- Linux-stable-mirror - lists.linaro.org

[char-misc v4.14.y] mei: bus: type promotion bug in mei_nfc_if_version()

by Tomas Winkler

From: Dan Carpenter <dan.carpenter(a)oracle.com> commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> # 4.14 Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index 0208c4b027c5..fa0236a5e59a 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -267,7 +267,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.14.4

6 years, 10 months

1
0
0 0

[char-misc v4.9.y] mei: bus: type promotion bug in mei_nfc_if_version()

by Tomas Winkler

From: Dan Carpenter <dan.carpenter(a)oracle.com> commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> # 4.9 Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index 75b9d4ac8b1e..371f5f66a9d6 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -178,7 +178,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.14.4

6 years, 10 months

1
0
0 0

[PATCH 3.16 00/63] 3.16.58-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.58 release. There are 63 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Sep 24 00:15:41 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() [a45b599ad808c3c982fdcdc12b0b8611c2f92824] Alexey Khoroshilov (1): usbip: fix error handling in stub_probe() [3ff67445750a84de67faaf52c6e1895cb09f2c56] Andy Lutomirski (1): x86/entry/64: Remove %ebx handling from error_entry/exit [b3681dd548d06deb2e1573890829dff4b15abf46] Ben Hutchings (2): Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" [not upstream; the reverted commit was correct for upstream] x86/fpu: Default eagerfpu if FPU and FXSR are enabled [58122bf1d856a4ea9581d62a07c557d997d46a19] Borislav Petkov (1): x86/cpu/AMD: Fix erratum 1076 (CPB bit) [f7f3dc00f61261cdc9ccd8b886f21bc4dffd6fd9] Christoph Paasch (1): net: Set sk_prot_creator when cloning sockets to the right proto [9d538fa60bad4f7b23193c89e843797a1cf71ef3] Cong Wang (1): infiniband: fix a possible use-after-free bug [cb2595c1393b4a5211534e6f0a0fbad369e21ad8] Dave Chinner (2): xfs: catch inode allocation state mismatch corruption [ee457001ed6c6f31ddad69c24c1da8f377d8472d] xfs: validate cached inodes are free when allocated [afca6c5b2595fc44383919fba740c194b0b76aff] Eric Sandeen (2): xfs: don't call xfs_da_shrink_inode with NULL bp [bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a] xfs: set format back to extents if xfs_bmap_extents_to_btree [2c4306f719b083d17df2963bc761777576b8ad1b] Ernesto A . Fernández (1): hfsplus: fix NULL dereference in hfsplus_lookup() [a7ec7a4193a2eb3b5341243fc0b621c1ac9e4ec4] Ingo Molnar (2): x86/fpu: Fix the 'nofxsr' boot parameter to also clear X86_FEATURE_FXSR_OPT [d364a7656c1855c940dfa4baf4ebcc3c6a9e6fd2] x86/speculation: Clean up various Spectre related details [21e433bdb95bdf3aa48226fd3d33af608437f293] Jann Horn (1): USB: yurex: fix out-of-bounds uaccess in read handler [f1e255d60ae66a9f672ff9a207ee6cd8e33d2679] Jason Yan (1): scsi: libsas: defer ata device eh commands to libata [318aaf34f1179b39fa9c30fa0f3288b645beee39] Jens Axboe (1): sr: pass down correctly sized SCSI sense buffer [f7068114d45ec55996b9040e98111afa56e010fe] Jiri Kosina (1): x86/speculation: Protect against userspace-userspace spectreRSB [fdf82a7856b32d905c39afc85e34364491e46346] Kees Cook (5): seccomp: add "seccomp" syscall [48dc92b9fc3926844257316e75ba11eb5c742b2c] seccomp: create internal mode-setting function [d78ab02c2c194257a03355fbb79eb721b381d105] seccomp: extract check/assign mode helpers [1f41b450416e689b9b7c8bfb750a98604f687a9b] seccomp: split mode setting routines [3b23dd12846215eff4afb073366b80c0c4d7543e] video: uvesafb: Fix integer overflow in allocation [9f645bcc566a1e9f921bdae7528a01ced5bc3713] Kyle Huey (2): x86/process: Correct and optimize TIF_BLOCKSTEP switch [b9894a2f5bd18b1691cb6872c9afe32b148d0132] x86/process: Optimize TIF checks in __switch_to_xtra() [af8b3cd3934ec60f4c2a420d19a9d416554f140b] Linus Torvalds (2): Fix up non-directory creation in SGID directories [0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7] mm: get rid of vmacache_flush_all() entirely [7a9cdebdcc17e426fb5287e4a82db1dfe86339b2] Mark Salyzyn (1): Bluetooth: hidp: buffer overflow in hidp_process_report [7992c18810e568b95c869b227137a2215702a805] Mel Gorman (2): futex: Remove requirement for lock_page() in get_futex_key() [65d8fc777f6dcfee12785c057a6b57f679641c90] futex: Remove unnecessary warning from get_futex_key [48fb6f4db940e92cfb16cd878cddd59ea6120d06] Nadav Amit (1): KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR [e37a75a13cdae5deaa2ea2cbf8d55b5dd08638b6] Paolo Bonzini (4): KVM: x86: introduce linear_{read,write}_system [79367a65743975e5cac8d24d08eccc7fdae832b0] KVM: x86: introduce num_emulated_msrs [62ef68bb4d00f1a662e487f3fc44ce8521c416aa] KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system [ce14e868a54edeb2e30cb7a7b104a2fc4b9d76ca] kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access [3c9fa24ca7c9c47605672916491f79e8ccacb9e6] Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests [5800dc5c19f34e6e03b5adab1282535cb102fafd] Piotr Luc (1): x86/cpu/intel: Add Knights Mill to Intel family [0047f59834e5947d45f34f5f12eb330d158f700b] Qu Wenruo (1): btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized [389305b2aa68723c754f88d9dbd268a400e10664] Sanjeev Sharma (1): uas: replace WARN_ON_ONCE() with lockdep_assert_held() [ab945eff8396bc3329cc97274320e8d2c6585077] Scott Bauer (1): cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status [8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4] Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size [92d34134193e5b129dc24f8d79cb9196626e8d7a] Shuah Khan (6): usbip: usbip_host: delete device from busid_table after rebind [1e180f167d4e413afccbbb4a421b48b2de832549] usbip: usbip_host: fix NULL-ptr deref and use-after-free errors [22076557b07c12086eeb16b8ce2b0b735f7a27e7] usbip: usbip_host: fix bad unlock balance during stub_probe() [c171654caa875919be3c533d3518da8be5be966e] usbip: usbip_host: fix to hold parent lock for device_attach() calls [4bfb141bc01312a817d36627cc47c93f801c216d] usbip: usbip_host: refine probe and disconnect debug msgs to be useful [28b68acc4a88dcf91fd1dcf2577371dc9bf574cc] usbip: usbip_host: run rebind from exit when module is removed [7510df3f29d44685bab7b1918b61a8ccd57126a9] Takashi Iwai (1): ALSA: rawmidi: Change resized buffers atomically [39675f7a7c7e7702f7d5341f1e0d01db746543a0] Theodore Ts'o (14): ext4: add corruption check in ext4_xattr_set_entry() [5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d] ext4: add more inode number paranoia checks [c37e9e013469521d9adb932d17a1795c139b36db] ext4: always check block group bounds in ext4_init_block_bitmap() [819b23f1c501b17b9694325471789e6b5cc2d0d2] ext4: always verify the magic number in xattr blocks [513f86d73855ce556ea9522b6bfd79f87356dc3a] ext4: avoid running out of journal credits when appending to an inline file [8bc1379b82b8e809eef77a9fedbb75c6c297be19] ext4: clear i_data in ext4_inode_info when removing inline data [6e8ab72a812396996035a37e5ca4b3b99b5d214b] ext4: don't allow r/w mounts if metadata blocks overlap the superblock [18db4b4e6fc31eda838dd1c1296d67dbcb3dc957] ext4: fix check to prevent initializing reserved inodes [5012284700775a4e6e3fbe7eac4c543c4874b559] ext4: fix false negatives *and* false positives in ext4_check_descriptors() [44de022c4382541cebdd6de4465d1f4f465ff1dd] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors [77260807d1170a8cf35dbb06e07461a655f67eee] ext4: never move the system.data xattr out of the inode body [8cdb5240ec5928b20490a2bb34cb87e9a5f40226] ext4: only look at the bg_flags field if it is valid [8844618d8aa7a9973e7b527d038a2a589665002c] ext4: verify the depth of extent tree in ext4_find_extent() [bc890a60247171294acc0bd67d211fa4b88d40ba] jbd2: don't mark block as modified if the handle is out of credits [e09463f220ca9a1a1ecfda84fcda658f99a1f12a] Makefile | 4 +- arch/Kconfig | 1 + arch/x86/include/asm/intel-family.h | 1 + arch/x86/include/asm/kvm_emulate.h | 6 +- arch/x86/include/uapi/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 13 +++ arch/x86/kernel/cpu/bugs.c | 59 ++++---------- arch/x86/kernel/cpu/common.c | 17 ++-- arch/x86/kernel/entry_64.S | 13 +-- arch/x86/kernel/i387.c | 24 ++++++ arch/x86/kernel/paravirt.c | 14 +++- arch/x86/kernel/process.c | 62 +++++++++------ arch/x86/kernel/xsave.c | 24 +----- arch/x86/kvm/emulate.c | 76 ++++++++++-------- arch/x86/kvm/vmx.c | 20 +++-- arch/x86/kvm/x86.c | 91 ++++++++++++++------- arch/x86/kvm/x86.h | 4 +- arch/x86/syscalls/syscall_32.tbl | 1 + arch/x86/syscalls/syscall_64.tbl | 1 + drivers/cdrom/cdrom.c | 2 +- drivers/infiniband/core/ucma.c | 6 +- drivers/scsi/libsas/sas_scsi_host.c | 33 +++----- drivers/scsi/sg.c | 2 +- drivers/scsi/sr_ioctl.c | 21 ++--- drivers/staging/usbip/stub.h | 2 + drivers/staging/usbip/stub_dev.c | 69 +++++++++------- drivers/staging/usbip/stub_main.c | 100 +++++++++++++++++++++-- drivers/usb/misc/yurex.c | 23 ++---- drivers/usb/storage/uas.c | 8 +- drivers/video/fbdev/uvesafb.c | 3 +- fs/btrfs/relocation.c | 23 +++--- fs/ext4/balloc.c | 21 +++-- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 39 +-------- fs/ext4/inode.c | 3 +- fs/ext4/mballoc.c | 6 +- fs/ext4/super.c | 41 +++++++++- fs/ext4/xattr.c | 49 ++++++------ fs/hfsplus/dir.c | 4 +- fs/inode.c | 6 ++ fs/jbd2/transaction.c | 2 +- fs/jfs/xattr.c | 10 ++- fs/xfs/xfs_attr_leaf.c | 5 +- fs/xfs/xfs_bmap.c | 2 + fs/xfs/xfs_icache.c | 58 ++++++++++++-- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/syscalls.h | 2 + include/linux/vmacache.h | 5 -- include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/seccomp.h | 4 + kernel/futex.c | 99 +++++++++++++++++++++-- kernel/seccomp.c | 146 ++++++++++++++++++++++++++++------ kernel/sys_ni.c | 3 + mm/vmacache.c | 36 --------- net/bluetooth/hidp/core.c | 4 +- net/core/sock.c | 2 + net/ipv4/ip_vti.c | 1 + sound/core/rawmidi.c | 20 +++-- 62 files changed, 847 insertions(+), 487 deletions(-) -- Ben Hutchings Any sufficiently advanced bug is indistinguishable from a feature.

6 years, 10 months

4
70
0 0

[PATCH] w1: omap-hdq: fix missing bus unregister at removal

by Andreas Kemnade

The bus master was not removed after unloading the module or unbinding the driver. That lead to oopses like this [ 127.842987] Unable to handle kernel paging request at virtual address bf01d04c [ 127.850646] pgd = 70e3cd9a [ 127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000 [ 127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM [ 127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq] [ 127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12 [ 127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 127.890441] PC is at 0xbf01d04c [ 127.893798] LR is at w1_search_process_cb+0x4c/0xfc [ 127.898956] pc : [<bf01d04c>] lr : [<c05f9580>] psr: a0070013 [ 127.905609] sp : cf885f48 ip : bf01d04c fp : ddf1e11c [ 127.911132] r10: cf8fe040 r9 : c05f8d00 r8 : cf8fe040 [ 127.916656] r7 : 000000f0 r6 : cf8fe02c r5 : cf8fe000 r4 : cf8fe01c [ 127.923553] r3 : c05f8d00 r2 : 000000f0 r1 : cf8fe000 r0 : dde1ef10 [ 127.930450] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 127.938018] Control: 10c5387d Table: 8f8f0019 DAC: 00000051 [ 127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f) [ 127.951171] Stack: (0xcf885f48 to 0xcf886000) [ 127.955810] 5f40: cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00 [ 127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000 [ 127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000 [ 127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000 [ 127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118) [ 128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148) [ 128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c) [ 128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8) [ 128.037017] 5fa0: 00000000 00000000 00000000 00000000 [ 128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 128.061340] Code: bad PC value [ 128.064697] ---[ end trace af066e33c0e14119 ]--- Cc: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> --- drivers/w1/masters/omap_hdq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c index 83fc9aab34e8..3099052e1243 100644 --- a/drivers/w1/masters/omap_hdq.c +++ b/drivers/w1/masters/omap_hdq.c @@ -763,6 +763,8 @@ static int omap_hdq_remove(struct platform_device *pdev) /* remove module dependency */ pm_runtime_disable(&pdev->dev); + w1_remove_master_device(&omap_w1_master); + return 0; } -- 2.11.0

6 years, 10 months

1
0
0 0

Re: [PATCH v2 1/2] printk: Fix panic caused by passing log_buf_len to command line

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Build OK! v4.9.127: Build OK! v4.4.156: Build OK! v3.18.122: Build failed! Errors: Please let us know how to resolve this. -- Thanks, Sasha

6 years, 10 months

2
1
0 0

Re: [PATCH] mm/page_alloc: Fix panic caused by passing debug_guardpage_minorder or kernelcore to command line

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Build OK! v4.9.127: Build OK! v4.4.156: Failed to apply! Possible dependencies: 342332e6a925 ("mm/page_alloc.c: introduce kernelcore=mirror option") v3.18.122: Failed to apply! Possible dependencies: 342332e6a925 ("mm/page_alloc.c: introduce kernelcore=mirror option") Please let us know how to resolve this. -- Thanks, Sasha

6 years, 10 months

2
1
0 0

[PATCH 3/6] drm/i915: Leave intel_conn->mst_port set, use mst_port_gone instead

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead add intel_connector->mst_port_gone in order to signify whether or not the connector has disappeared from the system. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++++++------- drivers/gpu/drm/i915/intel_drv.h | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 4ecd65375603..fcb9b87b9339 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -311,9 +311,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (intel_connector->mst_port_gone) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -328,9 +327,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (intel_connector->mst_port_gone) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -370,7 +370,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (intel_connector->mst_port_gone) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -402,7 +402,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (intel_connector->mst_port_gone) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -514,7 +514,7 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, connector); /* prevent race with the check in ->detect */ drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; + intel_connector->mst_port_gone = true; drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index 8fc61e96754f..87ce772ae7f8 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -409,6 +409,7 @@ struct intel_connector { void *port; /* store this opaque as its illegal to dereference it */ struct intel_dp *mst_port; + bool mst_port_gone; /* Work struct to schedule a uevent on link train failure */ struct work_struct modeset_retry_work; -- 2.17.1

6 years, 10 months

3
5
0 0

[PATCH resend] uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> Since this header is in "include/uapi/linux/", apparently people want to use it in userspace programs -- even in C++ ones. However, the header uses a C++ reserved keyword ("private"), so change that to "dh_private" instead to allow the header file to be used in C++ userspace. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051 Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: David Howells <dhowells(a)redhat.com> Cc: James Morris <jmorris(a)namei.org> Cc: "Serge E. Hallyn" <serge(a)hallyn.com> Cc: keyrings(a)vger.kernel.org Cc: linux-security-module(a)vger.kernel.org Cc: Mat Martineau <mathew.j.martineau(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- include/uapi/linux/keyctl.h | 2 +- security/keys/dh.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- lnx-416.orig/include/uapi/linux/keyctl.h +++ lnx-416/include/uapi/linux/keyctl.h @@ -65,7 +65,7 @@ /* keyctl structures */ struct keyctl_dh_params { - __s32 private; + __s32 dh_private; __s32 prime; __s32 base; }; --- lnx-416.orig/security/keys/dh.c +++ lnx-416/security/keys/dh.c @@ -307,7 +307,7 @@ long __keyctl_dh_compute(struct keyctl_d } dh_inputs.g_size = dlen; - dlen = dh_data_from_key(pcopy.private, &dh_inputs.key); + dlen = dh_data_from_key(pcopy.dh_private, &dh_inputs.key); if (dlen < 0) { ret = dlen; goto out2;

6 years, 10 months

5
5
0 0

[merged] ocfs2-fix-ocfs2-read-block-panic.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix ocfs2 read block panic has been removed from the -mm tree. Its filename was ocfs2-fix-ocfs2-read-block-panic.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Junxiao Bi <junxiao.bi(a)oracle.com> Subject: ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[<ffffffffa05e9f09>] [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [<ffffffffa0609f52>] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [<ffffffffa05eca00>] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [<ffffffffa05ec0cb>] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [<ffffffffa05f0fbf>] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [<ffffffffa065660f>] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [<ffffffffa05f4f3a>] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [<ffffffffa05f442e>] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [<ffffffffa061b2f2>] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [<ffffffffa061c385>] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [<ffffffff8121714b>] vfs_create+0xdb/0x150 [203748.713518] [<ffffffff8121b225>] do_last+0x815/0x1210 [203748.713772] [<ffffffff812192e9>] ? path_init+0xb9/0x450 [203748.714123] [<ffffffff8121bca0>] path_openat+0x80/0x600 [203748.714378] [<ffffffff811bcd45>] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [<ffffffff8121d7ba>] do_filp_open+0x3a/0xb0 [203748.714888] [<ffffffff8122a767>] ? __alloc_fd+0xa7/0x130 [203748.715143] [<ffffffff81209ffc>] do_sys_open+0x12c/0x220 [203748.715403] [<ffffffff81026ddb>] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [<ffffffff816f0c9f>] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [<ffffffff8120a10e>] SyS_open+0x1e/0x20 [203748.716184] [<ffffffff816f0d5e>] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP <ffff88006ff4b818> Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic fs/ocfs2/buffer_head_io.c --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic +++ a/fs/ocfs2/buffer_head_io.c @@ -342,6 +342,7 @@ int ocfs2_read_blocks(struct ocfs2_cachi * for this bh as it's not marked locally * uptodate. */ status = -EIO; + clear_buffer_needs_validate(bh); put_bh(bh); bhs[i] = NULL; continue; _ Patches currently in -mm which might be from junxiao.bi(a)oracle.com are

6 years, 10 months

1
0
0 0

[merged] mm-shmem-correctly-annotate-new-inodes-for-lockdep.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: shmem.c: Correctly annotate new inodes for lockdep has been removed from the -mm tree. Its filename was mm-shmem-correctly-annotate-new-inodes-for-lockdep.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Subject: mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep mm/shmem.c --- a/mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep +++ a/mm/shmem.c @@ -2227,6 +2227,8 @@ static struct inode *shmem_get_inode(str mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; _ Patches currently in -mm which might be from joel(a)joelfernandes.org are

6 years, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror