This is a note to let you know that I've just added the patch titled
netlink: add a start callback for starting a netlink dump
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
netlink-add-a-start-callback-for-starting-a-netlink-dump.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 Mon Sep 17 00:00:00 2001
From: Tom Herbert <tom(a)herbertland.com>
Date: Tue, 15 Dec 2015 15:41:37 -0800
Subject: netlink: add a start callback for starting a netlink dump
From: Tom Herbert <tom(a)herbertland.com>
commit fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 upstream.
The start callback allows the caller to set up a context for the
dump callbacks. Presumably, the context can then be destroyed in
the done callback.
Signed-off-by: Tom Herbert <tom(a)herbertland.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Cc: Guenter Roeck <linux(a)roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
include/linux/netlink.h | 2 ++
include/net/genetlink.h | 2 ++
net/netlink/af_netlink.c | 4 ++++
net/netlink/genetlink.c | 16 ++++++++++++++++
4 files changed, 24 insertions(+)
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -131,6 +131,7 @@ netlink_skb_clone(struct sk_buff *skb, g
struct netlink_callback {
struct sk_buff *skb;
const struct nlmsghdr *nlh;
+ int (*start)(struct netlink_callback *);
int (*dump)(struct sk_buff * skb,
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
@@ -153,6 +154,7 @@ struct nlmsghdr *
__nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int flags);
struct netlink_dump_control {
+ int (*start)(struct netlink_callback *);
int (*dump)(struct sk_buff *skb, struct netlink_callback *);
int (*done)(struct netlink_callback *);
void *data;
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -114,6 +114,7 @@ static inline void genl_info_net_set(str
* @flags: flags
* @policy: attribute validation policy
* @doit: standard command callback
+ * @start: start callback for dumps
* @dumpit: callback for dumpers
* @done: completion callback for dumps
* @ops_list: operations list
@@ -122,6 +123,7 @@ struct genl_ops {
const struct nla_policy *policy;
int (*doit)(struct sk_buff *skb,
struct genl_info *info);
+ int (*start)(struct netlink_callback *cb);
int (*dumpit)(struct sk_buff *skb,
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2203,6 +2203,7 @@ int __netlink_dump_start(struct sock *ss
cb = &nlk->cb;
memset(cb, 0, sizeof(*cb));
+ cb->start = control->start;
cb->dump = control->dump;
cb->done = control->done;
cb->nlh = nlh;
@@ -2216,6 +2217,9 @@ int __netlink_dump_start(struct sock *ss
mutex_unlock(nlk->cb_mutex);
+ if (cb->start)
+ cb->start(cb);
+
ret = netlink_dump(sk);
sock_put(sk);
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -513,6 +513,20 @@ void *genlmsg_put(struct sk_buff *skb, u
}
EXPORT_SYMBOL(genlmsg_put);
+static int genl_lock_start(struct netlink_callback *cb)
+{
+ /* our ops are always const - netlink API doesn't propagate that */
+ const struct genl_ops *ops = cb->data;
+ int rc = 0;
+
+ if (ops->start) {
+ genl_lock();
+ rc = ops->start(cb);
+ genl_unlock();
+ }
+ return rc;
+}
+
static int genl_lock_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
{
/* our ops are always const - netlink API doesn't propagate that */
@@ -577,6 +591,7 @@ static int genl_family_rcv_msg(struct ge
.module = family->module,
/* we have const, but the netlink API doesn't */
.data = (void *)ops,
+ .start = genl_lock_start,
.dump = genl_lock_dumpit,
.done = genl_lock_done,
};
@@ -588,6 +603,7 @@ static int genl_family_rcv_msg(struct ge
} else {
struct netlink_dump_control c = {
.module = family->module,
+ .start = ops->start,
.dump = ops->dumpit,
.done = ops->done,
};
Patches currently in stable-queue which might be from tom(a)herbertland.com are
queue-4.4/netlink-add-a-start-callback-for-starting-a-netlink-dump.patch
This is a note to let you know that I've just added the patch titled
netlink: add a start callback for starting a netlink dump
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
netlink-add-a-start-callback-for-starting-a-netlink-dump.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 Mon Sep 17 00:00:00 2001
From: Tom Herbert <tom(a)herbertland.com>
Date: Tue, 15 Dec 2015 15:41:37 -0800
Subject: netlink: add a start callback for starting a netlink dump
From: Tom Herbert <tom(a)herbertland.com>
commit fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 upstream.
The start callback allows the caller to set up a context for the
dump callbacks. Presumably, the context can then be destroyed in
the done callback.
Signed-off-by: Tom Herbert <tom(a)herbertland.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Cc: Guenter Roeck <linux(a)roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
include/linux/netlink.h | 2 ++
include/net/genetlink.h | 2 ++
net/netlink/af_netlink.c | 4 ++++
net/netlink/genetlink.c | 16 ++++++++++++++++
4 files changed, 24 insertions(+)
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -120,6 +120,7 @@ netlink_skb_clone(struct sk_buff *skb, g
struct netlink_callback {
struct sk_buff *skb;
const struct nlmsghdr *nlh;
+ int (*start)(struct netlink_callback *);
int (*dump)(struct sk_buff * skb,
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
@@ -142,6 +143,7 @@ struct nlmsghdr *
__nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int flags);
struct netlink_dump_control {
+ int (*start)(struct netlink_callback *);
int (*dump)(struct sk_buff *skb, struct netlink_callback *);
int (*done)(struct netlink_callback *);
void *data;
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -106,6 +106,7 @@ static inline void genl_info_net_set(str
* @flags: flags
* @policy: attribute validation policy
* @doit: standard command callback
+ * @start: start callback for dumps
* @dumpit: callback for dumpers
* @done: completion callback for dumps
* @ops_list: operations list
@@ -114,6 +115,7 @@ struct genl_ops {
const struct nla_policy *policy;
int (*doit)(struct sk_buff *skb,
struct genl_info *info);
+ int (*start)(struct netlink_callback *cb);
int (*dumpit)(struct sk_buff *skb,
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2043,6 +2043,7 @@ int __netlink_dump_start(struct sock *ss
cb = &nlk->cb;
memset(cb, 0, sizeof(*cb));
+ cb->start = control->start;
cb->dump = control->dump;
cb->done = control->done;
cb->nlh = nlh;
@@ -2056,6 +2057,9 @@ int __netlink_dump_start(struct sock *ss
mutex_unlock(nlk->cb_mutex);
+ if (cb->start)
+ cb->start(cb);
+
ret = netlink_dump(sk);
sock_put(sk);
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -507,6 +507,20 @@ void *genlmsg_put(struct sk_buff *skb, u
}
EXPORT_SYMBOL(genlmsg_put);
+static int genl_lock_start(struct netlink_callback *cb)
+{
+ /* our ops are always const - netlink API doesn't propagate that */
+ const struct genl_ops *ops = cb->data;
+ int rc = 0;
+
+ if (ops->start) {
+ genl_lock();
+ rc = ops->start(cb);
+ genl_unlock();
+ }
+ return rc;
+}
+
static int genl_lock_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
{
/* our ops are always const - netlink API doesn't propagate that */
@@ -571,6 +585,7 @@ static int genl_family_rcv_msg(struct ge
.module = family->module,
/* we have const, but the netlink API doesn't */
.data = (void *)ops,
+ .start = genl_lock_start,
.dump = genl_lock_dumpit,
.done = genl_lock_done,
};
@@ -582,6 +597,7 @@ static int genl_family_rcv_msg(struct ge
} else {
struct netlink_dump_control c = {
.module = family->module,
+ .start = ops->start,
.dump = ops->dumpit,
.done = ops->done,
};
Patches currently in stable-queue which might be from tom(a)herbertland.com are
queue-3.18/netlink-add-a-start-callback-for-starting-a-netlink-dump.patch
This is a note to let you know that I've just added the patch titled
ipsec: Fix aborted xfrm policy dump crash
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
ipsec-fix-aborted-xfrm-policy-dump-crash.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 1137b5e2529a8f5ca8ee709288ecba3e68044df2 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert(a)gondor.apana.org.au>
Date: Thu, 19 Oct 2017 20:51:10 +0800
Subject: ipsec: Fix aborted xfrm policy dump crash
From: Herbert Xu <herbert(a)gondor.apana.org.au>
commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2 upstream.
An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.
The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash. This can be
triggered if a dump fails because the target socket's receive
buffer is full.
This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.
Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com>
Cc: Guenter Roeck <linux(a)roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
net/xfrm/xfrm_user.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1625,32 +1625,34 @@ static int dump_one_policy(struct xfrm_p
static int xfrm_dump_policy_done(struct netlink_callback *cb)
{
- struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
+ struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
struct net *net = sock_net(cb->skb->sk);
xfrm_policy_walk_done(walk, net);
return 0;
}
+static int xfrm_dump_policy_start(struct netlink_callback *cb)
+{
+ struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
+
+ BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args));
+
+ xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
+ return 0;
+}
+
static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)
{
struct net *net = sock_net(skb->sk);
- struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
+ struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
struct xfrm_dump_info info;
- BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) >
- sizeof(cb->args) - sizeof(cb->args[0]));
-
info.in_skb = cb->skb;
info.out_skb = skb;
info.nlmsg_seq = cb->nlh->nlmsg_seq;
info.nlmsg_flags = NLM_F_MULTI;
- if (!cb->args[0]) {
- cb->args[0] = 1;
- xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
- }
-
(void) xfrm_policy_walk(net, walk, dump_one_policy, &info);
return skb->len;
@@ -2384,6 +2386,7 @@ static const struct nla_policy xfrma_spd
static const struct xfrm_link {
int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
+ int (*start)(struct netlink_callback *);
int (*dump)(struct sk_buff *, struct netlink_callback *);
int (*done)(struct netlink_callback *);
const struct nla_policy *nla_pol;
@@ -2397,6 +2400,7 @@ static const struct xfrm_link {
[XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
[XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy },
[XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy,
+ .start = xfrm_dump_policy_start,
.dump = xfrm_dump_policy,
.done = xfrm_dump_policy_done },
[XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
@@ -2443,6 +2447,7 @@ static int xfrm_user_rcv_msg(struct sk_b
{
struct netlink_dump_control c = {
+ .start = link->start,
.dump = link->dump,
.done = link->done,
};
Patches currently in stable-queue which might be from herbert(a)gondor.apana.org.au are
queue-3.18/ipsec-fix-aborted-xfrm-policy-dump-crash.patch
From: Martin Kelly <mkelly(a)xevo.com>
Currently, when you disconnect the device, the driver infinitely
resubmits all URBs, so you see:
Rx URB aborted (-32)
in an infinite loop.
Fix this by catching -EPIPE (what we get in urb->status when the device
disconnects) and not resubmitting.
With this patch, I can plug and unplug many times and the driver
recovers correctly.
Signed-off-by: Martin Kelly <mkelly(a)xevo.com>
Cc: linux-stable <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/usb/mcba_usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/can/usb/mcba_usb.c b/drivers/net/can/usb/mcba_usb.c
index c4355f0a20d5..ef417dcddbf7 100644
--- a/drivers/net/can/usb/mcba_usb.c
+++ b/drivers/net/can/usb/mcba_usb.c
@@ -592,6 +592,7 @@ static void mcba_usb_read_bulk_callback(struct urb *urb)
break;
case -ENOENT:
+ case -EPIPE:
case -ESHUTDOWN:
return;
--
2.15.0
From: Stephane Grosjean <s.grosjean(a)peak-system.com>
PCI/PCIe drivers for PEAK-System CAN/CAN-FD interfaces do some access to the
PCI config during probing. In case one of these accesses fails, a POSITIVE
PCIBIOS_xxx error code is returned back. This POSITIVE error code MUST be
converted into a NEGATIVE errno for the probe() function to indicate it
failed. Using the pcibios_err_to_errno() function, we make sure that the
return code will always be negative.
Signed-off-by: Stephane Grosjean <s.grosjean(a)peak-system.com>
Cc: linux-stable <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/peak_canfd/peak_pciefd_main.c | 5 ++++-
drivers/net/can/sja1000/peak_pci.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/peak_canfd/peak_pciefd_main.c b/drivers/net/can/peak_canfd/peak_pciefd_main.c
index b4efd711f824..788c3464a3b0 100644
--- a/drivers/net/can/peak_canfd/peak_pciefd_main.c
+++ b/drivers/net/can/peak_canfd/peak_pciefd_main.c
@@ -825,7 +825,10 @@ static int peak_pciefd_probe(struct pci_dev *pdev,
err_disable_pci:
pci_disable_device(pdev);
- return err;
+ /* pci_xxx_config_word() return positive PCIBIOS_xxx error codes while
+ * the probe() function must return a negative errno in case of failure
+ * (err is unchanged if negative) */
+ return pcibios_err_to_errno(err);
}
/* free the board structure object, as well as its resources: */
diff --git a/drivers/net/can/sja1000/peak_pci.c b/drivers/net/can/sja1000/peak_pci.c
index 131026fbc2d7..5adc95c922ee 100644
--- a/drivers/net/can/sja1000/peak_pci.c
+++ b/drivers/net/can/sja1000/peak_pci.c
@@ -717,7 +717,10 @@ static int peak_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
failure_disable_pci:
pci_disable_device(pdev);
- return err;
+ /* pci_xxx_config_word() return positive PCIBIOS_xxx error codes while
+ * the probe() function must return a negative errno in case of failure
+ * (err is unchanged if negative) */
+ return pcibios_err_to_errno(err);
}
static void peak_pci_remove(struct pci_dev *pdev)
--
2.15.0
From: Oliver Stäbler <oliver.staebler(a)bytesatwork.ch>
After commit d75b1ade567f ("net: less interrupt masking in NAPI") napi
repoll is done only when work_done == budget.
So we need to return budget if there are still packets to receive.
Signed-off-by: Oliver Stäbler <oliver.staebler(a)bytesatwork.ch>
Cc: linux-stable <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/ti_hecc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/can/ti_hecc.c b/drivers/net/can/ti_hecc.c
index 4d4941469cfc..db6ea936dc3f 100644
--- a/drivers/net/can/ti_hecc.c
+++ b/drivers/net/can/ti_hecc.c
@@ -637,6 +637,9 @@ static int ti_hecc_rx_poll(struct napi_struct *napi, int quota)
mbx_mask = hecc_read(priv, HECC_CANMIM);
mbx_mask |= HECC_TX_MBOX_MASK;
hecc_write(priv, HECC_CANMIM, mbx_mask);
+ } else {
+ /* repoll is done only if whole budget is used */
+ num_pkts = quota;
}
return num_pkts;
--
2.15.0
From: Jimmy Assarsson <jimmyassarsson(a)gmail.com>
The conditon in the while-loop becomes true when actual_length is less than
2 (MSG_HEADER_LEN). In best case we end up with a former, already
dispatched msg, that got msg->len greater than actual_length. This will
result in a "Format error" error printout.
Problem seen when unplugging a Kvaser USB device connected to a vbox guest.
warning: comparison between signed and unsigned integer expressions
[-Wsign-compare]
Signed-off-by: Jimmy Assarsson <jimmyassarsson(a)gmail.com>
Cc: linux-stable <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
---
drivers/net/can/usb/kvaser_usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c
index 075644591498..d87e330a20b3 100644
--- a/drivers/net/can/usb/kvaser_usb.c
+++ b/drivers/net/can/usb/kvaser_usb.c
@@ -1334,7 +1334,7 @@ static void kvaser_usb_read_bulk_callback(struct urb *urb)
goto resubmit_urb;
}
- while (pos <= urb->actual_length - MSG_HEADER_LEN) {
+ while (pos <= (int)(urb->actual_length - MSG_HEADER_LEN)) {
msg = urb->transfer_buffer + pos;
/* The Kvaser firmware can only read and write messages that
--
2.15.0
From: Johannes Berg <johannes.berg(a)intel.com>
Before deleting a time event (remain-on-channel instance), flush
the queue so that frames cannot get stuck on it. We already flush
the AUX STA queues, but a separate station is used for the P2P
Device queue.
Cc: stable(a)vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg(a)intel.com>
Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com>
---
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 ++
.../net/wireless/intel/iwlwifi/mvm/time-event.c | 24 ++++++++++++++++++++--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
index 6a9a25beab3f..55ab5349dd40 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
@@ -1061,6 +1061,7 @@ struct iwl_mvm {
* @IWL_MVM_STATUS_ROC_AUX_RUNNING: AUX remain-on-channel is running
* @IWL_MVM_STATUS_D3_RECONFIG: D3 reconfiguration is being done
* @IWL_MVM_STATUS_FIRMWARE_RUNNING: firmware is running
+ * @IWL_MVM_STATUS_NEED_FLUSH_P2P: need to flush P2P bcast STA
*/
enum iwl_mvm_status {
IWL_MVM_STATUS_HW_RFKILL,
@@ -1072,6 +1073,7 @@ enum iwl_mvm_status {
IWL_MVM_STATUS_ROC_AUX_RUNNING,
IWL_MVM_STATUS_D3_RECONFIG,
IWL_MVM_STATUS_FIRMWARE_RUNNING,
+ IWL_MVM_STATUS_NEED_FLUSH_P2P,
};
/* Keep track of completed init configuration */
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
index 4d0314912e94..e25cda9fbf6c 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
@@ -132,6 +132,24 @@ void iwl_mvm_roc_done_wk(struct work_struct *wk)
* executed, and a new time event means a new command.
*/
iwl_mvm_flush_sta(mvm, &mvm->aux_sta, true, CMD_ASYNC);
+
+ /* Do the same for the P2P device queue (STA) */
+ if (test_and_clear_bit(IWL_MVM_STATUS_NEED_FLUSH_P2P, &mvm->status)) {
+ struct iwl_mvm_vif *mvmvif;
+
+ /*
+ * NB: access to this pointer would be racy, but the flush bit
+ * can only be set when we had a P2P-Device VIF, and we have a
+ * flush of this work in iwl_mvm_prepare_mac_removal() so it's
+ * not really racy.
+ */
+
+ if (!WARN_ON(!mvm->p2p_device_vif)) {
+ mvmvif = iwl_mvm_vif_from_mac80211(mvm->p2p_device_vif);
+ iwl_mvm_flush_sta(mvm, &mvmvif->bcast_sta, true,
+ CMD_ASYNC);
+ }
+ }
}
static void iwl_mvm_roc_finished(struct iwl_mvm *mvm)
@@ -855,10 +873,12 @@ void iwl_mvm_stop_roc(struct iwl_mvm *mvm)
mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif);
- if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE)
+ if (te_data->vif->type == NL80211_IFTYPE_P2P_DEVICE) {
iwl_mvm_remove_time_event(mvm, mvmvif, te_data);
- else
+ set_bit(IWL_MVM_STATUS_NEED_FLUSH_P2P, &mvm->status);
+ } else {
iwl_mvm_remove_aux_roc_te(mvm, mvmvif, te_data);
+ }
iwl_mvm_roc_finished(mvm);
}
--
2.15.0
xHC can generate two events for a short transfer if the short TRB and
last TRB in the TD are not the same TRB.
The driver will handle the TD after the first short event, and remove
it from its internal list. Driver then incorrectly prints a warning
for the second event:
"WARN Event TRB for slot x ep y with no TDs queued"
Fix this by not printing a warning if we get a event on a empty list
if the previous event was a short event.
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
---
drivers/usb/host/xhci-ring.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index c239c68..6eb87c6 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -2477,12 +2477,16 @@ static int handle_tx_event(struct xhci_hcd *xhci,
*/
if (list_empty(&ep_ring->td_list)) {
/*
- * A stopped endpoint may generate an extra completion
- * event if the device was suspended. Don't print
- * warnings.
+ * Don't print wanings if it's due to a stopped endpoint
+ * generating an extra completion event if the device
+ * was suspended. Or, a event for the last TRB of a
+ * short TD we already got a short event for.
+ * The short TD is already removed from the TD list.
*/
+
if (!(trb_comp_code == COMP_STOPPED ||
- trb_comp_code == COMP_STOPPED_LENGTH_INVALID)) {
+ trb_comp_code == COMP_STOPPED_LENGTH_INVALID ||
+ ep_ring->last_td_was_short)) {
xhci_warn(xhci, "WARN Event TRB for slot %d ep %d with no TDs queued?\n",
TRB_TO_SLOT_ID(le32_to_cpu(event->flags)),
ep_index);
--
2.7.4
The commit de3ee99b097d ("mmc: Delete bounce buffer handling") deletes the
bounce buffer handling, but also causes the max_req_size for sdhci to be
increased, in case when max_segs == 1. This causes errors for sdhci-pci
Ricoh variant, about the swiotlb buffer to become full.
Fix the issue, by taking IO_TLB_SEGSIZE and IO_TLB_SHIFT into account when
deciding the max_req_size for sdhci.
Reported-by: Jiri Slaby <jslaby(a)suse.cz>
Fixes: de3ee99b097d ("mmc: Delete bounce buffer handling")
Cc: <stable(a)vger.kernel.org> # v4.14+
Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org>
Tested-by: Jiri Slaby <jslaby(a)suse.cz>
---
drivers/mmc/host/sdhci.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
index 2f14334..e9290a3 100644
--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -21,6 +21,7 @@
#include <linux/dma-mapping.h>
#include <linux/slab.h>
#include <linux/scatterlist.h>
+#include <linux/swiotlb.h>
#include <linux/regulator/consumer.h>
#include <linux/pm_runtime.h>
#include <linux/of.h>
@@ -3651,22 +3652,29 @@ int sdhci_setup_host(struct sdhci_host *host)
spin_lock_init(&host->lock);
/*
+ * Maximum number of sectors in one transfer. Limited by SDMA boundary
+ * size (512KiB). Note some tuning modes impose a 4MiB limit, but this
+ * is less anyway.
+ */
+ mmc->max_req_size = 524288;
+
+ /*
* Maximum number of segments. Depends on if the hardware
* can do scatter/gather or not.
*/
- if (host->flags & SDHCI_USE_ADMA)
+ if (host->flags & SDHCI_USE_ADMA) {
mmc->max_segs = SDHCI_MAX_SEGS;
- else if (host->flags & SDHCI_USE_SDMA)
+ } else if (host->flags & SDHCI_USE_SDMA) {
mmc->max_segs = 1;
- else /* PIO */
+ if (swiotlb_max_segment()) {
+ unsigned int max_req_size = (1 << IO_TLB_SHIFT) *
+ IO_TLB_SEGSIZE;
+ mmc->max_req_size = min(mmc->max_req_size,
+ max_req_size);
+ }
+ } else { /* PIO */
mmc->max_segs = SDHCI_MAX_SEGS;
-
- /*
- * Maximum number of sectors in one transfer. Limited by SDMA boundary
- * size (512KiB). Note some tuning modes impose a 4MiB limit, but this
- * is less anyway.
- */
- mmc->max_req_size = 524288;
+ }
/*
* Maximum segment size. Could be one segment with the maximum number
--
2.7.4
BCM43341 devices soldered onto the PCB (non-removable) always (AFAICT)
use an UART connection for bluetooth. But they also advertise btsdio
support on their 3th sdio function, this causes 2 problems:
1) A non functioning BT HCI getting registered
2) Since the btsdio driver does not have suspend/resume callbacks,
mmc_sdio_pre_suspend will return -ENOSYS, causing mmc_pm_notify()
to react as if the SDIO-card is removed and since the slot is
marked as non-removable it will never get detected as inserted again.
Which results in wifi no longer working after a suspend/resume.
This commit fixes both by making btsdio ignore BCM43341 devices
when connected to a slot which is marked non-removable.
Cc: stable(a)vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede(a)redhat.com>
---
drivers/bluetooth/btsdio.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/bluetooth/btsdio.c b/drivers/bluetooth/btsdio.c
index c8e945d19ffe..76c1405c7242 100644
--- a/drivers/bluetooth/btsdio.c
+++ b/drivers/bluetooth/btsdio.c
@@ -31,6 +31,7 @@
#include <linux/errno.h>
#include <linux/skbuff.h>
+#include <linux/mmc/host.h>
#include <linux/mmc/sdio_ids.h>
#include <linux/mmc/sdio_func.h>
@@ -292,6 +293,15 @@ static int btsdio_probe(struct sdio_func *func,
tuple = tuple->next;
}
+ /*
+ * BCM43341 devices soldered onto the PCB (non-removable) use an
+ * uart connection for bluetooth, ignore the BT SDIO interface.
+ */
+ if (func->vendor == SDIO_VENDOR_ID_BROADCOM &&
+ func->device == SDIO_DEVICE_ID_BROADCOM_43341 &&
+ !mmc_card_is_removable(func->card->host))
+ return -ENODEV;
+
data = devm_kzalloc(&func->dev, sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
--
2.14.3
SMSM is not symmetrical, the incoming bits from WCNSS are available at
index 6, but the outgoing host id for WCNSS is 3. Further more, upstream
references the base of APCS (in contrast to downstream), so the register
offset of 8 must be included.
Fixes: 1fb47e0a9ba4 ("arm64: dts: qcom: msm8916: Add smsm and smp2p nodes")
Cc: stable(a)vger.kernel.org
Reported-by: Ramon Fried <rfried(a)codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org>
---
arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi
index 9fb317853a5c..a8e1e3b4562c 100644
--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi
@@ -1437,8 +1437,8 @@
#address-cells = <1>;
#size-cells = <0>;
- qcom,ipc-1 = <&apcs 0 13>;
- qcom,ipc-6 = <&apcs 0 19>;
+ qcom,ipc-1 = <&apcs 8 13>;
+ qcom,ipc-3 = <&apcs 8 19>;
apps_smsm: apps@0 {
reg = <0>;
--
2.15.0
Hi Greg,
At 10/05/2017 04:30 PM, gregkh(a)linuxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> x86/acpi: Restore the order of CPU IDs
>
> to the 4.9-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
Dao found a bug in Linux 4.9 LTS which shows below.
The reason of the bug is that we just backport the patch titled
x86/acpi: Restore the order of CPU IDs
but, ignored the other patches in the series[1].
IMO, the commit c962cff17dfa
("Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when
booting"")
in the series can fixed this bug. I suggest to backport it.
BTW, I read the rules in Documentation/process/stable-kernel-rules.rst,
and found that:
...
- It cannot be bigger than 100 lines, with context.
...
I guess it seems that it's the reason why it did not be pulled in
stable tree. Is it right? Can you tell more details about it. :-)
[1] https://lkml.org/lkml/2017/3/3/71
Thanks,
dou.
...
[ 3.210401] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 3.219161] IP: [<ffffffffa5e77158>] __queue_work+0x78/0x420
[ 3.225491] PGD 0 [ 3.227537]
[ 3.229205] Oops: 0000 [#1] SMP
[ 3.232707] Modules linked in:
[ 3.236124] CPU: 25 PID: 1 Comm: swapper/0 Not tainted
4.9.59-cloudflare-2017.10.3 #1
[ 3.244857] Hardware name: IBM x3630M4 -[7158OCN]-/00KF922, BIOS
-[BEE142AUS-1.71]- 07/30/2014
[ 3.254461] task: ffff8dc2b2281e00 task.stack: ffffaa348c474000
[ 3.261068] RIP: 0010:[<ffffffffa5e77158>] [<ffffffffa5e77158>]
__queue_work+0x78/0x420
[ 3.270112] RSP: 0000:ffffaa348c477cb0 EFLAGS: 00010046
[ 3.276039] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000
[ 3.284002] RDX: ffff8dc2b0272000 RSI: 000000007fffffff RDI:
ffff8dc2b0272000
[ 3.291965] RBP: ffffaa348c477ce8 R08: 000000000001b3a0 R09:
ffff8dc2be807840
[ 3.299929] R10: 0000000000ffff0a R11: 0000000000000003 R12:
ffff8dc2b0272000
[ 3.307894] R13: 0000000000000200 R14: ffff8dc2be8a2000 R15:
0000000000013198
[ 3.315857] FS: 0000000000000000(0000) GS:ffff8dc2bf440000(0000)
knlGS:0000000000000000
[ 3.324890] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.331301] CR2: 0000000000000000 CR3: 00000001a2c07000 CR4:
00000000001406e0
[ 3.339264] Stack:
[ 3.341505] ffff8dc2afcea000 0000001900000800 0000000000000246
0000000000000000
[ 3.349801] 0000000000000000 ffffffffa686bdbd ffff8dc2b13e39c0
ffffaa348c477d00
[ 3.358094] ffffffffa5e77519 ffff8dc2b0272000 ffffaa348c477d40
ffffffffa5e73eae
[ 3.366390] Call Trace:
[ 3.369121] [<ffffffffa5e77519>] queue_work_on+0x19/0x30
[ 3.375146] [<ffffffffa5e73eae>] call_usermodehelper_exec+0x7e/0x130
[ 3.382337] [<ffffffffa6242157>] kobject_uevent_env+0x4b7/0x510
[ 3.389033] [<ffffffffa62421bb>] kobject_uevent+0xb/0x10
[ 3.395058] [<ffffffffa62416e9>] kset_register+0x59/0x70
[ 3.401086] [<ffffffffa63268b0>] bus_register+0xd0/0x260
[ 3.407114] [<ffffffffa6bdd7bf>] ? acpi_int340x_thermal_init+0x12/0x12
[ 3.414496] [<ffffffffa6bdd7cf>] pnp_init+0x10/0x12
[ 3.420039] [<ffffffffa5e00440>] do_one_initcall+0x50/0x180
[ 3.426357] [<ffffffffa6b97077>] kernel_init_freeable+0x1a2/0x22a
[ 3.433258] [<ffffffffa655df40>] ? rest_init+0x80/0x80
[ 3.439089] [<ffffffffa655df4e>] kernel_init+0xe/0x100
[ 3.444921] [<ffffffffa6564da2>] ret_from_fork+0x22/0x30
[ 3.450945] Code: 00 00 41 f6 86 00 01 00 00 02 0f 85 ee 00 0
...
> The filename of the patch is:
> x86-acpi-restore-the-order-of-cpu-ids.patch
> and it can be found in the queue-4.9 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
>
>
>>From foo@baz Thu Oct 5 10:28:31 CEST 2017
> From: Dou Liyang <douly.fnst(a)cn.fujitsu.com>
> Date: Fri, 3 Mar 2017 16:02:25 +0800
> Subject: x86/acpi: Restore the order of CPU IDs
>
> From: Dou Liyang <douly.fnst(a)cn.fujitsu.com>
>
>
> [ Upstream commit 2b85b3d22920db7473e5fed5719e7955c0ec323e ]
>
> The following commits:
>
> f7c28833c2 ("x86/acpi: Enable acpi to register all possible cpus at
> boot time") and 8f54969dc8 ("x86/acpi: Introduce persistent storage
> for cpuid <-> apicid mapping")
>
> ... registered all the possible CPUs at boot time via ACPI tables to
> make the mapping of cpuid <-> apicid fixed. Both enabled and disabled
> CPUs could have a logical CPU ID after boot time.
>
> But, ACPI tables are unreliable. the number amd order of Local APIC
> entries which depends on the firmware is often inconsistent with the
> physical devices. Even if they are consistent, The disabled CPUs which
> take up some logical CPU IDs will also make the order discontinuous.
>
> Revert the part of disabled CPUs registration, keep the allocation
> logic of logical CPU IDs and also keep some code location changes.
>
> Signed-off-by: Dou Liyang <douly.fnst(a)cn.fujitsu.com>
> Tested-by: Xiaolong Ye <xiaolong.ye(a)intel.com>
> Cc: rjw(a)rjwysocki.net
> Cc: linux-acpi(a)vger.kernel.org
> Cc: guzheng1(a)huawei.com
> Cc: izumi.taku(a)jp.fujitsu.com
> Cc: lenb(a)kernel.org
> Link: http://lkml.kernel.org/r/1488528147-2279-4-git-send-email-douly.fnst@cn.fuj…
> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
> ---
> arch/x86/kernel/acpi/boot.c | 7 ++++++-
> arch/x86/kernel/apic/apic.c | 26 +++++++-------------------
> 2 files changed, 13 insertions(+), 20 deletions(-)
>
> --- a/arch/x86/kernel/acpi/boot.c
> +++ b/arch/x86/kernel/acpi/boot.c
> @@ -176,10 +176,15 @@ static int acpi_register_lapic(int id, u
> return -EINVAL;
> }
>
> + if (!enabled) {
> + ++disabled_cpus;
> + return -EINVAL;
> + }
> +
> if (boot_cpu_physical_apicid != -1U)
> ver = boot_cpu_apic_version;
>
> - cpu = __generic_processor_info(id, ver, enabled);
> + cpu = generic_processor_info(id, ver);
> if (cpu >= 0)
> early_per_cpu(x86_cpu_to_acpiid, cpu) = acpiid;
>
> --- a/arch/x86/kernel/apic/apic.c
> +++ b/arch/x86/kernel/apic/apic.c
> @@ -2070,7 +2070,7 @@ static int allocate_logical_cpuid(int ap
> return nr_logical_cpuids++;
> }
>
> -int __generic_processor_info(int apicid, int version, bool enabled)
> +int generic_processor_info(int apicid, int version)
> {
> int cpu, max = nr_cpu_ids;
> bool boot_cpu_detected = physid_isset(boot_cpu_physical_apicid,
> @@ -2128,11 +2128,9 @@ int __generic_processor_info(int apicid,
> if (num_processors >= nr_cpu_ids) {
> int thiscpu = max + disabled_cpus;
>
> - if (enabled) {
> - pr_warning("APIC: NR_CPUS/possible_cpus limit of %i "
> - "reached. Processor %d/0x%x ignored.\n",
> - max, thiscpu, apicid);
> - }
> + pr_warning("APIC: NR_CPUS/possible_cpus limit of %i "
> + "reached. Processor %d/0x%x ignored.\n",
> + max, thiscpu, apicid);
>
> disabled_cpus++;
> return -EINVAL;
> @@ -2184,23 +2182,13 @@ int __generic_processor_info(int apicid,
> apic->x86_32_early_logical_apicid(cpu);
> #endif
> set_cpu_possible(cpu, true);
> -
> - if (enabled) {
> - num_processors++;
> - physid_set(apicid, phys_cpu_present_map);
> - set_cpu_present(cpu, true);
> - } else {
> - disabled_cpus++;
> - }
> + physid_set(apicid, phys_cpu_present_map);
> + set_cpu_present(cpu, true);
> + num_processors++;
>
> return cpu;
> }
>
> -int generic_processor_info(int apicid, int version)
> -{
> - return __generic_processor_info(apicid, version, true);
> -}
> -
> int hard_smp_processor_id(void)
> {
> return read_apic_id();
>
>
> Patches currently in stable-queue which might be from douly.fnst(a)cn.fujitsu.com are
>
> queue-4.9/x86-acpi-restore-the-order-of-cpu-ids.patch
>
>
>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Greg,
Pleae pull commits for Linux 4.4 .
I've sent a review request for all commits over a week ago and all
comments were addressed.
Thanks,
Sasha
=====
The following changes since commit 08c15ad2e6278a5fe1b209e8fcdbd2d235c48f34:
Linux 4.4.103 (2017-11-30 08:37:28 +0000)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git for-greg/4.14/4.4
for you to fetch changes up to 35875b21e77f03b5e0ce4278579294af69da5d00:
kprobes/x86: Disable preemption in ftrace-based jprobes (2017-11-30 16:49:32 -0500)
- ----------------------------------------------------------------
Aaron Sierra (1):
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
Alexey Khoroshilov (1):
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
Andy Lutomirski (1):
selftests/x86/ldt_get: Add a few additional tests for limits
Ben Hutchings (1):
usbip: tools: Install all headers needed for libusbip development
Boshi Wang (1):
ima: fix hash algorithm initialization
Christian Borntraeger (1):
s390/pci: do not require AIS facility
Dave Hansen (1):
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
Gustavo A. R. Silva (1):
EDAC, sb_edac: Fix missing break in switch
Hiromitsu Yamasaki (1):
spi: sh-msiof: Fix DMA transfer size check
Jibin Xu (1):
sysrq : fix Show Regs call trace on ARM
John Stultz (2):
usb: dwc2: Fix UDC state tracking
usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode
Lukas Wunner (1):
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
Masami Hiramatsu (1):
kprobes/x86: Disable preemption in ftrace-based jprobes
Thomas Richter (1):
perf test attr: Fix ignored test case result
arch/s390/include/asm/pci_insn.h | 2 +-
arch/s390/pci/pci.c | 5 +++--
arch/s390/pci/pci_insn.c | 6 +++++-
arch/x86/include/asm/syscalls.h | 2 +-
arch/x86/kernel/kprobes/ftrace.c | 23 ++++++++++++++---------
arch/x86/kernel/ldt.c | 16 +++++++++++++---
arch/x86/um/ldt.c | 7 +++++--
drivers/edac/sb_edac.c | 1 +
drivers/spi/spi-sh-msiof.c | 2 +-
drivers/tty/serial/8250/8250_fintek.c | 2 +-
drivers/tty/serial/8250/8250_port.c | 5 ++++-
drivers/tty/sysrq.c | 9 +++++++--
drivers/usb/dwc2/gadget.c | 7 +++++++
drivers/usb/phy/phy-tahvo.c | 3 ++-
security/integrity/ima/ima_main.c | 4 ++++
tools/perf/tests/attr.c | 2 +-
tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++++++++++++-
tools/usb/usbip/Makefile.am | 3 ++-
18 files changed, 88 insertions(+), 28 deletions(-)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJaIH/+AAoJEN6mb/eXdyzcQQkP/j3Cdl+nqMgY28ui3xmFG/7N
rmTIjsIjS9lCPHH2i53jR518WPwKwte47k25FzOZi0kwdG2Q7Ds8N0jxJhs/rquU
lrz9T41bO7wihILHTFBOca185Mzf7elXF+VATP+dtVz51JnqvpL1vtZe29Wsv9We
WTuCdjnc9Sv6DP0DbctxQToUCc+SFT/DqOlgdTQfZJmhQAcNrCxmfzKjMJ48W38V
P4FgBdZ7I1pkaNIXWbzDB8XARzesdupFjMjACgTCQ/XdhodgdPwgssNMURX8uKC8
PIpbW8syYQPGmepLv7hiDoFgPKxDPgfSVQXgFIQkfFWXSMnnulI+sj7gi2F8u1fS
MVENj75UTBKL1RgbwFxuIZLRZKDcMi/RRjAdOxiMQWY5v0PWMnCwta1/CtGKnkBT
Wf1do7Lt0ce8sstd+udztNvfQToSBi47LMC/Sdn2GcXTCM1MTUUXiMHeybYLZR1+
Kpsjpj4Fc1CqIrelJUA78KpDpCpUb5osj8tnahx4pYmBp11V3G6jGQZYLPZDUxdU
0vpzAaeeVIRg2X17VB4zuDdLzVMrB0ChImRcXIDht7wuyMG2+vqKX7IB+Mit7yEQ
md6Benpeok44SSxlXKRrVz37ZlStxGSVIG+F1DTR4dE17N/4ZUNpKx/eXP8pFtlh
QVkzov+tpzlMNXSB1cg6
=BCzy
-----END PGP SIGNATURE-----