- Linux-stable-mirror - lists.linaro.org

Re: in stable 4.4.131 kprobes seems to be broken

by Greg Kroah-Hartman

[Adding the stable list] On Mon, Jul 09, 2018 at 11:53:37PM -0700, Victor Kamensky wrote: > Hi Masami, > > I am not sure maybe you are aware about this issue already, but > I am writing in case if you are not. > > After move to 4.4.131 stable very basic SystemTap script that involves > kprobes stopped working - it crashes kernel. > > The SystemTap script like this: > > probe kernel.function("meminfo_proc_show") { > println("meminfo_proc_show called") > } > > which effectively will translate into kprobe entry in meminfo_proc_show > function, crashes like this. > > BUG: unable to handle kernel paging request at ffffffffc063f002 > IP: [<ffffffffa3c3558b>] resume_execution+0xe5/0x151 > PGD 24613067 ca > PUD 24615067 PMD 1523e9067 PTE 3370d061 > Oops: 0003 [#1] SMP Modules linked in: <snip> > CPU: 3 PID: 20078 Comm: <snip> Tainted: G O 4.4.131 #1 > task: ffff880031ead780 ti: ffff880032238000 task.ti: ffff880032238000 > t /RIP: 0010:[<ffffffffa3c3558b>] [<ffffffffa3c3558b>] resume_execution+0xe5/0x151 > RSP: 0018:ffff88017fccaec8 EFLAGS: 00010006 > RAX: ffffffffa3dad154 RBX: ffffffffa3dad152 RCX: 000000003f9c0ff9 > RDX: ffffffffc063f002 RSI: ffff88017fccaf58 RDI: 0000000000000041 > RBP: ffff8801549f83c0 R08: 0000000000000001 R09: 0000000000000001 > R10: ffff88003223bdd8 R11: 0000000000000246 R12: ffff88003223bdd8 > R13: ffff88017fccaf58 R14: ffffffffc063f000 R15: ffff88017fccee40 > FS: 00007f9f34520240(0000) GS:ffff88017fcc0000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: ffffffffc063f002 CR3: 0000000152b46000 CR4: 0000000000100670 > Stack: > ffff88017fccee40 ffff88017fccaf58 ffff8801549f83c0 0000000000000000 > ffff880033cde500 0000000000000001 ffffffffa3c35633 ffff88017fccaf58 > ffff880031ead780 0000000000000000 ffffffffa3c04e9d 0000000000004000 > Call Trace: > <#DB> > [<ffffffffa3c35633>] ? kprobe_debug_handler+0x3c/0xc8 > [<ffffffffa3c04e9d>] ? do_debug+0x7a/0x182 > [<ffffffffa4163afe>] ? debug+0x3e/0x70 > [<ffffffffa3dad14d>] ? meminfo_proc_open+0x1c/0x1c > [<ffffffffa3d73111>] ? seq_buf_alloc+0x23/0x3c > <<EOE>> > [<ffffffffa3d735a8>] ? seq_read+0x1a6/0x40d > [<ffffffffa3da5700>] ? proc_reg_read+0x47/0x65 > [<ffffffffa3da56b9>] ? proc_reg_write+0x65/0x65 > [<ffffffffa3d55ebf>] ? __vfs_read+0x34/0xea > [<ffffffffa3d564f9>] ? rw_verify_area+0x7a/0xc9 > [<ffffffffa3d565dc>] ? vfs_read+0x94/0xf9 > [<ffffffffa3d570a4>] ? SyS_read+0x61/0xb4 > [<ffffffffa4161b8a>] ? entry_SYSCALL_64_fastpath+0x1e/0x8e > Code: 7d 70 00 75 3e 49 8b 95 80 00 00 00 49 39 d6 73 2b 48 89 d0 4c 29 f0 > 48 8d 48 05 48 83 f9 0e 77 1b b9 fb ff ff ff 48 01 d8 29 d1 <c6> 02 e9 01 c8 > 89 42 01 c7 45 70 01 00 00 00 eb 07 c7 45 70 ff RIP [<ffffffffa3c3558b>] > resume_execution+0xe5/0x151 > RSP <ffff88017fccaec8> > CR2: ffffffffc063f002 > > Decoding crash: > > (gdb) p &resume_execution > $1 = (void (*)(struct kprobe *, struct pt_regs *, > struct kprobe_ctlblk *)) 0xffffffff810354a6 <resume_execution> > (gdb) b *(0xffffffff810354a6 + 0xe5) > Breakpoint 1 at 0xffffffff8103558b: file <snip>/kernel-source/arch/x86/kernel/kprobes/core.c, line 126. > > corresponds to: > > static nokprobe_inline void > __synthesize_relative_insn(void *from, void *to, u8 op) > { > struct __arch_relative_insn { > u8 op; > s32 raddr; > } __packed *insn; > > insn = (struct __arch_relative_insn *)from; > insn->raddr = (s32)((long)(to) - ((long)(from) + 5)); > insn->op = op; <---------------------------------------- > } > > > (gdb) p /x &kprobe_debug_handler > $1 = 0xffffffff810355f7 > (gdb) b *(0xffffffff810355f7 + 0x3c) > Breakpoint 1 at 0xffffffff81035633: file <snip>/kernel-source/arch/x86/kernel/kprobes/core.c, line 932. > > corresponds to > > static void resume_execution(struct kprobe *p, struct pt_regs *regs, > struct kprobe_ctlblk *kcb) > { > <snip> > if (p->ainsn.boostable == 0) { > if ((regs->ip > copy_ip) && > (regs->ip - copy_ip) + 5 < MAX_INSN_SIZE) { > /* > * These instructions can be executed directly if it > * jumps back to correct address. > */ > synthesize_reljump((void *)regs->ip, > (void *)orig_ip + (regs->ip - copy_ip)); <------- > p->ainsn.boostable = 1; > } else { > p->ainsn.boostable = -1; > } > } > > Further digging points to the following couple commits that 4.4.y stable > picked up: > > 1dd26ec7 kprobes/x86: Fix to set RWX bits correctly before releasing trampoline > 76bee4 kprobes/x86: Set kprobes pages read-only > > Effectively the way I read: the problem is that linux-4.4.y branch is > missing your following commit > > commit 804dec5bda9b4fcdab5f67fe61db4a0498af5221 > Author: Masami Hiramatsu <mhiramat(a)kernel.org> > Date: Wed Mar 29 14:00:25 2017 +0900 > > kprobes/x86: Do not modify singlestep buffer while resuming > > Do not modify singlestep execution buffer (kprobe.ainsn.insn) > while resuming from single-stepping, instead, modifies > the buffer to add a jump back instruction at preparing > buffer. > > Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> > Cc: Ananth N Mavinakayanahalli <ananth(a)linux.vnet.ibm.com> > > and as result synthesize_reljump function call still exists from > resume_execution function but it does not have proper page permission > manipulation code around it, so making kprobes pages as > read-only has averse effect: I.e when called from resume_execution > function it hits read-only page and crashes. > > Please advise how to proceed besides obvious backing out above mentioned > two commits. So if you apply the above commit, all works properly for you? thanks, greg k-h

7 years, 4 months

4
4
0 0

[char-misc-next v2 1/2] mei: bus: type promotion bug in mei_nfc_if_version()

by Tomas Winkler

From: Dan Carpenter <dan.carpenter(a)oracle.com> We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- V2: rebase drivers/misc/mei/bus-fixup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err; -- 2.14.4

7 years, 4 months

1
0
0 0

[PATCH V2] MIPS: implement smp_cond_load_acquire() for Loongson-3

by Huacai Chen

After commit 7f56b58a92aaf2c ("locking/mcs: Use smp_cond_load_acquire() in MCS spin loop") Loongson-3 fails to boot. This is because Loongson-3 has SFB (Store Fill Buffer) and the weak-ordering may cause READ_ONCE() to get an old value in a tight loop. So in smp_cond_load_acquire() we need a __smp_rmb() before the READ_ONCE() loop. This patch introduce a Loongson-specific smp_cond_load_acquire(). And it should be backported to as early as linux-4.5, in which release the smp_cond_acquire() is introduced. There may be other cases where memory barriers is needed, we will fix them one by one. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/include/asm/barrier.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/mips/include/asm/barrier.h b/arch/mips/include/asm/barrier.h index a5eb1bb..e8c4c63 100644 --- a/arch/mips/include/asm/barrier.h +++ b/arch/mips/include/asm/barrier.h @@ -222,6 +222,24 @@ #define __smp_mb__before_atomic() __smp_mb__before_llsc() #define __smp_mb__after_atomic() smp_llsc_mb() +#ifdef CONFIG_CPU_LOONGSON3 +/* Loongson-3 need a __smp_rmb() before READ_ONCE() loop */ +#define smp_cond_load_acquire(ptr, cond_expr) \ +({ \ + typeof(ptr) __PTR = (ptr); \ + typeof(*ptr) VAL; \ + __smp_rmb(); \ + for (;;) { \ + VAL = READ_ONCE(*__PTR); \ + if (cond_expr) \ + break; \ + cpu_relax(); \ + } \ + __smp_rmb(); \ + VAL; \ +}) +#endif /* CONFIG_CPU_LOONGSON3 */ + #include <asm-generic/barrier.h> #endif /* __ASM_BARRIER_H */ -- 2.7.0

7 years, 4 months

8
15
0 0

FAILED: patch "[PATCH] ovl: hash non-dir by lower inode for fsnotify" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 764baba80168ad3adafb521d2ab483ccbc49e344 Mon Sep 17 00:00:00 2001 From: Amir Goldstein <amir73il(a)gmail.com> Date: Sun, 4 Feb 2018 15:35:09 +0200 Subject: [PATCH] ovl: hash non-dir by lower inode for fsnotify Commit 31747eda41ef ("ovl: hash directory inodes for fsnotify") fixed an issue of inotify watch on directory that stops getting events after dropping dentry caches. A similar issue exists for non-dir non-upper files, for example: $ mkdir -p lower upper work merged $ touch lower/foo $ mount -t overlay -o lowerdir=lower,workdir=work,upperdir=upper none merged $ inotifywait merged/foo & $ echo 2 > /proc/sys/vm/drop_caches $ cat merged/foo inotifywait doesn't get the OPEN event, because ovl_lookup() called from 'cat' allocates a new overlay inode and does not reuse the watched inode. Fix this by hashing non-dir overlay inodes by lower real inode in the following cases that were not hashed before this change: - A non-upper overlay mount - A lower non-hardlink when index=off A helper ovl_hash_bylower() was added to put all the logic and documentation about which real inode an overlay inode is hashed by into one place. The issue dates back to initial version of overlayfs, but this patch depends on ovl_inode code that was introduced in kernel v4.13. Cc: <stable(a)vger.kernel.org> #v4.13 Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index fcd97b783fa1..3b1bd469accd 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -669,38 +669,59 @@ struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, return inode; } +/* + * Does overlay inode need to be hashed by lower inode? + */ +static bool ovl_hash_bylower(struct super_block *sb, struct dentry *upper, + struct dentry *lower, struct dentry *index) +{ + struct ovl_fs *ofs = sb->s_fs_info; + + /* No, if pure upper */ + if (!lower) + return false; + + /* Yes, if already indexed */ + if (index) + return true; + + /* Yes, if won't be copied up */ + if (!ofs->upper_mnt) + return true; + + /* No, if lower hardlink is or will be broken on copy up */ + if ((upper || !ovl_indexdir(sb)) && + !d_is_dir(lower) && d_inode(lower)->i_nlink > 1) + return false; + + /* No, if non-indexed upper with NFS export */ + if (sb->s_export_op && upper) + return false; + + /* Otherwise, hash by lower inode for fsnotify */ + return true; +} + struct inode *ovl_get_inode(struct super_block *sb, struct dentry *upperdentry, struct dentry *lowerdentry, struct dentry *index, unsigned int numlower) { - struct ovl_fs *ofs = sb->s_fs_info; struct inode *realinode = upperdentry ? d_inode(upperdentry) : NULL; struct inode *inode; - /* Already indexed or could be indexed on copy up? */ - bool indexed = (index || (ovl_indexdir(sb) && !upperdentry)); - struct dentry *origin = indexed ? lowerdentry : NULL; + bool bylower = ovl_hash_bylower(sb, upperdentry, lowerdentry, index); bool is_dir; - if (WARN_ON(upperdentry && indexed && !lowerdentry)) - return ERR_PTR(-EIO); - if (!realinode) realinode = d_inode(lowerdentry); /* - * Copy up origin (lower) may exist for non-indexed non-dir upper, but - * we must not use lower as hash key in that case. - * Hash non-dir that is or could be indexed by origin inode. - * Hash dir that is or could be merged by origin inode. - * Hash pure upper and non-indexed non-dir by upper inode. - * Hash non-indexed dir by upper inode for NFS export. + * Copy up origin (lower) may exist for non-indexed upper, but we must + * not use lower as hash key if this is a broken hardlink. */ is_dir = S_ISDIR(realinode->i_mode); - if (is_dir && (indexed || !sb->s_export_op || !ofs->upper_mnt)) - origin = lowerdentry; - - if (upperdentry || origin) { - struct inode *key = d_inode(origin ?: upperdentry); + if (upperdentry || bylower) { + struct inode *key = d_inode(bylower ? lowerdentry : + upperdentry); unsigned int nlink = is_dir ? 1 : realinode->i_nlink; inode = iget5_locked(sb, (unsigned long) key, @@ -728,6 +749,7 @@ struct inode *ovl_get_inode(struct super_block *sb, struct dentry *upperdentry, nlink = ovl_get_nlink(lowerdentry, upperdentry, nlink); set_nlink(inode, nlink); } else { + /* Lower hardlink that will be broken on copy up */ inode = new_inode(sb); if (!inode) goto out_nomem;

7 years, 4 months

5
16
0 0

Re: [PATCH 2/3] xen: set cpu capabilities from xen_start_kernel()

by Juergen Gross

On 11/07/18 11:15, Woodhouse, David wrote: > On Wed, 2018-05-30 at 13:09 +0200, Juergen Gross wrote: >> There is no need to set the same capabilities for each cpu >> individually. This can easily be done for all cpus when starting the >> kernel. >> >> Upstream commit: 0808e80cb760de2733c0527d2090ed2205a1eef8 ("xen: set >> cpu capabilities from xen_start_kernel()") >> >> Signed-off-by: Juergen Gross <jgross(a)suse.com> >> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> > > That breaks PV guests because they get KAISER enabled — when > kaiser_check_boottime_disable() runs, X86_FEATURE_XENPV isn't set. Which kernel version are you talking about? With upstream commit 60d3450167433f2d099ce2869dc52dd9e7dc9b29 which will be part of next stable-4.9 everything is fine. Juergen

7 years, 4 months

1
0
0 0

[PATCH 3/3] IB/srpt: Fix a use-after-free

by Bart Van Assche

Make sure that channel objects continue to exist until the target core has called the .close_session() callback function. This patch voids that KASAN sporadically reports the following: BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c/0x130 Read of size 4 at addr ffff8801534b16e4 by task rmdir/14805 CPU: 16 PID: 14805 Comm: rmdir Not tainted 4.18.0-rc2-dbg+ #5 Call Trace: dump_stack+0xa4/0xf5 print_address_description+0x6f/0x270 kasan_report+0x241/0x360 __asan_load4+0x78/0x80 do_raw_spin_lock+0x1c/0x130 _raw_spin_lock_irqsave+0x52/0x60 srpt_set_ch_state+0x27/0x70 [ib_srpt] srpt_disconnect_ch+0x1b/0xc0 [ib_srpt] srpt_close_session+0xa8/0x260 [ib_srpt] target_shutdown_sessions+0x170/0x180 [target_core_mod] core_tpg_del_initiator_node_acl+0xf3/0x200 [target_core_mod] target_fabric_nacl_base_release+0x25/0x30 [target_core_mod] config_item_release+0x9c/0x110 [configfs] config_item_put+0x26/0x30 [configfs] configfs_rmdir+0x3b8/0x510 [configfs] vfs_rmdir+0xb3/0x1e0 do_rmdir+0x262/0x2c0 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: a42d985bd5b2 ("ib_srpt: Initial SRP Target merge for v3.3-rc1") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 325bae29e90d..705f6a992d82 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -2152,6 +2152,7 @@ static int srpt_cm_req_recv(struct srpt_device *const sdev, } kref_init(&ch->kref); + kref_get(&ch->kref); ch->pkey = be16_to_cpu(pkey); ch->nexus = nexus; ch->zw_cqe.done = srpt_zerolength_write_done; @@ -3212,6 +3213,7 @@ static void srpt_close_session(struct se_session *se_sess) struct srpt_rdma_ch *ch = se_sess->fabric_sess_ptr; srpt_disconnect_ch_sync(ch); + kref_put(&ch->kref, srpt_free_ch); } /** -- 2.18.0

7 years, 4 months

5
8
0 0

[PATCH v4 0/8] mm: Rework hmm to use devm_memremap_pages and other fixes

by Dan Williams

Changes since v3 [1]: * Collect Logan's reviewed-by on patch 3 * Collect John's and Joe's tested-by on patch 8 * Update the changelog for patch 1 and 7 to better explain the EXPORT_SYMBOL_GPL rationale. * Update the changelog for patch 2 to clarify that it is a cleanup to make the following patch-3 fix easier [1]: https://lkml.org/lkml/2018/6/19/108 --- Hi Andrew, As requested, here is a resend of the devm_memremap_pages() fixups. Please consider for 4.18. --- As ZONE_DEVICE continues to attract new users, it is imperative to keep all users consolidated on devm_memremap_pages() as the interface for create "device pages". The devm_memremap_pages() implementation was recently reworked to make it more generic for arbitrary users, like the proposed peer-to-peer PCI-E enabling. HMM pre-dated this rework and opted to duplicate devm_memremap_pages() as hmm_devmem_pages_create(). Rework hmm to be a consumer of devm_memremap_pages() directly and fix up the licensing on the exports given the deep dependencies and exposure of core mm internals. With the exports of devm_memremap_pages() and hmm fixed up we can fix the regression of inadvertently making put_page() have EXPORT_SYMBOL_GPL dependencies, which breaks consumers like OpenAFS. The series was tested against v4.18-rc2. --- Dan Williams (8): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL mm: Fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 10 - drivers/nvdimm/pmem.c | 18 +- include/linux/hmm.h | 4 include/linux/memremap.h | 7 + kernel/memremap.c | 89 +++++++---- mm/hmm.c | 306 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 21 ++- 7 files changed, 132 insertions(+), 323 deletions(-)

7 years, 4 months

1
1
0 0

[PATCH 1/2] x86/gpu: reserve ICL's graphics stolen memory

by Paulo Zanoni

ICL changes the registers and addresses to 64 bits. I also briefly looked at implementing an u64 version of the PCI config read functions, but I concluded this wouldn't be trivial, so it's not worth doing it for a single user that can't have any racing problems while reading the register in two separate operations. v2: - Scrub the development (non-public) changelog (Joonas). - Remove the i915.ko bits so this can be easily backported in order to properly avoid stolen memory even on machines without i915.ko (Joonas). - CC stable for the reasons above. Issue: VIZ-9250 CC: stable(a)vger.kernel.org Cc: Ingo Molnar <mingo(a)kernel.org> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: x86(a)kernel.org Cc: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Signed-off-by: Paulo Zanoni <paulo.r.zanoni(a)intel.com> --- arch/x86/kernel/early-quirks.c | 18 ++++++++++++++++++ include/drm/i915_drm.h | 4 +++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c index bae0d32e327b..72c2cf961d44 100644 --- a/arch/x86/kernel/early-quirks.c +++ b/arch/x86/kernel/early-quirks.c @@ -340,6 +340,18 @@ static resource_size_t __init gen3_stolen_base(int num, int slot, int func, return bsm & INTEL_BSM_MASK; } +static resource_size_t __init gen11_stolen_base(int num, int slot, int func, + resource_size_t stolen_size) +{ + u64 bsm; + + bsm = read_pci_config(num, slot, func, INTEL_GEN11_BSM_DW0); + bsm &= INTEL_BSM_MASK; + bsm |= (u64)read_pci_config(num, slot, func, INTEL_GEN11_BSM_DW1) << 32; + + return bsm; +} + static resource_size_t __init i830_stolen_size(int num, int slot, int func) { u16 gmch_ctrl; @@ -500,6 +512,11 @@ static const struct intel_early_ops chv_early_ops __initconst = { .stolen_size = chv_stolen_size, }; +static const struct intel_early_ops gen11_early_ops __initconst = { + .stolen_base = gen11_stolen_base, + .stolen_size = gen9_stolen_size, +}; + static const struct pci_device_id intel_early_ids[] __initconst = { INTEL_I830_IDS(&i830_early_ops), INTEL_I845G_IDS(&i845_early_ops), @@ -531,6 +548,7 @@ static const struct pci_device_id intel_early_ids[] __initconst = { INTEL_CFL_IDS(&gen9_early_ops), INTEL_GLK_IDS(&gen9_early_ops), INTEL_CNL_IDS(&gen9_early_ops), + INTEL_ICL_11_IDS(&gen11_early_ops), }; struct resource intel_graphics_stolen_res __ro_after_init = DEFINE_RES_MEM(0, 0); diff --git a/include/drm/i915_drm.h b/include/drm/i915_drm.h index c9e5a6621b95..c44703f471b3 100644 --- a/include/drm/i915_drm.h +++ b/include/drm/i915_drm.h @@ -95,7 +95,9 @@ extern struct resource intel_graphics_stolen_res; #define I845_TSEG_SIZE_512K (2 << 1) #define I845_TSEG_SIZE_1M (3 << 1) -#define INTEL_BSM 0x5c +#define INTEL_BSM 0x5c +#define INTEL_GEN11_BSM_DW0 0xc0 +#define INTEL_GEN11_BSM_DW1 0xc4 #define INTEL_BSM_MASK (-(1u << 20)) #endif /* _I915_DRM_H_ */ -- 2.14.3

7 years, 4 months

4
7
0 0

[PATCH 1/4] mtd: cfi_cmdset_0002: Change write buffer to check correct value

by Tokunori Ikegami

For the word write it is checked if the chip has the correct value. But it is not checked for the write buffer as only checked if ready. To make sure for the write buffer change to check the value. It is enough as this patch is only checking the last written word. Since it is described by data sheets to check the operation status. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 692902df2598..9ab521d25ea2 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -1880,7 +1880,7 @@ static int __xipram do_write_buffer(struct map_info *map, struct flchip *chip, if (time_after(jiffies, timeo) && !chip_ready(map, adr)) break; - if (chip_ready(map, adr)) { + if (chip_good(map, adr, datum)) { xip_enable(map, chip, adr); goto op_done; } -- 2.16.1

7 years, 4 months

3
7
0 0

[PATCH] xen: remove global bit from __default_kernel_pte_mask for pv guests

by Juergen Gross

When removing the global bit from __supported_pte_mask do the same for __default_kernel_pte_mask in order to avoid the WARN_ONCE() in check_pgprot() when setting a kernel pte before having called init_mem_mapping(). Cc: <stable(a)vger.kernel.org> # 4.17 Reported-by: Michael Young <m.a.young(a)durham.ac.uk> Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 0f4cd9e5bed4..cf7b13d3e911 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -1230,6 +1230,7 @@ asmlinkage __visible void __init xen_start_kernel(void) /* Prevent unwanted bits from being set in PTEs. */ __supported_pte_mask &= ~_PAGE_GLOBAL; + __default_kernel_pte_mask &= ~_PAGE_GLOBAL; /* * Prevent page tables from being allocated in highmem, even -- 2.13.7

7 years, 4 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror