- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] earlycon: add reg-offset to physical address before mapping" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f572a034d9e07157dd07d2b6be3a1459b5574b58 Mon Sep 17 00:00:00 2001 From: Greentime Hu <greentime(a)andestech.com> Date: Thu, 16 Nov 2017 19:33:35 +0800 Subject: [PATCH] earlycon: add reg-offset to physical address before mapping It will get the wrong virtual address because port->mapbase is not added the correct reg-offset yet. We have to update it before earlycon_map() is called Signed-off-by: Greentime Hu <greentime(a)andestech.com> Acked-by: Arnd Bergmann <arnd(a)arndb.de> Acked-by: Rob Herring <robh(a)kernel.org> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: stable(a)vger.kernel.org Fixes: 088da2a17619 ("of: earlycon: Initialize port fields from DT properties") diff --git a/drivers/tty/serial/earlycon.c b/drivers/tty/serial/earlycon.c index 870e84fb6e39..a24278380fec 100644 --- a/drivers/tty/serial/earlycon.c +++ b/drivers/tty/serial/earlycon.c @@ -245,11 +245,12 @@ int __init of_setup_earlycon(const struct earlycon_id *match, } port->mapbase = addr; port->uartclk = BASE_BAUD * 16; - port->membase = earlycon_map(port->mapbase, SZ_4K); val = of_get_flat_dt_prop(node, "reg-offset", NULL); if (val) port->mapbase += be32_to_cpu(*val); + port->membase = earlycon_map(port->mapbase, SZ_4K); + val = of_get_flat_dt_prop(node, "reg-shift", NULL); if (val) port->regshift = be32_to_cpu(*val);

7 years, 2 months

1
0
0 0

Linux 4.4.128

by Greg KH

I'm announcing the release of the 4.4.128 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx53-qsrb.dts | 2 arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 arch/arm/boot/dts/ls1021a.dtsi | 2 arch/arm/include/asm/xen/events.h | 2 arch/arm/mach-davinci/devices-da8xx.c | 10 + arch/arm/mach-imx/cpu.c | 3 arch/arm/mach-imx/mxc.h | 6 + arch/arm64/include/asm/futex.h | 8 - arch/mips/include/asm/kprobes.h | 3 arch/mips/include/asm/pgtable-32.h | 7 + arch/mips/mm/pgtable-32.c | 6 - arch/powerpc/include/asm/page.h | 12 ++ arch/powerpc/kernel/time.c | 14 ++ arch/powerpc/kvm/book3s_pr_papr.c | 34 ++++-- arch/powerpc/platforms/cell/spufs/coredump.c | 2 arch/s390/kernel/vmlinux.lds.S | 8 + arch/sparc/kernel/ldc.c | 7 + arch/x86/kernel/tsc.c | 2 arch/x86/kvm/svm.c | 24 ++-- arch/x86/kvm/vmx.c | 7 - arch/x86/lib/csum-copy_64.S | 12 +- block/bio-integrity.c | 3 block/blk-mq.c | 7 - block/partition-generic.c | 4 crypto/async_tx/async_pq.c | 5 drivers/acpi/acpica/evxfevnt.c | 18 +++ drivers/acpi/acpica/psobject.c | 14 ++ drivers/ata/libahci_platform.c | 5 drivers/block/loop.c | 3 drivers/bus/brcmstb_gisb.c | 42 ++++--- drivers/char/ipmi/ipmi_ssif.c | 2 drivers/char/random.c | 10 + drivers/clk/clk-conf.c | 2 drivers/clk/clk-scpi.c | 6 - drivers/cpuidle/dt_idle_states.c | 4 drivers/dma/imx-sdma.c | 23 +++- drivers/edac/mv64x60_edac.c | 2 drivers/gpio/gpiolib.c | 3 drivers/gpu/drm/omapdrm/omap_gem.c | 4 drivers/hwmon/ina2xx.c | 87 +++++++++------ drivers/iio/adc/hi8435.c | 27 +++- drivers/iio/magnetometer/st_magn_spi.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 6 - drivers/input/mouse/elan_i2c_core.c | 7 + drivers/input/mouse/elan_i2c_i2c.c | 9 + drivers/input/mouse/elantech.c | 11 ++ drivers/isdn/mISDN/stack.c | 2 drivers/leds/leds-pca955x.c | 2 drivers/md/bcache/alloc.c | 19 ++- drivers/md/bcache/super.c | 6 + drivers/md/md-cluster.c | 4 drivers/md/raid5.c | 17 +-- drivers/media/i2c/cx25840/cx25840-core.c | 36 +++--- drivers/media/rc/mceusb.c | 9 + drivers/media/v4l2-core/videobuf2-core.c | 4 drivers/misc/vmw_vmci/vmci_queue_pair.c | 10 + drivers/net/bonding/bond_main.c | 84 ++++++++------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++- drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 32 +++++ drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 +++- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 9 + drivers/net/ethernet/ibm/emac/core.c | 26 ++++ drivers/net/ethernet/intel/e1000e/netdev.c | 17 ++- drivers/net/ethernet/marvell/sky2.c | 2 drivers/net/ethernet/mellanox/mlx4/mcg.c | 15 ++ drivers/net/ethernet/mellanox/mlx4/qp.c | 19 +++ drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 16 ++ drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 -- drivers/net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c | 2 drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 drivers/net/ethernet/qualcomm/qca_spi.c | 10 + drivers/net/ethernet/realtek/r8169.c | 4 drivers/net/ethernet/renesas/sh_eth.c | 2 drivers/net/ethernet/ti/cpsw.c | 16 ++ drivers/net/hamradio/hdlcdrv.c | 2 drivers/net/phy/phy.c | 6 + drivers/net/ppp/pptp.c | 1 drivers/net/usb/cdc_ncm.c | 11 +- drivers/net/virtio_net.c | 16 ++ drivers/net/vmxnet3/vmxnet3_drv.c | 5 drivers/net/vrf.c | 8 - drivers/net/vxlan.c | 2 drivers/net/wireless/ath/ath5k/debug.c | 5 drivers/net/wireless/ray_cs.c | 7 - drivers/net/wireless/ti/wl1251/main.c | 3 drivers/powercap/powercap_sys.c | 1 drivers/rtc/interface.c | 9 + drivers/rtc/rtc-opal.c | 10 + drivers/rtc/rtc-snvs.c | 2 drivers/s390/block/dasd.c | 8 + drivers/scsi/bnx2fc/bnx2fc.h | 1 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 10 + drivers/scsi/csiostor/csio_hw.c | 5 drivers/scsi/libiscsi.c | 24 ++++ drivers/scsi/libsas/sas_expander.c | 4 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 ++--- drivers/staging/wlan-ng/prism2mgmt.c | 2 drivers/thermal/power_allocator.c | 2 drivers/tty/n_gsm.c | 17 ++- drivers/tty/serial/8250/8250_omap.c | 4 drivers/tty/serial/sccnxp.c | 15 +- drivers/tty/serial/sh-sci.c | 16 ++ drivers/usb/chipidea/core.c | 29 +++-- drivers/usb/dwc3/dwc3-keystone.c | 4 drivers/usb/host/xhci-plat.c | 1 drivers/usb/storage/ene_ub6250.c | 11 +- drivers/vhost/vhost.c | 3 drivers/video/fbdev/vfb.c | 17 +++ fs/btrfs/extent_io.c | 2 fs/cifs/file.c | 2 fs/cifs/smb2pdu.c | 14 +- fs/ext4/file.c | 2 fs/ext4/mballoc.c | 23 ++-- fs/lockd/svc.c | 6 - fs/nfs/flexfilelayout/flexfilelayout.c | 1 fs/nfs/nfs4proc.c | 13 ++ fs/nfs/nfs4state.c | 10 + fs/overlayfs/inode.c | 12 ++ include/linux/compiler-clang.h | 5 include/linux/mlx4/qp.h | 1 include/linux/mlx5/device.h | 10 + include/linux/skbuff.h | 8 - include/net/cfg80211.h | 2 include/net/x25.h | 4 kernel/events/core.c | 15 +- kernel/futex.c | 98 ++++++++++++++++-- kernel/pid.c | 4 kernel/sched/fair.c | 3 net/8021q/vlan_dev.c | 6 - net/bluetooth/hci_core.c | 17 ++- net/ceph/osdmap.c | 1 net/core/dev.c | 4 net/core/neighbour.c | 14 +- net/core/net_namespace.c | 19 +++ net/core/skbuff.c | 75 ++++++++----- net/core/sysctl_net_core.c | 2 net/ieee802154/socket.c | 8 - net/ipv4/ah4.c | 8 + net/ipv4/arp.c | 18 ++- net/ipv4/esp4.c | 13 +- net/ipv4/ip_tunnel.c | 11 +- net/ipv4/tcp_input.c | 24 ++-- net/ipv6/addrconf.c | 5 net/ipv6/ah6.c | 8 + net/ipv6/esp6.c | 12 +- net/ipv6/ip6_gre.c | 8 - net/ipv6/ip6_output.c | 19 ++- net/ipv6/ip6_tunnel.c | 11 +- net/ipv6/ip6_vti.c | 7 - net/ipv6/route.c | 3 net/ipv6/sit.c | 9 + net/key/af_key.c | 2 net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/mac80211/mlme.c | 4 net/netfilter/nf_conntrack_netlink.c | 7 + net/netlink/af_netlink.c | 3 net/rds/bind.c | 1 net/rxrpc/rxkad.c | 21 ++- net/sched/act_api.c | 4 net/sched/act_bpf.c | 12 +- net/sctp/ipv6.c | 4 net/sctp/socket.c | 17 +-- net/sunrpc/xprtsock.c | 7 + net/x25/af_x25.c | 24 ++-- net/x25/sysctl_net_x25.c | 5 net/xfrm/xfrm_state.c | 2 scripts/tags.sh | 1 security/selinux/hooks.c | 10 + sound/soc/intel/atom/sst/sst_stream.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 7 + sound/soc/sh/rcar/ssi.c | 11 +- tools/perf/builtin-trace.c | 4 tools/perf/tests/code-reading.c | 20 +++ tools/perf/util/header.c | 12 +- tools/perf/util/probe-event.c | 8 + tools/perf/util/unwind-libdw.c | 8 + tools/perf/util/util.c | 2 tools/testing/selftests/powerpc/tm/tm-resched-dscr.c | 2 182 files changed, 1415 insertions(+), 523 deletions(-) A Sun (1): mceusb: sporadic RX truncation corruption fix Alan Stern (2): USB: ene_usb6250: fix first command execution USB: ene_usb6250: fix SCSI residue overwriting Alexander Potapenko (1): netlink: make sure nladdr has correct size in netlink_connect() Andrea della Porta (1): staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning Antony Antony (1): xfrm: fix state migration copy replay sequence numbers Anup Patel (1): async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() Arjun Vynipadath (2): cxgb4: FW upgrade fixes cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Arnd Bergmann (3): net/mlx5: avoid build warning for uniprocessor xen: avoid type warning in xchg_xen_ulong Kbuild: provide a __UNIQUE_ID for clang Arvind Yadav (1): dmaengine: imx-sdma: Handle return value of clk_prepare_enable Bart Van Assche (1): IB/srpt: Fix abort handling Bob Moore (1): ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Bryan O'Donoghue (1): clk: Fix __set_clk_rates error print-string Chaitra P B (1): scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Chris Wilson (1): e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Christian Lamparter (1): net: emac: fix reset timeout with AR8035 phy Christophe JAILLET (3): SMB2: Fix share type handling ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' EDAC, mv64x60: Fix an error handling path Christophe Jaillet (1): cpuidle: dt: Add missing 'of_node_put()' Colin Ian King (4): netxen_nic: set rcode to the return status from the call to netxen_issue_cmd btrfs: fix incorrect error return ret being passed to mapping_set_error ath5k: fix memory leak on buf on failed eeprom read wl1251: check return from call to wl1251_acx_arp_ip_filter Craig Dillabaugh (1): net sched actions: fix dumping which requires several messages to user space Dan Carpenter (6): ipmi_ssif: unlock on allocation failure drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests PowerCap: Fix an error code in powercap_register_zone() block: fix an error code in add_partition() libceph: NULL deref on crush_decode() error path pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() David Ahern (2): net/ipv6: Fix route leaking between VRFs vrf: Fix use after free and double free in vrf_finish_output Davide Caratti (1): net/sched: fix NULL dereference in the error path of tcf_bpf_init() Dmitry Monakhov (1): bio-integrity: Do not allocate integrity context for bio w/o data Dmitry Torokhov (1): Input: elan_i2c - check if device is there before really probing Doug Berger (2): bus: brcmstb_gisb: Use register offsets with writes too bus: brcmstb_gisb: correct support for 64-bit address output Eric Dumazet (11): tcp: better validation of received ack sequences net: fix possible out-of-bound read in skb_network_protocol() pptp: remove a buggy dst release in pptp_connect() sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names Eryu Guan (1): ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() Fabio Estevam (2): ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin ARM: dts: imx6qdl-wandboard: Fix audio channel swap Firo Yang (1): hdlcdrv: Fix divide by zero in hdlcdrv_ioctl Ganesh Goudar (1): cxgb4: fix incorrect cim_la output for T6 Geert Uytterhoeven (2): serial: sh-sci: Fix race condition causing garbage during shutdown sh_eth: Use platform device for printing before register_netdev() Greg Hackmann (1): Revert "xhci: plat: Register shutdown for xhci_plat" Greg Kroah-Hartman (1): Linux 4.4.128 Grygorii Strashko (1): net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control Guoqing Jiang (1): md-cluster: fix potential lock issue in add_new_disk Gustavo A. R. Silva (1): net: freescale: fix potential null pointer dereference Haishuang Yan (1): sit: reload iphdr in ipip6_rcv Hangbin Liu (2): l2tp: fix missing print session offset info vlan: also check phy_driver ts_info for vlan's real device Hans de Goede (1): ASoC: Intel: cht_bsw_rt5645: Analog Mic support Heiko Carstens (1): s390: move _text symbol to address higher than zero Heiner Kallweit (1): r8169: fix setting driver_data after register_netdev Ido Shamay (1): net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport Ihar Hrachyshka (2): neighbour: update neigh timestamps iff update is effective arp: honour gratuitous ARP _replies_ Ivan Mikhaylov (1): powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] J. Bruce Fields (1): lockd: fix lockd shutdown race Jacob Keller (1): e1000e: fix race condition around skb_tstamp_tx() Jag Raman (1): sparc64: ldc abort during vds iso boot James Wang (1): Fix loop device flush before configure v3 Jan H. Schönherr (1): KVM: nVMX: Fix handling of lmsw instruction Jason A. Donenfeld (4): skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow ipsec: check return value of skb_to_sgvec always rxrpc: check return value of skb_to_sgvec always virtio_net: check return value of skb_to_sgvec always Jason Wang (1): vhost: correctly remove wait queue during poll failure Jason Yan (2): scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events Jeff Barnhill (1): net/ipv6: Increment OUTxxx counters after netfilter hook Jesper Dangaard Brouer (1): mlx5: fix bug reading rss_hash_type from CQE Jia-Ju Bai (2): qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M mISDN: Fix a sleep-in-atomic bug Jim Baxter (1): net: cdc_ncm: Fix TX zero padding Jiri Olsa (2): perf trace: Add mmap alias for s390 perf tools: Fix copyfile_offset update of output offset Jisheng Zhang (1): usb: chipidea: properly handle host or gadget initialization failure Johannes Berg (1): cfg80211: make RATE_INFO_BW_20 the default Josh Poimboeuf (1): x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() Julia Cartwright (1): md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock KT Liao (2): Input: elantech - force relative mode on a certain module Input: elan_i2c - clear INT before resetting controller Kai-Heng Feng (1): sky2: Increase D3 delay to sky2 stops working after suspend Kees Cook (3): bna: Avoid reading past end of buffer qlge: Avoid reading past end of buffer ray_cs: Avoid reading past end of buffer Kirill Tkhai (1): pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() Konstantin Khlebnikov (1): ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors Kuninori Morimoto (1): ASoC: rsnd: SSI PIO adjust to 24bit mode Leonard Crestez (1): ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull Lin Zhang (1): net: ieee802154: fix net_device reference release too early Linus Walleij (1): gpio: label descriptors using the device name Liping Zhang (1): netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Lorenzo Bianconi (1): iio: magnetometer: st_magn_spi: fix spi_device_id table Luca Coelho (1): mac80211: bail out from prep_connection() if a reconfig is ongoing Lv Zheng (1): ACPICA: Events: Add runtime stub support for event APIs Maciej Purski (1): hwmon: (ina2xx) Make calibration register value fixed Mahesh Bandewar (1): ipv6: avoid dad-failures for addresses with NODAD Marcel Holtmann (1): Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Marcin Nowakowski (3): MIPS: mm: fixed mappings: correct initialisation MIPS: mm: adjust PKMAP location MIPS: kprobes: flush_insn_slot should flush only if probe initialised Masami Hiramatsu (1): perf probe: Add warning message if there is unexpected event name Maurizio Lombardi (1): scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() Mauro Carvalho Chehab (1): media: videobuf2-core: don't go out of the buffer range Mel Gorman (1): futex: Remove requirement for lock_page() in get_futex_key() Michael Ellerman (3): powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash selftests/powerpc: Fix TM resched DSCR test with some compilers powerpc/spufs: Fix coredump of SPU contexts Michael Schmitz (1): fix race in drivers/char/random.c:get_reg() Miguel Fadon Perlines (1): arp: fix arp_filter on l3slave devices Miklos Szeredi (1): ovl: filter trusted xattr for non-admin Milian Wolff (1): perf report: Ensure the perf DSO mapping matches what libdw sees Ming Lei (1): blk-mq: fix kernel oops in blk_mq_tag_idle() Mintz, Yuval (1): bnx2x: Allow vfs to disable txvlan offload Namhyung Kim (2): perf header: Set proper module name when build-id event found perf tests: Decompress kernel module before objdump Nathan Chancellor (1): virtio_net: check return value of skb_to_sgvec in one more location Neil Horman (1): vmxnet3: ensure that adapter is in proper state during force_close NeilBrown (1): SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() Nikita Yushchenko (2): iio: hi8435: avoid garbage event at first enable iio: hi8435: cleanup reset gpio Nithin Sujir (1): bonding: Don't update slave->link until ready to commit Pan Bian (3): rtc: snvs: fix an incorrect check of return value usb: dwc3: keystone: check return value cx25840: fix unchecked return values Paolo Abeni (1): ipv6: the entire IPv6 header chain must fit the first fragment Paul Mackerras (1): KVM: PPC: Book3S PR: Check copy_to/from_user return values Peter Zijlstra (2): x86/tsc: Provide 'tsc=unstable' boot parameter perf/core: Correct event creation with PERF_FORMAT_GROUP Pieter \"PoroCYon\" Sluys (1): vfb: fix video mode and line_length being set when loaded Rabin Vincent (1): CIFS: silence lockdep splat in cifs_relock_file() Rafael David Tinoco (1): scsi: libiscsi: Allow sd_shutdown on bad transport Rasmus Villemoes (1): ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Robert Jarzmik (1): tags: honor COMPILED_SOURCE with apart output directory Roman Kapl (1): net: move somaxconn init from sysctl code Roman Pen (1): KVM: SVM: do not zero out segment attributes if segment is unusable or not present Roopa Prabhu (1): vxlan: dont migrate permanent fdb entries during learn Russell King (1): net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support Sowmini Varadhan (1): rds; Reset rs->rs_bound_addr in rds_add_bound() failure path Stefan Haberland (1): s390/dasd: fix hanging safe offline Stefan Wahren (1): net: qca_spi: Fix alignment issues in rx path Steffen Klassert (1): af_key: Fix slab-out-of-bounds in pfkey_compile_policy. Stephen Smalley (1): selinux: do not check open permission on sockets Sudeep Holla (1): clk: scpi: fix return type of __scpi_dvfs_round_rate Suman Anna (1): ARM: davinci: da8xx: Create DSP device only when assigned memory Talat Batheesh (2): net/mlx4_en: Avoid adding steering rules with invalid ring net/mlx4: Fix the check in attaching steering rules Tang Junhui (2): bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams Tariq Toukan (1): net/mlx5: Tolerate irq_set_affinity_hint() failures Theodore Ts'o (1): random: use lockless method of accessing and updating f->reg_idx Thomas Bogendoerfer (1): Fix serial console on SNI RM400 machines Thomas Petazzoni (1): ata: libahci: properly propagate return value of platform_get_irq() Tin Huynh (1): leds: pca955x: Correct I2C Functionality Tomi Valkeinen (1): drm/omap: fix tiled buffer stride calculations Tony Lindgren (1): tty: n_gsm: Allow ADM response in addition to UA for control dlci Trond Myklebust (2): NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION NFSv4.1: Work around a Linux server bug... Vaibhav Jain (2): rtc: opal: Handle disabled TPO in opal_get_tpo_time() rtc: interface: Validate alarm-time before handling rollover Varun Prakash (1): scsi: csiostor: fix use after free in csio_hw_use_fwconfig() Vignesh R (1): serial: 8250: omap: Disable DMA for console UART Vlastimil Babka (1): sched/numa: Use down_read_trylock() for the mmap_sem Wen Xiong (1): blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op Will Deacon (1): arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage Willem de Bruijn (1): skbuff: only inherit relevant tx_flags Xin Long (4): sctp: fix recursive locking warning in sctp_do_peeloff bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave Yi Zeng (1): thermal: power_allocator: fix one race condition issue for thermal_instances list chenxiang (1): scsi: libsas: initialize sas_phy status according to response of DISCOVER linzhang (2): net: x25: fix one potential use-after-free issue net: llc: add lock_sock in llc_ui_bind to avoid a race condition

7 years, 2 months

2
3
0 0

Build failure for kernel 4.9.94 for perf

by Pavlos Parissis

Hi, Building 4.9.94 in the same way we have been building previous 4.9 releases yields the following error: DEBUG: tests/code-reading.c: In function 'read_object_code': DEBUG: tests/code-reading.c:228:19: error: 'KMOD_DECOMP_LEN' undeclared (first use in this function) DEBUG: char decomp_name[KMOD_DECOMP_LEN]; DEBUG: ^ DEBUG: tests/code-reading.c:228:19: note: each undeclared identifier is reported only once for each function it appears in DEBUG: tests/code-reading.c:291:3: warning: implicit declaration of function 'dso__decompress_kmodule_path' [-Wimplicit-function-declaration] DEBUG: if (dso__decompress_kmodule_path(al.map->dso, objdump_name, DEBUG: ^ DEBUG: tests/code-reading.c:291:3: warning: nested extern declaration of 'dso__decompress_kmodule_path' [-Wnested-externs] DEBUG: tests/code-reading.c:228:7: warning: unused variable 'decomp_name' [-Wunused-variable] DEBUG: char decomp_name[KMOD_DECOMP_LEN]; DEBUG: ^ DEBUG: CC tests/topology.o DEBUG: CC tests/cpumap.o DEBUG: CC tests/stat.o DEBUG: CC tests/event_update.o DEBUG: mv: cannot stat 'tests/.code-reading.o.tmp': No such file or directory DEBUG: make[3]: *** [tests/code-reading.o] Error 1 DEBUG: make[3]: *** Waiting for unfinished jobs.... DEBUG: make[2]: *** [util] Error 2 DEBUG: make[1]: *** [libperf-in.o] Error 2 DEBUG: make[1]: *** Waiting for unfinished jobs.... DEBUG: LD bench/perf-in.o DEBUG: make[2]: *** [tests] Error 2 DEBUG: make[1]: *** [perf-in.o] Error 2 As far as I can see, KMOD_DECOMP_LEN was introduced by 7525a238be8f ("perf tests: Decompress kernel module before objdump"), but I have zero deep knowledge in this area so I may be very wrong here. Cheers, Pavlos Parissis

7 years, 2 months

2
1
0 0

[PATCH V4 2/2] blk-mq: fix race between complete and BLK_EH_RESET_TIMER

by Ming Lei

The normal request completion can be done before or during handling BLK_EH_RESET_TIMER, and this race may cause the request to never be completed since driver's .timeout() may always return BLK_EH_RESET_TIMER. This issue can't be fixed completely by driver, since the normal completion can be done between returning .timeout() and handling BLK_EH_RESET_TIMER. This patch fixes the race by introducing rq state of MQ_RQ_COMPLETE_IN_RESET, and reading/writing rq's state by holding queue lock, which can be per-request actually, but just not necessary to introduce one lock for so unusual event. Also handle the timeout requests in two steps: 1) in 1st step, call .timeout(), and reset timer for BLK_EH_RESET_TIMER 2) in 2nd step, sync with normal completion path by holding queue lock for avoiding race between BLK_EH_RESET_TIMER and normal completion. Cc: "jianchao.wang" <jianchao.w.wang(a)oracle.com> Cc: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Israel Rukshin <israelr(a)mellanox.com>, Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: stable(a)vger.kernel.org Cc: Martin Steigerwald <Martin(a)Lichtvoll.de> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 116 ++++++++++++++++++++++++++++++++++++++++--------- block/blk-mq.h | 1 + include/linux/blkdev.h | 6 +++ 3 files changed, 102 insertions(+), 21 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index d6a21898933d..9415e65302a8 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -630,10 +630,27 @@ void blk_mq_complete_request(struct request *rq) * However, that would complicate paths which want to synchronize * against us. Let stay in sync with the issue path so that * hctx_lock() covers both issue and completion paths. + * + * Cover complete vs BLK_EH_RESET_TIMER race in slow path with + * holding queue lock. */ hctx_lock(hctx, &srcu_idx); if (blk_mq_rq_aborted_gstate(rq) != rq->gstate) __blk_mq_complete_request(rq); + else { + unsigned long flags; + bool need_complete = false; + + spin_lock_irqsave(q->queue_lock, flags); + if (!blk_mq_rq_aborted_gstate(rq)) + need_complete = true; + else + blk_mq_rq_update_state(rq, MQ_RQ_COMPLETE_IN_TIMEOUT); + spin_unlock_irqrestore(q->queue_lock, flags); + + if (need_complete) + __blk_mq_complete_request(rq); + } hctx_unlock(hctx, srcu_idx); } EXPORT_SYMBOL(blk_mq_complete_request); @@ -810,7 +827,7 @@ struct blk_mq_timeout_data { unsigned int nr_expired; }; -static void blk_mq_rq_timed_out(struct request *req, bool reserved) +static void blk_mq_rq_pre_timed_out(struct request *req, bool reserved) { const struct blk_mq_ops *ops = req->q->mq_ops; enum blk_eh_timer_return ret = BLK_EH_RESET_TIMER; @@ -818,18 +835,44 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) if (ops->timeout) ret = ops->timeout(req, reserved); + if (ret == BLK_EH_RESET_TIMER) + blk_add_timer(req); + + req->timeout_ret = ret; +} + +static void blk_mq_rq_timed_out(struct request *req, bool reserved) +{ + enum blk_eh_timer_return ret = req->timeout_ret; + unsigned long flags; + switch (ret) { case BLK_EH_HANDLED: + spin_lock_irqsave(req->q->queue_lock, flags); + complete_rq: + if (blk_mq_rq_state(req) == MQ_RQ_COMPLETE_IN_TIMEOUT) + blk_mq_rq_update_state(req, MQ_RQ_IN_FLIGHT); + spin_unlock_irqrestore(req->q->queue_lock, flags); __blk_mq_complete_request(req); break; case BLK_EH_RESET_TIMER: /* - * As nothing prevents from completion happening while - * ->aborted_gstate is set, this may lead to ignored - * completions and further spurious timeouts. + * The normal completion may happen during handling the + * timeout, or even after returning from .timeout(), so + * once the request has been completed, we can't reset + * timer any more since this request may be handled as + * BLK_EH_RESET_TIMER in next timeout handling too, and + * it has to be completed in this situation. + * + * Holding the queue lock to cover read/write rq's + * aborted_gstate and normal state, so the race can be + * avoided completely. */ + spin_lock_irqsave(req->q->queue_lock, flags); blk_mq_rq_update_aborted_gstate(req, 0); - blk_add_timer(req); + if (blk_mq_rq_state(req) == MQ_RQ_COMPLETE_IN_TIMEOUT) + goto complete_rq; + spin_unlock_irqrestore(req->q->queue_lock, flags); break; case BLK_EH_NOT_HANDLED: req->rq_flags |= RQF_MQ_TIMEOUT_EXPIRED; @@ -875,7 +918,7 @@ static void blk_mq_check_expired(struct blk_mq_hw_ctx *hctx, } } -static void blk_mq_terminate_expired(struct blk_mq_hw_ctx *hctx, +static void blk_mq_prepare_expired(struct blk_mq_hw_ctx *hctx, struct request *rq, void *priv, bool reserved) { /* @@ -887,9 +930,40 @@ static void blk_mq_terminate_expired(struct blk_mq_hw_ctx *hctx, */ if (!(rq->rq_flags & RQF_MQ_TIMEOUT_EXPIRED) && READ_ONCE(rq->gstate) == rq->aborted_gstate) + blk_mq_rq_pre_timed_out(rq, reserved); +} + +static void blk_mq_terminate_expired(struct blk_mq_hw_ctx *hctx, + struct request *rq, void *priv, bool reserved) +{ + if (!(rq->rq_flags & RQF_MQ_TIMEOUT_EXPIRED) && + READ_ONCE(rq->gstate) == rq->aborted_gstate) blk_mq_rq_timed_out(rq, reserved); } +static void blk_mq_timeout_synchronize_rcu(struct request_queue *q, + bool reset_expired) +{ + struct blk_mq_hw_ctx *hctx; + int i; + bool has_rcu = false; + + queue_for_each_hw_ctx(q, hctx, i) { + if (!hctx->nr_expired) + continue; + + if (!(hctx->flags & BLK_MQ_F_BLOCKING)) + has_rcu = true; + else + synchronize_srcu(hctx->srcu); + + if (reset_expired) + hctx->nr_expired = 0; + } + if (has_rcu) + synchronize_rcu(); +} + static void blk_mq_timeout_work(struct work_struct *work) { struct request_queue *q = @@ -899,8 +973,6 @@ static void blk_mq_timeout_work(struct work_struct *work) .next_set = 0, .nr_expired = 0, }; - struct blk_mq_hw_ctx *hctx; - int i; /* A deadlock might occur if a request is stuck requiring a * timeout at the same time a queue freeze is waiting @@ -922,27 +994,26 @@ static void blk_mq_timeout_work(struct work_struct *work) blk_mq_queue_tag_busy_iter(q, blk_mq_check_expired, &data); if (data.nr_expired) { - bool has_rcu = false; - /* * Wait till everyone sees ->aborted_gstate. The * sequential waits for SRCUs aren't ideal. If this ever * becomes a problem, we can add per-hw_ctx rcu_head and * wait in parallel. */ - queue_for_each_hw_ctx(q, hctx, i) { - if (!hctx->nr_expired) - continue; + blk_mq_timeout_synchronize_rcu(q, false); - if (!(hctx->flags & BLK_MQ_F_BLOCKING)) - has_rcu = true; - else - synchronize_srcu(hctx->srcu); + /* call .timeout() for timed-out requests */ + blk_mq_queue_tag_busy_iter(q, blk_mq_prepare_expired, NULL); - hctx->nr_expired = 0; - } - if (has_rcu) - synchronize_rcu(); + /* + * If .timeout returns BLK_EH_HANDLED, wait till current + * completion is done, for avoiding to update state on + * completed request. + * + * If .timeout returns BLK_EH_RESET_TIMER, wait till + * blk_add_timer() is commited before completing this rq. + */ + blk_mq_timeout_synchronize_rcu(q, true); /* terminate the ones we won */ blk_mq_queue_tag_busy_iter(q, blk_mq_terminate_expired, NULL); @@ -952,6 +1023,9 @@ static void blk_mq_timeout_work(struct work_struct *work) data.next = blk_rq_timeout(round_jiffies_up(data.next)); mod_timer(&q->timeout, data.next); } else { + struct blk_mq_hw_ctx *hctx; + int i; + /* * Request timeouts are handled as a forward rolling timer. If * we end up here it means that no requests are pending and diff --git a/block/blk-mq.h b/block/blk-mq.h index 88c558f71819..0426d048743d 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -35,6 +35,7 @@ enum mq_rq_state { MQ_RQ_IDLE = 0, MQ_RQ_IN_FLIGHT = 1, MQ_RQ_COMPLETE = 2, + MQ_RQ_COMPLETE_IN_TIMEOUT = 3, MQ_RQ_STATE_BITS = 2, MQ_RQ_STATE_MASK = (1 << MQ_RQ_STATE_BITS) - 1, diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 9af3e0f430bc..8278f67d39a6 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -252,8 +252,14 @@ struct request { struct list_head timeout_list; union { + /* used after completion */ struct __call_single_data csd; + + /* used in io scheduler, before dispatch */ u64 fifo_time; + + /* used after dispatch and before completion */ + int timeout_ret; }; /* -- 2.9.5

7 years, 2 months

1
0
0 0

Linux 3.18.105

by Greg KH

I'm announcing the release of the 3.18.105 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 arch/arm/include/asm/xen/events.h | 2 arch/arm/mach-davinci/devices-da8xx.c | 10 + arch/arm64/include/asm/futex.h | 8 - arch/mips/include/asm/kprobes.h | 3 arch/mips/mm/pgtable-32.c | 6 - arch/powerpc/kernel/time.c | 14 ++ arch/powerpc/kvm/book3s_pr_papr.c | 34 +++++- arch/powerpc/platforms/cell/spufs/coredump.c | 2 arch/s390/kernel/vmlinux.lds.S | 8 + arch/sparc/kernel/ldc.c | 7 + arch/x86/kernel/tsc.c | 2 arch/x86/kvm/svm.c | 24 ++-- arch/x86/kvm/vmx.c | 7 - block/bio-integrity.c | 3 block/partition-generic.c | 4 crypto/async_tx/async_pq.c | 5 drivers/acpi/acpica/evxfevnt.c | 18 +++ drivers/acpi/acpica/psobject.c | 14 ++ drivers/ata/libahci_platform.c | 5 drivers/char/random.c | 10 + drivers/edac/mv64x60_edac.c | 2 drivers/gpu/drm/omapdrm/omap_gem.c | 4 drivers/iio/magnetometer/st_magn_spi.c | 2 drivers/infiniband/ulp/srpt/ib_srpt.c | 6 - drivers/isdn/mISDN/stack.c | 2 drivers/leds/leds-pca955x.c | 2 drivers/md/bcache/alloc.c | 19 ++- drivers/md/bcache/super.c | 6 + drivers/media/i2c/cx25840/cx25840-core.c | 36 ++++-- drivers/media/rc/mceusb.c | 9 + drivers/net/bonding/bond_main.c | 84 ++++++++-------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++- drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 9 + drivers/net/ethernet/ibm/emac/core.c | 26 ++++- drivers/net/ethernet/intel/e1000e/netdev.c | 17 ++- drivers/net/ethernet/marvell/sky2.c | 2 drivers/net/ethernet/mellanox/mlx4/mcg.c | 15 ++ drivers/net/ethernet/mellanox/mlx4/qp.c | 13 ++ drivers/net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c | 2 drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 drivers/net/ethernet/qualcomm/qca_spi.c | 10 + drivers/net/ethernet/realtek/r8169.c | 4 drivers/net/ethernet/renesas/sh_eth.c | 2 drivers/net/ethernet/ti/cpsw.c | 16 +++ drivers/net/hamradio/hdlcdrv.c | 2 drivers/net/phy/phy.c | 6 + drivers/net/ppp/pptp.c | 1 drivers/net/virtio_net.c | 16 ++- drivers/net/vmxnet3/vmxnet3_drv.c | 5 drivers/net/vxlan.c | 2 drivers/net/wireless/ath/ath5k/debug.c | 5 drivers/net/wireless/ray_cs.c | 7 - drivers/net/wireless/ti/wl1251/main.c | 3 drivers/powercap/powercap_sys.c | 1 drivers/rtc/interface.c | 9 + drivers/scsi/bnx2fc/bnx2fc.h | 1 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 10 + drivers/scsi/libiscsi.c | 24 ++++ drivers/scsi/libsas/sas_expander.c | 4 drivers/staging/wlan-ng/prism2mgmt.c | 2 drivers/tty/n_gsm.c | 17 ++- drivers/tty/serial/sccnxp.c | 15 +- drivers/usb/chipidea/core.c | 29 ++++- drivers/usb/dwc3/dwc3-keystone.c | 4 drivers/usb/host/xhci-plat.c | 1 drivers/usb/storage/ene_ub6250.c | 11 +- drivers/vhost/vhost.c | 3 drivers/video/fbdev/vfb.c | 17 +++ fs/btrfs/extent_io.c | 2 fs/cifs/file.c | 2 fs/cifs/smb2pdu.c | 14 +- fs/ext4/file.c | 2 fs/lockd/svc.c | 6 - fs/nfs/nfs4proc.c | 7 + fs/nfs/nfs4state.c | 10 + fs/overlayfs/inode.c | 12 ++ include/linux/mlx4/qp.h | 1 include/linux/skbuff.h | 8 - include/net/x25.h | 4 kernel/events/core.c | 15 +- kernel/futex.c | 98 +++++++++++++++++-- kernel/pid.c | 4 net/bluetooth/hci_core.c | 17 ++- net/ceph/osdmap.c | 1 net/core/dev.c | 4 net/core/neighbour.c | 14 +- net/core/net_namespace.c | 19 +++ net/core/skbuff.c | 65 ++++++++---- net/core/sysctl_net_core.c | 2 net/ipv4/ah4.c | 8 + net/ipv4/esp4.c | 12 +- net/ipv4/ip_tunnel.c | 11 +- net/ipv6/addrconf.c | 5 net/ipv6/ah6.c | 8 + net/ipv6/esp6.c | 12 +- net/ipv6/ip6_gre.c | 8 - net/ipv6/ip6_output.c | 13 +- net/ipv6/ip6_tunnel.c | 7 - net/ipv6/ip6_vti.c | 7 - net/ipv6/sit.c | 8 - net/key/af_key.c | 2 net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/mac80211/mlme.c | 4 net/netfilter/nf_conntrack_netlink.c | 7 + net/netlink/af_netlink.c | 3 net/rxrpc/rxkad.c | 21 ++-- net/sched/act_api.c | 4 net/sctp/ipv6.c | 4 net/sctp/socket.c | 17 +-- net/x25/af_x25.c | 24 +++- net/x25/sysctl_net_x25.c | 5 net/xfrm/xfrm_state.c | 2 scripts/tags.sh | 1 tools/perf/builtin-trace.c | 4 tools/perf/tests/code-reading.c | 20 +++ tools/perf/util/unwind-libdw.c | 8 + tools/testing/selftests/powerpc/tm/tm-resched-dscr.c | 2 122 files changed, 924 insertions(+), 314 deletions(-) A Sun (1): mceusb: sporadic RX truncation corruption fix Alan Stern (2): USB: ene_usb6250: fix first command execution USB: ene_usb6250: fix SCSI residue overwriting Alexander Potapenko (1): netlink: make sure nladdr has correct size in netlink_connect() Andrea della Porta (1): staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning Antony Antony (1): xfrm: fix state migration copy replay sequence numbers Anup Patel (1): async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() Arnd Bergmann (1): xen: avoid type warning in xchg_xen_ulong Bart Van Assche (1): IB/srpt: Fix abort handling Bob Moore (1): ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Chris Wilson (1): e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Christian Lamparter (1): net: emac: fix reset timeout with AR8035 phy Christophe JAILLET (2): SMB2: Fix share type handling EDAC, mv64x60: Fix an error handling path Colin Ian King (4): netxen_nic: set rcode to the return status from the call to netxen_issue_cmd btrfs: fix incorrect error return ret being passed to mapping_set_error ath5k: fix memory leak on buf on failed eeprom read wl1251: check return from call to wl1251_acx_arp_ip_filter Craig Dillabaugh (1): net sched actions: fix dumping which requires several messages to user space Dan Carpenter (3): PowerCap: Fix an error code in powercap_register_zone() block: fix an error code in add_partition() libceph: NULL deref on crush_decode() error path Dmitry Monakhov (1): bio-integrity: Do not allocate integrity context for bio w/o data Eric Dumazet (10): net: fix possible out-of-bound read in skb_network_protocol() pptp: remove a buggy dst release in pptp_connect() sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names vti6: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names Eryu Guan (1): ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() Fabio Estevam (1): ARM: dts: imx6qdl-wandboard: Fix audio channel swap Firo Yang (1): hdlcdrv: Fix divide by zero in hdlcdrv_ioctl Geert Uytterhoeven (1): sh_eth: Use platform device for printing before register_netdev() Greg Hackmann (1): Revert "xhci: plat: Register shutdown for xhci_plat" Greg Kroah-Hartman (1): Linux 3.18.105 Grygorii Strashko (1): net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control Gustavo A. R. Silva (1): net: freescale: fix potential null pointer dereference Hangbin Liu (1): l2tp: fix missing print session offset info Heiko Carstens (1): s390: move _text symbol to address higher than zero Heiner Kallweit (1): r8169: fix setting driver_data after register_netdev Ihar Hrachyshka (1): neighbour: update neigh timestamps iff update is effective Ivan Mikhaylov (1): powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] J. Bruce Fields (1): lockd: fix lockd shutdown race Jacob Keller (1): e1000e: fix race condition around skb_tstamp_tx() Jag Raman (1): sparc64: ldc abort during vds iso boot Jan H. Schönherr (1): KVM: nVMX: Fix handling of lmsw instruction Jason A. Donenfeld (4): skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow ipsec: check return value of skb_to_sgvec always rxrpc: check return value of skb_to_sgvec always virtio_net: check return value of skb_to_sgvec always Jason Wang (1): vhost: correctly remove wait queue during poll failure Jason Yan (2): scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events Jia-Ju Bai (2): qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M mISDN: Fix a sleep-in-atomic bug Jiri Olsa (1): perf trace: Add mmap alias for s390 Jisheng Zhang (1): usb: chipidea: properly handle host or gadget initialization failure Kai-Heng Feng (1): sky2: Increase D3 delay to sky2 stops working after suspend Kees Cook (3): bna: Avoid reading past end of buffer qlge: Avoid reading past end of buffer ray_cs: Avoid reading past end of buffer Kirill Tkhai (1): pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() Liping Zhang (1): netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Lorenzo Bianconi (1): iio: magnetometer: st_magn_spi: fix spi_device_id table Luca Coelho (1): mac80211: bail out from prep_connection() if a reconfig is ongoing Lv Zheng (1): ACPICA: Events: Add runtime stub support for event APIs Mahesh Bandewar (1): ipv6: avoid dad-failures for addresses with NODAD Marcel Holtmann (1): Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Marcin Nowakowski (2): MIPS: mm: fixed mappings: correct initialisation MIPS: kprobes: flush_insn_slot should flush only if probe initialised Maurizio Lombardi (1): scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() Mel Gorman (1): futex: Remove requirement for lock_page() in get_futex_key() Michael Ellerman (2): selftests/powerpc: Fix TM resched DSCR test with some compilers powerpc/spufs: Fix coredump of SPU contexts Michael Schmitz (1): fix race in drivers/char/random.c:get_reg() Miklos Szeredi (1): ovl: filter trusted xattr for non-admin Milian Wolff (1): perf report: Ensure the perf DSO mapping matches what libdw sees Mintz, Yuval (1): bnx2x: Allow vfs to disable txvlan offload Namhyung Kim (1): perf tests: Decompress kernel module before objdump Nathan Chancellor (1): virtio_net: check return value of skb_to_sgvec in one more location Neil Horman (1): vmxnet3: ensure that adapter is in proper state during force_close Nithin Sujir (1): bonding: Don't update slave->link until ready to commit Pan Bian (2): usb: dwc3: keystone: check return value cx25840: fix unchecked return values Paolo Abeni (1): ipv6: the entire IPv6 header chain must fit the first fragment Paul Mackerras (1): KVM: PPC: Book3S PR: Check copy_to/from_user return values Peter Zijlstra (2): x86/tsc: Provide 'tsc=unstable' boot parameter perf/core: Correct event creation with PERF_FORMAT_GROUP Pieter \"PoroCYon\" Sluys (1): vfb: fix video mode and line_length being set when loaded Rabin Vincent (1): CIFS: silence lockdep splat in cifs_relock_file() Rafael David Tinoco (1): scsi: libiscsi: Allow sd_shutdown on bad transport Robert Jarzmik (1): tags: honor COMPILED_SOURCE with apart output directory Roman Kapl (1): net: move somaxconn init from sysctl code Roman Pen (1): KVM: SVM: do not zero out segment attributes if segment is unusable or not present Roopa Prabhu (1): vxlan: dont migrate permanent fdb entries during learn Russell King (1): net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support Stefan Wahren (1): net: qca_spi: Fix alignment issues in rx path Steffen Klassert (1): af_key: Fix slab-out-of-bounds in pfkey_compile_policy. Suman Anna (1): ARM: davinci: da8xx: Create DSP device only when assigned memory Talat Batheesh (2): net/mlx4_en: Avoid adding steering rules with invalid ring net/mlx4: Fix the check in attaching steering rules Tang Junhui (2): bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams Theodore Ts'o (1): random: use lockless method of accessing and updating f->reg_idx Thomas Bogendoerfer (1): Fix serial console on SNI RM400 machines Thomas Petazzoni (1): ata: libahci: properly propagate return value of platform_get_irq() Tin Huynh (1): leds: pca955x: Correct I2C Functionality Tomi Valkeinen (1): drm/omap: fix tiled buffer stride calculations Tony Lindgren (1): tty: n_gsm: Allow ADM response in addition to UA for control dlci Trond Myklebust (1): NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION Vaibhav Jain (1): rtc: interface: Validate alarm-time before handling rollover Will Deacon (1): arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage Xin Long (4): sctp: fix recursive locking warning in sctp_do_peeloff bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave chenxiang (1): scsi: libsas: initialize sas_phy status according to response of DISCOVER linzhang (2): net: x25: fix one potential use-after-free issue net: llc: add lock_sock in llc_ui_bind to avoid a race condition

7 years, 2 months

2
2
0 0

[PATCH V3] blk-mq: fix race between complete and BLK_EH_RESET_TIMER

by Ming Lei

The normal request completion can be done before or during handling BLK_EH_RESET_TIMER, and this race may cause the request to never be completed since driver's .timeout() may always return BLK_EH_RESET_TIMER. This issue can't be fixed completely by driver, since the normal completion can be done between returning .timeout() and handling BLK_EH_RESET_TIMER. This patch fixes the race by introducing rq state of MQ_RQ_COMPLETE_IN_RESET, and reading/writing rq's state by holding queue lock, which can be per-request actually, but just not necessary to introduce one lock for so unusual event. Also when .timeout() returns BLK_EH_HANDLED, sync with normal completion path before completing this timed-out rq finally for avoiding this rq's state touched by normal completion. Cc: "jianchao.wang" <jianchao.w.wang(a)oracle.com> Cc: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Israel Rukshin <israelr(a)mellanox.com>, Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- V3: - before completing rq for BLK_EH_HANDLED, sync with normal completion path - make sure rq's state updated as MQ_RQ_IN_FLIGHT before completing V2: - rename the new flag as MQ_RQ_COMPLETE_IN_TIMEOUT - fix lock uses in blk_mq_rq_timed_out - document re-order between blk_add_timer() and blk_mq_rq_update_aborted_gstate(req, 0) block/blk-mq.c | 85 +++++++++++++++++++++++++++++++++++++++++++++++----------- block/blk-mq.h | 1 + 2 files changed, 70 insertions(+), 16 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 0dc9e341c2a7..d70f69a32226 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -198,23 +198,12 @@ void blk_mq_quiesce_queue_nowait(struct request_queue *q) } EXPORT_SYMBOL_GPL(blk_mq_quiesce_queue_nowait); -/** - * blk_mq_quiesce_queue() - wait until all ongoing dispatches have finished - * @q: request queue. - * - * Note: this function does not prevent that the struct request end_io() - * callback function is invoked. Once this function is returned, we make - * sure no dispatch can happen until the queue is unquiesced via - * blk_mq_unquiesce_queue(). - */ -void blk_mq_quiesce_queue(struct request_queue *q) +static void blk_mq_queue_synchronize_rcu(struct request_queue *q) { struct blk_mq_hw_ctx *hctx; unsigned int i; bool rcu = false; - blk_mq_quiesce_queue_nowait(q); - queue_for_each_hw_ctx(q, hctx, i) { if (hctx->flags & BLK_MQ_F_BLOCKING) synchronize_srcu(hctx->srcu); @@ -224,6 +213,21 @@ void blk_mq_quiesce_queue(struct request_queue *q) if (rcu) synchronize_rcu(); } + +/** + * blk_mq_quiesce_queue() - wait until all ongoing dispatches have finished + * @q: request queue. + * + * Note: this function does not prevent that the struct request end_io() + * callback function is invoked. Once this function is returned, we make + * sure no dispatch can happen until the queue is unquiesced via + * blk_mq_unquiesce_queue(). + */ +void blk_mq_quiesce_queue(struct request_queue *q) +{ + blk_mq_quiesce_queue_nowait(q); + blk_mq_queue_synchronize_rcu(q); +} EXPORT_SYMBOL_GPL(blk_mq_quiesce_queue); /* @@ -630,10 +634,27 @@ void blk_mq_complete_request(struct request *rq) * However, that would complicate paths which want to synchronize * against us. Let stay in sync with the issue path so that * hctx_lock() covers both issue and completion paths. + * + * Cover complete vs BLK_EH_RESET_TIMER race in slow path with + * holding queue lock. */ hctx_lock(hctx, &srcu_idx); if (blk_mq_rq_aborted_gstate(rq) != rq->gstate) __blk_mq_complete_request(rq); + else { + unsigned long flags; + bool need_complete = false; + + spin_lock_irqsave(q->queue_lock, flags); + if (!blk_mq_rq_aborted_gstate(rq)) + need_complete = true; + else + blk_mq_rq_update_state(rq, MQ_RQ_COMPLETE_IN_TIMEOUT); + spin_unlock_irqrestore(q->queue_lock, flags); + + if (need_complete) + __blk_mq_complete_request(rq); + } hctx_unlock(hctx, srcu_idx); } EXPORT_SYMBOL(blk_mq_complete_request); @@ -814,6 +835,7 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) { const struct blk_mq_ops *ops = req->q->mq_ops; enum blk_eh_timer_return ret = BLK_EH_RESET_TIMER; + unsigned long flags; req->rq_flags |= RQF_MQ_TIMEOUT_EXPIRED; @@ -822,16 +844,47 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) switch (ret) { case BLK_EH_HANDLED: + /* + * If .timeout returns BLK_EH_HANDLED, this rq shouldn't + * be completed by normal irq context any more, but for + * the sake of safety, sync with normal completion path + * before completing this request finally because the + * normal completion path may touch this rq's state. + */ + blk_mq_queue_synchronize_rcu(req->q); + + spin_lock_irqsave(req->q->queue_lock, flags); + complete_rq: + if (blk_mq_rq_state(req) == MQ_RQ_COMPLETE_IN_TIMEOUT) + blk_mq_rq_update_state(req, MQ_RQ_IN_FLIGHT); + spin_unlock_irqrestore(req->q->queue_lock, flags); __blk_mq_complete_request(req); break; case BLK_EH_RESET_TIMER: /* - * As nothing prevents from completion happening while - * ->aborted_gstate is set, this may lead to ignored - * completions and further spurious timeouts. + * The normal completion may happen during handling the + * timeout, or even after returning from .timeout(), so + * once the request has been completed, we can't reset + * timer any more since this request may be handled as + * BLK_EH_RESET_TIMER in next timeout handling too, and + * it has to be completed in this situation. + * + * Holding the queue lock to cover read/write rq's + * aborted_gstate and normal state, so the race can be + * avoided completely. + * + * blk_add_timer() may be re-ordered with resetting + * aborted_gstate, and the only side-effec is that if this + * request is recycled after aborted_gstate is cleared, it + * may be timed out a bit late, that is what we can survive + * given timeout event is so unusual. */ - blk_mq_rq_update_aborted_gstate(req, 0); + spin_lock_irqsave(req->q->queue_lock, flags); + if (blk_mq_rq_state(req) == MQ_RQ_COMPLETE_IN_TIMEOUT) + goto complete_rq; blk_add_timer(req); + blk_mq_rq_update_aborted_gstate(req, 0); + spin_unlock_irqrestore(req->q->queue_lock, flags); break; case BLK_EH_NOT_HANDLED: break; diff --git a/block/blk-mq.h b/block/blk-mq.h index 88c558f71819..0426d048743d 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -35,6 +35,7 @@ enum mq_rq_state { MQ_RQ_IDLE = 0, MQ_RQ_IN_FLIGHT = 1, MQ_RQ_COMPLETE = 2, + MQ_RQ_COMPLETE_IN_TIMEOUT = 3, MQ_RQ_STATE_BITS = 2, MQ_RQ_STATE_MASK = (1 << MQ_RQ_STATE_BITS) - 1, -- 2.9.5

7 years, 2 months

3
3
0 0

[PATCH AUTOSEL for 3.18 051/101] scsi: sun_esp: fix device reference leaks

by Sasha Levin

From: Johan Hovold <johan(a)kernel.org> [ Upstream commit f62f9ffdb5ef683ef8cffb43932fa72cc3713e94 ] Make sure to drop the reference to the dma device taken by of_find_device_by_node() on probe errors and on driver unbind. Fixes: 334ae614772b ("sparc: Kill SBUS DVMA layer.") Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/scsi/sun_esp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sun_esp.c b/drivers/scsi/sun_esp.c index f2e68459f7ea..6585d75bf732 100644 --- a/drivers/scsi/sun_esp.c +++ b/drivers/scsi/sun_esp.c @@ -566,6 +566,7 @@ static int esp_sbus_probe(struct platform_device *op) struct device_node *dp = op->dev.of_node; struct platform_device *dma_of = NULL; int hme = 0; + int ret; if (dp->parent && (!strcmp(dp->parent->name, "espdma") || @@ -580,7 +581,11 @@ static int esp_sbus_probe(struct platform_device *op) if (!dma_of) return -ENODEV; - return esp_sbus_probe_one(op, dma_of, hme); + ret = esp_sbus_probe_one(op, dma_of, hme); + if (ret) + put_device(&dma_of->dev); + + return ret; } static int esp_sbus_remove(struct platform_device *op) @@ -613,6 +618,8 @@ static int esp_sbus_remove(struct platform_device *op) dev_set_drvdata(&op->dev, NULL); + put_device(&dma_of->dev); + return 0; } -- 2.15.1

7 years, 2 months

2
52
0 0

[PATCH AUTOSEL for 4.4 001/162] ALSA: timer: Wrap with spinlock for queue access

by Sasha Levin

From: Takashi Iwai <tiwai(a)suse.de> [ Upstream commit d7f910bfedd863d13ea320030fe98e42d0938ed5 ] For accessing the snd_timer_user queue indices, we take tu->qlock. But it's forgotten in a couple of places. The one in snd_timer_user_params() should be safe without the spinlock as the timer is already stopped. But it's better for consistency. The one in poll is just a read-out, so it's not inevitably needed, but it'd be good to make the result consistent, too. Tested-by: Alexander Potapenko <glider(a)google.com> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/core/timer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sound/core/timer.c b/sound/core/timer.c index 48eaccba82a3..fd622aa0bb93 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1771,6 +1771,7 @@ static int snd_timer_user_params(struct file *file, } } } + spin_lock_irq(&tu->qlock); tu->qhead = tu->qtail = tu->qused = 0; if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) { if (tu->tread) { @@ -1791,6 +1792,7 @@ static int snd_timer_user_params(struct file *file, } tu->filter = params.filter; tu->ticks = params.ticks; + spin_unlock_irq(&tu->qlock); err = 0; _end: if (copy_to_user(_params, &params, sizeof(params))) @@ -2029,10 +2031,12 @@ static unsigned int snd_timer_user_poll(struct file *file, poll_table * wait) poll_wait(file, &tu->qchange_sleep, wait); mask = 0; + spin_lock_irq(&tu->qlock); if (tu->qused) mask |= POLLIN | POLLRDNORM; if (tu->disconnected) mask |= POLLERR; + spin_unlock_irq(&tu->qlock); return mask; } -- 2.15.1

7 years, 2 months

2
163
0 0

[PATCH v2] crypto: caam: Drop leading zero from input buffer

by Fabio Estevam

From: Fabio Estevam <fabio.estevam(a)nxp.com> imx6ul and imx7 report the following error: caam_jr 2142000.jr1: 40000789: DECO: desc idx 7: Protocol Size Error - A protocol has seen an error in size. When running RSA, pdb size N < (size of F) when no formatting is used; or pdb size N < (F + 11) when formatting is used. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at crypto/asymmetric_keys/public_key.c:148 public_key_verify_signature+0x27c/0x2b0 This error happens because the signature contains 257 bytes, including a leading zero as the first element. Fix the problem by stripping off the leading zero from input data before feeding it to the CAAM accelerator. Fixes: 8c419778ab57e497b5 ("crypto: caam - add support for RSA algorithm") Cc: <stable(a)vger.kernel.org> Reported-by: Martin Townsend <mtownsend1973(a)gmail.com> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> --- Changes since v1: - Use a temp pointer - Assign len to req->src_len , so that more than one leading zero can be taken into account drivers/crypto/caam/caampkc.c | 45 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c index 7a897209..5f3e627 100644 --- a/drivers/crypto/caam/caampkc.c +++ b/drivers/crypto/caam/caampkc.c @@ -166,6 +166,14 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err, akcipher_request_complete(req, err); } +static void caam_rsa_drop_leading_zeros(const u8 **ptr, size_t *nbytes) +{ + while (!**ptr && *nbytes) { + (*ptr)++; + (*nbytes)--; + } +} + static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req, size_t desclen) { @@ -178,7 +186,36 @@ static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req, int sgc; int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes; int src_nents, dst_nents; + const u8 *temp; + void *buffer; + size_t len; + + buffer = kzalloc(req->src_len, GFP_ATOMIC); + if (!buffer) + return ERR_PTR(-ENOMEM); + + sg_copy_to_buffer(req->src, sg_nents(req->src), + buffer, req->src_len); + temp = (u8 *)buffer; + len = req->src_len; + /* + * Check if the buffer contains leading zeros and if + * it does, drop the leading zeros + */ + if (temp[0] == 0) { + caam_rsa_drop_leading_zeros(&temp, &len); + if (!temp) { + kfree(buffer); + return ERR_PTR(-ENOMEM); + } + + req->src_len = len; + sg_copy_from_buffer(req->src, sg_nents(req->src), + (void *)temp, req->src_len); + } + + kfree(buffer); src_nents = sg_nents_for_len(req->src, req->src_len); dst_nents = sg_nents_for_len(req->dst, req->dst_len); @@ -683,14 +720,6 @@ static void caam_rsa_free_key(struct caam_rsa_key *key) memset(key, 0, sizeof(*key)); } -static void caam_rsa_drop_leading_zeros(const u8 **ptr, size_t *nbytes) -{ - while (!**ptr && *nbytes) { - (*ptr)++; - (*nbytes)--; - } -} - /** * caam_read_rsa_crt - Used for reading dP, dQ, qInv CRT members. * dP, dQ and qInv could decode to less than corresponding p, q length, as the -- 2.7.4

7 years, 2 months

2
2
0 0

[PATCH] block: do not use interruptible wait anywhere

by Alan Jenkins

When blk_queue_enter() waits for a queue to unfreeze, or unset the PREEMPT_ONLY flag, do not allow it to be interrupted by a signal. The PREEMPT_ONLY flag was introduced later in commit 3a0a529971ec ("block, scsi: Make SCSI quiesce and resume work reliably"). Note the SCSI device is resumed asynchronously, i.e. after un-freezing userspace tasks. So that commit exposed the bug as a regression in v4.15. A mysterious SIGBUS (or -EIO) sometimes happened during the time the device was being resumed. Most frequently, there was no kernel log message, and we saw Xorg or Xwayland killed by SIGBUS.[1] [1] E.g. https://bugzilla.redhat.com/show_bug.cgi?id=1553979 Without this fix, I get an IO error in this test: # dd if=/dev/sda of=/dev/null iflag=direct & \ while killall -SIGUSR1 dd; do sleep 0.1; done & \ echo mem > /sys/power/state ; \ sleep 5; killall dd # stop after 5 seconds The interruptible wait was added to blk_queue_enter in commit 3ef28e83ab15 ("block: generic request_queue reference counting"). Before then, the interruptible wait was only in blk-mq, but I don't think it could ever have been correct. Cc: stable(a)vger.kernel.org Signed-off-by: Alan Jenkins <alan.christopher.jenkins(a)gmail.com> --- block/blk-core.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index abcb8684ba67..5a6d20069364 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -915,7 +915,6 @@ int blk_queue_enter(struct request_queue *q, blk_mq_req_flags_t flags) while (true) { bool success = false; - int ret; rcu_read_lock(); if (percpu_ref_tryget_live(&q->q_usage_counter)) { @@ -947,14 +946,12 @@ int blk_queue_enter(struct request_queue *q, blk_mq_req_flags_t flags) */ smp_rmb(); - ret = wait_event_interruptible(q->mq_freeze_wq, + wait_event(q->mq_freeze_wq, (atomic_read(&q->mq_freeze_depth) == 0 && (preempt || !blk_queue_preempt_only(q))) || blk_queue_dying(q)); if (blk_queue_dying(q)) return -ENODEV; - if (ret) - return ret; } } -- 2.14.3

7 years, 2 months

4
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror