- Linux-stable-mirror - lists.linaro.org

Patch "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-am335x-pepper-fix-the-audio-codec-s-reset-pin.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Mar 16 15:11:07 CET 2018 From: "Andrew F. Davis" <afd(a)ti.com> Date: Wed, 29 Nov 2017 11:13:56 -0600 Subject: ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin From: "Andrew F. Davis" <afd(a)ti.com> [ Upstream commit e153db03c6b7a035c797bcdf35262586f003ee93 ] The correct DT property for specifying a GPIO used for reset is "reset-gpios", fix this here. Fixes: 4341881d0562 ("ARM: dts: Add devicetree for Gumstix Pepper board") Signed-off-by: Andrew F. Davis <afd(a)ti.com> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/am335x-pepper.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/boot/dts/am335x-pepper.dts +++ b/arch/arm/boot/dts/am335x-pepper.dts @@ -139,7 +139,7 @@ &audio_codec { status = "okay"; - gpio-reset = <&gpio1 16 GPIO_ACTIVE_LOW>; + reset-gpios = <&gpio1 16 GPIO_ACTIVE_LOW>; AVDD-supply = <&ldo3_reg>; IOVDD-supply = <&ldo3_reg>; DRVDD-supply = <&ldo3_reg>; Patches currently in stable-queue which might be from afd(a)ti.com are queue-4.15/arm-dts-omap3-n900-fix-the-audio-codec-s-reset-pin.patch queue-4.15/arm-dts-am335x-pepper-fix-the-audio-codec-s-reset-pin.patch

7 years, 6 months

1
0
0 0

Patch "agp/intel: Flush all chipset writes after updating the GGTT" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled agp/intel: Flush all chipset writes after updating the GGTT to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: agp-intel-flush-all-chipset-writes-after-updating-the-ggtt.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Mar 16 15:11:08 CET 2018 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Fri, 8 Dec 2017 21:46:16 +0000 Subject: agp/intel: Flush all chipset writes after updating the GGTT From: Chris Wilson <chris(a)chris-wilson.co.uk> [ Upstream commit 8516673a996870ea0ceb337ee4f83c33c5ec3111 ] Before accessing the GGTT we must flush the PTE writes and make them visible to the chipset, or else the indirect access may end up in the wrong page. In commit 3497971a71d8 ("agp/intel: Flush chipset writes after updating a single PTE"), we noticed corruption of the uploads for pwrite and for capturing GPU error states, but it was presumed that the explicit calls to intel_gtt_chipset_flush() were sufficient for the execbuffer path. However, we have not been flushing the chipset between the PTE writes and access via the GTT itself. For simplicity, do the flush after any PTE update rather than try and batch the flushes on a just-in-time basis. References: 3497971a71d8 ("agp/intel: Flush chipset writes after updating a single PTE") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)intel.com> Cc: drm-intel-fixes(a)lists.freedesktop.org Reviewed-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20171208214616.30147-1-chris@… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/agp/intel-gtt.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/char/agp/intel-gtt.c +++ b/drivers/char/agp/intel-gtt.c @@ -872,6 +872,8 @@ void intel_gtt_insert_sg_entries(struct } } wmb(); + if (intel_private.driver->chipset_flush) + intel_private.driver->chipset_flush(); } EXPORT_SYMBOL(intel_gtt_insert_sg_entries); Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.15/dma-buf-fence-fix-lock-inversion-within-dma-fence-array.patch queue-4.15/agp-intel-flush-all-chipset-writes-after-updating-the-ggtt.patch

7 years, 6 months

1
0
0 0

Fix gfs2 in 4.15.y

by Andreas Gruenbacher

Hi Greg, Andrew Price has observed that mounting gfs2 filesystems is currently broken in the 4.15.y kernels. The reason is that commit 'gfs2: Fixes to "Implement iomap for block_map"' was cherry-picked from mainline in 4.15.5 without adding a commit that that commit depends on. Could you please fix that by adding the following commit to 4.15.y: e8b43fe0c1 gfs2: Clean up {lookup,fillup}_metapath In addition, could you please add the following commit to 4.15.y as well: 3b5da96e45 gfs2: Fixes to "Implement iomap for block_map" (2) Both commits can be cherry-picked cleanly. Thanks a lot, Andreas

7 years, 6 months

2
1
0 0

Patch "gfs2: Fixes to "Implement iomap for block_map" (2)" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gfs2: Fixes to "Implement iomap for block_map" (2) to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gfs2-fixes-to-implement-iomap-for-block_map-2.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3b5da96e4585a2788da6a07619bda3518d76eb30 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher <agruenba(a)redhat.com> Date: Mon, 5 Mar 2018 06:18:25 -0700 Subject: gfs2: Fixes to "Implement iomap for block_map" (2) From: Andreas Gruenbacher <agruenba(a)redhat.com> commit 3b5da96e4585a2788da6a07619bda3518d76eb30 upstream. It turns out that commit 3229c18c0d6b2 'Fixes to "Implement iomap for block_map"' introduced another bug in gfs2_iomap_begin that can cause gfs2_block_map to set bh->b_size of an actual buffer to 0. This can lead to arbitrary incorrect behavior including crashes or disk corruption. Revert the incorrect part of that commit. Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> Signed-off-by: Bob Peterson <rpeterso(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/gfs2/bmap.c | 3 --- 1 file changed, 3 deletions(-) --- a/fs/gfs2/bmap.c +++ b/fs/gfs2/bmap.c @@ -811,9 +811,6 @@ do_alloc: iomap->length = hole_size(inode, lblock, &mp); else iomap->length = size - pos; - } else { - if (height <= ip->i_height) - iomap->length = hole_size(inode, lblock, &mp); } goto out_release; } Patches currently in stable-queue which might be from agruenba(a)redhat.com are queue-4.15/gfs2-clean-up-lookup-fillup-_metapath.patch queue-4.15/gfs2-fixes-to-implement-iomap-for-block_map-2.patch

7 years, 6 months

1
0
0 0

Patch "gfs2: Clean up {lookup, fillup}_metapath" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gfs2: Clean up {lookup,fillup}_metapath to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gfs2-clean-up-lookup-fillup-_metapath.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e8b43fe0c1e035a135be7ca3791d465fcb1b501e Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher <agruenba(a)redhat.com> Date: Fri, 8 Dec 2017 17:01:57 +0100 Subject: gfs2: Clean up {lookup,fillup}_metapath From: Andreas Gruenbacher <agruenba(a)redhat.com> commit e8b43fe0c1e035a135be7ca3791d465fcb1b501e upstream. Split out the entire lookup loop from lookup_metapath and fillup_metapath. Make both functions return the actual height in mp->mp_aheight, and return 0 on success. Handle lookup errors properly in trunc_dealloc. Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> Signed-off-by: Bob Peterson <rpeterso(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/gfs2/bmap.c | 74 +++++++++++++++++++++++---------------------------------- 1 file changed, 30 insertions(+), 44 deletions(-) --- a/fs/gfs2/bmap.c +++ b/fs/gfs2/bmap.c @@ -305,21 +305,22 @@ static void gfs2_metapath_ra(struct gfs2 } } -/** - * lookup_mp_height - helper function for lookup_metapath - * @ip: the inode - * @mp: the metapath - * @h: the height which needs looking up - */ -static int lookup_mp_height(struct gfs2_inode *ip, struct metapath *mp, int h) +static int __fillup_metapath(struct gfs2_inode *ip, struct metapath *mp, + unsigned int x, unsigned int h) { - __be64 *ptr = metapointer(h, mp); - u64 dblock = be64_to_cpu(*ptr); - - if (!dblock) - return h + 1; + for (; x < h; x++) { + __be64 *ptr = metapointer(x, mp); + u64 dblock = be64_to_cpu(*ptr); + int ret; - return gfs2_meta_indirect_buffer(ip, h + 1, dblock, &mp->mp_bh[h + 1]); + if (!dblock) + break; + ret = gfs2_meta_indirect_buffer(ip, x + 1, dblock, &mp->mp_bh[x + 1]); + if (ret) + return ret; + } + mp->mp_aheight = x + 1; + return 0; } /** @@ -336,25 +337,12 @@ static int lookup_mp_height(struct gfs2_ * at which it found the unallocated block. Blocks which are found are * added to the mp->mp_bh[] list. * - * Returns: error or height of metadata tree + * Returns: error */ static int lookup_metapath(struct gfs2_inode *ip, struct metapath *mp) { - unsigned int end_of_metadata = ip->i_height - 1; - unsigned int x; - int ret; - - for (x = 0; x < end_of_metadata; x++) { - ret = lookup_mp_height(ip, mp, x); - if (ret) - goto out; - } - - ret = ip->i_height; -out: - mp->mp_aheight = ret; - return ret; + return __fillup_metapath(ip, mp, 0, ip->i_height - 1); } /** @@ -365,25 +353,21 @@ out: * * Similar to lookup_metapath, but does lookups for a range of heights * - * Returns: error or height of metadata tree + * Returns: error */ static int fillup_metapath(struct gfs2_inode *ip, struct metapath *mp, int h) { - unsigned int start_h = h - 1; - int ret; + unsigned int x = 0; if (h) { /* find the first buffer we need to look up. */ - while (start_h > 0 && mp->mp_bh[start_h] == NULL) - start_h--; - for (; start_h < h; start_h++) { - ret = lookup_mp_height(ip, mp, start_h); - if (ret) - return ret; + for (x = h - 1; x > 0; x--) { + if (mp->mp_bh[x]) + break; } } - return ip->i_height; + return __fillup_metapath(ip, mp, x, h); } static inline void release_metapath(struct metapath *mp) @@ -790,7 +774,7 @@ int gfs2_iomap_begin(struct inode *inode goto do_alloc; ret = lookup_metapath(ip, &mp); - if (ret < 0) + if (ret) goto out_release; if (mp.mp_aheight != ip->i_height) @@ -1339,7 +1323,9 @@ static int trunc_dealloc(struct gfs2_ino mp.mp_bh[0] = dibh; ret = lookup_metapath(ip, &mp); - if (ret == ip->i_height) + if (ret) + goto out_metapath; + if (mp.mp_aheight == ip->i_height) state = DEALLOC_MP_FULL; /* We have a complete metapath */ else state = DEALLOC_FILL_MP; /* deal with partial metapath */ @@ -1435,16 +1421,16 @@ static int trunc_dealloc(struct gfs2_ino case DEALLOC_FILL_MP: /* Fill the buffers out to the current height. */ ret = fillup_metapath(ip, &mp, mp_h); - if (ret < 0) + if (ret) goto out; /* If buffers found for the entire strip height */ - if ((ret == ip->i_height) && (mp_h == strip_h)) { + if (mp.mp_aheight - 1 == strip_h) { state = DEALLOC_MP_FULL; break; } - if (ret < ip->i_height) /* We have a partial height */ - mp_h = ret - 1; + if (mp.mp_aheight < ip->i_height) /* We have a partial height */ + mp_h = mp.mp_aheight - 1; /* If we find a non-null block pointer, crawl a bit higher up in the metapath and try again, otherwise Patches currently in stable-queue which might be from agruenba(a)redhat.com are queue-4.15/gfs2-clean-up-lookup-fillup-_metapath.patch queue-4.15/gfs2-fixes-to-implement-iomap-for-block_map-2.patch

7 years, 6 months

1
0
0 0

Patch "[PATCH] Revert "btrfs: use proper endianness accessors for" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "btrfs: use proper endianness accessors for to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-btrfs-use-proper-endianness-accessors-for.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b9d4efbe7f9c675fb7571cee52d87bc33fb17788 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 16 Mar 2018 15:00:50 +0100 Subject: [PATCH] Revert "btrfs: use proper endianness accessors for super_copy" This reverts commit 3c181c12c431fe33b669410d663beb9cceefcd1b as it causes breakage on big endian systems with btrfs images. Reported-by: Christoph Biedl <linux-kernel.bfrz(a)manchmal.in-ulm.de> Cc: Anand Jain <anand.jain(a)oracle.com> Cc: Liu Bo <bo.li.liu(a)oracle.com> Cc: David Sterba <dsterba(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/btrfs/sysfs.c | 8 +++++--- fs/btrfs/transaction.c | 20 ++++++++------------ 2 files changed, 13 insertions(+), 15 deletions(-) --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -423,7 +423,7 @@ static ssize_t btrfs_nodesize_show(struc { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->nodesize); + return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->super_copy->nodesize); } BTRFS_ATTR(, nodesize, btrfs_nodesize_show); @@ -433,7 +433,8 @@ static ssize_t btrfs_sectorsize_show(str { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize); + return snprintf(buf, PAGE_SIZE, "%u\n", + fs_info->super_copy->sectorsize); } BTRFS_ATTR(, sectorsize, btrfs_sectorsize_show); @@ -443,7 +444,8 @@ static ssize_t btrfs_clone_alignment_sho { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize); + return snprintf(buf, PAGE_SIZE, "%u\n", + fs_info->super_copy->sectorsize); } BTRFS_ATTR(, clone_alignment, btrfs_clone_alignment_show); --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1723,23 +1723,19 @@ static void update_super_roots(struct bt super = fs_info->super_copy; - /* update latest btrfs_super_block::chunk_root refs */ root_item = &fs_info->chunk_root->root_item; - btrfs_set_super_chunk_root(super, root_item->bytenr); - btrfs_set_super_chunk_root_generation(super, root_item->generation); - btrfs_set_super_chunk_root_level(super, root_item->level); + super->chunk_root = root_item->bytenr; + super->chunk_root_generation = root_item->generation; + super->chunk_root_level = root_item->level; - /* update latest btrfs_super_block::root refs */ root_item = &fs_info->tree_root->root_item; - btrfs_set_super_root(super, root_item->bytenr); - btrfs_set_super_generation(super, root_item->generation); - btrfs_set_super_root_level(super, root_item->level); - + super->root = root_item->bytenr; + super->generation = root_item->generation; + super->root_level = root_item->level; if (btrfs_test_opt(fs_info, SPACE_CACHE)) - btrfs_set_super_cache_generation(super, root_item->generation); + super->cache_generation = root_item->generation; if (test_bit(BTRFS_FS_UPDATE_UUID_TREE_GEN, &fs_info->flags)) - btrfs_set_super_uuid_tree_generation(super, - root_item->generation); + super->uuid_tree_generation = root_item->generation; } int btrfs_transaction_in_commit(struct btrfs_fs_info *info) Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.15/serial-sh-sci-prevent-lockup-on-full-tty-buffers.patch queue-4.15/serial-8250_pci-add-brainboxes-uc-260-4-port-serial-device.patch queue-4.15/usb-usbmon-read-text-within-supplied-buffer-size.patch queue-4.15/asoc-rt5651-fix-regcache-sync-errors-on-resume.patch queue-4.15/usb-gadget-f_fs-fix-use-after-free-in-ffs_fs_kill_sb.patch queue-4.15/asoc-sgtl5000-fix-suspend-resume.patch queue-4.15/usb-storage-add-jmicron-bridge-152d-2567-to-unusual_devs.h.patch queue-4.15/usb-quirks-add-control-message-delay-for-1b1c-1b20.patch queue-4.15/scsi-sd_zbc-fix-potential-memory-leak.patch queue-4.15/xhci-fix-front-usb-ports-on-asus-prime-b350m-a.patch queue-4.15/dm-mpath-fix-passing-integrity-data.patch queue-4.15/usb-host-xhci-rcar-add-support-for-r8a77965.patch queue-4.15/earlycon-add-reg-offset-to-physical-address-before-mapping.patch queue-4.15/asoc-sun4i-i2s-fix-rx-slot-number-of-sun8i.patch queue-4.15/staging-comedi-fix-comedi_nsamples_left.patch queue-4.15/usbip-vudc-fix-null-pointer-dereference-on-udc-lock.patch queue-4.15/xhci-fix-endpoint-context-tracer-output.patch queue-4.15/x86-treat-r_x86_64_plt32-as-r_x86_64_pc32.patch queue-4.15/uas-fix-comparison-for-error-code.patch queue-4.15/asoc-wm_adsp-for-tlv-controls-only-register-tlv-get-set.patch queue-4.15/usb-dwc3-fix-lock-up-on-id-change-during-system-suspend-resume.patch queue-4.15/staging-android-ashmem-fix-lockdep-issue-during-llseek.patch queue-4.15/tty-serial-atmel-add-new-version-check-for-usart.patch queue-4.15/serial-core-mark-port-as-initialized-in-autoconfig.patch queue-4.15/revert-btrfs-use-proper-endianness-accessors-for.patch

7 years, 6 months

1
0
0 0

Patch "[PATCH] Revert "btrfs: use proper endianness accessors for" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "btrfs: use proper endianness accessors for to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-btrfs-use-proper-endianness-accessors-for.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b9d4efbe7f9c675fb7571cee52d87bc33fb17788 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 16 Mar 2018 15:00:50 +0100 Subject: [PATCH] Revert "btrfs: use proper endianness accessors for super_copy" This reverts commit 3c181c12c431fe33b669410d663beb9cceefcd1b as it causes breakage on big endian systems with btrfs images. Reported-by: Christoph Biedl <linux-kernel.bfrz(a)manchmal.in-ulm.de> Cc: Anand Jain <anand.jain(a)oracle.com> Cc: Liu Bo <bo.li.liu(a)oracle.com> Cc: David Sterba <dsterba(a)suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/btrfs/sysfs.c | 8 +++++--- fs/btrfs/transaction.c | 20 ++++++++------------ 2 files changed, 13 insertions(+), 15 deletions(-) --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -422,7 +422,7 @@ static ssize_t btrfs_nodesize_show(struc { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->nodesize); + return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->super_copy->nodesize); } BTRFS_ATTR(nodesize, btrfs_nodesize_show); @@ -432,7 +432,8 @@ static ssize_t btrfs_sectorsize_show(str { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize); + return snprintf(buf, PAGE_SIZE, "%u\n", + fs_info->super_copy->sectorsize); } BTRFS_ATTR(sectorsize, btrfs_sectorsize_show); @@ -442,7 +443,8 @@ static ssize_t btrfs_clone_alignment_sho { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize); + return snprintf(buf, PAGE_SIZE, "%u\n", + fs_info->super_copy->sectorsize); } BTRFS_ATTR(clone_alignment, btrfs_clone_alignment_show); --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1722,23 +1722,19 @@ static void update_super_roots(struct bt super = fs_info->super_copy; - /* update latest btrfs_super_block::chunk_root refs */ root_item = &fs_info->chunk_root->root_item; - btrfs_set_super_chunk_root(super, root_item->bytenr); - btrfs_set_super_chunk_root_generation(super, root_item->generation); - btrfs_set_super_chunk_root_level(super, root_item->level); + super->chunk_root = root_item->bytenr; + super->chunk_root_generation = root_item->generation; + super->chunk_root_level = root_item->level; - /* update latest btrfs_super_block::root refs */ root_item = &fs_info->tree_root->root_item; - btrfs_set_super_root(super, root_item->bytenr); - btrfs_set_super_generation(super, root_item->generation); - btrfs_set_super_root_level(super, root_item->level); - + super->root = root_item->bytenr; + super->generation = root_item->generation; + super->root_level = root_item->level; if (btrfs_test_opt(fs_info, SPACE_CACHE)) - btrfs_set_super_cache_generation(super, root_item->generation); + super->cache_generation = root_item->generation; if (test_bit(BTRFS_FS_UPDATE_UUID_TREE_GEN, &fs_info->flags)) - btrfs_set_super_uuid_tree_generation(super, - root_item->generation); + super->uuid_tree_generation = root_item->generation; } int btrfs_transaction_in_commit(struct btrfs_fs_info *info) Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.14/serial-sh-sci-prevent-lockup-on-full-tty-buffers.patch queue-4.14/serial-8250_pci-add-brainboxes-uc-260-4-port-serial-device.patch queue-4.14/usb-usbmon-read-text-within-supplied-buffer-size.patch queue-4.14/asoc-rt5651-fix-regcache-sync-errors-on-resume.patch queue-4.14/usb-gadget-f_fs-fix-use-after-free-in-ffs_fs_kill_sb.patch queue-4.14/asoc-sgtl5000-fix-suspend-resume.patch queue-4.14/usb-storage-add-jmicron-bridge-152d-2567-to-unusual_devs.h.patch queue-4.14/usb-quirks-add-control-message-delay-for-1b1c-1b20.patch queue-4.14/xhci-fix-front-usb-ports-on-asus-prime-b350m-a.patch queue-4.14/dm-mpath-fix-passing-integrity-data.patch queue-4.14/usb-host-xhci-rcar-add-support-for-r8a77965.patch queue-4.14/earlycon-add-reg-offset-to-physical-address-before-mapping.patch queue-4.14/asoc-sun4i-i2s-fix-rx-slot-number-of-sun8i.patch queue-4.14/staging-comedi-fix-comedi_nsamples_left.patch queue-4.14/net-phy-fix-resume-handling.patch queue-4.14/usbip-vudc-fix-null-pointer-dereference-on-udc-lock.patch queue-4.14/xhci-fix-endpoint-context-tracer-output.patch queue-4.14/x86-treat-r_x86_64_plt32-as-r_x86_64_pc32.patch queue-4.14/uas-fix-comparison-for-error-code.patch queue-4.14/asoc-wm_adsp-for-tlv-controls-only-register-tlv-get-set.patch queue-4.14/usb-dwc3-fix-lock-up-on-id-change-during-system-suspend-resume.patch queue-4.14/staging-android-ashmem-fix-lockdep-issue-during-llseek.patch queue-4.14/tty-serial-atmel-add-new-version-check-for-usart.patch queue-4.14/net-phy-restore-phy_resume-locking-assumption.patch queue-4.14/serial-core-mark-port-as-initialized-in-autoconfig.patch queue-4.14/revert-btrfs-use-proper-endianness-accessors-for.patch

7 years, 6 months

1
0
0 0

[PATCH] Revert "btrfs: use proper endianness accessors for super_copy"

by David Sterba

This reverts commit 3c181c12c431fe33b669410d663beb9cceefcd1b. The offending patch was merged in 4.16-rc4 and was promptly applied to stable kernels 4.14.25 and 4.15.8. The patch causes a corruption in several superblock items on big-endian machines because of messed up endianity conversions. The damage is manually repairable. A filesystem cannot be mounted again after it has been unmounted once. We do a full revert and not a fixup so stable can pick that patch ASAP. Fixes: 3c181c12c431 ("btrfs: use proper endianness accessors for super_copy") Link: https://lkml.kernel.org/r/1521139304@msgid.manchmal.in-ulm.de CC: stable(a)vger.kernel.org # 4.14+ Reported-by: Christoph Biedl <linux-kernel.bfrz(a)manchmal.in-ulm.de> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/sysfs.c | 8 +++++--- fs/btrfs/transaction.c | 20 ++++++++------------ 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c index d11c70bff5a9..a8bafed931f4 100644 --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -423,7 +423,7 @@ static ssize_t btrfs_nodesize_show(struct kobject *kobj, { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->nodesize); + return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->super_copy->nodesize); } BTRFS_ATTR(, nodesize, btrfs_nodesize_show); @@ -433,7 +433,8 @@ static ssize_t btrfs_sectorsize_show(struct kobject *kobj, { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize); + return snprintf(buf, PAGE_SIZE, "%u\n", + fs_info->super_copy->sectorsize); } BTRFS_ATTR(, sectorsize, btrfs_sectorsize_show); @@ -443,7 +444,8 @@ static ssize_t btrfs_clone_alignment_show(struct kobject *kobj, { struct btrfs_fs_info *fs_info = to_fs_info(kobj); - return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize); + return snprintf(buf, PAGE_SIZE, "%u\n", + fs_info->super_copy->sectorsize); } BTRFS_ATTR(, clone_alignment, btrfs_clone_alignment_show); diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index 9220f004001c..04f07144b45c 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1722,23 +1722,19 @@ static void update_super_roots(struct btrfs_fs_info *fs_info) super = fs_info->super_copy; - /* update latest btrfs_super_block::chunk_root refs */ root_item = &fs_info->chunk_root->root_item; - btrfs_set_super_chunk_root(super, root_item->bytenr); - btrfs_set_super_chunk_root_generation(super, root_item->generation); - btrfs_set_super_chunk_root_level(super, root_item->level); + super->chunk_root = root_item->bytenr; + super->chunk_root_generation = root_item->generation; + super->chunk_root_level = root_item->level; - /* update latest btrfs_super_block::root refs */ root_item = &fs_info->tree_root->root_item; - btrfs_set_super_root(super, root_item->bytenr); - btrfs_set_super_generation(super, root_item->generation); - btrfs_set_super_root_level(super, root_item->level); - + super->root = root_item->bytenr; + super->generation = root_item->generation; + super->root_level = root_item->level; if (btrfs_test_opt(fs_info, SPACE_CACHE)) - btrfs_set_super_cache_generation(super, root_item->generation); + super->cache_generation = root_item->generation; if (test_bit(BTRFS_FS_UPDATE_UUID_TREE_GEN, &fs_info->flags)) - btrfs_set_super_uuid_tree_generation(super, - root_item->generation); + super->uuid_tree_generation = root_item->generation; } int btrfs_transaction_in_commit(struct btrfs_fs_info *info) -- 2.16.2

7 years, 6 months

1
0
0 0

Patch "usbip: vudc: fix null pointer dereference on udc->lock" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip: vudc: fix null pointer dereference on udc->lock to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usbip-vudc-fix-null-pointer-dereference-on-udc-lock.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From df3334c223a033f562645712e832ca4cbb326bbf Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Thu, 22 Feb 2018 17:39:17 +0000 Subject: usbip: vudc: fix null pointer dereference on udc->lock From: Colin Ian King <colin.king(a)canonical.com> commit df3334c223a033f562645712e832ca4cbb326bbf upstream. Currently the driver attempts to spin lock on udc->lock before a NULL pointer check is performed on udc, hence there is a potential null pointer dereference on udc->lock. Fix this by moving the null check on udc before the lock occurs. Fixes: ea6873a45a22 ("usbip: vudc: Add SysFS infrastructure for VUDC") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Shuah Khan <shuahkh(a)osg.samsung.com> Reviewed-by: Krzysztof Opasiak <k.opasiak(a)samsung.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vudc_sysfs.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/drivers/usb/usbip/vudc_sysfs.c +++ b/drivers/usb/usbip/vudc_sysfs.c @@ -117,10 +117,14 @@ static ssize_t store_sockfd(struct devic if (rv != 0) return -EINVAL; + if (!udc) { + dev_err(dev, "no device"); + return -ENODEV; + } spin_lock_irqsave(&udc->lock, flags); /* Don't export what we don't have */ - if (!udc || !udc->driver || !udc->pullup) { - dev_err(dev, "no device or gadget not bound"); + if (!udc->driver || !udc->pullup) { + dev_err(dev, "gadget not bound"); ret = -ENODEV; goto unlock; } Patches currently in stable-queue which might be from colin.king(a)canonical.com are queue-4.9/mips-ath25-check-for-kzalloc-allocation-failure.patch queue-4.9/usbip-vudc-fix-null-pointer-dereference-on-udc-lock.patch queue-4.9/mips-octeon-irq-check-for-null-return-on-kzalloc-allocation.patch

7 years, 6 months

1
0
0 0

Patch "usb: usbmon: Read text within supplied buffer size" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: usbmon: Read text within supplied buffer size to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-usbmon-read-text-within-supplied-buffer-size.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a5f596830e27e15f7a0ecd6be55e433d776986d8 Mon Sep 17 00:00:00 2001 From: Pete Zaitcev <zaitcev(a)kotori.zaitcev.us> Date: Fri, 9 Mar 2018 00:21:14 -0600 Subject: usb: usbmon: Read text within supplied buffer size From: Pete Zaitcev <zaitcev(a)kotori.zaitcev.us> commit a5f596830e27e15f7a0ecd6be55e433d776986d8 upstream. This change fixes buffer overflows and silent data corruption with the usbmon device driver text file read operations. Signed-off-by: Fredrik Noring <noring(a)nocrew.org> Signed-off-by: Pete Zaitcev <zaitcev(a)redhat.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/mon/mon_text.c | 124 +++++++++++++++++++++++++++------------------ 1 file changed, 77 insertions(+), 47 deletions(-) --- a/drivers/usb/mon/mon_text.c +++ b/drivers/usb/mon/mon_text.c @@ -83,6 +83,8 @@ struct mon_reader_text { wait_queue_head_t wait; int printf_size; + size_t printf_offset; + size_t printf_togo; char *printf_buf; struct mutex printf_lock; @@ -374,75 +376,103 @@ err_alloc: return rc; } -/* - * For simplicity, we read one record in one system call and throw out - * what does not fit. This means that the following does not work: - * dd if=/dbg/usbmon/0t bs=10 - * Also, we do not allow seeks and do not bother advancing the offset. - */ +static ssize_t mon_text_copy_to_user(struct mon_reader_text *rp, + char __user * const buf, const size_t nbytes) +{ + const size_t togo = min(nbytes, rp->printf_togo); + + if (copy_to_user(buf, &rp->printf_buf[rp->printf_offset], togo)) + return -EFAULT; + rp->printf_togo -= togo; + rp->printf_offset += togo; + return togo; +} + +/* ppos is not advanced since the llseek operation is not permitted. */ static ssize_t mon_text_read_t(struct file *file, char __user *buf, - size_t nbytes, loff_t *ppos) + size_t nbytes, loff_t *ppos) { struct mon_reader_text *rp = file->private_data; struct mon_event_text *ep; struct mon_text_ptr ptr; + ssize_t ret; - ep = mon_text_read_wait(rp, file); - if (IS_ERR(ep)) - return PTR_ERR(ep); mutex_lock(&rp->printf_lock); - ptr.cnt = 0; - ptr.pbuf = rp->printf_buf; - ptr.limit = rp->printf_size; - - mon_text_read_head_t(rp, &ptr, ep); - mon_text_read_statset(rp, &ptr, ep); - ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt, - " %d", ep->length); - mon_text_read_data(rp, &ptr, ep); - if (copy_to_user(buf, rp->printf_buf, ptr.cnt)) - ptr.cnt = -EFAULT; + if (rp->printf_togo == 0) { + + ep = mon_text_read_wait(rp, file); + if (IS_ERR(ep)) { + mutex_unlock(&rp->printf_lock); + return PTR_ERR(ep); + } + ptr.cnt = 0; + ptr.pbuf = rp->printf_buf; + ptr.limit = rp->printf_size; + + mon_text_read_head_t(rp, &ptr, ep); + mon_text_read_statset(rp, &ptr, ep); + ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt, + " %d", ep->length); + mon_text_read_data(rp, &ptr, ep); + + rp->printf_togo = ptr.cnt; + rp->printf_offset = 0; + + kmem_cache_free(rp->e_slab, ep); + } + + ret = mon_text_copy_to_user(rp, buf, nbytes); mutex_unlock(&rp->printf_lock); - kmem_cache_free(rp->e_slab, ep); - return ptr.cnt; + return ret; } +/* ppos is not advanced since the llseek operation is not permitted. */ static ssize_t mon_text_read_u(struct file *file, char __user *buf, - size_t nbytes, loff_t *ppos) + size_t nbytes, loff_t *ppos) { struct mon_reader_text *rp = file->private_data; struct mon_event_text *ep; struct mon_text_ptr ptr; + ssize_t ret; - ep = mon_text_read_wait(rp, file); - if (IS_ERR(ep)) - return PTR_ERR(ep); mutex_lock(&rp->printf_lock); - ptr.cnt = 0; - ptr.pbuf = rp->printf_buf; - ptr.limit = rp->printf_size; - mon_text_read_head_u(rp, &ptr, ep); - if (ep->type == 'E') { - mon_text_read_statset(rp, &ptr, ep); - } else if (ep->xfertype == USB_ENDPOINT_XFER_ISOC) { - mon_text_read_isostat(rp, &ptr, ep); - mon_text_read_isodesc(rp, &ptr, ep); - } else if (ep->xfertype == USB_ENDPOINT_XFER_INT) { - mon_text_read_intstat(rp, &ptr, ep); - } else { - mon_text_read_statset(rp, &ptr, ep); + if (rp->printf_togo == 0) { + + ep = mon_text_read_wait(rp, file); + if (IS_ERR(ep)) { + mutex_unlock(&rp->printf_lock); + return PTR_ERR(ep); + } + ptr.cnt = 0; + ptr.pbuf = rp->printf_buf; + ptr.limit = rp->printf_size; + + mon_text_read_head_u(rp, &ptr, ep); + if (ep->type == 'E') { + mon_text_read_statset(rp, &ptr, ep); + } else if (ep->xfertype == USB_ENDPOINT_XFER_ISOC) { + mon_text_read_isostat(rp, &ptr, ep); + mon_text_read_isodesc(rp, &ptr, ep); + } else if (ep->xfertype == USB_ENDPOINT_XFER_INT) { + mon_text_read_intstat(rp, &ptr, ep); + } else { + mon_text_read_statset(rp, &ptr, ep); + } + ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt, + " %d", ep->length); + mon_text_read_data(rp, &ptr, ep); + + rp->printf_togo = ptr.cnt; + rp->printf_offset = 0; + + kmem_cache_free(rp->e_slab, ep); } - ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt, - " %d", ep->length); - mon_text_read_data(rp, &ptr, ep); - if (copy_to_user(buf, rp->printf_buf, ptr.cnt)) - ptr.cnt = -EFAULT; + ret = mon_text_copy_to_user(rp, buf, nbytes); mutex_unlock(&rp->printf_lock); - kmem_cache_free(rp->e_slab, ep); - return ptr.cnt; + return ret; } static struct mon_event_text *mon_text_read_wait(struct mon_reader_text *rp, Patches currently in stable-queue which might be from zaitcev(a)kotori.zaitcev.us are queue-4.9/usb-usbmon-read-text-within-supplied-buffer-size.patch

7 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror