- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] tpm: fix response size validation in tpm_get_random()" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 84b59f6487d82d3ab4247a099aba66d4d17e8b08 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Date: Mon, 3 Sep 2018 04:01:26 +0300 Subject: [PATCH] tpm: fix response size validation in tpm_get_random() When checking whether the response is large enough to be able to contain the received random bytes in tpm_get_random() and tpm2_get_random(), they fail to take account the header size, which should be added to the minimum size. This commit fixes this issue. Cc: stable(a)vger.kernel.org Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 1a803b0cf980..318a7078b2ba 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -1321,7 +1321,8 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) } rlength = be32_to_cpu(tpm_cmd.header.out.length); - if (rlength < offsetof(struct tpm_getrandom_out, rng_data) + + if (rlength < TPM_HEADER_SIZE + + offsetof(struct tpm_getrandom_out, rng_data) + recd) { total = -EFAULT; break; diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index c31b490bd41d..3acf4fd4e5a5 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -329,7 +329,9 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max) &buf.data[TPM_HEADER_SIZE]; recd = min_t(u32, be16_to_cpu(out->size), num_bytes); if (tpm_buf_length(&buf) < - offsetof(struct tpm2_get_random_out, buffer) + recd) { + TPM_HEADER_SIZE + + offsetof(struct tpm2_get_random_out, buffer) + + recd) { err = -EFAULT; goto out; }

7 years

1
0
0 0

Re: [Linux-stable-mirror] stable/linux-3.16.y build: 178 builds: 1 failed, 177 passed, 2 errors, 57 warnings (v3.16.52)

by Arnd Bergmann

On Tue, Jan 2, 2018 at 12:48 PM, kernelci.org bot <bot(a)kernelci.org> wrote: Hi Ben, almost a clean build with kernelci! > Errors summary: > 1 drivers/scsi/mpt2sas/mpt2sas_base.c:3550:1: internal compiler error: in extract_constrain_insn, at recog.c:2190 > 1 drivers/scsi/mpt2sas/mpt2sas_base.c:3550:1: error: insn does not satisfy its constraints: See earlier discussion https://www.spinics.net/lists/stable/msg195996.html > Warnings summary: > 54 include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void This comes from an incorrect backport of commit 49e67dd17649 ("of: fdt: add missing allocation-failure check") It's harmless, and stable/linux-3.18.y has the correct version: --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -380,6 +380,6 @@ static void __unflatten_device_tree(void *blob, /* Allocate memory for the expanded device tree */ mem = dt_alloc(size + 4, __alignof__(struct device_node)); if (!mem) - return NULL; + return; memset(mem, 0, size); > 2 ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] This code was last touched in 3.16 by the backport of commit 5864a2fd3088 ("ipc/sem.c: fix complex_count vs. simple op race") The warning is in "smp_load_acquire(&sma->complex_mode))", and I suspect that commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()") avoided the warning upstream by removing the smp_mb() before it. The code is way too complex for a fly-by analysis, so I'm adding Manfred to Cc here. It may be worth comparing the full list of backports that went into ipc/sem.c in 3.16.y with those in 3.18.y and 4.1.y that don't have the warning. Here is what I see in the git history: $ git log --oneline v3.16..stable/linux-3.16.y ipc/sem.c accb9f16adba ipc/sem.c: fix complex_count vs. simple op race 5b11c133308b ipc: remove use of seq_printf return value 08397b1a5cd4 sysv, ipc: fix security-layer leaking 35cfc2b3a9da ipc/sem.c: fully initialize sem_array before making it visible 69a9a86b645f ipc/sem.c: update/correct memory barriers 30f995ba77ca ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() 76ce4fe19d6b ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits $ git log --oneline v3.16..stable/linux-3.18.y ipc/sem.c 7dd90826dfba sysv, ipc: fix security-layer leaking ff12efa03da1 ipc/sem.c: update/correct memory barriers 38b50c47c25e ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible $ git log --oneline v3.16..stable/linux-4.1.y ipc/sem.c e2b438fdfa4d sysv, ipc: fix security-layer leaking b6805da60f01 ipc/sem.c: update/correct memory barriers 7be83cf01024 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible $ git log --oneline v3.16..stable/linux-4.4.y ipc/sem.c f6031d95320d ipc/sem.c: fix complex_count vs. simple op race 62659f0b9ed7 sysv, ipc: fix security-layer leaking 3ed1f8a99d70 ipc/sem.c: update/correct memory barriers a97955844807 ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem() 602b8593d2b4 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 55b7ae50167e ipc: rename ipc_obtain_object 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible $ git log --oneline v3.16..stable/linux-4.9.y ipc/sem.c 2a1613a586de ipc/sem.c: add cond_resched in exit_sme 5864a2fd3088 ipc/sem.c: fix complex_count vs. simple op race 9b24fef9f041 sysv, ipc: fix security-layer leaking be3e78449803 locking/spinlock: Update spin_unlock_wait() users 33ac279677dc locking/barriers: Introduce smp_acquire__after_ctrl_dep() a5f4db877177 ipc/sem: make semctl setting sempid consistent 1d5cfdb07628 tree wide: use kvfree() than conditional kfree()/vfree() 3ed1f8a99d70 ipc/sem.c: update/correct memory barriers a97955844807 ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem() 602b8593d2b4 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 55b7ae50167e ipc: rename ipc_obtain_object 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible > 1 arch/arm/kernel/head-nommu.S:167: Warning: Use of r13 as a source register is deprecated when r15 is the destination register. Fixed by backporting: 970d96f9a81b ("ARM: 8383/1: nommu: avoid deprecated source register on mov") Arnd

7 years

3
2
0 0

FAILED: patch "[PATCH] cifs: allow calling SMB2_xxx_free(NULL)" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 32a1fb36f6e50183871c2c1fcf5493c633e84732 Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg <lsahlber(a)redhat.com> Date: Wed, 24 Oct 2018 11:50:33 +1000 Subject: [PATCH] cifs: allow calling SMB2_xxx_free(NULL) Change these free functions to allow passing NULL as the argument and treat it as a no-op just like free(NULL) would. Or, if rqst->rq_iov is NULL. The second scenario could happen for smb2_queryfs() if the call to SMB2_query_info_init() fails and we go to qfs_exit to clean up and free all resources. In that case we have not yet assigned rqst[2].rq_iov and thus the rq_iov dereference in SMB2_close_free() will cause a NULL pointer dereference. Fixes: 1eb9fb52040f ("cifs: create SMB2_open_init()/SMB2_open_free() helpers") Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Reviewed-by: Aurelien Aptel <aaptel(a)suse.com> CC: Stable <stable(a)vger.kernel.org> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 5a08c8f6a322..7d7b016fe8bb 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2243,10 +2243,12 @@ SMB2_open_free(struct smb_rqst *rqst) { int i; - cifs_small_buf_release(rqst->rq_iov[0].iov_base); - for (i = 1; i < rqst->rq_nvec; i++) - if (rqst->rq_iov[i].iov_base != smb2_padding) - kfree(rqst->rq_iov[i].iov_base); + if (rqst && rqst->rq_iov) { + cifs_small_buf_release(rqst->rq_iov[0].iov_base); + for (i = 1; i < rqst->rq_nvec; i++) + if (rqst->rq_iov[i].iov_base != smb2_padding) + kfree(rqst->rq_iov[i].iov_base); + } } int @@ -2536,7 +2538,8 @@ SMB2_close_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, void SMB2_close_free(struct smb_rqst *rqst) { - cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ + if (rqst && rqst->rq_iov) + cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ } int @@ -2689,7 +2692,8 @@ SMB2_query_info_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, void SMB2_query_info_free(struct smb_rqst *rqst) { - cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ + if (rqst && rqst->rq_iov) + cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ } static int @@ -3803,7 +3807,8 @@ SMB2_set_info_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, void SMB2_set_info_free(struct smb_rqst *rqst) { - cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ + if (rqst && rqst->rq_iov) + cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ } static int

7 years

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: Fix caching of host MDCR_EL2 value" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From da5a3ce66b8bb51b0ea8a89f42aac153903f90fb Mon Sep 17 00:00:00 2001 From: Mark Rutland <mark.rutland(a)arm.com> Date: Wed, 17 Oct 2018 17:42:10 +0100 Subject: [PATCH] KVM: arm64: Fix caching of host MDCR_EL2 value At boot time, KVM stashes the host MDCR_EL2 value, but only does this when the kernel is not running in hyp mode (i.e. is non-VHE). In these cases, the stashed value of MDCR_EL2.HPMN happens to be zero, which can lead to CONSTRAINED UNPREDICTABLE behaviour. Since we use this value to derive the MDCR_EL2 value when switching to/from a guest, after a guest have been run, the performance counters do not behave as expected. This has been observed to result in accesses via PMXEVTYPER_EL0 and PMXEVCNTR_EL0 not affecting the relevant counters, resulting in events not being counted. In these cases, only the fixed-purpose cycle counter appears to work as expected. Fix this by always stashing the host MDCR_EL2 value, regardless of VHE. Cc: Christopher Dall <christoffer.dall(a)arm.com> Cc: James Morse <james.morse(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: stable(a)vger.kernel.org Fixes: 1e947bad0b63b351 ("arm64: KVM: Skip HYP setup when already running in HYP") Tested-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c index 4ce99bb223bc..4c5ff06b18f9 100644 --- a/virt/kvm/arm/arm.c +++ b/virt/kvm/arm/arm.c @@ -1296,8 +1296,6 @@ static void cpu_init_hyp_mode(void *dummy) __cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr); __cpu_init_stage2(); - - kvm_arm_init_debug(); } static void cpu_hyp_reset(void) @@ -1315,6 +1313,8 @@ static void cpu_hyp_reinit(void) else cpu_init_hyp_mode(NULL); + kvm_arm_init_debug(); + if (vgic_present) kvm_vgic_init_cpu_hardware(); }

7 years

1
0
0 0

Re: [linux-stable-rc:linux-3.16.y 2872/3488] head64.c:undefined reference to `__gcov_exit'

by Arnd Bergmann

On Fri, Feb 16, 2018 at 7:21 PM, kbuild test robot <fengguang.wu(a)intel.com> wrote: > Hi Andrey, > > It's probably a bug fix that unveils the link errors. > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.16.y > head: 0b9f4cdd4d75131d8886b919bbf6e0c98906d36e > commit: 3cb0dc19883f0c69225311d4f76aa8128d3681a4 [2872/3488] module: fix types of device tables aliases > config: x86_64-allmodconfig (attached as .config) > compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 > reproduce: > git checkout 3cb0dc19883f0c69225311d4f76aa8128d3681a4 > # save the attached .config to linux build tree > make ARCH=x86_64 > > All errors (new ones prefixed by >>): > > arch/x86/kernel/head64.o: In function `_GLOBAL__sub_D_00100_1_early_pmd_flags': >>> head64.c:(.text.exit+0x5): undefined reference to `__gcov_exit' > arch/x86/kernel/head.o: In function `_GLOBAL__sub_D_00100_1_reserve_ebda_region': > head.c:(.text.exit+0x5): undefined reference to `__gcov_exit' > init/built-in.o: In function `_GLOBAL__sub_D_00100_1___ksymtab_system_state': > main.c:(.text.exit+0x5): undefined reference to `__gcov_exit' > init/built-in.o: In function `_GLOBAL__sub_D_00100_1_root_mountflags': > do_mounts.c:(.text.exit+0x10): undefined reference to `__gcov_exit' > init/built-in.o: In function `_GLOBAL__sub_D_00100_1_initrd_load': > do_mounts_initrd.c:(.text.exit+0x1b): undefined reference to `__gcov_exit' > init/built-in.o:initramfs.c:(.text.exit+0x26): more undefined references to `__gcov_exit' follow I think this is a result of using a too new compiler with the old 3.16 kernel. In order to build with gcc-7.3, you need to backport 05384213436a ("gcov: support GCC 7.1") It's already part of stable-3.18 and later, but not 3.2 and 3.16. Arnd

7 years

2
1
0 0

[PATCH 3.16] staging: usbip stub_rx fix static checker warning on unnecessary checks

by Shuah Khan

Upstream commit 10c901209306 ("usbip: stub_rx: fix static checker warning on unnecessary checks") Back-port fix for static checker warning on unnecessary checks smatch warnings: drivers/staging/usbip/stub_rx.c:360 get_pipe() warn: impossible condition '(pdu->u.cmd_submit.transfer_buffer_length > ((~0 >> 1))) => (s32min-s32max > s32max)' drivers/staging/usbip/stub_rx.c:501 stub_recv_cmd_submit() warn: always true condition '(pdu->u.cmd_submit.transfer_buffer_length <= ((~0 >> 1))) => (s32min-s32max <= s32max)' Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> --- drivers/staging/usbip/stub_rx.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/drivers/staging/usbip/stub_rx.c b/drivers/staging/usbip/stub_rx.c index 35f59747122a..d8544ab9577b 100644 --- a/drivers/staging/usbip/stub_rx.c +++ b/drivers/staging/usbip/stub_rx.c @@ -356,14 +356,6 @@ static int get_pipe(struct stub_device *sdev, struct usbip_header *pdu) epd = &ep->desc; - /* validate transfer_buffer_length */ - if (pdu->u.cmd_submit.transfer_buffer_length > INT_MAX) { - dev_err(&sdev->udev->dev, - "CMD_SUBMIT: -EMSGSIZE transfer_buffer_length %d\n", - pdu->u.cmd_submit.transfer_buffer_length); - return -1; - } - if (usb_endpoint_xfer_control(epd)) { if (dir == USBIP_DIR_OUT) return usb_sndctrlpipe(udev, epnum); @@ -497,8 +489,7 @@ static void stub_recv_cmd_submit(struct stub_device *sdev, } /* allocate urb transfer buffer, if needed */ - if (pdu->u.cmd_submit.transfer_buffer_length > 0 && - pdu->u.cmd_submit.transfer_buffer_length <= INT_MAX) { + if (pdu->u.cmd_submit.transfer_buffer_length > 0) { priv->urb->transfer_buffer = kzalloc(pdu->u.cmd_submit.transfer_buffer_length, GFP_KERNEL); -- 2.14.1

7 years

2
1
0 0

FAILED: patch "[PATCH] media: cec: fix the Signal Free Time calculation" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7d867a1b765e2b70815fec4964d7822a976ed349 Mon Sep 17 00:00:00 2001 From: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Fri, 5 Oct 2018 08:00:21 -0400 Subject: [PATCH] media: cec: fix the Signal Free Time calculation The calculation of the Signal Free Time in the framework was not correct. If a message was received, then the next transmit should be considered a New Initiator and use a shorter SFT value. This was not done with the result that if both sides where continually sending messages, they both could use the same SFT value and one side could deny the other side access to the bus. Note that this fix does not take the corner case into account where a receive is in progress when you call adap_transmit. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index e6e82b504e56..0c0d9107383e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -526,9 +526,11 @@ int cec_thread_func(void *_adap) if (data->attempts) { /* should be >= 3 data bit periods for a retry */ signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; - } else if (data->new_initiator) { + } else if (adap->last_initiator != + cec_msg_initiator(&data->msg)) { /* should be >= 5 data bit periods for new initiator */ signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; + adap->last_initiator = cec_msg_initiator(&data->msg); } else { /* * should be >= 7 data bit periods for sending another @@ -713,7 +715,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, struct cec_fh *fh, bool block) { struct cec_data *data; - u8 last_initiator = 0xff; msg->rx_ts = 0; msg->tx_ts = 0; @@ -823,23 +824,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, data->adap = adap; data->blocking = block; - /* - * Determine if this message follows a message from the same - * initiator. Needed to determine the free signal time later on. - */ - if (msg->len > 1) { - if (!(list_empty(&adap->transmit_queue))) { - const struct cec_data *last; - - last = list_last_entry(&adap->transmit_queue, - const struct cec_data, list); - last_initiator = cec_msg_initiator(&last->msg); - } else if (adap->transmitting) { - last_initiator = - cec_msg_initiator(&adap->transmitting->msg); - } - } - data->new_initiator = last_initiator != cec_msg_initiator(msg); init_completion(&data->c); INIT_DELAYED_WORK(&data->work, cec_wait_timeout); @@ -1027,6 +1011,8 @@ void cec_received_msg_ts(struct cec_adapter *adap, mutex_lock(&adap->lock); dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); + adap->last_initiator = 0xff; + /* Check if this message was for us (directed or broadcast). */ if (!cec_msg_is_broadcast(msg)) valid_la = cec_has_log_addr(adap, msg_dest); @@ -1489,6 +1475,8 @@ void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) } mutex_lock(&adap->devnode.lock); + adap->last_initiator = 0xff; + if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && adap->ops->adap_enable(adap, true)) { mutex_unlock(&adap->devnode.lock); diff --git a/include/media/cec.h b/include/media/cec.h index 9f382f0c2970..254a610b9aa5 100644 --- a/include/media/cec.h +++ b/include/media/cec.h @@ -63,7 +63,6 @@ struct cec_data { struct delayed_work work; struct completion c; u8 attempts; - bool new_initiator; bool blocking; bool completed; }; @@ -174,6 +173,7 @@ struct cec_adapter { bool is_configuring; bool is_configured; bool cec_pin_is_high; + u8 last_initiator; u32 monitor_all_cnt; u32 monitor_pin_cnt; u32 follower_cnt;

7 years

1
0
0 0

FAILED: patch "[PATCH] media: cec: fix the Signal Free Time calculation" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7d867a1b765e2b70815fec4964d7822a976ed349 Mon Sep 17 00:00:00 2001 From: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Fri, 5 Oct 2018 08:00:21 -0400 Subject: [PATCH] media: cec: fix the Signal Free Time calculation The calculation of the Signal Free Time in the framework was not correct. If a message was received, then the next transmit should be considered a New Initiator and use a shorter SFT value. This was not done with the result that if both sides where continually sending messages, they both could use the same SFT value and one side could deny the other side access to the bus. Note that this fix does not take the corner case into account where a receive is in progress when you call adap_transmit. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index e6e82b504e56..0c0d9107383e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -526,9 +526,11 @@ int cec_thread_func(void *_adap) if (data->attempts) { /* should be >= 3 data bit periods for a retry */ signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; - } else if (data->new_initiator) { + } else if (adap->last_initiator != + cec_msg_initiator(&data->msg)) { /* should be >= 5 data bit periods for new initiator */ signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; + adap->last_initiator = cec_msg_initiator(&data->msg); } else { /* * should be >= 7 data bit periods for sending another @@ -713,7 +715,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, struct cec_fh *fh, bool block) { struct cec_data *data; - u8 last_initiator = 0xff; msg->rx_ts = 0; msg->tx_ts = 0; @@ -823,23 +824,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, data->adap = adap; data->blocking = block; - /* - * Determine if this message follows a message from the same - * initiator. Needed to determine the free signal time later on. - */ - if (msg->len > 1) { - if (!(list_empty(&adap->transmit_queue))) { - const struct cec_data *last; - - last = list_last_entry(&adap->transmit_queue, - const struct cec_data, list); - last_initiator = cec_msg_initiator(&last->msg); - } else if (adap->transmitting) { - last_initiator = - cec_msg_initiator(&adap->transmitting->msg); - } - } - data->new_initiator = last_initiator != cec_msg_initiator(msg); init_completion(&data->c); INIT_DELAYED_WORK(&data->work, cec_wait_timeout); @@ -1027,6 +1011,8 @@ void cec_received_msg_ts(struct cec_adapter *adap, mutex_lock(&adap->lock); dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); + adap->last_initiator = 0xff; + /* Check if this message was for us (directed or broadcast). */ if (!cec_msg_is_broadcast(msg)) valid_la = cec_has_log_addr(adap, msg_dest); @@ -1489,6 +1475,8 @@ void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) } mutex_lock(&adap->devnode.lock); + adap->last_initiator = 0xff; + if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && adap->ops->adap_enable(adap, true)) { mutex_unlock(&adap->devnode.lock); diff --git a/include/media/cec.h b/include/media/cec.h index 9f382f0c2970..254a610b9aa5 100644 --- a/include/media/cec.h +++ b/include/media/cec.h @@ -63,7 +63,6 @@ struct cec_data { struct delayed_work work; struct completion c; u8 attempts; - bool new_initiator; bool blocking; bool completed; }; @@ -174,6 +173,7 @@ struct cec_adapter { bool is_configuring; bool is_configured; bool cec_pin_is_high; + u8 last_initiator; u32 monitor_all_cnt; u32 monitor_pin_cnt; u32 follower_cnt;

7 years

1
0
0 0

[PATCH] PCI: vmd: White list for fast interrupt handlers

by Heitke, Kenneth

Please apply the follow patch from kernel 4.18 to kernel 4.14 Commit: a7f58b9ecfd3c0f63703ec10f4a592cc38dbd1b8 This patch fixes a performance issue with some devices being accessed using the Volume Management Device (vmd). I have included an updated copy of the patch because the parent directory of the file has changed between the 4.14 and 4.18 releases 4.14: drivers/pci/host/vmd.c 4.18: drivers/pci/controller/vmd.c Thank you, Kenneth Heitke <Kenneth.heitke(a)intel.com> --- From: Keith Busch <keith.busch(a)intel.com> Date: Tue, 8 May 2018 10:00:22 -0600 Subject: [PATCH] PCI: vmd: White list for fast interrupt handlers Devices with slow interrupt handlers are significantly harming performance when their interrupt vector is shared with a fast device. Create a class code white list for devices with known fast interrupt handlers and let all other devices share a single vector so that they don't interfere with performance. At the moment, only the NVM Express class code is on the list, but more may be added if VMD users desire to use other low-latency devices in these domains. Signed-off-by: Keith Busch <keith.busch(a)intel.com> [lorenzo.pieralisi(a)arm.com: changelog] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Acked-by: Jon Derrick: <jonathan.derrick(a)intel.com> --- drivers/pci/host/vmd.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/pci/host/vmd.c b/drivers/pci/host/vmd.c index 509893b..2537b02 100644 --- a/drivers/pci/host/vmd.c +++ b/drivers/pci/host/vmd.c @@ -183,9 +183,20 @@ static struct vmd_irq_list *vmd_next_irq(struct vmd_dev *vmd, struct msi_desc *d int i, best = 1; unsigned long flags; - if (pci_is_bridge(msi_desc_to_pci_dev(desc)) || vmd->msix_count == 1) + if (vmd->msix_count == 1) return &vmd->irqs[0]; + /* + * White list for fast-interrupt handlers. All others will share the + * "slow" interrupt vector. + */ + switch (msi_desc_to_pci_dev(desc)->class) { + case PCI_CLASS_STORAGE_EXPRESS: + break; + default: + return &vmd->irqs[0]; + } + raw_spin_lock_irqsave(&list_lock, flags); for (i = 1; i < vmd->msix_count; i++) if (vmd->irqs[i].count < vmd->irqs[best].count) -- 2.7.4

7 years

2
1
0 0

Patch to consider for stable 3.18, 4.4 and 4.9

by Tomasz Kramkowski

In September last year, Ben Hutchings submitted commit [9547837bdccb] for 3.16.48-rc1 and I informed him that it would be useless without [3f3752705dbd] (and that maybe [c3883fe06488] would be useful as well). Ben dropped the patch but suggested I email this list with the information of the other two patches but I never quite got around to it. Now I see Sasha Levin is submitting [3f3752705dbd] and [c3883fe06488] for 4.9, 4.4 and 3.18 it would now make sense to include [9547837bdccb]. This patch fixes a minor problem where a certain USB adapter for Sega Genesis controllers appears as one input device when it has two ports for two controllers. I imagine some users of emulator distributions might use stable kernels and might benefit from this fix. I'm actually not entirely sure that patch is something suitable for stable but since it was already submitted once then I don't think it hurts to bring it up again (despite it breaking stable-kernel-rules as far as I understand it). Commits mentioned: [9547837bdccb]: HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter [3f3752705dbd]: HID: reject input outside logical range only if null state is set [c3883fe06488]: HID: clamp input to logical range if no null state If the patch [9547837bdccb] is not relevant then feel free to ignore this email. Thanks, -- Tomasz Kramkowski

7 years

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror