- Linux-stable-mirror - lists.linaro.org

Patch "ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b23af6ad8d2f708c4c3f92dd8f82c233247ba8bf Mon Sep 17 00:00:00 2001 From: Philipp Rossak <embed3d(a)gmail.com> Date: Wed, 14 Feb 2018 15:10:24 +0100 Subject: ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties From: Philipp Rossak <embed3d(a)gmail.com> commit b23af6ad8d2f708c4c3f92dd8f82c233247ba8bf upstream. The eldoin is supplied from the dcdc1 regulator. The N_VBUSEN pin is connected to an external power regulator (SY6280AAC). With this commit we update the pmic binding properties to support those features. Fixes: 7daa21370075 ("ARM: dts: sunxi: Add regulators for Sinovoip BPI-M2") Cc: <stable(a)vger.kernel.org> Signed-off-by: Philipp Rossak <embed3d(a)gmail.com> Signed-off-by: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts +++ b/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts @@ -163,6 +163,8 @@ reg = <0x68>; interrupt-parent = <&nmi_intc>; interrupts = <0 IRQ_TYPE_LEVEL_LOW>; + eldoin-supply = <&reg_dcdc1>; + x-powers,drive-vbus-en; }; }; Patches currently in stable-queue which might be from embed3d(a)gmail.com are queue-4.14/arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch queue-4.14/arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch

7 years, 5 months

1
0
0 0

Patch "ARM: dts: sun6i: a31s: bpi-m2: add missing regulators" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: sun6i: a31s: bpi-m2: add missing regulators to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 70b8d21496758dd7ff600ec9de0ee3812fac7a40 Mon Sep 17 00:00:00 2001 From: Philipp Rossak <embed3d(a)gmail.com> Date: Wed, 14 Feb 2018 15:10:25 +0100 Subject: ARM: dts: sun6i: a31s: bpi-m2: add missing regulators From: Philipp Rossak <embed3d(a)gmail.com> commit 70b8d21496758dd7ff600ec9de0ee3812fac7a40 upstream. This patch fixes a bootproblem with the Bananapi M2 board. Since there are some regulators missing we add them right now. Those values come from the schematic, below you can find a small overview: * reg_aldo1: 3,3V, powers the wifi * reg_aldo2: 2,5V, powers the IO of the RTL8211E * reg_aldo3: 3,3V, powers the audio * reg_dldo1: 3,0V, powers the RTL8211E * reg_dldo2: 2,8V, powers the analog part of the csi * reg_dldo3: 3,3V, powers misc * reg_eldo1: 1,8V, powers the csi * reg_ldo_io1:1,8V, powers the gpio * reg_dc5ldo: needs to be always on This patch updates also the vmmc-supply properties on the mmc0 and mmc2 node to use the allready existent regulators. We can now remove the sunxi-common-regulators.dtsi include since we don't need it anymore. Fixes: 7daa21370075 ("ARM: dts: sunxi: Add regulators for Sinovoip BPI-M2") Cc: <stable(a)vger.kernel.org> Signed-off-by: Philipp Rossak <embed3d(a)gmail.com> Signed-off-by: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts | 61 +++++++++++++++++++++-- 1 file changed, 58 insertions(+), 3 deletions(-) --- a/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts +++ b/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts @@ -42,7 +42,6 @@ /dts-v1/; #include "sun6i-a31s.dtsi" -#include "sunxi-common-regulators.dtsi" #include <dt-bindings/gpio/gpio.h> / { @@ -99,6 +98,7 @@ pinctrl-0 = <&gmac_pins_rgmii_a>, <&gmac_phy_reset_pin_bpi_m2>; phy = <&phy1>; phy-mode = "rgmii"; + phy-supply = <&reg_dldo1>; snps,reset-gpio = <&pio 0 21 GPIO_ACTIVE_HIGH>; /* PA21 */ snps,reset-active-low; snps,reset-delays-us = <0 10000 30000>; @@ -118,7 +118,7 @@ &mmc0 { pinctrl-names = "default"; pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bpi_m2>; - vmmc-supply = <&reg_vcc3v0>; + vmmc-supply = <&reg_dcdc1>; bus-width = <4>; cd-gpios = <&pio 0 4 GPIO_ACTIVE_HIGH>; /* PA4 */ cd-inverted; @@ -132,7 +132,7 @@ &mmc2 { pinctrl-names = "default"; pinctrl-0 = <&mmc2_pins_a>; - vmmc-supply = <&reg_vcc3v0>; + vmmc-supply = <&reg_aldo1>; mmc-pwrseq = <&mmc2_pwrseq>; bus-width = <4>; non-removable; @@ -195,7 +195,28 @@ #include "axp22x.dtsi" +&reg_aldo1 { + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + regulator-name = "vcc-wifi"; +}; + +&reg_aldo2 { + regulator-always-on; + regulator-min-microvolt = <2500000>; + regulator-max-microvolt = <2500000>; + regulator-name = "vcc-gmac"; +}; + +&reg_aldo3 { + regulator-always-on; + regulator-min-microvolt = <3000000>; + regulator-max-microvolt = <3000000>; + regulator-name = "avcc"; +}; + &reg_dc5ldo { + regulator-always-on; regulator-min-microvolt = <700000>; regulator-max-microvolt = <1320000>; regulator-name = "vdd-cpus"; @@ -235,6 +256,40 @@ regulator-name = "vcc-dram"; }; +&reg_dldo1 { + regulator-min-microvolt = <3000000>; + regulator-max-microvolt = <3000000>; + regulator-name = "vcc-mac"; +}; + +&reg_dldo2 { + regulator-min-microvolt = <2800000>; + regulator-max-microvolt = <2800000>; + regulator-name = "avdd-csi"; +}; + +&reg_dldo3 { + regulator-always-on; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + regulator-name = "vcc-pb"; +}; + +&reg_eldo1 { + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-name = "vdd-csi"; + status = "okay"; +}; + +&reg_ldo_io1 { + regulator-always-on; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-name = "vcc-pm-cpus"; + status = "okay"; +}; + &uart0 { pinctrl-names = "default"; pinctrl-0 = <&uart0_pins_a>; Patches currently in stable-queue which might be from embed3d(a)gmail.com are queue-4.14/arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch queue-4.14/arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch

7 years, 5 months

1
0
0 0

Patch "ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a Mon Sep 17 00:00:00 2001 From: Fabio Estevam <festevam(a)gmail.com> Date: Mon, 22 Jan 2018 12:20:26 +0100 Subject: ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] From: Fabio Estevam <festevam(a)gmail.com> commit 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a upstream. Commit 384b38b66947 ("ARM: 7873/1: vfp: clear vfp_current_hw_state for dying cpu") fixed the cpu dying notifier by clearing vfp_current_hw_state[]. However commit e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") incorrectly used the original vfp_force_reload() function in the cpu dying notifier. Fix it by going back to clearing vfp_current_hw_state[]. Fixes: e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") Cc: linux-stable <stable(a)vger.kernel.org> Reported-by: Kohji Okuno <okuno.kohji(a)jp.panasonic.com> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/vfp/vfpmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user */ static int vfp_dying_cpu(unsigned int cpu) { - vfp_force_reload(cpu, current_thread_info()); + vfp_current_hw_state[cpu] = NULL; return 0; } Patches currently in stable-queue which might be from festevam(a)gmail.com are queue-4.14/arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch

7 years, 5 months

1
0
0 0

Patch "ALSA: usb-audio: Add native DSD support for TEAC UD-301" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: usb-audio: Add native DSD support for TEAC UD-301 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b00214865d65100163574ba250008f182cf90869 Mon Sep 17 00:00:00 2001 From: Nobutaka Okabe <nob77413(a)gmail.com> Date: Fri, 23 Mar 2018 19:49:44 +0900 Subject: ALSA: usb-audio: Add native DSD support for TEAC UD-301 From: Nobutaka Okabe <nob77413(a)gmail.com> commit b00214865d65100163574ba250008f182cf90869 upstream. Add native DSD support quirk for TEAC UD-301 DAC, by adding the PID/VID 0644:804a. Signed-off-by: Nobutaka Okabe <nob77413(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/usb/quirks.c | 1 + 1 file changed, 1 insertion(+) --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -1177,6 +1177,7 @@ static bool is_teac_dsd_dac(unsigned int switch (id) { case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */ case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */ + case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */ return true; } return false; Patches currently in stable-queue which might be from nob77413(a)gmail.com are queue-4.14/alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch

7 years, 5 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3424,7 +3424,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #endif /* CONFIG_X86 */ /* mmap with fault handler */ area->vm_ops = &snd_pcm_vm_ops_data_fault; Patches currently in stable-queue which might be from sr(a)denx.de are queue-4.14/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 5 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1326,7 +1326,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1433,7 +1433,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.14/alsa-pcm-potential-uninitialized-return-values.patch

7 years, 5 months

1
0
0 0

Patch "perf/hwbp: Simplify the perf-hwbp code, fix documentation" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/hwbp: Simplify the perf-hwbp code, fix documentation to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f67b15037a7a50c57f72e69a6d59941ad90a0f0f Mon Sep 17 00:00:00 2001 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Mon, 26 Mar 2018 15:39:07 -1000 Subject: perf/hwbp: Simplify the perf-hwbp code, fix documentation From: Linus Torvalds <torvalds(a)linux-foundation.org> commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f upstream. Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_break * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct per bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); Patches currently in stable-queue which might be from torvalds(a)linux-foundation.org are queue-3.18/tty-vt-fix-up-tabstops-properly.patch queue-3.18/perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch

7 years, 5 months

1
0
0 0

Patch "mtd: jedec_probe: Fix crash in jedec_read_mfr()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: jedec_probe: Fix crash in jedec_read_mfr() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Sat, 3 Mar 2018 23:29:03 +0100 Subject: mtd: jedec_probe: Fix crash in jedec_read_mfr() From: Linus Walleij <linus.walleij(a)linaro.org> commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 upstream. It turns out that the loop where we read manufacturer jedec_read_mfd() can under some circumstances get a CFI_MFR_CONTINUATION repeatedly, making the loop go over all banks and eventually hit the end of the map and crash because of an access violation: Unable to handle kernel paging request at virtual address c4980000 pgd = (ptrval) [c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] PREEMPT ARM CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150 Hardware name: Gemini (Device Tree) PC is at jedec_probe_chip+0x6ec/0xcd0 LR is at 0x4 pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013 sp : c382dd18 ip : 0000ffff fp : 00000000 r10: c0626388 r9 : 00020000 r8 : c0626340 r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70 r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 0000397f Table: 00004000 DAC: 00000053 Process swapper (pid: 1, stack limit = 0x(ptrval)) Fix this by breaking the loop with a return 0 if the offset exceeds the map size. Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0") Cc: <stable(a)vger.kernel.org> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/chips/jedec_probe.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct do { uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); mask = (1 << (cfi->device_type * 8)) - 1; + if (ofs >= map->size) + return 0; result = map_read(map, base + ofs); bank++; } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-3.18/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch

7 years, 5 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3394,7 +3394,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #elif defined(CONFIG_MIPS) && defined(CONFIG_DMA_NONCOHERENT) if (substream->dma_buffer.dev.type == SNDRV_DMA_TYPE_DEV && !plat_device_is_coherent(substream->dma_buffer.dev.dev)) Patches currently in stable-queue which might be from sr(a)denx.de are queue-3.18/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 5 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1362,7 +1362,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1469,7 +1469,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-3.18/alsa-pcm-potential-uninitialized-return-values.patch queue-3.18/staging-ncpfs-memory-corruption-in-ncp_read_kernel.patch

7 years, 5 months

1
0
0 0

4.16-rc7 not (yet?) in stable.git

by Rainer Fiebig

Hi! 4.16-rc7 doesn't seem to be in stable.git yet. Am I too impatient or perhaps having a git-pull-problem here? Thanks! Rainer Fiebig -- The truth always turns out to be simpler than you thought. Richard Feynman

7 years, 5 months

3
3
0 0

Re: [PATCH] x86/xen: Delay get_cpu_cap until stack canary is established

by Boris Ostrovsky

On 03/31/2018 01:38 PM, Jason Andryuk wrote: > On Wed, Mar 21, 2018, 5:12 PM Boris Ostrovsky > <boris.ostrovsky(a)oracle.com <mailto:boris.ostrovsky@oracle.com>> wrote: > > On 03/19/2018 12:58 PM, Jason Andryuk wrote: > > Commit 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") > introduced a > > call to get_cpu_cap, which is fstack-protected. This is works on > x86-64 > > as commit 4f277295e54c ("x86/xen: init %gs very early to avoid page > > faults with stack protector") ensures the stack protector is > configured, > > but it it did not cover x86-32. > > > > Delay calling get_cpu_cap until after xen_setup_gdt has > initialized the > > stack canary. Without this, a 32bit PV machine crashes early > > in boot. > > (XEN) Domain 0 (vcpu#0) crashed on cpu#0: > > (XEN) ----[ Xen-4.6.6-xc x86_64 debug=n Tainted: C ]---- > > (XEN) CPU: 0 > > (XEN) RIP: e019:[<00000000c10362f8>] > > > > And the PV kernel IP corresponds to init_scattered_cpuid_features > > 0xc10362f8 <+24>: mov %gs:0x14,%eax > > > > Fixes 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") > > > > Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com > <mailto:jandryuk@gmail.com>> > > > > > Applied to for-linus-4.17 > > > Thanks. If it's not too late, can this be cc: stable? We can always try ;-) This is 4.15 and 4.16 only, I believe. -boris > If not, I'll > submit the request after it is in Linus's tree. > > -Jason >

7 years, 5 months

2
1
0 0

Linux 4.4.126

by Greg KH

I'm announcing the release of the 4.4.126 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/net/ethernet/arc/emac_rockchip.c | 6 +++-- drivers/net/ethernet/broadcom/bcmsysport.c | 33 +++++++++++++---------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 - drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/team/team.c | 4 +-- drivers/s390/net/qeth_core_main.c | 21 +++++++++++++----- drivers/s390/net/qeth_l2_main.c | 2 - drivers/s390/net/qeth_l3_main.c | 2 - drivers/scsi/sg.c | 5 ++-- kernel/irq/manage.c | 4 --- net/core/skbuff.c | 2 - net/dccp/proto.c | 5 ++++ net/ieee802154/6lowpan/core.c | 12 +++++++--- net/ipv4/inet_fragment.c | 3 ++ net/ipv4/ip_sockglue.c | 6 +++-- net/ipv6/ndisc.c | 3 +- net/iucv/af_iucv.c | 4 ++- net/l2tp/l2tp_core.c | 8 +++++-- net/netlink/genetlink.c | 2 - 21 files changed, 81 insertions(+), 50 deletions(-) Alexey Kodanev (1): dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (1): team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 Eric Dumazet (2): l2tp: do not accept arbitrary sockets ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Florian Fainelli (2): net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (2): Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" Linux 4.4.126 Johannes Thumshirn (1): scsi: sg: don't return bogus Sg_requests Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued

7 years, 5 months

1
1
0 0

Linux 4.9.92

by Greg KH

I'm announcing the release of the 4.9.92 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/net/ethernet/arc/emac_rockchip.c | 6 +++- drivers/net/ethernet/broadcom/bcmsysport.c | 33 +++++++++++--------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 - drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 22 +++++++---------- drivers/net/ethernet/hisilicon/hns/hns_enet.h | 6 ++-- drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/ppp/ppp_generic.c | 26 +++++++++++--------- drivers/net/team/team.c | 4 +-- drivers/s390/net/qeth_core_main.c | 21 +++++++++++----- drivers/s390/net/qeth_l2_main.c | 2 - drivers/s390/net/qeth_l3_main.c | 2 - drivers/scsi/sg.c | 5 ++- drivers/soc/fsl/qbman/qman.c | 28 +++------------------- include/linux/cgroup-defs.h | 4 +-- include/linux/rhashtable.h | 4 ++- include/net/sch_generic.h | 19 ++++++++++++++ kernel/irq/manage.c | 4 --- lib/rhashtable.c | 4 ++- net/core/dev.c | 22 +++++++++++------ net/core/skbuff.c | 2 - net/dccp/proto.c | 5 +++ net/ieee802154/6lowpan/core.c | 12 ++++++--- net/ipv4/inet_fragment.c | 3 ++ net/ipv4/ip_sockglue.c | 6 +++- net/ipv6/ndisc.c | 3 +- net/iucv/af_iucv.c | 4 ++- net/kcm/kcmsock.c | 33 ++++++++++++++++++-------- net/l2tp/l2tp_core.c | 8 ++++-- net/netlink/genetlink.c | 2 - net/sched/act_tunnel_key.c | 1 net/sched/sch_netem.c | 2 - 33 files changed, 180 insertions(+), 122 deletions(-) Alexey Kodanev (2): sch_netem: fix skb leak in netem_enqueue() dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (1): team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 Eric Dumazet (3): ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() l2tp: do not accept arbitrary sockets Florian Fainelli (2): net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (2): Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" Linux 4.9.92 Guillaume Nault (1): ppp: avoid loop in xmit recursion detection code Johannes Thumshirn (1): scsi: sg: don't return bogus Sg_requests Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Madalin Bucur (1): soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() Paul Blakey (1): rhashtable: Fix rhlist duplicates insertion Roman Mashak (1): net sched actions: return explicit error when tunnel_key mode is not specified SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Tom Herbert (1): kcm: lock lower socket in kcm_attach Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued Yunsheng Lin (1): net: hns: Fix a skb used after free bug

7 years, 5 months

1
1
0 0

Linux 4.14.32

by Greg KH

I'm announcing the release of the 4.14.32 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/net/ethernet/arc/emac_rockchip.c | 6 drivers/net/ethernet/broadcom/bcmsysport.c | 33 +-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 - drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 15 + drivers/net/ethernet/qlogic/qede/qede_main.c | 4 drivers/net/ethernet/ti/cpsw.c | 3 drivers/net/macvlan.c | 2 drivers/net/phy/phy.c | 173 ++++++++--------- drivers/net/phy/phy_device.c | 15 + drivers/net/ppp/ppp_generic.c | 26 +- drivers/net/team/team.c | 4 drivers/s390/net/qeth_core_main.c | 21 +- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/soc/fsl/qbman/qman.c | 28 -- fs/sysfs/symlink.c | 1 include/linux/cgroup-defs.h | 4 include/linux/phy.h | 1 include/linux/rhashtable.h | 4 include/net/sch_generic.h | 19 + include/net/tcp.h | 11 - lib/rhashtable.c | 4 net/core/dev.c | 22 +- net/core/devlink.c | 16 - net/core/skbuff.c | 2 net/dccp/proto.c | 5 net/ieee802154/6lowpan/core.c | 12 - net/ipv4/inet_fragment.c | 3 net/ipv4/ip_sockglue.c | 6 net/ipv4/tcp.c | 1 net/ipv4/tcp_timer.c | 1 net/ipv6/datagram.c | 21 +- net/ipv6/ndisc.c | 3 net/ipv6/seg6_iptunnel.c | 7 net/iucv/af_iucv.c | 4 net/kcm/kcmsock.c | 33 ++- net/l2tp/l2tp_core.c | 8 net/netlink/genetlink.c | 2 net/sched/act_tunnel_key.c | 1 net/sched/sch_netem.c | 2 44 files changed, 319 insertions(+), 234 deletions(-) Alexey Kodanev (2): sch_netem: fix skb leak in netem_enqueue() dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (2): devlink: Remove redundant free on error path team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Brad Mouring (1): net: phy: Tell caller result of phy_change() Camelia Groza (3): dpaa_eth: remove duplicate initialization dpaa_eth: increment the RX dropped counter when needed dpaa_eth: remove duplicate increment of the tx_errors counter Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 David Lebrun (2): ipv6: sr: fix NULL pointer dereference when setting encap source address ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state Eric Dumazet (3): ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() l2tp: do not accept arbitrary sockets Florian Fainelli (2): net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (1): Linux 4.14.32 Grygorii Strashko (2): sysfs: symlink: export sysfs_create_link_nowarn() net: phy: relax error checking when creating sysfs link netdev->phydev Guillaume Nault (1): ppp: avoid loop in xmit recursion detection code Ido Schimmel (1): mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Madalin Bucur (2): soc/fsl/qbman: fix issue in qman_delete_cgr_safe() dpaa_eth: fix error in dpaa_remove() Michal Kalderon (2): qed: Fix non TCP packets should be dropped on iWARP ll2 connection qede: Fix qedr link update Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() Paolo Abeni (1): net: ipv6: keep sk status consistent after datagram connect failure Paul Blakey (1): rhashtable: Fix rhlist duplicates insertion Roman Mashak (1): net sched actions: return explicit error when tunnel_key mode is not specified SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Shannon Nelson (1): macvlan: filter out unsupported feature flags Soheil Hassas Yeganeh (2): tcp: reset sk_send_head in tcp_write_queue_purge tcp: purge write queue upon aborting the connection Stefano Brivio (1): ipv6: old_dport should be a __be16 in __ip6_datagram_connect() Tom Herbert (1): kcm: lock lower socket in kcm_attach Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued

7 years, 5 months

1
1
0 0

Linux 4.15.15

by Greg KH

I'm announcing the release of the 4.15.15 kernel. All users of the 4.15 kernel series must upgrade. The updated 4.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.15.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/net/ethernet/arc/emac_rockchip.c | 6 drivers/net/ethernet/broadcom/bcmsysport.c | 33 +-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 - drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 17 + drivers/net/ethernet/qlogic/qede/qede_main.c | 4 drivers/net/ethernet/ti/cpsw.c | 3 drivers/net/macvlan.c | 2 drivers/net/phy/phy.c | 173 ++++++++--------- drivers/net/phy/phy_device.c | 15 + drivers/net/ppp/ppp_generic.c | 26 +- drivers/net/team/team.c | 4 drivers/s390/net/qeth_core_main.c | 21 +- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/soc/fsl/qbman/qman.c | 28 -- fs/sysfs/symlink.c | 1 include/linux/cgroup-defs.h | 4 include/linux/phy.h | 1 include/linux/rhashtable.h | 4 include/net/sch_generic.h | 19 + lib/rhashtable.c | 4 lib/test_rhashtable.c | 134 +++++++++++++ net/core/dev.c | 22 +- net/core/devlink.c | 16 - net/core/skbuff.c | 2 net/dccp/proto.c | 5 net/dsa/legacy.c | 2 net/ieee802154/6lowpan/core.c | 12 - net/ipv4/inet_fragment.c | 3 net/ipv4/ip_sockglue.c | 6 net/ipv4/tcp.c | 1 net/ipv4/tcp_timer.c | 1 net/ipv6/datagram.c | 21 +- net/ipv6/ndisc.c | 3 net/ipv6/route.c | 71 ++++-- net/ipv6/seg6_iptunnel.c | 7 net/iucv/af_iucv.c | 4 net/kcm/kcmsock.c | 33 ++- net/l2tp/l2tp_core.c | 8 net/netlink/genetlink.c | 2 net/openvswitch/meter.c | 12 - net/sched/act_tunnel_key.c | 1 net/sched/sch_netem.c | 2 47 files changed, 500 insertions(+), 263 deletions(-) Alexey Kodanev (2): sch_netem: fix skb leak in netem_enqueue() dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (2): devlink: Remove redundant free on error path team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Brad Mouring (1): net: phy: Tell caller result of phy_change() Camelia Groza (3): dpaa_eth: remove duplicate initialization dpaa_eth: increment the RX dropped counter when needed dpaa_eth: remove duplicate increment of the tx_errors counter Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 David Lebrun (2): ipv6: sr: fix NULL pointer dereference when setting encap source address ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state Eric Dumazet (3): ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() l2tp: do not accept arbitrary sockets Florian Fainelli (3): net: dsa: Fix dsa_is_user_port() test inversion net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (1): Linux 4.15.15 Grygorii Strashko (2): sysfs: symlink: export sysfs_create_link_nowarn() net: phy: relax error checking when creating sysfs link netdev->phydev Guillaume Nault (1): ppp: avoid loop in xmit recursion detection code Ido Schimmel (1): mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Madalin Bucur (2): soc/fsl/qbman: fix issue in qman_delete_cgr_safe() dpaa_eth: fix error in dpaa_remove() Michal Kalderon (3): qed: Fix MPA unalign flow in case header is split across two packets. qed: Fix non TCP packets should be dropped on iWARP ll2 connection qede: Fix qedr link update Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() Paolo Abeni (1): net: ipv6: keep sk status consistent after datagram connect failure Paul Blakey (2): rhashtable: Fix rhlist duplicates insertion test_rhashtable: add test case for rhltable with duplicate objects Roman Mashak (1): net sched actions: return explicit error when tunnel_key mode is not specified SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Shannon Nelson (1): macvlan: filter out unsupported feature flags Soheil Hassas Yeganeh (1): tcp: purge write queue upon aborting the connection Stefano Brivio (2): ipv6: old_dport should be a __be16 in __ip6_datagram_connect() ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes Tom Herbert (1): kcm: lock lower socket in kcm_attach Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued zhangliping (1): openvswitch: meter: fix the incorrect calculation of max delta_t

7 years, 5 months

1
1
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5512cca5c518c20037b10369a4725327202dd80b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:53:44 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit f2596a9808acfd02ce1ee389f0e1c37e64aec5f6 which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1210,10 +1210,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.9/net-fix-hlist-corruptions-in-inet_evict_bucket.patch queue-4.9/ppp-avoid-loop-in-xmit-recursion-detection-code.patch queue-4.9/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.9/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-4.9/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.9/rhashtable-fix-rhlist-duplicates-insertion.patch queue-4.9/kcm-lock-lower-socket-in-kcm_attach.patch queue-4.9/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.9/sch_netem-fix-skb-leak-in-netem_enqueue.patch queue-4.9/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.9/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.9/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-4.9/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.9/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-4.9/team-fix-double-free-in-error-path.patch queue-4.9/net-use-skb_to_full_sk-in-skb_update_prio.patch queue-4.9/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch queue-4.9/net-hns-fix-a-skb-used-after-free-bug.patch queue-4.9/soc-fsl-qbman-fix-issue-in-qman_delete_cgr_safe.patch queue-4.9/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.9/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-4.9/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.9/scsi-sg-don-t-return-bogus-sg_requests.patch queue-4.9/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-4.9/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-4.9/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch queue-4.9/net-sched-actions-return-explicit-error-when-tunnel_key-mode-is-not-specified.patch queue-4.9/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 5 months

1
0
0 0

[PATCH 4.15 00/47] 4.15.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.15.15 release. There are 47 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:05 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.15.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.15.15-rc1 Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued Michal Kalderon <Michal.Kalderon(a)cavium.com> qede: Fix qedr link update Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate increment of the tx_errors counter Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: increment the RX dropped counter when needed Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate initialization Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: fix error in dpaa_remove() Madalin Bucur <madalin.bucur(a)nxp.com> soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Eric Dumazet <edumazet(a)google.com> net: use skb_to_full_sk() in skb_update_prio() Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Alexey Kodanev <alexey.kodanev(a)oracle.com> sch_netem: fix skb leak in netem_enqueue() Tom Herbert <tom(a)quantonium.net> kcm: lock lower socket in kcm_attach Paul Blakey <paulb(a)mellanox.com> test_rhashtable: add test case for rhltable with duplicate objects Paul Blakey <paulb(a)mellanox.com> rhashtable: Fix rhlist duplicates insertion Guillaume Nault <g.nault(a)alphalink.fr> ppp: avoid loop in xmit recursion detection code Roman Mashak <mrv(a)mojatatu.com> net sched actions: return explicit error when tunnel_key mode is not specified Stefano Brivio <sbrivio(a)redhat.com> ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes Brad Mouring <brad.mouring(a)ni.com> net: phy: Tell caller result of phy_change() Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic David Lebrun <dlebrun(a)google.com> ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state David Lebrun <dlebrun(a)google.com> ipv6: sr: fix NULL pointer dereference when setting encap source address Stefano Brivio <sbrivio(a)redhat.com> ipv6: old_dport should be a __be16 in __ip6_datagram_connect() Paolo Abeni <pabeni(a)redhat.com> net: ipv6: keep sk status consistent after datagram connect failure Shannon Nelson <shannon.nelson(a)oracle.com> macvlan: filter out unsupported feature flags Arkadi Sharshevsky <arkadis(a)mellanox.com> devlink: Remove redundant free on error path Grygorii Strashko <grygorii.strashko(a)ti.com> net: phy: relax error checking when creating sysfs link netdev->phydev Grygorii Strashko <grygorii.strashko(a)ti.com> sysfs: symlink: export sysfs_create_link_nowarn() Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix non TCP packets should be dropped on iWARP ll2 connection Soheil Hassas Yeganeh <soheil(a)google.com> tcp: purge write queue upon aborting the connection Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix MPA unalign flow in case header is split across two packets. zhangliping <zhangliping02(a)baidu.com> openvswitch: meter: fix the incorrect calculation of max delta_t Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Fix dsa_is_user_port() test inversion ------------- Diffstat: Makefile | 4 +- drivers/net/ethernet/arc/emac_rockchip.c | 6 +- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 +- drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 17 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 4 +- drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/phy.c | 173 ++++++++++----------- drivers/net/phy/phy_device.c | 15 +- drivers/net/ppp/ppp_generic.c | 26 ++-- drivers/net/team/team.c | 4 +- drivers/s390/net/qeth_core_main.c | 21 ++- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/soc/fsl/qbman/qman.c | 28 +--- fs/sysfs/symlink.c | 1 + include/linux/cgroup-defs.h | 4 +- include/linux/phy.h | 1 - include/linux/rhashtable.h | 4 +- include/net/sch_generic.h | 19 +++ lib/rhashtable.c | 4 +- lib/test_rhashtable.c | 134 ++++++++++++++++ net/core/dev.c | 22 ++- net/core/devlink.c | 16 +- net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 + net/dsa/legacy.c | 2 +- net/ieee802154/6lowpan/core.c | 12 +- net/ipv4/inet_fragment.c | 3 + net/ipv4/ip_sockglue.c | 6 +- net/ipv4/tcp.c | 1 + net/ipv4/tcp_timer.c | 1 + net/ipv6/datagram.c | 21 ++- net/ipv6/ndisc.c | 3 +- net/ipv6/route.c | 71 +++++---- net/ipv6/seg6_iptunnel.c | 7 +- net/iucv/af_iucv.c | 4 +- net/kcm/kcmsock.c | 33 ++-- net/l2tp/l2tp_core.c | 8 +- net/netlink/genetlink.c | 2 +- net/openvswitch/meter.c | 12 +- net/sched/act_tunnel_key.c | 1 + net/sched/sch_netem.c | 2 +- 47 files changed, 501 insertions(+), 264 deletions(-)

7 years, 5 months

4
52
0 0

[PATCH 4.4 00/20] 4.4.126-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.126 release. There are 20 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:30 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.126-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.126-rc1 Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Marc Zyngier <marc.zyngier(a)arm.com> genirq: Track whether the trigger type has been set Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: don't return bogus Sg_requests ------------- Diffstat: Makefile | 4 ++-- drivers/net/ethernet/arc/emac_rockchip.c | 6 ++++-- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++++++++++++++---------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 2 ++ drivers/net/ethernet/ti/cpsw.c | 3 ++- drivers/net/team/team.c | 4 ++-- drivers/s390/net/qeth_core_main.c | 21 +++++++++++++------ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/sg.c | 5 +++-- include/linux/irq.h | 11 +++++++++- kernel/irq/manage.c | 13 +++++++++++- net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 +++++ net/ieee802154/6lowpan/core.c | 12 +++++++---- net/ipv4/inet_fragment.c | 3 +++ net/ipv4/ip_sockglue.c | 6 ++++-- net/ipv6/ndisc.c | 3 ++- net/iucv/af_iucv.c | 4 +++- net/l2tp/l2tp_core.c | 8 ++++++-- net/netlink/genetlink.c | 2 +- 22 files changed, 103 insertions(+), 50 deletions(-)

7 years, 5 months

5
26
0 0

Status of arm64 spectre backport for v4.4.y

by Guenter Roeck

Hi Greg, Hi Alex, do you have an idea if and when the arm64 Spectre backport to v4.4.y [1] might make it into a stable release ? Thanks, Guenter --- [1] https://www.spinics.net/lists/arm-kernel/msg639767.html

7 years, 5 months

2
1
0 0

[PATCH -v2] ext4: limit xattr size to INT_MAX

by Theodore Ts'o

From: Eric Biggers <ebiggers(a)google.com> ext4 isn't validating the sizes of xattrs. This is problematic because ->e_value_size is a u32, but ext4_xattr_get() returns an int. A very large size is misinterpreted as an error code, which ext4_get_acl() translates into a bogus ERR_PTR() for which IS_ERR() returns false, causing a crash. Fix this by validating that all xattrs are <= INT_MAX bytes. Also add explicit checks in ext4_xattr_block_get() and ext4_xattr_ibody_get() just in case the xattr block is corrupted in memory. Also if the xattr block is corrupted, mark the file system as containing an error. This issue has been assigned CVE-2018-1095. https://bugzilla.kernel.org/show_bug.cgi?id=199185 https://bugzilla.redhat.com/show_bug.cgi?id=1560793 Reported-by: Wen Xu <wen.xu(a)gatech.edu> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/xattr.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 63656dbafdc4..d2a9b078e121 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -195,10 +195,14 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, /* Check the values */ while (!IS_LAST_ENTRY(entry)) { + u32 size = le32_to_cpu(entry->e_value_size); + + if (size > INT_MAX) + return -EFSCORRUPTED; + if (entry->e_value_size != 0 && entry->e_value_inum == 0) { u16 offs = le16_to_cpu(entry->e_value_offs); - u32 size = le32_to_cpu(entry->e_value_size); void *value; /* @@ -523,8 +527,10 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { @@ -572,8 +578,10 @@ ext4_xattr_ibody_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { -- 2.16.1.72.g5be1f00a9a

7 years, 5 months

3
2
0 0

+ hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: hugetlbfs: fix bug in pgoff overflow checking has been added to the -mm tree. Its filename is hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/hugetlbfs-fix-bug-in-pgoff-overflo… and later at http://ozlabs.org/~akpm/mmotm/broken-out/hugetlbfs-fix-bug-in-pgoff-overflo… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: hugetlbfs: fix bug in pgoff overflow checking This is a fix for a regression in 32 bit kernels caused by an invalid check for pgoff overflow in hugetlbfs mmap setup. The check incorrectly specified that the size of a loff_t was the same as the size of a long. The regression prevents mapping hugetlbfs files at offsets greater than 4GB on 32 bit kernels. On 32 bit kernels conversion from a page based unsigned long can not overflow a loff_t byte offset. Therefore, skip this check if sizeof(unsigned long) != sizeof(loff_t). Link: http://lkml.kernel.org/r/20180330145402.5053-1-mike.kravetz@oracle.com Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow") Reported-by: Dan Rue <dan.rue(a)linaro.org> Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Nic Losby <blurbdust(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff -puN fs/hugetlbfs/inode.c~hugetlbfs-fix-bug-in-pgoff-overflow-checking fs/hugetlbfs/inode.c --- a/fs/hugetlbfs/inode.c~hugetlbfs-fix-bug-in-pgoff-overflow-checking +++ a/fs/hugetlbfs/inode.c @@ -138,10 +138,14 @@ static int hugetlbfs_file_mmap(struct fi /* * page based offset in vm_pgoff could be sufficiently large to - * overflow a (l)off_t when converted to byte offset. + * overflow a loff_t when converted to byte offset. This can + * only happen on architectures where sizeof(loff_t) == + * sizeof(unsigned long). So, only check in those instances. */ - if (vma->vm_pgoff & PGOFF_LOFFT_MAX) - return -EINVAL; + if (sizeof(unsigned long) == sizeof(loff_t)) { + if (vma->vm_pgoff & PGOFF_LOFFT_MAX) + return -EINVAL; + } /* must be huge page aligned */ if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch mm-hugetlbfs-move-hugetlbfs_i-outside-ifdef-config_hugetlbfs.patch mm-memfd-split-out-memfd-for-use-by-multiple-filesystems.patch mm-memfd-remove-memfd-code-from-shmem-files-and-use-new-memfd-files.patch mm-make-start_isolate_page_range-fail-if-already-isolated.patch

7 years, 5 months

1
0
0 0

+ mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/memblock: fix potential issue in memblock_search_pfn_nid() has been added to the -mm tree. Its filename is mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-memblock-fix-potential-issue-in… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-memblock-fix-potential-issue-in… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: mm/memblock: fix potential issue in memblock_search_pfn_nid() memblock_search_pfn_nid() returns the nid and the [start|end]_pfn of the memory region where pfn sits in. While the calculation of start_pfn has potential issue when the regions base is not page aligned. For example, we assume PAGE_SHIFT is 12 and base is 0x1234. Current implementation would return 1 while this is not correct. This patch fixes this by using PFN_UP(). The original commit is commit e76b63f80d93 ("memblock, numa: binary search node id") and merged in v3.12. Link: http://lkml.kernel.org/r/20180330033055.22340-1-richard.weiyang@gmail.com Fixes: e76b63f80d93 ("memblock, numa: binary search node id") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: Jia He <hejianet(a)gmail.com> Cc: <stable(a)vger.kernel.org> [3.12+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/memblock.c~mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid mm/memblock.c --- a/mm/memblock.c~mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid +++ a/mm/memblock.c @@ -1646,7 +1646,7 @@ int __init_memblock memblock_search_pfn_ if (mid == -1) return -1; - *start_pfn = PFN_DOWN(type->regions[mid].base); + *start_pfn = PFN_UP(type->regions[mid].base); *end_pfn = PFN_DOWN(type->regions[mid].base + type->regions[mid].size); return type->regions[mid].nid; _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are mm-check-__highest_present_sectioin_nr-directly-in-memory_dev_init.patch mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid.patch

7 years, 5 months

1
0
0 0

[PATCH] ext4: move call to ext4_error() into ext4_xattr_check_block()

by Theodore Ts'o

Refactor the call to EXT4_ERROR_INODE() into ext4_xattr_check_block(). This simplifies the code, and fixes a problem where not all callers of ext4_xattr_check_block() were not resulting in ext4_error() getting called when the xattr block is corrupted. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/xattr.c | 60 ++++++++++++++++++++++++++------------------------------- 1 file changed, 27 insertions(+), 33 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index d2a9b078e121..b0a9ba8e576a 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -226,25 +226,36 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, } static inline int -ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh) +__ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh, + const char *function, unsigned int line) { - int error; + int error = -EFSCORRUPTED; if (buffer_verified(bh)) return 0; if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) || BHDR(bh)->h_blocks != cpu_to_le32(1)) - return -EFSCORRUPTED; + goto errout; + error = -EFSBADCRC; if (!ext4_xattr_block_csum_verify(inode, bh)) - return -EFSBADCRC; + goto errout; error = ext4_xattr_check_entries(BFIRST(bh), bh->b_data + bh->b_size, bh->b_data); - if (!error) +errout: + if (error) + __ext4_error_inode(inode, function, line, 0, + "corrupted xattr block %llu", + (unsigned long long) bh->b_blocknr); + else set_buffer_verified(bh); return error; } +#define ext4_xattr_check_block(inode, bh) \ + __ext4_xattr_check_block((inode), (bh), __func__, __LINE__) + + static int __xattr_check_inode(struct inode *inode, struct ext4_xattr_ibody_header *header, void *end, const char *function, unsigned int line) @@ -515,12 +526,9 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, goto cleanup; ea_bdebug(bh, "b_count=%d, refcount=%d", atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount)); - if (ext4_xattr_check_block(inode, bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; + error = ext4_xattr_check_block(inode, bh); + if (error) goto cleanup; - } ext4_xattr_block_cache_insert(ea_block_cache, bh); entry = BFIRST(bh); error = ext4_xattr_find_entry(&entry, name_index, name, 1); @@ -684,12 +692,9 @@ ext4_xattr_block_list(struct dentry *dentry, char *buffer, size_t buffer_size) goto cleanup; ea_bdebug(bh, "b_count=%d, refcount=%d", atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount)); - if (ext4_xattr_check_block(inode, bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; + error = ext4_xattr_check_block(inode, bh); + if (error) goto cleanup; - } ext4_xattr_block_cache_insert(EA_BLOCK_CACHE(inode), bh); error = ext4_xattr_list_entries(dentry, BFIRST(bh), buffer, buffer_size); @@ -816,10 +821,9 @@ int ext4_get_inode_usage(struct inode *inode, qsize_t *usage) goto out; } - if (ext4_xattr_check_block(inode, bh)) { - ret = -EFSCORRUPTED; + ret = ext4_xattr_check_block(inode, bh); + if (ret) goto out; - } for (entry = BFIRST(bh); !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) @@ -1801,12 +1805,9 @@ ext4_xattr_block_find(struct inode *inode, struct ext4_xattr_info *i, ea_bdebug(bs->bh, "b_count=%d, refcount=%d", atomic_read(&(bs->bh->b_count)), le32_to_cpu(BHDR(bs->bh)->h_refcount)); - if (ext4_xattr_check_block(inode, bs->bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; + error = ext4_xattr_check_block(inode, bs->bh); + if (error) goto cleanup; - } /* Find the named attribute. */ bs->s.base = BHDR(bs->bh); bs->s.first = BFIRST(bs->bh); @@ -2729,13 +2730,9 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize, error = -EIO; if (!bh) goto cleanup; - if (ext4_xattr_check_block(inode, bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; - brelse(bh); + error = ext4_xattr_check_block(inode, bh); + if (error) goto cleanup; - } base = BHDR(bh); end = bh->b_data + bh->b_size; min_offs = end - base; @@ -2892,11 +2889,8 @@ int ext4_xattr_delete_inode(handle_t *handle, struct inode *inode, goto cleanup; } error = ext4_xattr_check_block(inode, bh); - if (error) { - EXT4_ERROR_INODE(inode, "bad block %llu (error %d)", - EXT4_I(inode)->i_file_acl, error); + if (error) goto cleanup; - } if (ext4_has_feature_ea_inode(inode->i_sb)) { for (entry = BFIRST(bh); !IS_LAST_ENTRY(entry); -- 2.16.1.72.g5be1f00a9a

7 years, 5 months

1
0
0 0

[merged] shm-add-split-function-to-shm_vm_ops.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ipc/shm.c: add split function to shm_vm_ops has been removed from the -mm tree. Its filename was shm-add-split-function-to-shm_vm_ops.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: ipc/shm.c: add split function to shm_vm_ops If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt 8<--8<--8<--8< snip 8<--8<--8<--8< CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 GPR00: c00000000036ee48 c000003fbcdcfa90 c0000000016ea600 c000003fbcdcfc40 GPR04: c000003fd9858950 00007115e4e00000 00007115e4e10000 0000000000000000 GPR08: 0000000000000010 0000000000010000 0000000000000000 0000000000000000 GPR12: 0000000000002000 c000000007a2c600 00000fe3985954d0 00007115e4e00000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 00000fe398595a94 000000000000a6fc c000003fd9858950 0000000000018554 GPR24: c000003fdcd84500 c0000000019acd00 00007115e4e10000 c000003fbcdcfc40 GPR28: 0000000000200000 00007115e4e00000 c000003fbc9ac600 c000003fd9858950 NIP [c00000000036e764] __unmap_hugepage_range+0xa4/0x760 LR [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 Call Trace: [c000003fbcdcfa90] [00007115e4e00000] 0x7115e4e00000 (unreliable) [c000003fbcdcfb50] [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 [c000003fbcdcfb80] [c00000000033497c] unmap_single_vma+0x11c/0x190 [c000003fbcdcfbd0] [c000000000334e14] unmap_vmas+0x94/0x140 [c000003fbcdcfc20] [c00000000034265c] exit_mmap+0x9c/0x1d0 [c000003fbcdcfce0] [c000000000105448] mmput+0xa8/0x1d0 [c000003fbcdcfd10] [c00000000010fad0] do_exit+0x360/0xc80 [c000003fbcdcfdd0] [c0000000001104c0] do_group_exit+0x60/0x100 [c000003fbcdcfe10] [c000000000110584] SyS_exit_group+0x24/0x30 [c000003fbcdcfe30] [c00000000000b184] system_call+0x58/0x6c Instruction dump: 552907fe e94a0028 e94a0408 eb2a0018 81590008 7f9c5036 0b090000 e9390010 7d2948f8 7d2a2838 0b0a0000 7d293038 <0b090000> e9230086 2fa90000 419e0468 ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff -puN ipc/shm.c~shm-add-split-function-to-shm_vm_ops ipc/shm.c --- a/ipc/shm.c~shm-add-split-function-to-shm_vm_ops +++ a/ipc/shm.c @@ -386,6 +386,17 @@ static int shm_fault(struct vm_fault *vm return sfd->vm_ops->fault(vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -510,6 +521,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are mm-hugetlbfs-move-hugetlbfs_i-outside-ifdef-config_hugetlbfs.patch mm-memfd-split-out-memfd-for-use-by-multiple-filesystems.patch mm-memfd-remove-memfd-code-from-shmem-files-and-use-new-memfd-files.patch mm-make-start_isolate_page_range-fail-if-already-isolated.patch

7 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror