- Linux-stable-mirror - lists.linaro.org

[folded-merged] zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 has been removed from the -mm tree. Its filename was zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch This patch was dropped because it was folded into zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 - description correction - Andrew - add comment about removing BDI_CAP_SYNCHRONOUS_IO Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Link: http://lkml.kernel.org/r/20180805233722.217347-1-minchan@kernel.org Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 drivers/block/zram/zram_drv.c --- a/drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 +++ a/drivers/block/zram/zram_drv.c @@ -401,6 +401,16 @@ static ssize_t backing_dev_store(struct zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ zram->disk->queue->backing_dev_info->capabilities &= ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); _ Patches currently in -mm which might be from minchan(a)kernel.org are zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch

7 years, 4 months

1
0
0 0

+ reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) has been added to the -mm tree. Its filename is reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/reiserfs-fix-broken-xattr-handling… and later at http://ozlabs.org/~akpm/mmotm/broken-out/reiserfs-fix-broken-xattr-handling… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: Jeff Mahoney <jeffm(a)suse.com> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/reiserfs/xattr.c~reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval +++ a/fs/reiserfs/xattr.c @@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_c return 0; size = namelen + 1; if (b->buf) { - if (size > b->size) + if (b->pos + size > b->size) { + b->pos = -ERANGE; return -ERANGE; + } memcpy(b->buf + b->pos, name, namelen); b->buf[b->pos + namelen] = 0; } _ Patches currently in -mm which might be from jannh(a)google.com are reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch fork-dont-copy-inconsistent-signal-handler-state-to-child.patch

7 years, 4 months

1
0
0 0

[PATCH v5 10/13] drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()

by Lyude Paul

It's true we can't resume the device from poll workers in nouveau_connector_detect(). We can however, prevent the autosuspend timer from elapsing immediately if it hasn't already without risking any sort of deadlock with the runtime suspend/resume operations. So do that instead of entirely avoiding grabbing a power reference. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 2a45b4c2ceb0..010d6db14cba 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,12 +572,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so acquiring a - * runtime PM ref here is unnecessary (and would deadlock upon - * runtime suspend because it waits for polling to finish). + /* Outputs are only polled while runtime active, so resuming the + * device here is unnecessary (and would deadlock upon runtime suspend + * because it waits for polling to finish). We do however, want to + * prevent the autosuspend timer from elapsing during this operation + * if possible. */ - if (!drm_kms_helper_is_poll_worker()) { - ret = pm_runtime_get_sync(connector->dev->dev); + if (drm_kms_helper_is_poll_worker()) { + pm_runtime_get_noresume(dev->dev); + } else { + ret = pm_runtime_get_sync(dev->dev); if (ret < 0 && ret != -EACCES) return conn_status; } @@ -655,10 +659,8 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) out: - if (!drm_kms_helper_is_poll_worker()) { - pm_runtime_mark_last_busy(connector->dev->dev); - pm_runtime_put_autosuspend(connector->dev->dev); - } + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); return conn_status; } -- 2.17.1

7 years, 4 months

2
1
0 0

[PATCH v5 08/13] drm/nouveau: Don't ignore nouveau_do_suspend() ret value

by Lyude Paul

Otherwise, how will we roll everything back? Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index db56e9b6b6af..f79b435368ec 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -842,6 +842,9 @@ nouveau_pmops_runtime_suspend(struct device *dev) } ret = nouveau_do_suspend(drm_dev, true); + if (ret) + return ret; + nouveau_switcheroo_optimus_dsm(); pci_save_state(pdev); pci_disable_device(pdev); -- 2.17.1

7 years, 4 months

2
1
0 0

[PATCH v5 07/13] drm/nouveau: Add missing unroll functions in nouveau_do_suspend()

by Lyude Paul

Currently, it appears that nouveau_do_suspend() forgets to roll back suspending fbcon and suspending the device LEDs. We also currently skip the entire rollback process if nouveau_display_suspend() fails. So, fix that. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 5ea8fe992484..db56e9b6b6af 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -674,10 +674,11 @@ nouveau_do_suspend(struct drm_device *dev, bool runtime) if (dev->mode_config.num_crtc) { NV_DEBUG(drm, "suspending console...\n"); nouveau_fbcon_set_suspend(dev, 1); + NV_DEBUG(drm, "suspending display...\n"); ret = nouveau_display_suspend(dev, runtime); if (ret) - return ret; + goto fail_fbcon; } NV_DEBUG(drm, "evicting buffers...\n"); @@ -719,7 +720,14 @@ nouveau_do_suspend(struct drm_device *dev, bool runtime) if (dev->mode_config.num_crtc) { NV_DEBUG(drm, "resuming display...\n"); nouveau_display_resume(dev, runtime); + +fail_fbcon: + NV_DEBUG(drm, "resuming console...\n"); + nouveau_fbcon_set_suspend(dev, 0); } + + nouveau_led_resume(dev); + return ret; } -- 2.17.1

7 years, 4 months

2
1
0 0

[PATCH v5 06/13] drm/nouveau: Call optimus_dsm functions after nouveau_do_suspend()

by Lyude Paul

It's not necessary to call these before we call nouveau_do_suspend(). Ideally; we shouldn't have to call this at all here, but getting that to work will take a bit more effort. So for the time being, just move this call after nouveau_do_suspend() to allow us to easily be able to abort the runtime suspend process in nouveau_do_suspend() Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 04f704b77a3c..5ea8fe992484 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -833,8 +833,8 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } - nouveau_switcheroo_optimus_dsm(); ret = nouveau_do_suspend(drm_dev, true); + nouveau_switcheroo_optimus_dsm(); pci_save_state(pdev); pci_disable_device(pdev); pci_ignore_hotplug(pdev); -- 2.17.1

7 years, 4 months

2
1
0 0

[PATCH] libnvdimm: fix ars_status output length calculation

by Vishal Verma

Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Introduced additional hardening for ambiguity in the ACPI spec for ars_status output sizing. However, it had a couple of cases mixed up. Where it should have been checking for (and returning) "out_field[1] - 4" it was using "out_field[1] - 8" and vice versa. This caused a four byte discrepancy in the buffer size passed on to the command handler, and in some cases, this caused memory corruption like: ./daxdev-errors.sh: line 76: 24104 Aborted (core dumped) ./daxdev-errors $busdev $region malloc(): memory corruption Program received signal SIGABRT, Aborted. [...] #5 0x00007ffff7865a2e in calloc () from /lib64/libc.so.6 #6 0x00007ffff7bc2970 in ndctl_bus_cmd_new_ars_status (ars_cap=ars_cap@entry=0x6153b0) at ars.c:136 #7 0x0000000000401644 in check_ars_status (check=0x7fffffffdeb0, bus=0x604c20) at daxdev-errors.c:144 #8 test_daxdev_clear_error (region_name=<optimized out>, bus_name=<optimized out>) at daxdev-errors.c:332 Cc: <stable(a)vger.kernel.org> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Keith Busch <keith.busch(a)intel.com> Cc: Lukasz Dorau <lukasz.dorau(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Fixes: efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com> --- drivers/nvdimm/bus.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c index 27902a8799b1..8aae6dcc839f 100644 --- a/drivers/nvdimm/bus.c +++ b/drivers/nvdimm/bus.c @@ -812,9 +812,9 @@ u32 nd_cmd_out_size(struct nvdimm *nvdimm, int cmd, * overshoots the remainder by 4 bytes, assume it was * including 'status'. */ - if (out_field[1] - 8 == remainder) + if (out_field[1] - 4 == remainder) return remainder; - return out_field[1] - 4; + return out_field[1] - 8; } else if (cmd == ND_CMD_CALL) { struct nd_cmd_pkg *pkg = (struct nd_cmd_pkg *) in_field; -- 2.14.4

7 years, 4 months

3
2
0 0

[PATCH] clk: sunxi-ng: fix H6 bus clocks divider position

by Icenowy Zheng

The bus clocks (AHB/APB) on Allwinner H6 have their second divider start at bit 8, according to the user manual and the BSP code. However, currently the divider is wrongly set to 16, thus the divider is not correctly read and the clock frequency is not correctly calculated. Fix this bit offset on all affected bus clocks in ccu-sun50i-h6. Cc: stable(a)vger.kernel.org # v4.17.y Signed-off-by: Icenowy Zheng <icenowy(a)aosc.io> --- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/clk/sunxi-ng/ccu-sun50i-h6.c b/drivers/clk/sunxi-ng/ccu-sun50i-h6.c index bdbfe78fe133..0f7a0ffd3f70 100644 --- a/drivers/clk/sunxi-ng/ccu-sun50i-h6.c +++ b/drivers/clk/sunxi-ng/ccu-sun50i-h6.c @@ -224,7 +224,7 @@ static SUNXI_CCU_MP_WITH_MUX(psi_ahb1_ahb2_clk, "psi-ahb1-ahb2", psi_ahb1_ahb2_parents, 0x510, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); @@ -233,19 +233,19 @@ static const char * const ahb3_apb1_apb2_parents[] = { "osc24M", "osc32k", "pll-periph0" }; static SUNXI_CCU_MP_WITH_MUX(ahb3_clk, "ahb3", ahb3_apb1_apb2_parents, 0x51c, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); static SUNXI_CCU_MP_WITH_MUX(apb1_clk, "apb1", ahb3_apb1_apb2_parents, 0x520, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); static SUNXI_CCU_MP_WITH_MUX(apb2_clk, "apb2", ahb3_apb1_apb2_parents, 0x524, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); -- 2.18.0

7 years, 4 months

2
1
0 0

[PATCH] tpm: fix race condition in tpm_common_write()

by Jarkko Sakkinen

From: Tadeusz Struk <tadeusz.struk(a)intel.com> commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream There is a race condition in tpm_common_write function allowing two threads on the same /dev/tpm<N>, or two different applications on the same /dev/tpmrm<N> to overwrite each other commands/responses. Fixed this by taking the priv->buffer_mutex early in the function. Also converted the priv->data_pending from atomic to a regular size_t type. There is no need for it to be atomic since it is only touched under the protection of the priv->buffer_mutex. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Tadeusz Struk <tadeusz.struk(a)intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- Manually backported for v4.4 and v4.9. drivers/char/tpm/tpm-dev.c | 43 ++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/drivers/char/tpm/tpm-dev.c b/drivers/char/tpm/tpm-dev.c index 65b824954bdc..1662e4688ee2 100644 --- a/drivers/char/tpm/tpm-dev.c +++ b/drivers/char/tpm/tpm-dev.c @@ -25,7 +25,7 @@ struct file_priv { struct tpm_chip *chip; /* Data passed to and from the tpm via the read/write calls */ - atomic_t data_pending; + size_t data_pending; struct mutex buffer_mutex; struct timer_list user_read_timer; /* user needs to claim result */ @@ -46,7 +46,7 @@ static void timeout_work(struct work_struct *work) struct file_priv *priv = container_of(work, struct file_priv, work); mutex_lock(&priv->buffer_mutex); - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; memset(priv->data_buffer, 0, sizeof(priv->data_buffer)); mutex_unlock(&priv->buffer_mutex); } @@ -72,7 +72,6 @@ static int tpm_open(struct inode *inode, struct file *file) } priv->chip = chip; - atomic_set(&priv->data_pending, 0); mutex_init(&priv->buffer_mutex); setup_timer(&priv->user_read_timer, user_reader_timeout, (unsigned long)priv); @@ -86,28 +85,24 @@ static ssize_t tpm_read(struct file *file, char __user *buf, size_t size, loff_t *off) { struct file_priv *priv = file->private_data; - ssize_t ret_size; + ssize_t ret_size = 0; int rc; del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); - ret_size = atomic_read(&priv->data_pending); - if (ret_size > 0) { /* relay data */ - ssize_t orig_ret_size = ret_size; - if (size < ret_size) - ret_size = size; + mutex_lock(&priv->buffer_mutex); - mutex_lock(&priv->buffer_mutex); + if (priv->data_pending) { + ret_size = min_t(ssize_t, size, priv->data_pending); rc = copy_to_user(buf, priv->data_buffer, ret_size); - memset(priv->data_buffer, 0, orig_ret_size); + memset(priv->data_buffer, 0, priv->data_pending); if (rc) ret_size = -EFAULT; - mutex_unlock(&priv->buffer_mutex); + priv->data_pending = 0; } - atomic_set(&priv->data_pending, 0); - + mutex_unlock(&priv->buffer_mutex); return ret_size; } @@ -118,18 +113,20 @@ static ssize_t tpm_write(struct file *file, const char __user *buf, size_t in_size = size; ssize_t out_size; - /* cannot perform a write until the read has cleared - either via tpm_read or a user_read_timer timeout. - This also prevents splitted buffered writes from blocking here. - */ - if (atomic_read(&priv->data_pending) != 0) - return -EBUSY; - if (in_size > TPM_BUFSIZE) return -E2BIG; mutex_lock(&priv->buffer_mutex); + /* Cannot perform a write until the read has cleared either via + * tpm_read or a user_read_timer timeout. This also prevents split + * buffered writes from blocking here. + */ + if (priv->data_pending != 0) { + mutex_unlock(&priv->buffer_mutex); + return -EBUSY; + } + if (copy_from_user (priv->data_buffer, (void __user *) buf, in_size)) { mutex_unlock(&priv->buffer_mutex); @@ -159,7 +156,7 @@ static ssize_t tpm_write(struct file *file, const char __user *buf, return out_size; } - atomic_set(&priv->data_pending, out_size); + priv->data_pending = out_size; mutex_unlock(&priv->buffer_mutex); /* Set a timeout by which the reader must come claim the result */ @@ -178,7 +175,7 @@ static int tpm_release(struct inode *inode, struct file *file) del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); file->private_data = NULL; - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; clear_bit(0, &priv->chip->is_open); kfree(priv); return 0; -- 2.17.1

7 years, 4 months

2
2
0 0

Applied "spi: davinci: fix a NULL pointer dereference" to the spi tree

by Mark Brown

The patch spi: davinci: fix a NULL pointer dereference has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 563a53f3906a6b43692498e5b3ae891fac93a4af Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> Date: Fri, 10 Aug 2018 11:13:52 +0200 Subject: [PATCH] spi: davinci: fix a NULL pointer dereference On non-OF systems spi->controlled_data may be NULL. This causes a NULL pointer derefence on dm365-evm. Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-davinci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-davinci.c b/drivers/spi/spi-davinci.c index 60d59b003aa4..4ffc0f495be8 100644 --- a/drivers/spi/spi-davinci.c +++ b/drivers/spi/spi-davinci.c @@ -217,7 +217,7 @@ static void davinci_spi_chipselect(struct spi_device *spi, int value) pdata = &dspi->pdata; /* program delay transfers if tx_delay is non zero */ - if (spicfg->wdelay) + if (spicfg && spicfg->wdelay) spidat1 |= SPIDAT1_WDEL; /* -- 2.18.0

7 years, 4 months

1
0
0 0

Please help to apply commit 32b6170ca59c("ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV")into the 4.4 stable kernel

by Yongqin Liu

Hi, All Sorry, I am following the instructions in Documentation/networking/netdev-FAQ.txt to send out this mail, if I was wrong or there are more things I need to do, please let me know. After investigated on some failures of the android VtsKernelNetTest module test, I found that without the change of "ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV", the config of CRYPTO_ECHAINIV will be generated as m by default in the .config file, which needs more module loading process to be done. But with the 4.9 and 4.14 kernels which have the change, CRYPTO_ECHAINIV will be generated as y by default in the .config file. We could set config of CRYPTO_ECHAINIV to y explicitly to generated the correct .config file, but having the change of "ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV" cherry picked into the 4.4 stable kernel looks more like the right solution. The commit id for that change is 32b6170ca59ccf07d0e394561e54b2cd9726038c, it's already in 4.9 and 4.14 kernels, like here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net… Could you please help to check if we could have 32b6170ca59ccf07d0e394561e54b2cd9726038c in the 4.4 stable kernel? The patch is here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/net?… Thanks in advance! -- Best Regards, Yongqin Liu

7 years, 4 months

2
4
0 0

[PATCH] uprobes: Use synchronize_rcu() not synchronize_sched()

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and noticed that trace_uprobes was using synchronize_sched(), with a comment to synchronize with {u,ret}_probe_trace_func(). When looking at those functions, the data is protected with "rcu_read_lock()" and not with "rcu_read_lock_sched()". This is using the wrong synchronize_*() function. Cc: stable(a)vger.kernel.org Fixes: 70ed91c6ec7f8 ("tracing/uprobes: Support ftrace_event_file base multibuffer") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index bf89a51e740d..ac02fafc9f1b 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -952,7 +952,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) list_del_rcu(&link->list); /* synchronize with u{,ret}probe_trace_func */ - synchronize_sched(); + synchronize_rcu(); kfree(link); if (!list_empty(&tu->tp.files)) -- 2.13.6

7 years, 4 months

2
6
0 0

did you check it

by Kelly

Your photos need editing. We can do it for you. We do editing for e-commerce photos, jewelries images and portrait photos etc. This will include cutout and clipping path etc , also retouching if needed. Let;s know if you want to send photos for working. We can do test on your photos. Thanks, Kelly

7 years, 4 months

1
0
0 0

[PATCH 2/2] drm/nouveau: Reset MST branching unit before enabling

by Lyude Paul

When probing a new MST device, it's not safe to make any assumptions about it's current state. While most well mannered MST hubs will just disable the branching unit on hotplug disconnects, this isn't enough to save us from various other scenarios that might have resulted in something writing to the MST branching unit before we got control of it. This could happen if a previous probe we tried failed, if we're booting in kexec context and the hub is still in the state the last kernel put it in, etc. Luckily; there is no reason we can't just reset the branching unit every time we enable a new topology. So, fix this by resetting it on enabling new topologies to ensure that we always start off with a clean, unmodified topology state on MST sinks. This fixes occasional hard-lockups on my P50's laptop dock (e.g. AUX times out all DPCD trasactions) observed after multiple docks, undocks, and module reloads. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index cdb3ef7c5d86..61bc36e9c915 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1098,17 +1098,21 @@ nv50_mstm_enable(struct nv50_mstm *mstm, u8 dpcd, int state) int ret; if (dpcd >= 0x12) { - ret = drm_dp_dpcd_readb(mstm->mgr.aux, DP_MSTM_CTRL, &dpcd); + /* Even if we're enabling MST, start with disabling the + * branching unit to clear any sink-side MST topology state + * that wasn't set by us + */ + ret = drm_dp_dpcd_writeb(mstm->mgr.aux, DP_MSTM_CTRL, 0); if (ret < 0) return ret; - dpcd &= ~DP_MST_EN; - if (state) - dpcd |= DP_MST_EN; - - ret = drm_dp_dpcd_writeb(mstm->mgr.aux, DP_MSTM_CTRL, dpcd); - if (ret < 0) - return ret; + if (state) { + /* Now, start initializing */ + ret = drm_dp_dpcd_writeb(mstm->mgr.aux, DP_MSTM_CTRL, + DP_MST_EN); + if (ret < 0) + return ret; + } } return nvif_mthd(disp, 0, &args, sizeof(args)); -- 2.17.1

7 years, 4 months

1
0
0 0

[PATCH 1/2] drm/nouveau: Only write DP_MSTM_CTRL when needed

by Lyude Paul

Currently, nouveau will re-write the DP_MSTM_CTRL register for an MST hub every time it receives a long HPD pulse on DP. This isn't actually necessary and additionally, has some unintended side effects. With the P50 I've got here, rewriting DP_MSTM_CTRL constantly seems to make it rather likely (1 out of 5 times usually) that bringing up MST with it's ThinkPad dock will fail and result in sideband messages timing out in the middle. Afterwards, successive probes don't manage to get the dock to communicate properly over MST sideband properly. Many times sideband message timeouts from MST hubs are indicative of either the source or the sink dropping an ESI event, which can cause DRM's perspective of the topology's current state to go out of sync with reality. While it's tough to really know for sure what's happening to the dock, using userspace tools to write to DP_MSTM_CTRL in the middle of the MST link probing process does appear to make things flaky. It's possible that when we write to DP_MSTM_CTRL, the function that gets triggered to respond in the dock's firmware temporarily puts it in a state where it might end up not reporting an ESI to the source, or ends up dropping a sideband message we sent it. So, to fix this we make it so that when probing an MST topology, we respect it's current state. If the dock's already enabled, we simply read DP_MSTM_CTRL and disable the topology if it's value is not what we expected. Otherwise, we perform the normal MST probing dance. We avoid taking any action except if the state of the MST topology actually changes. This fixes MST sideband message timeouts and detection failures on my P50 with its ThinkPad dock. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 45 ++++++++++++++++++++----- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index f6c0b2aa9857..cdb3ef7c5d86 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1117,31 +1117,58 @@ nv50_mstm_enable(struct nv50_mstm *mstm, u8 dpcd, int state) int nv50_mstm_detect(struct nv50_mstm *mstm, u8 dpcd[8], int allow) { - int ret, state = 0; + struct drm_dp_aux *aux; + int ret; + bool old_state, new_state; + u8 mstm_ctrl; if (!mstm) return 0; - if (dpcd[0] >= 0x12) { - ret = drm_dp_dpcd_readb(mstm->mgr.aux, DP_MSTM_CAP, &dpcd[1]); + mutex_lock(&mstm->mgr.lock); + + old_state = mstm->mgr.mst_state; + new_state = old_state; + aux = mstm->mgr.aux; + + if (old_state) { + /* Just check that the MST hub is still as we expect it */ + ret = drm_dp_dpcd_readb(aux, DP_MSTM_CTRL, &mstm_ctrl); + if (ret < 0 || !(mstm_ctrl & DP_MST_EN)) { + DRM_DEBUG_KMS("Hub gone, disabling MST topology\n"); + new_state = false; + } + } else if (dpcd[0] >= 0x12) { + ret = drm_dp_dpcd_readb(aux, DP_MSTM_CAP, &dpcd[1]); if (ret < 0) - return ret; + goto probe_error; if (!(dpcd[1] & DP_MST_CAP)) dpcd[0] = 0x11; else - state = allow; + new_state = allow; } - ret = nv50_mstm_enable(mstm, dpcd[0], state); + if (new_state == old_state) { + mutex_unlock(&mstm->mgr.lock); + return new_state; + } + + ret = nv50_mstm_enable(mstm, dpcd[0], new_state); if (ret) - return ret; + goto probe_error; + + mutex_unlock(&mstm->mgr.lock); - ret = drm_dp_mst_topology_mgr_set_mst(&mstm->mgr, state); + ret = drm_dp_mst_topology_mgr_set_mst(&mstm->mgr, new_state); if (ret) return nv50_mstm_enable(mstm, dpcd[0], 0); - return mstm->mgr.mst_state; + return new_state; + +probe_error: + mutex_unlock(&mstm->mgr.lock); + return ret; } static void -- 2.17.1

7 years, 4 months

1
0
0 0

[for-next][PATCH 6/6] uprobes: Use synchronize_rcu() not synchronize_sched()

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and noticed that trace_uprobes was using synchronize_sched(), with a comment to synchronize with {u,ret}_probe_trace_func(). When looking at those functions, the data is protected with "rcu_read_lock()" and not with "rcu_read_lock_sched()". This is using the wrong synchronize_*() function. Cc: stable(a)vger.kernel.org Fixes: 70ed91c6ec7f8 ("tracing/uprobes: Support ftrace_event_file base multibuffer") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index bf89a51e740d..ac02fafc9f1b 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -952,7 +952,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) list_del_rcu(&link->list); /* synchronize with u{,ret}probe_trace_func */ - synchronize_sched(); + synchronize_rcu(); kfree(link); if (!list_empty(&tu->tp.files)) -- 2.18.0

7 years, 4 months

1
0
0 0

[PATCH v5 1/3] blkcg: Introduce blkg_root_lookup()

by Bart Van Assche

This new function will be used in a later patch to verify whether a queue has been dissociated from the cgroup controller before being released. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Omar Sandoval <osandov(a)fb.com> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- include/linux/blk-cgroup.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/linux/blk-cgroup.h b/include/linux/blk-cgroup.h index f7b910768306..1361cfc9b878 100644 --- a/include/linux/blk-cgroup.h +++ b/include/linux/blk-cgroup.h @@ -341,6 +341,23 @@ static inline struct blkcg_gq *blkg_lookup(struct blkcg *blkcg, return __blkg_lookup(blkcg, q, false); } +/** + * blkg_lookup - look up blkg for the specified request queue + * @q: request_queue of interest + * + * Lookup blkg for @q at the root level. See also blkg_lookup(). + */ +static inline struct blkcg_gq *blkg_root_lookup(struct request_queue *q) +{ + struct blkcg_gq *blkg; + + rcu_read_lock(); + blkg = blkg_lookup(&blkcg_root, q); + rcu_read_unlock(); + + return blkg; +} + /** * blkg_to_pdata - get policy private data * @blkg: blkg of interest @@ -864,6 +881,7 @@ static inline bool blk_cgroup_congested(void) { return false; } static inline void blkcg_schedule_throttle(struct request_queue *q, bool use_memdelay) { } static inline struct blkcg_gq *blkg_lookup(struct blkcg *blkcg, void *key) { return NULL; } +static inline struct blkcg_gq *blkg_root_lookup(struct request_queue *q) { return NULL; } static inline int blkcg_init_queue(struct request_queue *q) { return 0; } static inline void blkcg_drain_queue(struct request_queue *q) { } static inline void blkcg_exit_queue(struct request_queue *q) { } -- 2.18.0

7 years, 4 months

4
3
0 0

v3.18.118 build: 0 failures 8 warnings (v3.18.118)

by Build bot for Mark Brown

Tree/Branch: v3.18.118 Git describe: v3.18.118 Commit: 830f9674e7 Linux 3.18.118 Build Time: 0 min 1 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 8 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 5 warnings 0 mismatches : arm-allmodconfig 5 warnings 0 mismatches : arm-multi_v7_defconfig 12 warnings 0 mismatches : x86_64-allmodconfig 5 warnings 0 mismatches : arm-multi_v5_defconfig 7 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 8 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] 5 ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] 5 ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] 5 ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] 3 ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] 3 ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] 2 ../mm/slub.c:856:29: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] 2 ../mm/slub.c:851:31: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 12 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:31: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:29: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../mm/slub.c:851:31: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:29: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-allnoconfig

7 years, 4 months

1
0
0 0

[PATCH] pci/sriov: Hold rescan lock while enumerating

by Keith Busch

PCI enumeration/de-enumeration needs to run single threaded to prevent race conditions with other threads changing the topology. Altering the number of virtual functions was not taking the rescan/remove lock hile adding or removing those virtual functions, so this patch adds that. Reported-by: Krzysztof Wierzbicki <krzysztof.wierzbicki(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Keith Busch <keith.busch(a)intel.com> --- drivers/pci/pci-sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 9ecfe13157c0..611abe220b6f 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -591,6 +591,7 @@ static ssize_t sriov_numvfs_store(struct device *dev, if (num_vfs > pci_sriov_get_totalvfs(pdev)) return -ERANGE; + pci_lock_rescan_remove(); device_lock(&pdev->dev); if (num_vfs == pdev->sriov->num_VFs) @@ -627,6 +628,7 @@ static ssize_t sriov_numvfs_store(struct device *dev, exit: device_unlock(&pdev->dev); + pci_unlock_rescan_remove(); if (ret < 0) return ret; -- 2.14.4

7 years, 4 months

1
0
0 0

[PATCH v5 3/3] block: Ensure that a request queue is dissociated from the cgroup controller

by Bart Van Assche

Several block drivers call alloc_disk() followed by put_disk() if something fails before device_add_disk() is called without calling blk_cleanup_queue(). Make sure that also for this scenario a request queue is dissociated from the cgroup controller. This patch avoids that loading the parport_pc, paride and pf drivers triggers the following kernel crash: BUG: KASAN: null-ptr-deref in pi_init+0x42e/0x580 [paride] Read of size 4 at addr 0000000000000008 by task modprobe/744 Call Trace: dump_stack+0x9a/0xeb kasan_report+0x139/0x350 pi_init+0x42e/0x580 [paride] pf_init+0x2bb/0x1000 [pf] do_one_initcall+0x8e/0x405 do_init_module+0xd9/0x2f2 load_module+0x3ab4/0x4700 SYSC_finit_module+0x176/0x1a0 do_syscall_64+0xee/0x2b0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Reported-by: Alexandru Moise <00moses.alexander00(a)gmail.com> Fixes: a063057d7c73 ("block: Fix a race between request queue removal and the block cgroup controller") # v4.17 Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Tested-by: Alexandru Moise <00moses.alexander00(a)gmail.com> Reviewed-by: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- block/blk-sysfs.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index ca1984ecbdeb..fcadea471779 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -802,6 +802,21 @@ static void __blk_release_queue(struct work_struct *work) blk_stat_remove_callback(q, q->poll_cb); blk_stat_free_callback(q->poll_cb); + if (!blk_queue_dead(q)) { + /* + * Last reference was dropped without having called + * blk_cleanup_queue(). + */ + WARN_ONCE(blk_queue_init_done(q), + "request queue %p has been registered but blk_cleanup_queue() has not been called for that queue\n", + q); + blk_exit_queue(q); + } + + WARN(blkg_root_lookup(q), + "request queue %p is being released but it has not yet been removed from the blkcg controller\n", + q); + blk_free_queue_stats(q->stats); blk_exit_rl(q, &q->root_rl); -- 2.18.0

7 years, 4 months

1
0
0 0

[PATCH v5 2/3] block: Introduce blk_exit_queue()

by Bart Van Assche

This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Reviewed-by: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Omar Sandoval <osandov(a)fb.com> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- block/blk-core.c | 54 +++++++++++++++++++++++++++--------------------- block/blk.h | 1 + 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 2e054b65de42..55bc22ef2934 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -719,6 +719,35 @@ void blk_set_queue_dying(struct request_queue *q) } EXPORT_SYMBOL_GPL(blk_set_queue_dying); +/* Unconfigure the I/O scheduler and dissociate from the cgroup controller. */ +void blk_exit_queue(struct request_queue *q) +{ + /* + * Since the I/O scheduler exit code may access cgroup information, + * perform I/O scheduler exit before disassociating from the block + * cgroup controller. + */ + if (q->elevator) { + ioc_clear_queue(q); + elevator_exit(q, q->elevator); + q->elevator = NULL; + } + + /* + * Remove all references to @q from the block cgroup controller before + * restoring @q->queue_lock to avoid that restoring this pointer causes + * e.g. blkcg_print_blkgs() to crash. + */ + blkcg_exit_queue(q); + + /* + * Since the cgroup code may dereference the @q->backing_dev_info + * pointer, only decrease its reference count after having removed the + * association with the block cgroup controller. + */ + bdi_put(q->backing_dev_info); +} + /** * blk_cleanup_queue - shutdown a request queue * @q: request queue to shutdown @@ -788,30 +817,7 @@ void blk_cleanup_queue(struct request_queue *q) */ WARN_ON_ONCE(q->kobj.state_in_sysfs); - /* - * Since the I/O scheduler exit code may access cgroup information, - * perform I/O scheduler exit before disassociating from the block - * cgroup controller. - */ - if (q->elevator) { - ioc_clear_queue(q); - elevator_exit(q, q->elevator); - q->elevator = NULL; - } - - /* - * Remove all references to @q from the block cgroup controller before - * restoring @q->queue_lock to avoid that restoring this pointer causes - * e.g. blkcg_print_blkgs() to crash. - */ - blkcg_exit_queue(q); - - /* - * Since the cgroup code may dereference the @q->backing_dev_info - * pointer, only decrease its reference count after having removed the - * association with the block cgroup controller. - */ - bdi_put(q->backing_dev_info); + blk_exit_queue(q); if (q->mq_ops) blk_mq_free_queue(q); diff --git a/block/blk.h b/block/blk.h index 6adae8f94279..aeb8026f4d7b 100644 --- a/block/blk.h +++ b/block/blk.h @@ -130,6 +130,7 @@ void blk_free_flush_queue(struct blk_flush_queue *q); int blk_init_rl(struct request_list *rl, struct request_queue *q, gfp_t gfp_mask); void blk_exit_rl(struct request_queue *q, struct request_list *rl); +void blk_exit_queue(struct request_queue *q); void blk_rq_bio_prep(struct request_queue *q, struct request *rq, struct bio *bio); void blk_queue_bypass_start(struct request_queue *q); -- 2.18.0

7 years, 4 months

1
0
0 0

want to edit

by Tony

We just found that you need image editing. We are an image studio, we do all kinds of image editing such as for e-commerce photos, jewelry images and portrait mages. Our service includes cutting out and clipping path etc , we also do retouching. You may send us a photo, testing will be provided to check our quality Thanks, Tony Glenn

7 years, 4 months

1
0
0 0

in our studio

by Tony

We just found that you need image editing. We are an image studio, we do all kinds of image editing such as for e-commerce photos, jewelry images and portrait mages. Our service includes cutting out and clipping path etc , we also do retouching. You may send us a photo, testing will be provided to check our quality Thanks, Tony Glenn

7 years, 4 months

1
0
0 0

Linux 3.18.118

by Greg KH

I'm announcing the release of the 3.18.118 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/microblaze/boot/Makefile | 10 ++-- arch/powerpc/kernel/head_8xx.S | 2 arch/powerpc/kernel/pci_32.c | 1 arch/powerpc/platforms/chrp/time.c | 6 +- arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 5 ++ arch/powerpc/platforms/powermac/bootx_init.c | 4 + arch/powerpc/platforms/powermac/setup.c | 1 arch/s390/include/asm/cpu_mf.h | 6 +- arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 arch/x86/kernel/cpu/perf_event_intel_uncore_nhmex.c | 2 crypto/authenc.c | 1 crypto/authencesn.c | 1 drivers/acpi/pci_root.c | 4 + drivers/ata/libata-eh.c | 12 +++-- drivers/char/random.c | 10 +++- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/gma500/psb_intel_drv.h | 2 drivers/gpu/drm/gma500/psb_intel_lvds.c | 2 drivers/gpu/drm/radeon/radeon_connectors.c | 10 ++-- drivers/hid/i2c-hid/i2c-hid.c | 8 +++ drivers/infiniband/core/mad.c | 11 ++-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/md.c | 3 + drivers/media/common/siano/smsendian.c | 14 ++--- drivers/media/i2c/smiapp/smiapp-core.c | 11 ++-- drivers/media/pci/saa7164/saa7164-fw.c | 3 - drivers/media/platform/omap3isp/isp.c | 7 +- drivers/media/radio/si470x/radio-si470x-i2c.c | 6 +- drivers/net/can/usb/ems_usb.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/wireless/ath/regd.h | 5 ++ drivers/net/wireless/ath/regd_common.h | 13 +++++ drivers/net/wireless/mwifiex/usb.c | 3 + drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 drivers/net/wireless/ti/wlcore/sdio.c | 5 ++ drivers/net/xen-netfront.c | 6 ++ drivers/pci/pci-sysfs.c | 15 +++--- drivers/regulator/pfuze100-regulator.c | 1 drivers/rtc/interface.c | 5 ++ drivers/scsi/3w-9xxx.c | 5 ++ drivers/scsi/3w-xxxx.c | 3 + drivers/scsi/megaraid.c | 3 + drivers/scsi/qla2xxx/qla_init.c | 7 +- drivers/scsi/qla2xxx/qla_os.c | 5 +- drivers/scsi/sg.c | 1 drivers/scsi/ufs/ufshcd.c | 2 drivers/tty/hvc/hvc_opal.c | 1 drivers/tty/pty.c | 3 + drivers/usb/core/hub.c | 4 + drivers/virtio/virtio_balloon.c | 2 fs/jfs/xattr.c | 10 ++-- fs/squashfs/block.c | 2 fs/squashfs/cache.c | 3 + fs/squashfs/file.c | 8 ++- fs/squashfs/fragment.c | 17 ++++--- fs/squashfs/squashfs_fs.h | 6 ++ fs/squashfs/squashfs_fs_sb.h | 1 fs/squashfs/super.c | 5 +- include/linux/ring_buffer.h | 1 include/net/tcp.h | 2 kernel/bpf/verifier.c | 4 - kernel/trace/ring_buffer.c | 16 ++++++ kernel/trace/trace.c | 6 ++ kernel/trace/trace_events_trigger.c | 18 +++++-- kernel/trace/trace_kprobe.c | 15 +++++- mm/slub.c | 2 mm/vmalloc.c | 3 - net/dsa/slave.c | 6 ++ net/ipv4/fib_frontend.c | 4 - net/ipv4/inet_fragment.c | 10 ++-- net/ipv4/ipconfig.c | 13 +++++ net/ipv4/tcp_dctcp.c | 4 - net/ipv4/tcp_input.c | 48 ++++++++++---------- sound/pci/emu10k1/emupcm.c | 4 + sound/pci/emu10k1/memory.c | 6 +- sound/pci/fm801.c | 16 +++++- sound/pci/hda/patch_ca0132.c | 8 ++- sound/soc/soc-pcm.c | 6 +- sound/usb/pcm.c | 2 tools/usb/usbip/src/usbip_detach.c | 9 ++- 81 files changed, 365 insertions(+), 144 deletions(-) Alexandre Belloni (1): rtc: ensure rtc_set_alarm fails when alarms are not supported Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anson Huang (1): regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops Anton Vasilyev (1): can: ems_usb: Fix memory leak on ems_usb_disconnect() Artem Savkov (1): tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure Brad Love (1): media: saa7164: Fix driver name in debug output Chintan Pandya (1): mm: vmalloc: avoid racy handling of debugobjects in vunmap Chris Novakovic (1): ipconfig: Correctly initialise ic_nameservers Christoph Hellwig (1): PCI: Prevent sysfs disable of device while driver is attached Christophe Leroy (1): powerpc/8xx: fix invalid register expression in head_8xx.S Colin Ian King (1): media: smiapp: fix timeout checking in smiapp_read_nvm Cong Wang (1): infiniband: fix a possible use-after-free bug DaeRyong Jeong (1): tty: Fix data race in tty_insert_flip_string_fixed_flag Damien Le Moal (1): libata: Fix command retry decision Dan Carpenter (1): scsi: megaraid: silence a static checker bug Dmitry Torokhov (1): HID: i2c-hid: check if device is there before really probing Dominik Bozek (1): usb: hub: Don't wait for connect state at resume for powered-off ports Eric Dumazet (5): tcp: do not force quickack when receiving out-of-order packets tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode tcp: do not aggressively quick ack after ECN events tcp: add one more quick ack after after ECN events inet: frag: enforce memory limits earlier Eugeniy Paltsev (1): NET: stmmac: align DMA stuff to largest cache line length Eyal Reizer (1): wlcore: sdio: check for valid platform device data before suspend Florian Fainelli (1): net: dsa: Do not suspend/resume closed slave_dev Ganapathi Bhat (1): mwifiex: handle race during mwifiex_usb_disconnect Greg Kroah-Hartman (1): Linux 3.18.118 Herbert Xu (1): crypto: padlock-aes - Fix Nano workaround data corruption Jakub Kicinski (1): bpf: fix references to free_bpf_prog_info() in comments Jiang Biao (1): virtio_balloon: fix another race between migration and ballooning Jonathan Neuschäfer (1): powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet Kai Chieh Chuang (1): ASoC: dpcm: fix BE dai not hw_free and shutdown Kan Liang (2): perf/x86/intel/uncore: Correct fixed counter index check in generic code perf/x86/intel/uncore: Correct fixed counter index check for NHM Leon Romanovsky (1): RDMA/mad: Convert BUG_ONs to error flows Linus Torvalds (3): squashfs: be more careful about metadata corruption squashfs: more metadata hardening squashfs: more metadata hardenings Lorenzo Bianconi (1): ipv4: remove BUG_ON() from fib_compute_spec_dst Luc Van Oostenryck (2): drm/radeon: fix mode_valid's return type drm/gma500: fix psb_intel_lvds_mode_valid()'s return type Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Mathieu Malaterre (5): mm/slub.c: add __printf verification to slab_err() powerpc/32: Add a missing include header powerpc/chrp/time: Make some functions static, add missing header include powerpc/powermac: Add missing prototype for note_bootable_part() powerpc/powermac: Mark variable x as unused Mauro Carvalho Chehab (2): media: siano: get rid of __le32/__le16 cast warnings media: si470x: fix __be16 annotations Maya Erez (1): scsi: ufs: fix exception event handling Michal Simek (1): microblaze: Fix simpleImage format generation Mika Westerberg (1): PCI: pciehp: Request control of native hotplug only if supported Quinn Tran (1): scsi: qla2xxx: Fix ISP recovery on unload Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (1): usbip: usbip_detach: Fix memory, udev context and udev leak Siva Rebbagondla (1): rsi: Fix 'invalid vdd' warning in mmc Steven Rostedt (VMware) (3): tracing: Fix double free of event_trigger_data tracing: Fix possible double free in event_enable_trigger_func() tracing: Quiet gcc warning about maybe unused link variable Stewart Smith (1): hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() Suman Anna (1): media: omap3isp: fix unbalanced dma_iommu_mapping Sven Eckelmann (9): ath: Add regulatory mapping for FCC3_ETSIC ath: Add regulatory mapping for ETSI8_WORLD ath: Add regulatory mapping for APL13_WORLD ath: Add regulatory mapping for APL2_FCCA ath: Add regulatory mapping for Uganda ath: Add regulatory mapping for Tanzania ath: Add regulatory mapping for Serbia ath: Add regulatory mapping for Bermuda ath: Add regulatory mapping for Bahamas Takashi Iwai (2): ALSA: emu10k1: Rate-limit error messages about page errors ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback Takashi Sakamoto (1): ALSA: hda/ca0132: fix build failure when a local macro is defined Theodore Ts'o (1): random: mix rdrand with entropy sent in from userspace Thomas Richter (2): s390/cpum_sf: Add data entry sizes to sampling trailer entry perf: fix invalid bit in diagnostic entry Tony Battersby (1): scsi: sg: fix minor memory leak in error path Tudor-Dan Ambarus (2): crypto: authencesn - don't leak pointers to authenc keys crypto: authenc - don't leak pointers to authenc keys Wenwen Wang (2): scsi: 3w-9xxx: fix a missing-check bug scsi: 3w-xxxx: fix a missing-check bug Xiao Liang (1): xen-netfront: wait xenbus state change when load module manually Yousuk Seung (1): tcp: refactor tcp_ecn_check_ce to remove sk type cast Yufen Yu (1): md: fix NULL dereference of mddev->pers in remove_and_add_spares() Zhouyang Jia (2): ALSA: emu10k1: add error handling for snd_ctl_add ALSA: fm801: add error handling for snd_ctl_add

7 years, 4 months

1
1
0 0

Linux 4.4.147

by Greg KH

I'm announcing the release of the 4.4.147 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/i2c/busses/i2c-imx.c | 3 +-- drivers/pci/pci-acpi.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 7 +++---- drivers/scsi/qla2xxx/qla_os.c | 5 +++-- fs/ext4/super.c | 4 ++-- fs/jfs/xattr.c | 10 ++++++---- include/linux/ring_buffer.h | 1 + kernel/irq/manage.c | 9 ++++++++- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++++++++++ kernel/trace/trace.c | 6 ++++++ net/netlink/af_netlink.c | 5 +++++ 13 files changed, 54 insertions(+), 18 deletions(-) Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anna-Maria Gleixner (1): nohz: Fix local_timer_softirq_pending() Dmitry Safonov (3): netlink: Do not subscribe to non-existent groups netlink: Don't shift with UB on nlk->ngroups netlink: Don't shift on 64 for ngroups Esben Haabendal (1): i2c: imx: Fix reinit_completion() use Greg Kroah-Hartman (1): Linux 4.4.147 Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Quinn Tran (1): scsi: qla2xxx: Fix ISP recovery on unload Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Theodore Ts'o (1): ext4: fix false negatives *and* false positives in ext4_check_descriptors() Thomas Gleixner (1): genirq: Make force irq threading setup more robust Vitaly Kuznetsov (1): ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle

7 years, 4 months

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror