- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Dave Hansen <dave.hansen(a)linux.intel.com> Date: Wed, 18 Oct 2017 10:21:07 -0700 Subject: x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() From: Dave Hansen <dave.hansen(a)linux.intel.com> [ Upstream commit da20ab35180780e4a6eadc804544f1fa967f3567 ] We do not have tracepoints for sys_modify_ldt() because we define it directly instead of using the normal SYSCALL_DEFINEx() macros. However, there is a reason sys_modify_ldt() does not use the macros: it has an 'int' return type instead of 'unsigned long'. This is a bug, but it's a bug cemented in the ABI. What does this mean? If we return -EINVAL from a function that returns 'int', we have 0x00000000ffffffea in %rax. But, if we return -EINVAL from a function returning 'unsigned long', we end up with 0xffffffffffffffea in %rax, which is wrong. To work around this and maintain the 'int' behavior while using the SYSCALL_DEFINEx() macros, so we add a cast to 'unsigned int' in both implementations of sys_modify_ldt(). Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Andy Lutomirski <luto(a)kernel.org> Reviewed-by: Brian Gerst <brgerst(a)gmail.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/20171018172107.1A79C532@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/syscalls.h | 2 +- arch/x86/kernel/ldt.c | 16 +++++++++++++--- arch/x86/um/ldt.c | 7 +++++-- 3 files changed, 19 insertions(+), 6 deletions(-) --- a/arch/x86/include/asm/syscalls.h +++ b/arch/x86/include/asm/syscalls.h @@ -21,7 +21,7 @@ asmlinkage long sys_ioperm(unsigned long asmlinkage long sys_iopl(unsigned int); /* kernel/ldt.c */ -asmlinkage int sys_modify_ldt(int, void __user *, unsigned long); +asmlinkage long sys_modify_ldt(int, void __user *, unsigned long); /* kernel/signal.c */ asmlinkage long sys_rt_sigreturn(void); --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -13,6 +13,7 @@ #include <linux/string.h> #include <linux/mm.h> #include <linux/smp.h> +#include <linux/syscalls.h> #include <linux/slab.h> #include <linux/vmalloc.h> #include <linux/uaccess.h> @@ -295,8 +296,8 @@ out: return error; } -asmlinkage int sys_modify_ldt(int func, void __user *ptr, - unsigned long bytecount) +SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr , + unsigned long , bytecount) { int ret = -ENOSYS; @@ -314,5 +315,14 @@ asmlinkage int sys_modify_ldt(int func, ret = write_ldt(ptr, bytecount, 0); break; } - return ret; + /* + * The SYSCALL_DEFINE() macros give us an 'unsigned long' + * return type, but tht ABI for sys_modify_ldt() expects + * 'int'. This cast gives us an int-sized value in %rax + * for the return code. The 'unsigned' is necessary so + * the compiler does not try to sign-extend the negative + * return codes into the high half of the register when + * taking the value from int->long. + */ + return (unsigned int)ret; } --- a/arch/x86/um/ldt.c +++ b/arch/x86/um/ldt.c @@ -6,6 +6,7 @@ #include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> +#include <linux/syscalls.h> #include <linux/uaccess.h> #include <asm/unistd.h> #include <os.h> @@ -369,7 +370,9 @@ void free_ldt(struct mm_context *mm) mm->arch.ldt.entry_count = 0; } -int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount) +SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr , + unsigned long , bytecount) { - return do_modify_ldt_skas(func, ptr, bytecount); + /* See non-um modify_ldt() for why we do this cast */ + return (unsigned int)do_modify_ldt_skas(func, ptr, bytecount); } Patches currently in stable-queue which might be from dave.hansen(a)linux.intel.com are queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "usbip: tools: Install all headers needed for libusbip development" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: tools: Install all headers needed for libusbip development to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-tools-install-all-headers-needed-for-libusbip-development.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Ben Hutchings <ben(a)decadent.org.uk> Date: Sun, 1 Oct 2017 02:18:37 +0100 Subject: usbip: tools: Install all headers needed for libusbip development From: Ben Hutchings <ben(a)decadent.org.uk> [ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ] usbip_host_driver.h now depends on several additional headers, which need to be installed along with it. Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...") Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...") Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> Acked-by: Shuah Khan <shuahkh(a)osg.samsung.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/usb/usbip/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/tools/usb/usbip/Makefile.am +++ b/tools/usb/usbip/Makefile.am @@ -2,6 +2,7 @@ SUBDIRS := libsrc src includedir = @includedir@/usbip include_HEADERS := $(addprefix libsrc/, \ - usbip_common.h vhci_driver.h usbip_host_driver.h) + usbip_common.h vhci_driver.h usbip_host_driver.h \ + list.h sysfs_utils.h usbip_host_common.h) dist_man_MANS := $(addprefix doc/, usbip.8 usbipd.8) Patches currently in stable-queue which might be from ben(a)decadent.org.uk are queue-4.14/usbip-tools-install-all-headers-needed-for-libusbip-development.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: xhci: Return error when host is dead in xhci_disable_slot()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: xhci: Return error when host is dead in xhci_disable_slot() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Lu Baolu <baolu.lu(a)linux.intel.com> Date: Thu, 5 Oct 2017 11:21:43 +0300 Subject: usb: xhci: Return error when host is dead in xhci_disable_slot() From: Lu Baolu <baolu.lu(a)linux.intel.com> [ Upstream commit dcabc76fa9361186e6b88c30a68db8fa9d5b4a1c ] xhci_disable_slot() is a helper for disabling a slot when a device goes away or recovers from error situations. Currently, it returns success when it sees a dead host. This is not the right way to go. It should return error and let the invoker know that disable slot command was failed due to a dead host. Fixes: f9e609b82479 ("usb: xhci: Add helper function xhci_disable_slot().") Cc: Guoqing Zhang <guoqing.zhang(a)intel.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3583,10 +3583,9 @@ int xhci_disable_slot(struct xhci_hcd *x state = readl(&xhci->op_regs->status); if (state == 0xffffffff || (xhci->xhc_state & XHCI_STATE_DYING) || (xhci->xhc_state & XHCI_STATE_HALTED)) { - xhci_free_virt_device(xhci, slot_id); spin_unlock_irqrestore(&xhci->lock, flags); kfree(command); - return ret; + return -ENODEV; } ret = xhci_queue_slot_control(xhci, command, TRB_DISABLE_SLOT, Patches currently in stable-queue which might be from baolu.lu(a)linux.intel.com are queue-4.14/usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch queue-4.14/usb-serial-usb_debug-add-new-usb-device-id.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: phy: tahvo: fix error handling in tahvo_usb_probe()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: phy: tahvo: fix error handling in tahvo_usb_probe() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Date: Sat, 21 Oct 2017 01:02:07 +0300 Subject: usb: phy: tahvo: fix error handling in tahvo_usb_probe() From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> [ Upstream commit ce035409bfa892a2fabb89720b542e1b335c3426 ] If devm_extcon_dev_allocate() fails, we should disable clk before return. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Fixes: 860d2686fda7 ("usb: phy: tahvo: Use devm_extcon_dev_[allocate|register]() and replace deprecated API") Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/phy/phy-tahvo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/usb/phy/phy-tahvo.c +++ b/drivers/usb/phy/phy-tahvo.c @@ -368,7 +368,8 @@ static int tahvo_usb_probe(struct platfo tu->extcon = devm_extcon_dev_allocate(&pdev->dev, tahvo_cable); if (IS_ERR(tu->extcon)) { dev_err(&pdev->dev, "failed to allocate memory for extcon\n"); - return -ENOMEM; + ret = PTR_ERR(tu->extcon); + goto err_disable_clk; } ret = devm_extcon_dev_register(&pdev->dev, tu->extcon); Patches currently in stable-queue which might be from khoroshilov(a)ispras.ru are queue-4.14/usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: mtu3: fix error return code in ssusb_gadget_init()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: mtu3: fix error return code in ssusb_gadget_init() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Date: Fri, 13 Oct 2017 17:10:37 +0800 Subject: usb: mtu3: fix error return code in ssusb_gadget_init() From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> [ Upstream commit c162ff0aaaac456ef29aebd1e9d4d3e305cd3279 ] When failing to get IRQ number, platform_get_irq() may return -EPROBE_DEFER, but we ignore it and always return -ENODEV, so fix it. Signed-off-by: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/mtu3/mtu3_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/usb/mtu3/mtu3_core.c +++ b/drivers/usb/mtu3/mtu3_core.c @@ -774,9 +774,9 @@ int ssusb_gadget_init(struct ssusb_mtk * return -ENOMEM; mtu->irq = platform_get_irq(pdev, 0); - if (mtu->irq <= 0) { + if (mtu->irq < 0) { dev_err(dev, "fail to get irq number\n"); - return -ENODEV; + return mtu->irq; } dev_info(dev, "irq %d\n", mtu->irq); Patches currently in stable-queue which might be from chunfeng.yun(a)mediatek.com are queue-4.14/usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: dwc2: Fix UDC state tracking" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc2: Fix UDC state tracking to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-dwc2-fix-udc-state-tracking.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: John Stultz <john.stultz(a)linaro.org> Date: Mon, 23 Oct 2017 14:32:50 -0700 Subject: usb: dwc2: Fix UDC state tracking From: John Stultz <john.stultz(a)linaro.org> [ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ] It has been noticed that the dwc2 udc state reporting doesn't seem to work (at least on HiKey boards). Where after the initial setup, the sysfs /sys/class/udc/f72c0000.usb/state file would report "configured" no matter the state of the OTG port. This patch adds a call so that we report to the UDC layer when the gadget device is disconnected. This patch does depend on the previous patch ("usb: dwc2: Improve gadget state disconnection handling") in this patch set in order to properly work. Cc: Wei Xu <xuwei5(a)hisilicon.com> Cc: Guodong Xu <guodong.xu(a)linaro.org> Cc: Amit Pundir <amit.pundir(a)linaro.org> Cc: YongQin Liu <yongqin.liu(a)linaro.org> Cc: John Youn <johnyoun(a)synopsys.com> Cc: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Chen Yu <chenyu56(a)huawei.com> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: linux-usb(a)vger.kernel.org Acked-by: Minas Harutyunyan <hminas(a)synopsys.com> Tested-by: Minas Harutyunyan <hminas(a)synopsys.com> Reported-by: Amit Pundir <amit.pundir(a)linaro.org> Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/dwc2/gadget.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -3202,6 +3202,8 @@ void dwc2_hsotg_disconnect(struct dwc2_h call_gadget(hsotg, disconnect); hsotg->lx_state = DWC2_L3; + + usb_gadget_set_state(&hsotg->gadget, USB_STATE_NOTATTACHED); } /** Patches currently in stable-queue which might be from john.stultz(a)linaro.org are queue-4.14/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch queue-4.14/usb-dwc2-fix-udc-state-tracking.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: John Stultz <john.stultz(a)linaro.org> Date: Mon, 23 Oct 2017 14:32:49 -0700 Subject: usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode From: John Stultz <john.stultz(a)linaro.org> [ Upstream commit 9b481092c2a31a6b630aff9c28f0145bf6683787 ] We've found that while in host mode, using Android, if one runs the command: stop adbd The existing usb devices being utilized in host mode are disconnected. This is most visible with usb networking devices. This seems to be due to adbd closing the file: /dev/usb-ffs/adb/ep0 Which calls ffs_ep0_release() and the following backtrace: [<ffffff800875a430>] dwc2_hsotg_ep_disable+0x148/0x150 [<ffffff800875a498>] dwc2_hsotg_udc_stop+0x60/0x110 [<ffffff8008787950>] usb_gadget_remove_driver+0x58/0x78 [<ffffff80087879e4>] usb_gadget_unregister_driver+0x74/0xe8 [<ffffff80087850c0>] unregister_gadget+0x28/0x58 [<ffffff800878511c>] unregister_gadget_item+0x2c/0x40 [<ffffff8008790ea8>] ffs_data_clear+0xe8/0xf8 [<ffffff8008790ed8>] ffs_data_reset+0x20/0x58 [<ffffff8008793218>] ffs_data_closed+0x98/0xe8 [<ffffff80087932d8>] ffs_ep0_release+0x20/0x30 Then when dwc2_hsotg_ep_disable() is called, we call kill_all_requests() which causes a bunch of the following messages: dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode init: Service 'adbd' (pid 1915) killed by signal 9 init: Sending signal 9 to service 'adbd' (pid 1915) process group... init: Successfully killed process cgroup uid 0 pid 1915 in 0ms init: processing action (init.svc.adbd=stopped) from (/init.usb.configfs.rc:15) dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 8 - ChHltd set, but reason is unknown dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 12 - ChHltd set, but reason is unknown dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 15 - ChHltd set, but reason is unknown dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 3 - ChHltd set, but reason is unknown dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 4 - ChHltd set, but reason is unknown dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 dwc2 f72c0000.usb: dwc2_update_urb_state_abn(): trimming xfer length And the usb devices connected are basically hung at this point. It seems like if we're in host mode, we probably shouldn't run the dwc2_hostg_ep_disable logic, so this patch returns an error in that case. With this patch (along with the previous patch in this set), we avoid the mismatched interrupts and connected usb devices continue to function. I'm not sure if some other solution would be better here, but this seems to work, so I wanted to send it out for input on what the right approach should be. Cc: Wei Xu <xuwei5(a)hisilicon.com> Cc: Guodong Xu <guodong.xu(a)linaro.org> Cc: Amit Pundir <amit.pundir(a)linaro.org> Cc: YongQin Liu <yongqin.liu(a)linaro.org> Cc: John Youn <johnyoun(a)synopsys.com> Cc: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Chen Yu <chenyu56(a)huawei.com> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: linux-usb(a)vger.kernel.org Acked-by: Minas Harutyunyan <hminas(a)synopsys.com> Tested-by: Minas Harutyunyan <hminas(a)synopsys.com> Reported-by: YongQin Liu <yongqin.liu(a)linaro.org> Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/dwc2/gadget.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -4006,6 +4006,11 @@ static int dwc2_hsotg_ep_disable(struct return -EINVAL; } + if (hsotg->op_state != OTG_STATE_B_PERIPHERAL) { + dev_err(hsotg->dev, "%s: called in host mode?\n", __func__); + return -EINVAL; + } + epctrl_reg = dir_in ? DIEPCTL(index) : DOEPCTL(index); spin_lock_irqsave(&hsotg->lock, flags); Patches currently in stable-queue which might be from john.stultz(a)linaro.org are queue-4.14/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch queue-4.14/usb-dwc2-fix-udc-state-tracking.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "tools include: Do not use poison with C++" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tools include: Do not use poison with C++ to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tools-include-do-not-use-poison-with-c.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Arnaldo Carvalho de Melo <acme(a)redhat.com> Date: Thu, 21 Sep 2017 12:12:17 -0300 Subject: tools include: Do not use poison with C++ From: Arnaldo Carvalho de Melo <acme(a)redhat.com> [ Upstream commit 6ae8eefc6c8fe050f057781b70a83262eb0a61ee ] LIST_POISON[12] are used to initialize list_head and hlist_node pointers, and do void pointer arithmetic, which C++ doesn't like, so, to avoid drifting from the kernel by introducing some HLIST_POISON to do away with void pointer math, just make those poisoned pointers be NULL when building it with a C++ compiler. Noticed with: $ make LLVM_CONFIG=/usr/bin/llvm-config-3.9 LIBCLANGLLVM=1 CXX util/c++/clang.o CXX util/c++/clang-test.o In file included from /home/lizj/linux/tools/include/linux/list.h:5:0, from /home/lizj/linux/tools/perf/util/namespaces.h:13, from /home/lizj/linux/tools/perf/util/util.h:15, from /home/lizj/linux/tools/perf/util/util-cxx.h:20, from util/c++/clang-c.h:5, from util/c++/clang-test.cpp:2: /home/lizj/linux/tools/include/linux/list.h: In function ‘void list_del(list_head*)’: /home/lizj/linux/tools/include/linux/poison.h:14:31: error: pointer of type ‘void *’ used in arithmetic [-Werror=pointer-arith] # define POISON_POINTER_DELTA 0 ^ /home/lizj/linux/tools/include/linux/poison.h:22:41: note: in expansion of macro ‘POISON_POINTER_DELTA’ #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) ^ /home/lizj/linux/tools/include/linux/list.h:107:16: note: in expansion of macro ‘LIST_POISON1’ entry->next = LIST_POISON1; ^ In file included from /home/lizj/linux/tools/perf/util/namespaces.h:13:0, from /home/lizj/linux/tools/perf/util/util.h:15, from /home/lizj/linux/tools/perf/util/util-cxx.h:20, from util/c++/clang-c.h:5, from util/c++/clang-test.cpp:2: /home/lizj/linux/tools/include/linux/list.h:107:14: error: invalid conversion from ‘void*’ to ‘list_head*’ [-fpermissive] Reported-by: Li Zhijian <lizhijian(a)cn.fujitsu.com> Cc: Adrian Hunter <adrian.hunter(a)intel.com> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: David Ahern <dsahern(a)gmail.com> Cc: Jiri Olsa <jolsa(a)kernel.org> Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: Philip Li <philip.li(a)intel.com> Cc: Wang Nan <wangnan0(a)huawei.com> Link: http://lkml.kernel.org/n/tip-m5ei2o0mjshucbr28baf5lqz@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/include/linux/poison.h | 5 +++++ 1 file changed, 5 insertions(+) --- a/tools/include/linux/poison.h +++ b/tools/include/linux/poison.h @@ -15,6 +15,10 @@ # define POISON_POINTER_DELTA 0 #endif +#ifdef __cplusplus +#define LIST_POISON1 NULL +#define LIST_POISON2 NULL +#else /* * These are non-NULL pointers that will result in page faults * under normal circumstances, used to verify that nobody uses @@ -22,6 +26,7 @@ */ #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) #define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA) +#endif /********** include/linux/timer.h **********/ /* Patches currently in stable-queue which might be from acme(a)redhat.com are queue-4.14/perf-tools-fix-leaking-rec_argv-in-error-cases.patch queue-4.14/perf-test-attr-fix-ignored-test-case-result.patch queue-4.14/perf-test-attr-fix-python-error-on-empty-result.patch queue-4.14/tools-include-do-not-use-poison-with-c.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "sysrq : fix Show Regs call trace on ARM" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sysrq : fix Show Regs call trace on ARM to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sysrq-fix-show-regs-call-trace-on-arm.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Jibin Xu <jibin.xu(a)windriver.com> Date: Sun, 10 Sep 2017 20:11:42 -0700 Subject: sysrq : fix Show Regs call trace on ARM From: Jibin Xu <jibin.xu(a)windriver.com> [ Upstream commit b00bebbc301c8e1f74f230dc82282e56b7e7a6db ] When kernel configuration SMP,PREEMPT and DEBUG_PREEMPT are enabled, echo 1 >/proc/sys/kernel/sysrq echo p >/proc/sysrq-trigger kernel will print call trace as below: sysrq: SysRq : Show Regs BUG: using __this_cpu_read() in preemptible [00000000] code: sh/435 caller is __this_cpu_preempt_check+0x18/0x20 Call trace: [<ffffff8008088e80>] dump_backtrace+0x0/0x1d0 [<ffffff8008089074>] show_stack+0x24/0x30 [<ffffff8008447970>] dump_stack+0x90/0xb0 [<ffffff8008463950>] check_preemption_disabled+0x100/0x108 [<ffffff8008463998>] __this_cpu_preempt_check+0x18/0x20 [<ffffff80084c9194>] sysrq_handle_showregs+0x1c/0x40 [<ffffff80084c9c7c>] __handle_sysrq+0x12c/0x1a0 [<ffffff80084ca140>] write_sysrq_trigger+0x60/0x70 [<ffffff8008251e00>] proc_reg_write+0x90/0xd0 [<ffffff80081f1788>] __vfs_write+0x48/0x90 [<ffffff80081f241c>] vfs_write+0xa4/0x190 [<ffffff80081f3354>] SyS_write+0x54/0xb0 [<ffffff80080833f0>] el0_svc_naked+0x24/0x28 This can be seen on a common board like an r-pi3. This happens because when echo p >/proc/sysrq-trigger, get_irq_regs() is called outside of IRQ context, if preemption is enabled in this situation,kernel will print the call trace. Since many prior discussions on the mailing lists have made it clear that get_irq_regs either just returns NULL or stale data when used outside of IRQ context,we simply avoid calling it outside of IRQ context. Signed-off-by: Jibin Xu <jibin.xu(a)windriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/sysrq.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -246,8 +246,10 @@ static void sysrq_handle_showallcpus(int * architecture has no support for it: */ if (!trigger_all_cpu_backtrace()) { - struct pt_regs *regs = get_irq_regs(); + struct pt_regs *regs = NULL; + if (in_irq()) + regs = get_irq_regs(); if (regs) { pr_info("CPU%d:\n", smp_processor_id()); show_regs(regs); @@ -266,7 +268,10 @@ static struct sysrq_key_op sysrq_showall static void sysrq_handle_showregs(int key) { - struct pt_regs *regs = get_irq_regs(); + struct pt_regs *regs = NULL; + + if (in_irq()) + regs = get_irq_regs(); if (regs) show_regs(regs); perf_event_print_debug(); Patches currently in stable-queue which might be from jibin.xu(a)windriver.com are queue-4.14/sysrq-fix-show-regs-call-trace-on-arm.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: rtl8822be: Keep array subscript no lower than zero" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8822be: Keep array subscript no lower than zero to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Larry Finger <Larry.Finger(a)lwfinger.net> Date: Sat, 23 Sep 2017 19:36:04 -0500 Subject: staging: rtl8822be: Keep array subscript no lower than zero From: Larry Finger <Larry.Finger(a)lwfinger.net> [ Upstream commit 43d15c2013130a9fa230c2f5203aca818ae0bb86 ] The kbuild test robot reports the following: drivers/staging//rtlwifi/phydm/phydm_dig.c: In function 'odm_pause_dig': drivers/staging//rtlwifi/phydm/phydm_dig.c:494:45: warning: array subscript is below array bounds [-Warray-bounds] odm_write_dig(dm, dig_tab->pause_dig_value[max_level]); This condition is caused when a loop falls through. The fix is to pin max_level to be >= 0. Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> c: kbuild test robot <fengguang.wu(a)intel.com> Fixes: 9ce99b04b5b82fdf11e4c76b60a5f82c1e541297 staging: r8822be: Add phydm mini driver Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtlwifi/phydm/phydm_dig.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/staging/rtlwifi/phydm/phydm_dig.c +++ b/drivers/staging/rtlwifi/phydm/phydm_dig.c @@ -490,6 +490,8 @@ void odm_pause_dig(void *dm_void, enum p break; } + /* pin max_level to be >= 0 */ + max_level = max_t(s8, 0, max_level); /* write IGI of lower level */ odm_write_dig(dm, dig_tab->pause_dig_value[max_level]); ODM_RT_TRACE(dm, ODM_COMP_DIG, Patches currently in stable-queue which might be from Larry.Finger(a)lwfinger.net are queue-4.14/staging-rtl8822be-fix-wrong-dma-unmap-len.patch queue-4.14/staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: rtl8822be: fix wrong dma unmap len" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8822be: fix wrong dma unmap len to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-rtl8822be-fix-wrong-dma-unmap-len.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Stanislaw Gruszka <sgruszka(a)redhat.com> Date: Mon, 23 Oct 2017 11:35:59 +0200 Subject: staging: rtl8822be: fix wrong dma unmap len From: Stanislaw Gruszka <sgruszka(a)redhat.com> [ Upstream commit c40a45a465e9eab72cfdd3ab69d15cf8ef8b89c8 ] Patch fixes splat: r8822be 0000:04:00.0: DMA-API: device driver frees DMA memory with different size [device address=0x0000000078477000] [map size=4096 bytes] [unmap size=424 bytes] <snip> Call Trace: debug_dma_unmap_page+0xa5/0xb0 ? unmap_single+0x2f/0x40 _rtl8822be_send_bcn_or_cmd_packet+0x2c5/0x300 [r8822be] ? _rtl8822be_send_bcn_or_cmd_packet+0x2c5/0x300 [r8822be] rtl8822b_halmac_cb_write_data_rsvd_page+0x51/0xc0 [r8822be] _halmac_write_data_rsvd_page+0x22/0x30 [r8822be] halmac_download_rsvd_page_88xx+0xee/0x1f0 [r8822be] halmac_dlfw_to_mem_88xx+0x80/0x120 [r8822be] halmac_download_firmware_88xx.part.47+0x477/0x600 [r8822be] halmac_download_firmware_88xx+0x32/0x40 [r8822be] rtl_halmac_dlfw+0x70/0x120 [r8822be] rtl_halmac_init_hal+0x5f/0x1b0 [r8822be] rtl8822be_hw_init+0x8a2/0x1040 [r8822be] Signed-off-by: Stanislaw Gruszka <sgruszka(a)redhat.com> Acked-by: Larry Finger <Larry.Finger(a)lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtlwifi/rtl8822be/fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/staging/rtlwifi/rtl8822be/fw.c +++ b/drivers/staging/rtlwifi/rtl8822be/fw.c @@ -419,7 +419,7 @@ static bool _rtl8822be_send_bcn_or_cmd_p dma_addr = rtlpriv->cfg->ops->get_desc( hw, (u8 *)pbd_desc, true, HW_DESC_TXBUFF_ADDR); - pci_unmap_single(rtlpci->pdev, dma_addr, skb->len, + pci_unmap_single(rtlpci->pdev, dma_addr, pskb->len, PCI_DMA_TODEVICE); kfree_skb(pskb); Patches currently in stable-queue which might be from sgruszka(a)redhat.com are queue-4.14/staging-rtl8822be-fix-wrong-dma-unmap-len.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: rtl8188eu: avoid a null dereference on pmlmepriv" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8188eu: avoid a null dereference on pmlmepriv to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Colin Ian King <colin.king(a)canonical.com> Date: Fri, 20 Oct 2017 20:40:24 +0200 Subject: staging: rtl8188eu: avoid a null dereference on pmlmepriv From: Colin Ian King <colin.king(a)canonical.com> [ Upstream commit 123c0aab0050cd0e07ce18e453389fbbb0a5a425 ] There is a check on pmlmepriv before dereferencing it when vfree'ing pmlmepriv->free_bss_buf however the previous call to rtw_free_mlme_priv_ie_data deferences pmlmepriv causing a null pointer deference if it is null. Avoid this by also calling rtw_free_mlme_priv_ie_data if the pointer is non-null. Detected by CoverityScan, CID#1230262 ("Dereference before null check") Fixes: 7b464c9fa5cc ("staging: r8188eu: Add files for new driver - part 4") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtl8188eu/core/rtw_mlme.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/staging/rtl8188eu/core/rtw_mlme.c +++ b/drivers/staging/rtl8188eu/core/rtw_mlme.c @@ -106,10 +106,10 @@ void rtw_free_mlme_priv_ie_data(struct m void rtw_free_mlme_priv(struct mlme_priv *pmlmepriv) { - rtw_free_mlme_priv_ie_data(pmlmepriv); - - if (pmlmepriv) + if (pmlmepriv) { + rtw_free_mlme_priv_ie_data(pmlmepriv); vfree(pmlmepriv->free_bss_buf); + } } struct wlan_network *_rtw_alloc_network(struct mlme_priv *pmlmepriv) Patches currently in stable-queue which might be from colin.king(a)canonical.com are queue-4.14/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: greybus: loopback: Fix iteration count on async path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: greybus: loopback: Fix iteration count on async path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-greybus-loopback-fix-iteration-count-on-async-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Bryan O'Donoghue <pure.logic(a)nexus-software.ie> Date: Mon, 6 Nov 2017 01:32:20 +0000 Subject: staging: greybus: loopback: Fix iteration count on async path From: Bryan O'Donoghue <pure.logic(a)nexus-software.ie> [ Upstream commit 44b02da39210e6dd67e39ff1f48d30c56d384240 ] Commit 12927835d211 ("greybus: loopback: Add asynchronous bi-directional support") does what it says on the tin - namely, adds support for asynchronous bi-directional loopback operations. What it neglects to do though is increment the per-connection gb->iteration_count on an asynchronous operation error. This patch fixes that omission. Fixes: 12927835d211 ("greybus: loopback: Add asynchronous bi-directional support") Signed-off-by: Bryan O'Donoghue <pure.logic(a)nexus-software.ie> Reported-by: Mitch Tasman <tasman(a)leaflabs.com> Reviewed-by: Johan Hovold <johan(a)kernel.org> Cc: Alex Elder <elder(a)kernel.org> Cc: Mitch Tasman <tasman(a)leaflabs.com> Cc: greybus-dev(a)lists.linaro.org Cc: devel(a)driverdev.osuosl.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/greybus/loopback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/staging/greybus/loopback.c +++ b/drivers/staging/greybus/loopback.c @@ -1042,8 +1042,10 @@ static int gb_loopback_fn(void *data) else if (type == GB_LOOPBACK_TYPE_SINK) error = gb_loopback_async_sink(gb, size); - if (error) + if (error) { gb->error++; + gb->iteration_count++; + } } else { /* We are effectively single threaded here */ if (type == GB_LOOPBACK_TYPE_PING) Patches currently in stable-queue which might be from pure.logic(a)nexus-software.ie are queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: fsl-mc/dpio: Fix incorrect comparison" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: fsl-mc/dpio: Fix incorrect comparison to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-fsl-mc-dpio-fix-incorrect-comparison.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Ioana Radulescu <ruxandra.radulescu(a)nxp.com> Date: Thu, 28 Sep 2017 09:10:33 -0500 Subject: staging: fsl-mc/dpio: Fix incorrect comparison From: Ioana Radulescu <ruxandra.radulescu(a)nxp.com> [ Upstream commit 8dabf52ffb6445fa5bcc8b6d2ecb615f60d0dd12 ] For some dpio functions, a cpu id parameter value of -1 is valid and means "any". But when trying to validate this param value against an upper limit, in this case num_possible_cpus(), we risk obtaining the wrong result due to an implicit cast. Avoid an incorrect check result by explicitly comparing the cpu id with the "any" value before verifying the upper bound. Signed-off-by: Ioana Radulescu <ruxandra.radulescu(a)nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/fsl-mc/bus/dpio/dpio-service.c | 4 ++-- drivers/staging/fsl-mc/include/dpaa2-io.h | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) --- a/drivers/staging/fsl-mc/bus/dpio/dpio-service.c +++ b/drivers/staging/fsl-mc/bus/dpio/dpio-service.c @@ -76,7 +76,7 @@ static inline struct dpaa2_io *service_s if (d) return d; - if (unlikely(cpu >= num_possible_cpus())) + if (cpu != DPAA2_IO_ANY_CPU && cpu >= num_possible_cpus()) return NULL; /* @@ -121,7 +121,7 @@ struct dpaa2_io *dpaa2_io_create(const s return NULL; /* check if CPU is out of range (-1 means any cpu) */ - if (desc->cpu >= num_possible_cpus()) { + if (desc->cpu != DPAA2_IO_ANY_CPU && desc->cpu >= num_possible_cpus()) { kfree(obj); return NULL; } --- a/drivers/staging/fsl-mc/include/dpaa2-io.h +++ b/drivers/staging/fsl-mc/include/dpaa2-io.h @@ -54,6 +54,8 @@ struct device; * for dequeue. */ +#define DPAA2_IO_ANY_CPU -1 + /** * struct dpaa2_io_desc - The DPIO descriptor * @receives_notifications: Use notificaton mode. Non-zero if the DPIO @@ -91,8 +93,8 @@ irqreturn_t dpaa2_io_irq(struct dpaa2_io * @cb: The callback to be invoked when the notification arrives * @is_cdan: Zero for FQDAN, non-zero for CDAN * @id: FQID or channel ID, needed for rearm - * @desired_cpu: The cpu on which the notifications will show up. -1 means - * any CPU. + * @desired_cpu: The cpu on which the notifications will show up. Use + * DPAA2_IO_ANY_CPU if don't care * @dpio_id: The dpio index * @qman64: The 64-bit context value shows up in the FQDAN/CDAN. * @node: The list node Patches currently in stable-queue which might be from ruxandra.radulescu(a)nxp.com are queue-4.14/staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch queue-4.14/staging-fsl-mc-dpio-fix-incorrect-comparison.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: fsl-dpaa2/eth: Account for Rx FD buffers on error path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: fsl-dpaa2/eth: Account for Rx FD buffers on error path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Ioana Radulescu <ruxandra.radulescu(a)nxp.com> Date: Wed, 11 Oct 2017 08:29:44 -0500 Subject: staging: fsl-dpaa2/eth: Account for Rx FD buffers on error path From: Ioana Radulescu <ruxandra.radulescu(a)nxp.com> [ Upstream commit cbb3ea40fc495bf04070200b35c1c4cd05d11bd3 ] On Rx path, if we fail to build an skb from the incoming FD, we still need to update the channel buffer count accordingly, otherwise we risk depleting the pool while the software counter still sees available buffers. Signed-off-by: Ioana Radulescu <ruxandra.radulescu(a)nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) --- a/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c +++ b/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c @@ -131,6 +131,8 @@ static struct sk_buff *build_linear_skb( u16 fd_offset = dpaa2_fd_get_offset(fd); u32 fd_length = dpaa2_fd_get_len(fd); + ch->buf_count--; + skb = build_skb(fd_vaddr, DPAA2_ETH_RX_BUF_SIZE + SKB_DATA_ALIGN(sizeof(struct skb_shared_info))); if (unlikely(!skb)) @@ -139,8 +141,6 @@ static struct sk_buff *build_linear_skb( skb_reserve(skb, fd_offset); skb_put(skb, fd_length); - ch->buf_count--; - return skb; } @@ -178,8 +178,15 @@ static struct sk_buff *build_frag_skb(st /* We build the skb around the first data buffer */ skb = build_skb(sg_vaddr, DPAA2_ETH_RX_BUF_SIZE + SKB_DATA_ALIGN(sizeof(struct skb_shared_info))); - if (unlikely(!skb)) - return NULL; + if (unlikely(!skb)) { + /* We still need to subtract the buffers used + * by this FD from our software counter + */ + while (!dpaa2_sg_is_final(&sgt[i]) && + i < DPAA2_ETH_MAX_SG_ENTRIES) + i++; + break; + } sg_offset = dpaa2_sg_get_offset(sge); skb_reserve(skb, sg_offset); Patches currently in stable-queue which might be from ruxandra.radulescu(a)nxp.com are queue-4.14/staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch queue-4.14/staging-fsl-mc-dpio-fix-incorrect-comparison.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "spi: spi-axi: fix potential use-after-free after deregistration" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: spi-axi: fix potential use-after-free after deregistration to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 30 Oct 2017 11:35:27 +0100 Subject: spi: spi-axi: fix potential use-after-free after deregistration From: Johan Hovold <johan(a)kernel.org> [ Upstream commit 4d5e0689dc9d5640ad46cdfbe1896b74d8df1661 ] Take an extra reference to the controller before deregistering it to prevent use-after-free in the interrupt handler in case an interrupt fires before the line is disabled. Fixes: b1353d1c1d45 ("spi: Add Analog Devices AXI SPI Engine controller support") Acked-by: Lars-Peter Clausen <lars(a)metafoo.de> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-axi-spi-engine.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/spi/spi-axi-spi-engine.c +++ b/drivers/spi/spi-axi-spi-engine.c @@ -553,7 +553,7 @@ err_put_master: static int spi_engine_remove(struct platform_device *pdev) { - struct spi_master *master = platform_get_drvdata(pdev); + struct spi_master *master = spi_master_get(platform_get_drvdata(pdev)); struct spi_engine *spi_engine = spi_master_get_devdata(master); int irq = platform_get_irq(pdev, 0); @@ -561,6 +561,8 @@ static int spi_engine_remove(struct plat free_irq(irq, master); + spi_master_put(master); + writel_relaxed(0xff, spi_engine->base + SPI_ENGINE_REG_INT_PENDING); writel_relaxed(0x00, spi_engine->base + SPI_ENGINE_REG_INT_ENABLE); writel_relaxed(0x01, spi_engine->base + SPI_ENGINE_REG_RESET); Patches currently in stable-queue which might be from johan(a)kernel.org are queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch queue-4.14/usb-serial-usb_debug-add-new-usb-device-id.patch queue-4.14/spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch queue-4.14/usb-serial-option-add-quectel-bg96-id.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "spi: sh-msiof: Fix DMA transfer size check" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: sh-msiof: Fix DMA transfer size check to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-sh-msiof-fix-dma-transfer-size-check.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> Date: Thu, 2 Nov 2017 10:32:36 +0100 Subject: spi: sh-msiof: Fix DMA transfer size check From: Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> [ Upstream commit 36735783fdb599c94b9c86824583df367c65900b ] DMA supports 32-bit words only, even if BITLEN1 of SITMDR2 register is 16bit. Fixes: b0d0ce8b6b91 ("spi: sh-msiof: Add DMA support") Signed-off-by: Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> Signed-off-by: Simon Horman <horms+renesas(a)verge.net.au> Acked-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Acked-by: Dirk Behme <dirk.behme(a)de.bosch.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-sh-msiof.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/spi/spi-sh-msiof.c +++ b/drivers/spi/spi-sh-msiof.c @@ -900,7 +900,7 @@ static int sh_msiof_transfer_one(struct break; copy32 = copy_bswap32; } else if (bits <= 16) { - if (l & 1) + if (l & 3) break; copy32 = copy_wswap32; } else { Patches currently in stable-queue which might be from hiromitsu.yamasaki.ym(a)renesas.com are queue-4.14/spi-sh-msiof-fix-dma-transfer-size-check.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: sh-sci: suppress warning for ports without dma channels" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: sh-sci: suppress warning for ports without dma channels to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Andy Lowe <andy_lowe(a)mentor.com> Date: Fri, 22 Sep 2017 20:29:30 +0200 Subject: serial: sh-sci: suppress warning for ports without dma channels From: Andy Lowe <andy_lowe(a)mentor.com> [ Upstream commit 7464779fa8551b90d5797d4020b0bdb7e6422eb9 ] If a port has no dma channel defined in the device tree, then don't attempt to allocate a dma channel for the port. Also suppress the warning message concerning the failure to allocate a dma channel. Continue to emit the warning message if a dma channel is defined but cannot be allocated. Signed-off-by: Andy Lowe <andy_lowe(a)mentor.com> Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/sh-sci.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -1491,6 +1491,14 @@ static void sci_request_dma(struct uart_ return; s->cookie_tx = -EINVAL; + + /* + * Don't request a dma channel if no channel was specified + * in the device tree. + */ + if (!of_find_property(port->dev->of_node, "dmas", NULL)) + return; + chan = sci_request_dma_chan(port, DMA_MEM_TO_DEV); dev_dbg(port->dev, "%s: TX: got channel %p\n", __func__, chan); if (chan) { Patches currently in stable-queue which might be from andy_lowe(a)mentor.com are queue-4.14/serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: imx: Update cached mctrl value when changing RTS" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: imx: Update cached mctrl value when changing RTS to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-imx-update-cached-mctrl-value-when-changing-rts.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Ian Jamison <ian.dev(a)arkver.com> Date: Thu, 21 Sep 2017 10:13:12 +0200 Subject: serial: imx: Update cached mctrl value when changing RTS From: Ian Jamison <ian.dev(a)arkver.com> [ Upstream commit a0983c742a5885f82afb282166f83f1d3d8addf4 ] UART core function uart_update_mctrl relies on a cached value of modem control lines. This was used but not updated by local RTS control functions within imx.c. These are used for RS485 line driver enable signalling. Having an out-of-date value in the cached mctrl can result in the transmitter being enabled when it shouldn't be. Fix this by updating the mctrl value before applying it. Signed-off-by: Ian Jamison <ian.dev(a)arkver.com> Origin: id:8195c96e674517b82a6ff7fe914c7ba0f86e702b.1505375165.git.ian.dev@arkver.com Acked-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Tested-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Tested-by: Clemens Gruber <clemens.gruber(a)pqgruber.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/imx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -334,7 +334,8 @@ static void imx_port_rts_active(struct i { *ucr2 &= ~(UCR2_CTSC | UCR2_CTS); - mctrl_gpio_set(sport->gpios, sport->port.mctrl | TIOCM_RTS); + sport->port.mctrl |= TIOCM_RTS; + mctrl_gpio_set(sport->gpios, sport->port.mctrl); } static void imx_port_rts_inactive(struct imx_port *sport, unsigned long *ucr2) @@ -342,7 +343,8 @@ static void imx_port_rts_inactive(struct *ucr2 &= ~UCR2_CTSC; *ucr2 |= UCR2_CTS; - mctrl_gpio_set(sport->gpios, sport->port.mctrl & ~TIOCM_RTS); + sport->port.mctrl &= ~TIOCM_RTS; + mctrl_gpio_set(sport->gpios, sport->port.mctrl); } static void imx_port_rts_auto(struct imx_port *sport, unsigned long *ucr2) Patches currently in stable-queue which might be from ian.dev(a)arkver.com are queue-4.14/serial-imx-update-cached-mctrl-value-when-changing-rts.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Lukas Wunner <lukas(a)wunner.de> Date: Sat, 28 Oct 2017 11:35:49 +0200 Subject: serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() From: Lukas Wunner <lukas(a)wunner.de> [ Upstream commit 3236a965486ba0c6043cf2c7b51943d8b382ae29 ] This driver's ->rs485_config callback checks if SER_RS485_RTS_ON_SEND and SER_RS485_RTS_AFTER_SEND have the same value. If they do, it means the user has passed in invalid data with the TIOCSRS485 ioctl() since RTS must have a different polarity when sending and when not sending. In this case, rs485 mode is not enabled (the RS485_URA bit is not set in the RS485 Enable Register) and this is supposed to be signaled back to the user by clearing the SER_RS485_ENABLED bit in struct serial_rs485 ... except a missing tilde character is preventing that from happening. Fixes: 28e3fb6c4dce ("serial: Add support for Fintek F81216A LPC to 4 UART") Cc: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> Cc: "Ji-Ze Hong (Peter Hong)" <hpeter(a)gmail.com> Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_fintek.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/tty/serial/8250/8250_fintek.c +++ b/drivers/tty/serial/8250/8250_fintek.c @@ -211,7 +211,7 @@ static int fintek_8250_rs485_config(stru if ((!!(rs485->flags & SER_RS485_RTS_ON_SEND)) == (!!(rs485->flags & SER_RS485_RTS_AFTER_SEND))) - rs485->flags &= SER_RS485_ENABLED; + rs485->flags &= ~SER_RS485_ENABLED; else config |= RS485_URA; Patches currently in stable-queue which might be from lukas(a)wunner.de are queue-4.14/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-8250-preserve-dld-for-port_xr17v35x.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Aaron Sierra <asierra(a)xes-inc.com> Date: Wed, 4 Oct 2017 10:01:28 -0500 Subject: serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X From: Aaron Sierra <asierra(a)xes-inc.com> [ Upstream commit 0ab84da2e076948c49d36197ee7d254125c53eab ] The upper four bits of the XR17V35x fractional divisor register (DLD) control general chip function (RS-485 direction pin polarity, multidrop mode, XON/XOFF parity check, and fast IR mode). Don't allow these bits to be clobbered when setting the baudrate. Signed-off-by: Aaron Sierra <asierra(a)xes-inc.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2586,8 +2586,11 @@ static void serial8250_set_divisor(struc serial_dl_write(up, quot); /* XR17V35x UARTs have an extra fractional divisor register (DLD) */ - if (up->port.type == PORT_XR17V35X) + if (up->port.type == PORT_XR17V35X) { + /* Preserve bits not related to baudrate; DLD[7:4]. */ + quot_frac |= serial_port_in(port, 0x2) & 0xf0; serial_port_out(port, 0x2, quot_frac); + } } static unsigned int serial8250_get_baud_rate(struct uart_port *port, Patches currently in stable-queue which might be from asierra(a)xes-inc.com are queue-4.14/serial-8250-preserve-dld-for-port_xr17v35x.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "selftests/x86/ldt_get: Add a few additional tests for limits" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled selftests/x86/ldt_get: Add a few additional tests for limits to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Andy Lutomirski <luto(a)kernel.org> Date: Sat, 4 Nov 2017 04:19:52 -0700 Subject: selftests/x86/ldt_get: Add a few additional tests for limits From: Andy Lutomirski <luto(a)kernel.org> [ Upstream commit fec8f5ae1715a01c72ad52cb2ecd8aacaf142302 ] We weren't testing the .limit and .limit_in_pages fields very well. Add more tests. This addition seems to trigger the "bits 16:19 are undefined" issue that was fixed in an earlier patch. I think that, at least on my CPU, the high nibble of the limit ends in LAR bits 16:19. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/5601c15ea9b3113d288953fd2838b18bedf6bc67.150979432… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/x86/ldt_gdt.c +++ b/tools/testing/selftests/x86/ldt_gdt.c @@ -367,9 +367,24 @@ static void do_simple_tests(void) install_invalid(&desc, false); desc.seg_not_present = 0; - desc.read_exec_only = 0; desc.seg_32bit = 1; + desc.read_exec_only = 0; + desc.limit = 0xfffff; + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB); + + desc.limit_in_pages = 1; + + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB | AR_G); + desc.read_exec_only = 1; + install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P | AR_DB | AR_G); + desc.contents = 1; + desc.read_exec_only = 0; + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); + desc.read_exec_only = 1; + install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); + + desc.limit = 0; install_invalid(&desc, true); } Patches currently in stable-queue which might be from luto(a)kernel.org are queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Andy Lutomirski <luto(a)kernel.org> Date: Sat, 4 Nov 2017 04:19:49 -0700 Subject: selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities From: Andy Lutomirski <luto(a)kernel.org> [ Upstream commit d60ad744c9741586010d4bea286f09a063a90fbd ] Bits 19:16 of LAR's result are undefined, and some upcoming improvements to the test case seem to trigger this. Mask off those bits to avoid spurious failures. commit 5b781c7e317f ("x86/tls: Forcibly set the accessed bit in TLS segments") adds a valid case in which LAR's output doesn't quite agree with set_thread_area()'s input. This isn't triggered in the test as is, but it will be if we start calling set_thread_area() with the accessed bit clear. Work around this discrepency. I've added a Fixes tag so that -stable can pick this up if neccesary. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 5b781c7e317f ("x86/tls: Forcibly set the accessed bit in TLS segments") Link: http://lkml.kernel.org/r/b82f3f89c034b53580970ac865139fd8863f44e2.150979432… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/x86/ldt_gdt.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/x86/ldt_gdt.c +++ b/tools/testing/selftests/x86/ldt_gdt.c @@ -115,7 +115,15 @@ static void check_valid_segment(uint16_t return; } - if (ar != expected_ar) { + /* The SDM says "bits 19:16 are undefined". Thanks. */ + ar &= ~0xF0000; + + /* + * NB: Different Linux versions do different things with the + * accessed bit in set_thread_area(). + */ + if (ar != expected_ar && + (ldt || ar != (expected_ar | AR_ACCESSED))) { printf("[FAIL]\t%s entry %hu has AR 0x%08X but expected 0x%08X\n", (ldt ? "LDT" : "GDT"), index, ar, expected_ar); nerrs++; Patches currently in stable-queue which might be from luto(a)kernel.org are queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "s390: vfio-ccw: Do not attempt to free no-op, test and tic cda." has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390: vfio-ccw: Do not attempt to free no-op, test and tic cda. to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: "Jason J. Herne" <jjherne(a)linux.vnet.ibm.com> Date: Tue, 7 Nov 2017 10:22:32 -0500 Subject: s390: vfio-ccw: Do not attempt to free no-op, test and tic cda. From: "Jason J. Herne" <jjherne(a)linux.vnet.ibm.com> [ Upstream commit 408358b50deaf59b07c82a7bff8c7e7cce031fae ] Because we do not make use of the cda (channel data address) for test, no-op ccws no address translation takes place. This means cda could contain a guest address which we do not want to attempt to free. Let's check the command type and skip cda free when it is not needed. For a TIC ccw, ccw->cda points to either a ccw in an existing chain or it points to a whole new allocated chain. In either case the data will be freed when the owning chain is freed. Signed-off-by: Jason J. Herne <jjherne(a)linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel(a)linux.vnet.ibm.com> Message-Id: <1510068152-21988-1-git-send-email-jjherne(a)linux.vnet.ibm.com> Reviewed-by: Halil Pasic <pasic(a)linux.vnet.ibm.com> Acked-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/cio/vfio_ccw_cp.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -330,6 +330,8 @@ static void ccwchain_cda_free(struct ccw { struct ccw1 *ccw = chain->ch_ccw + idx; + if (ccw_is_test(ccw) || ccw_is_noop(ccw) || ccw_is_tic(ccw)) + return; if (!ccw->count) return; Patches currently in stable-queue which might be from jjherne(a)linux.vnet.ibm.com are queue-4.14/s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "s390/ptrace: fix guarded storage regset handling" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/ptrace: fix guarded storage regset handling to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-ptrace-fix-guarded-storage-regset-handling.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Heiko Carstens <heiko.carstens(a)de.ibm.com> Date: Mon, 11 Sep 2017 11:24:23 +0200 Subject: s390/ptrace: fix guarded storage regset handling From: Heiko Carstens <heiko.carstens(a)de.ibm.com> [ Upstream commit 5ef2d5231d547c672c67bdf84c13a4adaf477964 ] If the guarded storage regset for current is supposed to be changed, the regset from user space is copied directly into the guarded storage control block. If then the process gets scheduled away while the control block is being copied and before the new control block has been loaded, the result is random: the process can be scheduled away due to a page fault or preemption. If that happens the already copied parts will be overwritten by save_gs_cb(), called from switch_to(). Avoid this by copying the data to a temporary buffer on the stack and do the actual update with preemption disabled. Fixes: f5bbd7219891 ("s390/ptrace: guarded storage regset for the current task") Signed-off-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/s390/kernel/ptrace.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c @@ -1172,26 +1172,37 @@ static int s390_gs_cb_set(struct task_st unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { - struct gs_cb *data = target->thread.gs_cb; + struct gs_cb gs_cb = { }, *data = NULL; int rc; if (!MACHINE_HAS_GS) return -ENODEV; - if (!data) { + if (!target->thread.gs_cb) { data = kzalloc(sizeof(*data), GFP_KERNEL); if (!data) return -ENOMEM; - data->gsd = 25; - target->thread.gs_cb = data; - if (target == current) - __ctl_set_bit(2, 4); - } else if (target == current) { - save_gs_cb(data); } + if (!target->thread.gs_cb) + gs_cb.gsd = 25; + else if (target == current) + save_gs_cb(&gs_cb); + else + gs_cb = *target->thread.gs_cb; rc = user_regset_copyin(&pos, &count, &kbuf, &ubuf, - data, 0, sizeof(struct gs_cb)); - if (target == current) - restore_gs_cb(data); + &gs_cb, 0, sizeof(gs_cb)); + if (rc) { + kfree(data); + return -EFAULT; + } + preempt_disable(); + if (!target->thread.gs_cb) + target->thread.gs_cb = data; + *target->thread.gs_cb = gs_cb; + if (target == current) { + __ctl_set_bit(2, 4); + restore_gs_cb(target->thread.gs_cb); + } + preempt_enable(); return rc; } Patches currently in stable-queue which might be from heiko.carstens(a)de.ibm.com are queue-4.14/s390-ptrace-fix-guarded-storage-regset-handling.patch queue-4.14/s390-pci-do-not-require-ais-facility.patch queue-4.14/perf-test-attr-fix-ignored-test-case-result.patch queue-4.14/s390-runtime-instrumentation-simplify-task-exit-handling.patch queue-4.14/perf-test-attr-fix-python-error-on-empty-result.patch

7 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror