- Linux-stable-mirror - lists.linaro.org

Re: [PATCH] b43: Fix regression in kernel 4.18

by Larry Finger

On 08/31/2018 10:38 AM, Kalle Valo wrote: > Larry Finger <Larry.Finger(a)lwfinger.net> wrote: > >> In commit 66cffd6daab7 ("b43: fix transmit failure when VT is switched"), >> a condition is noted where the network controller needs to be reset. Note >> that this situation happens when running the open-source firmware >> (http://netweb.ing.unibs.it/~openfwwf/), plus a number of other special >> conditions. >> >> for a different card model, it is reported that this change breaks >> operation running the proprietary firmware >> (https://marc.info/?l=linux-wireless&m=153504546924558&w=2). Rather >> than reverting the previous patch, the code is tweaked to avoid the >> reset unless the open-source firmware is being used. >> >> Fixes: 66cffd6daab7 ("b43: fix transmit failure when VT is switched") >> Cc: Stable <stable(a)vger.kernel.org> # 4.18+ >> Cc: Taketo Kabe <kabe(a)sra-tohoku.co.jp> >> Reported-and-tested-by: D. Prabhu <d.praabhu(a)gmail.com> >> Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > > I'll change the title to something more descriptive: > > b43: fix DMA error related regression with proprietary firmware > > Does that make sense? Yes, that is fine. Larry

7 years, 4 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.4 000/105] 4.4.106-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.106 release. There are 105 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 17 09:22:39 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.106-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.106-rc1 Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping Marc Zyngier <marc.zyngier(a)arm.com> arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/efi: Hoist page table switching code into efi_call_virt()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/efi: Build our own page table structures" Eric Dumazet <edumazet(a)google.com> net/packet: fix a race in packet_bind() and packet_notifier() Mike Maloney <maloney(a)google.com> packet: fix crash in fanout_demux_rollover() Hangbin Liu <liuhangbin(a)gmail.com> sit: update frag_off info Håkon Bugge <Haakon.Bugge(a)oracle.com> rds: Fix NULL pointer dereference in __rds_rdma_map Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix memory leak in tipc_accept_from_sock() Al Viro <viro(a)zeniv.linux.org.uk> more bio_map_user_iov() leak fixes Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: always save and restore all registers on context switch Masamitsu Yamazaki <m-yamazaki(a)ah.jp.nec.com> ipmi: Stop timers before cleaning up the module Paul Moore <paul(a)paul-moore.com> audit: ensure that 'audit=1' actually enables audit for PID 1 Keefe Liu <liuqifa(a)huawei.com> ipvlan: fix ipv6 outbound device David Howells <dhowells(a)redhat.com> afs: Connect up the CB.ProbeUuid Majd Dibbiny <majd(a)mellanox.com> IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch <markb(a)mellanox.com> IB/mlx4: Increase maximal message size under UD QP Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Copy policy family in clone_policy Jason Baron <jbaron(a)akamai.com> jump_label: Invoke jump_label_test() via early_initcall() Arvind Yadav <arvind.yadav.cs(a)gmail.com> atm: horizon: Fix irq release error Xin Long <lucien.xin(a)gmail.com> sctp: use the right sk after waking up from wait_buf sleep Xin Long <lucien.xin(a)gmail.com> sctp: do not free asoc when it is already dead in sctp_sendmsg Pavel Tatashin <pasha.tatashin(a)oracle.com> sparc64/mm: set fields in deferred pages Ming Lei <ming.lei(a)redhat.com> block: wake up all tasks blocked in get_request() Chuck Lever <chuck.lever(a)oracle.com> sunrpc: Fix rpc_task_begin trace point Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix a typo in nfs_rename() Randy Dunlap <rdunlap(a)infradead.org> dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Stephen Bates <sbates(a)raithlin.com> lib/genalloc.c: make the avail variable an atomic_long_t Xin Long <lucien.xin(a)gmail.com> route: update fnhe_expires for redirect when the fnhe exists Xin Long <lucien.xin(a)gmail.com> route: also update fnhe_genid when updating a route cache Ben Hutchings <ben.hutchings(a)codethink.co.uk> mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: pkg: use --transform option to prefix paths in tar Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix definition of NRECMEMB register Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested Jim Qu <Jim.Qu(a)amd.com> drm/amd/amdgpu: fix console deadlock if late init failed Jan Kara <jack(a)suse.cz> axonram: Fix gendisk handling Florian Westphal <fw(a)strlen.de> netfilter: don't track fragmented packets Johannes Thumshirn <jthumshirn(a)suse.de> zram: set physical queue limits to avoid array out of bounds accesses Chris Brandt <chris.brandt(a)renesas.com> i2c: riic: fix restart condition Krzysztof Kozlowski <krzk(a)kernel.org> crypto: s5p-sss - Fix completing crypto request in IRQ handler WANG Cong <xiyou.wangcong(a)gmail.com> ipv6: reorder icmpv6_init() and ip6_mr_init() Michal Schmidt <mschmidt(a)redhat.com> bnx2x: do not rollback VF MAC/VLAN filters we did not configure Michal Schmidt <mschmidt(a)redhat.com> bnx2x: fix possible overrun of VFPF multicast addresses array Michal Schmidt <mschmidt(a)redhat.com> bnx2x: prevent crash when accessing PTP with interface down Blomme, Maarten <Maarten.Blomme(a)flir.com> spi_ks8995: fix "BUG: key accdaa28 not in .data!" Mark Rutland <mark.rutland(a)arm.com> arm64: KVM: Survive unknown traps from guests Mark Rutland <mark.rutland(a)arm.com> arm: KVM: Survive unknown traps from guests Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset Franck Demathieu <fdemathieu(a)gmail.com> irqchip/crossbar: Fix incorrect type of register size James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters Tejun Heo <tj(a)kernel.org> workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq Tejun Heo <tj(a)kernel.org> libata: drop WARN from protocol error in ata_sff_qc_issue() Jim Mattson <jmattson(a)google.com> kvm: nVMX: VMCLEAR should not cause the vCPU to shut down Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> USB: gadgetfs: Fix a potential memory leak in 'dev_config()' John Keeping <john(a)metanate.com> usb: gadget: configs: plug memory leak Daniel Drake <drake(a)endlessm.com> HID: chicony: Add support for another ASUS Zen AiO keyboard Phil Reid <preid(a)electromag.com.au> gpio: altera: Use handle_level_irq when configured as a level_high Guenter Roeck <linux(a)roeck-us.net> ARM: OMAP2+: Release device node after it is no longer needed. Guenter Roeck <linux(a)roeck-us.net> ARM: OMAP2+: Fix device node reference counts David Daney <david.daney(a)cavium.com> module: set __jump_table alignment to 8 Sachin Sant <sachinp(a)linux.vnet.ibm.com> selftest/powerpc: Fix false failures for skipped tests Thomas Gleixner <tglx(a)linutronix.de> x86/hpet: Prevent might sleep splat on resume Ladislav Michl <ladis(a)linux-mips.org> ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure Steffen Klassert <steffen.klassert(a)secunet.com> vti6: Don't report path MTU below IPV6_MIN_MTU. Sasha Levin <alexander.levin(a)verizon.com> Revert "s390/kbuild: enable modversions for symbols exported from asm" Sasha Levin <alexander.levin(a)verizon.com> Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" Sasha Levin <alexander.levin(a)verizon.com> Revert "drm/armada: Fix compile fail" Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: drop unused pmdp_huge_get_and_clear_notify() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> thp: fix MADV_DONTNEED vs. numa balancing race Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> thp: reduce indentation level in change_huge_pmd() Stephen Hemminger <stephen(a)networkplumber.org> scsi: storvsc: Workaround for virtual DVD SCSI version Russell King <rmk+kernel(a)armlinux.org.uk> ARM: avoid faulting on qemu Russell King <rmk+kernel(a)armlinux.org.uk> ARM: BUG if jumping to usermode address in kernel mode Dave Martin <Dave.Martin(a)arm.com> arm64: fpsimd: Prevent registers leaking from dead tasks Andrew Honig <ahonig(a)google.com> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one Laurent Caumont <lcaumont2(a)gmail.com> media: dvb: i2c transfers over usb cannot be done from stack Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU Dave Gordon <david.s.gordon(a)intel.com> drm: extra printk() wrapper macros Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix handling of kallsyms_symbol_next() return value Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix compat system call table Robin Murphy <robin.murphy(a)arm.com> iommu/vt-d: Fix scatterlist offset handling Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Add check return value for usb_string() Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Fix out-of-bound error Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Remove spurious WARN_ON() at timer check Robb Glasser <rglasser(a)google.com> ALSA: pcm: prevent UAF in snd_pcm_info Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> x86/PCI: Make broadcom_postcore_init() check acpi_disabled Eric Biggers <ebiggers(a)google.com> X.509: reject invalid BIT STRING for subjectPublicKey Eric Biggers <ebiggers(a)google.com> ASN.1: check for error from ASN1_OP_END__ACT actions Eric Biggers <ebiggers(a)google.com> ASN.1: fix out-of-bounds read when parsing indefinite length item Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> efi: Move some sysfs files to be read-only by root Huacai Chen <chenhc(a)lemote.com> scsi: libsas: align sata_device's rps_resp on a cacheline William Breathitt Gray <vilhelm.gray(a)gmail.com> isa: Prevent NULL dereference in isa_bus driver callbacks Paul Meyer <Paul.Meyer(a)microsoft.com> hv: kvp: Avoid reading past allocated blocks from KVP file weiping zhang <zwp10758(a)gmail.com> virtio: release virtio index when fail to device_register Martin Kelly <mkelly(a)xevo.com> can: usb_8dev: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: esd_usb2: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: ems_usb: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: kvaser_usb: cancel urb on -EPIPE and -EPROTO Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: ratelimit errors if incomplete messages are received Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: free buf in error paths Oliver Stäbler <oliver.staebler(a)bytesatwork.ch> can: ti_hecc: Fix napi poll return value for repoll ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/assembler.h | 18 +++ arch/arm/include/asm/kvm_arm.h | 4 +- arch/arm/kernel/entry-header.S | 6 + arch/arm/kvm/handle_exit.c | 19 +-- arch/arm/mach-omap2/gpmc-onenand.c | 10 +- arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 25 ++-- arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/kernel/process.c | 9 ++ arch/arm64/kvm/handle_exit.c | 19 +-- arch/powerpc/platforms/powernv/pci-ioda.c | 3 + arch/powerpc/sysdev/axonram.c | 5 +- arch/s390/include/asm/asm-prototypes.h | 8 -- arch/s390/include/asm/switch_to.h | 19 ++- arch/s390/kernel/syscalls.S | 6 +- arch/sparc/mm/init_64.c | 9 +- arch/x86/include/asm/efi.h | 26 ---- arch/x86/kernel/hpet.c | 2 +- arch/x86/kvm/vmx.c | 31 ++--- arch/x86/mm/pageattr.c | 17 ++- arch/x86/pci/broadcom_bus.c | 2 +- arch/x86/platform/efi/efi.c | 39 +++--- arch/x86/platform/efi/efi_32.c | 5 - arch/x86/platform/efi/efi_64.c | 137 ++++++---------------- arch/x86/platform/efi/efi_stub_64.S | 43 +++++++ block/bio.c | 14 ++- block/blk-core.c | 4 +- crypto/asymmetric_keys/x509_cert_parser.c | 2 + drivers/ata/libata-sff.c | 1 - drivers/atm/horizon.c | 2 +- drivers/base/isa.c | 10 +- drivers/block/zram/zram_drv.c | 2 + drivers/char/ipmi/ipmi_si_intf.c | 44 +++---- drivers/crypto/s5p-sss.c | 5 +- drivers/edac/i5000_edac.c | 8 +- drivers/edac/i5400_edac.c | 9 +- drivers/firmware/efi/efi.c | 3 +- drivers/firmware/efi/esrt.c | 15 +-- drivers/firmware/efi/runtime-map.c | 10 +- drivers/gpio/gpio-altera.c | 26 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/armada/Makefile | 2 - drivers/gpu/drm/exynos/exynos_drm_gem.c | 9 ++ drivers/hid/Kconfig | 4 +- drivers/hid/hid-chicony.c | 1 + drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + drivers/i2c/busses/i2c-riic.c | 6 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/iommu/intel-iommu.c | 8 +- drivers/irqchip/irq-crossbar.c | 8 +- drivers/media/usb/dvb-usb/dibusb-common.c | 16 ++- drivers/memory/omap-gpmc.c | 4 +- drivers/net/can/ti_hecc.c | 3 + drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + drivers/net/can/usb/kvaser_usb.c | 13 +- drivers/net/can/usb/usb_8dev.c | 2 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 20 +++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 8 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 ++-- drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/phy/spi_ks8995.c | 1 + drivers/net/wireless/mac80211_hwsim.c | 5 +- drivers/scsi/lpfc/lpfc_els.c | 14 ++- drivers/scsi/storvsc_drv.c | 27 +++-- drivers/spi/Kconfig | 1 - drivers/usb/gadget/configfs.c | 1 + drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/legacy/inode.c | 4 +- drivers/virtio/virtio.c | 2 + fs/afs/cmservice.c | 3 + fs/nfs/dir.c | 2 +- include/drm/drmP.h | 26 +++- include/linux/genalloc.h | 3 +- include/linux/mmu_notifier.h | 13 -- include/linux/omap-gpmc.h | 5 +- include/linux/sysfs.h | 6 + include/scsi/libsas.h | 2 +- kernel/audit.c | 10 +- kernel/debug/kdb/kdb_io.c | 2 +- kernel/jump_label.c | 2 +- kernel/workqueue.c | 1 + lib/asn1_decoder.c | 49 ++++---- lib/dynamic_debug.c | 4 + lib/genalloc.c | 10 +- mm/huge_memory.c | 82 +++++++++---- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 + net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 - net/ipv4/route.c | 14 ++- net/ipv6/af_inet6.c | 10 +- net/ipv6/ip6_vti.c | 8 +- net/ipv6/sit.c | 1 + net/packet/af_packet.c | 37 +++--- net/packet/internal.h | 1 - net/rds/rdma.c | 2 +- net/sctp/socket.c | 38 ++++-- net/sunrpc/sched.c | 3 +- net/tipc/server.c | 1 + net/xfrm/xfrm_policy.c | 1 + scripts/module-common.lds | 2 + scripts/package/Makefile | 5 +- sound/core/pcm.c | 2 + sound/core/seq/seq_timer.c | 2 +- sound/usb/mixer.c | 13 +- tools/hv/hv_kvp_daemon.c | 70 +++-------- tools/testing/selftests/powerpc/harness.c | 6 +- 109 files changed, 701 insertions(+), 570 deletions(-)

7 years, 4 months

9
123
0 0

4.18.y build failure

by Dan Rue

The following commit in 4.18.y causes the build to fail: 79764192e1c4 ("printk/nmi: Prevent deadlock when accessing the main log buffer in NMI") with: | kernel/printk/printk_safe.o: In function `vprintk_func': | printk_safe.c:(.text+0x51b): undefined reference to `vprintk_store' | printk_safe.c:(.text+0x52f): undefined reference to `defer_console_output' Picking up these from mainline seems to do the trick: a338f84dc196 ("printk: Create helper function to queue deferred console handling") ba552399954d ("printk: Split the code for storing a message into the log buffer") Thanks, Dan

7 years, 4 months

3
2
0 0

[PATCH] firmware: Fix security issue with request_firmware_into_buf()

by Luis R. Rodriguez

From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> --- This has been tested with the self test firmware scrip and found no regressions. drivers/base/firmware_loader/main.c | 30 +++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out; -- 2.18.0

7 years, 4 months

1
0
0 0

[PATCH 2/2] xhci: Fix use after free for URB cancellation on a reallocated endpoint

by Mathias Nyman

Make sure the cancelled URB is on the current endpoint ring. If the endpoint ring has been reallocated since the URB was enqueued then the URB may contain TD and TRB pointers to a already freed ring. In this the case return the URB without touching any of the freed ring structure data. Don't try to stop the ring. It would be useless. This can occur if endpoint is not flushed before it is dropped and re-added, which is the case in usb_set_interface() as xhci does things in an odd order. Cc: <stable(a)vger.kernel.org> Tested-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 61f48b1..0420eef 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -37,6 +37,21 @@ static unsigned long long quirks; module_param(quirks, ullong, S_IRUGO); MODULE_PARM_DESC(quirks, "Bit flags for quirks to be enabled as default"); +static bool td_on_ring(struct xhci_td *td, struct xhci_ring *ring) +{ + struct xhci_segment *seg = ring->first_seg; + + if (!td || !td->start_seg) + return false; + do { + if (seg == td->start_seg) + return true; + seg = seg->next; + } while (seg && seg != ring->first_seg); + + return false; +} + /* TODO: copied from ehci-hcd.c - can this be refactored? */ /* * xhci_handshake - spin reading hc until handshake completes or fails @@ -1571,6 +1586,21 @@ static int xhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) goto done; } + /* + * check ring is not re-allocated since URB was enqueued. If it is, then + * make sure none of the ring related pointers in this URB private data + * are touched, such as td_list, otherwise we overwrite freed data + */ + if (!td_on_ring(&urb_priv->td[0], ep_ring)) { + xhci_err(xhci, "Canceled URB td not found on endpoint ring"); + for (i = urb_priv->num_tds_done; i < urb_priv->num_tds; i++) { + td = &urb_priv->td[i]; + if (!list_empty(&td->cancelled_td_list)) + list_del_init(&td->cancelled_td_list); + } + goto err_giveback; + } + if (xhci->xhc_state & XHCI_STATE_HALTED) { xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb, "HC halted, freeing TD manually."); -- 2.7.4

7 years, 4 months

1
0
0 0

Again the photos things

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

7 years, 4 months

1
0
0 0

Photo processing

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

7 years, 4 months

1
0
0 0

Images processing

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 4 months

2
1
0 0

[PATCH 1/2] i2c: designware: Re-init controllers with pm_disabled set on resume

by Hans de Goede

On Bay Trail and Cherry Trail devices we set the pm_disabled flag for I2C busses which the OS shares with the PUNIT as these need special handling. Until now we called dev_pm_syscore_device(dev, true) for I2C controllers with this flag set to keep these I2C controllers always on. After commit 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation"), this no longer works. This commit modifies lpss_iosf_exit_d3_state() to only run if lpss_iosf_enter_d3_state() has ran before it, so that it does not run on a resume from hibernate (or from S3). On these systems the conditions for lpss_iosf_enter_d3_state() to run never become true, so lpss_iosf_exit_d3_state() never gets called and the 2 LPSS DMA controllers never get forced into D0 mode, instead they are left in their default automatic power-on when needed mode. The not forcing of D0 mode for the DMA controllers enables these systems to properly enter S0ix modes, which is a good thing. But after entering S0ix modes the I2C controller connected to the PMIC no longer works, leading to e.g. broken battery monitoring. The _PS3 method for this I2C controller looks like this: Method (_PS3, 0, NotSerialized) // _PS3: Power State 3 { If ((((PMID == 0x04) || (PMID == 0x05)) || (PMID == 0x06))) { Return (Zero) } PSAT |= 0x03 Local0 = PSAT /* \_SB_.I2C5.PSAT */ } Where PMID = 0x05, so we enter the Return (Zero) path on these systems. So even if we were to not call dev_pm_syscore_device(dev, true) the I2C controller will be left in D0 rather then be switched to D3. Yet on other Bay and Cherry Trail devices S0ix is not entered unless *all* I2C controllers are in D3 mode. This combined with the I2C controller no longer working now that we reach S0ix states on these systems leads to me believing that the PUNIT itself puts the I2C controller in D3 when all other conditions for entering S0ix states are true. Since now the I2C controller is put in D3 over a suspend/resume we must re-initialize it afterwards and that does indeed fix it no longer working. This commit implements this fix by: 1) Making the suspend_late callback a no-op if pm_disabled is set and making the resume_early callback skip the clock re-enable (since it now was not disabled) while still doing the necessary I2C controller re-init. 2) Removing the dev_pm_syscore_device(dev, true) call, so that the suspend and resume callbacks are actually called. Normally this would cause the ACPI pm code to call _PS3 putting the I2C controller in D3, wreaking havoc since it is shared with the PUNIT, but in this special case the _PS3 method is a no-op so we can safely allow a "fake" suspend / resume. Fixes: 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume ...") Link: https://bugzilla.kernel.org/show_bug.cgi?id=200861 Cc: 4.15+ <stable(a)vger.kernel.org> # 4.15+ Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/i2c/busses/i2c-designware-master.c | 1 - drivers/i2c/busses/i2c-designware-platdrv.c | 7 ++++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index 27436a937492..54b2a3a86677 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -693,7 +693,6 @@ int i2c_dw_probe(struct dw_i2c_dev *dev) i2c_set_adapdata(adap, dev); if (dev->pm_disabled) { - dev_pm_syscore_device(dev->dev, true); irq_flags = IRQF_NO_SUSPEND; } else { irq_flags = IRQF_SHARED | IRQF_COND_SUSPEND; diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c index 5660daf6c92e..d281d21cdd8e 100644 --- a/drivers/i2c/busses/i2c-designware-platdrv.c +++ b/drivers/i2c/busses/i2c-designware-platdrv.c @@ -448,6 +448,9 @@ static int dw_i2c_plat_suspend(struct device *dev) { struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); + if (i_dev->pm_disabled) + return 0; + i_dev->disable(i_dev); i2c_dw_prepare_clk(i_dev, false); @@ -458,7 +461,9 @@ static int dw_i2c_plat_resume(struct device *dev) { struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); - i2c_dw_prepare_clk(i_dev, true); + if (!i_dev->pm_disabled) + i2c_dw_prepare_clk(i_dev, true); + i_dev->init(i_dev); return 0; -- 2.19.0.rc0

7 years, 4 months

4
3
0 0

FAILED: patch "[PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5ad356eabc47d26a92140a0c4b20eba471c10de3 Mon Sep 17 00:00:00 2001 From: Greg Hackmann <ghackmann(a)android.com> Date: Wed, 15 Aug 2018 12:51:21 -0700 Subject: [PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 325cfb3b858a..811f9f8b3bb0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif

7 years, 4 months

2
1
0 0

[PATCH AUTOSEL 3.18 01/25] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index b35c1398d459..494438195a1d 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -182,6 +182,13 @@ smb2_check_message(char *buf, unsigned int length) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 4 months

1
24
0 0

[PATCH AUTOSEL 4.4 01/30] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 76ccf20fbfb7..0e62bf1ebbd7 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -184,6 +184,13 @@ smb2_check_message(char *buf, unsigned int length) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 4 months

1
29
0 0

[PATCH AUTOSEL 4.9 01/42] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 967dfe656ced..e96a74da756f 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -208,6 +208,13 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 4 months

1
41
0 0

[PATCH AUTOSEL 4.14 01/67] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 7b08a1446a7f..efdfdb47a7dd 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -211,6 +211,13 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

7 years, 4 months

1
66
0 0

[PATCH v4.14.y] autofs: fix autofs_sbi() does not check super block type

by Zubin Mithra

From: Ian Kent <raven(a)themaw.net> commit 0633da48f0793aeba27f82d30605624416723a91 upstream. autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block. Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y. Change-Id: I7194ca9b851fba81f0e20cc4873717ceccaa0b27 Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@pluto… Reported-by: <syzbot+87c3c541582e56943277(a)syzkaller.appspotmail.com> Signed-off-by: Ian Kent <raven(a)themaw.net> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h index 4737615f0eaa..ce696d6c4641 100644 --- a/fs/autofs4/autofs_i.h +++ b/fs/autofs4/autofs_i.h @@ -26,6 +26,7 @@ #include <linux/list.h> #include <linux/completion.h> #include <asm/current.h> +#include <linux/magic.h> /* This is the range of ioctl() numbers we claim as ours */ #define AUTOFS_IOC_FIRST AUTOFS_IOC_READY @@ -124,7 +125,8 @@ struct autofs_sb_info { static inline struct autofs_sb_info *autofs4_sbi(struct super_block *sb) { - return (struct autofs_sb_info *)(sb->s_fs_info); + return sb->s_magic != AUTOFS_SUPER_MAGIC ? + NULL : (struct autofs_sb_info *)(sb->s_fs_info); } static inline struct autofs_info *autofs4_dentry_ino(struct dentry *dentry) diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index 09e7d68dff02..3c7e727612fa 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c @@ -14,7 +14,6 @@ #include <linux/pagemap.h> #include <linux/parser.h> #include <linux/bitops.h> -#include <linux/magic.h> #include "autofs_i.h" #include <linux/module.h> -- 2.19.0.rc0.228.g281dcd1b4d0-goog

7 years, 4 months

2
1
0 0

FAILED: patch "[PATCH] ext4: fix race when setting the bitmap corrupted flag" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9af0b3d1257756394ebbd06b14937b557e3a756b Mon Sep 17 00:00:00 2001 From: Wang Shilong <wshilong(a)ddn.com> Date: Sun, 29 Jul 2018 17:27:45 -0400 Subject: [PATCH] ext4: fix race when setting the bitmap corrupted flag Whenever we hit block or inode bitmap corruptions we set bit and then reduce this block group free inode/clusters counter to expose right available space. However some of ext4_mark_group_bitmap_corrupted() is called inside group spinlock, some are not, this could make it happen that we double reduce one block group free counters from system. Always hold group spinlock for it could fix it, but it looks a little heavy, we could use test_and_set_bit() to fix race problems here. Signed-off-by: Wang Shilong <wshilong(a)ddn.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d4a218ba626c..f7750bc5b85a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -795,26 +795,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_info *grp = ext4_get_group_info(sb, group); struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); + int ret; - if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && - !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { - percpu_counter_sub(&sbi->s_freeclusters_counter, - grp->bb_free); - set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, - &grp->bb_state); + if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret) + percpu_counter_sub(&sbi->s_freeclusters_counter, + grp->bb_free); } - if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && - !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { - if (gdp) { + if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret && gdp) { int count; count = ext4_free_inodes_count(sb, gdp); percpu_counter_sub(&sbi->s_freeinodes_counter, count); } - set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, - &grp->bb_state); } }

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix race when setting the bitmap corrupted flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9af0b3d1257756394ebbd06b14937b557e3a756b Mon Sep 17 00:00:00 2001 From: Wang Shilong <wshilong(a)ddn.com> Date: Sun, 29 Jul 2018 17:27:45 -0400 Subject: [PATCH] ext4: fix race when setting the bitmap corrupted flag Whenever we hit block or inode bitmap corruptions we set bit and then reduce this block group free inode/clusters counter to expose right available space. However some of ext4_mark_group_bitmap_corrupted() is called inside group spinlock, some are not, this could make it happen that we double reduce one block group free counters from system. Always hold group spinlock for it could fix it, but it looks a little heavy, we could use test_and_set_bit() to fix race problems here. Signed-off-by: Wang Shilong <wshilong(a)ddn.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d4a218ba626c..f7750bc5b85a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -795,26 +795,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_info *grp = ext4_get_group_info(sb, group); struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); + int ret; - if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && - !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { - percpu_counter_sub(&sbi->s_freeclusters_counter, - grp->bb_free); - set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, - &grp->bb_state); + if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret) + percpu_counter_sub(&sbi->s_freeclusters_counter, + grp->bb_free); } - if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && - !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { - if (gdp) { + if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret && gdp) { int count; count = ext4_free_inodes_count(sb, gdp); percpu_counter_sub(&sbi->s_freeinodes_counter, count); } - set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, - &grp->bb_state); } }

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ext4: sysfs: print ext4_super_block fields as little-endian" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a4d2aadca184ece182418950d45ba4ffc7b652d2 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Sun, 29 Jul 2018 15:48:00 -0400 Subject: [PATCH] ext4: sysfs: print ext4_super_block fields as little-endian While working on extended rand for last_error/first_error timestamps, I noticed that the endianess is wrong; we access the little-endian fields in struct ext4_super_block as native-endian when we print them. This adds a special case in ext4_attr_show() and ext4_attr_store() to byteswap the superblock fields if needed. In older kernels, this code was part of super.c, it got moved to sysfs.c in linux-4.4. Cc: stable(a)vger.kernel.org Fixes: 52c198c6820f ("ext4: add sysfs entry showing whether the fs contains errors") Reviewed-by: Andreas Dilger <adilger(a)dilger.ca> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index f34da0bb8f17..b970a200f20c 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -274,8 +274,12 @@ static ssize_t ext4_attr_show(struct kobject *kobj, case attr_pointer_ui: if (!ptr) return 0; - return snprintf(buf, PAGE_SIZE, "%u\n", - *((unsigned int *) ptr)); + if (a->attr_ptr == ptr_ext4_super_block_offset) + return snprintf(buf, PAGE_SIZE, "%u\n", + le32_to_cpup(ptr)); + else + return snprintf(buf, PAGE_SIZE, "%u\n", + *((unsigned int *) ptr)); case attr_pointer_atomic: if (!ptr) return 0; @@ -308,7 +312,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj, ret = kstrtoul(skip_spaces(buf), 0, &t); if (ret) return ret; - *((unsigned int *) ptr) = t; + if (a->attr_ptr == ptr_ext4_super_block_offset) + *((__le32 *) ptr) = cpu_to_le32(t); + else + *((unsigned int *) ptr) = t; return len; case attr_inode_readahead: return inode_readahead_blks_store(sbi, buf, len);

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5ad356eabc47d26a92140a0c4b20eba471c10de3 Mon Sep 17 00:00:00 2001 From: Greg Hackmann <ghackmann(a)android.com> Date: Wed, 15 Aug 2018 12:51:21 -0700 Subject: [PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 325cfb3b858a..811f9f8b3bb0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] arm64: Fix mismatched cache line size detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c4a39dd5fe2d13e2d2fa5fceb8ef95d19fc389a Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 4 Jul 2018 23:07:45 +0100 Subject: [PATCH] arm64: Fix mismatched cache line size detection If there is a mismatch in the I/D min line size, we must always use the system wide safe value both in applications and in the kernel, while performing cache operations. However, we have been checking more bits than just the min line sizes, which triggers false negatives. We may need to trap the user accesses in such cases, but not necessarily patch the kernel. This patch fixes the check to do the right thing as advertised. A new capability will be added to check mismatches in other fields and ensure we trap the CTR accesses. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h index 5df5cfe1c143..5ee5bca8c24b 100644 --- a/arch/arm64/include/asm/cache.h +++ b/arch/arm64/include/asm/cache.h @@ -21,12 +21,16 @@ #define CTR_L1IP_SHIFT 14 #define CTR_L1IP_MASK 3 #define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 #define CTR_ERG_SHIFT 20 #define CTR_CWG_SHIFT 24 #define CTR_CWG_MASK 15 #define CTR_IDC_SHIFT 28 #define CTR_DIC_SHIFT 29 +#define CTR_CACHE_MINLINE_MASK \ + (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT) + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) #define ICACHE_POLICY_VPIPT 0 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 1d2b6d768efe..5d1fa928ea4b 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -68,9 +68,11 @@ static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) { + u64 mask = CTR_CACHE_MINLINE_MASK; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); - return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != - (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); + return (read_cpuid_cachetype() & mask) != + (arm64_ftr_reg_ctrel0.sys_val & mask); } static void diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f24892a40d2c..25d5cef00333 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -214,7 +214,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { * If we have differing I-cache policies, report it as the weakest - VIPT. */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_VIPT), /* L1Ip */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, };

7 years, 4 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror