- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "can: kvaser_usb: free buf in error paths" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: kvaser_usb: free buf in error paths to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-kvaser_usb-free-buf-in-error-paths.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 435019b48033138581a6171093b181fc6b4d3d30 Mon Sep 17 00:00:00 2001 From: Jimmy Assarsson <jimmyassarsson(a)gmail.com> Date: Tue, 21 Nov 2017 08:22:26 +0100 Subject: can: kvaser_usb: free buf in error paths From: Jimmy Assarsson <jimmyassarsson(a)gmail.com> commit 435019b48033138581a6171093b181fc6b4d3d30 upstream. The allocated buffer was not freed if usb_submit_urb() failed. Signed-off-by: Jimmy Assarsson <jimmyassarsson(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/usb/kvaser_usb.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/can/usb/kvaser_usb.c +++ b/drivers/net/can/usb/kvaser_usb.c @@ -602,6 +602,7 @@ static int kvaser_usb_simple_msg_async(s if (err) { netdev_err(netdev, "Error transmitting URB\n"); usb_unanchor_urb(urb); + kfree(buf); usb_free_urb(urb); kfree(buf); return err; @@ -1385,6 +1386,7 @@ static netdev_tx_t kvaser_usb_start_xmit atomic_dec(&priv->active_tx_urbs); usb_unanchor_urb(urb); + kfree(buf); stats->tx_dropped++; Patches currently in stable-queue which might be from jimmyassarsson(a)gmail.com are queue-3.18/can-kvaser_usb-ratelimit-errors-if-incomplete-messages-are-received.patch queue-3.18/can-kvaser_usb-free-buf-in-error-paths.patch queue-3.18/can-kvaser_usb-fix-comparison-bug-in-kvaser_usb_read_bulk_callback.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-kvaser_usb-fix-comparison-bug-in-kvaser_usb_read_bulk_callback.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e84f44eb5523401faeb9cc1c97895b68e3cfb78d Mon Sep 17 00:00:00 2001 From: Jimmy Assarsson <jimmyassarsson(a)gmail.com> Date: Tue, 21 Nov 2017 08:22:27 +0100 Subject: can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() From: Jimmy Assarsson <jimmyassarsson(a)gmail.com> commit e84f44eb5523401faeb9cc1c97895b68e3cfb78d upstream. The conditon in the while-loop becomes true when actual_length is less than 2 (MSG_HEADER_LEN). In best case we end up with a former, already dispatched msg, that got msg->len greater than actual_length. This will result in a "Format error" error printout. Problem seen when unplugging a Kvaser USB device connected to a vbox guest. warning: comparison between signed and unsigned integer expressions [-Wsign-compare] Signed-off-by: Jimmy Assarsson <jimmyassarsson(a)gmail.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/usb/kvaser_usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/can/usb/kvaser_usb.c +++ b/drivers/net/can/usb/kvaser_usb.c @@ -989,7 +989,7 @@ static void kvaser_usb_read_bulk_callbac goto resubmit_urb; } - while (pos <= urb->actual_length - MSG_HEADER_LEN) { + while (pos <= (int)(urb->actual_length - MSG_HEADER_LEN)) { msg = urb->transfer_buffer + pos; /* The Kvaser firmware can only read and write messages that Patches currently in stable-queue which might be from jimmyassarsson(a)gmail.com are queue-3.18/can-kvaser_usb-ratelimit-errors-if-incomplete-messages-are-received.patch queue-3.18/can-kvaser_usb-free-buf-in-error-paths.patch queue-3.18/can-kvaser_usb-fix-comparison-bug-in-kvaser_usb_read_bulk_callback.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "can: kvaser_usb: cancel urb on -EPIPE and -EPROTO" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: kvaser_usb: cancel urb on -EPIPE and -EPROTO to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-kvaser_usb-cancel-urb-on-epipe-and-eproto.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6aa8d5945502baf4687d80de59b7ac865e9e666b Mon Sep 17 00:00:00 2001 From: Martin Kelly <mkelly(a)xevo.com> Date: Tue, 5 Dec 2017 11:15:49 -0800 Subject: can: kvaser_usb: cancel urb on -EPIPE and -EPROTO From: Martin Kelly <mkelly(a)xevo.com> commit 6aa8d5945502baf4687d80de59b7ac865e9e666b upstream. In mcba_usb, we have observed that when you unplug the device, the driver will endlessly resubmit failing URBs, which can cause CPU stalls. This issue is fixed in mcba_usb by catching the codes seen on device disconnect (-EPIPE and -EPROTO). This driver also resubmits in the case of -EPIPE and -EPROTO, so fix it in the same way. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/usb/kvaser_usb.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/can/usb/kvaser_usb.c +++ b/drivers/net/can/usb/kvaser_usb.c @@ -981,6 +981,8 @@ static void kvaser_usb_read_bulk_callbac case 0: break; case -ENOENT: + case -EPIPE: + case -EPROTO: case -ESHUTDOWN: return; default: Patches currently in stable-queue which might be from mkelly(a)xevo.com are queue-3.18/can-ems_usb-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-esd_usb2-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-usb_8dev-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-kvaser_usb-cancel-urb-on-epipe-and-eproto.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "can: esd_usb2: cancel urb on -EPIPE and -EPROTO" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: esd_usb2: cancel urb on -EPIPE and -EPROTO to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-esd_usb2-cancel-urb-on-epipe-and-eproto.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7a31ced3de06e9878e4f9c3abe8f87d9344d8144 Mon Sep 17 00:00:00 2001 From: Martin Kelly <mkelly(a)xevo.com> Date: Tue, 5 Dec 2017 11:15:48 -0800 Subject: can: esd_usb2: cancel urb on -EPIPE and -EPROTO From: Martin Kelly <mkelly(a)xevo.com> commit 7a31ced3de06e9878e4f9c3abe8f87d9344d8144 upstream. In mcba_usb, we have observed that when you unplug the device, the driver will endlessly resubmit failing URBs, which can cause CPU stalls. This issue is fixed in mcba_usb by catching the codes seen on device disconnect (-EPIPE and -EPROTO). This driver also resubmits in the case of -EPIPE and -EPROTO, so fix it in the same way. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/usb/esd_usb2.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/can/usb/esd_usb2.c +++ b/drivers/net/can/usb/esd_usb2.c @@ -395,6 +395,8 @@ static void esd_usb2_read_bulk_callback( break; case -ENOENT: + case -EPIPE: + case -EPROTO: case -ESHUTDOWN: return; Patches currently in stable-queue which might be from mkelly(a)xevo.com are queue-3.18/can-ems_usb-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-esd_usb2-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-usb_8dev-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-kvaser_usb-cancel-urb-on-epipe-and-eproto.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "can: ems_usb: cancel urb on -EPIPE and -EPROTO" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled can: ems_usb: cancel urb on -EPIPE and -EPROTO to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: can-ems_usb-cancel-urb-on-epipe-and-eproto.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From bd352e1adfe0d02d3ea7c8e3fb19183dc317e679 Mon Sep 17 00:00:00 2001 From: Martin Kelly <mkelly(a)xevo.com> Date: Tue, 5 Dec 2017 11:15:47 -0800 Subject: can: ems_usb: cancel urb on -EPIPE and -EPROTO From: Martin Kelly <mkelly(a)xevo.com> commit bd352e1adfe0d02d3ea7c8e3fb19183dc317e679 upstream. In mcba_usb, we have observed that when you unplug the device, the driver will endlessly resubmit failing URBs, which can cause CPU stalls. This issue is fixed in mcba_usb by catching the codes seen on device disconnect (-EPIPE and -EPROTO). This driver also resubmits in the case of -EPIPE and -EPROTO, so fix it in the same way. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/can/usb/ems_usb.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/can/usb/ems_usb.c +++ b/drivers/net/can/usb/ems_usb.c @@ -290,6 +290,8 @@ static void ems_usb_read_interrupt_callb case -ECONNRESET: /* unlink */ case -ENOENT: + case -EPIPE: + case -EPROTO: case -ESHUTDOWN: return; Patches currently in stable-queue which might be from mkelly(a)xevo.com are queue-3.18/can-ems_usb-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-esd_usb2-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-usb_8dev-cancel-urb-on-epipe-and-eproto.patch queue-3.18/can-kvaser_usb-cancel-urb-on-epipe-and-eproto.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] WTF: patch "[PATCH] fw_cfg: fix driver remove" was seriously submitted to be applied to the 4.14-stable tree?

by gregkh＠linuxfoundation.org

The patch below was submitted to be applied to the 4.14-stable tree. I fail to see how this patch meets the stable kernel rules as found at Documentation/process/stable-kernel-rules.rst. I could be totally wrong, and if so, please respond to <stable(a)vger.kernel.org> and let me know why this patch should be applied. Otherwise, it is now dropped from my patch queues, never to be seen again. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 23f1b8d938c861ee0bbb786162f7ce0685f722ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau(a)redhat.com> Date: Mon, 20 Nov 2017 10:55:15 +0100 Subject: [PATCH] fw_cfg: fix driver remove MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On driver remove(), all objects created during probe() should be removed, but sysfs qemu_fw_cfg/rev file was left. Also reorder functions to match probe() error cleanup code. Cc: stable(a)vger.kernel.org Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> diff --git a/drivers/firmware/qemu_fw_cfg.c b/drivers/firmware/qemu_fw_cfg.c index 5cfe39f7a45f..deb483064f53 100644 --- a/drivers/firmware/qemu_fw_cfg.c +++ b/drivers/firmware/qemu_fw_cfg.c @@ -582,9 +582,10 @@ static int fw_cfg_sysfs_remove(struct platform_device *pdev) { pr_debug("fw_cfg: unloading.\n"); fw_cfg_sysfs_cache_cleanup(); + sysfs_remove_file(fw_cfg_top_ko, &fw_cfg_rev_attr.attr); + fw_cfg_io_cleanup(); fw_cfg_kset_unregister_recursive(fw_cfg_fname_kset); fw_cfg_kobj_cleanup(fw_cfg_sel_ko); - fw_cfg_io_cleanup(); return 0; }

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] FAILED: patch "[PATCH] usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a3acc696085e112733d191a77b106e67a4fa110b Mon Sep 17 00:00:00 2001 From: John Keeping <john(a)metanate.com> Date: Mon, 27 Nov 2017 18:15:40 +0000 Subject: [PATCH] usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT The specification says that the Reserved1 field in OS_DESC_EXT_COMPAT must have the value "1", but when this feature was first implemented we rejected any non-zero values. This was adjusted to accept all non-zero values (while now rejecting zero) in commit 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of OS_DESC_EXT_COMPAT"), but that breaks any userspace programs that worked previously by returning EINVAL when Reserved1 == 0 which was previously the only value that succeeded! If we just set the field to "1" ourselves, both old and new userspace programs continue to work correctly and, as a bonus, old programs are now compliant with the specification without having to fix anything themselves. Fixes: 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of OS_DESC_EXT_COMPAT") Cc: <stable(a)vger.kernel.org> Signed-off-by: John Keeping <john(a)metanate.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 9aa457b53e01..b6cf5ab5a0a1 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -2282,9 +2282,18 @@ static int __ffs_data_do_os_desc(enum ffs_os_desc_type type, int i; if (len < sizeof(*d) || - d->bFirstInterfaceNumber >= ffs->interfaces_count || - !d->Reserved1) + d->bFirstInterfaceNumber >= ffs->interfaces_count) return -EINVAL; + if (d->Reserved1 != 1) { + /* + * According to the spec, Reserved1 must be set to 1 + * but older kernels incorrectly rejected non-zero + * values. We fix it here to avoid returning EINVAL + * in response to values we used to accept. + */ + pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n"); + d->Reserved1 = 1; + } for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i) if (d->Reserved2[i]) return -EINVAL;

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] v4.14.5 build: 0 failures 0 warnings (v4.14.5)

by Build bot for Mark Brown

Tree/Branch: v4.14.5 Git describe: v4.14.5 Commit: 64138f0adb Linux 4.14.5 Build Time: 119 min 24 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.14 00/75] 4.14.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.5 release. There are 75 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Dec 9 13:07:57 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.5-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.5-rc1 Colin Ian King <colin.king(a)canonical.com> usb: host: fix incorrect updating of offset Oliver Neukum <oneukum(a)suse.com> USB: usbfs: Filter flags passed in from user space Masakazu Mokuno <masakazu.mokuno(a)gmail.com> USB: core: Add type-specific length check of BOS descriptors Yu Chen <chenyu56(a)huawei.com> usb: xhci: fix panic in xhci_free_virt_devices_depth_first Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Don't show incorrect WARN message about events for empty rings Johan Hovold <johan(a)kernel.org> USB: ulpi: fix bus-node lookup Mike Looijmans <mike.looijmans(a)topic.nl> usb: hub: Cycle HUB power when initialization fails Gilad Ben-Yossef <gilad(a)benyossef.com> staging: ccree: fix leak of import() after init() Dominik Behr <dbehr(a)chromium.org> dma-buf/sw_sync: force signal all unsignaled fences on dying timeline Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/kprobes: Disable preemption before invoking probe handler for optprobes Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/jprobes: Disable preemption when triggered through ftrace Kees Cook <keescook(a)chromium.org> locking/refcounts, x86/asm: Enable CONFIG_ARCH_HAS_REFCOUNT Gustavo A. R. Silva <garsilva(a)embeddedor.com> iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup() return values Ladislav Michl <ladis(a)linux-mips.org> iio: adc: ti-ads1015: add 10% to conversion wait time Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, x86/mm: Fix performance regression in get_user_pages_fast() Martin Kepplinger <martink(a)posteo.de> perf tools: Fix leaking rec_argv in error cases Arnaldo Carvalho de Melo <acme(a)redhat.com> tools include: Do not use poison with C++ Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/ptrace: fix guarded storage regset handling Kees Cook <keescook(a)chromium.org> locking/refcounts, x86/asm: Use unique .text section for refcount exceptions Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Disable preemption in ftrace-based jprobes Thomas Richter <tmricht(a)linux.vnet.ibm.com> perf test attr: Fix python error on empty result Thomas Richter <tmricht(a)linux.vnet.ibm.com> perf test attr: Fix ignored test case result Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-mc/dpio: Fix incorrect comparison Ian Jamison <ian.dev(a)arkver.com> serial: imx: Update cached mctrl value when changing RTS Ben Hutchings <ben(a)decadent.org.uk> usbip: tools: Install all headers needed for libusbip development Andy Lowe <andy_lowe(a)mentor.com> serial: sh-sci: suppress warning for ports without dma channels Jibin Xu <jibin.xu(a)windriver.com> sysrq : fix Show Regs call trace on ARM Lu Baolu <baolu.lu(a)linux.intel.com> usb: xhci: Return error when host is dead in xhci_disable_slot() Leo Yan <leo.yan(a)linaro.org> ARM: cpuidle: Correct driver unregistration if init fails Larry Finger <Larry.Finger(a)lwfinger.net> staging: rtl8822be: Keep array subscript no lower than zero Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Account for Rx FD buffers on error path Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix error return code in ssusb_gadget_init() Gustavo A. R. Silva <garsilva(a)embeddedor.com> EDAC, sb_edac: Fix missing break in switch Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: timer: renesas, cmt: Fix SoC-specific compatible values Ard Biesheuvel <ard.biesheuvel(a)linaro.org> clocksource/drivers/arm_arch_timer: Validate CNTFRQ after enabling frame Dave Hansen <dave.hansen(a)linux.intel.com> x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y Aaron Sierra <asierra(a)xes-inc.com> serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X Reinette Chatre <reinette.chatre(a)intel.com> x86/intel_rdt: Fix potential deadlock during resctrl mount Reinette Chatre <reinette.chatre(a)intel.com> x86/intel_rdt: Initialize bitmask of shareable resource if CDP enabled Kishon Vijay Abraham I <kishon(a)ti.com> PCI: dra7xx: Create functional dependency between PCIe and PHY Alexey Khoroshilov <khoroshilov(a)ispras.ru> usb: phy: tahvo: fix error handling in tahvo_usb_probe() John Stultz <john.stultz(a)linaro.org> usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode John Stultz <john.stultz(a)linaro.org> usb: dwc2: Fix UDC state tracking Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix __perf_read_group_add() locking Edward A. James <eajames(a)us.ibm.com> hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF Subhash Jadavani <subhashj(a)codeaurora.org> mmc: sdhci-msm: fix issue with power irq Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> mmc: tmio: check mmc_regulator_get_supply return value Johan Hovold <johan(a)kernel.org> spi: spi-axi: fix potential use-after-free after deregistration Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix DMA transfer size check Colin Ian King <colin.king(a)canonical.com> staging: rtl8188eu: avoid a null dereference on pmlmepriv Stanislaw Gruszka <sgruszka(a)redhat.com> staging: rtl8822be: fix wrong dma unmap len Lukas Wunner <lukas(a)wunner.de> serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix ColdFire node shift size calculation Bryan O'Donoghue <pure.logic(a)nexus-software.ie> staging: greybus: loopback: Fix iteration count on async path Andy Lutomirski <luto(a)kernel.org> selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities Andy Lutomirski <luto(a)kernel.org> selftests/x86/ldt_get: Add a few additional tests for limits Christian Borntraeger <borntraeger(a)de.ibm.com> s390/pci: do not require AIS facility Ulf Hansson <ulf.hansson(a)linaro.org> PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() Jason J. Herne <jjherne(a)linux.vnet.ibm.com> s390: vfio-ccw: Do not attempt to free no-op, test and tic cda. Boshi Wang <wangboshi(a)huawei.com> ima: fix hash algorithm initialization Matt Redfearn <matt.redfearn(a)mips.com> MIPS: Add custom serial.h with BASE_BAUD override for generic kernel Matt Redfearn <matt.redfearn(a)mips.com> serial: 8250_early: Only set divisor if valid clk & baud Lu Baolu <baolu.lu(a)linux.intel.com> USB: serial: usb_debug: add new USB device id Sebastian Sjoholm <ssjoholm(a)mac.com> USB: serial: option: add Quectel BG96 id Martijn Coenen <maco(a)android.com> ANDROID: binder: fix transaction leak. Matt Wilson <msw(a)amazon.com> serial: 8250_pci: Add Amazon PCI serial device ID Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub Hans de Goede <hdegoede(a)redhat.com> uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices Yuyang Du <yuyang.du(a)intel.com> usbip: Fix USB device hang due to wrong enabling of scatter-gather Shuah Khan <shuah(a)kernel.org> usbip: fix usbip attach to find a port that matches the requested speed Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/runtime instrumentation: simplify task exit handling Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map Stefan Agner <stefan(a)agner.ch> drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() Stefan Agner <stefan(a)agner.ch> drm/fsl-dcu: avoid disabling pixel clock twice on suspend ------------- Diffstat: .../devicetree/bindings/timer/renesas,cmt.txt | 24 +++--- Makefile | 4 +- arch/Kconfig | 2 +- arch/m68k/mm/mcfmmu.c | 2 +- arch/mips/include/asm/Kbuild | 1 - arch/mips/include/asm/serial.h | 22 +++++ arch/powerpc/kernel/kprobes-ftrace.c | 15 +++- arch/powerpc/kernel/optprobes.c | 5 +- arch/s390/include/asm/pci_insn.h | 2 +- arch/s390/include/asm/runtime_instr.h | 4 +- arch/s390/kernel/process.c | 5 +- arch/s390/kernel/ptrace.c | 33 +++++--- arch/s390/kernel/runtime_instr.c | 30 +++---- arch/s390/pci/pci.c | 5 +- arch/s390/pci/pci_insn.c | 6 +- arch/x86/Kconfig | 2 +- arch/x86/include/asm/refcount.h | 2 +- arch/x86/include/asm/syscalls.h | 2 +- arch/x86/kernel/cpu/intel_rdt.c | 1 + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 8 +- arch/x86/kernel/kprobes/ftrace.c | 23 +++-- arch/x86/kernel/ldt.c | 16 +++- arch/x86/mm/extable.c | 7 +- arch/x86/um/ldt.c | 7 +- drivers/android/binder.c | 40 +++++++-- drivers/base/power/domain.c | 5 +- drivers/clocksource/arm_arch_timer.c | 38 +++++---- drivers/cpuidle/cpuidle-arm.c | 22 +++-- drivers/dma-buf/sw_sync.c | 10 ++- drivers/edac/sb_edac.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_queue_mgr.c | 6 +- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 3 +- drivers/hwmon/pmbus/pmbus.h | 6 +- drivers/hwmon/pmbus/pmbus_core.c | 25 +++--- drivers/iio/adc/ti-ads1015.c | 1 + drivers/iio/multiplexer/iio-mux.c | 6 ++ drivers/mmc/host/sdhci-msm.c | 18 ++++ drivers/mmc/host/tmio_mmc_core.c | 5 +- drivers/pci/dwc/pci-dra7xx.c | 16 ++++ drivers/s390/cio/vfio_ccw_cp.c | 2 + drivers/spi/spi-axi-spi-engine.c | 4 +- drivers/spi/spi-sh-msiof.c | 2 +- drivers/staging/ccree/ssi_hash.c | 9 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 15 +++- drivers/staging/fsl-mc/bus/dpio/dpio-service.c | 4 +- drivers/staging/fsl-mc/include/dpaa2-io.h | 6 +- drivers/staging/greybus/loopback.c | 4 +- drivers/staging/rtl8188eu/core/rtw_mlme.c | 6 +- drivers/staging/rtlwifi/phydm/phydm_dig.c | 2 + drivers/staging/rtlwifi/rtl8822be/fw.c | 2 +- drivers/tty/serial/8250/8250_early.c | 14 ++-- drivers/tty/serial/8250/8250_fintek.c | 2 +- drivers/tty/serial/8250/8250_pci.c | 3 + drivers/tty/serial/8250/8250_port.c | 5 +- drivers/tty/serial/imx.c | 6 +- drivers/tty/serial/sh-sci.c | 8 ++ drivers/tty/sysrq.c | 9 +- drivers/usb/common/ulpi.c | 4 +- drivers/usb/core/config.c | 28 ++++++- drivers/usb/core/devio.c | 14 ++-- drivers/usb/core/hub.c | 9 ++ drivers/usb/core/quirks.c | 3 + drivers/usb/dwc2/gadget.c | 7 ++ drivers/usb/host/ehci-dbg.c | 2 +- drivers/usb/host/xhci-mem.c | 7 ++ drivers/usb/host/xhci-ring.c | 12 ++- drivers/usb/host/xhci.c | 3 +- drivers/usb/mtu3/mtu3_core.c | 4 +- drivers/usb/phy/phy-tahvo.c | 3 +- drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb_debug.c | 2 + drivers/usb/storage/uas-detect.h | 4 + drivers/usb/usbip/vhci_hcd.c | 1 - include/asm-generic/vmlinux.lds.h | 1 + include/uapi/linux/usb/ch9.h | 3 + kernel/events/core.c | 4 +- kernel/kprobes.c | 14 ++-- mm/gup.c | 97 +++++++++++++--------- security/integrity/ima/ima_main.c | 4 + tools/include/linux/poison.h | 5 ++ tools/perf/builtin-c2c.c | 1 + tools/perf/builtin-mem.c | 1 + tools/perf/builtin-timechart.c | 4 +- tools/perf/builtin-trace.c | 1 + tools/perf/tests/attr.c | 2 +- tools/perf/tests/attr.py | 6 +- tools/testing/selftests/x86/ldt_gdt.c | 27 +++++- tools/usb/usbip/Makefile.am | 3 +- tools/usb/usbip/libsrc/vhci_driver.c | 14 +++- 90 files changed, 580 insertions(+), 248 deletions(-)

7 years, 6 months

6
83
0 0

[Linux-stable-mirror] Patch "locking/refcounts: Do not force refcount_t usage as GPL-only export" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled locking/refcounts: Do not force refcount_t usage as GPL-only export to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: locking-refcounts-do-not-force-refcount_t-usage-as-gpl-only-export.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b562c171cf011d297059bd0265742eb5fab0ad2f Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook(a)chromium.org> Date: Mon, 4 Dec 2017 17:24:54 -0800 Subject: locking/refcounts: Do not force refcount_t usage as GPL-only export From: Kees Cook <keescook(a)chromium.org> commit b562c171cf011d297059bd0265742eb5fab0ad2f upstream. The refcount_t protection on x86 was not intended to use the stricter GPL export. This adjusts the linkage again to avoid a regression in the availability of the refcount API. Reported-by: Dave Airlie <airlied(a)gmail.com> Fixes: 7a46ec0e2f48 ("locking/refcounts, x86/asm: Implement fast refcount overflow protection") Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Ivan Kozik <ivan(a)ludios.org> Cc: Thomas Backlund <tmb(a)mageia.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/mm/extable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/mm/extable.c +++ b/arch/x86/mm/extable.c @@ -82,7 +82,7 @@ bool ex_handler_refcount(const struct ex return true; } -EXPORT_SYMBOL_GPL(ex_handler_refcount); +EXPORT_SYMBOL(ex_handler_refcount); /* * Handler for when we fail to restore a task's FPU state. We should never get Patches currently in stable-queue which might be from keescook(a)chromium.org are queue-4.14/locking-refcounts-x86-asm-use-unique-.text-section-for-refcount-exceptions.patch queue-4.14/locking-refcounts-x86-asm-enable-config_arch_has_refcount.patch queue-4.14/locking-refcounts-do-not-force-refcount_t-usage-as-gpl-only-export.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] [PATCH] mm, oom_reaper: fix memory corruption

by Michal Hocko

From: Michal Hocko <mhocko(a)suse.com> David Rientjes has reported the following memory corruption while the oom reaper tries to unmap the victims address space BUG: Bad page map in process oom_reaper pte:6353826300000000 pmd:00000000 addr:00007f50cab1d000 vm_flags:08100073 anon_vma:ffff9eea335603f0 mapping: (null) index:7f50cab1d file: (null) fault: (null) mmap: (null) readpage: (null) CPU: 2 PID: 1001 Comm: oom_reaper Call Trace: [<ffffffffa4bd967d>] dump_stack+0x4d/0x70 [<ffffffffa4a03558>] unmap_page_range+0x1068/0x1130 [<ffffffffa4a2e07f>] __oom_reap_task_mm+0xd5/0x16b [<ffffffffa4a2e226>] oom_reaper+0xff/0x14c [<ffffffffa48d6ad1>] kthread+0xc1/0xe0 Tetsuo Handa has noticed that the synchronization inside exit_mmap is insufficient. We only synchronize with the oom reaper if tsk_is_oom_victim which is not true if the final __mmput is called from a different context than the oom victim exit path. This can trivially happen from context of any task which has grabbed mm reference (e.g. to read /proc/<pid>/ file which requires mm etc.). The race would look like this oom_reaper oom_victim task mmget_not_zero do_exit mmput __oom_reap_task_mm mmput __mmput exit_mmap remove_vma unmap_page_range Fix this issue by providing a new mm_is_oom_victim() helper which operates on the mm struct rather than a task. Any context which operates on a remote mm struct should use this helper in place of tsk_is_oom_victim. The flag is set in mark_oom_victim and never cleared so it is stable in the exit_mmap path. Changes since v1 - set MMF_OOM_SKIP in exit_mmap only for the oom mm as suggested by Tetsuo because there is no reason to set the flag unless we are synchronizing with the oom reaper. - do not modify values of other MMF_ flags and add MMF_OOM_VICTIM as the last one as requested by David Rientjes because they have "automated tools that look at specific bits in mm->flags and it would be nice to not have them be inconsistent between kernel versions. Not absolutely required, but nice to avoid" Reported-by: David Rientjes <rientjes(a)google.com> Debugged-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Cc: stable # 4.14 Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Michal Hocko <mhocko(a)suse.com> --- Hi, this patch fixes issue reported by David [1][2]. [1] http://lkml.kernel.org/r/alpine.DEB.2.10.1712051824050.91099@chino.kir.corp… [2] http://lkml.kernel.org/r/alpine.DEB.2.10.1712071315570.135101@chino.kir.cor… include/linux/oom.h | 9 +++++++++ include/linux/sched/coredump.h | 1 + mm/mmap.c | 10 +++++----- mm/oom_kill.c | 4 +++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/include/linux/oom.h b/include/linux/oom.h index 27cd36b762b5..c4139e79771d 100644 --- a/include/linux/oom.h +++ b/include/linux/oom.h @@ -77,6 +77,15 @@ static inline bool tsk_is_oom_victim(struct task_struct * tsk) return tsk->signal->oom_mm; } +/* + * Use this helper if tsk->mm != mm and the victim mm needs a special + * handling. This is guaranteed to stay true after once set. + */ +static inline bool mm_is_oom_victim(struct mm_struct *mm) +{ + return test_bit(MMF_OOM_VICTIM, &mm->flags); +} + /* * Checks whether a page fault on the given mm is still reliable. * This is no longer true if the oom reaper started to reap the diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 9c8847395b5e..ec912d01126f 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -70,6 +70,7 @@ static inline int get_dumpable(struct mm_struct *mm) #define MMF_UNSTABLE 22 /* mm is unstable for copy_from_user */ #define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */ #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ +#define MMF_OOM_VICTIM 25 /* mm is the oom victim */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ diff --git a/mm/mmap.c b/mm/mmap.c index 476e810cf100..0de87a376aaa 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3004,20 +3004,20 @@ void exit_mmap(struct mm_struct *mm) /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - set_bit(MMF_OOM_SKIP, &mm->flags); - if (unlikely(tsk_is_oom_victim(current))) { + if (unlikely(mm_is_oom_victim(mm))) { /* * Wait for oom_reap_task() to stop working on this * mm. Because MMF_OOM_SKIP is already set before * calling down_read(), oom_reap_task() will not run * on this "mm" post up_write(). * - * tsk_is_oom_victim() cannot be set from under us - * either because current->mm is already set to NULL + * mm_is_oom_victim() cannot be set from under us + * either because victim->mm is already set to NULL * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if current->mm + * set not NULL by the OOM killer only if victim->mm * is found not NULL while holding the task_lock. */ + set_bit(MMF_OOM_SKIP, &mm->flags); down_write(&mm->mmap_sem); up_write(&mm->mmap_sem); } diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 3b0d0fed8480..e4d290b6804b 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -666,8 +666,10 @@ static void mark_oom_victim(struct task_struct *tsk) return; /* oom_mm is bound to the signal struct life time. */ - if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) + if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) { mmgrab(tsk->signal->oom_mm); + set_bit(MMF_OOM_VICTIM, &mm->flags); + } /* * Make sure that the task is woken up from uninterruptible sleep -- 2.15.0

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] v4.9.68 build: 0 failures 0 warnings (v4.9.68)

by Build bot for Mark Brown

Tree/Branch: v4.9.68 Git describe: v4.9.68 Commit: 3781db07c7 Linux 4.9.68 Build Time: 101 min 24 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] v4.4.105 build: 0 failures 0 warnings (v4.4.105)

by Build bot for Mark Brown

Tree/Branch: v4.4.105 Git describe: v4.4.105 Commit: 69b0bf95a5 Linux 4.4.105 Build Time: 87 min 19 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] v3.18.87 build: 0 failures 1 warnings (v3.18.87)

by Build bot for Mark Brown

Tree/Branch: v3.18.87 Git describe: v3.18.87 Commit: 2179863ede Linux 3.18.87 Build Time: 67 min 13 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 2 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: dwc2: Improve gadget state disconnection handling" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc2: Improve gadget state disconnection handling to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-dwc2-improve-gadget-state-disconnection-handling.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d2471d4a24dfbff5e463d382e2c6fec7d7e25a09 Mon Sep 17 00:00:00 2001 From: John Stultz <john.stultz(a)linaro.org> Date: Mon, 23 Oct 2017 14:32:48 -0700 Subject: usb: dwc2: Improve gadget state disconnection handling From: John Stultz <john.stultz(a)linaro.org> commit d2471d4a24dfbff5e463d382e2c6fec7d7e25a09 upstream. In the earlier commit dad3f793f20f ("usb: dwc2: Make sure we disconnect the gadget state"), I was trying to fix up the fact that we somehow weren't disconnecting the gadget state, so that when the OTG port was plugged in the second time we would get warnings about the state tracking being wrong. (This seems to be due to a quirk of the HiKey board where we do not ever get any otg interrupts, particularly the session end detected signal. Instead we only see status change interrupt.) The fix there was somewhat simple, as it just made sure to call dwc2_hsotg_disconnect() before we connected things up in OTG mode, ensuring the state handling didn't throw errors. But in looking at a different issue I was seeing with UDC state handling, I realized that it would be much better to call dwc2_hsotg_disconnect when we get the state change signal moving to host mode. Thus, this patch removes the earlier disconnect call I added and moves it (and the needed locking) to the host mode transition. Cc: Wei Xu <xuwei5(a)hisilicon.com> Cc: Guodong Xu <guodong.xu(a)linaro.org> Cc: Amit Pundir <amit.pundir(a)linaro.org> Cc: YongQin Liu <yongqin.liu(a)linaro.org> Cc: John Youn <johnyoun(a)synopsys.com> Cc: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Chen Yu <chenyu56(a)huawei.com> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: linux-usb(a)vger.kernel.org Acked-by: Minas Harutyunyan <hminas(a)synopsys.com> Tested-by: Minas Harutyunyan <hminas(a)synopsys.com> Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/dwc2/hcd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/drivers/usb/dwc2/hcd.c +++ b/drivers/usb/dwc2/hcd.c @@ -3277,7 +3277,6 @@ static void dwc2_conn_id_status_change(s dwc2_core_init(hsotg, false); dwc2_enable_global_interrupts(hsotg); spin_lock_irqsave(&hsotg->lock, flags); - dwc2_hsotg_disconnect(hsotg); dwc2_hsotg_core_init_disconnected(hsotg, false); spin_unlock_irqrestore(&hsotg->lock, flags); dwc2_hsotg_core_connect(hsotg); @@ -3296,8 +3295,12 @@ host: if (count > 250) dev_err(hsotg->dev, "Connection id status change timed out\n"); - hsotg->op_state = OTG_STATE_A_HOST; + spin_lock_irqsave(&hsotg->lock, flags); + dwc2_hsotg_disconnect(hsotg); + spin_unlock_irqrestore(&hsotg->lock, flags); + + hsotg->op_state = OTG_STATE_A_HOST; /* Initialize the Core for Host mode */ dwc2_core_init(hsotg, false); dwc2_enable_global_interrupts(hsotg); Patches currently in stable-queue which might be from john.stultz(a)linaro.org are queue-4.14/usb-dwc2-improve-gadget-state-disconnection-handling.patch

7 years, 6 months

2
1
0 0

[Linux-stable-mirror] Patch "xen-netfront: avoid crashing on resume after a failure in talk_to_netback()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: avoid crashing on resume after a failure in talk_to_netback() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov <vkuznets(a)redhat.com> Date: Thu, 11 May 2017 13:58:06 +0200 Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback() From: Vitaly Kuznetsov <vkuznets(a)redhat.com> commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream. Unavoidable crashes in netfront_resume() and netback_changed() after a previous fail in talk_to_netback() (e.g. when we fail to read MAC from xenstore) were discovered. The failure path in talk_to_netback() does unregister/free for netdev but we don't reset drvdata and we try accessing it after resume. Fix the bug by removing the whole xen device completely with device_unregister(), this guarantees we won't have any calls into netfront after a failure. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1958,8 +1958,7 @@ abort_transaction_no_dev_fatal: xennet_disconnect_backend(info); xennet_destroy_queues(info); out: - unregister_netdev(info->netdev); - xennet_free_netdev(info->netdev); + device_unregister(&dev->dev); return err; } Patches currently in stable-queue which might be from vkuznets(a)redhat.com are queue-4.9/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "xen-netfront: avoid crashing on resume after a failure in talk_to_netback()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: avoid crashing on resume after a failure in talk_to_netback() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov <vkuznets(a)redhat.com> Date: Thu, 11 May 2017 13:58:06 +0200 Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback() From: Vitaly Kuznetsov <vkuznets(a)redhat.com> commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream. Unavoidable crashes in netfront_resume() and netback_changed() after a previous fail in talk_to_netback() (e.g. when we fail to read MAC from xenstore) were discovered. The failure path in talk_to_netback() does unregister/free for netdev but we don't reset drvdata and we try accessing it after resume. Fix the bug by removing the whole xen device completely with device_unregister(), this guarantees we won't have any calls into netfront after a failure. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1944,8 +1944,7 @@ abort_transaction_no_dev_fatal: xennet_disconnect_backend(info); xennet_destroy_queues(info); out: - unregister_netdev(info->netdev); - xennet_free_netdev(info->netdev); + device_unregister(&dev->dev); return err; } Patches currently in stable-queue which might be from vkuznets(a)redhat.com are queue-4.4/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch

7 years, 6 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 4.4 00/49] 4.4.105-stable review

by Greg Kroah-Hartman

On Fri, Dec 08, 2017 at 12:00:47PM -0800, Kevin Hilman wrote: > kernelci.org bot <bot(a)kernelci.org> writes: > > > stable-rc/linux-4.4.y boot: 122 boots: 2 failed, 106 passed with 12 offline, 2 conflicts (v4.4.104-50-gffc1d3fcd46a) > > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.104-50-… > > > > Tree: stable-rc > > Branch: linux-4.4.y > > Git Describe: v4.4.104-50-gffc1d3fcd46a > > Git Commit: ffc1d3fcd46a59815958ce25e4e70da1a8a5799d > > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > > Tested: 62 unique boards, 20 SoC families, 18 builds out of 182 > > > > Boot Regressions Detected: > > > > arm: > > > > exynos_defconfig: > > exynos5422-odroidxu3: > > lab-collabora: failing since 31 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.96-41-g336421367b9c) > > exynos5422-odroidxu3_rootfs:nfs: > > lab-collabora: failing since 23 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.97-57-g528c687b455d) > > TL;DR; All is well. > > These two are passing in another lab, so this is a board/lab setup issue > under. Guillaume (Cc'd) is investigating. I figured with a lab that was failing for that long, I didn't need to worry about it. thanks, greg k-h > Kevin

7 years, 6 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 4.14 00/75] 4.14.5-stable review

by Greg Kroah-Hartman

On Fri, Dec 08, 2017 at 12:03:34PM -0800, Kevin Hilman wrote: > kernelci.org bot <bot(a)kernelci.org> writes: > > > stable-rc/linux-4.14.y boot: 142 boots: 1 failed, 127 passed with 14 offline (v4.14.4-76-gf91a57b206e0) > > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.14.y/kernel/v4.1… > > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.4-76-… > > > > Tree: stable-rc > > Branch: linux-4.14.y > > Git Describe: v4.14.4-76-gf91a57b206e0 > > Git Commit: f91a57b206e0ca82c4d3f13372c392e3b374e1ce > > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > > Tested: 76 unique boards, 23 SoC families, 18 builds out of 189 > > > > Boot Regressions Detected: > > > > arm64: > > > > defconfig: > > meson-gxbb-p200: > > TL;DR; All is well. > > Re-ran this one and it's fine. Great, thanks for letting me know. greg k-h

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.4 00/96] 4.4.103-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.103 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Nov 30 10:04:41 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.103-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.103-rc1 Juergen Gross <jgross(a)suse.com> xen: xenbus driver must not accept invalid transaction ids Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/kbuild: enable modversions for symbols exported from asm Richard Fitzgerald <rf(a)opensource.wolfsonmicro.com> ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data Pan Bian <bianpan2016(a)163.com> btrfs: return the actual error value from from btrfs_uuid_tree_iterate Colin Ian King <colin.king(a)canonical.com> ASoC: rsnd: don't double free kctrl Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix oob access Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_queue: use raw_smp_processor_id() Geert Uytterhoeven <geert(a)linux-m68k.org> spi: SPI_FSL_DSPI should depend on HAS_DMA Pan Bian <bianpan2016(a)163.com> staging: iio: cdc: fix improper return value Pan Bian <bianpan2016(a)163.com> iio: light: fix improper return value Masashi Honma <masashi.honma(a)gmail.com> mac80211: Suppress NEW_PEER_CANDIDATE event if no room Masashi Honma <masashi.honma(a)gmail.com> mac80211: Remove invalid flag operations in mesh TSF synchronization Chris Wilson <chris(a)chris-wilson.co.uk> drm: Apply range restriction after color adjustment when allocation Gabriele Mazzotta <gabriele.mzt(a)gmail.com> ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE Bartosz Markowski <bartosz.markowski(a)tieto.com> ath10k: set CTS protection VDEV param only if VDEV is up Christian Lamparter <chunkeey(a)googlemail.com> ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() Ryan Hsu <ryanhsu(a)qca.qualcomm.com> ath10k: ignore configuring the incorrect board_id Ryan Hsu <ryanhsu(a)qca.qualcomm.com> ath10k: fix incorrect txpower set by P2P_DEVICE interface Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/armada: Fix compile fail Thomas Preisner <thomas.preisner+linux(a)fau.de> net: 3com: typhoon: typhoon_init_one: fix incorrect return values Thomas Preisner <thomas.preisner+linux(a)fau.de> net: 3com: typhoon: typhoon_init_one: make return values more specific David Ahern <dsa(a)cumulusnetworks.com> net: Allow IP_MULTICAST_IF to set index to L3 slave Shawn Guo <shawn.guo(a)linaro.org> dmaengine: zx: set DMA_CYCLIC cap_mask bit Bjorn Helgaas <bhelgaas(a)google.com> PCI: Apply _HPX settings only to relevant devices Santosh Shilimkar <santosh.shilimkar(a)oracle.com> RDS: RDMA: return appropriate error on rdma map failures Benjamin Poirier <bpoirier(a)suse.com> e1000e: Separate signaling for link check/link up Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix return value test Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix error path in link detection Tobias Jordan <Tobias.Jordan(a)elektrobit.com> PM / OPP: Add missing of_node_put(np) Tuomas Tynkkynen <tuomas(a)tuxera.com> net/9p: Switch to wait_event_killable() Eric Biggers <ebiggers(a)google.com> fscrypt: lock mutex before checking for bounce page pool Steven Rostedt (Red Hat) <rostedt(a)goodmis.org> sched/rt: Simplify the IPI based RT balancing logic Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> media: v4l2-ctrl: Fix flags field on Control events Johan Hovold <johan(a)kernel.org> cx231xx-cards: fix NULL-deref on missing association descriptor Sean Young <sean(a)mess.org> media: rc: check for integer overflow Michele Baldessari <michele(a)acksyn.org> media: Don't do DMA on stack for firmware upload in the AS102 driver Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/signal: Properly handle return value from uprobe_deny_signal() John David Anglin <dave.anglin(a)bell.net> parisc: Fix validity check of pointer size argument in new CAS implementation Brian King <brking(a)linux.vnet.ibm.com> ixgbe: Fix skb list corruption on Power systems Brian King <brking(a)linux.vnet.ibm.com> fm10k: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40evf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> ixgbevf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igbvf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igb: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40e: Use smp_rmb rather than read_barrier_depends Johan Hovold <johan(a)kernel.org> NFC: fix device-allocation error return Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Avoid that a cable pull can trigger a kernel crash Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Do not accept invalid initiator port names Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: fix label initialization to use valid seq numbers Johan Hovold <johan(a)kernel.org> clk: ti: dra7-atl-clock: fix child-node lookups Peter Ujfalusi <peter.ujfalusi(a)ti.com> clk: ti: dra7-atl-clock: Fix of_node reference counting Trond Myklebust <trond.myklebust(a)primarydata.com> SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status Paolo Bonzini <pbonzini(a)redhat.com> KVM: SVM: obey guest PAT Ladi Prosek <lprosek(a)redhat.com> KVM: nVMX: set IDTR and GDTR limits when loading L1 host state Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix QUEUE_FULL + SCSI task attribute handling Nicholas Bellinger <nab(a)linux-iscsi.org> iscsi-target: Fix non-immediate TMR reference leak Tuomas Tynkkynen <tuomas(a)tuxera.com> fs/9p: Compare qid.path in v9fs_test_inode Al Viro <viro(a)zeniv.linux.org.uk> fix a page leak in vhost_scsi_iov_to_sgl() error recovery Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix ALC700 family no sound issue Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Remove kernel warning at compat ioctl error paths Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks in v2 clock parsers Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential out-of-bound access at parsing SU Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks to FE parser Henrik Eriksson <henrik.eriksson(a)axis.com> ALSA: pcm: update tstamp only if audio_tstamp changed Theodore Ts'o <tytso(a)mit.edu> ext4: fix interaction between i_size, fallocate, and delalloc after a crash Rameshwar Prasad Sahu <rsahu(a)apm.com> ata: fixes kernel crash while tracing ata_eh_link_autopsy event Arnd Bergmann <arnd(a)arndb.de> rtlwifi: fix uninitialized rtlhal->last_suspend_sec time Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl8192ee: Fix memory leak when loading firmware Andrew Elble <aweits(a)rit.edu> nfsd: deal with revoked delegations appropriately Chuck Lever <chuck.lever(a)oracle.com> nfs: Fix ugly referral attributes Joshua Watt <jpewhacker(a)gmail.com> NFS: Fix typo in nomigration mount option Arnd Bergmann <arnd(a)arndb.de> isofs: fix timestamps beyond 2027 Coly Li <colyli(a)suse.de> bcache: check ca->alloc_thread initialized before wake up it Dan Carpenter <dan.carpenter(a)oracle.com> eCryptfs: use after free in ecryptfs_release_messaging() Andreas Rohner <andreas.rohner(a)gmx.net> nilfs2: fix race condition that causes file system corruption NeilBrown <neilb(a)suse.com> autofs: don't fail mount for transient error Mirko Parthey <mirko.parthey(a)web.de> MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 Maciej W. Rozycki <macro(a)mips.com> MIPS: Fix an n32 core file generation regset support regression Hou Tao <houtao1(a)huawei.com> dm: fix race between dm_get_from_kobject() and __dm_destroy() Eric Biggers <ebiggers(a)google.com> dm bufio: fix integer overflow when limiting maximum cache size Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add Raven PCI ID Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix typo in mt7628 pinmux function Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix MT7628 pinmux Philip Derrin <philip(a)cog.systems> ARM: 8721/1: mm: dump: check hardware RO bit for LPAE Philip Derrin <philip(a)cog.systems> ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE Masami Hiramatsu <mhiramat(a)kernel.org> x86/decoder: Add new TEST instruction pattern Eric Biggers <ebiggers(a)google.com> lib/mpi: call cond_resched() from mpi_powm() loop Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Make resched_cpu() unconditional WANG Cong <xiyou.wangcong(a)gmail.com> vsock: use new wait API for vsock_stream_sendmsg() Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> AF_VSOCK: Shrink the area influenced by prepare_to_wait WANG Cong <xiyou.wangcong(a)gmail.com> ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER Vasily Gorbik <gor(a)linux.vnet.ibm.com> s390/disassembler: increase show_code buffer size Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/disassembler: add missing end marker for e7 table Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/runtime instrumention: fix possible memory corruption Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix transactional execution control register handling ------------- Diffstat: Makefile | 4 +- arch/arm/mm/dump.c | 4 +- arch/arm/mm/init.c | 4 +- arch/mips/bcm47xx/leds.c | 2 +- arch/mips/kernel/ptrace.c | 17 ++ arch/mips/ralink/mt7620.c | 4 +- arch/parisc/kernel/syscall.S | 6 +- arch/powerpc/kernel/signal.c | 2 +- arch/s390/include/asm/asm-prototypes.h | 8 + arch/s390/include/asm/switch_to.h | 2 +- arch/s390/kernel/dis.c | 5 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/process.c | 1 + arch/s390/kernel/runtime_instr.c | 4 +- arch/x86/kvm/svm.c | 7 + arch/x86/kvm/vmx.c | 2 + arch/x86/lib/x86-opcode-map.txt | 2 +- drivers/ata/libata-eh.c | 2 +- drivers/base/power/opp/core.c | 1 + drivers/clk/ti/clk-dra7-atl.c | 3 +- drivers/dma/zx296702_dma.c | 1 + drivers/gpu/drm/armada/Makefile | 2 + drivers/gpu/drm/drm_mm.c | 16 +- drivers/iio/light/cm3232.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 25 ++- drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +- drivers/md/bcache/alloc.c | 3 +- drivers/md/dm-bufio.c | 15 +- drivers/md/dm.c | 12 +- drivers/media/rc/ir-lirc-codec.c | 9 +- drivers/media/usb/as102/as102_fw.c | 28 ++- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +- drivers/media/v4l2-core/v4l2-ctrls.c | 16 +- drivers/net/ethernet/3com/typhoon.c | 25 ++- drivers/net/ethernet/intel/e1000e/mac.c | 11 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/e1000e/phy.c | 7 +- drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/intel/igbvf/netdev.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 5 +- drivers/net/wireless/ath/ath10k/mac.c | 58 ++++- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 12 +- .../net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/hw.c | 1 + drivers/nvdimm/label.c | 2 +- drivers/nvdimm/namespace_devs.c | 2 +- drivers/pci/probe.c | 15 +- drivers/spi/Kconfig | 1 + drivers/staging/iio/cdc/ad7150.c | 2 +- drivers/target/iscsi/iscsi_target.c | 8 +- drivers/target/target_core_transport.c | 4 + drivers/vhost/scsi.c | 5 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- fs/9p/vfs_inode.c | 3 + fs/9p/vfs_inode_dotl.c | 3 + fs/autofs4/waitq.c | 15 +- fs/btrfs/uuid-tree.c | 4 +- fs/ecryptfs/messaging.c | 7 +- fs/ext4/crypto_key.c | 8 +- fs/ext4/extents.c | 6 +- fs/isofs/isofs.h | 2 +- fs/isofs/rock.h | 2 +- fs/isofs/util.c | 2 +- fs/nfs/nfs4proc.c | 18 +- fs/nfs/super.c | 2 +- fs/nfsd/nfs4state.c | 25 ++- fs/nilfs2/segment.c | 6 +- include/trace/events/sunrpc.h | 17 +- kernel/sched/core.c | 9 +- kernel/sched/rt.c | 235 ++++++++++----------- kernel/sched/sched.h | 24 ++- lib/mpi/mpi-pow.c | 2 + net/9p/client.c | 3 +- net/9p/trans_virtio.c | 13 +- net/ipv4/ip_sockglue.c | 7 +- net/ipv6/ipv6_sockglue.c | 16 +- net/ipv6/route.c | 6 +- net/mac80211/ieee80211_i.h | 1 - net/mac80211/mesh.c | 3 - net/mac80211/mesh_plink.c | 14 +- net/mac80211/mesh_sync.c | 11 - net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nft_queue.c | 2 +- net/nfc/core.c | 2 +- net/rds/send.c | 11 +- net/vmw_vsock/af_vsock.c | 167 ++++++++------- sound/core/pcm_lib.c | 6 +- sound/core/timer_compat.c | 12 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 4 +- sound/soc/codecs/wm_adsp.c | 25 ++- sound/soc/sh/rcar/core.c | 4 +- sound/usb/clock.c | 9 +- sound/usb/mixer.c | 15 +- 100 files changed, 699 insertions(+), 437 deletions(-)

7 years, 6 months

9
118
0 0

[Linux-stable-mirror] [PATCH] acpi, nfit: fix health event notification

by Dan Williams

Integration testing with a BIOS that generates injected health event notifications fails to communicate those events to userspace. The nfit driver neglects to link the ACPI DIMM device with the necessary driver data so acpi_nvdimm_notify() fails this lookup: nfit_mem = dev_get_drvdata(dev); if (nfit_mem && nfit_mem->flags_attr) sysfs_notify_dirent(nfit_mem->flags_attr); Add the necessary linkage when installing the notification handler and clean it up when the nfit driver instance is torn down. Cc: <stable(a)vger.kernel.org> Cc: Toshi Kani <toshi.kani(a)hpe.com> Cc: Vishal Verma <vishal.l.verma(a)intel.com> Fixes: ba9c8dd3c222 ("acpi, nfit: add dimm device notification support") Reported-by: Daniel Osawa <daniel.k.osawa(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index ff2580e7611d..947ea8a92761 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -1670,6 +1670,11 @@ static int acpi_nfit_add_dimm(struct acpi_nfit_desc *acpi_desc, dev_name(&adev_dimm->dev)); return -ENXIO; } + /* + * Record nfit_mem for the notification path to track back to + * the nfit sysfs attributes for this dimm device object. + */ + dev_set_drvdata(&adev_dimm->dev, nfit_mem); /* * Until standardization materializes we need to consider 4 @@ -1755,6 +1760,7 @@ static void shutdown_dimm_notify(void *data) if (adev_dimm) acpi_remove_notify_handler(adev_dimm->handle, ACPI_DEVICE_NOTIFY, acpi_nvdimm_notify); + dev_set_drvdata(&adev_dimm->dev, NULL); } mutex_unlock(&acpi_desc->init_mutex); }

7 years, 6 months

2
1
0 0

[Linux-stable-mirror] [PATCH 1/2] ARC: uaccess: dont use "l" inline as constraint

by Vineet Gupta

This constraint has been removed from gcc There was an earlier fix 3c7c7a2fc8811 which fixed this in delay.h but somehow missed this one as gcc change had not made its way into production toolchains Cc: stable(a)vger.kernel.org Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> --- arch/arc/include/asm/uaccess.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/arc/include/asm/uaccess.h b/arch/arc/include/asm/uaccess.h index f35974ee7264..c9173c02081c 100644 --- a/arch/arc/include/asm/uaccess.h +++ b/arch/arc/include/asm/uaccess.h @@ -668,6 +668,7 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count) return 0; __asm__ __volatile__( + " mov lp_count, %5 \n" " lp 3f \n" "1: ldb.ab %3, [%2, 1] \n" " breq.d %3, 0, 3f \n" @@ -684,8 +685,8 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count) " .word 1b, 4b \n" " .previous \n" : "+r"(res), "+r"(dst), "+r"(src), "=r"(val) - : "g"(-EFAULT), "l"(count) - : "memory"); + : "g"(-EFAULT), "r"(count) + : "lp_count", "lp_start", "lp_end", "memory"); return res; } -- 2.7.4

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] [PATCH] KEYS: reject NULL restriction string when type is specified

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> keyctl_restrict_keyring() allows through a NULL restriction when the "type" is non-NULL, which causes a NULL pointer dereference in asymmetric_lookup_restriction() when it calls strcmp() on the restriction string. But no key types actually use a "NULL restriction" to mean anything, so update keyctl_restrict_keyring() to reject it with EINVAL. Reported-by: syzbot <syzkaller(a)googlegroups.com> Fixes: 97d3aa0f3134 ("KEYS: Add a lookup_restriction function for the asymmetric key type") Cc: <stable(a)vger.kernel.org> # v4.12+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- security/keys/keyctl.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 76d22f726ae4..1ffe60bb2845 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1588,9 +1588,8 @@ long keyctl_session_to_parent(void) * The caller must have Setattr permission to change keyring restrictions. * * The requested type name may be a NULL pointer to reject all attempts - * to link to the keyring. If _type is non-NULL, _restriction can be - * NULL or a pointer to a string describing the restriction. If _type is - * NULL, _restriction must also be NULL. + * to link to the keyring. In this case, _restriction must also be NULL. + * Otherwise, both _type and _restriction must be non-NULL. * * Returns 0 if successful. */ @@ -1598,7 +1597,6 @@ long keyctl_restrict_keyring(key_serial_t id, const char __user *_type, const char __user *_restriction) { key_ref_t key_ref; - bool link_reject = !_type; char type[32]; char *restriction = NULL; long ret; @@ -1607,31 +1605,29 @@ long keyctl_restrict_keyring(key_serial_t id, const char __user *_type, if (IS_ERR(key_ref)) return PTR_ERR(key_ref); + ret = -EINVAL; if (_type) { - ret = key_get_type_from_user(type, _type, sizeof(type)); - if (ret < 0) + if (!_restriction) goto error; - } - if (_restriction) { - if (!_type) { - ret = -EINVAL; + ret = key_get_type_from_user(type, _type, sizeof(type)); + if (ret < 0) goto error; - } restriction = strndup_user(_restriction, PAGE_SIZE); if (IS_ERR(restriction)) { ret = PTR_ERR(restriction); goto error; } + } else { + if (_restriction) + goto error; } - ret = keyring_restrict(key_ref, link_reject ? NULL : type, restriction); + ret = keyring_restrict(key_ref, _type ? type : NULL, restriction); kfree(restriction); - error: key_ref_put(key_ref); - return ret; } -- 2.15.0.531.g2ccb3012c9-goog

7 years, 6 months

3
3
0 0

[Linux-stable-mirror] patch "usb: xhci: fix TDS for MTK xHCI1.1" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: xhci: fix TDS for MTK xHCI1.1 to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 72b663a99c074a8d073e7ecdae446cfb024ef551 Mon Sep 17 00:00:00 2001 From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Date: Fri, 8 Dec 2017 18:10:06 +0200 Subject: usb: xhci: fix TDS for MTK xHCI1.1 For MTK's xHCI 1.0 or latter, TD size is the number of max packet sized packets remaining in the TD, not including this TRB (following spec). For MTK's xHCI 0.96 and older, TD size is the number of max packet sized packets remaining in the TD, including this TRB (not following spec). Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-ring.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 6eb87c6e4d24..c5cbc685c691 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -3112,7 +3112,7 @@ static u32 xhci_td_remainder(struct xhci_hcd *xhci, int transferred, { u32 maxp, total_packet_count; - /* MTK xHCI is mostly 0.97 but contains some features from 1.0 */ + /* MTK xHCI 0.96 contains some features from 1.0 */ if (xhci->hci_version < 0x100 && !(xhci->quirks & XHCI_MTK_HOST)) return ((td_total_len - transferred) >> 10); @@ -3121,8 +3121,8 @@ static u32 xhci_td_remainder(struct xhci_hcd *xhci, int transferred, trb_buff_len == td_total_len) return 0; - /* for MTK xHCI, TD size doesn't include this TRB */ - if (xhci->quirks & XHCI_MTK_HOST) + /* for MTK xHCI 0.96, TD size include this TRB, but not in 1.x */ + if ((xhci->quirks & XHCI_MTK_HOST) && (xhci->hci_version < 0x100)) trb_buff_len = 0; maxp = usb_endpoint_maxp(&urb->ep->desc); -- 2.15.1

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] patch "xhci: Don't add a virt_dev to the devs array before it's fully" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: Don't add a virt_dev to the devs array before it's fully to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5d9b70f7d52eb14bb37861c663bae44de9521c35 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Fri, 8 Dec 2017 18:10:05 +0200 Subject: xhci: Don't add a virt_dev to the devs array before it's fully allocated Avoid null pointer dereference if some function is walking through the devs array accessing members of a new virt_dev that is mid allocation. Add the virt_dev to xhci->devs[i] _after_ the virt_device and all its members are properly allocated. issue found by KASAN: null-ptr-deref in xhci_find_slot_id_by_port "Quick analysis suggests that xhci_alloc_virt_device() is not mutex protected. If so, there is a time frame where xhci->devs[slot_id] is set but not fully initialized. Specifically, xhci->devs[i]->udev can be NULL." Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-mem.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 15f7d422885f..3a29b32a3bd0 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -971,10 +971,9 @@ int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, return 0; } - xhci->devs[slot_id] = kzalloc(sizeof(*xhci->devs[slot_id]), flags); - if (!xhci->devs[slot_id]) + dev = kzalloc(sizeof(*dev), flags); + if (!dev) return 0; - dev = xhci->devs[slot_id]; /* Allocate the (output) device context that will be used in the HC. */ dev->out_ctx = xhci_alloc_container_ctx(xhci, XHCI_CTX_TYPE_DEVICE, flags); @@ -1015,9 +1014,17 @@ int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, trace_xhci_alloc_virt_device(dev); + xhci->devs[slot_id] = dev; + return 1; fail: - xhci_free_virt_device(xhci, slot_id); + + if (dev->in_ctx) + xhci_free_container_ctx(xhci, dev->in_ctx); + if (dev->out_ctx) + xhci_free_container_ctx(xhci, dev->out_ctx); + kfree(dev); + return 0; } -- 2.15.1

7 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror