- Linux-stable-mirror - lists.linaro.org

patch "uart: fix race between uart_put_char() and uart_shutdown()" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled uart: fix race between uart_put_char() and uart_shutdown() to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From a5ba1d95e46ecaea638ddd7cd144107c783acb5d Mon Sep 17 00:00:00 2001 From: Tycho Andersen <tycho(a)tycho.ws> Date: Fri, 6 Jul 2018 10:24:57 -0600 Subject: uart: fix race between uart_put_char() and uart_shutdown() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We have reports of the following crash: PID: 7 TASK: ffff88085c6d61c0 CPU: 1 COMMAND: "kworker/u25:0" #0 [ffff88085c6db710] machine_kexec at ffffffff81046239 #1 [ffff88085c6db760] crash_kexec at ffffffff810fc248 #2 [ffff88085c6db830] oops_end at ffffffff81008ae7 #3 [ffff88085c6db860] no_context at ffffffff81050b8f #4 [ffff88085c6db8b0] __bad_area_nosemaphore at ffffffff81050d75 #5 [ffff88085c6db900] bad_area_nosemaphore at ffffffff81050e83 #6 [ffff88085c6db910] __do_page_fault at ffffffff8105132e #7 [ffff88085c6db9b0] do_page_fault at ffffffff8105152c #8 [ffff88085c6db9c0] page_fault at ffffffff81a3f122 [exception RIP: uart_put_char+149] RIP: ffffffff814b67b5 RSP: ffff88085c6dba78 RFLAGS: 00010006 RAX: 0000000000000292 RBX: ffffffff827c5120 RCX: 0000000000000081 RDX: 0000000000000000 RSI: 000000000000005f RDI: ffffffff827c5120 RBP: ffff88085c6dba98 R8: 000000000000012c R9: ffffffff822ea320 R10: ffff88085fe4db04 R11: 0000000000000001 R12: ffff881059f9c000 R13: 0000000000000001 R14: 000000000000005f R15: 0000000000000fba ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #9 [ffff88085c6dbaa0] tty_put_char at ffffffff81497544 #10 [ffff88085c6dbac0] do_output_char at ffffffff8149c91c #11 [ffff88085c6dbae0] __process_echoes at ffffffff8149cb8b #12 [ffff88085c6dbb30] commit_echoes at ffffffff8149cdc2 #13 [ffff88085c6dbb60] n_tty_receive_buf_fast at ffffffff8149e49b #14 [ffff88085c6dbbc0] __receive_buf at ffffffff8149ef5a #15 [ffff88085c6dbc20] n_tty_receive_buf_common at ffffffff8149f016 #16 [ffff88085c6dbca0] n_tty_receive_buf2 at ffffffff8149f194 #17 [ffff88085c6dbcb0] flush_to_ldisc at ffffffff814a238a #18 [ffff88085c6dbd50] process_one_work at ffffffff81090be2 #19 [ffff88085c6dbe20] worker_thread at ffffffff81091b4d #20 [ffff88085c6dbeb0] kthread at ffffffff81096384 #21 [ffff88085c6dbf50] ret_from_fork at ffffffff81a3d69f after slogging through some dissasembly: ffffffff814b6720 <uart_put_char>: ffffffff814b6720: 55 push %rbp ffffffff814b6721: 48 89 e5 mov %rsp,%rbp ffffffff814b6724: 48 83 ec 20 sub $0x20,%rsp ffffffff814b6728: 48 89 1c 24 mov %rbx,(%rsp) ffffffff814b672c: 4c 89 64 24 08 mov %r12,0x8(%rsp) ffffffff814b6731: 4c 89 6c 24 10 mov %r13,0x10(%rsp) ffffffff814b6736: 4c 89 74 24 18 mov %r14,0x18(%rsp) ffffffff814b673b: e8 b0 8e 58 00 callq ffffffff81a3f5f0 <mcount> ffffffff814b6740: 4c 8b a7 88 02 00 00 mov 0x288(%rdi),%r12 ffffffff814b6747: 45 31 ed xor %r13d,%r13d ffffffff814b674a: 41 89 f6 mov %esi,%r14d ffffffff814b674d: 49 83 bc 24 70 01 00 cmpq $0x0,0x170(%r12) ffffffff814b6754: 00 00 ffffffff814b6756: 49 8b 9c 24 80 01 00 mov 0x180(%r12),%rbx ffffffff814b675d: 00 ffffffff814b675e: 74 2f je ffffffff814b678f <uart_put_char+0x6f> ffffffff814b6760: 48 89 df mov %rbx,%rdi ffffffff814b6763: e8 a8 67 58 00 callq ffffffff81a3cf10 <_raw_spin_lock_irqsave> ffffffff814b6768: 41 8b 8c 24 78 01 00 mov 0x178(%r12),%ecx ffffffff814b676f: 00 ffffffff814b6770: 89 ca mov %ecx,%edx ffffffff814b6772: f7 d2 not %edx ffffffff814b6774: 41 03 94 24 7c 01 00 add 0x17c(%r12),%edx ffffffff814b677b: 00 ffffffff814b677c: 81 e2 ff 0f 00 00 and $0xfff,%edx ffffffff814b6782: 75 23 jne ffffffff814b67a7 <uart_put_char+0x87> ffffffff814b6784: 48 89 c6 mov %rax,%rsi ffffffff814b6787: 48 89 df mov %rbx,%rdi ffffffff814b678a: e8 e1 64 58 00 callq ffffffff81a3cc70 <_raw_spin_unlock_irqrestore> ffffffff814b678f: 44 89 e8 mov %r13d,%eax ffffffff814b6792: 48 8b 1c 24 mov (%rsp),%rbx ffffffff814b6796: 4c 8b 64 24 08 mov 0x8(%rsp),%r12 ffffffff814b679b: 4c 8b 6c 24 10 mov 0x10(%rsp),%r13 ffffffff814b67a0: 4c 8b 74 24 18 mov 0x18(%rsp),%r14 ffffffff814b67a5: c9 leaveq ffffffff814b67a6: c3 retq ffffffff814b67a7: 49 8b 94 24 70 01 00 mov 0x170(%r12),%rdx ffffffff814b67ae: 00 ffffffff814b67af: 48 63 c9 movslq %ecx,%rcx ffffffff814b67b2: 41 b5 01 mov $0x1,%r13b ffffffff814b67b5: 44 88 34 0a mov %r14b,(%rdx,%rcx,1) ffffffff814b67b9: 41 8b 94 24 78 01 00 mov 0x178(%r12),%edx ffffffff814b67c0: 00 ffffffff814b67c1: 83 c2 01 add $0x1,%edx ffffffff814b67c4: 81 e2 ff 0f 00 00 and $0xfff,%edx ffffffff814b67ca: 41 89 94 24 78 01 00 mov %edx,0x178(%r12) ffffffff814b67d1: 00 ffffffff814b67d2: eb b0 jmp ffffffff814b6784 <uart_put_char+0x64> ffffffff814b67d4: 66 66 66 2e 0f 1f 84 data32 data32 nopw %cs:0x0(%rax,%rax,1) ffffffff814b67db: 00 00 00 00 00 for our build, this is crashing at: circ->buf[circ->head] = c; Looking in uart_port_startup(), it seems that circ->buf (state->xmit.buf) protected by the "per-port mutex", which based on uart_port_check() is state->port.mutex. Indeed, the lock acquired in uart_put_char() is uport->lock, i.e. not the same lock. Anyway, since the lock is not acquired, if uart_shutdown() is called, the last chunk of that function may release state->xmit.buf before its assigned to null, and cause the race above. To fix it, let's lock uport->lock when allocating/deallocating state->xmit.buf in addition to the per-port mutex. v2: switch to locking uport->lock on allocation/deallocation instead of locking the per-port mutex in uart_put_char. Note that since uport->lock is a spin lock, we have to switch the allocation to GFP_ATOMIC. v3: move the allocation outside the lock, so we can switch back to GFP_KERNEL Signed-off-by: Tycho Andersen <tycho(a)tycho.ws> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/serial_core.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 9c14a453f73c..80bb56facfb6 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -182,6 +182,7 @@ static int uart_port_startup(struct tty_struct *tty, struct uart_state *state, { struct uart_port *uport = uart_port_check(state); unsigned long page; + unsigned long flags = 0; int retval = 0; if (uport->type == PORT_UNKNOWN) @@ -196,15 +197,18 @@ static int uart_port_startup(struct tty_struct *tty, struct uart_state *state, * Initialise and allocate the transmit and temporary * buffer. */ - if (!state->xmit.buf) { - /* This is protected by the per port mutex */ - page = get_zeroed_page(GFP_KERNEL); - if (!page) - return -ENOMEM; + page = get_zeroed_page(GFP_KERNEL); + if (!page) + return -ENOMEM; + uart_port_lock(state, flags); + if (!state->xmit.buf) { state->xmit.buf = (unsigned char *) page; uart_circ_clear(&state->xmit); + } else { + free_page(page); } + uart_port_unlock(uport, flags); retval = uport->ops->startup(uport); if (retval == 0) { @@ -263,6 +267,7 @@ static void uart_shutdown(struct tty_struct *tty, struct uart_state *state) { struct uart_port *uport = uart_port_check(state); struct tty_port *port = &state->port; + unsigned long flags = 0; /* * Set the TTY IO error marker @@ -295,10 +300,12 @@ static void uart_shutdown(struct tty_struct *tty, struct uart_state *state) /* * Free the transmit buffer page. */ + uart_port_lock(state, flags); if (state->xmit.buf) { free_page((unsigned long)state->xmit.buf); state->xmit.buf = NULL; } + uart_port_unlock(uport, flags); } /** -- 2.18.0

7 years, 5 months

1
0
0 0

[PATCH 4.9] nvme: validate admin queue before force-start on removal

by Simon Veith

Commit 4aae4388165a2611fa4206363ccb243c1622446c ("nvme: fix hang in remove path"), which was introduced in Linux 4.9.94, changed nvme_kill_queues() to also forcibly start admin queues in order to avoid getting stuck during device removal. If a device is being removed because it did not respond during device initialization (e.g., if it is not ready yet at boot time), we will end up trying to start an admin queue that has not yet been set up at all. This attempt will lead to a NULL pointer dereference. To avoid hitting this bug, we add a sanity check around the invocation of blk_mq_start_hw_queues() to ensure that the admin queue has actually been set up already. Upstream already has this check in place since commit 7dd1ab163c17e11473a65b11f7e748db30618ebb ("nvme: validate admin queue before unquiesce"), and thus 4.14 contains it as well. Linux 4.4 is not affected by this particular issue since it does not have the force-start behavior yet. Fixes: 4aae4388165a2611fa42 ("nvme: fix hang in remove path") Signed-off-by: Simon Veith <sveith(a)amazon.de> Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> --- drivers/nvme/host/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index c823e93..8a30478 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -2041,8 +2041,10 @@ void nvme_kill_queues(struct nvme_ctrl *ctrl) mutex_lock(&ctrl->namespaces_mutex); - /* Forcibly start all queues to avoid having stuck requests */ - blk_mq_start_hw_queues(ctrl->admin_q); + if (ctrl->admin_q) { + /* Forcibly start all queues to avoid having stuck requests */ + blk_mq_start_hw_queues(ctrl->admin_q); + } list_for_each_entry(ns, &ctrl->namespaces, list) { /* -- 2.7.4

7 years, 5 months

3
3
0 0

[PATCH] mfd: hi655x: Fix regmap area declared size for hi655x

by Rafael David Tinoco

Fixes: https://bugs.linaro.org/show_bug.cgi?id=3903 LTP Functional tests have caused a bad paging request when triggering the regmap_read_debugfs() logic of the device PMIC Hi6553 (reading regmap/f8000000.pmic/registers file during read_all test): Unable to handle kernel paging request at virtual address ffff0 [ffff00000984e000] pgd=0000000077ffe803, pud=0000000077ffd803,0 Internal error: Oops: 96000007 [#1] SMP ... Hardware name: HiKey Development Board (DT) ... Call trace: regmap_mmio_read8+0x24/0x40 regmap_mmio_read+0x48/0x70 _regmap_bus_reg_read+0x38/0x48 _regmap_read+0x68/0x170 regmap_read+0x50/0x78 regmap_read_debugfs+0x1a0/0x308 regmap_map_read_file+0x48/0x58 full_proxy_read+0x68/0x98 __vfs_read+0x48/0x80 vfs_read+0x94/0x150 SyS_read+0x6c/0xd8 el0_svc_naked+0x30/0x34 Code: aa1e03e0 d503201f f9400280 8b334000 (39400000) Investigations have showed that, when triggered by debugfs read() handler, the mmio regmap logic was reading a bigger (16k) register area than the one mapped by devm_ioremap_resource() during hi655x-pmic probe time (4k). This commit changes hi655x's max register, according to HW specs, to be the same as the one declared in the pmic device in hi6220's dts, fixing the issue. Signed-off-by: Rafael David Tinoco <rafael.tinoco(a)linaro.org> Cc: <stable(a)vger.kernel.org> #v4.9 #v4.14 #v4.16 #v4.17 --- drivers/mfd/hi655x-pmic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mfd/hi655x-pmic.c b/drivers/mfd/hi655x-pmic.c index c37ccbfd52f2..96c07fa1802a 100644 --- a/drivers/mfd/hi655x-pmic.c +++ b/drivers/mfd/hi655x-pmic.c @@ -49,7 +49,7 @@ static struct regmap_config hi655x_regmap_config = { .reg_bits = 32, .reg_stride = HI655X_STRIDE, .val_bits = 8, - .max_register = HI655X_BUS_ADDR(0xFFF), + .max_register = HI655X_BUS_ADDR(0x400) - HI655X_STRIDE, }; static struct resource pwrkey_resources[] = { -- 2.18.0

7 years, 5 months

2
1
0 0

[PATCH 1/4] drm/amdgpu/pp/smu7: use a local variable for toc indexing

by Alex Deucher

Rather than using the index variable stored in vram. If the device fails to come back online after a resume cycle, reads from vram will return all 1s which will cause a segfault. Based on a patch from Thomas Martitz <kugel(a)rockbox.org>. This avoids the segfault, but we still need to sort out why the GPU does not come back online after a resume. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105760 Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 23 +++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c index d644a9bb9078..9f407c48d4f0 100644 --- a/drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c +++ b/drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c @@ -381,6 +381,7 @@ int smu7_request_smu_load_fw(struct pp_hwmgr *hwmgr) uint32_t fw_to_load; int result = 0; struct SMU_DRAMData_TOC *toc; + uint32_t num_entries = 0; if (!hwmgr->reload_fw) { pr_info("skip reloading...\n"); @@ -422,41 +423,41 @@ int smu7_request_smu_load_fw(struct pp_hwmgr *hwmgr) } toc = (struct SMU_DRAMData_TOC *)smu_data->header; - toc->num_entries = 0; toc->structure_version = 1; PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_RLC_G, &toc->entry[toc->num_entries++]), + UCODE_ID_RLC_G, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_CP_CE, &toc->entry[toc->num_entries++]), + UCODE_ID_CP_CE, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_CP_PFP, &toc->entry[toc->num_entries++]), + UCODE_ID_CP_PFP, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_CP_ME, &toc->entry[toc->num_entries++]), + UCODE_ID_CP_ME, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_CP_MEC, &toc->entry[toc->num_entries++]), + UCODE_ID_CP_MEC, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_CP_MEC_JT1, &toc->entry[toc->num_entries++]), + UCODE_ID_CP_MEC_JT1, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_CP_MEC_JT2, &toc->entry[toc->num_entries++]), + UCODE_ID_CP_MEC_JT2, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_SDMA0, &toc->entry[toc->num_entries++]), + UCODE_ID_SDMA0, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_SDMA1, &toc->entry[toc->num_entries++]), + UCODE_ID_SDMA1, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); if (!hwmgr->not_vf) PP_ASSERT_WITH_CODE(0 == smu7_populate_single_firmware_entry(hwmgr, - UCODE_ID_MEC_STORAGE, &toc->entry[toc->num_entries++]), + UCODE_ID_MEC_STORAGE, &toc->entry[num_entries++]), "Failed to Get Firmware Entry.", return -EINVAL); + toc->num_entries = num_entries; smu7_send_msg_to_smc_with_parameter(hwmgr, PPSMC_MSG_DRV_DRAM_ADDR_HI, upper_32_bits(smu_data->header_buffer.mc_addr)); smu7_send_msg_to_smc_with_parameter(hwmgr, PPSMC_MSG_DRV_DRAM_ADDR_LO, lower_32_bits(smu_data->header_buffer.mc_addr)); -- 2.13.6

7 years, 5 months

2
1
0 0

[PATCH] ARC: mm: allow mprotect to make stack mappings executable

by Vineet Gupta

mprotect(EXEC) was failing for stack mappings as default vm flags was missing MAYEXEC. This was triggered by glibc test suite nptl/tst-execstack testcase What is surprising is that despite running LTP for years on, we didn't catch this issue as it lacks a directed test case. gcc dejagnu tests with nested functions also requiring exec stack work fine though because they rely on the GNU_STACK segment spit out by compiler and handled in kernel elf loader. This glibc case is different as the stack is non exec to begin with and a dlopen of shared lib with GNU_STACK segment triggers the exec stack proceedings using a mprotect(PROT_EXEC) which was broken. CC: stable(a)vger.kernel.org Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> --- arch/arc/include/asm/page.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arc/include/asm/page.h b/arch/arc/include/asm/page.h index 109baa06831c..09ddddf71cc5 100644 --- a/arch/arc/include/asm/page.h +++ b/arch/arc/include/asm/page.h @@ -105,7 +105,7 @@ typedef pte_t * pgtable_t; #define virt_addr_valid(kaddr) pfn_valid(virt_to_pfn(kaddr)) /* Default Permissions for stack/heaps pages (Non Executable) */ -#define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE) +#define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) #define WANT_PAGE_VIRTUAL 1 -- 2.7.4

7 years, 5 months

1
0
0 0

cx4 sriov problem in stable 4.14.47

by Sagi Grimberg

Hey folks, Seems that CX4 (Ethernet) sriov ports probe with link down in the latest stable 4.14 kernel. I upgrated firmware but with no luck :( Has anyone seen this issue as well? Kernel: stable 4.14.47 Firmware: 12.22.1002 psid: MT_2140110033 sysfs port state is DOWN and phys port state is Disabled. I tried to add as much debug as I could to dump for the experts: -- [ 3243.373948] mlx5_core 0000:03:00.0: mlx5_core_sriov_configure:210:(pid 1616): requested num_vfs 1 [ 3243.374321] mlx5_core 0000:03:00.0: mlx5_device_enable_sriov:115:(pid 1616): successfully enabled VF* 0 [ 3243.482126] pci 0000:03:00.1: [15b3:1014] type 00 class 0x020000 [ 3243.482490] pci 0000:03:00.1: Max Payload Size set to 256 (was 128, max 512) [ 3243.482510] pci 0000:03:00.1: enabling Extended Tags [ 3243.487075] mlx5_core 0000:03:00.1: enabling device (0000 -> 0002) [ 3243.487220] mlx5_core 0000:03:00.1: firmware version: 12.22.1002 [ 3243.570233] mlx5_core 0000:03:00.1: handle_hca_cap:517:(pid 5010): Current Pkey table size 128 Setting new size 128 [ 3244.302809] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 20 [ 3244.303052] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 21 [ 3244.303296] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 22 [ 3244.303590] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 23 [ 3244.303825] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 24 [ 3244.304049] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 25 [ 3244.304276] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 26 [ 3244.304499] mlx5_core 0000:03:00.1: alloc_comp_eqs:776:(pid 5010): allocated completion EQN 27 [ 3244.307241] mlx5_core 0000:03:00.1: mlx5_nic_vport_update_local_lb:939:(pid 5010): disable local_lb [ 3244.307613] mlx5_core 0000:03:00.1: MLX5E: StrdRq(0) RqSz(1024) StrdSz(1) RxCqeCmprss(0) [ 3244.308008] mlx5_core 0000:03:00.1: Assigned random MAC address 42:7b:57:5a:f2:06 [ 3244.460140] mlx5_core 0000:03:00.1 ens1f1: renamed from eth0 [ 3244.627854] mlx5_core 0000:03:00.1 ens1f1: Link down [ 3244.629033] IPv6: ADDRCONF(NETDEV_UP): ens1f1: link is not ready [ 3244.629480] IPv6: ADDRCONF(NETDEV_UP): ens1f1: link is not ready [ 3244.639340] pkey = 0xffff [ 3244.644081] pkey = 0xffff [ 3244.645809] pkey = 0xffff [ 3244.646510] pkey = 0x0 [ 3244.646557] pkey = 0x0 [ 3244.646600] pkey = 0x0 [ 3244.646649] pkey = 0x0 [ 3244.646692] pkey = 0x0 [ 3244.646751] pkey = 0x0 [ 3244.646793] pkey = 0x0 [ 3244.646835] pkey = 0x0 [ 3244.646882] pkey = 0x0 [ 3244.646933] pkey = 0x0 [ 3244.646986] pkey = 0x0 [ 3244.647044] pkey = 0x0 [ 3244.647086] pkey = 0x0 [ 3244.647136] pkey = 0x0 [ 3244.647182] pkey = 0x0 [ 3244.647240] pkey = 0x0 [ 3244.647283] pkey = 0x0 [ 3244.647333] pkey = 0x0 [ 3244.647384] pkey = 0x0 [ 3244.647434] pkey = 0x0 [ 3244.647497] pkey = 0x0 [ 3244.647554] pkey = 0x0 [ 3244.647598] pkey = 0x0 [ 3244.647652] pkey = 0x0 [ 3244.647695] pkey = 0x0 [ 3244.647737] pkey = 0x0 [ 3244.647786] pkey = 0x0 [ 3244.647839] pkey = 0x0 [ 3244.647884] pkey = 0x0 [ 3244.647934] pkey = 0x0 [ 3244.647986] pkey = 0x0 [ 3244.648049] pkey = 0x0 [ 3244.648092] pkey = 0x0 [ 3244.648134] pkey = 0x0 [ 3244.648184] pkey = 0x0 [ 3244.648241] pkey = 0x0 [ 3244.648286] pkey = 0x0 [ 3244.648334] pkey = 0x0 [ 3244.648385] pkey = 0x0 [ 3244.648435] pkey = 0x0 [ 3244.648495] pkey = 0x0 [ 3244.648539] pkey = 0x0 [ 3244.648584] pkey = 0x0 [ 3244.648634] pkey = 0x0 [ 3244.648685] pkey = 0x0 [ 3244.648748] pkey = 0x0 [ 3244.648792] pkey = 0x0 [ 3244.648836] pkey = 0x0 [ 3244.648885] pkey = 0x0 [ 3244.648935] pkey = 0x0 [ 3244.648998] pkey = 0x0 [ 3244.649042] pkey = 0x0 [ 3244.649086] pkey = 0x0 [ 3244.649138] pkey = 0x0 [ 3244.649185] pkey = 0x0 [ 3244.649235] pkey = 0x0 [ 3244.649285] pkey = 0x0 [ 3244.649344] pkey = 0x0 [ 3244.649388] pkey = 0x0 [ 3244.649435] pkey = 0x0 [ 3244.649484] pkey = 0x0 [ 3244.649549] pkey = 0x0 [ 3244.649593] pkey = 0x0 [ 3244.649638] pkey = 0x0 [ 3244.649686] pkey = 0x0 [ 3244.649741] pkey = 0x0 [ 3244.649785] pkey = 0x0 [ 3244.649836] pkey = 0x0 [ 3244.649886] pkey = 0x0 [ 3244.649936] pkey = 0x0 [ 3244.649988] pkey = 0x0 [ 3244.651604] pkey = 0x0 [ 3244.651652] pkey = 0x0 [ 3244.651697] pkey = 0x0 [ 3244.651744] pkey = 0x0 [ 3244.651788] pkey = 0x0 [ 3244.651839] pkey = 0x0 [ 3244.651889] pkey = 0x0 [ 3244.651939] pkey = 0x0 [ 3244.651989] pkey = 0x0 [ 3244.652048] pkey = 0x0 [ 3244.652090] pkey = 0x0 [ 3244.652140] pkey = 0x0 [ 3244.652195] pkey = 0x0 [ 3244.652241] pkey = 0x0 [ 3244.652300] pkey = 0x0 [ 3244.652343] pkey = 0x0 [ 3244.652403] pkey = 0x0 [ 3244.652450] pkey = 0x0 [ 3244.652493] pkey = 0x0 [ 3244.652540] pkey = 0x0 [ 3244.652593] pkey = 0x0 [ 3244.652640] pkey = 0x0 [ 3244.652697] pkey = 0x0 [ 3244.652755] pkey = 0x0 [ 3244.652800] pkey = 0x0 [ 3244.652848] pkey = 0x0 [ 3244.652892] pkey = 0x0 [ 3244.652950] pkey = 0x0 [ 3244.652993] pkey = 0x0 [ 3244.653041] pkey = 0x0 [ 3244.653091] pkey = 0x0 [ 3244.653141] pkey = 0x0 [ 3244.653191] pkey = 0x0 [ 3244.653241] pkey = 0x0 [ 3244.653294] pkey = 0x0 [ 3244.653341] pkey = 0x0 [ 3244.653391] pkey = 0x0 [ 3244.653531] pkey = 0x0 [ 3244.653593] pkey = 0x0 [ 3244.653935] pkey = 0x0 [ 3244.653996] pkey = 0x0 [ 3244.654253] pkey = 0x0 [ 3244.654974] pkey = 0x0 [ 3244.655038] pkey = 0x0 [ 3244.655097] pkey = 0x0 [ 3244.655143] pkey = 0x0 [ 3244.655194] pkey = 0x0 [ 3244.655253] pkey = 0x0 [ 3244.655308] pkey = 0x0 [ 3244.655350] pkey = 0x0 [ 3244.655393] pkey = 0x0 [ 3244.655448] pkey = 0x0 [ 3244.655494] pkey = 0x0 [ 3244.655544] pkey = 0x0 [ 3244.655595] pkey = 0x0 [ 3244.655648] pkey = 0x0 --

7 years, 5 months

4
7
0 0

[PATCH v2] xen: setup pv irq ops vector earlier

by Juergen Gross

Setting pv_irq_ops for Xen PV domains should be done as early as possible in order to support e.g. very early printk() usage. The same applies to xen_vcpu_info_reset(0), as it is needed for the pv irq ops. Move the call of xen_setup_machphys_mapping() after initializing the pv functions as it contains a WARN_ON(), too. Remove the no longer necessary conditional in xen_init_irq_ops() from PVH V1 times to make clear this is a PV only function. Cc: <stable(a)vger.kernel.org> # 4.14 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pv.c | 24 +++++++++++------------- arch/x86/xen/irq.c | 4 +--- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 4816b6f82a9a..439a94bf89ad 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -1207,12 +1207,20 @@ asmlinkage __visible void __init xen_start_kernel(void) xen_setup_features(); - xen_setup_machphys_mapping(); - /* Install Xen paravirt ops */ pv_info = xen_info; pv_init_ops.patch = paravirt_patch_default; pv_cpu_ops = xen_cpu_ops; + xen_init_irq_ops(); + + /* + * Setup xen_vcpu early because it is needed for + * local_irq_disable(), irqs_disabled(), e.g. in printk(). + * + * Don't do the full vcpu_info placement stuff until we have + * the cpu_possible_mask and a non-dummy shared_info. + */ + xen_vcpu_info_reset(0); x86_platform.get_nmi_reason = xen_get_nmi_reason; @@ -1225,6 +1233,7 @@ asmlinkage __visible void __init xen_start_kernel(void) * Set up some pagetable state before starting to set any ptes. */ + xen_setup_machphys_mapping(); xen_init_mmu_ops(); /* Prevent unwanted bits from being set in PTEs. */ @@ -1250,20 +1259,9 @@ asmlinkage __visible void __init xen_start_kernel(void) get_cpu_cap(&boot_cpu_data); x86_configure_nx(); - xen_init_irq_ops(); - /* Let's presume PV guests always boot on vCPU with id 0. */ per_cpu(xen_vcpu_id, 0) = 0; - /* - * Setup xen_vcpu early because idt_setup_early_handler needs it for - * local_irq_disable(), irqs_disabled(). - * - * Don't do the full vcpu_info placement stuff until we have - * the cpu_possible_mask and a non-dummy shared_info. - */ - xen_vcpu_info_reset(0); - idt_setup_early_handler(); xen_init_capabilities(); diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c index 74179852e46c..7515a19fd324 100644 --- a/arch/x86/xen/irq.c +++ b/arch/x86/xen/irq.c @@ -128,8 +128,6 @@ static const struct pv_irq_ops xen_irq_ops __initconst = { void __init xen_init_irq_ops(void) { - /* For PVH we use default pv_irq_ops settings. */ - if (!xen_feature(XENFEAT_hvm_callback_vector)) - pv_irq_ops = xen_irq_ops; + pv_irq_ops = xen_irq_ops; x86_init.irqs.intr_init = xen_init_IRQ; } -- 2.13.7

7 years, 5 months

2
1
0 0

[PATCH v2 3/3] drm/nouveau: Remove bogus crtc check in pmops_runtime_idle

by Lyude Paul

This both uses the legacy modesetting structures in a racy manner, and additionally also doesn't even check the right variable (enabled != the CRTC is actually turned on for atomic). This fixes issues on my P50 regarding the dedicated GPU not entering runtime suspend. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_drm.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 0f668e275ee1..c7ec86d6c3c9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -881,22 +881,11 @@ nouveau_pmops_runtime_resume(struct device *dev) static int nouveau_pmops_runtime_idle(struct device *dev) { - struct pci_dev *pdev = to_pci_dev(dev); - struct drm_device *drm_dev = pci_get_drvdata(pdev); - struct nouveau_drm *drm = nouveau_drm(drm_dev); - struct drm_crtc *crtc; - if (!nouveau_pmops_runtime()) { pm_runtime_forbid(dev); return -EBUSY; } - list_for_each_entry(crtc, &drm->dev->mode_config.crtc_list, head) { - if (crtc->enabled) { - DRM_DEBUG_DRIVER("failing to power off - crtc active\n"); - return -EBUSY; - } - } pm_runtime_mark_last_busy(dev); pm_runtime_autosuspend(dev); /* we don't want the main rpm_idle to call suspend - we want to autosuspend */ -- 2.17.1

7 years, 5 months

2
1
0 0

[PATCH v2 2/3] drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()

by Lyude Paul

A CRTC being enabled doesn't mean it's on! It doesn't even necessarily mean it's being used. This fixes runtime PM leaks on the P50 I've got next to me. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index d9da69c83ae7..9bae4db84cfb 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1878,7 +1878,7 @@ nv50_disp_atomic_commit(struct drm_device *dev, nv50_disp_atomic_commit_tail(state); drm_for_each_crtc(crtc, dev) { - if (crtc->state->enable) { + if (crtc->state->active) { if (!drm->have_disp_power_ref) { drm->have_disp_power_ref = true; return 0; -- 2.17.1

7 years, 5 months

1
0
0 0

[PATCHv2 1/2] mm: Fix vma_is_anonymous() false-positives

by Kirill A. Shutemov

vma_is_anonymous() relies on ->vm_ops being NULL to detect anonymous VMA. This is unreliable as ->mmap may not set ->vm_ops. False-positive vma_is_anonymous() may lead to crashes: next ffff8801ce5e7040 prev ffff8801d20eca50 mm ffff88019c1e13c0 prot 27 anon_vma ffff88019680cdd8 vm_ops 0000000000000000 pgoff 0 file ffff8801b2ec2d00 private_data 0000000000000000 flags: 0xff(read|write|exec|shared|mayread|maywrite|mayexec|mayshare) ------------[ cut here ]------------ kernel BUG at mm/memory.c:1422! invalid opcode: 0000 [#1] SMP KASAN CPU: 0 PID: 18486 Comm: syz-executor3 Not tainted 4.18.0-rc3+ #136 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:zap_pmd_range mm/memory.c:1421 [inline] RIP: 0010:zap_pud_range mm/memory.c:1466 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1487 [inline] RIP: 0010:unmap_page_range+0x1c18/0x2220 mm/memory.c:1508 Code: ff 31 ff 4c 89 e6 42 c6 04 33 f8 e8 92 dd d0 ff 4d 85 e4 0f 85 4a eb ff ff e8 54 dc d0 ff 48 8b bd 10 fc ff ff e8 82 95 fe ff <0f> 0b e8 41 dc d0 ff 0f 0b 4c 89 ad 18 fc ff ff c7 85 7c fb ff ff RSP: 0018:ffff8801b0587330 EFLAGS: 00010286 RAX: 000000000000013c RBX: 1ffff100360b0e9c RCX: ffffc90002620000 RDX: 0000000000000000 RSI: ffffffff81631851 RDI: 0000000000000001 RBP: ffff8801b05877c8 R08: ffff880199d40300 R09: ffffed003b5c4fc0 R10: ffffed003b5c4fc0 R11: ffff8801dae27e07 R12: 0000000000000000 R13: ffff88019c1e13c0 R14: dffffc0000000000 R15: 0000000020e01000 FS: 00007fca32251700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f04c540d000 CR3: 00000001ac1f0000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: unmap_single_vma+0x1a0/0x310 mm/memory.c:1553 zap_page_range_single+0x3cc/0x580 mm/memory.c:1644 unmap_mapping_range_vma mm/memory.c:2792 [inline] unmap_mapping_range_tree mm/memory.c:2813 [inline] unmap_mapping_pages+0x3a7/0x5b0 mm/memory.c:2845 unmap_mapping_range+0x48/0x60 mm/memory.c:2880 truncate_pagecache+0x54/0x90 mm/truncate.c:800 truncate_setsize+0x70/0xb0 mm/truncate.c:826 simple_setattr+0xe9/0x110 fs/libfs.c:409 notify_change+0xf13/0x10f0 fs/attr.c:335 do_truncate+0x1ac/0x2b0 fs/open.c:63 do_sys_ftruncate+0x492/0x560 fs/open.c:205 __do_sys_ftruncate fs/open.c:215 [inline] __se_sys_ftruncate fs/open.c:213 [inline] __x64_sys_ftruncate+0x59/0x80 fs/open.c:213 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reproducer: #include <stdio.h> #include <stddef.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <unistd.h> #include <fcntl.h> #define KCOV_INIT_TRACE _IOR('c', 1, unsigned long) #define KCOV_ENABLE _IO('c', 100) #define KCOV_DISABLE _IO('c', 101) #define COVER_SIZE (1024<<10) #define KCOV_TRACE_PC 0 #define KCOV_TRACE_CMP 1 int main(int argc, char **argv) { int fd; unsigned long *cover; system("mount -t debugfs none /sys/kernel/debug"); fd = open("/sys/kernel/debug/kcov", O_RDWR); ioctl(fd, KCOV_INIT_TRACE, COVER_SIZE); cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); munmap(cover, COVER_SIZE * sizeof(unsigned long)); cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); memset(cover, 0, COVER_SIZE * sizeof(unsigned long)); ftruncate(fd, 3UL << 20); return 0; } This can be fixed by assigning anonymous VMAs own vm_ops and not relying on it being NULL. If ->mmap() failed to set ->vm_ops, mmap_region() will set it to dummy_vm_ops. This way we will have non-NULL ->vm_ops for all VMAs. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: syzbot+3f84280d52be9b7083cc(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> --- arch/ia64/kernel/perfmon.c | 1 + arch/ia64/mm/init.c | 2 ++ drivers/char/mem.c | 1 + fs/exec.c | 1 + fs/hugetlbfs/inode.c | 1 + include/linux/mm.h | 5 ++++- mm/khugepaged.c | 4 ++-- mm/mmap.c | 11 +++++++++++ mm/nommu.c | 9 ++++++++- mm/shmem.c | 1 + mm/util.c | 12 ++++++++++++ 11 files changed, 44 insertions(+), 4 deletions(-) diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c index 3b38c717008a..13fd6f7d37e8 100644 --- a/arch/ia64/kernel/perfmon.c +++ b/arch/ia64/kernel/perfmon.c @@ -2292,6 +2292,7 @@ pfm_smpl_buffer_alloc(struct task_struct *task, struct file *filp, pfm_context_t vma->vm_file = get_file(filp); vma->vm_flags = VM_READ|VM_MAYREAD|VM_DONTEXPAND|VM_DONTDUMP; vma->vm_page_prot = PAGE_READONLY; /* XXX may need to change */ + vma->vm_ops = &dummy_vm_ops; /* * Now we have everything we need and we can initialize diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c index 18278b448530..f5dfcb723518 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -122,6 +122,7 @@ ia64_init_addr_space (void) vma->vm_end = vma->vm_start + PAGE_SIZE; vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT; vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); + vma->vm_ops = &dummy_vm_ops; down_write(&current->mm->mmap_sem); if (insert_vm_struct(current->mm, vma)) { up_write(&current->mm->mmap_sem); @@ -141,6 +142,7 @@ ia64_init_addr_space (void) vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_DONTEXPAND | VM_DONTDUMP; + vma->vm_ops = &dummy_vm_ops; down_write(&current->mm->mmap_sem); if (insert_vm_struct(current->mm, vma)) { up_write(&current->mm->mmap_sem); diff --git a/drivers/char/mem.c b/drivers/char/mem.c index ffeb60d3434c..f0a8b0b1768b 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -708,6 +708,7 @@ static int mmap_zero(struct file *file, struct vm_area_struct *vma) #endif if (vma->vm_flags & VM_SHARED) return shmem_zero_setup(vma); + vma->vm_ops = &anon_vm_ops; return 0; } diff --git a/fs/exec.c b/fs/exec.c index 2d4e0075bd24..a1a246062561 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -307,6 +307,7 @@ static int __bprm_mm_init(struct linux_binprm *bprm) * configured yet. */ BUILD_BUG_ON(VM_STACK_FLAGS & VM_STACK_INCOMPLETE_SETUP); + vma->vm_ops = &anon_vm_ops; vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index d508c7844681..5ff73b1398ad 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -597,6 +597,7 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset, memset(&pseudo_vma, 0, sizeof(struct vm_area_struct)); pseudo_vma.vm_flags = (VM_HUGETLB | VM_MAYSHARE | VM_SHARED); pseudo_vma.vm_file = file; + pseudo_vma.vm_ops = &dummy_vm_ops; for (index = start; index < end; index++) { /* diff --git a/include/linux/mm.h b/include/linux/mm.h index a0fbb9ffe380..9a35362bbc92 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1536,9 +1536,12 @@ int clear_page_dirty_for_io(struct page *page); int get_cmdline(struct task_struct *task, char *buffer, int buflen); +extern const struct vm_operations_struct anon_vm_ops; +extern const struct vm_operations_struct dummy_vm_ops; + static inline bool vma_is_anonymous(struct vm_area_struct *vma) { - return !vma->vm_ops; + return vma->vm_ops == &anon_vm_ops; } #ifdef CONFIG_SHMEM diff --git a/mm/khugepaged.c b/mm/khugepaged.c index d7b2a4bf8671..5ae34097aed1 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -440,7 +440,7 @@ int khugepaged_enter_vma_merge(struct vm_area_struct *vma, * page fault if needed. */ return 0; - if (vma->vm_ops || (vm_flags & VM_NO_KHUGEPAGED)) + if (!vma_is_anonymous(vma) || (vm_flags & VM_NO_KHUGEPAGED)) /* khugepaged not yet working on file or special mappings */ return 0; hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; @@ -831,7 +831,7 @@ static bool hugepage_vma_check(struct vm_area_struct *vma) return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff, HPAGE_PMD_NR); } - if (!vma->anon_vma || vma->vm_ops) + if (!vma->anon_vma || !vma_is_anonymous(vma)) return false; if (is_vma_temporary_stack(vma)) return false; diff --git a/mm/mmap.c b/mm/mmap.c index d1eb87ef4b1a..527c17f31635 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -561,6 +561,8 @@ static unsigned long count_vma_pages_range(struct mm_struct *mm, void __vma_link_rb(struct mm_struct *mm, struct vm_area_struct *vma, struct rb_node **rb_link, struct rb_node *rb_parent) { + WARN_ONCE(!vma->vm_ops, "missing vma->vm_ops"); + /* Update tracking information for the gap following the new vma. */ if (vma->vm_next) vma_gap_update(vma->vm_next); @@ -1762,6 +1764,11 @@ unsigned long mmap_region(struct file *file, unsigned long addr, */ vma->vm_file = get_file(file); error = call_mmap(file, vma); + + /* All mappings must have ->vm_ops set */ + if (!vma->vm_ops) + vma->vm_ops = &dummy_vm_ops; + if (error) goto unmap_and_free_vma; @@ -1780,6 +1787,9 @@ unsigned long mmap_region(struct file *file, unsigned long addr, error = shmem_zero_setup(vma); if (error) goto free_vma; + } else { + /* vma_is_anonymous() relies on this. */ + vma->vm_ops = &anon_vm_ops; } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -2999,6 +3009,7 @@ static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long INIT_LIST_HEAD(&vma->anon_vma_chain); vma->vm_mm = mm; + vma->vm_ops = &anon_vm_ops; vma->vm_start = addr; vma->vm_end = addr + len; vma->vm_pgoff = pgoff; diff --git a/mm/nommu.c b/mm/nommu.c index 4452d8bd9ae4..f00f209833ab 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -1058,6 +1058,8 @@ static int do_mmap_shared_file(struct vm_area_struct *vma) int ret; ret = call_mmap(vma->vm_file, vma); + if (!vma->vm_ops) + vma->vm_ops = &dummy_vm_ops; if (ret == 0) { vma->vm_region->vm_top = vma->vm_region->vm_end; return 0; @@ -1089,6 +1091,8 @@ static int do_mmap_private(struct vm_area_struct *vma, */ if (capabilities & NOMMU_MAP_DIRECT) { ret = call_mmap(vma->vm_file, vma); + if (!vma->vm_ops) + vma->vm_ops = &dummy_vm_ops; if (ret == 0) { /* shouldn't return success if we're not sharing */ BUG_ON(!(vma->vm_flags & VM_MAYSHARE)); @@ -1137,6 +1141,8 @@ static int do_mmap_private(struct vm_area_struct *vma, fpos = vma->vm_pgoff; fpos <<= PAGE_SHIFT; + vma->vm_ops = &dummy_vm_ops; + ret = kernel_read(vma->vm_file, base, len, &fpos); if (ret < 0) goto error_free; @@ -1144,7 +1150,8 @@ static int do_mmap_private(struct vm_area_struct *vma, /* clear the last little bit */ if (ret < len) memset(base + ret, 0, len - ret); - + } else { + vma->vm_ops = &anon_vm_ops; } return 0; diff --git a/mm/shmem.c b/mm/shmem.c index 2cab84403055..db5c319161ca 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1424,6 +1424,7 @@ static void shmem_pseudo_vma_init(struct vm_area_struct *vma, /* Bias interleave by inode number to distribute better across nodes */ vma->vm_pgoff = index + info->vfs_inode.i_ino; vma->vm_policy = mpol_shared_policy_lookup(&info->policy, index); + vma->vm_ops = &dummy_vm_ops; } static void shmem_pseudo_vma_destroy(struct vm_area_struct *vma) diff --git a/mm/util.c b/mm/util.c index 3351659200e6..20e6a78f3237 100644 --- a/mm/util.c +++ b/mm/util.c @@ -20,6 +20,18 @@ #include "internal.h" +/* + * All anonymous VMAs have ->vm_ops set to anon_vm_ops. + * vma_is_anonymous() reiles on anon_vm_ops to detect anonymous VMA. + */ +const struct vm_operations_struct anon_vm_ops = {}; + +/* + * All VMAs have to have ->vm_ops set. dummy_vm_ops can be used if the VMA + * doesn't need to handle any of the operations. + */ +const struct vm_operations_struct dummy_vm_ops = {}; + static inline int is_kernel_rodata(unsigned long addr) { return addr >= (unsigned long)__start_rodata && -- 2.18.0

7 years, 5 months

3
2
0 0

[PATCH] MIPS: Fix off-by-one in pci_resource_to_user()

by Paul Burton

The MIPS implementation of pci_resource_to_user() introduced in v3.12 by commit 4c2924b725fb ("MIPS: PCI: Use pci_resource_to_user to map pci memory space properly") incorrectly sets *end to the address of the byte after the resource, rather than the last byte of the resource. This results in userland seeing resources as a byte larger than they actually are, for example a 32 byte BAR will be reported by a tool such as lspci as being 33 bytes in size: Region 2: I/O ports at 1000 [disabled] [size=33] Correct this by subtracting one from the calculated end address, reporting the correct address to userland. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Rui Wang <rui.wang(a)windriver.com> Fixes: 4c2924b725fb ("MIPS: PCI: Use pci_resource_to_user to map pci memory space properly") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Wolfgang Grandegger <wg(a)grandegger.com> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v3.12+ --- arch/mips/pci/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/pci/pci.c b/arch/mips/pci/pci.c index 9632436d74d7..c2e94cf5ecda 100644 --- a/arch/mips/pci/pci.c +++ b/arch/mips/pci/pci.c @@ -54,5 +54,5 @@ void pci_resource_to_user(const struct pci_dev *dev, int bar, phys_addr_t size = resource_size(rsrc); *start = fixup_bigphys_addr(rsrc->start, size); - *end = rsrc->start + size; + *end = rsrc->start + size - 1; } -- 2.18.0

7 years, 5 months

1
0
0 0

patch "mei: don't update offset in write" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: don't update offset in write to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From a103af1b64d74853a5e08ca6c86aeb0e5c6ca4f1 Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Mon, 9 Jul 2018 12:21:44 +0300 Subject: mei: don't update offset in write MEI enables writes of complete messages only while read can be performed in parts, hence write should not update the file offset to not break interleaving partial reads with writes. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c index f690918f7817..302ba7a63bd2 100644 --- a/drivers/misc/mei/main.c +++ b/drivers/misc/mei/main.c @@ -312,7 +312,6 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, } } - *offset = 0; cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); if (!cb) { rets = -ENOMEM; -- 2.18.0

7 years, 5 months

1
0
0 0

patch "mei: bus: type promotion bug in mei_nfc_if_version()" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: bus: type promotion bug in mei_nfc_if_version() to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.18.0

7 years, 5 months

1
0
0 0

[PATCHv2 1/2] libnvdimm: Use max contiguous area for namespace size

by Keith Busch

This patch will find the max contiguous area to determine the largest namespace size that can be created. If the requested size exceeds the largest available, ENOSPC error will be returned. This fixes the allocation underrun error and wrong error return code that have otherwise been observed as the following kernel warning: WARNING: CPU: <CPU> PID: <PID> at drivers/nvdimm/namespace_devs.c:913 size_store Fixes: a1f3e4d6a0c3 ("libnvdimm, region: update nd_region_available_dpa() for multi-pmem support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Keith Busch <keith.busch(a)intel.com> --- v1 -> v2: Updated changelog to indicate the warning this patch fixes and copy stable. Fixed code comments with the correct name of a function drivers/nvdimm/dimm_devs.c | 29 +++++++++++++++++++++++++++++ drivers/nvdimm/namespace_devs.c | 2 +- drivers/nvdimm/nd-core.h | 3 +++ drivers/nvdimm/region_devs.c | 23 +++++++++++++++++++++++ 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c index 8d348b22ba45..791a93cd8eb1 100644 --- a/drivers/nvdimm/dimm_devs.c +++ b/drivers/nvdimm/dimm_devs.c @@ -536,6 +536,35 @@ resource_size_t nd_blk_available_dpa(struct nd_region *nd_region) return info.available; } +/** + * nd_pmem_max_contiguous_dpa - For the given dimm+region, return the max + * contiguous unallocated dpa range. + * @nd_region: constrain available space check to this reference region + * @nd_mapping: container of dpa-resource-root + labels + */ +resource_size_t nd_pmem_max_contiguous_dpa(struct nd_region *nd_region, + struct nd_mapping *nd_mapping) +{ + struct nvdimm_drvdata *ndd = to_ndd(nd_mapping); + resource_size_t start, end, max = 0; + struct resource *res; + + if (!ndd) + return 0; + + start = nd_mapping->start; + end = start + nd_mapping->size; + + for_each_dpa_resource(ndd, res) { + if ((res->start - start) > max) + max = res->start - start; + start = res->start + resource_size(res); + } + if (start < end && end - start > max) + max = end - start; + return max; +} + /** * nd_pmem_available_dpa - for the given dimm+region account unallocated dpa * @nd_mapping: container of dpa-resource-root + labels diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c index 28afdd668905..c00d1d2d48f9 100644 --- a/drivers/nvdimm/namespace_devs.c +++ b/drivers/nvdimm/namespace_devs.c @@ -1032,7 +1032,7 @@ static ssize_t __size_store(struct device *dev, unsigned long long val) allocated += nvdimm_allocated_dpa(ndd, &label_id); } - available = nd_region_available_dpa(nd_region); + available = nd_region_contiguous_max(nd_region); if (val > available + allocated) return -ENOSPC; diff --git a/drivers/nvdimm/nd-core.h b/drivers/nvdimm/nd-core.h index 79274ead54fb..8e4acd075b0f 100644 --- a/drivers/nvdimm/nd-core.h +++ b/drivers/nvdimm/nd-core.h @@ -100,6 +100,9 @@ struct nd_region; struct nvdimm_drvdata; struct nd_mapping; void nd_mapping_free_labels(struct nd_mapping *nd_mapping); +resource_size_t nd_pmem_max_contiguous_dpa(struct nd_region *nd_region, + struct nd_mapping *nd_mapping); +resource_size_t nd_region_contiguous_max(struct nd_region *nd_region); resource_size_t nd_pmem_available_dpa(struct nd_region *nd_region, struct nd_mapping *nd_mapping, resource_size_t *overlap); resource_size_t nd_blk_available_dpa(struct nd_region *nd_region); diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c index ec3543b83330..8af483d7ef57 100644 --- a/drivers/nvdimm/region_devs.c +++ b/drivers/nvdimm/region_devs.c @@ -357,6 +357,29 @@ static ssize_t set_cookie_show(struct device *dev, } static DEVICE_ATTR_RO(set_cookie); +resource_size_t nd_region_contiguous_max(struct nd_region *nd_region) +{ + resource_size_t available = 0; + int i; + + WARN_ON(!is_nvdimm_bus_locked(&nd_region->dev)); + for (i = 0; i < nd_region->ndr_mappings; i++) { + struct nd_mapping *nd_mapping = &nd_region->mapping[i]; + struct nvdimm_drvdata *ndd = to_ndd(nd_mapping); + + /* if a dimm is disabled the available capacity is zero */ + if (!ndd) + return 0; + + if (is_memory(&nd_region->dev)) + available += nd_pmem_max_contiguous_dpa(nd_region, + nd_mapping); + else if (is_nd_blk(&nd_region->dev)) + available += nd_blk_available_dpa(nd_region); + } + return available; +} + resource_size_t nd_region_available_dpa(struct nd_region *nd_region) { resource_size_t blk_max_overlap = 0, available, overlap; -- 2.14.3

7 years, 5 months

2
9
0 0

6ed66c3ce095ae65bbc976b5817c318653745736 for 4.14-stable

by Sudip Mukherjee

Hi Greg, I think you have missed 6ed66c3ce095ae65bbc976b5817c318653745736 for the v4.14-stable tree. No backport needed, it will apply cleanly. -- Regards Sudip

7 years, 5 months

3
5
0 0

patch "mei: don't update offset in write" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: don't update offset in write to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From a103af1b64d74853a5e08ca6c86aeb0e5c6ca4f1 Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Mon, 9 Jul 2018 12:21:44 +0300 Subject: mei: don't update offset in write MEI enables writes of complete messages only while read can be performed in parts, hence write should not update the file offset to not break interleaving partial reads with writes. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c index f690918f7817..302ba7a63bd2 100644 --- a/drivers/misc/mei/main.c +++ b/drivers/misc/mei/main.c @@ -312,7 +312,6 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, } } - *offset = 0; cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); if (!cb) { rets = -ENOMEM; -- 2.18.0

7 years, 5 months

1
0
0 0

patch "mei: bus: type promotion bug in mei_nfc_if_version()" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: bus: type promotion bug in mei_nfc_if_version() to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.18.0

7 years, 5 months

1
0
0 0

Re: bpf commits for stable

by Greg KH

On Thu, Jul 12, 2018 at 10:33:24AM +0200, Daniel Borkmann wrote: > Hi Greg, > > if you have a chance, please queue the following BPF patches for -stable: Always cc: stable@vger for stable stuff, as I'm not the only stable tree out there... > > - 4.17.y: > > 3a38bb98d9ab ("bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog") This is already in 4.17. > c93552c443eb ("bpf: properly enforce index mask to prevent out-of-bounds speculation") So is this. > 58990d1ff3f7 ("bpf: reject passing modified ctx to helper functions") Now applied. > b16558579576 ("bpf: implement dummy fops for bpf objects") Does not apply at all :( > 7d1982b4e335 ("bpf: fix panic in prog load calls cleanup") Does not apply :( > ed2b82c03dc1 ("bpf: hash map: decrement counter on error") This is not in Linus's tree. > - 4.14.y: > > c93552c443eb ("bpf: properly enforce index mask to prevent out-of-bounds speculation") Doesn't apply to 4.14.y :( > b16558579576 ("bpf: implement dummy fops for bpf objects") Does not apply at all. > ed2b82c03dc1 ("bpf: hash map: decrement counter on error") Not in Linus's tree. Can you send me the needed backports? thanks, greg k-h

7 years, 5 months

2
1
0 0

63039c29f7a4ce8a8bd165173840543c0098d7b0 for 4.14-stable

by Sudip Mukherjee

Hi Greg, Please apply the attached backported patch to 4.14-stable tree. Backported by changing the argument. -- Regards Sudip

7 years, 5 months

2
1
0 0

[PATCH 4.9 000/310] 4.9.94-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.94 release. There are 310 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Apr 13 18:35:00 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.94-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.94-rc1 David Ahern <dsahern(a)gmail.com> vrf: Fix use after free and double free in vrf_finish_output Craig Dillabaugh <cdillaba(a)mojatatu.com> net sched actions: fix dumping which requires several messages to user space Dave Watson <davejwatson(a)fb.com> strparser: Fix sign of err codes Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_core: Fix memory leak while delete slave's resources Jason Wang <jasowang(a)redhat.com> vhost_net: add missing lock nesting notation Xin Long <lucien.xin(a)gmail.com> team: move dev_mc_sync after master_upper_dev_link in team_port_add Xin Long <lucien.xin(a)gmail.com> route: check sysctl_fib_multipath_use_neigh earlier than hash Jason Wang <jasowang(a)redhat.com> vhost: validate log when IOTLB is enabled Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx4_en: Fix mixed PFC and Global pause user control requests Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference on the error path of tcf_skbmod_init() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tunnel_key_init() Shahar Klein <shahark(a)mellanox.com> net/mlx5e: Sync netdev vxlan ports at open Eric Dumazet <edumazet(a)google.com> vti6: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_gre: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ipv6: sit: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> net: fool proof dev_valid_name() Xin Long <lucien.xin(a)gmail.com> bonding: process the err returned by dev_set_allmulti properly in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: fix the err path for dev hwaddr sync in bond_enslave Hangbin Liu <liuhangbin(a)gmail.com> vlan: also check phy_driver ts_info for vlan's real device Jason Wang <jasowang(a)redhat.com> vhost: correctly remove wait queue during poll failure Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Increase D3 delay to sky2 stops working after suspend Eric Dumazet <edumazet(a)google.com> sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 Eric Dumazet <edumazet(a)google.com> sctp: do not leak kernel memory to user space Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix setting driver_data after register_netdev Eric Dumazet <edumazet(a)google.com> pptp: remove a buggy dst release in pptp_connect() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_bpf_init() Alexander Potapenko <glider(a)google.com> netlink: make sure nladdr has correct size in netlink_connect() Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Increment OUTxxx counters after netfilter hook David Ahern <dsahern(a)gmail.com> net/ipv6: Fix route leaking between VRFs Eric Dumazet <edumazet(a)google.com> net: fix possible out-of-bound read in skb_network_protocol() Paolo Abeni <pabeni(a)redhat.com> ipv6: the entire IPv6 header chain must fit the first fragment Miguel Fadon Perlines <mfadon(a)teldat.com> arp: fix arp_filter on l3slave devices Alexandre Belloni <alexandre.belloni(a)free-electrons.com> clk: at91: fix clk-generated compilation Theodore Ts'o <tytso(a)mit.edu> random: use lockless method of accessing and updating f->reg_idx Nathan Chancellor <natechancellor(a)gmail.com> virtio_net: check return value of skb_to_sgvec in one more location Jason A. Donenfeld <Jason(a)zx2c4.com> virtio_net: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> rxrpc: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> ipsec: check return value of skb_to_sgvec always Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix copyfile_offset update of output offset Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: mtd_oobtest: Handle bitflips during reads Hans de Goede <hdegoede(a)redhat.com> Input: goodix - disable IRQs while suspended Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sdhci: Advertise 2.0v supply on SDIO host controller Arjun Vynipadath <arjun(a)chelsio.com> cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, mv64x60: Fix an error handling path Tony Lindgren <tony(a)atomide.com> tty: n_gsm: Allow ADM response in addition to UA for control dlci Ming Lei <ming.lei(a)redhat.com> blk-mq: fix kernel oops in blk_mq_tag_idle() chenxiang <chenxiang66(a)hisilicon.com> scsi: libsas: initialize sas_phy status according to response of DISCOVER Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix error when getting phy events Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix memory leak in sas_smp_get_phy_events() Tang Junhui <tang.junhui(a)zte.com.cn> bcache: segregate flash only volume write streams Tang Junhui <tang.junhui(a)zte.com.cn> bcache: stop writeback thread after detaching Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error handling path Mickaël Salaün <mic(a)digikod.net> selftests: kselftest_harness: Fix compile warning Karicheri, Muralidharan <m-karicheri2(a)ti.com> hsr: fix incorrect warning Roopa Prabhu <roopa(a)cumulusnetworks.com> vxlan: dont migrate permanent fdb entries during learn Stefan Haberland <sth(a)linux.vnet.ibm.com> s390/dasd: fix hanging safe offline Bob Moore <robert.moore(a)intel.com> ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Lv Zheng <lv.zheng(a)intel.com> ACPICA: Events: Add runtime stub support for event APIs Lv Zheng <lv.zheng(a)intel.com> ACPICA: OSL: Add support to exclude stdarg.h Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> cpuidle: dt: Add missing 'of_node_put()' Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: meson8b: add compatibles for Meson8 and Meson8m2 Netanel Belgazal <netanel(a)amazon.com> net: ena: disable admin msix while working in polling mode Netanel Belgazal <netanel(a)amazon.com> net: ena: add missing unmap bars on device removal Netanel Belgazal <netanel(a)amazon.com> net: ena: add missing return when ena_com_get_io_handlers() fails Netanel Belgazal <netanel(a)amazon.com> net: ena: fix race condition between submit and completion admin command Netanel Belgazal <netanel(a)amazon.com> net: ena: fix rare uncompleted admin command false alarm Lorenzo Bianconi <lorenzo.bianconi83(a)gmail.com> iio: magnetometer: st_magn_spi: fix spi_device_id table Jag Raman <jag.raman(a)oracle.com> sparc64: ldc abort during vds iso boot Fabio Estevam <fabio.estevam(a)nxp.com> net: fec: Add a fec_enet_clear_ethtool_stats() stub for CONFIG_M5272 Xin Long <lucien.xin(a)gmail.com> sctp: fix recursive locking warning in sctp_do_peeloff Mintz, Yuval <Yuval.Mintz(a)cavium.com> bnx2x: Allow vfs to disable txvlan offload Tero Kristo <t-kristo(a)ti.com> crypto: omap-sham - fix closing of hash with separate finalize call Tero Kristo <t-kristo(a)ti.com> crypto: omap-sham - buffer handling fixes for hashing later Girish Moodalbail <girish.moodalbail(a)oracle.com> geneve: add missing rx stats accounting Mario Molitor <mario_molitor(a)web.de> stmmac: fix ptp header for GMAC3 hw timestamp Robin Murphy <robin.murphy(a)arm.com> coresight: tmc: Configure DMA mask appropriately Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: Fix reference count for software sources Heiner Kallweit <hkallweit1(a)gmail.com> pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 Dan Carpenter <dan.carpenter(a)oracle.com> X.509: Fix error code in x509_cert_parse() Arnd Bergmann <arnd(a)arndb.de> xen: avoid type warning in xchg_xen_ulong Willem de Bruijn <willemb(a)google.com> skbuff: only inherit relevant tx_flags Namhyung Kim <namhyung(a)kernel.org> perf tests: Decompress kernel module before objdump Namhyung Kim <namhyung(a)kernel.org> perf tools: Decompress kernel module when reading DSO data Christian Lamparter <chunkeey(a)googlemail.com> net: emac: fix reset timeout with AR8035 phy James Wang <jnwang(a)suse.com> Fix loop device flush before configure v3 Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: armadillo800eva: Split LCD mux and gpio Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: kprobes: flush_insn_slot should flush only if probe initialised Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: mm: adjust PKMAP location Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: mm: fixed mappings: correct initialisation Daniel Bristot de Oliveira <bristot(a)redhat.com> sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks Peter Zijlstra <peterz(a)infradead.org> perf/core: Correct event creation with PERF_FORMAT_GROUP Chris Wilson <chris(a)chris-wilson.co.uk> e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Jim Mattson <jmattson(a)google.com> KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit Ming Lei <ming.lei(a)redhat.com> nvme: fix hang in remove path Rakesh Pandit <rakesh(a)tuxera.com> nvme-pci: fix multiple ctrl removal scheduling Leonard Crestez <leonard.crestez(a)nxp.com> ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull Russell King <rmk+kernel(a)armlinux.org.uk> net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support A Sun <as1033x(a)comcast.net> mceusb: sporadic RX truncation corruption fix Pan Bian <bianpan2016(a)163.com> cx25840: fix unchecked return values Dan Carpenter <dan.carpenter(a)oracle.com> cxl: Unlock on error in probe Jacob Keller <jacob.e.keller(a)intel.com> igb: fix race condition with PTP_TX_IN_PROGRESS bits Jacob Keller <jacob.e.keller(a)intel.com> e1000e: fix race condition around skb_tstamp_tx() Christian Lamparter <chunkeey(a)googlemail.com> ARM: dts: qcom: ipq4019: fix i2c_0 node Robert Jarzmik <robert.jarzmik(a)free.fr> tags: honor COMPILED_SOURCE with apart output directory Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: fix min API version for 7265D, 3168, 8000 and 8265 Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: pcie: only use d0i3 in suspend/resume if system_pm is set to d0i3 Johannes Berg <johannes.berg(a)intel.com> iwlwifi: tt: move ucode_loaded check under mutex Haim Dreyfuss <haim.dreyfuss(a)intel.com> iwlwifi: mvm: Fix command queue number on d0i3 flow Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> watchdog: f71808e_wdt: Add F71868 support Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: fix firmware debug restart recording Milian Wolff <milian.wolff(a)kdab.com> perf report: Ensure the perf DSO mapping matches what libdw sees Namhyung Kim <namhyung(a)kernel.org> perf header: Set proper module name when build-id event found Ido Shamay <idos(a)mellanox.com> net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport Talat Batheesh <talatb(a)mellanox.com> net/mlx4: Fix the check in attaching steering rules Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> sit: reload iphdr in ipip6_rcv Jason A. Donenfeld <Jason(a)zx2c4.com> macsec: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow Liam McBirnie <mcbirnie.l(a)gmail.com> ip6_tunnel: fix traffic class routing for tunnels Dmitry Monakhov <dmonakhov(a)openvz.org> bio-integrity: Do not allocate integrity context for bio w/o data Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Fix serial console on SNI RM400 machines Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: fix incorrect cim_la output for T6 Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/8xx: fix mpc8xx_get_irq() return on no irq Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: fix tiled buffer stride calculations Steven L. Roberts <robers97(a)gmail.com> RDMA/hfi1: fix array termination by appending NULL to attr array Raju Rangoju <rajur(a)chelsio.com> RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers Leonard Crestez <leonard.crestez(a)nxp.com> net: phy: micrel: Restore led_mode and clk_sel on resume Jia-Ju Bai <baijiaju1990(a)163.com> mISDN: Fix a sleep-in-atomic bug Ard Biesheuvel <ard.biesheuvel(a)linaro.org> arm64: kernel: restrict /dev/mem read() calls to linear region Jia-Ju Bai <baijiaju1990(a)163.com> qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M Jiri Olsa <jolsa(a)kernel.org> perf trace: Add mmap alias for s390 Anilkumar Kolli <akolli(a)qti.qualcomm.com> ath10k: add BMI parameters to fix calibration from DT/pre-cal Dan Carpenter <dan.carpenter(a)oracle.com> drm/amdkfd: NULL dereference involving create_process() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/spufs: Fix coredump of SPU contexts Bryan O'Donoghue <pure.logic(a)nexus-software.ie> clk: Fix __set_clk_rates error print-string Sudeep Holla <sudeep.holla(a)arm.com> clk: scpi: fix return type of __scpi_dvfs_round_rate Roman Pen <roman.penyaev(a)profitbricks.com> KVM: SVM: do not zero out segment attributes if segment is unusable or not present Masahiro Yamada <yamada.masahiro(a)socionext.com> mtd: nand: check ecc->total sanity in nand_scan_tail Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: nand: gpmi: Fix gpmi_nand_init() error path Maxime Ripard <maxime.ripard(a)free-electrons.com> dt-bindings: display: sun4i: Add allwinner,tcon-channel property Maxime Ripard <maxime.ripard(a)free-electrons.com> drm/sun4i: Ignore the generic connectors for components Alexandre Belloni <alexandre.belloni(a)free-electrons.com> clk: at91: fix clk-generated parenting Gustavo A. R. Silva <garsilva(a)embeddedor.com> net: freescale: fix potential null pointer dereference NeilBrown <neilb(a)suse.com> SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> rtc: interface: Validate alarm-time before handling rollover Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> rtc: opal: Handle disabled TPO in opal_get_tpo_time() Jesse Brandeburg <jesse.brandeburg(a)intel.com> i40evf: fix merge error in older patch Gary Bisson <gary.bisson(a)boundarydevices.com> rtc: m41t80: fix SQW dividers override when setting a date Arjun Vynipadath <arjun(a)chelsio.com> cxgb4: Fix netdev_features flag Arjun Vynipadath <arjun(a)chelsio.com> cxgb4: FW upgrade fixes Arnd Bergmann <arnd(a)arndb.de> net/mlx5: avoid build warning for uniprocessor Will Deacon <will.deacon(a)arm.com> arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> backlight: Report error on failure Arvind Yadav <arvind.yadav.cs(a)gmail.com> dmaengine: imx-sdma: Handle return value of clk_prepare_enable Ivan Mikhaylov <ivan(a)de.ibm.com> powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] Miklos Szeredi <mszeredi(a)redhat.com> ovl: filter trusted xattr for non-admin Hans de Goede <hdegoede(a)redhat.com> HID: i2c: Call acpi_device_fix_up_power for ACPI-enumerated devices Florian Westphal <fw(a)strlen.de> netfilter: conntrack: don't call iter for non-confirmed conntracks Sai Praneeth <sai.praneeth.prakhya(a)intel.com> x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map Firo Yang <firogm(a)gmail.com> hdlcdrv: Fix divide by zero in hdlcdrv_ioctl Colin Ian King <colin.king(a)canonical.com> wl1251: check return from call to wl1251_acx_arp_ip_filter Stanislaw Gruszka <sgruszka(a)redhat.com> rt2x00: do not pause queue unconditionally on error path Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts Robert Jarzmik <robert.jarzmik(a)free.fr> backlight: tdo24m: Fix the SPI CS between transfers Ming Lei <ming.lei(a)redhat.com> blk-mq: fix race between updating nr_hw_queues and switching io sched Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/rdmavt: Allocate CQ memory on the correct node Linus Walleij <linus.walleij(a)linaro.org> gpio: label descriptors using the device name Pieter \"PoroCYon\" Sluys <pcy(a)national.shitposting.agency> vfb: fix video mode and line_length being set when loaded Peter Große <pegro(a)friiks.de> mac80211: Fix setting TX power on monitor interfaces Geert Uytterhoeven <geert+renesas(a)glider.be> ACPI: EC: Fix debugfs_create_*() usage Shanker Donthineni <shankerd(a)codeaurora.org> irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry Chaitra P B <chaitra.basappa(a)broadcom.com> scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Rafael David Tinoco <rafael.tinoco(a)canonical.com> scsi: libiscsi: Allow sd_shutdown on bad transport Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: cht_bsw_rt5645: Analog Mic support Pardha Saradhi K <pardha.saradhi.kesapragada(a)intel.com> ASoC: Intel: Skylake: Disable clock gating during firmware and library download Mauro Carvalho Chehab <mchehab(a)kernel.org> media: videobuf2-core: don't go out of the buffer range Maciej Purski <m.purski(a)samsung.com> hwmon: (ina2xx) Make calibration register value fixed Gustavo A. R. Silva <garsilva(a)embeddedor.com> PM / devfreq: Fix potential NULL pointer dereference in governor_store NeilBrown <neilb(a)suse.com> VFS: close race between getcwd() and d_move() Moni Shoua <monis(a)mellanox.com> net/mlx4_en: Change default QoS settings Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Default lcd_only to true on Win8-ready and newer machines Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds; Reset rs->rs_bound_addr in rds_add_bound() failure path Hangbin Liu <liuhangbin(a)gmail.com> l2tp: fix missing print session offset info Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Add warning message if there is unexpected event name Yi Zeng <yizeng(a)asrmicro.com> thermal: power_allocator: fix one race condition issue for thermal_instances list Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Correct Q1/XF object count equation Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Fix sequence number for the first partial FPDU Jordan Crouse <jcrouse(a)codeaurora.org> drm/msm: Take the mutex before calling msm_gem_new_impl linzhang <xiaolou4617(a)gmail.com> net: llc: add lock_sock in llc_ui_bind to avoid a race condition Jan H. Schönherr <jschoenh(a)amazon.de> KVM: nVMX: Fix handling of lmsw instruction Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: X86: Fix preempt the preemption timer cancel Christoph Hellwig <hch(a)lst.de> PCI/msi: fix the pci_alloc_irq_vectors_affinity stub Thomas Gleixner <tglx(a)linutronix.de> cpuhotplug: Link lock stacks for hotplug callbacks Nithin Sujir <nsujir(a)tintri.com> bonding: Don't update slave->link until ready to commit KT Liao <kt.liao(a)emc.com.tw> Input: elan_i2c - clear INT before resetting controller Roman Kapl <roman.kapl(a)sysgo.com> net: move somaxconn init from sysctl code Eric Dumazet <edumazet(a)google.com> tcp: better validation of received ack sequences Timmy Li <lixiaoping3(a)huawei.com> ARM64: PCI: Fix struct acpi_pci_root_ops allocation failure path Eryu Guan <eguan(a)redhat.com> ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() Michael Schmitz <schmitzmic(a)gmail.com> fix race in drivers/char/random.c:get_reg() Maurizio Lombardi <mlombard(a)redhat.com> scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI PIO adjust to 24bit mode Dan Carpenter <dan.carpenter(a)oracle.com> pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() Liping Zhang <zlpnobody(a)gmail.com> netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Milian Wolff <milian.wolff(a)kdab.com> perf report: Fix off-by-one for non-activation frames Dan Carpenter <dan.carpenter(a)oracle.com> libceph: NULL deref on crush_decode() error path Lin Zhang <xiaolou4617(a)gmail.com> net: ieee802154: fix net_device reference release too early Jesper Dangaard Brouer <brouer(a)redhat.com> mlx5: fix bug reading rss_hash_type from CQE Dan Carpenter <dan.carpenter(a)oracle.com> block: fix an error code in add_partition() Stephen Smalley <sds(a)tycho.nsa.gov> selinux: do not check open permission on sockets Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Tolerate irq_set_affinity_hint() failures Hans de Goede <hdegoede(a)redhat.com> gpio: crystalcove: Do not write regular gpio registers for virtual GPIOs Vlastimil Babka <vbabka(a)suse.cz> sched/numa: Use down_read_trylock() for the mmap_sem Dan Carpenter <dan.carpenter(a)oracle.com> perf/core: Fix error handling in perf_event_alloc() Tin Huynh <tnhuynh(a)apm.com> leds: pca955x: Correct I2C Functionality Holger Brunck <holger.brunck(a)keymile.com> net/wan/fsl_ucc_hdlc: fix muram allocation error Kees Cook <keescook(a)chromium.org> ray_cs: Avoid reading past end of buffer Suman Anna <s-anna(a)ti.com> ARM: davinci: da8xx: Create DSP device only when assigned memory Guoqing Jiang <gqjiang(a)suse.com> md-cluster: fix potential lock issue in add_new_disk Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors Mikko Koivunen <mikko.koivunen(a)fi.rohmeurope.com> iio: light: rpr0521 poweroff for probe fails Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> iio: hi8435: cleanup reset gpio Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> iio: hi8435: avoid garbage event at first enable Stefan Agner <stefan(a)agner.ch> ASoC: simple-card: fix mic jack initialization Antony Antony <antony(a)phenome.org> xfrm: fix state migration copy replay sequence numbers Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix TM resched DSCR test with some compilers Colin Ian King <colin.king(a)canonical.com> ath5k: fix memory leak on buf on failed eeprom read Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix use after free in csio_hw_use_fwconfig() Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum: Avoid possible NULL pointer dereference Geert Uytterhoeven <geert+renesas(a)glider.be> sh_eth: Use platform device for printing before register_netdev() Holger Brunck <holger.brunck(a)keymile.com> fsl/qe: add bit description for SYNL register for GUMR Holger Brunck <holger.brunck(a)keymile.com> net/wan/fsl_ucc_hdlc: fix incorrect memory allocation Holger Brunck <holger.brunck(a)keymile.com> net/wan/fsl_ucc_hdlc: fix unitialized variable warnings Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Fix race condition causing garbage during shutdown Vignesh R <vigneshr(a)ti.com> serial: 8250: omap: Disable DMA for console UART Alan Stern <stern(a)rowland.harvard.edu> USB: ene_usb6250: fix SCSI residue overwriting linzhang <xiaolou4617(a)gmail.com> net: x25: fix one potential use-after-free issue Alan Stern <stern(a)rowland.harvard.edu> USB: ene_usb6250: fix first command execution Petr Cvek <petr.cvek(a)tul.cz> pxa_camera: fix module remove codepath for v4l2 clock Jisheng Zhang <jszhang(a)marvell.com> usb: chipidea: properly handle host or gadget initialization failure Sugar Zhang <sugar.zhang(a)rock-chips.com> ARM: dts: rockchip: fix rk322x i2s1 pinctrl error Ihar Hrachyshka <ihrachys(a)redhat.com> arp: honour gratuitous ARP _replies_ Ihar Hrachyshka <ihrachys(a)redhat.com> neighbour: update neigh timestamps iff update is effective Suman Anna <s-anna(a)ti.com> uio: fix incorrect memory leak cleanup Thomas Winter <Thomas.Winter(a)alliedtelesis.co.nz> ipmr: vrf: Find VIFs using the actual device Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> ata: libahci: properly propagate return value of platform_get_irq() Colin Ian King <colin.king(a)canonical.com> btrfs: fix incorrect error return ret being passed to mapping_set_error Pan Bian <bianpan2016(a)163.com> usb: dwc3: keystone: check return value James Morse <james.morse(a)arm.com> KVM: arm64: Restore host physical timer access on hyp_panic() James Morse <james.morse(a)arm.com> KVM: arm: Restore banked registers and physical timer access on hyp_panic() Anup Patel <anup.patel(a)broadcom.com> async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() Mahesh Bandewar <maheshb(a)google.com> ipv6: avoid dad-failures for addresses with NODAD Julia Lawall <julia.lawall(a)lip6.fr> mdio: mux: fix device_node_continue.cocci warnings Ganapatrao Kulkarni <ganapatrao.kulkarni(a)cavium.com> arm64: perf: Ignore exclude_hv when kernel is running in HYP Peter Rosin <peda(a)axentia.se> i2c: mux: reg: put away the parent i2c adapter on probe failure Fabio Estevam <fabio.estevam(a)nxp.com> ARM: dts: imx6qdl-wandboard: Fix audio channel swap Michael Ellerman <mpe(a)ellerman.id.au> powerpc/modules: If mprofile-kernel is enabled add it to vermagic Peter Zijlstra <peterz(a)infradead.org> x86/tsc: Provide 'tsc=unstable' boot parameter Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 Andrea della Porta <sfaragnaus(a)gmail.com> staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning Fabio Estevam <fabio.estevam(a)nxp.com> ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin Nicholas Mc Guire <der.herr(a)hofr.at> iio: pressure: zpa2326: report interrupted case as failure Dan Carpenter <dan.carpenter(a)oracle.com> PowerCap: Fix an error code in powercap_register_zone() Doug Berger <opendmb(a)gmail.com> bus: brcmstb_gisb: correct support for 64-bit address output Doug Berger <opendmb(a)gmail.com> bus: brcmstb_gisb: Use register offsets with writes too Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> SMB2: Fix share type handling Reza Arbab <arbab(a)linux.vnet.ibm.com> mm, vmstat: Remove spurious WARN() during zoneinfo print Neil Horman <nhorman(a)tuxdriver.com> vmxnet3: ensure that adapter is in proper state during force_close MaJun <majun258(a)huawei.com> irqchip/mbigen: Fix the clear register offset calculation Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S PR: Check copy_to/from_user return values KT Liao <kt.liao(a)emc.com.tw> Input: elantech - force relative mode on a certain module Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - check if device is there before really probing Jon Mason <jon.mason(a)broadcom.com> mdio: mux: Correct mdio_mux_init error path issues Colin Ian King <colin.king(a)canonical.com> netxen_nic: set rcode to the return status from the call to netxen_issue_cmd Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix alignment issues in rx path Wen Xiong <wenxiong(a)linux.vnet.ibm.com> blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op Will Deacon <will.deacon(a)arm.com> perf/callchain: Force USER_DS when invoking perf_callchain_user() Rabin Vincent <rabinv(a)axis.com> CIFS: silence lockdep splat in cifs_relock_file() Trond Myklebust <trond.myklebust(a)primarydata.com> NFSv4.1: Work around a Linux server bug... Ram Amrani <Ram.Amrani(a)cavium.com> qed: Correct doorbell configuration for !4Kb pages Talat Batheesh <talatb(a)mellanox.com> net/mlx4_en: Avoid adding steering rules with invalid ring Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: move _text symbol to address higher than zero Kirill Tkhai <ktkhai(a)virtuozzo.com> pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() Dan Carpenter <dan.carpenter(a)oracle.com> drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests J. Bruce Fields <bfields(a)redhat.com> lockd: fix lockd shutdown race Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control Jim Baxter <jim_baxter(a)mentor.com> net: cdc_ncm: Fix TX zero padding Dan Carpenter <dan.carpenter(a)oracle.com> ipmi_ssif: unlock on allocation failure Rabin Vincent <rabinv(a)axis.com> ubi: fastmap: Fix slab corruption Kees Cook <keescook(a)chromium.org> qlge: Avoid reading past end of buffer Kees Cook <keescook(a)chromium.org> bna: Avoid reading past end of buffer Luca Coelho <luciano.coelho(a)intel.com> mac80211: bail out from prep_connection() if a reconfig is ongoing Steffen Klassert <steffen.klassert(a)secunet.com> af_key: Fix slab-out-of-bounds in pfkey_compile_policy. Bart Van Assche <bart.vanassche(a)sandisk.com> IB/srpt: Avoid that aborting a command triggers a kernel warning Bart Van Assche <bart.vanassche(a)sandisk.com> IB/srpt: Fix abort handling Kees Cook <keescook(a)chromium.org> x86/boot: Declare error() as noreturn Trond Myklebust <trond.myklebust(a)primarydata.com> NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION Amir Goldstein <amir73il(a)gmail.com> ovl: persistent inode numbers for upper hardlinks Matthias Kaehlcke <mka(a)chromium.org> x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility Josh Poimboeuf <jpoimboe(a)redhat.com> x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() Pan Bian <bianpan2016(a)163.com> rtc: snvs: fix an incorrect check of return value Julia Cartwright <julia(a)ni.com> md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock Johannes Berg <johannes.berg(a)intel.com> cfg80211: make RATE_INFO_BW_20 the default sudarsana.kalluru(a)cavium.com <sudarsana.kalluru(a)cavium.com> qed: Fix overriding of supported autoneg value. ------------- Diffstat: .../bindings/clock/amlogic,meson8b-clkc.txt | 11 ++- .../bindings/display/sunxi/sun4i-drm.txt | 11 ++- Makefile | 4 +- arch/arm/boot/dts/imx53-qsrb.dts | 2 +- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 + arch/arm/boot/dts/ls1021a.dtsi | 2 +- arch/arm/boot/dts/qcom-ipq4019.dtsi | 4 +- arch/arm/boot/dts/r8a7740-armadillo800eva.dts | 2 + arch/arm/boot/dts/rk322x.dtsi | 6 +- arch/arm/include/asm/xen/events.h | 2 +- arch/arm/kvm/hyp/switch.c | 2 + arch/arm/mach-davinci/devices-da8xx.c | 10 +++ arch/arm/mach-imx/cpu.c | 3 + arch/arm/mach-imx/mxc.h | 6 ++ arch/arm64/include/asm/futex.h | 8 +- arch/arm64/kernel/pci.c | 4 +- arch/arm64/kernel/perf_event.c | 23 +++-- arch/arm64/kvm/hyp/switch.c | 1 + arch/arm64/mm/mmap.c | 19 +++-- arch/mips/include/asm/kprobes.h | 3 +- arch/mips/include/asm/pgtable-32.h | 7 +- arch/mips/mm/pgtable-32.c | 6 +- arch/powerpc/include/asm/module.h | 4 + arch/powerpc/include/asm/page.h | 12 +++ arch/powerpc/kernel/time.c | 14 +++- arch/powerpc/kvm/book3s_pr_papr.c | 34 ++++++-- arch/powerpc/platforms/cell/spufs/coredump.c | 2 + arch/powerpc/sysdev/mpc8xx_pic.c | 2 +- arch/s390/kernel/vmlinux.lds.S | 8 +- arch/sparc/kernel/ldc.c | 7 +- arch/x86/boot/compressed/error.h | 4 +- arch/x86/include/asm/asm.h | 1 + arch/x86/kernel/tsc.c | 2 + arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/svm.c | 24 +++--- arch/x86/kvm/vmx.c | 10 ++- arch/x86/lib/csum-copy_64.S | 12 +-- arch/x86/lib/kaslr.c | 3 +- arch/x86/platform/efi/efi.c | 6 +- block/bio-integrity.c | 3 + block/blk-mq.c | 11 ++- block/partition-generic.c | 4 +- crypto/asymmetric_keys/x509_cert_parser.c | 1 + crypto/async_tx/async_pq.c | 5 +- drivers/acpi/acpi_video.c | 14 +++- drivers/acpi/acpica/evxfevnt.c | 18 ++++ drivers/acpi/acpica/psobject.c | 14 ++++ drivers/acpi/ec.c | 2 +- drivers/acpi/ec_sys.c | 2 +- drivers/acpi/internal.h | 2 +- drivers/ata/libahci_platform.c | 5 +- drivers/block/loop.c | 3 + drivers/bus/brcmstb_gisb.c | 42 +++++----- drivers/char/ipmi/ipmi_ssif.c | 2 + drivers/char/random.c | 10 ++- drivers/clk/at91/clk-generated.c | 4 +- drivers/clk/clk-conf.c | 2 +- drivers/clk/clk-scpi.c | 6 +- drivers/clk/meson/Kconfig | 6 +- drivers/clk/meson/meson8b.c | 5 +- drivers/clk/renesas/clk-rcar-gen2.c | 23 ++++- drivers/cpuidle/dt_idle_states.c | 4 +- drivers/crypto/omap-sham.c | 31 ++++--- drivers/devfreq/devfreq.c | 3 +- drivers/dma/imx-sdma.c | 23 +++-- drivers/edac/mv64x60_edac.c | 2 +- drivers/gpio/gpio-crystalcove.c | 54 ++++++++---- drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 3 +- drivers/gpu/drm/msm/msm_gem.c | 6 ++ drivers/gpu/drm/omapdrm/omap_gem.c | 4 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 12 +++ drivers/gpu/drm/vc4/vc4_gem.c | 13 +-- drivers/hid/i2c-hid/i2c-hid.c | 13 +++ drivers/hwmon/ina2xx.c | 87 +++++++++++-------- drivers/hwtracing/coresight/coresight-tmc.c | 7 ++ drivers/hwtracing/coresight/coresight.c | 15 +++- drivers/i2c/muxes/i2c-mux-reg.c | 17 ++-- drivers/iio/adc/hi8435.c | 27 ++++-- drivers/iio/light/rpr0521.c | 17 +++- drivers/iio/magnetometer/st_magn_spi.c | 2 - drivers/iio/pressure/zpa2326.c | 18 ++-- drivers/infiniband/hw/cxgb4/cm.c | 6 +- drivers/infiniband/hw/hfi1/sysfs.c | 3 +- drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 +- drivers/infiniband/hw/i40iw/i40iw_d.h | 1 + drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +- drivers/infiniband/sw/rdmavt/cq.c | 10 ++- drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +- drivers/input/mouse/elan_i2c_core.c | 7 ++ drivers/input/mouse/elan_i2c_i2c.c | 9 +- drivers/input/mouse/elantech.c | 11 +++ drivers/input/touchscreen/goodix.c | 8 +- drivers/irqchip/irq-gic-v3.c | 11 +++ drivers/irqchip/irq-mbigen.c | 5 +- drivers/isdn/mISDN/stack.c | 2 +- drivers/leds/leds-pca955x.c | 2 +- drivers/md/bcache/alloc.c | 19 +++-- drivers/md/bcache/super.c | 6 ++ drivers/md/md-cluster.c | 4 +- drivers/md/raid5.c | 17 ++-- drivers/media/i2c/cx25840/cx25840-core.c | 36 ++++---- drivers/media/platform/pxa_camera.c | 14 +++- drivers/media/rc/mceusb.c | 9 +- drivers/media/v4l2-core/videobuf2-core.c | 4 + drivers/misc/cxl/flash.c | 8 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 10 ++- drivers/mmc/host/sdhci-pci-core.c | 2 + drivers/mmc/host/sdhci.c | 7 ++ drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 ++- drivers/mtd/nand/nand_base.c | 5 ++ drivers/mtd/tests/oobtest.c | 21 +++++ drivers/mtd/ubi/fastmap.c | 33 +++++++- drivers/net/bonding/bond_main.c | 84 ++++++++++--------- drivers/net/ethernet/amazon/ena/ena_com.c | 35 ++++---- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 +++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++++- drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 11 +++ drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 32 ++++++- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 +++-- drivers/net/ethernet/freescale/fec_main.c | 4 + drivers/net/ethernet/freescale/fsl_pq_mdio.c | 9 +- drivers/net/ethernet/ibm/emac/core.c | 26 +++++- drivers/net/ethernet/intel/e1000e/netdev.c | 17 +++- .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 1 + drivers/net/ethernet/intel/igb/igb_ptp.c | 12 ++- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 77 ++++++++++------- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 ++++---- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 ++ drivers/net/ethernet/mellanox/mlx4/mcg.c | 15 +++- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 + drivers/net/ethernet/mellanox/mlx4/qp.c | 19 +++++ .../net/ethernet/mellanox/mlx4/resource_tracker.c | 17 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +-- drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 +--- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 6 +- .../net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dev.c | 5 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 6 +- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 +- drivers/net/ethernet/qualcomm/qca_spi.c | 10 ++- drivers/net/ethernet/realtek/r8169.c | 4 +- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 15 +++- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h | 3 +- drivers/net/ethernet/ti/cpsw.c | 16 ++++ drivers/net/geneve.c | 36 +++++--- drivers/net/hamradio/hdlcdrv.c | 2 + drivers/net/macsec.c | 13 ++- drivers/net/phy/mdio-mux.c | 11 +-- drivers/net/phy/micrel.c | 42 ++++++---- drivers/net/phy/phy.c | 6 ++ drivers/net/ppp/pptp.c | 1 - drivers/net/team/team.c | 12 ++- drivers/net/usb/cdc_ncm.c | 11 ++- drivers/net/virtio_net.c | 16 +++- drivers/net/vmxnet3/vmxnet3_drv.c | 5 ++ drivers/net/vrf.c | 8 +- drivers/net/vxlan.c | 2 +- drivers/net/wan/fsl_ucc_hdlc.c | 18 ++-- drivers/net/wireless/ath/ath10k/bmi.h | 2 + drivers/net/wireless/ath/ath10k/core.c | 16 +++- drivers/net/wireless/ath/ath5k/debug.c | 5 +- drivers/net/wireless/intel/iwlwifi/iwl-7000.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-8000.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-prph.h | 1 + drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c | 12 +-- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 32 +++++-- drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 8 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 +- drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 +++-- drivers/net/wireless/ray_cs.c | 7 +- drivers/net/wireless/ti/wl1251/main.c | 3 +- drivers/nvme/host/core.c | 4 + drivers/nvme/host/pci.c | 13 ++- drivers/pinctrl/intel/pinctrl-baytrail.c | 6 ++ drivers/pinctrl/meson/pinctrl-meson-gxbb.c | 1 - drivers/powercap/powercap_sys.c | 1 + drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-m41t80.c | 12 +++ drivers/rtc/rtc-opal.c | 10 +++ drivers/rtc/rtc-snvs.c | 2 +- drivers/s390/block/dasd.c | 8 +- drivers/scsi/bnx2fc/bnx2fc.h | 1 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 10 ++- drivers/scsi/csiostor/csio_hw.c | 5 +- drivers/scsi/libiscsi.c | 24 +++++- drivers/scsi/libsas/sas_expander.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 ++++--- drivers/staging/wlan-ng/prism2mgmt.c | 2 +- drivers/thermal/power_allocator.c | 2 + drivers/tty/n_gsm.c | 17 +++- drivers/tty/serial/8250/8250_omap.c | 4 + drivers/tty/serial/sccnxp.c | 15 ++-- drivers/tty/serial/sh-sci.c | 16 +++- drivers/uio/uio.c | 8 +- drivers/usb/chipidea/core.c | 29 +++++-- drivers/usb/dwc3/dwc3-keystone.c | 4 + drivers/usb/storage/ene_ub6250.c | 11 ++- drivers/vhost/net.c | 4 +- drivers/vhost/vhost.c | 17 ++-- drivers/video/backlight/backlight.c | 15 ++-- drivers/video/backlight/corgi_lcd.c | 2 +- drivers/video/backlight/tdo24m.c | 2 +- drivers/video/backlight/tosa_lcd.c | 2 +- drivers/video/fbdev/vfb.c | 17 ++++ drivers/watchdog/Kconfig | 7 +- drivers/watchdog/f71808e_wdt.c | 27 ++++-- fs/btrfs/extent_io.c | 2 +- fs/cifs/file.c | 2 +- fs/cifs/smb2pdu.c | 14 ++-- fs/dcache.c | 23 +++-- fs/ext4/file.c | 2 +- fs/ext4/mballoc.c | 23 +++-- fs/lockd/svc.c | 6 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/nfs4proc.c | 13 ++- fs/nfs/nfs4state.c | 10 ++- fs/overlayfs/dir.c | 3 + fs/overlayfs/inode.c | 12 ++- include/acpi/platform/acgcc.h | 10 +++ include/acpi/platform/acintel.h | 2 + include/linux/mlx4/qp.h | 1 + include/linux/mlx5/device.h | 10 ++- include/linux/pci.h | 6 +- include/linux/sched.h | 1 + include/linux/skbuff.h | 8 +- include/net/cfg80211.h | 2 +- include/net/x25.h | 4 +- include/soc/fsl/qe/qe.h | 4 + kernel/cpu.c | 13 +++ kernel/events/callchain.c | 6 ++ kernel/events/core.c | 19 +++-- kernel/pid.c | 4 +- kernel/sched/core.c | 2 + kernel/sched/deadline.c | 98 +++++++++++++++++++--- kernel/sched/fair.c | 3 +- mm/vmstat.c | 2 - net/8021q/vlan_dev.c | 6 +- net/bluetooth/hci_core.c | 17 +++- net/ceph/osdmap.c | 1 + net/core/dev.c | 4 +- net/core/neighbour.c | 14 +++- net/core/net_namespace.c | 19 +++++ net/core/skbuff.c | 75 +++++++++++------ net/core/sysctl_net_core.c | 2 - net/hsr/hsr_forward.c | 3 +- net/hsr/hsr_framereg.c | 9 +- net/hsr/hsr_framereg.h | 2 +- net/ieee802154/socket.c | 8 +- net/ipv4/ah4.c | 8 +- net/ipv4/arp.c | 18 +++- net/ipv4/esp4.c | 13 +-- net/ipv4/fib_semantics.c | 20 +++-- net/ipv4/ip_tunnel.c | 11 +-- net/ipv4/ipmr.c | 18 +++- net/ipv4/tcp_input.c | 24 +++--- net/ipv6/addrconf.c | 5 +- net/ipv6/ah6.c | 8 +- net/ipv6/esp6.c | 12 ++- net/ipv6/ip6_gre.c | 8 +- net/ipv6/ip6_output.c | 20 +++-- net/ipv6/ip6_tunnel.c | 14 +++- net/ipv6/ip6_vti.c | 7 +- net/ipv6/route.c | 3 + net/ipv6/sit.c | 9 +- net/key/af_key.c | 2 +- net/l2tp/l2tp_netlink.c | 2 + net/llc/af_llc.c | 3 + net/mac80211/cfg.c | 28 ++++++- net/mac80211/driver-ops.h | 3 +- net/mac80211/mlme.c | 4 + net/netfilter/nf_conntrack_core.c | 39 ++++++--- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netlink/af_netlink.c | 3 + net/rds/bind.c | 1 + net/rxrpc/rxkad.c | 19 +++-- net/sched/act_api.c | 4 +- net/sched/act_bpf.c | 12 ++- net/sched/act_skbmod.c | 3 +- net/sched/act_tunnel_key.c | 9 +- net/sctp/ipv6.c | 4 +- net/sctp/socket.c | 17 ++-- net/strparser/strparser.c | 4 +- net/sunrpc/xprtsock.c | 7 +- net/x25/af_x25.c | 24 ++++-- net/x25/sysctl_net_x25.c | 5 +- net/xfrm/xfrm_state.c | 2 + scripts/tags.sh | 1 + security/selinux/hooks.c | 10 ++- sound/soc/generic/simple-card.c | 2 +- sound/soc/intel/atom/sst/sst_stream.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 7 ++ sound/soc/intel/skylake/skl-messages.c | 4 + sound/soc/intel/skylake/skl-pcm.c | 4 + sound/soc/sh/rcar/ssi.c | 11 ++- tools/perf/builtin-trace.c | 4 + tools/perf/tests/code-reading.c | 20 ++++- tools/perf/util/dso.c | 16 ++++ tools/perf/util/header.c | 12 ++- tools/perf/util/probe-event.c | 8 ++ tools/perf/util/unwind-libdw.c | 14 +++- tools/perf/util/unwind-libunwind-local.c | 11 +++ tools/perf/util/util.c | 2 +- .../testing/selftests/powerpc/tm/tm-resched-dscr.c | 2 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +- 312 files changed, 2424 insertions(+), 917 deletions(-)

7 years, 5 months

8
314
0 0

[PATCH] fat: Fix memory allocation failure handling of match_strdup()

by OGAWA Hirofumi

In parse_options(), if match_strdup() failed, parse_options() leaves opts->iocharset in unexpected state (i.e. still pointing the freed string). And this can be the cause of double free. To fix, this initialize opts->iocharset always when freeing. Reported-by: syzbot+90b8e10515ae88228a92(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> --- fs/fat/inode.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff -puN fs/fat/inode.c~fat-fix-kmalloc-failure fs/fat/inode.c --- linux/fs/fat/inode.c~fat-fix-kmalloc-failure 2018-07-12 12:20:30.388600735 +0900 +++ linux-hirofumi/fs/fat/inode.c 2018-07-12 15:09:48.764070539 +0900 @@ -703,13 +703,21 @@ static void fat_set_state(struct super_b brelse(bh); } +static void fat_reset_iocharset(struct fat_mount_options *opts) +{ + if (opts->iocharset != fat_default_iocharset) { + /* Note: opts->iocharset can be NULL here */ + kfree(opts->iocharset); + opts->iocharset = fat_default_iocharset; + } +} + static void delayed_free(struct rcu_head *p) { struct msdos_sb_info *sbi = container_of(p, struct msdos_sb_info, rcu); unload_nls(sbi->nls_disk); unload_nls(sbi->nls_io); - if (sbi->options.iocharset != fat_default_iocharset) - kfree(sbi->options.iocharset); + fat_reset_iocharset(&sbi->options); kfree(sbi); } @@ -1124,7 +1132,7 @@ static int parse_options(struct super_bl opts->fs_fmask = opts->fs_dmask = current_umask(); opts->allow_utime = -1; opts->codepage = fat_default_codepage; - opts->iocharset = fat_default_iocharset; + fat_reset_iocharset(opts); if (is_vfat) { opts->shortname = VFAT_SFN_DISPLAY_WINNT|VFAT_SFN_CREATE_WIN95; opts->rodir = 0; @@ -1281,8 +1289,7 @@ static int parse_options(struct super_bl /* vfat specific */ case Opt_charset: - if (opts->iocharset != fat_default_iocharset) - kfree(opts->iocharset); + fat_reset_iocharset(opts); iocharset = match_strdup(&args[0]); if (!iocharset) return -ENOMEM; @@ -1873,8 +1880,7 @@ out_fail: iput(fat_inode); unload_nls(sbi->nls_io); unload_nls(sbi->nls_disk); - if (sbi->options.iocharset != fat_default_iocharset) - kfree(sbi->options.iocharset); + fat_reset_iocharset(&sbi->options); sb->s_fs_info = NULL; kfree(sbi); return error; _ -- OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp>

7 years, 5 months

1
0
0 0

v4.9.112 build: 0 failures 0 warnings (v4.9.112)

by Build bot for Mark Brown

Tree/Branch: v4.9.112 Git describe: v4.9.112 Commit: 060744011e Linux 4.9.112 Build Time: 84 min 17 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 5 months

1
0
0 0

[PATCH 1/5] xhci: Fix perceived dead host due to runtime suspend race with event handler

by Mathias Nyman

Don't rely on event interrupt (EINT) bit alone to detect pending port change in resume. If no change event is detected the host may be suspended again, oterwise roothubs are resumed. There is a lag in xHC setting EINT. If we don't notice the pending change in resume, and the controller is runtime suspeded again, it causes the event handler to assume host is dead as it will fail to read xHC registers once PCI puts the controller to D3 state. [ 268.520969] xhci_hcd: xhci_resume: starting port polling. [ 268.520985] xhci_hcd: xhci_hub_status_data: stopping port polling. [ 268.521030] xhci_hcd: xhci_suspend: stopping port polling. [ 268.521040] xhci_hcd: // Setting command ring address to 0x349bd001 [ 268.521139] xhci_hcd: Port Status Change Event for port 3 [ 268.521149] xhci_hcd: resume root hub [ 268.521163] xhci_hcd: port resume event for port 3 [ 268.521168] xhci_hcd: xHC is not running. [ 268.521174] xhci_hcd: handle_port_status: starting port polling. [ 268.596322] xhci_hcd: xhci_hc_died: xHCI host controller not responding, assume dead The EINT lag is described in a additional note in xhci specs 4.19.2: "Due to internal xHC scheduling and system delays, there will be a lag between a change bit being set and the Port Status Change Event that it generated being written to the Event Ring. If SW reads the PORTSC and sees a change bit set, there is no guarantee that the corresponding Port Status Change Event has already been written into the Event Ring." Cc: <stable(a)vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 40 +++++++++++++++++++++++++++++++++++++--- drivers/usb/host/xhci.h | 4 ++++ 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 8c8da2d..f11ec61 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -908,6 +908,41 @@ static void xhci_disable_port_wake_on_bits(struct xhci_hcd *xhci) spin_unlock_irqrestore(&xhci->lock, flags); } +static bool xhci_pending_portevent(struct xhci_hcd *xhci) +{ + struct xhci_port **ports; + int port_index; + u32 status; + u32 portsc; + + status = readl(&xhci->op_regs->status); + if (status & STS_EINT) + return true; + /* + * Checking STS_EINT is not enough as there is a lag between a change + * bit being set and the Port Status Change Event that it generated + * being written to the Event Ring. See note in xhci 1.1 section 4.19.2. + */ + + port_index = xhci->usb2_rhub.num_ports; + ports = xhci->usb2_rhub.ports; + while (port_index--) { + portsc = readl(ports[port_index]->addr); + if (portsc & PORT_CHANGE_MASK || + (portsc & PORT_PLS_MASK) == XDEV_RESUME) + return true; + } + port_index = xhci->usb3_rhub.num_ports; + ports = xhci->usb3_rhub.ports; + while (port_index--) { + portsc = readl(ports[port_index]->addr); + if (portsc & PORT_CHANGE_MASK || + (portsc & PORT_PLS_MASK) == XDEV_RESUME) + return true; + } + return false; +} + /* * Stop HC (not bus-specific) * @@ -1009,7 +1044,7 @@ EXPORT_SYMBOL_GPL(xhci_suspend); */ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) { - u32 command, temp = 0, status; + u32 command, temp = 0; struct usb_hcd *hcd = xhci_to_hcd(xhci); struct usb_hcd *secondary_hcd; int retval = 0; @@ -1134,8 +1169,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) done: if (retval == 0) { /* Resume root hubs only when have pending events. */ - status = readl(&xhci->op_regs->status); - if (status & STS_EINT) { + if (xhci_pending_portevent(xhci)) { usb_hcd_resume_root_hub(xhci->shared_hcd); usb_hcd_resume_root_hub(hcd); } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 939e2f86..841e89f 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -382,6 +382,10 @@ struct xhci_op_regs { #define PORT_PLC (1 << 22) /* port configure error change - port failed to configure its link partner */ #define PORT_CEC (1 << 23) +#define PORT_CHANGE_MASK (PORT_CSC | PORT_PEC | PORT_WRC | PORT_OCC | \ + PORT_RC | PORT_PLC | PORT_CEC) + + /* Cold Attach Status - xHC can set this bit to report device attached during * Sx state. Warm port reset should be perfomed to clear this bit and move port * to connected state. -- 2.7.4

7 years, 5 months

2
1
0 0

v4.4.140 build: 0 failures 31 warnings (v4.4.140)

by Build bot for Mark Brown

Tree/Branch: v4.4.140 Git describe: v4.4.140 Commit: d6bc7e610a Linux 4.4.140 Build Time: 63 min 17 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 31 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 19 warnings 0 mismatches : arm64-allmodconfig 17 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 31 3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) 2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches Warnings: warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

7 years, 5 months

1
0
0 0

[PATCH v2 4.4 1/3] x86/fpu: Remove use_eager_fpu()

by Daniel Sangorrin

From: Andy Lutomirski <luto(a)kernel.org> commit c592b57347069abfc0dcad3b3a302cf882602597 upstream This removes all the obvious code paths that depend on lazy FPU mode. It shouldn't change the generated code at all. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Rik van Riel <riel(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: Fenghua Yu <fenghua.yu(a)intel.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Quentin Casasnovas <quentin.casasnovas(a)oracle.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: pbonzini(a)redhat.com Link: http://lkml.kernel.org/r/1475627678-20788-5-git-send-email-riel@redhat.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Daniel Sangorrin <daniel.sangorrin(a)toshiba.co.jp> --- This is the 1st of 3 patches that I backported to remove fpu lazy mode deadcode from stable 4.4. Important: the patch depends on commit 5a5fbdc0e3f1 ("KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch"), please cherry-pick it. While backporting there was a conflict with fpu/core.c, caused by commit bf15a8cf8d14 ("x86/fpu/xstate: Rename 'xstate_size' to 'fpu_kernel_xstate_size', to distinguish it from 'fpu_user_xstate_size'") not being in 4.4.y. I fixed that conflict manually. (Resending with all maintainers in Cc) arch/x86/crypto/crc32c-intel_glue.c | 17 ++++------------- arch/x86/include/asm/fpu/internal.h | 34 +-------------------------------- arch/x86/kernel/fpu/core.c | 38 +++++-------------------------------- arch/x86/kernel/fpu/signal.c | 8 +++----- arch/x86/kvm/cpuid.c | 4 +--- arch/x86/kvm/x86.c | 10 ---------- 6 files changed, 14 insertions(+), 97 deletions(-) diff --git a/arch/x86/crypto/crc32c-intel_glue.c b/arch/x86/crypto/crc32c-intel_glue.c index 15f5c76..d610c11 100644 --- a/arch/x86/crypto/crc32c-intel_glue.c +++ b/arch/x86/crypto/crc32c-intel_glue.c @@ -48,21 +48,13 @@ #ifdef CONFIG_X86_64 /* * use carryless multiply version of crc32c when buffer - * size is >= 512 (when eager fpu is enabled) or - * >= 1024 (when eager fpu is disabled) to account + * size is >= 512 to account * for fpu state save/restore overhead. */ -#define CRC32C_PCL_BREAKEVEN_EAGERFPU 512 -#define CRC32C_PCL_BREAKEVEN_NOEAGERFPU 1024 +#define CRC32C_PCL_BREAKEVEN 512 asmlinkage unsigned int crc_pcl(const u8 *buffer, int len, unsigned int crc_init); -static int crc32c_pcl_breakeven = CRC32C_PCL_BREAKEVEN_EAGERFPU; -#define set_pcl_breakeven_point() \ -do { \ - if (!use_eager_fpu()) \ - crc32c_pcl_breakeven = CRC32C_PCL_BREAKEVEN_NOEAGERFPU; \ -} while (0) #endif /* CONFIG_X86_64 */ static u32 crc32c_intel_le_hw_byte(u32 crc, unsigned char const *data, size_t length) @@ -185,7 +177,7 @@ static int crc32c_pcl_intel_update(struct shash_desc *desc, const u8 *data, * use faster PCL version if datasize is large enough to * overcome kernel fpu state save/restore overhead */ - if (len >= crc32c_pcl_breakeven && irq_fpu_usable()) { + if (len >= CRC32C_PCL_BREAKEVEN && irq_fpu_usable()) { kernel_fpu_begin(); *crcp = crc_pcl(data, len, *crcp); kernel_fpu_end(); @@ -197,7 +189,7 @@ static int crc32c_pcl_intel_update(struct shash_desc *desc, const u8 *data, static int __crc32c_pcl_intel_finup(u32 *crcp, const u8 *data, unsigned int len, u8 *out) { - if (len >= crc32c_pcl_breakeven && irq_fpu_usable()) { + if (len >= CRC32C_PCL_BREAKEVEN && irq_fpu_usable()) { kernel_fpu_begin(); *(__le32 *)out = ~cpu_to_le32(crc_pcl(data, len, *crcp)); kernel_fpu_end(); @@ -256,7 +248,6 @@ static int __init crc32c_intel_mod_init(void) alg.update = crc32c_pcl_intel_update; alg.finup = crc32c_pcl_intel_finup; alg.digest = crc32c_pcl_intel_digest; - set_pcl_breakeven_point(); } #endif return crypto_register_shash(&alg); diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h index 146d838..7796e04 100644 --- a/arch/x86/include/asm/fpu/internal.h +++ b/arch/x86/include/asm/fpu/internal.h @@ -56,11 +56,6 @@ extern u64 fpu__get_supported_xfeatures_mask(void); /* * FPU related CPU feature flag helper routines: */ -static __always_inline __pure bool use_eager_fpu(void) -{ - return true; -} - static __always_inline __pure bool use_xsaveopt(void) { return static_cpu_has_safe(X86_FEATURE_XSAVEOPT); @@ -504,24 +499,6 @@ static inline int fpu_want_lazy_restore(struct fpu *fpu, unsigned int cpu) } -/* - * Wrap lazy FPU TS handling in a 'hw fpregs activation/deactivation' - * idiom, which is then paired with the sw-flag (fpregs_active) later on: - */ - -static inline void __fpregs_activate_hw(void) -{ - if (!use_eager_fpu()) - clts(); -} - -static inline void __fpregs_deactivate_hw(void) -{ - if (!use_eager_fpu()) - stts(); -} - -/* Must be paired with an 'stts' (fpregs_deactivate_hw()) after! */ static inline void __fpregs_deactivate(struct fpu *fpu) { WARN_ON_FPU(!fpu->fpregs_active); @@ -530,7 +507,6 @@ static inline void __fpregs_deactivate(struct fpu *fpu) this_cpu_write(fpu_fpregs_owner_ctx, NULL); } -/* Must be paired with a 'clts' (fpregs_activate_hw()) before! */ static inline void __fpregs_activate(struct fpu *fpu) { WARN_ON_FPU(fpu->fpregs_active); @@ -555,22 +531,17 @@ static inline int fpregs_active(void) } /* - * Encapsulate the CR0.TS handling together with the - * software flag. - * * These generally need preemption protection to work, * do try to avoid using these on their own. */ static inline void fpregs_activate(struct fpu *fpu) { - __fpregs_activate_hw(); __fpregs_activate(fpu); } static inline void fpregs_deactivate(struct fpu *fpu) { __fpregs_deactivate(fpu); - __fpregs_deactivate_hw(); } /* @@ -597,8 +568,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu) * or if the past 5 consecutive context-switches used math. */ fpu.preload = static_cpu_has(X86_FEATURE_FPU) && - new_fpu->fpstate_active && - (use_eager_fpu() || new_fpu->counter > 5); + new_fpu->fpstate_active; if (old_fpu->fpregs_active) { if (!copy_fpregs_to_fpstate(old_fpu)) @@ -614,8 +584,6 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu) new_fpu->counter++; __fpregs_activate(new_fpu); prefetch(&new_fpu->state); - } else { - __fpregs_deactivate_hw(); } } else { old_fpu->counter = 0; diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 6aa0b51..b282364 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -53,27 +53,9 @@ static bool kernel_fpu_disabled(void) return this_cpu_read(in_kernel_fpu); } -/* - * Were we in an interrupt that interrupted kernel mode? - * - * On others, we can do a kernel_fpu_begin/end() pair *ONLY* if that - * pair does nothing at all: the thread must not have fpu (so - * that we don't try to save the FPU state), and TS must - * be set (so that the clts/stts pair does nothing that is - * visible in the interrupted kernel thread). - * - * Except for the eagerfpu case when we return true; in the likely case - * the thread has FPU but we are not going to set/clear TS. - */ static bool interrupted_kernel_fpu_idle(void) { - if (kernel_fpu_disabled()) - return false; - - if (use_eager_fpu()) - return true; - - return !current->thread.fpu.fpregs_active && (read_cr0() & X86_CR0_TS); + return !kernel_fpu_disabled(); } /* @@ -121,7 +103,6 @@ void __kernel_fpu_begin(void) copy_fpregs_to_fpstate(fpu); } else { this_cpu_write(fpu_fpregs_owner_ctx, NULL); - __fpregs_activate_hw(); } } EXPORT_SYMBOL(__kernel_fpu_begin); @@ -132,8 +113,6 @@ void __kernel_fpu_end(void) if (fpu->fpregs_active) copy_kernel_to_fpregs(&fpu->state); - else - __fpregs_deactivate_hw(); kernel_fpu_enable(); } @@ -194,10 +173,7 @@ void fpu__save(struct fpu *fpu) preempt_disable(); if (fpu->fpregs_active) { if (!copy_fpregs_to_fpstate(fpu)) { - if (use_eager_fpu()) - copy_kernel_to_fpregs(&fpu->state); - else - fpregs_deactivate(fpu); + copy_kernel_to_fpregs(&fpu->state); } } preempt_enable(); @@ -245,8 +221,7 @@ static void fpu_copy(struct fpu *dst_fpu, struct fpu *src_fpu) * Don't let 'init optimized' areas of the XSAVE area * leak into the child task: */ - if (use_eager_fpu()) - memset(&dst_fpu->state.xsave, 0, xstate_size); + memset(&dst_fpu->state.xsave, 0, xstate_size); /* * Save current FPU registers directly into the child @@ -268,10 +243,7 @@ static void fpu_copy(struct fpu *dst_fpu, struct fpu *src_fpu) if (!copy_fpregs_to_fpstate(dst_fpu)) { memcpy(&src_fpu->state, &dst_fpu->state, xstate_size); - if (use_eager_fpu()) - copy_kernel_to_fpregs(&src_fpu->state); - else - fpregs_deactivate(src_fpu); + copy_kernel_to_fpregs(&src_fpu->state); } preempt_enable(); } @@ -437,7 +409,7 @@ void fpu__clear(struct fpu *fpu) { WARN_ON_FPU(fpu != &current->thread.fpu); /* Almost certainly an anomaly */ - if (!use_eager_fpu() || !static_cpu_has(X86_FEATURE_FPU)) { + if (!static_cpu_has(X86_FEATURE_FPU)) { /* FPU state will be reallocated lazily at the first use. */ fpu__drop(fpu); } else { diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 3de0771..9be3e79 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -319,11 +319,9 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size) } fpu->fpstate_active = 1; - if (use_eager_fpu()) { - preempt_disable(); - fpu__restore(fpu); - preempt_enable(); - } + preempt_disable(); + fpu__restore(fpu); + preempt_enable(); return err; } else { diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7b4ea5e..338d13d 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -16,7 +16,6 @@ #include <linux/module.h> #include <linux/vmalloc.h> #include <linux/uaccess.h> -#include <asm/fpu/internal.h> /* For use_eager_fpu. Ugh! */ #include <asm/user.h> #include <asm/fpu/xstate.h> #include "cpuid.h" @@ -104,8 +103,7 @@ int kvm_update_cpuid(struct kvm_vcpu *vcpu) if (best && (best->eax & (F(XSAVES) | F(XSAVEC)))) best->ebx = xstate_required_size(vcpu->arch.xcr0, true); - if (use_eager_fpu()) - kvm_x86_ops->fpu_activate(vcpu); + kvm_x86_ops->fpu_activate(vcpu); /* * The existing code assumes virtual address is 48-bit in the canonical diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 660d8a0..e6ab034 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7319,16 +7319,6 @@ void kvm_put_guest_fpu(struct kvm_vcpu *vcpu) copy_fpregs_to_fpstate(&vcpu->arch.guest_fpu); __kernel_fpu_end(); ++vcpu->stat.fpu_reload; - /* - * If using eager FPU mode, or if the guest is a frequent user - * of the FPU, just leave the FPU active for next time. - * Every 255 times fpu_counter rolls over to 0; a guest that uses - * the FPU in bursts will revert to loading it on demand. - */ - if (!use_eager_fpu()) { - if (++vcpu->fpu_counter < 5) - kvm_make_request(KVM_REQ_DEACTIVATE_FPU, vcpu); - } trace_kvm_fpu(0); } -- 2.1.4

7 years, 5 months

2
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror