- Linux-stable-mirror - lists.linaro.org

[PATCH 4.15 000/202] 4.15.4-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.15.4 release. There are 202 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Feb 17 15:16:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.15.4-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.15.4-rc1 Uma Krishnan <ukrishn(a)linux.vnet.ibm.com> scsi: cxlflash: Reset command ioasc James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix crash after bad bar setup on driver attachment Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: Ensure that the SCSI error handler gets woken up Steven Rostedt (VMware) <rostedt(a)goodmis.org> ftrace: Remove incorrect setting of glob search field Eric Biggers <ebiggers(a)google.com> devpts: fix error handling in devpts_mntget() Eric W. Biederman <ebiederm(a)xmission.com> mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy Amir Goldstein <amir73il(a)gmail.com> ovl: hash directory inodes for fsnotify Amir Goldstein <amir73il(a)gmail.com> ovl: take mnt_want_write() for removing impure xattr Amir Goldstein <amir73il(a)gmail.com> ovl: take mnt_want_write() for work/index dir setup Amir Goldstein <amir73il(a)gmail.com> ovl: fix failure to fsync lower dir Amir Goldstein <amir73il(a)gmail.com> ovl: force r/o mount when index dir creation fails Toshi Kani <toshi.kani(a)hpe.com> acpi, nfit: fix register dimm error handling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> ACPI: sbshc: remove raw pointer from printk() message Imre Deak <imre.deak(a)intel.com> drm/i915: Avoid PPS HW/SW state mismatch due to rounding Yan Markman <ymarkman(a)marvell.com> arm64: dts: marvell: add Ethernet aliases Peter Zijlstra <peterz(a)infradead.org> objtool: Fix switch-table detection Andrey Ryabinin <aryabinin(a)virtuozzo.com> lib/ubsan: add type mismatch handler for new GCC/Clang Andrew Morton <akpm(a)linux-foundation.org> lib/ubsan.c: s/missaligned/misaligned/ Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/stm32: Fix kernel panic with multiple timers Ming Lei <ming.lei(a)redhat.com> blk-mq: quiesce queue before freeing queue Bart Van Assche <bart.vanassche(a)wdc.com> pktcdvd: Fix a recently introduced NULL pointer dereference Bart Van Assche <bart.vanassche(a)wdc.com> pktcdvd: Fix pkt_setup_dev() error path Peter Rosin <peda(a)axentia.se> pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping Peter Rosin <peda(a)axentia.se> pinctrl: sx150x: Register pinctrl before adding the gpiochip Peter Rosin <peda(a)axentia.se> pinctrl: sx150x: Unregister the pinctrl on release Dmitry Mastykin <mastichi(a)gmail.com> pinctrl: mcp23s08: fix irq setup order Mika Westerberg <mika.westerberg(a)linux.intel.com> pinctrl: intel: Initialize GPIO properly when used through irqchip Thomas Gleixner <tglx(a)linutronix.de> genirq: Make legacy autoprobing work again James Hogan <jhogan(a)kernel.org> EDAC, octeon: Fix an uninitialized variable warning Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix futex_atomic_cmpxchg_inatomic Mikulas Patocka <mpatocka(a)redhat.com> alpha: fix formating of stack content Mikulas Patocka <mpatocka(a)redhat.com> alpha: fix reboot on Avanti platform Michael Cree <mcree(a)orcon.net.nz> alpha: Fix mixed up args in EXC macro in futex operations Arnd Bergmann <arnd(a)arndb.de> alpha: osf_sys.c: fix put_tv32 regression Mikulas Patocka <mpatocka(a)redhat.com> alpha: fix crash if pthread_create races with signal delivery Eric W. Biederman <ebiederm(a)xmission.com> signal/sh: Ensure si_signo is initialized in do_divide_error Eric W. Biederman <ebiederm(a)xmission.com> signal/openrisc: Fix do_unaligned_access to send the proper signal John Garry <john.garry(a)huawei.com> ipmi: use dynamic memory for DMI driver override Hans de Goede <hdegoede(a)redhat.com> Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version Kai-Heng Feng <kai.heng.feng(a)canonical.com> Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" Hans de Goede <hdegoede(a)redhat.com> Bluetooth: btsdio: Do not bind to non-removable BCM43341 Hans de Goede <hdegoede(a)redhat.com> HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working Eric Biggers <ebiggers(a)google.com> pipe: fix off-by-one error when checking buffer limits Eric Biggers <ebiggers(a)google.com> pipe: actually allow root to exceed the pipe buffer limits Eric Biggers <ebiggers(a)google.com> kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" Rasmus Villemoes <linux(a)rasmusvillemoes.dk> kernel/async.c: revert "async: simplify lowest_in_progress()" Heiko Carstens <heiko.carstens(a)de.ibm.com> fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() Mauro Carvalho Chehab <mchehab(a)kernel.org> media: cxusb, dib0700: ignore XC2028_I2C_FLUSH Hans Verkuil <hans.verkuil(a)cisco.com> media: vivid: fix module load error when enabling fb and no_error_inj=1 Mauro Carvalho Chehab <mchehab(a)kernel.org> media: ts2020: avoid integer overflows on 32 bit machines Hans Verkuil <hverkuil(a)xs4all.nl> media: dt-bindings/media/cec-gpio.txt: mention the CEC/HPD max voltages Arnd Bergmann <arnd(a)arndb.de> media: dvb-frontends: fix i2c access helpers for KASAN Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dvb_frontend: be sure to init dvb_frontend_handle_ioctl() return code Arnd Bergmann <arnd(a)arndb.de> kasan: rework Kconfig settings Andrey Konovalov <andreyknvl(a)google.com> kasan: don't emit builtin calls when sanitization is off Liu Bo <bo.li.liu(a)oracle.com> Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all Nikolay Borisov <nborisov(a)suse.com> btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker David Howells <dhowells(a)redhat.com> afs: Fix server list handling David Howells <dhowells(a)redhat.com> afs: Fix missing cursor clearance David Howells <dhowells(a)redhat.com> afs: Need to clear responded flag in addr cursor David Howells <dhowells(a)redhat.com> afs: Add missing afs_put_cell() Martin Kaiser <martin(a)kaiser.cx> watchdog: imx2_wdt: restore previous timeout after suspend+resume Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: compress: Correct handling of copy callback Takashi Iwai <tiwai(a)suse.de> ASoC: skl: Fix kernel warning due to zero NHTL entry John Keeping <john(a)metanate.com> ASoC: rockchip: i2s: fix playback after runtime resume Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: acpi: fix machine driver selection based on quirk Ulf Magnusson <ulfalizer(a)gmail.com> KVM: PPC: Book3S PR: Fix broken select due to misspelling James Morse <james.morse(a)arm.com> KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Drop locks before reading guest memory Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded Liran Alon <liran.alon(a)oracle.com> KVM: nVMX: Fix bug of injecting L2 exception into L1 Liran Alon <liran.alon(a)oracle.com> KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 Marc Zyngier <marc.zyngier(a)arm.com> arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix Kernel Oops on hashing an empty file Eric Biggers <ebiggers(a)google.com> crypto: sha512-mb - initialize pending lengths correctly Horia Geantă <horia.geanta(a)nxp.com> crypto: caam - fix endless loop when DECO acquire fails Hans Verkuil <hansverk(a)cisco.com> media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs Daniel Mentz <danielmentz(a)google.com> media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: avoid sizeof(type) Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: fix the indentation Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-ioctl.c: don't copy back the result for -ENOTTY Hans Verkuil <hans.verkuil(a)cisco.com> media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt Eric Biggers <ebiggers(a)google.com> crypto: hash - prevent using keyed hashes without setting key Eric Biggers <ebiggers(a)google.com> crypto: hash - annotate algorithms taking optional key Eric Biggers <ebiggers(a)google.com> crypto: poly1305 - remove ->setkey() method Eric Biggers <ebiggers(a)google.com> crypto: mcryptd - pass through absence of ->setkey() Eric Biggers <ebiggers(a)google.com> crypto: cryptd - pass through absence of ->setkey() Eric Biggers <ebiggers(a)google.com> crypto: hash - introduce crypto_hash_alg_has_setkey() Mika Westerberg <mika.westerberg(a)linux.intel.com> ahci: Add Intel Cannon Lake PCH-H PCI ID Hans de Goede <hdegoede(a)redhat.com> ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI Hans de Goede <hdegoede(a)redhat.com> ahci: Annotate PCI ids for mobile Intel chipsets as such Ivan Vecera <ivecera(a)redhat.com> kernfs: fix regression in kernfs_fop_write caused by wrong type Trond Myklebust <trond.myklebust(a)primarydata.com> nfsd: Detect unhashed stids in nfsd4_verify_open_stid() Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix a race between mmap() and O_DIRECT Eric Biggers <ebiggers(a)google.com> NFS: reject request for id_legacy key without auxdata J. Bruce Fields <bfields(a)redhat.com> NFS: commit direct writes even if they fail partially Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix nfsstat breakage due to LOOKUPP Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Add a cond_resched() to nfs_commit_release_pages() Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE Scott Mayhew <smayhew(a)redhat.com> nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds Eric Biggers <ebiggers(a)google.com> ubifs: free the encrypted symlink target Bradley Bolen <bradleybolen(a)gmail.com> ubi: block: Fix locking for idr_alloc/idr_remove Sascha Hauer <s.hauer(a)pengutronix.de> ubi: fastmap: Erase outdated anchor PEBs during attach Clay McClure <clay(a)daemons.net> ubi: Fix race condition between ubi volume creation and udev Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: nand: sunxi: Fix ECC strength choice Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: nand: Fix nand_do_read_oob() return value Kamal Dasu <kdasu.kdev(a)gmail.com> mtd: nand: brcmnand: Disable prefetch by default Arnd Bergmann <arnd(a)arndb.de> mtd: cfi: convert inline functions to macros Marc Zyngier <marc.zyngier(a)arm.com> arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Marc Zyngier <marc.zyngier(a)arm.com> arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc: Make function identifiers an unsigned quantity Marc Zyngier <marc.zyngier(a)arm.com> firmware/psci: Expose SMCCC version through psci_ops Marc Zyngier <marc.zyngier(a)arm.com> firmware/psci: Expose PSCI conduit Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Turn kvm_psci_version into a static inline Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Make PSCI_VERSION a fast path Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Advertise SMCCC v1.1 Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Implement PSCI 1.0 support Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Add smccc accessors to PSCI code Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Add PSCI_VERSION helper Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Consolidate the PSCI include files Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Increment PC after handling an SMC trap Jayachandran C <jnair(a)caviumnetworks.com> arm64: Branch predictor hardening for Cavium ThunderX2 Shanker Donthineni <shankerd(a)codeaurora.org> arm64: Implement branch predictor hardening for Falkor Will Deacon <will.deacon(a)arm.com> arm64: Implement branch predictor hardening for affected Cortex-A CPUs Will Deacon <will.deacon(a)arm.com> arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 Will Deacon <will.deacon(a)arm.com> arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Will Deacon <will.deacon(a)arm.com> arm64: entry: Apply BP hardening for high-priority synchronous exceptions Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Use per-CPU vector when BP hardening is enabled Marc Zyngier <marc.zyngier(a)arm.com> arm64: Move BP hardening to check_and_switch_context Will Deacon <will.deacon(a)arm.com> arm64: Add skeleton to harden the branch predictor against aliasing attacks Marc Zyngier <marc.zyngier(a)arm.com> arm64: Move post_ttbr_update_workaround to C code Will Deacon <will.deacon(a)arm.com> drivers/firmware: Expose psci_get_version through psci_ops structure Will Deacon <will.deacon(a)arm.com> arm64: cpufeature: Pass capability structure to ->enable callback Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Run enable method for errata work arounds on late CPUs James Morse <james.morse(a)arm.com> arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early Will Deacon <will.deacon(a)arm.com> arm64: futex: Mask __user pointers prior to dereference Will Deacon <will.deacon(a)arm.com> arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user Will Deacon <will.deacon(a)arm.com> arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user Will Deacon <will.deacon(a)arm.com> arm64: uaccess: Prevent speculative use of the current addr_limit Will Deacon <will.deacon(a)arm.com> arm64: entry: Ensure branch through syscall table is bounded under speculation Robin Murphy <robin.murphy(a)arm.com> arm64: Use pointer masking to limit uaccess speculation Robin Murphy <robin.murphy(a)arm.com> arm64: Make USER_DS an inclusive limit Robin Murphy <robin.murphy(a)arm.com> arm64: Implement array_index_mask_nospec() Will Deacon <will.deacon(a)arm.com> arm64: barrier: Add CSDB macros to control data-value prediction Will Deacon <will.deacon(a)arm.com> perf: arm_spe: Fail device probe when arm64_kernel_unmapped_at_el0() Will Deacon <will.deacon(a)arm.com> arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives Will Deacon <will.deacon(a)arm.com> arm64: entry: Reword comment about post_ttbr_update_workaround Marc Zyngier <marc.zyngier(a)arm.com> arm64: Force KPTI to be disabled on Cavium ThunderX Will Deacon <will.deacon(a)arm.com> arm64: kpti: Add ->enable callback to remap swapper using nG mappings Will Deacon <will.deacon(a)arm.com> arm64: mm: Permit transitioning from Global to Non-Global without BBM Will Deacon <will.deacon(a)arm.com> arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() Jayachandran C <jnair(a)caviumnetworks.com> arm64: Turn on KPTI only on CPUs that need it Jayachandran C <jnair(a)caviumnetworks.com> arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs Catalin Marinas <catalin.marinas(a)arm.com> arm64: kpti: Fix the interaction between ASID switching and software PAN Will Deacon <will.deacon(a)arm.com> arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: capabilities: Handle duplicate entries for a capability Will Deacon <will.deacon(a)arm.com> arm64: Take into account ID_AA64PFR0_EL1.CSV3 Will Deacon <will.deacon(a)arm.com> arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry Will Deacon <will.deacon(a)arm.com> arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 Will Deacon <will.deacon(a)arm.com> arm64: use RET instruction for exiting the trampoline Will Deacon <will.deacon(a)arm.com> arm64: kaslr: Put kernel vectors address in separate data page Will Deacon <will.deacon(a)arm.com> arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 Will Deacon <will.deacon(a)arm.com> arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks Stephen Boyd <sboyd(a)codeaurora.org> arm64: cpu_errata: Add Kryo to Falkor 1003 errata Will Deacon <will.deacon(a)arm.com> arm64: erratum: Work around Falkor erratum #E1003 in trampoline code Will Deacon <will.deacon(a)arm.com> arm64: entry: Hook up entry trampoline to exception vectors Will Deacon <will.deacon(a)arm.com> arm64: entry: Explicitly pass exception level to kernel_ventry macro Will Deacon <will.deacon(a)arm.com> arm64: mm: Map entry trampoline into trampoline and kernel page tables Will Deacon <will.deacon(a)arm.com> arm64: entry: Add exception trampoline page for exceptions from EL0 Will Deacon <will.deacon(a)arm.com> arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI Will Deacon <will.deacon(a)arm.com> arm64: mm: Add arm64_kernel_unmapped_at_el0 helper Will Deacon <will.deacon(a)arm.com> arm64: mm: Allocate ASIDs in pairs Will Deacon <will.deacon(a)arm.com> arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN Will Deacon <will.deacon(a)arm.com> arm64: mm: Rename post_ttbr0_update_workaround Will Deacon <will.deacon(a)arm.com> arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 Will Deacon <will.deacon(a)arm.com> arm64: mm: Move ASID from TTBR0 to TTBR1 Will Deacon <will.deacon(a)arm.com> arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN Will Deacon <will.deacon(a)arm.com> arm64: mm: Use non-global mappings for kernel space Arvind Yadav <arvind.yadav.cs(a)gmail.com> media: hdpvr: Fix an error handling path in hdpvr_probe() Malcolm Priestley <tvboxspy(a)gmail.com> media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner Malcolm Priestley <tvboxspy(a)gmail.com> media: dvb-usb-v2: lmedm04: Improve logic checking of warm start Steven Rostedt (VMware) <rostedt(a)goodmis.org> sched/rt: Up the root domain ref count when passing it around via IPIs Steven Rostedt (VMware) <rostedt(a)goodmis.org> sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Revert "drm/i915: mark all device info struct with __initconst" Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop Sven Joachim <svenjoac(a)gmx.de> ssb: Do not disable PCI host on non-Mips Yang Shunyong <shunyong.yang(a)hxt-semitech.com> dmaengine: dmatest: fix container_of member in dmatest_callback Andrew-sh Cheng <andrew-sh.cheng(a)mediatek.com> cpufreq: mediatek: add mediatek related projects into blacklist Aurelien Aptel <aaptel(a)suse.com> CIFS: zero sensitive data when freeing Daniel N Pettersson <danielnp(a)axis.com> cifs: Fix autonegotiate security settings mismatch Matthew Wilcox <mawilcox(a)microsoft.com> cifs: Fix missing put_xid in cifs_file_strict_mmap Matt Redfearn <matt.redfearn(a)mips.com> watchdog: indydog: Add dependency on SGI_HAS_INDYDOG ------------- Diffstat: Documentation/arm64/silicon-errata.txt | 2 +- .../devicetree/bindings/media/cec-gpio.txt | 6 +- Makefile | 7 +- arch/alpha/include/asm/futex.h | 8 +- arch/alpha/kernel/osf_sys.c | 4 +- arch/alpha/kernel/pci_impl.h | 3 +- arch/alpha/kernel/process.c | 3 +- arch/alpha/kernel/traps.c | 13 +- arch/arm/crypto/crc32-ce-glue.c | 2 + arch/arm/include/asm/kvm_host.h | 6 + arch/arm/include/asm/kvm_mmu.h | 10 + arch/arm/include/asm/kvm_psci.h | 27 - arch/arm/kvm/handle_exit.c | 17 +- arch/arm64/Kconfig | 46 +- arch/arm64/boot/dts/marvell/armada-7040-db.dts | 6 + arch/arm64/boot/dts/marvell/armada-8040-db.dts | 7 + arch/arm64/boot/dts/marvell/armada-8040-mcbin.dts | 6 + arch/arm64/crypto/crc32-ce-glue.c | 2 + arch/arm64/include/asm/asm-uaccess.h | 36 +- arch/arm64/include/asm/assembler.h | 54 +- arch/arm64/include/asm/barrier.h | 22 + arch/arm64/include/asm/cpucaps.h | 5 +- arch/arm64/include/asm/cputype.h | 9 + arch/arm64/include/asm/efi.h | 12 +- arch/arm64/include/asm/fixmap.h | 5 + arch/arm64/include/asm/futex.h | 9 +- arch/arm64/include/asm/kvm_asm.h | 2 + arch/arm64/include/asm/kvm_host.h | 5 + arch/arm64/include/asm/kvm_mmu.h | 38 + arch/arm64/include/asm/kvm_psci.h | 27 - arch/arm64/include/asm/mmu.h | 48 + arch/arm64/include/asm/mmu_context.h | 12 +- arch/arm64/include/asm/pgtable-hwdef.h | 1 + arch/arm64/include/asm/pgtable-prot.h | 35 +- arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/include/asm/proc-fns.h | 6 - arch/arm64/include/asm/processor.h | 3 + arch/arm64/include/asm/sysreg.h | 2 + arch/arm64/include/asm/tlbflush.h | 16 +- arch/arm64/include/asm/uaccess.h | 181 +++- arch/arm64/kernel/Makefile | 4 + arch/arm64/kernel/arm64ksyms.c | 4 +- arch/arm64/kernel/asm-offsets.c | 6 +- arch/arm64/kernel/bpi.S | 83 ++ arch/arm64/kernel/cpu-reset.S | 2 +- arch/arm64/kernel/cpu_errata.c | 239 ++++- arch/arm64/kernel/cpufeature.c | 138 ++- arch/arm64/kernel/entry.S | 228 ++++- arch/arm64/kernel/head.S | 2 +- arch/arm64/kernel/process.c | 12 +- arch/arm64/kernel/sleep.S | 2 +- arch/arm64/kernel/vmlinux.lds.S | 22 +- arch/arm64/kvm/handle_exit.c | 14 +- arch/arm64/kvm/hyp/entry.S | 12 + arch/arm64/kvm/hyp/hyp-entry.S | 20 +- arch/arm64/kvm/hyp/switch.c | 13 +- arch/arm64/lib/clear_user.S | 10 +- arch/arm64/lib/copy_from_user.S | 4 +- arch/arm64/lib/copy_in_user.S | 9 +- arch/arm64/lib/copy_to_user.S | 4 +- arch/arm64/mm/cache.S | 4 +- arch/arm64/mm/context.c | 48 +- arch/arm64/mm/fault.c | 36 +- arch/arm64/mm/mmu.c | 35 + arch/arm64/mm/proc.S | 224 ++++- arch/arm64/xen/hypercall.S | 4 +- arch/mn10300/mm/misalignment.c | 2 +- arch/openrisc/kernel/traps.c | 10 +- arch/powerpc/crypto/crc32c-vpmsum_glue.c | 1 + arch/powerpc/kvm/Kconfig | 2 +- arch/powerpc/kvm/book3s_hv.c | 16 +- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 40 +- arch/s390/crypto/crc32-vx.c | 3 + arch/sh/kernel/traps_32.c | 3 +- arch/sparc/crypto/crc32c_glue.c | 1 + arch/x86/crypto/crc32-pclmul_glue.c | 1 + arch/x86/crypto/crc32c-intel_glue.c | 1 + arch/x86/crypto/poly1305_glue.c | 1 - .../x86/crypto/sha512-mb/sha512_mb_mgr_init_avx2.c | 10 +- arch/x86/kvm/vmx.c | 6 +- arch/x86/kvm/x86.h | 1 + arch/xtensa/include/asm/futex.h | 23 +- block/blk-core.c | 9 + crypto/ahash.c | 33 +- crypto/algif_hash.c | 52 +- crypto/crc32_generic.c | 1 + crypto/crc32c_generic.c | 1 + crypto/cryptd.c | 10 +- crypto/mcryptd.c | 10 +- crypto/poly1305_generic.c | 17 +- crypto/shash.c | 25 +- drivers/acpi/nfit/core.c | 3 + drivers/acpi/sbshc.c | 4 +- drivers/ata/ahci.c | 37 +- drivers/block/pktcdvd.c | 12 +- drivers/bluetooth/btsdio.c | 9 + drivers/bluetooth/btusb.c | 20 +- drivers/char/ipmi/ipmi_dmi.c | 5 +- drivers/clocksource/timer-stm32.c | 7 +- drivers/cpufreq/cpufreq-dt-platdev.c | 8 + drivers/crypto/bfin_crc.c | 3 +- drivers/crypto/caam/ctrl.c | 8 +- drivers/crypto/stm32/stm32_crc32.c | 2 + drivers/crypto/talitos.c | 4 + drivers/dma/dmatest.c | 2 +- drivers/edac/octeon_edac-lmc.c | 1 + drivers/firmware/psci.c | 57 +- drivers/gpu/drm/i915/i915_pci.c | 94 +- drivers/gpu/drm/i915/intel_dp.c | 6 + drivers/hid/hid-core.c | 12 +- drivers/media/dvb-core/dvb_frontend.c | 4 +- drivers/media/dvb-frontends/ascot2e.c | 4 +- drivers/media/dvb-frontends/cxd2841er.c | 4 +- drivers/media/dvb-frontends/helene.c | 4 +- drivers/media/dvb-frontends/horus3a.c | 4 +- drivers/media/dvb-frontends/itd1000.c | 5 +- drivers/media/dvb-frontends/mt312.c | 5 +- drivers/media/dvb-frontends/stb0899_drv.c | 3 +- drivers/media/dvb-frontends/stb6100.c | 6 +- drivers/media/dvb-frontends/stv0367.c | 4 +- drivers/media/dvb-frontends/stv090x.c | 4 +- drivers/media/dvb-frontends/stv6110x.c | 4 +- drivers/media/dvb-frontends/ts2020.c | 4 +- drivers/media/dvb-frontends/zl10039.c | 4 +- drivers/media/platform/vivid/vivid-core.h | 1 + drivers/media/platform/vivid/vivid-ctrls.c | 35 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 39 +- drivers/media/usb/dvb-usb/cxusb.c | 2 + drivers/media/usb/dvb-usb/dib0700_devices.c | 1 + drivers/media/usb/hdpvr/hdpvr-core.c | 26 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1032 ++++++++++++-------- drivers/media/v4l2-core/v4l2-ioctl.c | 145 ++- drivers/mtd/nand/brcmnand/brcmnand.c | 13 +- drivers/mtd/nand/nand_base.c | 5 +- drivers/mtd/nand/sunxi_nand.c | 8 +- drivers/mtd/ubi/block.c | 42 +- drivers/mtd/ubi/vmt.c | 15 +- drivers/mtd/ubi/wl.c | 77 +- drivers/perf/arm_spe_pmu.c | 9 + drivers/pinctrl/intel/pinctrl-intel.c | 23 +- drivers/pinctrl/pinctrl-mcp23s08.c | 8 +- drivers/pinctrl/pinctrl-sx150x.c | 40 +- drivers/scsi/cxlflash/main.c | 1 + drivers/scsi/hosts.c | 6 + drivers/scsi/lpfc/lpfc_init.c | 84 +- drivers/scsi/scsi_error.c | 18 +- drivers/scsi/scsi_lib.c | 39 +- drivers/ssb/Kconfig | 2 +- .../lustre/lnet/libcfs/linux/linux-crypto-adler.c | 1 + drivers/watchdog/Kconfig | 2 +- drivers/watchdog/gpio_wdt.c | 3 +- drivers/watchdog/imx2_wdt.c | 20 +- fs/afs/addr_list.c | 13 +- fs/afs/rotate.c | 20 +- fs/afs/server_list.c | 3 +- fs/afs/vlclient.c | 10 +- fs/afs/volume.c | 47 +- fs/btrfs/inode.c | 11 +- fs/btrfs/raid56.c | 11 +- fs/cifs/cifsencrypt.c | 3 +- fs/cifs/connect.c | 6 +- fs/cifs/file.c | 26 +- fs/cifs/misc.c | 14 +- fs/cifs/smb2pdu.c | 3 +- fs/devpts/inode.c | 4 +- fs/kernfs/file.c | 2 +- fs/nfs/direct.c | 4 +- fs/nfs/filelayout/filelayout.c | 4 +- fs/nfs/io.c | 2 +- fs/nfs/nfs4idmap.c | 6 +- fs/nfs/nfs4xdr.c | 64 +- fs/nfs/pnfs.c | 4 +- fs/nfs/write.c | 2 + fs/nfsd/nfs4state.c | 1 + fs/overlayfs/inode.c | 39 +- fs/overlayfs/readdir.c | 17 +- fs/overlayfs/super.c | 38 +- fs/overlayfs/util.c | 4 +- fs/pipe.c | 15 +- fs/proc/kcore.c | 18 +- fs/ubifs/dir.c | 10 +- include/crypto/hash.h | 34 +- include/crypto/internal/hash.h | 2 + include/crypto/poly1305.h | 2 - include/kvm/arm_psci.h | 51 + include/linux/arm-smccc.h | 165 +++- include/linux/crypto.h | 8 + include/linux/mtd/map.h | 130 ++- include/linux/nfs4.h | 12 +- include/linux/psci.h | 14 + include/scsi/scsi_host.h | 2 + include/uapi/linux/psci.h | 3 + kernel/async.c | 20 +- kernel/irq/autoprobe.c | 2 +- kernel/irq/chip.c | 6 +- kernel/irq/internals.h | 2 +- kernel/relay.c | 1 - kernel/sched/rt.c | 24 +- kernel/sched/sched.h | 2 + kernel/sched/topology.c | 13 + kernel/trace/ftrace.c | 1 - lib/Kconfig.debug | 2 +- lib/Kconfig.kasan | 11 + lib/ubsan.c | 50 +- lib/ubsan.h | 14 + scripts/Makefile.kasan | 5 + scripts/Makefile.lib | 2 +- sound/soc/intel/skylake/skl-nhlt.c | 3 +- sound/soc/rockchip/rockchip_i2s.c | 6 + sound/soc/soc-acpi.c | 8 +- sound/soc/soc-compress.c | 8 +- tools/objtool/check.c | 41 +- tools/objtool/check.h | 1 + virt/kvm/arm/arm.c | 11 +- virt/kvm/arm/psci.c | 143 ++- 215 files changed, 3788 insertions(+), 1624 deletions(-)

7 years, 4 months

4
201
0 0

[PATCH] mm: hide a #warning for COMPILE_TEST

by Arnd Bergmann

We get a warning about some slow configurations in randconfig kernels: mm/memory.c:83:2: error: #warning Unfortunate NUMA and NUMA Balancing config, growing page-frame for last_cpupid. [-Werror=cpp] The warning is reasonable by itself, but gets in the way of randconfig build testing, so I'm hiding it whenever CONFIG_COMPILE_TEST is set. The warning was added in 2013 in commit 75980e97dacc ("mm: fold page->_last_nid into page->flags where possible"). Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory.c b/mm/memory.c index a728bed16c20..fc7779165dcf 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -81,7 +81,7 @@ #include "internal.h" -#ifdef LAST_CPUPID_NOT_IN_PAGE_FLAGS +#if defined(LAST_CPUPID_NOT_IN_PAGE_FLAGS) && !defined(CONFIG_COMPILE_TEST) #warning Unfortunate NUMA and NUMA Balancing config, growing page-frame for last_cpupid. #endif -- 2.9.0

7 years, 4 months

2
1
0 0

[Linux-stable-mirror] [PATCH] ashmem: Fix lockdep issue during llseek

by Joel Fernandes

ashmem_mutex create a chain of dependencies like so: (1) mmap syscall -> mmap_sem -> (acquired) ashmem_mmap ashmem_mutex (try to acquire) (block) (2) llseek syscall -> ashmem_llseek -> ashmem_mutex -> (acquired) inode_lock -> inode->i_rwsem (try to acquire) (block) (3) getdents -> iterate_dir -> inode_lock -> inode->i_rwsem (acquired) copy_to_user -> mmap_sem (try to acquire) There is a lock ordering created between mmap_sem and inode->i_rwsem causing a lockdep splat [2] during a syzcaller test, this patch fixes the issue by unlocking the mutex earlier. Functionally that's Ok since we don't need to protect vfs_llseek. [1] https://patchwork.kernel.org/patch/10185031/ [2] https://lkml.org/lkml/2018/1/10/48 Cc: Todd Kjos <tkjos(a)google.com> Cc: Arve Hjonnevag <arve(a)android.com> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Reported-by: syzbot+8ec30bb7bf1a981a2012(a)syzkaller.appspotmail.com Signed-off-by: Joel Fernandes <joelaf(a)google.com> --- drivers/staging/android/ashmem.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c index 372ce9913e6d..6921f86b4aa1 100644 --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -334,24 +334,23 @@ static loff_t ashmem_llseek(struct file *file, loff_t offset, int origin) mutex_lock(&ashmem_mutex); if (asma->size == 0) { - ret = -EINVAL; - goto out; + mutex_unlock(&ashmem_mutex); + return -EINVAL; } if (!asma->file) { - ret = -EBADF; - goto out; + mutex_unlock(&ashmem_mutex); + return -EBADF; } + mutex_unlock(&ashmem_mutex); + ret = vfs_llseek(asma->file, offset, origin); if (ret < 0) - goto out; + return ret; /** Copy f_pos from backing file, since f_ops->llseek() sets it */ file->f_pos = asma->file->f_pos; - -out: - mutex_unlock(&ashmem_mutex); return ret; } -- 2.16.0.rc1.238.g530d649a79-goog

7 years, 4 months

2
2
0 0

[Linux-stable-mirror] [PATCH 4.9 00/92] 4.9.81-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.81 release. There are 92 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Feb 11 13:39:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.81-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.81-rc1 Borislav Petkov <bp(a)suse.de> x86/microcode: Do the family check first Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> drm: rcar-du: Fix race condition when disabling planes at CRTC stop Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> drm: rcar-du: Use the VBK interrupt for vblank events Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: avoid duplicate free_irq() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't call free_irq() on Parent SSI Julian Scheel <julian(a)jusst.de> ASoC: simple-card: Fix misleading error message Robert Baronescu <robert.baronescu(a)nxp.com> crypto: tcrypt - fix S/G table for test_aead_speed() KarimAllah Ahmed <karahmed(a)amazon.de> KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL KarimAllah Ahmed <karahmed(a)amazon.de> KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL KarimAllah Ahmed <karahmed(a)amazon.de> KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES Ashok Raj <ashok.raj(a)intel.com> KVM/x86: Add IBPB support Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: make MSR bitmaps per-VCPU Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: introduce alloc_loaded_vmcs Jim Mattson <jmattson(a)google.com> KVM: nVMX: Eliminate vmcs02 pool David Matlack <dmatlack(a)google.com> KVM: nVMX: mark vmcs12 pages dirty on L2 exit David Hildenbrand <david(a)redhat.com> KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail David Hildenbrand <david(a)redhat.com> KVM: nVMX: kmap() can't fail Darren Kenny <darren.kenny(a)oracle.com> x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL Arnd Bergmann <arnd(a)arndb.de> x86/pti: Mark constant arrays as __initconst KarimAllah Ahmed <karahmed(a)amazon.de> x86/spectre: Simplify spectre_v2 command line parsing David Woodhouse <dwmw(a)amazon.co.uk> x86/retpoline: Avoid retpolines for built-in __init functions Dan Williams <dan.j.williams(a)intel.com> x86/kvm: Update spectre-v1 mitigation Josh Poimboeuf <jpoimboe(a)redhat.com> x86/paravirt: Remove 'noreplace-paravirt' cmdline option David Woodhouse <dwmw(a)amazon.co.uk> x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel Colin Ian King <colin.king(a)canonical.com> x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" Dan Williams <dan.j.williams(a)intel.com> x86/spectre: Report get_user mitigation for spectre_v1 Dan Williams <dan.j.williams(a)intel.com> nl80211: Sanitize array index in parse_txq_params Dan Williams <dan.j.williams(a)intel.com> vfs, fdtable: Prevent bounds-check bypass via speculative execution Dan Williams <dan.j.williams(a)intel.com> x86/syscall: Sanitize syscall table de-references under speculation Dan Williams <dan.j.williams(a)intel.com> x86/get_user: Use pointer masking to limit speculation Dan Williams <dan.j.williams(a)intel.com> x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec Dan Williams <dan.j.williams(a)intel.com> x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} Dan Williams <dan.j.williams(a)intel.com> x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec Dan Williams <dan.j.williams(a)intel.com> x86: Introduce barrier_nospec Dan Williams <dan.j.williams(a)intel.com> x86: Implement array_index_mask_nospec Dan Williams <dan.j.williams(a)intel.com> array_index_nospec: Sanitize speculative array de-references Mark Rutland <mark.rutland(a)arm.com> Documentation: Document array_index_nospec Andy Lutomirski <luto(a)kernel.org> x86/asm: Move 'status' from thread_struct to thread_info Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Push extra regs right away Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove the SYSCALL64 fast path Dou Liyang <douly.fnst(a)cn.fujitsu.com> x86/spectre: Check CONFIG_RETPOLINE in command line parser Borislav Petkov <bp(a)alien8.de> x86/retpoline: Simplify vmexit_fill_RSB() David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Clean up Spectre v2 related CPUID flags Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/bugs: Make retpoline module warning conditional Borislav Petkov <bp(a)suse.de> x86/bugs: Drop one "mitigation" from dmesg Borislav Petkov <bp(a)suse.de> x86/nospec: Fix header guards names Borislav Petkov <bp(a)suse.de> x86/alternative: Print unadorned pointers David Woodhouse <dwmw(a)amazon.co.uk> x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes David Woodhouse <dwmw(a)amazon.co.uk> x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown David Woodhouse <dwmw(a)amazon.co.uk> x86/msr: Add definitions for new speculation control MSRs David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Add AMD feature bits for Speculation Control David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Add Intel feature bits for Speculation Control David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Add CPUID_7_EDX CPUID leaf Andi Kleen <ak(a)linux.intel.com> module/retpoline: Warn about missing retpoline in module Peter Zijlstra <peterz(a)infradead.org> KVM: VMX: Make indirect call speculation safe Peter Zijlstra <peterz(a)infradead.org> KVM: x86: Make indirect calls in emulator speculation safe Waiman Long <longman(a)redhat.com> x86/retpoline: Remove the esp/rsp thunk Eric Biggers <ebiggers(a)google.com> KEYS: encrypted: fix buffer overread in valid_master_desc() Takashi Iwai <tiwai(a)suse.de> b43: Add missing MODULE_FIRMWARE() Jesse Chan <jc(a)linux.com> media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Borislav Petkov <bp(a)suse.de> x86/microcode/AMD: Do not load when running on a hypervisor Josh Poimboeuf <jpoimboe(a)redhat.com> x86/asm: Fix inline asm call constraints for GCC 4.4 Eric Dumazet <edumazet(a)google.com> soreuseport: fix mem leak in reuseport_add_sock() Martin KaFai Lau <kafai(a)fb.com> ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only Paolo Abeni <pabeni(a)redhat.com> cls_u32: add missing RCU annotation. Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix pacing_gain to always be unity when using lt_bw Jason Wang <jasowang(a)redhat.com> vhost_net: stop device during reset owner Li RongQing <lirongqing(a)baidu.com> tcp: release sk_frag.page in tcp_disconnect Chunhao Lin <hau(a)realtek.com> r8169: fix RTL8168EP take too long to complete driver initialization. Kristian Evensen <kristian.evensen(a)gmail.com> qmi_wwan: Add support for Quectel EP06 Junxiao Bi <junxiao.bi(a)oracle.com> qlcnic: fix deadlock bug Eric Dumazet <edumazet(a)google.com> net: igmp: add a missing rcu locking section Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> ip6mr: fix stale iterator Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> serial: core: mark port as initialized after successful IRQ change Hugh Dickins <hughd(a)google.com> kaiser: allocate pgd with order 0 when pti=off Dave Hansen <dave.hansen(a)linux.intel.com> x86/pti: Make unpoison of pgd for trusted boot work for real Hugh Dickins <hughd(a)google.com> kaiser: fix intel_bts perf crashes Jesse Chan <jc(a)linux.com> ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Jesse Chan <jc(a)linux.com> pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Jesse Chan <jc(a)linux.com> auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Allow control of RFI flush via debugfs Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Wire up cpu_show_meltdown() Oliver O'Halloran <oohall(a)gmail.com> powerpc/powernv: Check device-tree for RFI flush settings Michael Neuling <mikey(a)neuling.org> powerpc/pseries: Query hypervisor for RFI flush settings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Add support for RFI flush of L1-D cache Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Add macros for annotating the destination of rfid/hrfid Michael Neuling <mikey(a)neuling.org> powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper ------------- Diffstat: Documentation/kernel-parameters.txt | 2 - Documentation/speculation.txt | 90 +++ Makefile | 4 +- arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/exception-64e.h | 6 + arch/powerpc/include/asm/exception-64s.h | 53 ++ arch/powerpc/include/asm/feature-fixups.h | 15 + arch/powerpc/include/asm/hvcall.h | 17 + arch/powerpc/include/asm/paca.h | 10 + arch/powerpc/include/asm/plpar_wrappers.h | 14 + arch/powerpc/include/asm/setup.h | 13 + arch/powerpc/kernel/asm-offsets.c | 4 + arch/powerpc/kernel/entry_64.S | 30 +- arch/powerpc/kernel/exceptions-64s.S | 108 ++- arch/powerpc/kernel/setup_64.c | 139 ++++ arch/powerpc/kernel/vmlinux.lds.S | 9 + arch/powerpc/lib/feature-fixups.c | 42 ++ arch/powerpc/platforms/powernv/setup.c | 50 ++ arch/powerpc/platforms/pseries/setup.c | 35 + arch/x86/entry/common.c | 9 +- arch/x86/entry/entry_32.S | 3 +- arch/x86/entry/entry_64.S | 134 +--- arch/x86/entry/syscall_64.c | 7 +- arch/x86/events/intel/bts.c | 44 +- arch/x86/include/asm/asm-prototypes.h | 4 +- arch/x86/include/asm/asm.h | 4 +- arch/x86/include/asm/barrier.h | 28 + arch/x86/include/asm/cpufeature.h | 7 +- arch/x86/include/asm/cpufeatures.h | 22 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/intel-family.h | 7 +- arch/x86/include/asm/msr-index.h | 12 + arch/x86/include/asm/msr.h | 3 +- arch/x86/include/asm/nospec-branch.h | 91 +-- arch/x86/include/asm/pgalloc.h | 11 - arch/x86/include/asm/pgtable.h | 6 + arch/x86/include/asm/processor.h | 2 - arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/syscall.h | 6 +- arch/x86/include/asm/thread_info.h | 3 +- arch/x86/include/asm/uaccess.h | 15 +- arch/x86/include/asm/uaccess_32.h | 12 +- arch/x86/include/asm/uaccess_64.h | 12 +- arch/x86/kernel/alternative.c | 28 +- arch/x86/kernel/cpu/bugs.c | 128 +++- arch/x86/kernel/cpu/common.c | 70 +- arch/x86/kernel/cpu/intel.c | 66 ++ arch/x86/kernel/cpu/microcode/core.c | 47 +- arch/x86/kernel/cpu/scattered.c | 2 - arch/x86/kernel/process_64.c | 4 +- arch/x86/kernel/ptrace.c | 2 +- arch/x86/kernel/signal.c | 2 +- arch/x86/kernel/tboot.c | 10 + arch/x86/kvm/cpuid.c | 21 +- arch/x86/kvm/cpuid.h | 31 + arch/x86/kvm/emulate.c | 10 +- arch/x86/kvm/svm.c | 116 ++++ arch/x86/kvm/vmx.c | 763 +++++++++++---------- arch/x86/kvm/x86.c | 1 + arch/x86/lib/Makefile | 1 + arch/x86/lib/getuser.S | 10 + arch/x86/lib/retpoline.S | 57 +- arch/x86/lib/usercopy_32.c | 8 +- crypto/tcrypt.c | 6 +- drivers/auxdisplay/img-ascii-lcd.c | 4 + drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 55 +- drivers/gpu/drm/rcar-du/rcar_du_crtc.h | 8 + drivers/media/platform/soc_camera/soc_scale_crop.c | 4 + .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 18 +- drivers/net/ethernet/realtek/r8169.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/broadcom/b43/main.c | 10 + drivers/pinctrl/pxa/pinctrl-pxa2xx.c | 4 + drivers/tty/serial/serial_core.c | 2 + drivers/vhost/net.c | 1 + include/linux/fdtable.h | 5 +- include/linux/init.h | 9 +- include/linux/module.h | 9 + include/linux/nospec.h | 72 ++ kernel/module.c | 11 + net/core/sock_reuseport.c | 35 +- net/ipv4/igmp.c | 4 + net/ipv4/tcp.c | 6 + net/ipv4/tcp_bbr.c | 6 +- net/ipv6/af_inet6.c | 11 +- net/ipv6/ip6mr.c | 1 + net/sched/cls_u32.c | 12 +- net/wireless/nl80211.c | 9 +- scripts/mod/modpost.c | 9 + security/keys/encrypted-keys/encrypted.c | 31 +- sound/soc/codecs/pcm512x-spi.c | 4 + sound/soc/generic/simple-card.c | 8 +- sound/soc/sh/rcar/ssi.c | 5 + 93 files changed, 2034 insertions(+), 797 deletions(-)

7 years, 4 months

11
107
0 0

[PATCH] [4.14 only backport] Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS

by Arnd Bergmann

commit 05e89fb576f580ac95e7a5d00bdb34830b09671a upstream. It is no longer possible to build BT_HCIUART into the kernel when SERIAL_DEV_BUS is a loadable module, even if none of the SERIAL_DEV_BUS based implementations are selected: drivers/bluetooth/hci_ldisc.o: In function `hci_uart_set_flow_control': hci_ldisc.c:(.text+0xb40): undefined reference to `serdev_device_set_flow_control' hci_ldisc.c:(.text+0xb5c): undefined reference to `serdev_device_set_tiocm' This adds a dependency to avoid the broken configuration. Fixes: 7841d554809b ("Bluetooth: hci_uart_set_flow_control: Fix NULL deref when using serdev") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/bluetooth/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig index 98a60db8e5d1..b33c8d6eb8c7 100644 --- a/drivers/bluetooth/Kconfig +++ b/drivers/bluetooth/Kconfig @@ -66,6 +66,7 @@ config BT_HCIBTSDIO config BT_HCIUART tristate "HCI UART driver" + depends on SERIAL_DEV_BUS || !SERIAL_DEV_BUS depends on TTY help Bluetooth HCI UART driver. @@ -80,7 +81,6 @@ config BT_HCIUART config BT_HCIUART_SERDEV bool depends on SERIAL_DEV_BUS && BT_HCIUART - depends on SERIAL_DEV_BUS=y || SERIAL_DEV_BUS=BT_HCIUART default y config BT_HCIUART_H4 -- 2.9.0

7 years, 4 months

1
0
0 0

[PATCH] staging: fsl-mc: fix build testing on x86

by Arnd Bergmann

Selecting GENERIC_MSI_IRQ_DOMAIN on x86 causes a compile-time error in some configurations: drivers/base/platform-msi.c:37:19: error: field 'arg' has incomplete type On the other architectures, we are fine, but here we should have an additional dependency on X86_LOCAL_APIC so we can get the PCI_MSI_IRQ_DOMAIN symbol. Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/staging/fsl-mc/bus/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/fsl-mc/bus/Kconfig b/drivers/staging/fsl-mc/bus/Kconfig index 504c987447f2..eee1c1b277fa 100644 --- a/drivers/staging/fsl-mc/bus/Kconfig +++ b/drivers/staging/fsl-mc/bus/Kconfig @@ -8,7 +8,7 @@ config FSL_MC_BUS bool "QorIQ DPAA2 fsl-mc bus driver" - depends on OF && (ARCH_LAYERSCAPE || (COMPILE_TEST && (ARM || ARM64 || X86 || PPC))) + depends on OF && (ARCH_LAYERSCAPE || (COMPILE_TEST && (ARM || ARM64 || X86_LOCAL_APIC || PPC))) select GENERIC_MSI_IRQ_DOMAIN help Driver to enable the bus infrastructure for the QorIQ DPAA2 -- 2.9.0

7 years, 4 months

1
0
0 0

[PATCH v2] mm: don't defer struct page initialization for Xen pv guests

by Juergen Gross

Commit f7f99100d8d95dbcf09e0216a143211e79418b9f ("mm: stop zeroing memory during allocation in vmemmap") broke Xen pv domains in some configurations, as the "Pinned" information in struct page of early page tables could get lost. This will lead to the kernel trying to write directly into the page tables instead of asking the hypervisor to do so. The result is a crash like the following: [ 0.004000] BUG: unable to handle kernel paging request at ffff8801ead19008 [ 0.004000] IP: xen_set_pud+0x4e/0xd0 [ 0.004000] PGD 1c0a067 P4D 1c0a067 PUD 23a0067 PMD 1e9de0067 PTE 80100001ead19065 [ 0.004000] Oops: 0003 [#1] PREEMPT SMP [ 0.004000] Modules linked in: [ 0.004000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.0-default+ #271 [ 0.004000] Hardware name: Dell Inc. Latitude E6440/0159N7, BIOS A07 06/26/2014 [ 0.004000] task: ffffffff81c10480 task.stack: ffffffff81c00000 [ 0.004000] RIP: e030:xen_set_pud+0x4e/0xd0 [ 0.004000] RSP: e02b:ffffffff81c03cd8 EFLAGS: 00010246 [ 0.004000] RAX: 002ffff800000800 RBX: ffff88020fd31000 RCX: 0000000000000000 [ 0.004000] RDX: ffffea0000000000 RSI: 00000001b8308067 RDI: ffff8801ead19008 [ 0.004000] RBP: ffff8801ead19008 R08: aaaaaaaaaaaaaaaa R09: 00000000063f4c80 [ 0.004000] R10: aaaaaaaaaaaaaaaa R11: 0720072007200720 R12: 00000001b8308067 [ 0.004000] R13: ffffffff81c8a9cc R14: ffff88018fd31000 R15: 000077ff80000000 [ 0.004000] FS: 0000000000000000(0000) GS:ffff88020f600000(0000) knlGS:0000000000000000 [ 0.004000] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.004000] CR2: ffff8801ead19008 CR3: 0000000001c09000 CR4: 0000000000042660 [ 0.004000] Call Trace: [ 0.004000] __pmd_alloc+0x128/0x140 [ 0.004000] ? acpi_os_map_iomem+0x175/0x1b0 [ 0.004000] ioremap_page_range+0x3f4/0x410 [ 0.004000] ? acpi_os_map_iomem+0x175/0x1b0 [ 0.004000] __ioremap_caller+0x1c3/0x2e0 [ 0.004000] acpi_os_map_iomem+0x175/0x1b0 [ 0.004000] acpi_tb_acquire_table+0x39/0x66 [ 0.004000] acpi_tb_validate_table+0x44/0x7c [ 0.004000] acpi_tb_verify_temp_table+0x45/0x304 [ 0.004000] ? acpi_ut_acquire_mutex+0x12a/0x1c2 [ 0.004000] acpi_reallocate_root_table+0x12d/0x141 [ 0.004000] acpi_early_init+0x4d/0x10a [ 0.004000] start_kernel+0x3eb/0x4a1 [ 0.004000] ? set_init_arg+0x55/0x55 [ 0.004000] xen_start_kernel+0x528/0x532 [ 0.004000] Code: 48 01 e8 48 0f 42 15 a2 fd be 00 48 01 d0 48 ba 00 00 00 00 00 ea ff ff 48 c1 e8 0c 48 c1 e0 06 48 01 d0 48 8b 00 f6 c4 02 75 5d <4c> 89 65 00 5b 5d 41 5c c3 65 8b 05 52 9f fe 7e 89 c0 48 0f a3 [ 0.004000] RIP: xen_set_pud+0x4e/0xd0 RSP: ffffffff81c03cd8 [ 0.004000] CR2: ffff8801ead19008 [ 0.004000] ---[ end trace 38eca2e56f1b642e ]--- Avoid this problem by not deferring struct page initialization when running as Xen pv guest. Cc: <stable(a)vger.kernel.org> #4.15 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- mm/page_alloc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 81e18ceef579..681d504b9a40 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -347,6 +347,9 @@ static inline bool update_defer_init(pg_data_t *pgdat, /* Always populate low zones for address-constrained allocations */ if (zone_end < pgdat_end_pfn(pgdat)) return true; + /* Xen PV domains need page structures early */ + if (xen_pv_domain()) + return true; (*nr_initialised)++; if ((*nr_initialised > pgdat->static_init_pgcnt) && (pfn & (PAGES_PER_SECTION - 1)) == 0) { -- 2.13.6

7 years, 4 months

1
0
0 0

[PATCH v3] ASoC: sgtl5000: Fix suspend/resume

by Fabio Estevam

From: Fabio Estevam <fabio.estevam(a)nxp.com> Commit 8419caa72702 ("ASoC: sgtl5000: Do not disable regulators in SND_SOC_BIAS_OFF") causes the sgtl5000 to fail after a suspend/resume sequence: # aplay /media/a2002011001-e02.wav Playing WAVE '/media/a2002011001-e02.wav' : Signed 16 bit Little Endian, Rate 44100 Hz, Stereo aplay: pcm_write:2051: write error: Input/output error The problem is caused by the fact that the aforementioned commit dropped the cache handling, so re-introduce the register map resync to fix the problem. Cc: <stable(a)vger.kernel.org> Suggested-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> --- Changes since v2: - Rebased against Linus' tree sound/soc/codecs/sgtl5000.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c index e1ab553..7ff5cb7 100644 --- a/sound/soc/codecs/sgtl5000.c +++ b/sound/soc/codecs/sgtl5000.c @@ -871,15 +871,26 @@ static int sgtl5000_pcm_hw_params(struct snd_pcm_substream *substream, static int sgtl5000_set_bias_level(struct snd_soc_codec *codec, enum snd_soc_bias_level level) { + struct sgtl5000_priv *sgtl = snd_soc_codec_get_drvdata(codec); + int ret; + switch (level) { case SND_SOC_BIAS_ON: case SND_SOC_BIAS_PREPARE: case SND_SOC_BIAS_STANDBY: + regcache_cache_only(sgtl->regmap, false); + ret = regcache_sync(sgtl->regmap); + if (ret) { + regcache_cache_only(sgtl->regmap, true); + return ret; + } + snd_soc_update_bits(codec, SGTL5000_CHIP_ANA_POWER, SGTL5000_REFTOP_POWERUP, SGTL5000_REFTOP_POWERUP); break; case SND_SOC_BIAS_OFF: + regcache_cache_only(sgtl->regmap, true); snd_soc_update_bits(codec, SGTL5000_CHIP_ANA_POWER, SGTL5000_REFTOP_POWERUP, 0); break; -- 2.7.4

7 years, 4 months

2
1
0 0

patch "binder: replace "%p" with "%pK"" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled binder: replace "%p" with "%pK" to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 8ca86f1639ec5890d400fff9211aca22d0a392eb Mon Sep 17 00:00:00 2001 From: Todd Kjos <tkjos(a)android.com> Date: Wed, 7 Feb 2018 13:57:37 -0800 Subject: binder: replace "%p" with "%pK" The format specifier "%p" can leak kernel addresses. Use "%pK" instead. There were 4 remaining cases in binder.c. Signed-off-by: Todd Kjos <tkjos(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 31322e9a235d..a85f9033b57e 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2199,7 +2199,7 @@ static void binder_transaction_buffer_release(struct binder_proc *proc, int debug_id = buffer->debug_id; binder_debug(BINDER_DEBUG_TRANSACTION, - "%d buffer release %d, size %zd-%zd, failed at %p\n", + "%d buffer release %d, size %zd-%zd, failed at %pK\n", proc->pid, buffer->debug_id, buffer->data_size, buffer->offsets_size, failed_at); @@ -3711,7 +3711,7 @@ static int binder_thread_write(struct binder_proc *proc, } } binder_debug(BINDER_DEBUG_DEAD_BINDER, - "%d:%d BC_DEAD_BINDER_DONE %016llx found %p\n", + "%d:%d BC_DEAD_BINDER_DONE %016llx found %pK\n", proc->pid, thread->pid, (u64)cookie, death); if (death == NULL) { @@ -5042,7 +5042,7 @@ static void print_binder_transaction_ilocked(struct seq_file *m, spin_lock(&t->lock); to_proc = t->to_proc; seq_printf(m, - "%s %d: %p from %d:%d to %d:%d code %x flags %x pri %ld r%d", + "%s %d: %pK from %d:%d to %d:%d code %x flags %x pri %ld r%d", prefix, t->debug_id, t, t->from ? t->from->proc->pid : 0, t->from ? t->from->pid : 0, @@ -5066,7 +5066,7 @@ static void print_binder_transaction_ilocked(struct seq_file *m, } if (buffer->target_node) seq_printf(m, " node %d", buffer->target_node->debug_id); - seq_printf(m, " size %zd:%zd data %p\n", + seq_printf(m, " size %zd:%zd data %pK\n", buffer->data_size, buffer->offsets_size, buffer->data); } -- 2.16.1

7 years, 4 months

1
0
0 0

patch "ANDROID: binder: synchronize_rcu() when using POLLFREE." added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ANDROID: binder: synchronize_rcu() when using POLLFREE. to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5eeb2ca02a2f6084fc57ae5c244a38baab07033a Mon Sep 17 00:00:00 2001 From: Martijn Coenen <maco(a)android.com> Date: Fri, 16 Feb 2018 09:47:15 +0100 Subject: ANDROID: binder: synchronize_rcu() when using POLLFREE. To prevent races with ep_remove_waitqueue() removing the waitqueue at the same time. Reported-by: syzbot+a2a3c4909716e271487e(a)syzkaller.appspotmail.com Signed-off-by: Martijn Coenen <maco(a)android.com> Cc: stable <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index a85f9033b57e..764b63a5aade 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -4382,6 +4382,15 @@ static int binder_thread_release(struct binder_proc *proc, binder_inner_proc_unlock(thread->proc); + /* + * This is needed to avoid races between wake_up_poll() above and + * and ep_remove_waitqueue() called for other reasons (eg the epoll file + * descriptor being closed); ep_remove_waitqueue() holds an RCU read + * lock, so we can be sure it's done after calling synchronize_rcu(). + */ + if (thread->looper & BINDER_LOOPER_STATE_POLL) + synchronize_rcu(); + if (send_reply) binder_send_failed_reply(send_reply, BR_DEAD_REPLY); binder_release_work(proc, &thread->todo); -- 2.16.1

7 years, 4 months

1
0
0 0

patch "ANDROID: binder: remove WARN() for redundant txn error" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ANDROID: binder: remove WARN() for redundant txn error to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e46a3b3ba7509cb7fda0e07bc7c63a2cd90f579b Mon Sep 17 00:00:00 2001 From: Todd Kjos <tkjos(a)android.com> Date: Wed, 7 Feb 2018 12:38:47 -0800 Subject: ANDROID: binder: remove WARN() for redundant txn error binder_send_failed_reply() is called when a synchronous transaction fails. It reports an error to the thread that is waiting for the completion. Given that the transaction is synchronous, there should never be more than 1 error response to that thread -- this was being asserted with a WARN(). However, when exercising the driver with syzbot tests, cases were observed where multiple "synchronous" requests were sent without waiting for responses, so it is possible that multiple errors would be reported to the thread. This testing was conducted with panic_on_warn set which forced the crash. This is easily reproduced by sending back-to-back "synchronous" transactions without checking for any response (eg, set read_size to 0): bwr.write_buffer = (uintptr_t)&bc1; bwr.write_size = sizeof(bc1); bwr.read_buffer = (uintptr_t)&br; bwr.read_size = 0; ioctl(fd, BINDER_WRITE_READ, &bwr); sleep(1); bwr2.write_buffer = (uintptr_t)&bc2; bwr2.write_size = sizeof(bc2); bwr2.read_buffer = (uintptr_t)&br; bwr2.read_size = 0; ioctl(fd, BINDER_WRITE_READ, &bwr2); sleep(1); The first transaction is sent to the servicemanager and the reply fails because no VMA is set up by this client. After binder_send_failed_reply() is called, the BINDER_WORK_RETURN_ERROR is sitting on the thread's todo list since the read_size was 0 and the client is not waiting for a response. The 2nd transaction is sent and the BINDER_WORK_RETURN_ERROR has not been consumed, so the thread's reply_error.cmd is still set (normally cleared when the BINDER_WORK_RETURN_ERROR is handled). Therefore when the servicemanager attempts to reply to the 2nd failed transaction, the error is already set and it triggers this warning. This is a user error since it is not waiting for the synchronous transaction to complete. If it ever does check, it will see an error. Changed the WARN() to a pr_warn(). Signed-off-by: Todd Kjos <tkjos(a)android.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index ad5e662e3e14..31322e9a235d 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1991,8 +1991,14 @@ static void binder_send_failed_reply(struct binder_transaction *t, &target_thread->reply_error.work); wake_up_interruptible(&target_thread->wait); } else { - WARN(1, "Unexpected reply error: %u\n", - target_thread->reply_error.cmd); + /* + * Cannot get here for normal operation, but + * we can if multiple synchronous transactions + * are sent without blocking for responses. + * Just ignore the 2nd error in this case. + */ + pr_warn("Unexpected reply error: %u\n", + target_thread->reply_error.cmd); } binder_inner_proc_unlock(target_thread->proc); binder_thread_dec_tmpref(target_thread); -- 2.16.1

7 years, 4 months

1
0
0 0

patch "usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 98112041bcca164676367e261c8c1073ef70cb51 Mon Sep 17 00:00:00 2001 From: Roger Quadros <rogerq(a)ti.com> Date: Mon, 12 Feb 2018 15:30:08 +0200 Subject: usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume In order for ULPI PHYs to work, dwc3_phy_setup() and dwc3_ulpi_init() must be doene before dwc3_core_get_phy(). commit 541768b08a40 ("usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys") broke this. The other issue is that dwc3_core_get_phy() and dwc3_ulpi_init() should be called only once during the life cycle of the driver. However, as dwc3_core_init() is called during system suspend/resume it will result in multiple calls to dwc3_core_get_phy() and dwc3_ulpi_init() which is wrong. Fix this by moving dwc3_ulpi_init() out of dwc3_phy_setup() into dwc3_core_ulpi_init(). Use a flag 'ulpi_ready' to ensure that dwc3_core_ulpi_init() is called only once from dwc3_core_init(). Use another flag 'phys_ready' to call dwc3_core_get_phy() only once from dwc3_core_init(). Fixes: 541768b08a40 ("usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys") Fixes: f54edb539c11 ("usb: dwc3: core: initialize ULPI before trying to get the PHY") Cc: linux-stable <stable(a)vger.kernel.org> # >= v4.13 Signed-off-by: Roger Quadros <rogerq(a)ti.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/dwc3/core.c | 47 ++++++++++++++++++++++++++++++++++++----------- drivers/usb/dwc3/core.h | 5 +++++ 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 59511f2cd3ac..f1d838a4acd6 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -486,6 +486,22 @@ static void dwc3_cache_hwparams(struct dwc3 *dwc) parms->hwparams8 = dwc3_readl(dwc->regs, DWC3_GHWPARAMS8); } +static int dwc3_core_ulpi_init(struct dwc3 *dwc) +{ + int intf; + int ret = 0; + + intf = DWC3_GHWPARAMS3_HSPHY_IFC(dwc->hwparams.hwparams3); + + if (intf == DWC3_GHWPARAMS3_HSPHY_IFC_ULPI || + (intf == DWC3_GHWPARAMS3_HSPHY_IFC_UTMI_ULPI && + dwc->hsphy_interface && + !strncmp(dwc->hsphy_interface, "ulpi", 4))) + ret = dwc3_ulpi_init(dwc); + + return ret; +} + /** * dwc3_phy_setup - Configure USB PHY Interface of DWC3 Core * @dwc: Pointer to our controller context structure @@ -497,7 +513,6 @@ static void dwc3_cache_hwparams(struct dwc3 *dwc) static int dwc3_phy_setup(struct dwc3 *dwc) { u32 reg; - int ret; reg = dwc3_readl(dwc->regs, DWC3_GUSB3PIPECTL(0)); @@ -568,9 +583,6 @@ static int dwc3_phy_setup(struct dwc3 *dwc) } /* FALLTHROUGH */ case DWC3_GHWPARAMS3_HSPHY_IFC_ULPI: - ret = dwc3_ulpi_init(dwc); - if (ret) - return ret; /* FALLTHROUGH */ default: break; @@ -727,6 +739,7 @@ static void dwc3_core_setup_global_control(struct dwc3 *dwc) } static int dwc3_core_get_phy(struct dwc3 *dwc); +static int dwc3_core_ulpi_init(struct dwc3 *dwc); /** * dwc3_core_init - Low-level initialization of DWC3 Core @@ -758,17 +771,27 @@ static int dwc3_core_init(struct dwc3 *dwc) dwc->maximum_speed = USB_SPEED_HIGH; } - ret = dwc3_core_get_phy(dwc); + ret = dwc3_phy_setup(dwc); if (ret) goto err0; - ret = dwc3_core_soft_reset(dwc); - if (ret) - goto err0; + if (!dwc->ulpi_ready) { + ret = dwc3_core_ulpi_init(dwc); + if (ret) + goto err0; + dwc->ulpi_ready = true; + } - ret = dwc3_phy_setup(dwc); + if (!dwc->phys_ready) { + ret = dwc3_core_get_phy(dwc); + if (ret) + goto err0a; + dwc->phys_ready = true; + } + + ret = dwc3_core_soft_reset(dwc); if (ret) - goto err0; + goto err0a; dwc3_core_setup_global_control(dwc); dwc3_core_num_eps(dwc); @@ -841,6 +864,9 @@ static int dwc3_core_init(struct dwc3 *dwc) phy_exit(dwc->usb2_generic_phy); phy_exit(dwc->usb3_generic_phy); +err0a: + dwc3_ulpi_exit(dwc); + err0: return ret; } @@ -1235,7 +1261,6 @@ static int dwc3_probe(struct platform_device *pdev) err3: dwc3_free_event_buffers(dwc); - dwc3_ulpi_exit(dwc); err2: pm_runtime_allow(&pdev->dev); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 185b9603fd98..860d2bc184d1 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -797,7 +797,9 @@ struct dwc3_scratchpad_array { * @usb3_phy: pointer to USB3 PHY * @usb2_generic_phy: pointer to USB2 PHY * @usb3_generic_phy: pointer to USB3 PHY + * @phys_ready: flag to indicate that PHYs are ready * @ulpi: pointer to ulpi interface + * @ulpi_ready: flag to indicate that ULPI is initialized * @u2sel: parameter from Set SEL request. * @u2pel: parameter from Set SEL request. * @u1sel: parameter from Set SEL request. @@ -895,7 +897,10 @@ struct dwc3 { struct phy *usb2_generic_phy; struct phy *usb3_generic_phy; + bool phys_ready; + struct ulpi *ulpi; + bool ulpi_ready; void __iomem *regs; size_t regs_size; -- 2.16.1

7 years, 4 months

1
0
0 0

patch "usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 17aa31f13cad25daa19d3f923323f552e87bc874 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Mon, 5 Feb 2018 17:12:35 +0900 Subject: usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path This fixes an issue that a gadget driver (usb_f_fs) is possible to stop rx transactions after the usb-dmac is used because the following functions missed to set/check the "running" flag. - usbhsf_dma_prepare_pop_with_usb_dmac() - usbhsf_dma_pop_done_with_usb_dmac() So, if next transaction uses pio, the usbhsf_prepare_pop() can not start the transaction because the "running" flag is 0. Fixes: 8355b2b3082d ("usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle") Cc: <stable(a)vger.kernel.org> # v3.19+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/renesas_usbhs/fifo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c index 5925d111bd47..39fa2fc1b8b7 100644 --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -982,6 +982,10 @@ static int usbhsf_dma_prepare_pop_with_usb_dmac(struct usbhs_pkt *pkt, if ((uintptr_t)pkt->buf & (USBHS_USB_DMAC_XFER_SIZE - 1)) goto usbhsf_pio_prepare_pop; + /* return at this time if the pipe is running */ + if (usbhs_pipe_is_running(pipe)) + return 0; + usbhs_pipe_config_change_bfre(pipe, 1); ret = usbhsf_fifo_select(pipe, fifo, 0); @@ -1172,6 +1176,7 @@ static int usbhsf_dma_pop_done_with_usb_dmac(struct usbhs_pkt *pkt, usbhsf_fifo_clear(pipe, fifo); pkt->actual = usbhs_dma_calc_received_size(pkt, chan, rcv_len); + usbhs_pipe_running(pipe, 0); usbhsf_dma_stop(pipe, fifo); usbhsf_dma_unmap(pkt); usbhsf_fifo_unselect(pipe, pipe->fifo); -- 2.16.1

7 years, 4 months

1
0
0 0

patch "usb: phy: mxs: Fix NULL pointer dereference on i.MX23/28" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: phy: mxs: Fix NULL pointer dereference on i.MX23/28 to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 499350865387f8b8c40a9e9453a9a7eb3cec5dc4 Mon Sep 17 00:00:00 2001 From: Fabio Estevam <fabio.estevam(a)nxp.com> Date: Thu, 18 Jan 2018 00:22:45 -0200 Subject: usb: phy: mxs: Fix NULL pointer dereference on i.MX23/28 Commit e93650994a95 ("usb: phy: mxs: add usb charger type detection") causes the following kernel hang on i.MX28: [ 2.207973] usbcore: registered new interface driver usb-storage [ 2.235659] Unable to handle kernel NULL pointer dereference at virtual address 00000188 [ 2.244195] pgd = (ptrval) [ 2.246994] [00000188] *pgd=00000000 [ 2.250676] Internal error: Oops: 5 [#1] ARM [ 2.254979] Modules linked in: [ 2.258089] CPU: 0 PID: 1 Comm: swapper Not tainted 4.15.0-rc8-next-20180117-00002-g75d5f21 #7 [ 2.266724] Hardware name: Freescale MXS (Device Tree) [ 2.271921] PC is at regmap_read+0x0/0x5c [ 2.275977] LR is at mxs_phy_charger_detect+0x34/0x1dc mxs_phy_charger_detect() makes accesses to the anatop registers via regmap, however i.MX23/28 do not have such registers, which causes a NULL pointer dereference. Fix the issue by doing a NULL check on the 'regmap' pointer. Fixes: e93650994a95 ("usb: phy: mxs: add usb charger type detection") Cc: <stable(a)vger.kernel.org> # v4.15 Reviewed-by: Li Jun <jun.li(a)nxp.com> Acked-by: Peter Chen <peter.chen(a)nxp.com> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/phy/phy-mxs-usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/phy/phy-mxs-usb.c b/drivers/usb/phy/phy-mxs-usb.c index da031c45395a..fbec863350f6 100644 --- a/drivers/usb/phy/phy-mxs-usb.c +++ b/drivers/usb/phy/phy-mxs-usb.c @@ -602,6 +602,9 @@ static enum usb_charger_type mxs_phy_charger_detect(struct usb_phy *phy) void __iomem *base = phy->io_priv; enum usb_charger_type chgr_type = UNKNOWN_TYPE; + if (!regmap) + return UNKNOWN_TYPE; + if (mxs_charger_data_contact_detect(mxs_phy)) return chgr_type; -- 2.16.1

7 years, 4 months

1
0
0 0

[PATCH v2] megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers

by Shivasharan S

Problem Statement: Sending I/O through 32 bit descriptors to Ventura series of controller results in IO timeout on certain conditions. This error only occurs on systems with high I/O activity on Ventura series controllers. Changes in this patch will prevent driver from using 32 bit descriptor and use 64 bit Descriptors. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kashyap Desai <kashyap.desai(a)broadcom.com> Signed-off-by: Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> Reviewed-by: Hannes Reinecke <hare(a)suse.com> Reviewed-by: Tomas Henzl <thenzl(a)redhat.com> --- Changes in v2: Removed below text from function description: * Ventura supports 32 bit Descriptor. * Prior to Ventura (12G) MR controller supports 64 bit Descriptor. drivers/scsi/megaraid/megaraid_sas_fusion.c | 42 ++++++++++------------------- 1 file changed, 14 insertions(+), 28 deletions(-) diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c index 073ced07e662..dc8e850fbfd2 100644 --- a/drivers/scsi/megaraid/megaraid_sas_fusion.c +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c @@ -216,36 +216,30 @@ inline void megasas_return_cmd_fusion(struct megasas_instance *instance, /** * megasas_fire_cmd_fusion - Sends command to the FW * @instance: Adapter soft state - * @req_desc: 32bit or 64bit Request descriptor + * @req_desc: 64bit Request descriptor * - * Perform PCI Write. Ventura supports 32 bit Descriptor. - * Prior to Ventura (12G) MR controller supports 64 bit Descriptor. + * Perform PCI Write. */ static void megasas_fire_cmd_fusion(struct megasas_instance *instance, union MEGASAS_REQUEST_DESCRIPTOR_UNION *req_desc) { - if (instance->adapter_type == VENTURA_SERIES) - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_single_queue_port); - else { #if defined(writeq) && defined(CONFIG_64BIT) - u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | - le32_to_cpu(req_desc->u.low)); + u64 req_data = (((u64)le32_to_cpu(req_desc->u.high) << 32) | + le32_to_cpu(req_desc->u.low)); - writeq(req_data, &instance->reg_set->inbound_low_queue_port); + writeq(req_data, &instance->reg_set->inbound_low_queue_port); #else - unsigned long flags; - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc->u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc->u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + unsigned long flags; + spin_lock_irqsave(&instance->hba_lock, flags); + writel(le32_to_cpu(req_desc->u.low), + &instance->reg_set->inbound_low_queue_port); + writel(le32_to_cpu(req_desc->u.high), + &instance->reg_set->inbound_high_queue_port); + mmiowb(); + spin_unlock_irqrestore(&instance->hba_lock, flags); #endif - } } /** @@ -982,7 +976,6 @@ megasas_ioc_init_fusion(struct megasas_instance *instance) const char *sys_info; MFI_CAPABILITIES *drv_ops; u32 scratch_pad_2; - unsigned long flags; ktime_t time; bool cur_fw_64bit_dma_capable; @@ -1121,14 +1114,7 @@ megasas_ioc_init_fusion(struct megasas_instance *instance) break; } - /* For Ventura also IOC INIT required 64 bit Descriptor write. */ - spin_lock_irqsave(&instance->hba_lock, flags); - writel(le32_to_cpu(req_desc.u.low), - &instance->reg_set->inbound_low_queue_port); - writel(le32_to_cpu(req_desc.u.high), - &instance->reg_set->inbound_high_queue_port); - mmiowb(); - spin_unlock_irqrestore(&instance->hba_lock, flags); + megasas_fire_cmd_fusion(instance, &req_desc); wait_and_poll(instance, cmd, MFI_POLL_TIMEOUT_SECS); -- 2.16.1

7 years, 4 months

2
1
0 0

[Linux-stable-mirror] [PATCH] IB/srp: Fix completion vector assignment algorithm

by Bart Van Assche

Ensure that cv_end is equal to ibdev->num_comp_vectors for the NUMA node with the highest index. This patch improves spreading of RDMA channels over completion vectors and thereby improves performance, especially on systems with only a single NUMA node. This patch drops support for the comp_vector login parameter by ignoring the value of that parameter since I have not found a good way to combine support for that parameter and automatic spreading of RDMA channels over completion vectors. Fixes: d92c0da71a35 ("IB/srp: Add multichannel support") Reported-by: Alexander Schmid <alex(a)modula-shop-systems.de> Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Alexander Schmid <alex(a)modula-shop-systems.de> Cc: stable(a)vger.kernel.org --- drivers/infiniband/ulp/srp/ib_srp.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index b48843833d69..241c0e72dce3 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -3871,12 +3871,10 @@ static ssize_t srp_create_target(struct device *dev, num_online_nodes()); const int ch_end = ((node_idx + 1) * target->ch_count / num_online_nodes()); - const int cv_start = (node_idx * ibdev->num_comp_vectors / - num_online_nodes() + target->comp_vector) - % ibdev->num_comp_vectors; - const int cv_end = ((node_idx + 1) * ibdev->num_comp_vectors / - num_online_nodes() + target->comp_vector) - % ibdev->num_comp_vectors; + const int cv_start = node_idx * ibdev->num_comp_vectors / + num_online_nodes(); + const int cv_end = (node_idx + 1) * ibdev->num_comp_vectors / + num_online_nodes(); int cpu_idx = 0; for_each_online_cpu(cpu) { -- 2.16.1

7 years, 4 months

2
1
0 0

[PATCH] linux/nospec.h: allow index argument to have const-qualified type

by Rasmus Villemoes

The last expression in a statement expression need not be a bare variable, quoting gcc docs The last thing in the compound statement should be an expression followed by a semicolon; the value of this subexpression serves as the value of the entire construct. and we already use that in e.g. the min/max macros which end with a ternary expression. This way, we can allow index to have const-qualified type, which will in some cases avoid the need for introducing a local copy of index of non-const qualified type. That, in turn, can prevent readers not familiar with the internals of array_index_nospec from wondering about the seemingly redundant extra variable, and I think that's worthwhile considering how confusing the whole _nospec business is. The expression _i&_mask has type unsigned long (since that is the type of _mask, and the BUILD_BUG_ONs guarantee that _i will get promoted to that), so in order not to change the type of the whole expression, add a cast back to typeof(_i). Cc: stable(a)vger.kernel.org Signed-off-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> --- cc stable because if this is ok, there will probably be future users relying on this which also get cc'ed to -stable. include/linux/nospec.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/nospec.h b/include/linux/nospec.h index fbc98e2c8228..132e3f5a2e0d 100644 --- a/include/linux/nospec.h +++ b/include/linux/nospec.h @@ -72,7 +72,6 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \ BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \ \ - _i &= _mask; \ - _i; \ + (typeof(_i)) (_i & _mask); \ }) #endif /* _LINUX_NOSPEC_H */ -- 2.15.1

7 years, 4 months

3
4
0 0

patch "Add delay-init quirk for Corsair K70 RGB keyboards" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Add delay-init quirk for Corsair K70 RGB keyboards to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7a1646d922577b5b48c0d222e03831141664bb59 Mon Sep 17 00:00:00 2001 From: Jack Stocker <jackstocker.93(a)gmail.com> Date: Thu, 15 Feb 2018 18:24:10 +0000 Subject: Add delay-init quirk for Corsair K70 RGB keyboards Following on from this patch: https://lkml.org/lkml/2017/11/3/516, Corsair K70 RGB keyboards also require the DELAY_INIT quirk to start correctly at boot. Device ids found here: usb 3-3: New USB device found, idVendor=1b1c, idProduct=1b13 usb 3-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 3-3: Product: Corsair K70 RGB Gaming Keyboard Signed-off-by: Jack Stocker <jackstocker.93(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index 4024926c1d68..f4a548471f0f 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -226,6 +226,9 @@ static const struct usb_device_id usb_quirk_list[] = { { USB_DEVICE(0x1a0a, 0x0200), .driver_info = USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL }, + /* Corsair K70 RGB */ + { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT }, + /* Corsair Strafe RGB */ { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT }, -- 2.16.1

7 years, 4 months

1
0
0 0

[PATCH] xfrm: Fix return value check of copy_sec_ctx.

by Dmitry Shmidt

Please add this patch to stable 3.18, 4.4 and 4.9 It exists in 4.14. ---------------------------------------------------------------------------- commit 8598112d04af21cf6c895670e72dcb8a9f58e74f Author: Steffen Klassert <steffen.klassert(a)secunet.com> Date: Thu Aug 31 10:37:00 2017 +0200 xfrm: Fix return value check of copy_sec_ctx. A recent commit added an output_mark. When copying this output_mark, the return value of copy_sec_ctx is overwitten without a check. Fix this by copying the output_mark before the security context. Fixes: 077fbac405bf ("net: xfrm: support setting an output mark.") Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com>

7 years, 4 months

2
2
0 0

patch "usb: ohci: Proper handling of ed_rm_list to handle race condition" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: ohci: Proper handling of ed_rm_list to handle race condition to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 46408ea558df13b110e0866b99624384a33bdeba Mon Sep 17 00:00:00 2001 From: AMAN DEEP <aman.deep(a)samsung.com> Date: Thu, 8 Feb 2018 11:55:01 +0800 Subject: usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() There is a race condition between finish_unlinks->finish_urb() function and usb_kill_urb() in ohci controller case. The finish_urb calls spin_unlock(&ohci->lock) before usb_hcd_giveback_urb() function call, then if during this time, usb_kill_urb is called for another endpoint, then new ed will be added to ed_rm_list at beginning for unlink, and ed_rm_list will point to newly added. When finish_urb() is completed in finish_unlinks() and ed->td_list becomes empty as in below code (in finish_unlinks() function): if (list_empty(&ed->td_list)) { *last = ed->ed_next; ed->ed_next = NULL; } else if (ohci->rh_state == OHCI_RH_RUNNING) { *last = ed->ed_next; ed->ed_next = NULL; ed_schedule(ohci, ed); } The *last = ed->ed_next will make ed_rm_list to point to ed->ed_next and previously added ed by usb_kill_urb will be left unreferenced by ed_rm_list. This causes usb_kill_urb() hang forever waiting for finish_unlink to remove added ed from ed_rm_list. The main reason for hang in this race condtion is addition and removal of ed from ed_rm_list in the beginning during usb_kill_urb and later last* is modified in finish_unlinks(). As suggested by Alan Stern, the solution for proper handling of ohci->ed_rm_list is to remove ed from the ed_rm_list before finishing any URBs. Then at the end, we can add ed back to the list if necessary. This properly handle the updated ohci->ed_rm_list in usb_kill_urb(). Fixes: 977dcfdc6031 ("USB: OHCI: don't lose track of EDs when a controller dies") Acked-by: Alan Stern <stern(a)rowland.harvard.edu> CC: <stable(a)vger.kernel.org> Signed-off-by: Aman Deep <aman.deep(a)samsung.com> Signed-off-by: Jeffy Chen <jeffy.chen(a)rock-chips.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ohci-q.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/drivers/usb/host/ohci-q.c b/drivers/usb/host/ohci-q.c index b2ec8c399363..4ccb85a67bb3 100644 --- a/drivers/usb/host/ohci-q.c +++ b/drivers/usb/host/ohci-q.c @@ -1019,6 +1019,8 @@ static void finish_unlinks(struct ohci_hcd *ohci) * have modified this list. normally it's just prepending * entries (which we'd ignore), but paranoia won't hurt. */ + *last = ed->ed_next; + ed->ed_next = NULL; modified = 0; /* unlink urbs as requested, but rescan the list after @@ -1077,21 +1079,22 @@ static void finish_unlinks(struct ohci_hcd *ohci) goto rescan_this; /* - * If no TDs are queued, take ED off the ed_rm_list. + * If no TDs are queued, ED is now idle. * Otherwise, if the HC is running, reschedule. - * If not, leave it on the list for further dequeues. + * If the HC isn't running, add ED back to the + * start of the list for later processing. */ if (list_empty(&ed->td_list)) { - *last = ed->ed_next; - ed->ed_next = NULL; ed->state = ED_IDLE; list_del(&ed->in_use_list); } else if (ohci->rh_state == OHCI_RH_RUNNING) { - *last = ed->ed_next; - ed->ed_next = NULL; ed_schedule(ohci, ed); } else { - last = &ed->ed_next; + ed->ed_next = ohci->ed_rm_list; + ohci->ed_rm_list = ed; + /* Don't loop on the same ED */ + if (last == &ohci->ed_rm_list) + last = &ed->ed_next; } if (modified) -- 2.16.1

7 years, 4 months

1
0
0 0

patch "usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From d6efa938ac366fe8cb92d6157f74d43cc35f1c67 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Mon, 5 Feb 2018 17:12:35 +0900 Subject: usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path This fixes an issue that a gadget driver (usb_f_fs) is possible to stop rx transactions after the usb-dmac is used because the following functions missed to set/check the "running" flag. - usbhsf_dma_prepare_pop_with_usb_dmac() - usbhsf_dma_pop_done_with_usb_dmac() So, if next transaction uses pio, the usbhsf_prepare_pop() can not start the transaction because the "running" flag is 0. Fixes: 8355b2b3082d ("usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle") Cc: <stable(a)vger.kernel.org> # v3.19+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/renesas_usbhs/fifo.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c index 5925d111bd47..39fa2fc1b8b7 100644 --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -982,6 +982,10 @@ static int usbhsf_dma_prepare_pop_with_usb_dmac(struct usbhs_pkt *pkt, if ((uintptr_t)pkt->buf & (USBHS_USB_DMAC_XFER_SIZE - 1)) goto usbhsf_pio_prepare_pop; + /* return at this time if the pipe is running */ + if (usbhs_pipe_is_running(pipe)) + return 0; + usbhs_pipe_config_change_bfre(pipe, 1); ret = usbhsf_fifo_select(pipe, fifo, 0); @@ -1172,6 +1176,7 @@ static int usbhsf_dma_pop_done_with_usb_dmac(struct usbhs_pkt *pkt, usbhsf_fifo_clear(pipe, fifo); pkt->actual = usbhs_dma_calc_received_size(pkt, chan, rcv_len); + usbhs_pipe_running(pipe, 0); usbhsf_dma_stop(pipe, fifo); usbhsf_dma_unmap(pkt); usbhsf_fifo_unselect(pipe, pipe->fifo); -- 2.16.1

7 years, 4 months

1
0
0 0

patch "usb: ldusb: add PIDs for new CASSY devices supported by this driver" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: ldusb: add PIDs for new CASSY devices supported by this driver to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 52ad2bd8918158266fc88a05f95429b56b6a33c5 Mon Sep 17 00:00:00 2001 From: Karsten Koop <kkoop(a)ld-didactic.de> Date: Fri, 9 Feb 2018 09:12:06 +0000 Subject: usb: ldusb: add PIDs for new CASSY devices supported by this driver This patch adds support for new CASSY devices to the ldusb driver. The PIDs are also added to the ignore list in hid-quirks. Signed-off-by: Karsten Koop <kkoop(a)ld-didactic.de> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hid/hid-ids.h | 3 +++ drivers/hid/hid-quirks.c | 3 +++ drivers/usb/misc/ldusb.c | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 43ddcdfbd0da..9454ac134ce2 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -645,6 +645,9 @@ #define USB_DEVICE_ID_LD_MICROCASSYTIME 0x1033 #define USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE 0x1035 #define USB_DEVICE_ID_LD_MICROCASSYPH 0x1038 +#define USB_DEVICE_ID_LD_POWERANALYSERCASSY 0x1040 +#define USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY 0x1042 +#define USB_DEVICE_ID_LD_MACHINETESTCASSY 0x1043 #define USB_DEVICE_ID_LD_JWM 0x1080 #define USB_DEVICE_ID_LD_DMMP 0x1081 #define USB_DEVICE_ID_LD_UMIP 0x1090 diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c index 5f6035a5ce36..e92b77fa574a 100644 --- a/drivers/hid/hid-quirks.c +++ b/drivers/hid/hid-quirks.c @@ -809,6 +809,9 @@ static const struct hid_device_id hid_ignore_list[] = { { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTIME) }, { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE) }, { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYPH) }, + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_POWERANALYSERCASSY) }, + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY) }, + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MACHINETESTCASSY) }, { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_JWM) }, { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_DMMP) }, { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_UMIP) }, diff --git a/drivers/usb/misc/ldusb.c b/drivers/usb/misc/ldusb.c index 63b9e85dc0e9..236a60f53099 100644 --- a/drivers/usb/misc/ldusb.c +++ b/drivers/usb/misc/ldusb.c @@ -42,6 +42,9 @@ #define USB_DEVICE_ID_LD_MICROCASSYTIME 0x1033 /* USB Product ID of Micro-CASSY Time (reserved) */ #define USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE 0x1035 /* USB Product ID of Micro-CASSY Temperature */ #define USB_DEVICE_ID_LD_MICROCASSYPH 0x1038 /* USB Product ID of Micro-CASSY pH */ +#define USB_DEVICE_ID_LD_POWERANALYSERCASSY 0x1040 /* USB Product ID of Power Analyser CASSY */ +#define USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY 0x1042 /* USB Product ID of Converter Controller CASSY */ +#define USB_DEVICE_ID_LD_MACHINETESTCASSY 0x1043 /* USB Product ID of Machine Test CASSY */ #define USB_DEVICE_ID_LD_JWM 0x1080 /* USB Product ID of Joule and Wattmeter */ #define USB_DEVICE_ID_LD_DMMP 0x1081 /* USB Product ID of Digital Multimeter P (reserved) */ #define USB_DEVICE_ID_LD_UMIP 0x1090 /* USB Product ID of UMI P */ @@ -84,6 +87,9 @@ static const struct usb_device_id ld_usb_table[] = { { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTIME) }, { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE) }, { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYPH) }, + { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_POWERANALYSERCASSY) }, + { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY) }, + { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MACHINETESTCASSY) }, { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_JWM) }, { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_DMMP) }, { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_UMIP) }, -- 2.16.1

7 years, 4 months

1
0
0 0

patch "usb: host: ehci: use correct device pointer for dma ops" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: host: ehci: use correct device pointer for dma ops to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 02a10f061a3f8bca1b37332672f50a107198adbe Mon Sep 17 00:00:00 2001 From: Peter Chen <hzpeterchen(a)gmail.com> Date: Thu, 1 Feb 2018 12:26:43 +0800 Subject: usb: host: ehci: use correct device pointer for dma ops commit a8c06e407ef9 ("usb: separate out sysdev pointer from usb_bus") converted to use hcd->self.sysdev for DMA operations instead of hcd->self.controller, but forgot to do it for hcd test mode. Replace the correct one in this commit. Fixes: a8c06e407ef9 ("usb: separate out sysdev pointer from usb_bus") Signed-off-by: Peter Chen <peter.chen(a)nxp.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ehci-hub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c index facafdf8fb95..d7641cbdee43 100644 --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c @@ -774,12 +774,12 @@ static struct urb *request_single_step_set_feature_urb( atomic_inc(&urb->use_count); atomic_inc(&urb->dev->urbnum); urb->setup_dma = dma_map_single( - hcd->self.controller, + hcd->self.sysdev, urb->setup_packet, sizeof(struct usb_ctrlrequest), DMA_TO_DEVICE); urb->transfer_dma = dma_map_single( - hcd->self.controller, + hcd->self.sysdev, urb->transfer_buffer, urb->transfer_buffer_length, DMA_FROM_DEVICE); -- 2.16.1

7 years, 4 months

1
0
0 0

patch "ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From b2685bdacdaab065c172b97b55ab46c6be77a037 Mon Sep 17 00:00:00 2001 From: Shigeru Yoshida <shigeru.yoshida(a)windriver.com> Date: Fri, 2 Feb 2018 13:51:39 +0800 Subject: ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() Running io_watchdog_func() while ohci_urb_enqueue() is running can cause a race condition where ohci->prev_frame_no is corrupted and the watchdog can mis-detect following error: ohci-platform 664a0800.usb: frame counter not updating; disabled ohci-platform 664a0800.usb: HC died; cleaning up Specifically, following scenario causes a race condition: 1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags) and enters the critical section 2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it returns false 3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number read by ohci_frame_no(ohci) 4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer() 5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock, flags) and exits the critical section 6. Later, ohci_urb_enqueue() is called 7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags) and enters the critical section 8. The timer scheduled on step 4 expires and io_watchdog_func() runs 9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags) and waits on it because ohci_urb_enqueue() is already in the critical section on step 7 10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it returns false 11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number read by ohci_frame_no(ohci) because the frame number proceeded between step 3 and 6 12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer() 13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock, flags) and exits the critical section, then wake up io_watchdog_func() which is waiting on step 9 14. io_watchdog_func() enters the critical section 15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no variable to the frame number 16. io_watchdog_func() compares frame_no and ohci->prev_frame_no On step 16, because this calling of io_watchdog_func() is scheduled on step 4, the frame number set in ohci->prev_frame_no is expected to the number set on step 3. However, ohci->prev_frame_no is overwritten on step 11. Because step 16 is executed soon after step 11, the frame number might not proceed, so ohci->prev_frame_no must equals to frame_no. To address above scenario, this patch introduces a special sentinel value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when the watchdog is not pending or running. When ohci_urb_enqueue() schedules the watchdog (step 4 and 12 above), it compares ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is not overwritten while io_watchdog_func() is running. Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida(a)windriver.com> Signed-off-by: Haiqing Bai <Haiqing.Bai(a)windriver.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ohci-hcd.c | 10 +++++++--- drivers/usb/host/ohci-hub.c | 4 +++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c index ee9676349333..84f88fa411cd 100644 --- a/drivers/usb/host/ohci-hcd.c +++ b/drivers/usb/host/ohci-hcd.c @@ -74,6 +74,7 @@ static const char hcd_name [] = "ohci_hcd"; #define STATECHANGE_DELAY msecs_to_jiffies(300) #define IO_WATCHDOG_DELAY msecs_to_jiffies(275) +#define IO_WATCHDOG_OFF 0xffffff00 #include "ohci.h" #include "pci-quirks.h" @@ -231,7 +232,7 @@ static int ohci_urb_enqueue ( } /* Start up the I/O watchdog timer, if it's not running */ - if (!timer_pending(&ohci->io_watchdog) && + if (ohci->prev_frame_no == IO_WATCHDOG_OFF && list_empty(&ohci->eds_in_use) && !(ohci->flags & OHCI_QUIRK_QEMU)) { ohci->prev_frame_no = ohci_frame_no(ohci); @@ -501,6 +502,7 @@ static int ohci_init (struct ohci_hcd *ohci) return 0; timer_setup(&ohci->io_watchdog, io_watchdog_func, 0); + ohci->prev_frame_no = IO_WATCHDOG_OFF; ohci->hcca = dma_alloc_coherent (hcd->self.controller, sizeof(*ohci->hcca), &ohci->hcca_dma, GFP_KERNEL); @@ -730,7 +732,7 @@ static void io_watchdog_func(struct timer_list *t) u32 head; struct ed *ed; struct td *td, *td_start, *td_next; - unsigned frame_no; + unsigned frame_no, prev_frame_no = IO_WATCHDOG_OFF; unsigned long flags; spin_lock_irqsave(&ohci->lock, flags); @@ -835,7 +837,7 @@ static void io_watchdog_func(struct timer_list *t) } } if (!list_empty(&ohci->eds_in_use)) { - ohci->prev_frame_no = frame_no; + prev_frame_no = frame_no; ohci->prev_wdh_cnt = ohci->wdh_cnt; ohci->prev_donehead = ohci_readl(ohci, &ohci->regs->donehead); @@ -845,6 +847,7 @@ static void io_watchdog_func(struct timer_list *t) } done: + ohci->prev_frame_no = prev_frame_no; spin_unlock_irqrestore(&ohci->lock, flags); } @@ -973,6 +976,7 @@ static void ohci_stop (struct usb_hcd *hcd) if (quirk_nec(ohci)) flush_work(&ohci->nec_work); del_timer_sync(&ohci->io_watchdog); + ohci->prev_frame_no = IO_WATCHDOG_OFF; ohci_writel (ohci, OHCI_INTR_MIE, &ohci->regs->intrdisable); ohci_usb_reset(ohci); diff --git a/drivers/usb/host/ohci-hub.c b/drivers/usb/host/ohci-hub.c index fb7aaa3b9d06..634f3c7bf774 100644 --- a/drivers/usb/host/ohci-hub.c +++ b/drivers/usb/host/ohci-hub.c @@ -311,8 +311,10 @@ static int ohci_bus_suspend (struct usb_hcd *hcd) rc = ohci_rh_suspend (ohci, 0); spin_unlock_irq (&ohci->lock); - if (rc == 0) + if (rc == 0) { del_timer_sync(&ohci->io_watchdog); + ohci->prev_frame_no = IO_WATCHDOG_OFF; + } return rc; } -- 2.16.1

7 years, 4 months

1
0
0 0

patch "xhci: fix xhci debugfs errors in xhci_stop" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: fix xhci debugfs errors in xhci_stop to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 11cd764dc9a030991880ad4d51db93918afa5822 Mon Sep 17 00:00:00 2001 From: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Date: Mon, 12 Feb 2018 14:24:51 +0200 Subject: xhci: fix xhci debugfs errors in xhci_stop In function xhci_stop, xhci_debugfs_exit called before xhci_mem_cleanup. xhci_debugfs_exit removed the xhci debugfs root nodes, xhci_mem_cleanup called function xhci_free_virt_devices_depth_first which in turn called function xhci_debugfs_remove_slot. Function xhci_debugfs_remove_slot removed the nodes for devices, the nodes folders are sub folder of xhci debugfs. It is unreasonable to remove xhci debugfs root folder before xhci debugfs sub folder. Function xhci_mem_cleanup should be called before function xhci_debugfs_exit. Fixes: 02b6fdc2a153 ("usb: xhci: Add debugfs interface for xHCI driver") Cc: <stable(a)vger.kernel.org> # v4.15 Signed-off-by: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 4adb6da0bd38..25d4b748a56f 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -646,8 +646,6 @@ static void xhci_stop(struct usb_hcd *hcd) return; } - xhci_debugfs_exit(xhci); - xhci_dbc_exit(xhci); spin_lock_irq(&xhci->lock); @@ -680,6 +678,7 @@ static void xhci_stop(struct usb_hcd *hcd) xhci_dbg_trace(xhci, trace_xhci_dbg_init, "cleaning up memory"); xhci_mem_cleanup(xhci); + xhci_debugfs_exit(xhci); xhci_dbg_trace(xhci, trace_xhci_dbg_init, "xhci_stop completed - status = %x", readl(&xhci->op_regs->status)); -- 2.16.1

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror