- Linux-stable-mirror - lists.linaro.org

[PATCH] ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()

by Takashi Sakamoto

An allocated memory forgets to be released. Fixes: 76fdb3a9e13 ('ALSA: fireface: add support for Fireface 400') Cc: <stable(a)vger.kernel.org> # 4.12+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/fireface/ff-protocol-ff400.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sound/firewire/fireface/ff-protocol-ff400.c b/sound/firewire/fireface/ff-protocol-ff400.c index ad7a0a32557d..64c3cb0fb926 100644 --- a/sound/firewire/fireface/ff-protocol-ff400.c +++ b/sound/firewire/fireface/ff-protocol-ff400.c @@ -146,6 +146,7 @@ static int ff400_switch_fetching_mode(struct snd_ff *ff, bool enable) { __le32 *reg; int i; + int err; reg = kcalloc(18, sizeof(__le32), GFP_KERNEL); if (reg == NULL) @@ -163,9 +164,11 @@ static int ff400_switch_fetching_mode(struct snd_ff *ff, bool enable) reg[i] = cpu_to_le32(0x00000001); } - return snd_fw_transaction(ff->unit, TCODE_WRITE_BLOCK_REQUEST, - FF400_FETCH_PCM_FRAMES, reg, - sizeof(__le32) * 18, 0); + err = snd_fw_transaction(ff->unit, TCODE_WRITE_BLOCK_REQUEST, + FF400_FETCH_PCM_FRAMES, reg, + sizeof(__le32) * 18, 0); + kfree(reg); + return err; } static void ff400_dump_sync_status(struct snd_ff *ff, -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH] ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping

by Takashi Sakamoto

When executing 'fw_run_transaction()' with 'TCODE_WRITE_BLOCK_REQUEST', an address of 'payload' argument is used for streaming DMA mapping by 'firewire_ohci' module if 'size' argument is larger than 8 byte. Although in this case the address should not be on kernel stack, current implementation of ALSA bebob driver uses data in kernel stack for a cue to boot M-Audio devices. This often brings unexpected result, especially for a case of CONFIG_VMAP_STACK=y. This commit fixes the bug. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=201021 Reference: https://forum.manjaro.org/t/firewire-m-audio-410-driver-wont-load-firmware/… Fixes: a2b2a7798fb6('ALSA: bebob: Send a cue to load firmware for M-Audio Firewire series') Cc: <stable(a)vger.kernel.org> # v3.16+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/bebob/bebob_maudio.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/sound/firewire/bebob/bebob_maudio.c b/sound/firewire/bebob/bebob_maudio.c index bd55620c6a47..0c5a4cbb99ba 100644 --- a/sound/firewire/bebob/bebob_maudio.c +++ b/sound/firewire/bebob/bebob_maudio.c @@ -96,17 +96,13 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit) struct fw_device *device = fw_parent_device(unit); int err, rcode; u64 date; - __le32 cues[3] = { - cpu_to_le32(MAUDIO_BOOTLOADER_CUE1), - cpu_to_le32(MAUDIO_BOOTLOADER_CUE2), - cpu_to_le32(MAUDIO_BOOTLOADER_CUE3) - }; + __le32 *cues; /* check date of software used to build */ err = snd_bebob_read_block(unit, INFO_OFFSET_SW_DATE, &date, sizeof(u64)); if (err < 0) - goto end; + return err; /* * firmware version 5058 or later has date later than "20070401", but * 'date' is not null-terminated. @@ -114,20 +110,28 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit) if (date < 0x3230303730343031LL) { dev_err(&unit->device, "Use firmware version 5058 or later\n"); - err = -ENOSYS; - goto end; + return -ENXIO; } + cues = kmalloc_array(3, sizeof(*cues), GFP_KERNEL); + if (!cues) + return -ENOMEM; + + cues[0] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE1); + cues[1] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE2); + cues[2] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE3); + rcode = fw_run_transaction(device->card, TCODE_WRITE_BLOCK_REQUEST, device->node_id, device->generation, device->max_speed, BEBOB_ADDR_REG_REQ, - cues, sizeof(cues)); + cues, 3 * sizeof(*cues)); + kfree(cues); if (rcode != RCODE_COMPLETE) { dev_err(&unit->device, "Failed to send a cue to load firmware\n"); err = -EIO; } -end: + return err; } -- 2.17.1

7 years, 1 month

2
1
0 0

Linux 3.18.122

by Greg KH

I'm announcing the release of the 3.18.122 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/kernel/osf_sys.c | 64 ++++++++++------------ arch/arm/boot/dts/tegra30-cardhu.dtsi | 1 arch/powerpc/include/asm/fadump.h | 3 - arch/powerpc/kernel/fadump.c | 92 +++++++++++++++++++++++++++----- arch/powerpc/platforms/pseries/ras.c | 2 arch/sparc/kernel/sys_sparc_32.c | 22 ++++--- arch/sparc/kernel/sys_sparc_64.c | 20 ++++--- drivers/iio/frequency/ad9523.c | 4 - drivers/md/bcache/writeback.c | 4 + drivers/md/dm-cache-metadata.c | 3 - drivers/pwm/pwm-tiehrpwm.c | 2 drivers/spi/spi-davinci.c | 2 drivers/video/fbdev/core/fbmem.c | 38 +++++++++++-- fs/nfs/blocklayout/dev.c | 2 fs/ubifs/journal.c | 7 ++ fs/ubifs/lprops.c | 8 +- fs/xattr.c | 2 include/video/udlfb.h | 2 kernel/kthread.c | 8 ++ kernel/sys.c | 95 ++++++++++++++++------------------ kernel/trace/blktrace.c | 4 + kernel/trace/trace.c | 4 + kernel/trace/trace_uprobe.c | 2 kernel/user_namespace.c | 39 ++++++------- kernel/utsname_sysctl.c | 41 ++++++++------ mm/memory.c | 9 --- net/9p/client.c | 2 net/9p/trans_fd.c | 7 ++ net/9p/trans_rdma.c | 3 + net/9p/trans_virtio.c | 6 +- 31 files changed, 308 insertions(+), 192 deletions(-) Al Viro (1): osf_getdomainname(): use copy_to_user() Bartosz Golaszewski (1): spi: davinci: fix a NULL pointer dereference Christian Brauner (1): getxattr: use correct xattr length Dan Carpenter (1): pnfs/blocklayout: off by one in bl_map_stripe() Eric W. Biederman (1): userns; Correct the comment in map_write Greg Kroah-Hartman (1): Linux 3.18.122 Hari Bathini (1): powerpc/fadump: handle crash memory ranges array index overflow Jann Horn (2): sys: don't hold uts_sem while accessing userspace memory userns: move user access out of the mutex Jon Hunter (1): ARM: tegra: Fix Tegra30 Cardhu PCA954x reset Lars-Peter Clausen (2): iio: ad9523: Fix displayed phase iio: ad9523: Fix return value for ad952x_store() Mahesh Salgaonkar (1): powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. Mike Snitzer (1): dm cache metadata: save in-core policy_hint_size to on-disk superblock Mikulas Patocka (2): fb: fix lost console when the user unplugs a USB adapter udlfb: set optimal write delay Peter Zijlstra (1): mm/tlb: Remove tlb_remove_table() non-concurrent condition Richard Weinberger (3): ubifs: Fix memory leak in lprobs self-check Revert "UBIFS: Fix potential integer overflow in allocation" ubifs: Fix synced_i_size calculation for xattr inodes Shan Hai (1): bcache: release dc->writeback_lock properly in bch_writeback_thread() Snild Dolkow (1): kthread, tracing: Don't expose half-written comm when creating kthreads Steven Rostedt (VMware) (3): tracing: Do not call start/stop() functions when tracing_on does not change tracing/blktrace: Fix to allow setting same value uprobes: Use synchronize_rcu() not synchronize_sched() Tomas Bortoli (3): net/9p/client.c: version pointer uninitialized net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() 9p: fix multiple NULL-pointer-dereferences Vignesh R (1): pwm: tiehrpwm: Fix disabling of output of PWMs jiangyiwen (1): 9p/virtio: fix off-by-one error in sg list bounds check

7 years, 1 month

1
1
0 0

v3.18.122 build: 0 failures 1 warnings (v3.18.122)

by Build bot for Mark Brown

Tree/Branch: v3.18.122 Git describe: v3.18.122 Commit: c0305995d3 Linux 3.18.122 Build Time: 0 min 1 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig arm-multi_v5_defconfig

7 years, 1 month

1
0
0 0

[PATCH net 01/13] net: sched: cls_u32: fix hnode refcounting

by Al Viro

From: Al Viro <viro(a)zeniv.linux.org.uk> cls_u32.c misuses refcounts for struct tc_u_hnode - it counts references via ->hlist and via ->tp_root together. u32_destroy() drops the former and, in case when there had been links, leaves the sucker on the list. As the result, there's nothing to protect it from getting freed once links are dropped. That also makes the "is it busy" check incapable of catching the root hnode - it *is* busy (there's a reference from tp), but we don't see it as something separate. "Is it our root?" check partially covers that, but the problem exists for others' roots as well. AFAICS, the minimal fix preserving the existing behaviour (where it doesn't include oopsen, that is) would be this: * count tp->root and tp_c->hlist as separate references. I.e. have u32_init() set refcount to 2, not 1. * in u32_destroy() we always drop the former; in u32_destroy_hnode() - the latter. That way we have *all* references contributing to refcount. List removal happens in u32_destroy_hnode() (called only when ->refcnt is 1) an in u32_destroy() in case of tc_u_common going away, along with everything reachable from it. IOW, that way we know that u32_destroy_key() won't free something still on the list (or pointed to by someone's ->root). Cc: stable(a)vger.kernel.org Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> --- net/sched/cls_u32.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index f218ccf1e2d9..b2c3406a2cf2 100644 --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -398,6 +398,7 @@ static int u32_init(struct tcf_proto *tp) rcu_assign_pointer(tp_c->hlist, root_ht); root_ht->tp_c = tp_c; + root_ht->refcnt++; rcu_assign_pointer(tp->root, root_ht); tp->data = tp_c; return 0; @@ -610,7 +611,7 @@ static int u32_destroy_hnode(struct tcf_proto *tp, struct tc_u_hnode *ht, struct tc_u_hnode __rcu **hn; struct tc_u_hnode *phn; - WARN_ON(ht->refcnt); + WARN_ON(--ht->refcnt); u32_clear_hnode(tp, ht, extack); @@ -649,7 +650,7 @@ static void u32_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack) WARN_ON(root_ht == NULL); - if (root_ht && --root_ht->refcnt == 0) + if (root_ht && --root_ht->refcnt == 1) u32_destroy_hnode(tp, root_ht, extack); if (--tp_c->refcnt == 0) { @@ -698,7 +699,6 @@ static int u32_delete(struct tcf_proto *tp, void *arg, bool *last, } if (ht->refcnt == 1) { - ht->refcnt--; u32_destroy_hnode(tp, ht, extack); } else { NL_SET_ERR_MSG_MOD(extack, "Can not delete in-use filter"); @@ -708,11 +708,11 @@ static int u32_delete(struct tcf_proto *tp, void *arg, bool *last, out: *last = true; if (root_ht) { - if (root_ht->refcnt > 1) { + if (root_ht->refcnt > 2) { *last = false; goto ret; } - if (root_ht->refcnt == 1) { + if (root_ht->refcnt == 2) { if (!ht_empty(root_ht)) { *last = false; goto ret; -- 2.11.0

7 years, 1 month

2
1
0 0

Linux 4.18.7

by Greg KH

I'm announcing the release of the 4.18.7 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/kernel/osf_sys.c | 51 ++++----- arch/arm/boot/dts/am571x-idk.dts | 4 arch/arm/boot/dts/am572x-idk-common.dtsi | 4 arch/arm/boot/dts/am57xx-idk-common.dtsi | 7 + arch/arm/boot/dts/tegra30-cardhu.dtsi | 1 arch/arm64/Kconfig | 1 arch/arm64/crypto/sm4-ce-glue.c | 2 arch/powerpc/include/asm/fadump.h | 3 arch/powerpc/include/asm/nohash/pgtable.h | 9 - arch/powerpc/include/asm/pkeys.h | 11 - arch/powerpc/kernel/fadump.c | 91 +++++++++++++--- arch/powerpc/kernel/process.c | 1 arch/powerpc/kvm/book3s_hv.c | 1 arch/powerpc/mm/mmu_context_book3s64.c | 8 - arch/powerpc/mm/mmu_context_iommu.c | 17 +-- arch/powerpc/mm/pgtable-book3s64.c | 17 +-- arch/powerpc/mm/pkeys.c | 134 +++++++----------------- arch/powerpc/platforms/powernv/pci-ioda.c | 37 ++++++ arch/powerpc/platforms/pseries/ras.c | 2 arch/sparc/kernel/sys_sparc_32.c | 22 ++- arch/sparc/kernel/sys_sparc_64.c | 20 ++- arch/x86/crypto/aesni-intel_asm.S | 66 +++++------ arch/x86/kernel/kexec-bzimage64.c | 2 arch/x86/kvm/vmx.c | 26 ++-- arch/xtensa/include/asm/cacheasm.h | 69 +++++++----- block/bfq-cgroup.c | 3 block/blk-core.c | 61 ++++++---- block/blk-lib.c | 10 + block/blk-sysfs.c | 15 ++ block/blk.h | 1 certs/system_keyring.c | 3 crypto/asymmetric_keys/pkcs7_key_type.c | 2 drivers/acpi/acpica/hwsleep.c | 11 - drivers/acpi/acpica/psloop.c | 17 +-- drivers/block/zram/zram_drv.c | 7 + drivers/cpufreq/cpufreq_governor.c | 12 +- drivers/cpuidle/governors/menu.c | 47 ++++++-- drivers/crypto/caam/caamalg_qi.c | 6 - drivers/crypto/caam/caampkc.c | 20 +-- drivers/crypto/caam/jr.c | 3 drivers/crypto/vmx/aes_cbc.c | 30 ++--- drivers/crypto/vmx/aes_xts.c | 21 ++- drivers/dma-buf/reservation.c | 6 - drivers/extcon/extcon.c | 3 drivers/hv/channel.c | 40 ++++--- drivers/hv/channel_mgmt.c | 10 + drivers/i2c/busses/i2c-designware-master.c | 1 drivers/i2c/busses/i2c-designware-platdrv.c | 7 + drivers/iio/accel/sca3000.c | 1 drivers/iio/frequency/ad9523.c | 4 drivers/infiniband/hw/mlx5/main.c | 2 drivers/infiniband/hw/mlx5/qp.c | 6 - drivers/infiniband/sw/rxe/rxe_comp.c | 1 drivers/infiniband/ulp/srpt/ib_srpt.c | 34 ++++-- drivers/infiniband/ulp/srpt/ib_srpt.h | 4 drivers/iommu/dmar.c | 6 - drivers/iommu/intel-iommu.c | 18 +++ drivers/iommu/ipmmu-vmsa.c | 7 + drivers/mailbox/mailbox-xgene-slimpro.c | 6 - drivers/md/bcache/writeback.c | 4 drivers/md/dm-cache-metadata.c | 13 +- drivers/md/dm-crypt.c | 10 - drivers/md/dm-integrity.c | 6 - drivers/md/dm-thin.c | 2 drivers/md/dm-writecache.c | 2 drivers/media/i2c/tvp5150.c | 2 drivers/mfd/hi655x-pmic.c | 2 drivers/misc/cxl/main.c | 2 drivers/misc/ocxl/link.c | 24 ++-- drivers/misc/vmw_balloon.c | 67 +++++++----- drivers/mmc/core/queue.c | 12 +- drivers/mmc/core/queue.h | 1 drivers/mmc/host/renesas_sdhi_internal_dmac.c | 10 + drivers/net/wireless/marvell/libertas/dev.h | 1 drivers/net/wireless/marvell/libertas/if_sdio.c | 30 ++++- drivers/nvdimm/bus.c | 4 drivers/nvdimm/dimm_devs.c | 31 +++++ drivers/nvdimm/namespace_devs.c | 6 - drivers/nvdimm/nd-core.h | 8 + drivers/nvdimm/region_devs.c | 24 ++++ drivers/pwm/pwm-omap-dmtimer.c | 5 drivers/pwm/pwm-tiehrpwm.c | 14 -- drivers/rtc/rtc-omap.c | 18 +-- drivers/spi/spi-cadence.c | 2 drivers/spi/spi-davinci.c | 2 drivers/spi/spi-fsl-dspi.c | 24 ++-- drivers/spi/spi-pxa2xx.c | 4 drivers/tty/serial/serial_core.c | 17 ++- drivers/video/fbdev/core/fbmem.c | 38 +++++- drivers/video/fbdev/udlfb.c | 105 ++++++++++-------- fs/9p/xattr.c | 6 - fs/lockd/clntlock.c | 2 fs/lockd/clntproc.c | 2 fs/lockd/svclock.c | 16 +- fs/lockd/svcsubs.c | 4 fs/nfs/blocklayout/dev.c | 2 fs/nfs/callback_proc.c | 14 +- fs/nfs/nfs4proc.c | 9 + fs/nfs/pnfs_nfs.c | 16 +- fs/nfsd/nfs4state.c | 2 fs/overlayfs/readdir.c | 19 +++ fs/quota/quota.c | 2 fs/ubifs/dir.c | 5 fs/ubifs/journal.c | 21 +++ fs/ubifs/lprops.c | 8 - fs/ubifs/xattr.c | 24 ++++ fs/udf/super.c | 31 +++-- fs/xattr.c | 2 include/linux/blk-cgroup.h | 18 +++ include/linux/hyperv.h | 2 include/linux/intel-iommu.h | 8 - include/linux/lockd/lockd.h | 4 include/linux/mm_types.h | 5 include/linux/overflow.h | 31 +++++ include/linux/sunrpc/clnt.h | 1 include/linux/verification.h | 6 + include/uapi/linux/eventpoll.h | 8 - include/video/udlfb.h | 5 kernel/livepatch/core.c | 6 + kernel/memremap.c | 1 kernel/power/Kconfig | 1 kernel/printk/printk_safe.c | 4 kernel/rcu/tree_exp.h | 9 + kernel/sched/idle.c | 2 kernel/sys.c | 95 ++++++++--------- kernel/trace/blktrace.c | 4 kernel/trace/trace.c | 4 kernel/trace/trace_uprobe.c | 2 kernel/user_namespace.c | 24 +--- kernel/utsname_sysctl.c | 41 ++++--- mm/hmm.c | 2 mm/memory.c | 9 - mm/readahead.c | 12 +- net/9p/client.c | 2 net/9p/trans_fd.c | 7 + net/9p/trans_rdma.c | 3 net/9p/trans_virtio.c | 13 ++ net/9p/trans_xen.c | 3 net/ieee802154/6lowpan/tx.c | 21 +++ net/mac802154/tx.c | 15 ++ net/sunrpc/clnt.c | 28 +++-- scripts/kconfig/Makefile | 5 security/apparmor/secid.c | 1 security/commoncap.c | 2 sound/ac97/bus.c | 4 sound/ac97/snd_ac97_compat.c | 19 +++ tools/perf/util/auxtrace.c | 3 148 files changed, 1373 insertions(+), 765 deletions(-) Adrian Hunter (2): mmc: block: Fix unsupported parallel dispatch of requests perf auxtrace: Fix queue resize Alexander Aring (2): net: 6lowpan: fix reserved space for single frames net: mac802154: tx: expand tailroom if necessary Amir Goldstein (2): ovl: fix wrong use of impure dir cache in ovl_iterate() nfsd: fix leaked file lock with nfs exported overlayfs Ard Biesheuvel (1): crypto: arm64/sm4-ce - check for the right CPU feature bit Bart Van Assche (9): blkcg: Introduce blkg_root_lookup() block: Introduce blk_exit_queue() block: Ensure that a request queue is dissociated from the cgroup controller IB/srpt: Fix srpt_cm_req_recv() error path (1/2) IB/srpt: Fix srpt_cm_req_recv() error path (2/2) IB/srpt: Support HCAs with more than two ports ib_srpt: Fix a use-after-free in srpt_close_ch() ib_srpt: Fix a use-after-free in __srpt_close_all_ch() RDMA/rxe: Set wqe->status correctly if an unexpected response is received Bartosz Golaszewski (1): spi: davinci: fix a NULL pointer dereference Benjamin Herrenschmidt (1): powerpc/powernv/pci: Work around races in PCI bridge enabling Bill Baker (1): NFSv4 client live hangs after live data migration recovery Boqun Feng (1): rcu: Make expedited GPs handle CPU 0 being offline Chanwoo Choi (1): extcon: Release locking when sending the notification of connector state Chirantan Ekbote (1): 9p/net: Fix zero-copy path in the 9p virtio transport Christian Brauner (1): getxattr: use correct xattr length Christophe Leroy (1): powerpc/nohash: fix pte_access_permitted() Dan Carpenter (1): pnfs/blocklayout: off by one in bl_map_stripe() Dan Williams (1): mm, dev_pagemap: Do not clear ->mapping on final put Daniel Mack (1): libertas: fix suspend and resume for SDIO connected cards Dave Watson (1): crypto: aesni - Use unaligned loads from gcm_context_data David Rivshin (1): pwm: omap-dmtimer: Return -EPROBE_DEFER if no dmtimer platform data Dexuan Cui (2): Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() Dmitry Osipenko (1): iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-VMSA Eddie.Horng (1): cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() Erik Schmauss (1): ACPICA: AML Parser: skip opcodes that open a scope upon parse failure Frederic Barrat (1): ocxl: Fix page fault handler in case of fault on dying process Greg Kroah-Hartman (2): eventpoll.h: wrap casts in () properly Linux 4.18.7 Gustavo A. R. Silva (2): mailbox: xgene-slimpro: Fix potential NULL pointer dereference iio: sca3000: Fix missing return in switch Hans de Goede (1): i2c: designware: Re-init controllers with pm_disabled set on resume Hari Bathini (1): powerpc/fadump: handle crash memory ranges array index overflow Henry Willard (1): cpufreq: governor: Avoid accessing invalid governor_data Horia Geantă (3): crypto: caam - fix DMA mapping direction for RSA forms 2 & 3 crypto: caam/jr - fix descriptor DMA unmapping crypto: caam/qi - fix error path in xts setkey Hou Tao (1): dm thin: stop no_space_timeout worker when switching to write-mode Ilya Dryomov (1): dm cache metadata: set dirty on all cache blocks after a crash Jacob Pan (2): iommu/vt-d: Add definitions for PFSID iommu/vt-d: Fix dev iotlb pfsid use James Morse (1): arm64: mm: always enable CONFIG_HOLES_IN_ZONE Jan Kara (1): udf: Fix mounting of Win7 created UDF filesystems Janek Kotas (1): spi: cadence: Change usleep_range() to udelay(), for atomic context Jann Horn (2): sys: don't hold uts_sem while accessing userspace memory userns: move user access out of the mutex Jason Gunthorpe (2): IB/mlx5: Fix leaking stack memory to userspace overflow.h: Add arithmetic shift helper Javier Martinez Canillas (1): media: Revert "[media] tvp5150: fix pad format frame height" Jeremy Cline (1): fs/quota: Fix spectre gadget in do_quotactl Johan Hovold (2): rtc: omap: fix resource leak in registration error path rtc: omap: fix potential crash on power off John Johansen (1): apparmor: fix bad debug check in apparmor_secid_to_secctx() Jon Hunter (1): ARM: tegra: Fix Tegra30 Cardhu PCA954x reset Kamalesh Babulal (1): livepatch: Validate module/old func name length Keith Busch (1): libnvdimm: Use max contiguous area for namespace size Krzysztof Kozlowski (1): spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe Lars-Peter Clausen (2): iio: ad9523: Fix displayed phase iio: ad9523: Fix return value for ad952x_store() Leon Romanovsky (1): RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq Lihua Yao (3): ALSA: ac97: fix device initialization in the compat layer ALSA: ac97: fix check of pm_runtime_get_sync failure ALSA: ac97: fix unbalanced pm_runtime_enable Luke Dashjr (1): powerpc64/ftrace: Include ftrace.h needed for enable/disable calls Maciej S. Szmigiero (1): block, bfq: return nbytes and not zero from struct cftype .write() method Mahesh Salgaonkar (1): powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. Markus Stockhausen (1): readahead: stricter check for bdi io_pages Masahiro Yamada (1): kconfig: fix "Can't open ..." in parallel build Max Filippov (2): xtensa: limit offsets in __loop_cache_{all,page} xtensa: increase ranges in ___invalidate_{i,d}cache_all Michel Dänzer (1): dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace Mika Westerberg (1): spi: pxa2xx: Add support for Intel Ice Lake Mike Snitzer (1): dm cache metadata: save in-core policy_hint_size to on-disk superblock Mikulas Patocka (12): block: fix infinite loop if the device loses discard capability dm integrity: change 'suspending' variable from bool to int dm crypt: don't decrease device limits dm writecache: fix a crash due to reading past end of dirty_bitmap fb: fix lost console when the user unplugs a USB adapter udlfb: fix semaphore value leak udlfb: fix display corruption of the last line udlfb: don't switch if we are switching to the same videomode udlfb: set optimal write delay udlfb: make a local copy of fb_ops udlfb: handle allocation failure udlfb: set line_length in dlfb_ops_set_par Ming Lei (1): block: really disable runtime-pm for blk-mq Nadav Amit (4): vmw_balloon: fix inflation of 64-bit GFNs vmw_balloon: do not use 2MB without batching vmw_balloon: VMCI_DOORBELL_SET does not check status vmw_balloon: fix VMCI use when balloon built into kernel Nicholas Piggin (1): powerpc/64s: Fix page table fragment refcount race vs speculative references Ondrej Mosnacek (1): crypto: vmx - Fix sleep-in-atomic bugs Paolo Bonzini (1): KVM: VMX: fixes for vmentry_l1d_flush module parameter Parav Pandit (1): IB/mlx5: Honor cnt_set_id_valid flag instead of set_id Paul Mackerras (1): KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages Peter Kalauskas (1): drivers/block/zram/zram_drv.c: fix bug storing backing_dev Peter Zijlstra (1): mm/tlb: Remove tlb_remove_table() non-concurrent condition Rafael David Tinoco (1): mfd: hi655x: Fix regmap area declared size for hi655x Rafael J. Wysocki (4): ACPICA: Clear status of all events when entering sleep states sched: idle: Avoid retaining the tick when it has been stopped cpuidle: menu: Handle stopped tick more aggressively cpuidle: menu: Retain tick when shallow state is selected Ram Pai (6): powerpc/pkeys: Give all threads control of their key permissions powerpc/pkeys: Deny read/write/execute by default powerpc/pkeys: key allocation/deallocation must not change pkey registers powerpc/pkeys: Save the pkey registers before fork powerpc/pkeys: Fix calculation of total pkeys. powerpc/pkeys: Preallocate execute-only key Richard Weinberger (6): ubifs: Fix memory leak in lprobs self-check Revert "UBIFS: Fix potential integer overflow in allocation" ubifs: Check data node size before truncate ubifs: xattr: Don't operate on deleted inodes ubifs: Fix directory size calculation for symlinks ubifs: Fix synced_i_size calculation for xattr inodes Roger Quadros (1): ARM: dts: am57xx-idk: Enable dual role for USB2 port Sergei Shtylyov (2): mmc: renesas_sdhi_internal_dmac: mask DMAC interrupts mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS Shan Hai (1): bcache: release dc->writeback_lock properly in bch_writeback_thread() Steven Rostedt (VMware) (4): tracing: Do not call start/stop() functions when tracing_on does not change tracing/blktrace: Fix to allow setting same value printk/tracing: Do not trace printk_nmi_enter() uprobes: Use synchronize_rcu() not synchronize_sched() Tomas Bortoli (3): 9p: fix multiple NULL-pointer-dereferences net/9p/client.c: version pointer uninitialized net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() Trond Myklebust (2): NFSv4: Fix locking in pnfs_generic_recover_commit_reqs NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() Tycho Andersen (1): uart: fix race between uart_put_char() and uart_shutdown() Vaibhav Jain (1): cxl: Fix wrong comparison in cxl_adapter_context_get() Vignesh R (2): pwm: tiehrpwm: Don't use emulation mode bits to control PWM output pwm: tiehrpwm: Fix disabling of output of PWMs Vishal Verma (1): libnvdimm: fix ars_status output length calculation Yannik Sembritzki (2): Replace magic for trusting the secondary keyring with #define Fix kexec forbidding kernels signed with keys in the secondary keyring to boot jiangyiwen (1): 9p/virtio: fix off-by-one error in sg list bounds check piaojun (1): fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed xiao jin (1): block: blk_init_allocated_queue() set q->fq as NULL in the fail case zhangyi (F) (1): PM / sleep: wakeup: Fix build error caused by missing SRCU support

7 years, 1 month

1
1
0 0

[PATCH 4.18 000/123] 4.18.6-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.6 release. There are 123 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 5 16:56:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.6-rc1 Arnd Bergmann <arnd(a)arndb.de> x86: kvm: avoid unused variable warning Jann Horn <jannh(a)google.com> x86/dumpstack: Don't dump kernel memory based on usermode RIP Scott Bauer <scott.bauer(a)intel.com> cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Vincent Whitchurch <vincent.whitchurch(a)axis.com> watchdog: Mark watchdog touch functions as notrace H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: check for duplicate properties copied from iio channels H. Nikolaus Schaller <hns(a)goldelico.com> power: generic-adc-battery: fix out-of-bounds write when copying channel properties Dan Carpenter <dan.carpenter(a)oracle.com> PM / clk: signedness bug in of_pm_clk_add_clks() Gustavo A. R. Silva <gustavo(a)embeddedor.com> clk: npcm7xx: fix memory allocation Alberto Panizzo <alberto(a)amarulasolutions.com> clk: rockchip: fix clk_i2sout parent selection bits on rk3399 Abhishek Sahu <absahu(a)codeaurora.org> mtd: rawnand: qcom: wait for desc completion in all BAM channels Daniel Mack <daniel(a)zonque.org> mtd: rawnand: marvell: add suspend and resume hooks Boris Brezillon <boris.brezillon(a)bootlin.com> mtd: rawnand: fsmc: Stop using chip->read_buf() Boris Brezillon <boris.brezillon(a)bootlin.com> mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_reg_write_op() Mike Christie <mchristi(a)redhat.com> iscsi target: fix session creation failure handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: mpt3sas: Fix _transport_smp_handler() error path Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Fix calltrace observed while running IO & reset Tomas Winkler <tomas.winkler(a)intel.com> tpm: separate cmd_ready/go_idle from runtime_pm Ricardo Schwarzmeier <Ricardo.Schwarzmeier(a)infineon.com> tpm: Return the actual size when receiving an unsupported command Paul Burton <paul.burton(a)mips.com> MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Huacai Chen <chenhc(a)lemote.com> MIPS: Change definition of cpu_relax() for Loongson-3 Paul Burton <paul.burton(a)mips.com> MIPS: Always use -march=<arch>, not -<arch> shortcuts Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix byte_fixup for MIPSr6 Maciej W. Rozycki <macro(a)mips.com> MIPS: Correct the 64-bit DSP accumulator register size Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Make list and blacklist root user read only Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm: Fix %p uses in error messages Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Replace %p with other pointer types Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Show blacklist addresses as same as kallsyms does Philipp Rudo <prudo(a)linux.ibm.com> s390/purgatory: Add missing FORCE to Makefile targets Philipp Rudo <prudo(a)linux.ibm.com> s390/purgatory: Fix crash with expoline enabled Sebastian Ott <sebott(a)linux.ibm.com> s390/pci: fix out of bounds access during irq setup Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/numa: move initial setup of node_to_cpumask_map Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: reset old sbal_state flags Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: fix br_r1_trampoline for machines without exrl Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for all bcr instructions Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/mm: fix addressing exception after suspend/resume Ben Hutchings <ben(a)decadent.org.uk> x86: Allow generating user-space headers without a compiler Jann Horn <jannh(a)google.com> x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() Gustavo A. R. Silva <gustavo(a)embeddedor.com> hwmon: (nct6775) Fix potential Spectre v1 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Andi Kleen <ak(a)linux.intel.com> x86/spectre: Add missing family 6 check to microcode check Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Mark native_restore_fl extern inline Andy Lutomirski <luto(a)kernel.org> x86/nmi: Fix NMI uaccess race against CR3 switching Samuel Neves <sneves(a)dei.uc.pt> x86/vdso: Fix lsl operand order Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix stalled relogin Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() Johan Hovold <johan(a)kernel.org> soc: qcom: rmtfs-mem: fix memleak in probe error paths Ajit Pandey <ajit.pandey(a)cirrus.com> ASoC: wm_adsp: Correct DSP pointer for preloader control Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: sirf: Fix potential NULL pointer dereference Takashi Iwai <tiwai(a)suse.de> ASoC: zte: Fix incorrect PCM format bit usages Jerome Brunet <jbrunet(a)baylibre.com> ASoC: dpcm: don't merge format from invalid codec dai Michael Buesch <m(a)bues.ch> b43/leds: Ensure NUL-termination of LED name string Michael Buesch <m(a)bues.ch> b43legacy/leds: Ensure NUL-termination of LED name string Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: avoid division Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: fix crash due to uninitialized memory Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: handle allocation failure Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: change down_interruptible to down Bart Van Assche <bart.vanassche(a)wdc.com> lib/vsprintf: Do not handle %pO[^F] as %px Kirill Tkhai <ktkhai(a)virtuozzo.com> fuse: Add missed unlock_page() to fuse_readpages_fill() Miklos Szeredi <mszeredi(a)redhat.com> fuse: Fix oops at process_init_reply() Miklos Szeredi <mszeredi(a)redhat.com> fuse: umount should wait for all requests Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix unlocked access to processing queue Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix double request_end() Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix initial parallel dirops Andrey Ryabinin <aryabinin(a)virtuozzo.com> fuse: Don't access pipe->buffers without pipe_lock() Thomas Gleixner <tglx@xxxxxxxxxxxxx> KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd Rian Hunter <rian(a)alum.mit.edu> x86/process: Re-export start_thread() Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO build if a retpoline is emitted Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Suggest what to do on systems with too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit Peter Zijlstra <peterz(a)infradead.org> mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Takashi Iwai <tiwai(a)suse.de> platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too Kees Cook <keescook(a)chromium.org> platform/x86: wmi: Do not mix pages and kmalloc Paulo Zanoni <paulo.r.zanoni(a)intel.com> x86/gpu: reserve ICL's graphics stolen memory Michal Wnukowski <wnukowski(a)google.com> nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event Wang Shilong <wshilong(a)ddn.com> ext4: fix race when setting the bitmap corrupted flag Eric Sandeen <sandeen(a)redhat.com> ext4: reset error code in ext4_find_entry in fallback Arnd Bergmann <arnd(a)arndb.de> ext4: sysfs: print ext4_super_block fields as little-endian Wang Shilong <wshilong(a)ddn.com> ext4: use ext4_warning() for sb_getblk failure Theodore Ts'o <tytso(a)mit.edu> ext4: check for NUL characters in extended attribute's name Prasad Sodagudi <psodagud(a)codeaurora.org> stop_machine: Atomically queue and wake stopper threads Peter Zijlstra <peterz(a)infradead.org> stop_machine: Reflow cpu_stop_queue_two_works() Thomas Richter <tmricht(a)linux.ibm.com> perf kvm: Fix subcommands on s390 Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> s390/kvm: fix deadlock when killed by oom Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PTE entry if no change Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PMD entry if no change Christoffer Dall <christoffer.dall(a)arm.com> KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked Christoffer Dall <christoffer.dall(a)arm.com> KVM: arm/arm64: Fix potential loss of ptimer interrupts Huibin Hong <huibin.hong(a)rock-chips.com> arm64: dts: rockchip: corrected uart1 clock-names for rk3328 Greg Hackmann <ghackmann(a)android.com> arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Handle mismatched cache type Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Fix mismatched cache line size detection Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/arm64: Fix %p uses in error messages Petr Mladek <pmladek(a)suse.com> printk/nmi: Prevent deadlock when accessing the main log buffer in NMI Petr Mladek <pmladek(a)suse.com> printk: Create helper function to queue deferred console handling Petr Mladek <pmladek(a)suse.com> printk: Split the code for storing a message into the log buffer Vivek Gautam <vivek.gautam(a)codeaurora.org> iommu/arm-smmu: Error out only if not enough context interrupts Charles Keepax <ckeepax(a)opensource.cirrus.com> regulator: arizona-ldo1: Use correct device to get enable GPIO Daniel Borkmann <daniel(a)iogearbox.net> bpf, arm32: fix stack var offset in jit Michael Larabel <michael(a)phoronix.com> hwmon: (k10temp) 27C Offset needed for Threadripper2 Filipe Manana <fdmanana(a)suse.com> Btrfs: send, fix incorrect file layout after hole punching beyond eof Filipe Manana <fdmanana(a)suse.com> Btrfs: fix send failure when root has deleted files still open Josef Bacik <jbacik(a)fb.com> Btrfs: fix btrfs_write_inode vs delayed iput deadlock Filipe Manana <fdmanana(a)suse.com> Btrfs: fix mount failure after fsync due to hard link recreation Josef Bacik <josef(a)toxicpanda.com> btrfs: don't leak ret from do_chunk_alloc Ethan Lien <ethanlien(a)synology.com> btrfs: use correct compare function of dirty_metadata_bytes Steve French <stfrench(a)microsoft.com> smb3: fill in statfs fsid and correct namelen Steve French <stfrench(a)microsoft.com> smb3: don't request leases in symlink creation and query Steve French <stfrench(a)microsoft.com> smb3: Do not send SMB3 SET_INFO if nothing changed Steve French <stfrench(a)microsoft.com> smb3: enumerating snapshots was leaving part of the data off end Nicholas Mc Guire <hofrat(a)osadl.org> cifs: check kmalloc before use Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: use a refcount to protect open/closing the cached file handle Steve French <stfrench(a)microsoft.com> cifs: add missing debug entries for kconfig options Aurelien Aptel <aaptel(a)suse.com> CIFS: fix uninitialized ptr deref in smb2 signing Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: add missing support for ACLs in SMB 3.11 Alexander Usyskin <alexander.usyskin(a)intel.com> mei: don't update offset in write Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix disconnect regression Jason Yan <yanaijie(a)huawei.com> scsi: libsas: dynamically allocate and free ata host Ben Hutchings <ben(a)decadent.org.uk> scripts/kernel-doc: Escape all literal braces in regexes Valdis Kletnieks <valdis.kletnieks(a)vt.edu> PATCH scripts/kernel-doc ------------- Diffstat: Makefile | 8 +- arch/Kconfig | 3 + arch/arm/net/bpf_jit_32.c | 2 +- arch/arm/probes/kprobes/core.c | 4 +- arch/arm/probes/kprobes/test-core.c | 1 - arch/arm64/boot/dts/rockchip/rk3328.dtsi | 2 +- arch/arm64/include/asm/cache.h | 4 + arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/kernel/cpu_errata.c | 23 +++- arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/probes/kprobes.c | 2 +- arch/arm64/mm/init.c | 6 +- arch/mips/Makefile | 12 +- arch/mips/include/asm/processor.h | 15 ++- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- arch/mips/lib/memset.S | 3 +- arch/mips/lib/multi3.c | 6 +- arch/s390/include/asm/qdio.h | 1 - arch/s390/lib/mem.S | 16 ++- arch/s390/mm/fault.c | 2 + arch/s390/mm/page-states.c | 2 +- arch/s390/net/bpf_jit_comp.c | 2 - arch/s390/numa/numa.c | 16 +-- arch/s390/pci/pci.c | 2 + arch/s390/purgatory/Makefile | 7 +- arch/x86/Kconfig | 1 + arch/x86/Makefile | 11 +- arch/x86/entry/vdso/Makefile | 6 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/irqflags.h | 3 +- arch/x86/include/asm/processor.h | 6 +- arch/x86/include/asm/stacktrace.h | 2 +- arch/x86/include/asm/tlbflush.h | 40 +++++++ arch/x86/include/asm/vgtod.h | 2 +- arch/x86/kernel/cpu/bugs.c | 50 ++++++++- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/dumpstack.c | 25 ++++- arch/x86/kernel/early-quirks.c | 18 +++ arch/x86/kernel/process_64.c | 1 + arch/x86/kvm/hyperv.c | 27 +++-- arch/x86/kvm/hyperv.h | 2 +- arch/x86/kvm/svm.c | 8 +- arch/x86/kvm/x86.c | 19 ++-- arch/x86/lib/usercopy.c | 5 + arch/x86/mm/fault.c | 2 +- arch/x86/mm/init.c | 4 +- arch/x86/mm/mmap.c | 2 +- arch/x86/mm/tlb.c | 7 ++ drivers/ata/libata-core.c | 3 + drivers/ata/libata.h | 2 - drivers/base/power/clock_ops.c | 2 +- drivers/cdrom/cdrom.c | 2 +- drivers/char/tpm/tpm-interface.c | 53 +++++++-- drivers/char/tpm/tpm.h | 12 +- drivers/char/tpm/tpm2-space.c | 16 ++- drivers/char/tpm/tpm_crb.c | 101 +++++------------ drivers/clk/clk-npcm7xx.c | 4 +- drivers/clk/rockchip/clk-rk3399.c | 2 +- drivers/gpu/drm/udl/udl_drv.h | 2 +- drivers/gpu/drm/udl/udl_fb.c | 17 +-- drivers/gpu/drm/udl/udl_main.c | 35 +++--- drivers/gpu/drm/udl/udl_transfer.c | 39 +++---- drivers/hwmon/k10temp.c | 2 + drivers/hwmon/nct6775.c | 2 + drivers/iommu/arm-smmu.c | 16 ++- drivers/misc/mei/main.c | 1 - drivers/mtd/nand/raw/fsmc_nand.c | 2 +- drivers/mtd/nand/raw/marvell_nand.c | 73 +++++++++++-- drivers/mtd/nand/raw/nand_hynix.c | 10 ++ drivers/mtd/nand/raw/qcom_nandc.c | 53 ++++++++- drivers/net/wireless/broadcom/b43/leds.c | 2 +- drivers/net/wireless/broadcom/b43legacy/leds.c | 2 +- drivers/nvme/host/pci.c | 8 ++ drivers/pinctrl/freescale/pinctrl-imx1-core.c | 2 +- drivers/platform/x86/ideapad-laptop.c | 4 +- drivers/platform/x86/wmi.c | 9 +- drivers/power/supply/generic-adc-battery.c | 25 +++-- drivers/regulator/arizona-ldo1.c | 27 ++++- drivers/s390/cio/qdio_main.c | 5 +- drivers/scsi/libsas/sas_ata.c | 40 ++++--- drivers/scsi/libsas/sas_discover.c | 2 + drivers/scsi/mpt3sas/mpt3sas_base.c | 1 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 5 +- drivers/scsi/qla2xxx/qla_init.c | 2 +- drivers/scsi/qla2xxx/qla_iocb.c | 1 + drivers/scsi/scsi_sysfs.c | 20 +++- drivers/soc/qcom/rmtfs_mem.c | 3 +- drivers/target/iscsi/iscsi_target_login.c | 35 +++--- fs/btrfs/disk-io.c | 10 +- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 26 ----- fs/btrfs/send.c | 146 +++++++++++++++++++++++-- fs/btrfs/super.c | 1 - fs/btrfs/tree-log.c | 66 +++++++++++ fs/cifs/cifs_debug.c | 30 +++-- fs/cifs/cifsfs.c | 18 +-- fs/cifs/cifsglob.h | 1 + fs/cifs/inode.c | 2 + fs/cifs/link.c | 4 +- fs/cifs/sess.c | 6 + fs/cifs/smb2inode.c | 6 +- fs/cifs/smb2ops.c | 72 ++++++++++-- fs/cifs/smb2pdu.c | 8 ++ fs/cifs/smb2pdu.h | 11 ++ fs/cifs/smb2proto.h | 1 + fs/cifs/smb2transport.c | 5 +- fs/ext4/balloc.c | 6 +- fs/ext4/ialloc.c | 6 +- fs/ext4/namei.c | 1 + fs/ext4/super.c | 22 ++-- fs/ext4/sysfs.c | 13 ++- fs/ext4/xattr.c | 2 + fs/fuse/dev.c | 39 +++++-- fs/fuse/dir.c | 10 +- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 5 +- fs/fuse/inode.c | 37 ++++--- fs/sysfs/file.c | 44 ++++++++ include/drm/i915_drm.h | 4 +- include/linux/libata.h | 2 + include/linux/printk.h | 4 + include/linux/sysfs.h | 14 +++ include/linux/tpm.h | 2 + include/scsi/libsas.h | 2 +- kernel/kprobes.c | 38 ++++--- kernel/printk/internal.h | 9 +- kernel/printk/printk.c | 57 ++++++---- kernel/printk/printk_safe.c | 58 ++++++---- kernel/stop_machine.c | 43 +++++--- kernel/trace/trace.c | 4 +- kernel/watchdog.c | 4 +- kernel/watchdog_hld.c | 2 +- kernel/workqueue.c | 2 +- lib/nmi_backtrace.c | 3 - lib/vsprintf.c | 1 + mm/memory.c | 18 +++ net/sunrpc/xprtrdma/verbs.c | 5 +- scripts/kernel-doc | 20 ++-- sound/soc/codecs/wm_adsp.c | 8 +- sound/soc/sirf/sirf-usp.c | 7 +- sound/soc/soc-pcm.c | 8 ++ sound/soc/zte/zx-tdm.c | 4 +- tools/perf/arch/s390/util/kvm-stat.c | 2 +- virt/kvm/arm/arch_timer.c | 15 ++- virt/kvm/arm/mmu.c | 42 +++++-- 148 files changed, 1438 insertions(+), 580 deletions(-)

7 years, 1 month

9
144
0 0

[PATCH 1/7] fix hnode refcounting

by Al Viro

From: Al Viro <viro(a)zeniv.linux.org.uk> cls_u32.c misuses refcounts for struct tc_u_hnode - it counts references via ->hlist and via ->tp_root together. u32_destroy() drops the former and, in case when there had been links, leaves the sucker on the list. As the result, there's nothing to protect it from getting freed once links are dropped. That also makes the "is it busy" check incapable of catching the root hnode - it *is* busy (there's a reference from tp), but we don't see it as something separate. "Is it our root?" check partially covers that, but the problem exists for others' roots as well. AFAICS, the minimal fix preserving the existing behaviour (where it doesn't include oopsen, that is) would be this: * count tp->root and tp_c->hlist as separate references. I.e. have u32_init() set refcount to 2, not 1. * in u32_destroy() we always drop the former; in u32_destroy_hnode() - the latter. That way we have *all* references contributing to refcount. List removal happens in u32_destroy_hnode() (called only when ->refcnt is 1) an in u32_destroy() in case of tc_u_common going away, along with everything reachable from it. IOW, that way we know that u32_destroy_key() won't free something still on the list (or pointed to by someone's ->root). Cc: stable(a)vger.kernel.org Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> --- net/sched/cls_u32.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index f218ccf1e2d9..3f985f29ef30 100644 --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -398,6 +398,7 @@ static int u32_init(struct tcf_proto *tp) rcu_assign_pointer(tp_c->hlist, root_ht); root_ht->tp_c = tp_c; + root_ht->refcnt++; rcu_assign_pointer(tp->root, root_ht); tp->data = tp_c; return 0; @@ -610,7 +611,7 @@ static int u32_destroy_hnode(struct tcf_proto *tp, struct tc_u_hnode *ht, struct tc_u_hnode __rcu **hn; struct tc_u_hnode *phn; - WARN_ON(ht->refcnt); + WARN_ON(--ht->refcnt); u32_clear_hnode(tp, ht, extack); @@ -649,7 +650,7 @@ static void u32_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack) WARN_ON(root_ht == NULL); - if (root_ht && --root_ht->refcnt == 0) + if (root_ht && --root_ht->refcnt == 1) u32_destroy_hnode(tp, root_ht, extack); if (--tp_c->refcnt == 0) { @@ -698,7 +699,6 @@ static int u32_delete(struct tcf_proto *tp, void *arg, bool *last, } if (ht->refcnt == 1) { - ht->refcnt--; u32_destroy_hnode(tp, ht, extack); } else { NL_SET_ERR_MSG_MOD(extack, "Can not delete in-use filter"); -- 2.11.0

7 years, 1 month

2
5
0 0

Studio 6

by Denis Jones

Hi, I would like to check if you have received my email from last week? We are a team of 11 image editors who can help you for cutting out, your photos, also add retouching. Editing is for your products photos or portrait photos, catalog photos. Let me know if you have interests, we can send you testing work. Thanks, Denis Jones

7 years, 1 month

1
0
0 0

[PATCH] xen/netfront: fix waiting for xenbus state change

by Juergen Gross

Commit 822fb18a82aba ("xen-netfront: wait xenbus state change when load module manually") added a new wait queue to wait on for a state change when the module is loaded manually. Unfortunately there is no wakeup anywhere to stop that waiting. Instead of introducing a new wait queue rename the existing module_unload_q to module_wq and use it for both purposes (loading and unloading). As any state change of the backend might be intended to stop waiting do the wake_up_all() in any case when netback_changed() is called. Fixes: 822fb18a82aba ("xen-netfront: wait xenbus state change when load module manually") Cc: <stable(a)vger.kernel.org> #4.18 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- drivers/net/xen-netfront.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 73f596a90c69..9407acbd19a9 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -87,8 +87,7 @@ struct netfront_cb { /* IRQ name is queue name with "-tx" or "-rx" appended */ #define IRQ_NAME_SIZE (QUEUE_NAME_SIZE + 3) -static DECLARE_WAIT_QUEUE_HEAD(module_load_q); -static DECLARE_WAIT_QUEUE_HEAD(module_unload_q); +static DECLARE_WAIT_QUEUE_HEAD(module_wq); struct netfront_stats { u64 packets; @@ -1332,11 +1331,11 @@ static struct net_device *xennet_create_dev(struct xenbus_device *dev) netif_carrier_off(netdev); xenbus_switch_state(dev, XenbusStateInitialising); - wait_event(module_load_q, - xenbus_read_driver_state(dev->otherend) != - XenbusStateClosed && - xenbus_read_driver_state(dev->otherend) != - XenbusStateUnknown); + wait_event(module_wq, + xenbus_read_driver_state(dev->otherend) != + XenbusStateClosed && + xenbus_read_driver_state(dev->otherend) != + XenbusStateUnknown); return netdev; exit: @@ -2010,15 +2009,14 @@ static void netback_changed(struct xenbus_device *dev, dev_dbg(&dev->dev, "%s\n", xenbus_strstate(backend_state)); + wake_up_all(&module_wq); + switch (backend_state) { case XenbusStateInitialising: case XenbusStateInitialised: case XenbusStateReconfiguring: case XenbusStateReconfigured: - break; - case XenbusStateUnknown: - wake_up_all(&module_unload_q); break; case XenbusStateInitWait: @@ -2034,12 +2032,10 @@ static void netback_changed(struct xenbus_device *dev, break; case XenbusStateClosed: - wake_up_all(&module_unload_q); if (dev->state == XenbusStateClosed) break; /* Missed the backend's CLOSING state -- fallthrough */ case XenbusStateClosing: - wake_up_all(&module_unload_q); xenbus_frontend_closed(dev); break; } @@ -2147,14 +2143,14 @@ static int xennet_remove(struct xenbus_device *dev) if (xenbus_read_driver_state(dev->otherend) != XenbusStateClosed) { xenbus_switch_state(dev, XenbusStateClosing); - wait_event(module_unload_q, + wait_event(module_wq, xenbus_read_driver_state(dev->otherend) == XenbusStateClosing || xenbus_read_driver_state(dev->otherend) == XenbusStateUnknown); xenbus_switch_state(dev, XenbusStateClosed); - wait_event(module_unload_q, + wait_event(module_wq, xenbus_read_driver_state(dev->otherend) == XenbusStateClosed || xenbus_read_driver_state(dev->otherend) == -- 2.16.4

7 years, 1 month

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror