_get() Benjamin Herrenschmidt <benh(a)kernel.crashing.org> powerpc/powernv/pci: Work around races in PCI bridge enabling Luke Dashjr <luke(a)dashjr.org> powerpc64/ftrace: Include ftrace.h needed for enable/disable calls Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/nohash: fix pte_access_permitted() Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Preallocate execute-only key Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Fix calculation of total pkeys. Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Save the pkey registers before fork Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: key allocation/deallocation must not change pkey registers Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Deny read/write/execute by default Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Give all threads control of their key permissions Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix page table fragment refcount race vs speculative references Hari Bathini <hbathini(a)linux.ibm.com> powerpc/fadump: handle crash memory ranges array index overflow Yannik Sembritzki <yannik(a)sembritzki.me> Fix kexec forbidding kernels signed with keys in the secondary keyring to boot Yannik Sembritzki <yannik(a)sembritzki.me> Replace magic for trusting the secondary keyring with #define Gustavo A. R. Silva <gustavo(a)embeddedor.com> mailbox: xgene-slimpro: Fix potential NULL pointer dereference Javier Martinez Canillas <javierm(a)redhat.com> media: Revert "[media] tvp5150: fix pad format frame height" Daniel Mack <daniel(a)zonque.org> libertas: fix suspend and resume for SDIO connected cards Michel Dänzer <michel.daenzer(a)amd.com> dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace John Johansen <john.johansen(a)canonical.com> apparmor: fix bad debug check in apparmor_secid_to_secctx() Bart Van Assche <bart.vanassche(a)wdc.com> block: Ensure that a request queue is dissociated from the cgroup controller Bart Van Assche <bart.vanassche(a)wdc.com> block: Introduce blk_exit_queue() Bart Van Assche <bart.vanassche(a)wdc.com> blkcg: Introduce blkg_root_lookup() Ming Lei <ming.lei(a)redhat.com> block: really disable runtime-pm for blk-mq xiao jin <jin.xiao(a)intel.com> block: blk_init_allocated_queue() set q->fq as NULL in the fail case Mikulas Patocka <mpatocka(a)redhat.com> block: fix infinite loop if the device loses discard capability Markus Stockhausen <stockhausen(a)collogia.de> readahead: stricter check for bdi io_pages Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts Adrian Hunter <adrian.hunter(a)intel.com> mmc: block: Fix unsupported parallel dispatch of requests Janek Kotas <jank(a)cadence.com> spi: cadence: Change usleep_range() to udelay(), for atomic context Krzysztof Kozlowski <krzk(a)kernel.org> spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe Mika Westerberg <mika.westerberg(a)linux.intel.com> spi: pxa2xx: Add support for Intel Ice Lake Bartosz Golaszewski <bgolaszewski(a)baylibre.com> spi: davinci: fix a NULL pointer dereference Chirantan Ekbote <chirantan(a)chromium.org> 9p/net: Fix zero-copy path in the 9p virtio transport Alexander Aring <aring(a)mojatatu.com> net: mac802154: tx: expand tailroom if necessary Alexander Aring <aring(a)mojatatu.com> net: 6lowpan: fix reserved space for single frames Boqun Feng <boqun.feng(a)gmail.com> rcu: Make expedited GPs handle CPU 0 being offline ------------- Diffstat: Makefile | 4 +- arch/alpha/kernel/osf_sys.c | 51 +++++---- arch/arm/boot/dts/am571x-idk.dts | 4 - arch/arm/boot/dts/am572x-idk-common.dtsi | 4 - arch/arm/boot/dts/am57xx-idk-common.dtsi | 7 +- arch/arm/boot/dts/tegra30-cardhu.dtsi | 1 + arch/arm64/Kconfig | 1 - arch/arm64/crypto/sm4-ce-glue.c | 2 +- arch/powerpc/include/asm/fadump.h | 3 - arch/powerpc/include/asm/nohash/pgtable.h | 9 +- arch/powerpc/include/asm/pkeys.h | 11 -- arch/powerpc/kernel/fadump.c | 91 +++++++++++++--- arch/powerpc/kernel/process.c | 1 + arch/powerpc/kvm/book3s_hv.c | 1 + arch/powerpc/mm/mmu_context_book3s64.c | 8 +- arch/powerpc/mm/mmu_context_iommu.c | 17 +-- arch/powerpc/mm/pgtable-book3s64.c | 17 +-- arch/powerpc/mm/pkeys.c | 134 ++++++++---------------- arch/powerpc/platforms/powernv/pci-ioda.c | 37 +++++++ arch/powerpc/platforms/pseries/ras.c | 2 +- arch/sparc/kernel/sys_sparc_32.c | 22 ++-- arch/sparc/kernel/sys_sparc_64.c | 20 ++-- arch/x86/crypto/aesni-intel_asm.S | 66 ++++++------ arch/x86/kernel/kexec-bzimage64.c | 2 +- arch/x86/kvm/vmx.c | 26 +++-- arch/xtensa/include/asm/cacheasm.h | 69 +++++++----- block/bfq-cgroup.c | 3 +- block/blk-core.c | 61 ++++++----- block/blk-lib.c | 10 ++ block/blk-sysfs.c | 15 +++ block/blk.h | 1 + certs/system_keyring.c | 3 +- crypto/asymmetric_keys/pkcs7_key_type.c | 2 +- drivers/acpi/acpica/hwsleep.c | 11 +- drivers/acpi/acpica/psloop.c | 17 +-- drivers/block/zram/zram_drv.c | 7 +- drivers/cpufreq/cpufreq_governor.c | 12 ++- drivers/cpuidle/governors/menu.c | 47 ++++++--- drivers/crypto/caam/caamalg_qi.c | 6 +- drivers/crypto/caam/caampkc.c | 20 ++-- drivers/crypto/caam/jr.c | 3 +- drivers/crypto/vmx/aes_cbc.c | 30 +++--- drivers/crypto/vmx/aes_xts.c | 21 ++-- drivers/dma-buf/reservation.c | 6 +- drivers/extcon/extcon.c | 3 +- drivers/hv/channel.c | 40 ++++--- drivers/hv/channel_mgmt.c | 10 +- drivers/i2c/busses/i2c-designware-master.c | 1 - drivers/i2c/busses/i2c-designware-platdrv.c | 7 +- drivers/iio/accel/sca3000.c | 1 + drivers/iio/frequency/ad9523.c | 4 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 6 +- drivers/infiniband/sw/rxe/rxe_comp.c | 1 + drivers/infiniband/ulp/srpt/ib_srpt.c | 34 ++++-- drivers/infiniband/ulp/srpt/ib_srpt.h | 4 +- drivers/iommu/dmar.c | 6 +- drivers/iommu/intel-iommu.c | 18 +++- drivers/iommu/ipmmu-vmsa.c | 7 ++ drivers/mailbox/mailbox-xgene-slimpro.c | 6 +- drivers/md/bcache/writeback.c | 4 +- drivers/md/dm-cache-metadata.c | 13 ++- drivers/md/dm-crypt.c | 10 +- drivers/md/dm-integrity.c | 6 +- drivers/md/dm-thin.c | 2 + drivers/md/dm-writecache.c | 2 +- drivers/media/i2c/tvp5150.c | 2 +- drivers/mfd/hi655x-pmic.c | 2 +- drivers/misc/cxl/main.c | 2 +- drivers/misc/ocxl/link.c | 24 +++-- drivers/misc/vmw_balloon.c | 67 +++++++----- drivers/mmc/core/queue.c | 12 ++- drivers/mmc/core/queue.h | 1 + drivers/mmc/host/renesas_sdhi_internal_dmac.c | 10 +- drivers/net/wireless/marvell/libertas/dev.h | 1 + drivers/net/wireless/marvell/libertas/if_sdio.c | 30 ++++-- drivers/nvdimm/bus.c | 4 +- drivers/nvdimm/dimm_devs.c | 31 ++++++ drivers/nvdimm/namespace_devs.c | 6 +- drivers/nvdimm/nd-core.h | 8 ++ drivers/nvdimm/region_devs.c | 24 +++++ drivers/pwm/pwm-omap-dmtimer.c | 5 +- drivers/pwm/pwm-tiehrpwm.c | 14 +-- drivers/rtc/rtc-omap.c | 18 ++-- drivers/spi/spi-cadence.c | 2 +- drivers/spi/spi-davinci.c | 2 +- drivers/spi/spi-fsl-dspi.c | 24 ++--- drivers/spi/spi-pxa2xx.c | 4 + drivers/tty/serial/serial_core.c | 17 ++- drivers/video/fbdev/core/fbmem.c | 38 +++++-- drivers/video/fbdev/udlfb.c | 105 ++++++++++--------- fs/9p/xattr.c | 6 +- fs/lockd/clntlock.c | 2 +- fs/lockd/clntproc.c | 2 +- fs/lockd/svclock.c | 16 +-- fs/lockd/svcsubs.c | 4 +- fs/nfs/blocklayout/dev.c | 2 +- fs/nfs/callback_proc.c | 14 ++- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs_nfs.c | 16 ++- fs/nfsd/nfs4state.c | 2 +- fs/overlayfs/readdir.c | 19 +++- fs/quota/quota.c | 2 + fs/ubifs/dir.c | 5 +- fs/ubifs/journal.c | 21 +++- fs/ubifs/lprops.c | 8 +- fs/ubifs/xattr.c | 24 +++++ fs/udf/super.c | 31 +++--- fs/xattr.c | 2 +- include/linux/blk-cgroup.h | 18 ++++ include/linux/hyperv.h | 2 + include/linux/intel-iommu.h | 8 +- include/linux/lockd/lockd.h | 4 +- include/linux/mm_types.h | 5 +- include/linux/overflow.h | 31 ++++++ include/linux/sunrpc/clnt.h | 1 + include/linux/verification.h | 6 ++ include/uapi/linux/eventpoll.h | 8 +- include/video/udlfb.h | 5 +- kernel/livepatch/core.c | 6 ++ kernel/memremap.c | 1 - kernel/power/Kconfig | 1 + kernel/printk/printk_safe.c | 4 +- kernel/rcu/tree_exp.h | 9 +- kernel/sched/idle.c | 2 +- kernel/sys.c | 95 ++++++++--------- kernel/trace/blktrace.c | 4 + kernel/trace/trace.c | 4 +- kernel/trace/trace_uprobe.c | 2 +- kernel/user_namespace.c | 24 ++--- kernel/utsname_sysctl.c | 41 +++++--- mm/hmm.c | 2 + mm/memory.c | 9 -- mm/readahead.c | 12 ++- net/9p/client.c | 2 +- net/9p/trans_fd.c | 7 +- net/9p/trans_rdma.c | 3 + net/9p/trans_virtio.c | 13 ++- net/9p/trans_xen.c | 3 + net/ieee802154/6lowpan/tx.c | 21 +++- net/mac802154/tx.c | 15 ++- net/sunrpc/clnt.c | 28 +++-- scripts/kconfig/Makefile | 5 +- security/apparmor/secid.c | 1 - security/commoncap.c | 2 +- sound/ac97/bus.c | 4 +- sound/ac97/snd_ac97_compat.c | 19 +++- tools/perf/util/auxtrace.c | 3 + 148 files changed, 1374 insertions(+), 766 deletions(-)

7 years, 3 months

4
144
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror