- Linux-stable-mirror - lists.linaro.org

by Greg KH

I'm announcing the release of the 4.14.54 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/dsa/b53.txt | 1 Makefile | 2 arch/arm/boot/dts/imx6q.dtsi | 2 drivers/acpi/osl.c | 72 +++++++ drivers/atm/zatm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 23 ++ drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/amd/amdgpu/vi.c | 77 ++++++-- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 2 drivers/gpu/drm/i915/i915_reg.h | 5 drivers/gpu/drm/i915/intel_lrc.c | 12 + drivers/gpu/drm/qxl/qxl_display.c | 7 drivers/md/dm-raid.c | 10 - drivers/md/md-cluster.c | 6 drivers/md/md.c | 90 ++++++--- drivers/md/md.h | 15 + drivers/md/raid0.c | 2 drivers/md/raid1.c | 27 -- drivers/md/raid10.c | 10 - drivers/md/raid5-cache.c | 30 ++- drivers/md/raid5-log.h | 2 drivers/md/raid5.c | 40 ---- drivers/mtd/nand/nand_base.c | 2 drivers/net/dsa/b53/b53_common.c | 13 + drivers/net/dsa/b53/b53_mdio.c | 5 drivers/net/dsa/b53/b53_priv.h | 1 drivers/net/ethernet/natsemi/sonic.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 - drivers/platform/x86/asus-wmi.c | 23 +- drivers/s390/block/dasd.c | 7 drivers/staging/android/ion/ion_heap.c | 2 drivers/tty/n_tty.c | 55 +++--- drivers/tty/serdev/core.c | 1 drivers/tty/serial/8250/8250_pci.c | 2 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-acm.c | 3 drivers/usb/dwc2/hcd_queue.c | 2 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-trace.h | 36 +++ drivers/usb/serial/cp210x.c | 14 + drivers/usb/typec/ucsi/ucsi.c | 13 + drivers/usb/typec/ucsi/ucsi_acpi.c | 5 fs/afs/security.c | 10 - fs/inode.c | 1 include/linux/acpi.h | 3 include/net/netfilter/nf_tables.h | 5 kernel/sched/core.c | 45 +++- net/bridge/netfilter/ebtables.c | 3 net/ipv6/netfilter/ip6t_rpfilter.c | 4 net/ipv6/netfilter/nft_fib_ipv6.c | 12 - net/ipv6/xfrm6_policy.c | 2 net/netfilter/ipvs/ip_vs_ctl.c | 21 +- net/netfilter/nf_tables_api.c | 61 +++++- net/netfilter/nf_tables_core.c | 20 +- net/netfilter/nft_compat.c | 201 +++++++++++++++++----- net/netfilter/nft_immediate.c | 15 + net/netfilter/nft_limit.c | 38 ++-- net/netfilter/nft_meta.c | 14 - tools/perf/tests/topology.c | 30 ++- tools/perf/util/bpf-loader.c | 6 64 files changed, 808 insertions(+), 339 deletions(-) Abhishek Sahu (1): mtd: rawnand: fix return value check for bad block status Alexander Potapenko (1): vt: prevent leaking uninitialized data to userspace via /dev/vcs* Andy Shevchenko (1): serial: 8250_pci: Remove stalled entries in blacklist Colin Ian King (1): netfilter: nf_tables: fix memory leak on error exit return Damien Thébault (1): net: dsa: b53: Add BCM5389 support Darrick J. Wong (1): fs: clear writeback errors in inode_init_always David Howells (1): afs: Fix directory permissions check Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Florian Westphal (6): netfilter: nf_tables: nft_compat: fix refcount leak on xt module netfilter: nft_compat: prepare for indirect info storage netfilter: nft_compat: fix handling of large matchinfo size netfilter: nf_tables: don't assume chain stats are set when jumplabel is set netfilter: nf_tables: add missing netlink attrs to policies netfilter: don't set F_IFACE on ipv6 fib lookups Greg Kroah-Hartman (1): Linux 4.14.54 Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Heikki Krogerus (3): acpi: Add helper for deactivating memory region usb: typec: ucsi: acpi: Workaround for cache mode issue usb: typec: ucsi: Fix for incorrect status data issue Houston Yaroschoff (1): usb: cdc_acm: Add quirk for Uniden UBC125 scanner Huang Rui (1): drm/amdgpu: fix the missed vcn fw version report Ivan Bornyakov (1): atm: zatm: fix memcmp casting Jeremy Cline (1): drm/qxl: Call qxl_bo_unref outside atomic context Johan Hovold (2): USB: serial: cp210x: add CESINEL device ids serdev: fix memleak on module unload Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S João Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Karoly Pados (1): USB: serial: cp210x: add Silicon Labs IDs for Windows Update Kenneth Graunke (1): drm/i915: Enable provoking vertex fix on Gen9 systems. Laura Abbott (1): staging: android: ion: Return an ERR_PTR in ion_map_kernel Michel Dänzer (2): drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array drm/amdgpu: Refactor amdgpu_vram_mgr_bo_invisible_size helper NeilBrown (6): md: always hold reconfig_mutex when calling mddev_suspend() md: don't call bitmap_create() while array is quiesced. md: move suspend_hi/lo handling into core md code md: use mddev_suspend/resume instead of ->quiesce() md: allow metadata update while suspending. md: remove special meaning of ->quiesce(.., 2) Pablo Neira Ayuso (3): netfilter: nf_tables: bogus EBUSY in chain deletions netfilter: nf_tables: disable preemption in nft_update_chain_stats() netfilter: nft_limit: fix packet ratelimiting Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Paul Burton (1): sched/core: Require cpu_active() in select_task_rq(), for user tasks Peter Zijlstra (1): sched/core: Fix rules for running on online && !active CPUs Rex Zhu (2): drm/amdgpu: Add APU support in vi_set_uvd_clocks drm/amdgpu: Add APU support in vi_set_vce_clocks Sean Nyekjaer (1): ARM: dts: imx6q: Use correct SDMA script for SPI5 core Sebastian Ott (1): s390/dasd: use blk_mq_rq_from_pdu for per request data Stefan Agner (1): drm/atmel-hlcdc: check stride values in the first plane Taehee Yoo (4): netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj() netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Tetsuo Handa (2): n_tty: Fix stall at n_tty_receive_char_special(). n_tty: Access echo_* variables carefully. Thomas Richter (1): perf test: "Session topology" dumps core on s390 Vincent Bernat (1): netfilter: ip6t_rpfilter: provide input interface for route lookup William Wu (1): usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub YueHaibing (1): perf bpf: Fix NULL return handling in bpf__prepare_load() Zhengjun Xing (1): xhci: Fix kernel oops in trace_xhci_free_virt_device

7 years, 5 months

1
1
0 0

[PATCH v4 1/3] mtd: rawnand: marvell: add suspend and resume hooks

by Daniel Mack

This patch restores the suspend and resume hooks that the old driver used to have. Apart from stopping and starting the clocks, the resume callback also nullifies the selected_chip pointer, so the next command that is issued will re-select the chip and thereby restore the timing registers. Factor out some code from marvell_nfc_init() into a new function marvell_nfc_reset() and also call it at resume time to reset some registers that don't retain their contents during low-power mode. Without this patch, a PXA3xx based system would cough up an error similar to the one below after resume. [ 44.660162] marvell-nfc 43100000.nand-controller: Timeout waiting for RB signal [ 44.671492] ubi0 error: ubi_io_write: error -110 while writing 2048 bytes to PEB 102:38912, written 0 bytes [ 44.682887] CPU: 0 PID: 1417 Comm: remote-control Not tainted 4.18.0-rc2+ #344 [ 44.691197] Hardware name: Marvell PXA3xx (Device Tree Support) [ 44.697111] Backtrace: [ 44.699593] [<c0106458>] (dump_backtrace) from [<c0106718>] (show_stack+0x18/0x1c) [ 44.708931] r7:00000800 r6:00009800 r5:00000066 r4:c6139000 [ 44.715833] [<c0106700>] (show_stack) from [<c0678a60>] (dump_stack+0x20/0x28) [ 44.724206] [<c0678a40>] (dump_stack) from [<c0456cbc>] (ubi_io_write+0x3d4/0x630) [ 44.732925] [<c04568e8>] (ubi_io_write) from [<c0454428>] (ubi_eba_write_leb+0x690/0x6fc) ... Signed-off-by: Daniel Mack <daniel(a)zonque.org> Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org --- drivers/mtd/nand/raw/marvell_nand.c | 73 ++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 00d9f29bbdb6..03ee016d7516 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2662,6 +2662,21 @@ static int marvell_nfc_init_dma(struct marvell_nfc *nfc) return 0; } +static void marvell_nfc_reset(struct marvell_nfc *nfc) +{ + /* + * ECC operations and interruptions are only enabled when specifically + * needed. ECC shall not be activated in the early stages (fails probe). + * Arbiter flag, even if marked as "reserved", must be set (empirical). + * SPARE_EN bit must always be set or ECC bytes will not be at the same + * offset in the read page and this will fail the protection. + */ + writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | + NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); + writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); + writel_relaxed(0, nfc->regs + NDECCCTRL); +} + static int marvell_nfc_init(struct marvell_nfc *nfc) { struct device_node *np = nfc->dev->of_node; @@ -2700,17 +2715,7 @@ static int marvell_nfc_init(struct marvell_nfc *nfc) if (!nfc->caps->is_nfcv2) marvell_nfc_init_dma(nfc); - /* - * ECC operations and interruptions are only enabled when specifically - * needed. ECC shall not be activated in the early stages (fails probe). - * Arbiter flag, even if marked as "reserved", must be set (empirical). - * SPARE_EN bit must always be set or ECC bytes will not be at the same - * offset in the read page and this will fail the protection. - */ - writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | - NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); - writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); - writel_relaxed(0, nfc->regs + NDECCCTRL); + marvell_nfc_reset(nfc); return 0; } @@ -2825,6 +2830,51 @@ static int marvell_nfc_remove(struct platform_device *pdev) return 0; } +static int __maybe_unused marvell_nfc_suspend(struct device *dev) +{ + struct marvell_nfc *nfc = dev_get_drvdata(dev); + struct marvell_nand_chip *chip; + + list_for_each_entry(chip, &nfc->chips, node) + marvell_nfc_wait_ndrun(&chip->chip); + + clk_disable_unprepare(nfc->reg_clk); + clk_disable_unprepare(nfc->core_clk); + + return 0; +} + +static int __maybe_unused marvell_nfc_resume(struct device *dev) +{ + struct marvell_nfc *nfc = dev_get_drvdata(dev); + int ret; + + ret = clk_prepare_enable(nfc->core_clk); + if (ret < 0) + return ret; + + if (!IS_ERR(nfc->reg_clk)) { + ret = clk_prepare_enable(nfc->reg_clk); + if (ret < 0) + return ret; + } + + /* + * Reset nfc->selected_chip so the next command will cause the timing + * registers to be restored in marvell_nfc_select_chip(). + */ + nfc->selected_chip = NULL; + + /* Reset registers that have lost their contents */ + marvell_nfc_reset(nfc); + + return 0; +} + +static const struct dev_pm_ops marvell_nfc_pm_ops = { + SET_SYSTEM_SLEEP_PM_OPS(marvell_nfc_suspend, marvell_nfc_resume) +}; + static const struct marvell_nfc_caps marvell_armada_8k_nfc_caps = { .max_cs_nb = 4, .max_rb_nb = 2, @@ -2909,6 +2959,7 @@ static struct platform_driver marvell_nfc_driver = { .driver = { .name = "marvell-nfc", .of_match_table = marvell_nfc_of_ids, + .pm = &marvell_nfc_pm_ops, }, .id_table = marvell_nfc_platform_ids, .probe = marvell_nfc_probe, -- 2.17.1

7 years, 5 months

1
0
0 0

[PATCH 4.17 00/46] 4.17.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.5 release. There are 46 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Jul 8 05:45:10 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.5-rc1 Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> ARM: dts: imx6q: Use correct SDMA script for SPI5 core Andrey Ryabinin <aryabinin(a)virtuozzo.com> x86/mm: Don't free P4D table when it is folded at runtime Neil Armstrong <narmstrong(a)baylibre.com> ARM64: dts: meson-gxl-s905x-p212: Add phy-supply for usb0 Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Florian Westphal <fw(a)strlen.de> netfilter: xt_connmark: fix list corruption on rmmod Vincent Bernat <vincent(a)bernat.im> netfilter: ip6t_rpfilter: provide input interface for route lookup Kenneth Graunke <kenneth(a)whitecape.org> drm/i915: Enable provoking vertex fix on Gen9 systems. Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Turn off g4x DP port in .post_disable() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disallow interlaced modes on g4x DP outputs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix PIPESTAT irq ack on i965/g4x Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Allow DBLSCAN user modes with eDP/LVDS/DSI Shirish S <shirish.s(a)amd.com> drm/amd/display: release spinlock before committing updates to stream Lyude Paul <lyude(a)redhat.com> drm/amdgpu: Count disabled CRTCs in commit tail earlier Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: GPU vs CPU page size fixes in amdgpu_vm_bo_split_mapping Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Update pin_size values before unpinning BO Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Make amdgpu_vram_mgr_bo_invisible_size always accurate Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Refactor amdgpu_vram_mgr_bo_invisible_size helper Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array Harry Wentland <harry.wentland(a)amd.com> drm/amdgpu: Don't default to DC support for Kaveri and older Paul Kocialkowski <paul.kocialkowski(a)bootlin.com> Revert "drm/sun4i: Handle DRM_BUS_FLAG_PIXDATA_*EDGE" Stefan Agner <stefan(a)agner.ch> drm/atmel-hlcdc: check stride values in the first plane Jeremy Cline <jcline(a)redhat.com> drm/qxl: Call qxl_bo_unref outside atomic context Lyude Paul <lyude(a)redhat.com> drm/i915/dp: Send DPCD ON for MST before phy_up Mikita Lipski <mikita.lipski(a)amd.com> drm/amd/display: Clear connector's edid pointer Oliver O'Halloran <oohall(a)gmail.com> drm/sti: Depend on OF rather than selecting it Junwei Zhang <Jerry.Zhang(a)amd.com> drm/amdgpu: fix clear_all and replace handling in the VM (v2) Lyude Paul <lyude(a)redhat.com> drm/amdgpu: Grab/put runtime PM references in atomic_commit_tail() Huang Rui <ray.huang(a)amd.com> drm/amdgpu: fix the missed vcn fw version report Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Add APU support in vi_set_vce_clocks Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Add APU support in vi_set_uvd_clocks Alexander Potapenko <glider(a)google.com> vt: prevent leaking uninitialized data to userspace via /dev/vcs* Johan Hovold <johan(a)kernel.org> serdev: fix memleak on module unload Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Remove stalled entries in blacklist Leonard Crestez <leonard.crestez(a)nxp.com> iio: mma8452: Fix ignoring MMA8452_INT_DRDY Laura Abbott <labbott(a)redhat.com> staging: android: ion: Return an ERR_PTR in ion_map_kernel Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Access echo_* variables carefully. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Fix stall at n_tty_receive_char_special(). Zhengjun Xing <zhengjun.xing(a)linux.intel.com> xhci: Fix kernel oops in trace_xhci_free_virt_device Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Fix for incorrect status data issue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: acpi: Workaround for cache mode issue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> acpi: Add helper for deactivating memory region Peter Chen <peter.chen(a)nxp.com> usb: typec: tcpm: fix logbuffer index is wrong if _tcpm_log is re-entered William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub Karoly Pados <pados(a)pados.hu> USB: serial: cp210x: add Silicon Labs IDs for Windows Update Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add CESINEL device ids Houston Yaroschoff <hstn(a)4ever3.net> usb: cdc_acm: Add quirk for Uniden UBC125 scanner ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6q.dtsi | 2 +- .../boot/dts/amlogic/meson-gxl-s905x-p212.dtsi | 7 ++ arch/x86/include/asm/pgalloc.h | 3 + drivers/acpi/osl.c | 72 ++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 24 +++---- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 14 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 39 ++++++++++- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/vi.c | 77 +++++++++++++++++----- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 22 +++++-- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 2 +- drivers/gpu/drm/i915/i915_irq.c | 12 +++- drivers/gpu/drm/i915/i915_reg.h | 5 ++ drivers/gpu/drm/i915/intel_crt.c | 20 ++++++ drivers/gpu/drm/i915/intel_ddi.c | 8 ++- drivers/gpu/drm/i915/intel_display.c | 16 ++++- drivers/gpu/drm/i915/intel_dp.c | 34 +++++----- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++- drivers/gpu/drm/i915/intel_dsi.c | 6 ++ drivers/gpu/drm/i915/intel_dvo.c | 6 ++ drivers/gpu/drm/i915/intel_hdmi.c | 6 ++ drivers/gpu/drm/i915/intel_lrc.c | 12 +++- drivers/gpu/drm/i915/intel_lvds.c | 5 ++ drivers/gpu/drm/i915/intel_sdvo.c | 6 ++ drivers/gpu/drm/i915/intel_tv.c | 12 +++- drivers/gpu/drm/qxl/qxl_display.c | 7 +- drivers/gpu/drm/sti/Kconfig | 3 +- drivers/gpu/drm/sun4i/sun4i_tcon.c | 25 ------- drivers/iio/accel/mma8452.c | 2 +- drivers/staging/android/ion/ion_heap.c | 2 +- drivers/tty/n_tty.c | 55 +++++++++------- drivers/tty/serdev/core.c | 1 + drivers/tty/serial/8250/8250_pci.c | 2 - drivers/tty/vt/vt.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/dwc2/hcd_queue.c | 2 +- drivers/usb/host/xhci-mem.c | 4 +- drivers/usb/host/xhci-trace.h | 36 ++++++++-- drivers/usb/serial/cp210x.c | 14 ++++ drivers/usb/typec/tcpm.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 13 ++++ drivers/usb/typec/ucsi/ucsi_acpi.c | 5 ++ include/linux/acpi.h | 3 + net/ipv6/netfilter/ip6t_rpfilter.c | 2 + net/netfilter/nf_tables_core.c | 3 +- net/netfilter/xt_connmark.c | 2 +- 50 files changed, 489 insertions(+), 150 deletions(-)

7 years, 5 months

4
34
0 0

Re: [PATCH 1/2] usb: dwc2: Fix DMA alignment to start at allocated boundary

by Doug Anderson

Hi, On Thu, Jul 5, 2018 at 7:31 AM, Antti Seppälä <a.seppala(a)gmail.com> wrote: > The commit 3bc04e28a030 ("usb: dwc2: host: Get aligned DMA in a more > supported way") introduced a common way to align DMA allocations. > The code in the commit aligns the struct dma_aligned_buffer but the > actual DMA address pointed by data[0] gets aligned to an offset from > the allocated boundary by the kmalloc_ptr and the old_xfer_buffer > pointers. > > This is against the recommendation in Documentation/DMA-API.txt which > states: > > Therefore, it is recommended that driver writers who don't take > special care to determine the cache line size at run time only map > virtual regions that begin and end on page boundaries (which are > guaranteed also to be cache line boundaries). > > The effect of this is that architectures with non-coherent DMA caches > may run into memory corruption or kernel crashes with Unhandled > kernel unaligned accesses exceptions. > > Fix the alignment by positioning the DMA area in front of the allocation > and use memory at the end of the area for storing the orginal > transfer_buffer pointer. This may have the added benefit of increased > performance as the DMA area is now fully aligned on all architectures. > > Tested with Lantiq xRX200 (MIPS) and RPi Model B Rev 2 (ARM). > > Fixes: 3bc04e28a030 ("usb: dwc2: host: Get aligned DMA in a more > supported way") > > Signed-off-by: Antti Seppälä <a.seppala(a)gmail.com> > --- > drivers/usb/dwc2/hcd.c | 44 +++++++++++++++++++++++--------------------- > 1 file changed, 23 insertions(+), 21 deletions(-) Thanks for tracking this down and sorry for the original regression. Seems like a good fix. With this fix, I'd be curious of your observations on how dwc2 performs (both performance and compatibility under stress) with the newest driver compared to whatever you were using before. Also: you're using the dwc2_set_ltq_params() parameters? Have you checked if removing the "max_transfer_size" limit boosts your performance? Cc: stable(a)vger.kernel.org Reviewed-by: Douglas Anderson <dianders(a)chromium.org>

7 years, 5 months

2
1
0 0

[PATCH] compiler.h, sparse, smatch: Do not define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW

by Bart Van Assche

Both sparse and smatch identify themselves as gcc. However, neither static analyzer supports any of the __builtin_*_overflow() functions. Hence do not define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW for these static checkers. Fixes: f0907827a8a9 ("compiler.h: enable builtin overflow checkers and add fallback code") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Cc: Kees Cook <keescook(a)chromium.org> Cc: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> Cc: <stable(a)vger.kernel.org> --- include/linux/compiler-gcc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index f1a7492a5cc8..15e55b89e952 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -344,6 +344,6 @@ */ #define uninitialized_var(x) x = x -#if GCC_VERSION >= 50100 +#if GCC_VERSION >= 50100 && !defined(__CHECKER__) #define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 #endif -- 2.18.0

7 years, 5 months

3
5
0 0

+ mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: do not bug_on on incorrect length in __mm_populate() has been added to the -mm tree. Its filename is mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-do-not-bug_on-on-incorrect-leng… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-do-not-bug_on-on-incorrect-leng… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: mm: do not bug_on on incorrect length in __mm_populate() syzbot has noticed that a specially crafted library can easily hit VM_BUG_ON in __mm_populate localhost login: [ 81.210241] emacs (9634) used greatest stack depth: 10416 bytes left [ 140.099935] ------------[ cut here ]------------ [ 140.101904] kernel BUG at mm/gup.c:1242! [ 140.103572] invalid opcode: 0000 [#1] SMP [ 140.105220] CPU: 2 PID: 9667 Comm: a.out Not tainted 4.18.0-rc3 #644 [ 140.107762] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/19/2017 [ 140.112000] RIP: 0010:__mm_populate+0x1e2/0x1f0 [ 140.113875] Code: 55 d0 65 48 33 14 25 28 00 00 00 89 d8 75 21 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 75 18 f1 ff 0f 0b e8 6e 18 f1 ff <0f> 0b 31 db eb c9 e8 93 06 e0 ff 0f 1f 00 55 48 89 e5 53 48 89 fb [ 140.121403] RSP: 0018:ffffc90000dffd78 EFLAGS: 00010293 [ 140.123516] RAX: ffff8801366c63c0 RBX: 000000007bf81000 RCX: ffffffff813e4ee2 [ 140.126352] RDX: 0000000000000000 RSI: 0000000000007676 RDI: 000000007bf81000 [ 140.129236] RBP: ffffc90000dffdc0 R08: 0000000000000000 R09: 0000000000000000 [ 140.132110] R10: ffff880135895c80 R11: 0000000000000000 R12: 0000000000007676 [ 140.134955] R13: 0000000000008000 R14: 0000000000000000 R15: 0000000000007676 [ 140.137785] FS: 0000000000000000(0000) GS:ffff88013a680000(0063) knlGS:00000000f7db9700 [ 140.140998] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 140.143303] CR2: 00000000f7ea56e0 CR3: 0000000134674004 CR4: 00000000000606e0 [ 140.145906] Call Trace: [ 140.146728] vm_brk_flags+0xc3/0x100 [ 140.147830] vm_brk+0x1f/0x30 [ 140.148714] load_elf_library+0x281/0x2e0 [ 140.149875] __ia32_sys_uselib+0x170/0x1e0 [ 140.151028] ? copy_overflow+0x30/0x30 [ 140.152105] ? __ia32_sys_uselib+0x170/0x1e0 [ 140.153301] do_fast_syscall_32+0xca/0x420 [ 140.154455] entry_SYSENTER_compat+0x70/0x7f The reason is that the length of the new brk is not page aligned when we try to populate the it. There is no reason to bug on that though. do_brk_flags already aligns the length properly so the mapping is expanded as it should. All we need is to tell mm_populate about it. Besides that there is absolutely no reason to to bug_on in the first place. The worst thing that could happen is that the last page wouldn't get populated and that is far from putting system into an inconsistent state. Fix the issue by moving the length sanitization code from do_brk_flags up to vm_brk_flags. The only other caller of do_brk_flags is brk syscall entry and it makes sure to provide the proper length so t here is no need for sanitation and so we can use do_brk_flags without it. Also remove the bogus BUG_ONs. [osalvador(a)techadventures.net: fix up vm_brk_flags s@request@len@] Link: http://lkml.kernel.org/r/20180706090217.GI32658@dhcp22.suse.cz Signed-off-by: Michal Hocko <mhocko(a)suse.com> Reported-by: syzbot <syzbot+5dcb560fe12aa5091c06(a)syzkaller.appspotmail.com> Tested-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Oscar Salvador <osalvador(a)techadventures.net> Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.vnet.ibm.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Michael S. Tsirkin <mst(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 2 -- mm/mmap.c | 29 ++++++++++++----------------- 2 files changed, 12 insertions(+), 19 deletions(-) diff -puN mm/gup.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate mm/gup.c --- a/mm/gup.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate +++ a/mm/gup.c @@ -1238,8 +1238,6 @@ int __mm_populate(unsigned long start, u int locked = 0; long ret = 0; - VM_BUG_ON(start & ~PAGE_MASK); - VM_BUG_ON(len != PAGE_ALIGN(len)); end = start + len; for (nstart = start; nstart < end; nstart = nend) { diff -puN mm/mmap.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate mm/mmap.c --- a/mm/mmap.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate +++ a/mm/mmap.c @@ -186,8 +186,8 @@ static struct vm_area_struct *remove_vma return next; } -static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf); - +static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, + struct list_head *uf); SYSCALL_DEFINE1(brk, unsigned long, brk) { unsigned long retval; @@ -245,7 +245,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) goto out; /* Ok, looks good - let it rip. */ - if (do_brk(oldbrk, newbrk-oldbrk, &uf) < 0) + if (do_brk_flags(oldbrk, newbrk-oldbrk, 0, &uf) < 0) goto out; set_brk: @@ -2929,21 +2929,14 @@ static inline void verify_mm_writelocked * anonymous maps. eventually we may be able to do some * brk-specific accounting here. */ -static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, struct list_head *uf) +static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long flags, struct list_head *uf) { struct mm_struct *mm = current->mm; struct vm_area_struct *vma, *prev; - unsigned long len; struct rb_node **rb_link, *rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; - len = PAGE_ALIGN(request); - if (len < request) - return -ENOMEM; - if (!len) - return 0; - /* Until we need other flags, refuse anything except VM_EXEC. */ if ((flags & (~VM_EXEC)) != 0) return -EINVAL; @@ -3015,18 +3008,20 @@ out: return 0; } -static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf) -{ - return do_brk_flags(addr, len, 0, uf); -} - -int vm_brk_flags(unsigned long addr, unsigned long len, unsigned long flags) +int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) { struct mm_struct *mm = current->mm; + unsigned long len; int ret; bool populate; LIST_HEAD(uf); + len = PAGE_ALIGN(request); + if (len < request) + return -ENOMEM; + if (!len) + return 0; + if (down_write_killable(&mm->mmap_sem)) return -EINTR; _ Patches currently in -mm which might be from mhocko(a)suse.com are memblock-do-not-complain-about-top-down-allocations-for-memory_hotremove.patch mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate.patch mm-drop-vm_bug_on-from-__get_free_pages.patch memcg-oom-move-out_of_memory-back-to-the-charge-path.patch mm-oom-docs-describe-the-cgroup-aware-oom-killer-fix-2.patch

7 years, 5 months

1
0
0 0

+ x86-purgatory-add-missing-force-to-makefile-target.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: x86/purgatory: add missing FORCE to Makefile target has been added to the -mm tree. Its filename is x86-purgatory-add-missing-force-to-makefile-target.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/x86-purgatory-add-missing-force-to… and later at http://ozlabs.org/~akpm/mmotm/broken-out/x86-purgatory-add-missing-force-to… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Philipp Rudo <prudo(a)linux.ibm.com> Subject: x86/purgatory: add missing FORCE to Makefile target - Build the kernel without the fix - Add some flag to the purgatories KBUILD_CFLAGS,I used -fno-asynchronous-unwind-tables - Re-build the kernel When you look at makes output you see that sha256.o is not re-build in the last step. Also readelf -S still shows the .eh_frame section for sha256.o. With the fix sha256.o is rebuilt in the last step. Without FORCE make does not detect changes only made to the command line options. So object files might not be re-built even when they should be. Fix this by adding FORCE where it is missing. Link: http://lkml.kernel.org/r/20180704110044.29279-2-prudo@linux.ibm.com Fixes: df6f2801f511 ("kernel/kexec_file.c: move purgatories sha256 to common code") Signed-off-by: Philipp Rudo <prudo(a)linux.ibm.com> Acked-by: Dave Young <dyoung(a)redhat.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> [4.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/purgatory/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN arch/x86/purgatory/Makefile~x86-purgatory-add-missing-force-to-makefile-target arch/x86/purgatory/Makefile --- a/arch/x86/purgatory/Makefile~x86-purgatory-add-missing-force-to-makefile-target +++ a/arch/x86/purgatory/Makefile @@ -6,7 +6,7 @@ purgatory-y := purgatory.o stack.o setup targets += $(purgatory-y) PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y)) -$(obj)/sha256.o: $(srctree)/lib/sha256.c +$(obj)/sha256.o: $(srctree)/lib/sha256.c FORCE $(call if_changed_rule,cc_o_c) LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib _ Patches currently in -mm which might be from prudo(a)linux.ibm.com are x86-purgatory-add-missing-force-to-makefile-target.patch

7 years, 5 months

1
0
0 0

[PATCH] clk: aspeed: Mark bclk (PCIe) and dclk (VGA) as critical

by Joel Stanley

This is used by the host to talk to the BMC's PCIe slave device. The BMC is not involved, but the clock needs to be enabled so the host can use the device. Fixes: 15ed8ce5f84e ("clk: aspeed: Register gated clocks") Cc: stable(a)vger.kernel.org # 4.15 Acked-by: Andrew Jeffery <andrew(a)aj.id.au> Tested-by: Lei YU <mine260309(a)gmail.com> Signed-off-by: Joel Stanley <joel(a)jms.id.au> --- drivers/clk/clk-aspeed.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/clk/clk-aspeed.c b/drivers/clk/clk-aspeed.c index 4d425594999d..c17032bc853a 100644 --- a/drivers/clk/clk-aspeed.c +++ b/drivers/clk/clk-aspeed.c @@ -91,8 +91,8 @@ static const struct aspeed_gate_data aspeed_gates[] = { [ASPEED_CLK_GATE_GCLK] = { 1, 7, "gclk-gate", NULL, 0 }, /* 2D engine */ [ASPEED_CLK_GATE_MCLK] = { 2, -1, "mclk-gate", "mpll", CLK_IS_CRITICAL }, /* SDRAM */ [ASPEED_CLK_GATE_VCLK] = { 3, 6, "vclk-gate", NULL, 0 }, /* Video Capture */ - [ASPEED_CLK_GATE_BCLK] = { 4, 8, "bclk-gate", "bclk", 0 }, /* PCIe/PCI */ - [ASPEED_CLK_GATE_DCLK] = { 5, -1, "dclk-gate", NULL, 0 }, /* DAC */ + [ASPEED_CLK_GATE_BCLK] = { 4, 8, "bclk-gate", "bclk", CLK_IS_CRITICAL }, /* PCIe/PCI */ + [ASPEED_CLK_GATE_DCLK] = { 5, -1, "dclk-gate", NULL, CLK_IS_CRITICAL }, /* DAC */ [ASPEED_CLK_GATE_REFCLK] = { 6, -1, "refclk-gate", "clkin", CLK_IS_CRITICAL }, [ASPEED_CLK_GATE_USBPORT2CLK] = { 7, 3, "usb-port2-gate", NULL, 0 }, /* USB2.0 Host port 2 */ [ASPEED_CLK_GATE_LCLK] = { 8, 5, "lclk-gate", NULL, 0 }, /* LPC */ -- 2.17.1

7 years, 5 months

2
1
0 0

[PATCH v2] acpi, nfit: Fix scrub idle detection

by Dan Williams

The notification of scrub completion happens within the scrub workqueue. That can clearly race someone running scrub_show() and work_busy() before the workqueue has a chance to flush the recently completed work. Add a flag to reliably indicate the idle vs busy state. Without this change applications using poll(2) to wait for scrub-completion may falsely wakeup and read ARS as being busy even though the thread is going idle and then hang indefinitely. Fixes: bc6ba8085842 ("nfit, address-range-scrub: rework and simplify ARS...") Cc: <stable(a)vger.kernel.org> Reported-by: Vishal Verma <vishal.l.verma(a)intel.com> Tested-by: Vishal Verma <vishal.l.verma(a)intel.com> Reported-by: Lukasz Dorau <lukasz.dorau(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Changes in v2: * Don't touch ->tmo outside of the workqueue itself, it is a private field for the workqueue to manage. (Vishal) drivers/acpi/nfit/core.c | 44 +++++++++++++++++++++++++++++++++----------- drivers/acpi/nfit/nfit.h | 1 + 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 471402cee1f1..b8040fed2a69 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -1275,7 +1275,7 @@ static ssize_t scrub_show(struct device *dev, mutex_lock(&acpi_desc->init_mutex); rc = sprintf(buf, "%d%s", acpi_desc->scrub_count, - work_busy(&acpi_desc->dwork.work) + acpi_desc->scrub_busy && !acpi_desc->cancel ? "+\n" : "\n"); mutex_unlock(&acpi_desc->init_mutex); } @@ -2941,6 +2941,32 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, return 0; } +static void __sched_ars(struct acpi_nfit_desc *acpi_desc, unsigned int tmo) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 1; + /* note this should only be set from within the workqueue */ + if (tmo) + acpi_desc->scrub_tmo = tmo; + queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); +} + +static void sched_ars(struct acpi_nfit_desc *acpi_desc) +{ + __sched_ars(acpi_desc, 0); +} + +static void notify_ars_done(struct acpi_nfit_desc *acpi_desc) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 0; + acpi_desc->scrub_count++; + if (acpi_desc->scrub_count_state) + sysfs_notify_dirent(acpi_desc->scrub_count_state); +} + static void acpi_nfit_scrub(struct work_struct *work) { struct acpi_nfit_desc *acpi_desc; @@ -2951,14 +2977,10 @@ static void acpi_nfit_scrub(struct work_struct *work) mutex_lock(&acpi_desc->init_mutex); query_rc = acpi_nfit_query_poison(acpi_desc); tmo = __acpi_nfit_scrub(acpi_desc, query_rc); - if (tmo) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); - acpi_desc->scrub_tmo = tmo; - } else { - acpi_desc->scrub_count++; - if (acpi_desc->scrub_count_state) - sysfs_notify_dirent(acpi_desc->scrub_count_state); - } + if (tmo) + __sched_ars(acpi_desc, tmo); + else + notify_ars_done(acpi_desc); memset(acpi_desc->ars_status, 0, acpi_desc->max_ars); mutex_unlock(&acpi_desc->init_mutex); } @@ -3039,7 +3061,7 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) break; } - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc); return 0; } @@ -3241,7 +3263,7 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) } } if (scheduled) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc); dev_dbg(dev, "ars_scan triggered\n"); } mutex_unlock(&acpi_desc->init_mutex); diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 7d15856a739f..a97ff42fe311 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -203,6 +203,7 @@ struct acpi_nfit_desc { unsigned int max_ars; unsigned int scrub_count; unsigned int scrub_mode; + unsigned int scrub_busy:1; unsigned int cancel:1; unsigned long dimm_cmd_force_en; unsigned long bus_cmd_force_en;

7 years, 5 months

1
0
0 0

[PATCH] devres: Really align data field to unsigned long long

by Alexey Brodkin

It looks like on most of architectures "data" member of devres struture gets aligned to 8-byte "unsigned long long" boundary as one may expect: if we don't explicitly pack a structure then natural alignment (which matches each member data type) is used. But at least on 32-bit ARC architecture ABI requires "long long" types to be aligned by normal 32-bit word. This makes "data" field aligned to 12 bytes. This is still OK as long as we use 32-bit data only. But once we want to use native atomic64_t type (i.e. when we use special instructions LLOCKD/SCONDD for accessing 64-bit data) we easily hit misaligned access exception. That's because even on CPUs capable of non-aligned data access LL/SC instructions require strict alignment. Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org --- drivers/base/devres.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index f98a097e73f2..35ddc8b66bc9 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -25,7 +25,7 @@ struct devres_node { struct devres { struct devres_node node; /* -- 3 pointers */ - unsigned long long data[]; /* guarantee ull alignment */ + unsigned long long data[] __aligned(sizeof(unsigned long long)); }; struct devres_group { -- 2.17.1

7 years, 5 months

2
1
0 0

[PATCH] acpi, nfit: Fix scrub idle detection

by Dan Williams

The notification of scrub completion happens within the scrub workqueue. That can clearly race someone running scrub_show() and work_busy() before the workqueue has a chance to flush the recently completed work. Add a flag to reliably indicate the idle vs busy state. Without this change applications using poll(2) to wait for scrub-completion may falsely wakeup and read ARS as being busy even though the thread is going idle and then hang indefinitely. Fixes: bc6ba8085842 ("nfit, address-range-scrub: rework and simplify ARS...") Cc: <stable(a)vger.kernel.org> Reported-by: Vishal Verma <vishal.l.verma(a)intel.com> Reported-by: Lukasz Dorau <lukasz.dorau(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 37 ++++++++++++++++++++++++++----------- drivers/acpi/nfit/nfit.h | 1 + 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 471402cee1f1..cd26484d1cee 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -1275,7 +1275,7 @@ static ssize_t scrub_show(struct device *dev, mutex_lock(&acpi_desc->init_mutex); rc = sprintf(buf, "%d%s", acpi_desc->scrub_count, - work_busy(&acpi_desc->dwork.work) + acpi_desc->scrub_busy && !acpi_desc->cancel ? "+\n" : "\n"); mutex_unlock(&acpi_desc->init_mutex); } @@ -2941,6 +2941,25 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, return 0; } +static void sched_ars(struct acpi_nfit_desc *acpi_desc, unsigned int tmo) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 1; + acpi_desc->scrub_tmo = tmo; + queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); +} + +static void notify_ars_done(struct acpi_nfit_desc *acpi_desc) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 0; + acpi_desc->scrub_count++; + if (acpi_desc->scrub_count_state) + sysfs_notify_dirent(acpi_desc->scrub_count_state); +} + static void acpi_nfit_scrub(struct work_struct *work) { struct acpi_nfit_desc *acpi_desc; @@ -2951,14 +2970,10 @@ static void acpi_nfit_scrub(struct work_struct *work) mutex_lock(&acpi_desc->init_mutex); query_rc = acpi_nfit_query_poison(acpi_desc); tmo = __acpi_nfit_scrub(acpi_desc, query_rc); - if (tmo) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); - acpi_desc->scrub_tmo = tmo; - } else { - acpi_desc->scrub_count++; - if (acpi_desc->scrub_count_state) - sysfs_notify_dirent(acpi_desc->scrub_count_state); - } + if (tmo) + sched_ars(acpi_desc, tmo); + else + notify_ars_done(acpi_desc); memset(acpi_desc->ars_status, 0, acpi_desc->max_ars); mutex_unlock(&acpi_desc->init_mutex); } @@ -3039,7 +3054,7 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) break; } - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc, 0); return 0; } @@ -3241,7 +3256,7 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) } } if (scheduled) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc, 0); dev_dbg(dev, "ars_scan triggered\n"); } mutex_unlock(&acpi_desc->init_mutex); diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 7d15856a739f..a97ff42fe311 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -203,6 +203,7 @@ struct acpi_nfit_desc { unsigned int max_ars; unsigned int scrub_count; unsigned int scrub_mode; + unsigned int scrub_busy:1; unsigned int cancel:1; unsigned long dimm_cmd_force_en; unsigned long bus_cmd_force_en;

7 years, 5 months

1
0
0 0

[PATCH] clk: aspeed: Support HPLL strapping on ast2400

by Joel Stanley

The HPLL can be configured through a register (SCU24), however some platforms chose to configure it through the strapping settings and do not use the register. This was not noticed as the logic for bit 18 in SCU24 was confused: set means programmed, but the driver read it as set means strapped. This gives us the correct HPLL value on Palmetto systems, from which most of the peripheral clocks are generated. Fixes: 5eda5d79e4be ("clk: Add clock driver for ASPEED BMC SoCs") Cc: stable(a)vger.kernel.org # v4.15 Reviewed-by: Cédric Le Goater <clg(a)kaod.org> Signed-off-by: Joel Stanley <joel(a)jms.id.au> --- drivers/clk/clk-aspeed.c | 42 +++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/drivers/clk/clk-aspeed.c b/drivers/clk/clk-aspeed.c index 38b366b00c57..2ef4ad7bdbdc 100644 --- a/drivers/clk/clk-aspeed.c +++ b/drivers/clk/clk-aspeed.c @@ -24,7 +24,7 @@ #define ASPEED_MPLL_PARAM 0x20 #define ASPEED_HPLL_PARAM 0x24 #define AST2500_HPLL_BYPASS_EN BIT(20) -#define AST2400_HPLL_STRAPPED BIT(18) +#define AST2400_HPLL_PROGRAMMED BIT(18) #define AST2400_HPLL_BYPASS_EN BIT(17) #define ASPEED_MISC_CTRL 0x2c #define UART_DIV13_EN BIT(12) @@ -565,29 +565,45 @@ builtin_platform_driver(aspeed_clk_driver); static void __init aspeed_ast2400_cc(struct regmap *map) { struct clk_hw *hw; - u32 val, freq, div; + u32 val, div, clkin, hpll; + const u16 hpll_rates[][4] = { + {384, 360, 336, 408}, + {400, 375, 350, 425}, + }; + int rate; /* * CLKIN is the crystal oscillator, 24, 48 or 25MHz selected by * strapping */ regmap_read(map, ASPEED_STRAP, &val); - if (val & CLKIN_25MHZ_EN) - freq = 25000000; - else if (val & AST2400_CLK_SOURCE_SEL) - freq = 48000000; - else - freq = 24000000; - hw = clk_hw_register_fixed_rate(NULL, "clkin", NULL, 0, freq); - pr_debug("clkin @%u MHz\n", freq / 1000000); + rate = (val >> 8) & 3; + if (val & CLKIN_25MHZ_EN) { + clkin = 25000000; + hpll = hpll_rates[1][rate]; + } else if (val & AST2400_CLK_SOURCE_SEL) { + clkin = 48000000; + hpll = hpll_rates[0][rate]; + } else { + clkin = 24000000; + hpll = hpll_rates[0][rate]; + } + hw = clk_hw_register_fixed_rate(NULL, "clkin", NULL, 0, clkin); + pr_debug("clkin @%u MHz\n", clkin / 1000000); /* * High-speed PLL clock derived from the crystal. This the CPU clock, - * and we assume that it is enabled + * and we assume that it is enabled. It can be configured through the + * HPLL_PARAM register, or set to a specified frequency by strapping. */ regmap_read(map, ASPEED_HPLL_PARAM, &val); - WARN(val & AST2400_HPLL_STRAPPED, "hpll is strapped not configured"); - aspeed_clk_data->hws[ASPEED_CLK_HPLL] = aspeed_ast2400_calc_pll("hpll", val); + if (val & AST2400_HPLL_PROGRAMMED) + hw = aspeed_ast2400_calc_pll("hpll", val); + else + hw = clk_hw_register_fixed_rate(NULL, "hpll", "clkin", 0, + hpll * 1000000); + + aspeed_clk_data->hws[ASPEED_CLK_HPLL] = hw; /* * Strap bits 11:10 define the CPU/AHB clock frequency ratio (aka HCLK) -- 2.17.1

7 years, 5 months

2
1
0 0

patch "misc: sram: fix resource leaks in probe error path" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled misc: sram: fix resource leaks in probe error path to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From f294d00961d1d869ecffa60e280eeeee1ccf9a49 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Tue, 3 Jul 2018 12:05:47 +0200 Subject: misc: sram: fix resource leaks in probe error path Make sure to disable clocks and deregister any exported partitions before returning on late probe errors. Note that since commit ee895ccdf776 ("misc: sram: fix enabled clock leak on error path"), partitions are deliberately exported before enabling the clock so we stick to that logic here. A follow up patch will address this. Fixes: 2ae2e28852f2 ("misc: sram: add Atmel securam support") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/sram.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/sram.c b/drivers/misc/sram.c index c5dc6095686a..679647713e36 100644 --- a/drivers/misc/sram.c +++ b/drivers/misc/sram.c @@ -407,13 +407,20 @@ static int sram_probe(struct platform_device *pdev) if (init_func) { ret = init_func(); if (ret) - return ret; + goto err_disable_clk; } dev_dbg(sram->dev, "SRAM pool: %zu KiB @ 0x%p\n", gen_pool_size(sram->pool) / 1024, sram->virt_base); return 0; + +err_disable_clk: + if (sram->clk) + clk_disable_unprepare(sram->clk); + sram_free_partitions(sram); + + return ret; } static int sram_remove(struct platform_device *pdev) -- 2.18.0

7 years, 5 months

1
0
0 0

patch "staging: r8822be: Fix RTL8822be can't find any wireless AP" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: r8822be: Fix RTL8822be can't find any wireless AP to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From d59d2f9995d28974877750f429e821324bd603c7 Mon Sep 17 00:00:00 2001 From: Ping-Ke Shih <pkshih(a)realtek.com> Date: Fri, 6 Jul 2018 13:44:35 +0800 Subject: staging: r8822be: Fix RTL8822be can't find any wireless AP RTL8822be can't bring up properly on ASUS X530UN, and dmesg says: [ 8.591333] r8822be: module is from the staging directory, the quality is unknown, you have been warned. [ 8.593122] r8822be 0000:02:00.0: enabling device (0000 -> 0003) [ 8.669163] r8822be: Using firmware rtlwifi/rtl8822befw.bin [ 9.289939] r8822be: rtlwifi: wireless switch is on [ 10.056426] r8822be 0000:02:00.0 wlp2s0: renamed from wlan0 ... [ 11.952534] r8822be: halmac_init_hal failed [ 11.955933] r8822be: halmac_init_hal failed [ 11.956227] r8822be: halmac_init_hal failed [ 22.007942] r8822be: halmac_init_hal failed Jian-Hong reported it works if turn off ASPM with module parameter aspm=0. In order to fix this problem kindly, this commit don't turn off aspm but enlarge ASPM L1 latency to 7. Reported-by: Jian-Hong Pan <jian-hong(a)endlessm.com> Tested-by: Jian-Hong Pan <jian-hong(a)endlessm.com> Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtlwifi/rtl8822be/hw.c | 2 +- drivers/staging/rtlwifi/wifi.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtlwifi/rtl8822be/hw.c b/drivers/staging/rtlwifi/rtl8822be/hw.c index 7947edb239a1..88ba5b2fea6a 100644 --- a/drivers/staging/rtlwifi/rtl8822be/hw.c +++ b/drivers/staging/rtlwifi/rtl8822be/hw.c @@ -803,7 +803,7 @@ static void _rtl8822be_enable_aspm_back_door(struct ieee80211_hw *hw) return; pci_read_config_byte(rtlpci->pdev, 0x70f, &tmp); - pci_write_config_byte(rtlpci->pdev, 0x70f, tmp | BIT(7)); + pci_write_config_byte(rtlpci->pdev, 0x70f, tmp | ASPM_L1_LATENCY << 3); pci_read_config_byte(rtlpci->pdev, 0x719, &tmp); pci_write_config_byte(rtlpci->pdev, 0x719, tmp | BIT(3) | BIT(4)); diff --git a/drivers/staging/rtlwifi/wifi.h b/drivers/staging/rtlwifi/wifi.h index 012fb618840b..a45f0eb69d3f 100644 --- a/drivers/staging/rtlwifi/wifi.h +++ b/drivers/staging/rtlwifi/wifi.h @@ -88,6 +88,7 @@ #define RTL_USB_MAX_RX_COUNT 100 #define QBSS_LOAD_SIZE 5 #define MAX_WMMELE_LENGTH 64 +#define ASPM_L1_LATENCY 7 #define TOTAL_CAM_ENTRY 32 -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: yurex: fix out-of-bounds uaccess in read handler" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: yurex: fix out-of-bounds uaccess in read handler to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Fri, 6 Jul 2018 17:12:56 +0200 Subject: USB: yurex: fix out-of-bounds uaccess in read handler In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace. Fix it by using simple_read_from_buffer() instead of custom logic. Fixes: 6bc235a2e24a ("USB: add driver for Meywa-Denki & Kayac YUREX") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/misc/yurex.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 8abb6cbbd98a..3be40eaa1ac9 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -396,8 +396,7 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) { struct usb_yurex *dev; - int retval = 0; - int bytes_read = 0; + int len = 0; char in_buffer[20]; unsigned long flags; @@ -405,26 +404,16 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, mutex_lock(&dev->io_mutex); if (!dev->interface) { /* already disconnected */ - retval = -ENODEV; - goto exit; + mutex_unlock(&dev->io_mutex); + return -ENODEV; } spin_lock_irqsave(&dev->lock, flags); - bytes_read = snprintf(in_buffer, 20, "%lld\n", dev->bbu); + len = snprintf(in_buffer, 20, "%lld\n", dev->bbu); spin_unlock_irqrestore(&dev->lock, flags); - - if (*ppos < bytes_read) { - if (copy_to_user(buffer, in_buffer + *ppos, bytes_read - *ppos)) - retval = -EFAULT; - else { - retval = bytes_read - *ppos; - *ppos += bytes_read; - } - } - -exit: mutex_unlock(&dev->io_mutex); - return retval; + + return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); } static ssize_t yurex_write(struct file *file, const char __user *user_buffer, -- 2.18.0

7 years, 5 months

1
0
0 0

patch "misc: sram: fix resource leaks in probe error path" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled misc: sram: fix resource leaks in probe error path to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From f294d00961d1d869ecffa60e280eeeee1ccf9a49 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Tue, 3 Jul 2018 12:05:47 +0200 Subject: misc: sram: fix resource leaks in probe error path Make sure to disable clocks and deregister any exported partitions before returning on late probe errors. Note that since commit ee895ccdf776 ("misc: sram: fix enabled clock leak on error path"), partitions are deliberately exported before enabling the clock so we stick to that logic here. A follow up patch will address this. Fixes: 2ae2e28852f2 ("misc: sram: add Atmel securam support") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/sram.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/sram.c b/drivers/misc/sram.c index c5dc6095686a..679647713e36 100644 --- a/drivers/misc/sram.c +++ b/drivers/misc/sram.c @@ -407,13 +407,20 @@ static int sram_probe(struct platform_device *pdev) if (init_func) { ret = init_func(); if (ret) - return ret; + goto err_disable_clk; } dev_dbg(sram->dev, "SRAM pool: %zu KiB @ 0x%p\n", gen_pool_size(sram->pool) / 1024, sram->virt_base); return 0; + +err_disable_clk: + if (sram->clk) + clk_disable_unprepare(sram->clk); + sram_free_partitions(sram); + + return ret; } static int sram_remove(struct platform_device *pdev) -- 2.18.0

7 years, 5 months

1
0
0 0

patch "usb: quirks: add delay quirks for Corsair Strafe" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: quirks: add delay quirks for Corsair Strafe to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From bba57eddadda936c94b5dccf73787cb9e159d0a5 Mon Sep 17 00:00:00 2001 From: Nico Sneck <snecknico(a)gmail.com> Date: Mon, 2 Jul 2018 19:26:07 +0300 Subject: usb: quirks: add delay quirks for Corsair Strafe Corsair Strafe appears to suffer from the same issues as the Corsair Strafe RGB. Apply the same quirks (control message delay and init delay) that the RGB version has to 1b1c:1b15. With these quirks in place the keyboard works correctly upon booting the system, and no longer requires reattaching the device. Signed-off-by: Nico Sneck <snecknico(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index c55def2f1320..097057d2eacf 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -378,6 +378,10 @@ static const struct usb_device_id usb_quirk_list[] = { /* Corsair K70 RGB */ { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT }, + /* Corsair Strafe */ + { USB_DEVICE(0x1b1c, 0x1b15), .driver_info = USB_QUIRK_DELAY_INIT | + USB_QUIRK_DELAY_CTRL_MSG }, + /* Corsair Strafe RGB */ { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT | USB_QUIRK_DELAY_CTRL_MSG }, -- 2.18.0

7 years, 5 months

1
0
0 0

patch "xhci: xhci-mem: off by one in xhci_stream_id_to_ring()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: xhci-mem: off by one in xhci_stream_id_to_ring() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 313db3d6488bb03b61b99de9dbca061f1fd838e1 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 4 Jul 2018 12:48:53 +0300 Subject: xhci: xhci-mem: off by one in xhci_stream_id_to_ring() The > should be >= here so that we don't read one element beyond the end of the ep->stream_info->stream_rings[] array. Fixes: e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 8a62eee9eee1..ef350c33dc4a 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -595,7 +595,7 @@ struct xhci_ring *xhci_stream_id_to_ring( if (!ep->stream_info) return NULL; - if (stream_id > ep->stream_info->num_streams) + if (stream_id >= ep->stream_info->num_streams) return NULL; return ep->stream_info->stream_rings[stream_id]; } -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: mos7840: fix status-register error handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: mos7840: fix status-register error handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 794744abfffef8b1f3c0c8a4896177d6d13d653d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 4 Jul 2018 17:02:17 +0200 Subject: USB: serial: mos7840: fix status-register error handling Add missing transfer-length sanity check to the status-register completion handler to avoid leaking bits of uninitialised slab data to user space. Fixes: 3f5429746d91 ("USB: Moschip 7840 USB-Serial Driver") Cc: stable <stable(a)vger.kernel.org> # 2.6.19 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/mos7840.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c index fdceb46d9fc6..b580b4c7fa48 100644 --- a/drivers/usb/serial/mos7840.c +++ b/drivers/usb/serial/mos7840.c @@ -468,6 +468,9 @@ static void mos7840_control_callback(struct urb *urb) } dev_dbg(dev, "%s urb buffer size is %d\n", __func__, urb->actual_length); + if (urb->actual_length < 1) + goto out; + dev_dbg(dev, "%s mos7840_port->MsrLsr is %d port %d\n", __func__, mos7840_port->MsrLsr, mos7840_port->port_num); data = urb->transfer_buffer; -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: ch341: fix type promotion bug in ch341_control_in()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: ch341: fix type promotion bug in ch341_control_in() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e33eab9ded328ccc14308afa51b5be7cbe78d30b Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 4 Jul 2018 12:29:38 +0300 Subject: USB: serial: ch341: fix type promotion bug in ch341_control_in() The "r" variable is an int and "bufsize" is an unsigned int so the comparison is type promoted to unsigned. If usb_control_msg() returns a negative that is treated as a high positive value and the error handling doesn't work. Fixes: 2d5a9c72d0c4 ("USB: serial: ch341: fix control-message error handling") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ch341.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c index bdd7a5ad3bf1..3bb1fff02bed 100644 --- a/drivers/usb/serial/ch341.c +++ b/drivers/usb/serial/ch341.c @@ -128,7 +128,7 @@ static int ch341_control_in(struct usb_device *dev, r = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), request, USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, value, index, buf, bufsize, DEFAULT_TIMEOUT); - if (r < bufsize) { + if (r < (int)bufsize) { if (r >= 0) { dev_err(&dev->dev, "short control message received (%d < %u)\n", -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: keyspan_pda: fix modem-status error handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: keyspan_pda: fix modem-status error handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 01b3cdfca263a17554f7b249d20a247b2a751521 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 4 Jul 2018 17:02:16 +0200 Subject: USB: serial: keyspan_pda: fix modem-status error handling Fix broken modem-status error handling which could lead to bits of slab data leaking to user space. Fixes: 3b36a8fd6777 ("usb: fix uninitialized variable warning in keyspan_pda") Cc: stable <stable(a)vger.kernel.org> # 2.6.27 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/keyspan_pda.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c index 5169624d8b11..38d43c4b7ce5 100644 --- a/drivers/usb/serial/keyspan_pda.c +++ b/drivers/usb/serial/keyspan_pda.c @@ -369,8 +369,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, 3, /* get pins */ USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, 0, 0, data, 1, 2000); - if (rc >= 0) + if (rc == 1) *value = *data; + else if (rc >= 0) + rc = -EIO; kfree(data); return rc; -- 2.18.0

7 years, 5 months

1
0
0 0

patch "USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 367b160fe4717c14a2a978b6f9ffb75a7762d3ed Mon Sep 17 00:00:00 2001 From: Olli Salonen <olli.salonen(a)iki.fi> Date: Wed, 4 Jul 2018 14:07:42 +0300 Subject: USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick There are two versions of the Qivicon Zigbee stick in circulation. This adds the second USB ID to the cp210x driver. Signed-off-by: Olli Salonen <olli.salonen(a)iki.fi> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index ee0cc1d90b51..626a29d9aa58 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -149,6 +149,7 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ + { USB_DEVICE(0x10C4, 0x89FB) }, /* Qivicon ZigBee USB Radio Stick */ { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ -- 2.18.0

7 years, 5 months

1
0
0 0

Re: Patch "drm/amd/display: release spinlock before committing updates to stream" has been added to the 4.17-stable tree

by Andrey Grodzovsky

This patch is wrong as noted by MIchel a while ago - quote from his review of the patch. "Actually, pflip_status should really only be set to AMDGPU_FLIP_SUBMITTED after the flip has been programmed to the hardware, at least as far as the lock holder is concerned. That's why the code was previously holding the lock until after the dc_commit_updates_for_stream call. Otherwise, it's at least theoretically possible that either: * dm_pflip_high_irq is called before dc_commit_updates_for_stream, but sees flip_status == AMDGPU_FLIP_SUBMITTED and sends the event to userspace prematurely * dm_pflip_high_irq is called after dc_commit_updates_for_stream, but sees flip_status != AMDGPU_FLIP_SUBMITTED, so it incorrectly doesn't send the event to userspace " It shouldn't go in. Andrey On 07/05/2018 11:59 AM, gregkh(a)linuxfoundation.org wrote: > This is a note to let you know that I've just added the patch titled > > drm/amd/display: release spinlock before committing updates to stream > > to the 4.17-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amd-display-release-spinlock-before-committing-updates-to-stream.patch > and it can be found in the queue-4.17 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From 4de9f38bb2cce3a4821ffb8a83d6b08f6e37d905 Mon Sep 17 00:00:00 2001 > From: Shirish S <shirish.s(a)amd.com> > Date: Tue, 26 Jun 2018 09:32:39 +0530 > Subject: drm/amd/display: release spinlock before committing updates to stream > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > From: Shirish S <shirish.s(a)amd.com> > > commit 4de9f38bb2cce3a4821ffb8a83d6b08f6e37d905 upstream. > > Currently, amdgpu_do_flip() spinlocks crtc->dev->event_lock and > releases it only after committing updates to the stream. > > dc_commit_updates_for_stream() should be moved out of > spinlock for the below reasons: > > 1. event_lock is supposed to protect access to acrct->pflip_status _only_ > 2. dc_commit_updates_for_stream() has potential sleep's > and also its not appropriate to be in an atomic state > for such long sequences of code. > > Signed-off-by: Shirish S <shirish.s(a)amd.com> > Suggested-by: Andrey Grodzovsky <andrey.grodzovsky(a)amd.com> > Reviewed-by: Michel Dänzer <michel.daenzer(a)amd.com> > Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Cc: stable(a)vger.kernel.org > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > --- > drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c > +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c > @@ -3967,10 +3967,11 @@ static void amdgpu_dm_do_flip(struct drm > if (acrtc->base.state->event) > prepare_flip_isr(acrtc); > > + spin_unlock_irqrestore(&crtc->dev->event_lock, flags); > + > surface_updates->surface = dc_stream_get_status(acrtc_state->stream)->plane_states[0]; > surface_updates->flip_addr = &addr; > > - > dc_commit_updates_for_stream(adev->dm.dc, > surface_updates, > 1, > @@ -3983,9 +3984,6 @@ static void amdgpu_dm_do_flip(struct drm > __func__, > addr.address.grph.addr.high_part, > addr.address.grph.addr.low_part); > - > - > - spin_unlock_irqrestore(&crtc->dev->event_lock, flags); > } > > static void amdgpu_dm_commit_planes(struct drm_atomic_state *state, > > > Patches currently in stable-queue which might be from shirish.s(a)amd.com are > > queue-4.17/drm-amdgpu-add-apu-support-in-vi_set_vce_clocks.patch > queue-4.17/drm-amdgpu-add-apu-support-in-vi_set_uvd_clocks.patch > queue-4.17/drm-amd-display-release-spinlock-before-committing-updates-to-stream.patch

7 years, 5 months

4
5
0 0

[PATCH] soc: qcom: rmtfs-mem: fix memleak in probe error paths

by Johan Hovold

Make sure to set the mem device release callback before calling put_device() in a couple of probe error paths so that the containing object also gets freed. Fixes: d1de6d6c639b ("soc: qcom: Remote filesystem memory driver") Cc: stable <stable(a)vger.kernel.org> # 4.15 Cc: Bjorn Andersson <bjorn.andersson(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/soc/qcom/rmtfs_mem.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c index c8999e38b005..8a3678c2e83c 100644 --- a/drivers/soc/qcom/rmtfs_mem.c +++ b/drivers/soc/qcom/rmtfs_mem.c @@ -184,6 +184,7 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) device_initialize(&rmtfs_mem->dev); rmtfs_mem->dev.parent = &pdev->dev; rmtfs_mem->dev.groups = qcom_rmtfs_mem_groups; + rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; rmtfs_mem->base = devm_memremap(&rmtfs_mem->dev, rmtfs_mem->addr, rmtfs_mem->size, MEMREMAP_WC); @@ -206,8 +207,6 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) goto put_device; } - rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; - ret = of_property_read_u32(node, "qcom,vmid", &vmid); if (ret < 0 && ret != -EINVAL) { dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); -- 2.17.1

7 years, 5 months

1
1
0 0

[PATCH] ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

by Hui Wang

We have two new lenovo desktop models which need to apply the fixup of ALC294_FIXUP_LENOVO_MIC_LOCATION, and they have the same pin cfg as the machine with subsystem id:0x17aa3136, now use the pincfg table to apply the fixup for them. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 63154b9..666713e 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6556,7 +6556,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x312a, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), - SND_PCI_QUIRK(0x17aa, 0x3136, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI), SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), @@ -6822,6 +6821,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1a, 0x02a11040}, {0x1b, 0x01014020}, {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, + {0x14, 0x90170110}, + {0x19, 0x02a11020}, + {0x1a, 0x02a11030}, + {0x21, 0x0221101f}), SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, {0x12, 0x90a60140}, {0x14, 0x90170110}, -- 2.7.4

7 years, 5 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror