- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "ath10k: fix incorrect txpower set by P2P_DEVICE interface" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ath10k: fix incorrect txpower set by P2P_DEVICE interface to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ath10k-fix-incorrect-txpower-set-by-p2p_device-interface.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:49:28 CET 2017 From: Ryan Hsu <ryanhsu(a)qca.qualcomm.com> Date: Tue, 13 Dec 2016 14:55:19 -0800 Subject: ath10k: fix incorrect txpower set by P2P_DEVICE interface From: Ryan Hsu <ryanhsu(a)qca.qualcomm.com> [ Upstream commit 88407beb1b1462f706a1950a355fd086e1c450b6 ] Ath10k reports the phy capability that supports P2P_DEVICE interface. When we use the P2P supported wpa_supplicant to start connection, it'll create two interfaces, one is wlan0 (vdev_id=0) and one is P2P_DEVICE p2p-dev-wlan0 which is for p2p control channel (vdev_id=1). ath10k_pci mac vdev create 0 (add interface) type 2 subtype 0 ath10k_add_interface: vdev_id: 0, txpower: 0, bss_power: 0 ... ath10k_pci mac vdev create 1 (add interface) type 2 subtype 1 ath10k_add_interface: vdev_id: 1, txpower: 0, bss_power: 0 And the txpower in per vif bss_conf will only be set to valid tx power when the interface is assigned with channel_ctx. But this P2P_DEVICE interface will never be used for any connection, so that the uninitialized bss_conf.txpower=0 is assinged to the arvif->txpower when interface created. Since the txpower configuration is firmware per physical interface. So the smallest txpower of all vifs will be the one limit the tx power of the physical device, that causing the low txpower issue on other active interfaces. wlan0: Limiting TX power to 21 (24 - 3) dBm ath10k_pci mac vdev_id 0 txpower 21 ath10k_mac_txpower_recalc: vdev_id: 1, txpower: 0 ath10k_mac_txpower_recalc: vdev_id: 0, txpower: 21 ath10k_pci mac txpower 0 This issue only happens when we use the wpa_supplicant that supports P2P or if we use the iw tool to create the control P2P_DEVICE interface. Signed-off-by: Ryan Hsu <ryanhsu(a)qca.qualcomm.com> Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/ath/ath10k/mac.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/drivers/net/wireless/ath/ath10k/mac.c +++ b/drivers/net/wireless/ath/ath10k/mac.c @@ -4668,7 +4668,8 @@ static int ath10k_mac_txpower_recalc(str lockdep_assert_held(&ar->conf_mutex); list_for_each_entry(arvif, &ar->arvifs, list) { - WARN_ON(arvif->txpower < 0); + if (arvif->txpower <= 0) + continue; if (txpower == -1) txpower = arvif->txpower; @@ -4676,8 +4677,8 @@ static int ath10k_mac_txpower_recalc(str txpower = min(txpower, arvif->txpower); } - if (WARN_ON(txpower == -1)) - return -EINVAL; + if (txpower == -1) + return 0; ret = ath10k_mac_txpower_setup(ar, txpower); if (ret) { Patches currently in stable-queue which might be from ryanhsu(a)qca.qualcomm.com are queue-4.9/ath10k-fix-incorrect-txpower-set-by-p2p_device-interface.patch queue-4.9/ath10k-ignore-configuring-the-incorrect-board_id.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: asoc-wm_adsp-don-t-overrun-firmware-file-buffer-when-reading-region-data.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:49:28 CET 2017 From: Richard Fitzgerald <rf(a)opensource.wolfsonmicro.com> Date: Tue, 20 Dec 2016 10:29:12 +0000 Subject: ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data From: Richard Fitzgerald <rf(a)opensource.wolfsonmicro.com> [ Upstream commit 1cab2a84f470e15ecc8e5143bfe9398c6e888032 ] Protect against corrupt firmware files by ensuring that the length we get for the data in a region actually lies within the available firmware file data buffer. Signed-off-by: Richard Fitzgerald <rf(a)opensource.wolfsonmicro.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/soc/codecs/wm_adsp.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) --- a/sound/soc/codecs/wm_adsp.c +++ b/sound/soc/codecs/wm_adsp.c @@ -1365,7 +1365,7 @@ static int wm_adsp_load(struct wm_adsp * const struct wmfw_region *region; const struct wm_adsp_region *mem; const char *region_name; - char *file, *text; + char *file, *text = NULL; struct wm_adsp_buf *buf; unsigned int reg; int regions = 0; @@ -1526,10 +1526,21 @@ static int wm_adsp_load(struct wm_adsp * regions, le32_to_cpu(region->len), offset, region_name); + if ((pos + le32_to_cpu(region->len) + sizeof(*region)) > + firmware->size) { + adsp_err(dsp, + "%s.%d: %s region len %d bytes exceeds file length %zu\n", + file, regions, region_name, + le32_to_cpu(region->len), firmware->size); + ret = -EINVAL; + goto out_fw; + } + if (text) { memcpy(text, region->data, le32_to_cpu(region->len)); adsp_info(dsp, "%s: %s\n", file, text); kfree(text); + text = NULL; } if (reg) { @@ -1574,6 +1585,7 @@ out_fw: regmap_async_complete(regmap); wm_adsp_buf_free(&buf_list); release_firmware(firmware); + kfree(text); out: kfree(file); @@ -2054,6 +2066,17 @@ static int wm_adsp_load_coeff(struct wm_ } if (reg) { + if ((pos + le32_to_cpu(blk->len) + sizeof(*blk)) > + firmware->size) { + adsp_err(dsp, + "%s.%d: %s region len %d bytes exceeds file length %zu\n", + file, blocks, region_name, + le32_to_cpu(blk->len), + firmware->size); + ret = -EINVAL; + goto out_fw; + } + buf = wm_adsp_buf_alloc(blk->data, le32_to_cpu(blk->len), &buf_list); Patches currently in stable-queue which might be from rf(a)opensource.wolfsonmicro.com are queue-4.9/asoc-wm_adsp-don-t-overrun-firmware-file-buffer-when-reading-region-data.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "ASoC: rsnd: don't double free kctrl" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ASoC: rsnd: don't double free kctrl to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: asoc-rsnd-don-t-double-free-kctrl.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:49:28 CET 2017 From: Colin Ian King <colin.king(a)canonical.com> Date: Thu, 8 Dec 2016 13:05:43 +0000 Subject: ASoC: rsnd: don't double free kctrl From: Colin Ian King <colin.king(a)canonical.com> [ Upstream commit 0ea617a298dcdc2251b4e10f83ac3f3e627b66e3 ] On an error, snd_ctl_add already free's kctrl, so calling snd_ctl_free_one to free it again leads to a double free error. Fix this by removing the extraneous snd_ctl_free_one call. Issue found using static analysis with CoverityScan, CID 1372908 Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/soc/sh/rcar/core.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/sound/soc/sh/rcar/core.c +++ b/sound/soc/sh/rcar/core.c @@ -978,10 +978,8 @@ static int __rsnd_kctrl_new(struct rsnd_ return -ENOMEM; ret = snd_ctl_add(card, kctrl); - if (ret < 0) { - snd_ctl_free_one(kctrl); + if (ret < 0) return ret; - } cfg->update = update; cfg->card = card; Patches currently in stable-queue which might be from colin.king(a)canonical.com are queue-4.9/asoc-rsnd-don-t-double-free-kctrl.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-hda-apply-alc269_fixup_no_shutup-on-hda_fixup_act_probe.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:49:28 CET 2017 From: Gabriele Mazzotta <gabriele.mzt(a)gmail.com> Date: Sat, 24 Dec 2016 19:50:00 +0100 Subject: ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE From: Gabriele Mazzotta <gabriele.mzt(a)gmail.com> [ Upstream commit 972aa2c708703c21f14eb958b37e82aae2530e44 ] Setting shutup when the action is HDA_FIXUP_ACT_PRE_PROBE might not have the desired effect since it could be overridden by another more generic shutup function. Prevent this by setting the more specific shutup function on HDA_FIXUP_ACT_PROBE. Signed-off-by: Gabriele Mazzotta <gabriele.mzt(a)gmail.com> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/pci/hda/patch_realtek.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -4419,7 +4419,7 @@ static void alc_no_shutup(struct hda_cod static void alc_fixup_no_shutup(struct hda_codec *codec, const struct hda_fixup *fix, int action) { - if (action == HDA_FIXUP_ACT_PRE_PROBE) { + if (action == HDA_FIXUP_ACT_PROBE) { struct alc_spec *spec = codec->spec; spec->shutup = alc_no_shutup; } Patches currently in stable-queue which might be from gabriele.mzt(a)gmail.com are queue-4.9/alsa-hda-apply-alc269_fixup_no_shutup-on-hda_fixup_act_probe.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "adm80211: return an error if adm8211_alloc_rings() fails" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled adm80211: return an error if adm8211_alloc_rings() fails to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: adm80211-return-an-error-if-adm8211_alloc_rings-fails.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:49:28 CET 2017 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 7 Dec 2016 14:21:22 +0300 Subject: adm80211: return an error if adm8211_alloc_rings() fails From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit c705a6b3aa7804d7bc6660183f51e510c61dc807 ] We accidentally return success when adm8211_alloc_rings() fails but we should preserve the error code. Fixes: cc0b88cf5ecf ("[PATCH] Add adm8211 802.11b wireless driver") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/admtek/adm8211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/wireless/admtek/adm8211.c +++ b/drivers/net/wireless/admtek/adm8211.c @@ -1843,7 +1843,8 @@ static int adm8211_probe(struct pci_dev priv->rx_ring_size = rx_ring_size; priv->tx_ring_size = tx_ring_size; - if (adm8211_alloc_rings(dev)) { + err = adm8211_alloc_rings(dev); + if (err) { printk(KERN_ERR "%s (adm8211): Cannot allocate TX/RX ring\n", pci_name(pdev)); goto err_iounmap; Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.9/ecryptfs-use-after-free-in-ecryptfs_release_messaging.patch queue-4.9/adm80211-return-an-error-if-adm8211_alloc_rings-fails.patch queue-4.9/nfc-fix-device-allocation-error-return.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "adm80211: add checks for dma mapping errors" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled adm80211: add checks for dma mapping errors to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: adm80211-add-checks-for-dma-mapping-errors.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:49:28 CET 2017 From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Date: Sat, 3 Dec 2016 00:52:46 +0300 Subject: adm80211: add checks for dma mapping errors From: Alexey Khoroshilov <khoroshilov(a)ispras.ru> [ Upstream commit d15697de60db5570532fdedb8e13b2251d65b8e3 ] The driver does not check if mapping dma memory succeed. The patch adds the checks and failure handling. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/admtek/adm8211.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) --- a/drivers/net/wireless/admtek/adm8211.c +++ b/drivers/net/wireless/admtek/adm8211.c @@ -413,6 +413,13 @@ static void adm8211_interrupt_rci(struct skb_tail_pointer(newskb), RX_PKT_SIZE, PCI_DMA_FROMDEVICE); + if (pci_dma_mapping_error(priv->pdev, + priv->rx_buffers[entry].mapping)) { + priv->rx_buffers[entry].skb = NULL; + dev_kfree_skb(newskb); + skb = NULL; + /* TODO: update rx dropped stats */ + } } else { skb = NULL; /* TODO: update rx dropped stats */ @@ -1450,6 +1457,12 @@ static int adm8211_init_rings(struct iee skb_tail_pointer(rx_info->skb), RX_PKT_SIZE, PCI_DMA_FROMDEVICE); + if (pci_dma_mapping_error(priv->pdev, rx_info->mapping)) { + dev_kfree_skb(rx_info->skb); + rx_info->skb = NULL; + break; + } + desc->buffer1 = cpu_to_le32(rx_info->mapping); desc->status = cpu_to_le32(RDES0_STATUS_OWN | RDES0_STATUS_SQL); } @@ -1613,7 +1626,7 @@ static void adm8211_calc_durations(int * } /* Transmit skb w/adm8211_tx_hdr (802.11 header created by hardware) */ -static void adm8211_tx_raw(struct ieee80211_hw *dev, struct sk_buff *skb, +static int adm8211_tx_raw(struct ieee80211_hw *dev, struct sk_buff *skb, u16 plcp_signal, size_t hdrlen) { @@ -1625,6 +1638,8 @@ static void adm8211_tx_raw(struct ieee80 mapping = pci_map_single(priv->pdev, skb->data, skb->len, PCI_DMA_TODEVICE); + if (pci_dma_mapping_error(priv->pdev, mapping)) + return -ENOMEM; spin_lock_irqsave(&priv->lock, flags); @@ -1657,6 +1672,8 @@ static void adm8211_tx_raw(struct ieee80 /* Trigger transmit poll */ ADM8211_CSR_WRITE(TDR, 0); + + return 0; } /* Put adm8211_tx_hdr on skb and transmit */ @@ -1710,7 +1727,10 @@ static void adm8211_tx(struct ieee80211_ txhdr->retry_limit = info->control.rates[0].count; - adm8211_tx_raw(dev, skb, plcp_signal, hdrlen); + if (adm8211_tx_raw(dev, skb, plcp_signal, hdrlen)) { + /* Drop packet */ + ieee80211_free_txskb(dev, skb); + } } static int adm8211_alloc_rings(struct ieee80211_hw *dev) Patches currently in stable-queue which might be from khoroshilov(a)ispras.ru are queue-4.9/adm80211-add-checks-for-dma-mapping-errors.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "Revert "drm/i915: Do not rely on wm preservation for ILK watermarks"" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-drm-i915-do-not-rely-on-wm-preservation-for-ilk-watermarks.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Nov 28 10:15:23 CET 2017 Date: Tue, 28 Nov 2017 10:15:23 +0100 To: Greg KH <gregkh(a)linuxfoundation.org> From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Subject: Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" This reverts commit 7de694782cbe7840f2c0de6f1e70f41fc1b8b6e8 which is commit 8777b927b92cf5b6c29f9f9d3c737addea9ac8a7 upstream. It was reported to cause flickering and other regressions. Reported-by: Rainer Fiebig <jrf(a)mailbox.org> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> reverted: --- drivers/gpu/drm/i915/intel_drv.h | 1 drivers/gpu/drm/i915/intel_pm.c | 52 ++++++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 22 deletions(-) --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -457,6 +457,7 @@ struct intel_crtc_scaler_state { struct intel_pipe_wm { struct intel_wm_level wm[5]; + struct intel_wm_level raw_wm[5]; uint32_t linetime; bool fbc_wm_enabled; bool pipe_enabled; --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -27,7 +27,6 @@ #include <linux/cpufreq.h> #include <drm/drm_plane_helper.h> -#include <drm/drm_atomic_helper.h> #include "i915_drv.h" #include "intel_drv.h" #include "../../../platform/x86/intel_ips.h" @@ -2018,9 +2017,9 @@ static void ilk_compute_wm_level(const s const struct intel_crtc *intel_crtc, int level, struct intel_crtc_state *cstate, - const struct intel_plane_state *pristate, - const struct intel_plane_state *sprstate, - const struct intel_plane_state *curstate, + struct intel_plane_state *pristate, + struct intel_plane_state *sprstate, + struct intel_plane_state *curstate, struct intel_wm_level *result) { uint16_t pri_latency = dev_priv->wm.pri_latency[level]; @@ -2342,24 +2341,28 @@ static int ilk_compute_pipe_wm(struct in struct intel_pipe_wm *pipe_wm; struct drm_device *dev = state->dev; const struct drm_i915_private *dev_priv = to_i915(dev); - struct drm_plane *plane; - const struct drm_plane_state *plane_state; - const struct intel_plane_state *pristate = NULL; - const struct intel_plane_state *sprstate = NULL; - const struct intel_plane_state *curstate = NULL; + struct intel_plane *intel_plane; + struct intel_plane_state *pristate = NULL; + struct intel_plane_state *sprstate = NULL; + struct intel_plane_state *curstate = NULL; int level, max_level = ilk_wm_max_level(dev), usable_level; struct ilk_wm_maximums max; pipe_wm = &cstate->wm.ilk.optimal; - drm_atomic_crtc_state_for_each_plane_state(plane, plane_state, &cstate->base) { - const struct intel_plane_state *ps = to_intel_plane_state(plane_state); + for_each_intel_plane_on_crtc(dev, intel_crtc, intel_plane) { + struct intel_plane_state *ps; - if (plane->type == DRM_PLANE_TYPE_PRIMARY) + ps = intel_atomic_get_existing_plane_state(state, + intel_plane); + if (!ps) + continue; + + if (intel_plane->base.type == DRM_PLANE_TYPE_PRIMARY) pristate = ps; - else if (plane->type == DRM_PLANE_TYPE_OVERLAY) + else if (intel_plane->base.type == DRM_PLANE_TYPE_OVERLAY) sprstate = ps; - else if (plane->type == DRM_PLANE_TYPE_CURSOR) + else if (intel_plane->base.type == DRM_PLANE_TYPE_CURSOR) curstate = ps; } @@ -2381,9 +2384,11 @@ static int ilk_compute_pipe_wm(struct in if (pipe_wm->sprites_scaled) usable_level = 0; - memset(&pipe_wm->wm, 0, sizeof(pipe_wm->wm)); ilk_compute_wm_level(dev_priv, intel_crtc, 0, cstate, - pristate, sprstate, curstate, &pipe_wm->wm[0]); + pristate, sprstate, curstate, &pipe_wm->raw_wm[0]); + + memset(&pipe_wm->wm, 0, sizeof(pipe_wm->wm)); + pipe_wm->wm[0] = pipe_wm->raw_wm[0]; if (IS_HASWELL(dev) || IS_BROADWELL(dev)) pipe_wm->linetime = hsw_compute_linetime_wm(cstate); @@ -2393,8 +2398,8 @@ static int ilk_compute_pipe_wm(struct in ilk_compute_wm_reg_maximums(dev, 1, &max); - for (level = 1; level <= usable_level; level++) { - struct intel_wm_level *wm = &pipe_wm->wm[level]; + for (level = 1; level <= max_level; level++) { + struct intel_wm_level *wm = &pipe_wm->raw_wm[level]; ilk_compute_wm_level(dev_priv, intel_crtc, level, cstate, pristate, sprstate, curstate, wm); @@ -2404,10 +2409,13 @@ static int ilk_compute_pipe_wm(struct in * register maximums since such watermarks are * always invalid. */ - if (!ilk_validate_wm_level(level, &max, wm)) { - memset(wm, 0, sizeof(*wm)); - break; - } + if (level > usable_level) + continue; + + if (ilk_validate_wm_level(level, &max, wm)) + pipe_wm->wm[level] = *wm; + else + usable_level = level; } return 0; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.9/sched-make-resched_cpu-unconditional.patch queue-4.9/media-rc-check-for-integer-overflow.patch queue-4.9/kvm-nvmx-set-idtr-and-gdtr-limits-when-loading-l1-host-state.patch queue-4.9/rtlwifi-fix-uninitialized-rtlhal-last_suspend_sec-time.patch queue-4.9/libnvdimm-pfn-make-resource-attribute-only-readable-by-root.patch queue-4.9/mips-fix-an-n32-core-file-generation-regset-support-regression.patch queue-4.9/x86-decoder-add-new-test-instruction-pattern.patch queue-4.9/mtd-nand-fix-writing-mtdoops-to-nand-flash.patch queue-4.9/i40evf-use-smp_rmb-rather-than-read_barrier_depends.patch queue-4.9/revert-drm-i915-do-not-rely-on-wm-preservation-for-ilk-watermarks.patch queue-4.9/ecryptfs-use-after-free-in-ecryptfs_release_messaging.patch queue-4.9/s390-disassembler-add-missing-end-marker-for-e7-table.patch queue-4.9/dm-allocate-struct-mapped_device-with-kvzalloc.patch queue-4.9/kvm-svm-obey-guest-pat.patch queue-4.9/block-fix-a-race-between-blk_cleanup_queue-and-timeout-handling.patch queue-4.9/cx231xx-cards-fix-null-deref-on-missing-association-descriptor.patch queue-4.9/s390-disassembler-increase-show_code-buffer-size.patch queue-4.9/alsa-timer-remove-kernel-warning-at-compat-ioctl-error-paths.patch queue-4.9/igb-use-smp_rmb-rather-than-read_barrier_depends.patch queue-4.9/mtd-nand-mtk-fix-infinite-ecc-decode-irq-issue.patch queue-4.9/s390-fix-transactional-execution-control-register-handling.patch queue-4.9/lib-mpi-call-cond_resched-from-mpi_powm-loop.patch queue-4.9/nfs-avoid-rcu-usage-in-tracepoints.patch queue-4.9/alsa-hda-add-raven-pci-id.patch queue-4.9/dm-fix-race-between-dm_get_from_kobject-and-__dm_destroy.patch queue-4.9/clk-ti-dra7-atl-clock-fix-child-node-lookups.patch queue-4.9/arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch queue-4.9/nfs-fix-ugly-referral-attributes.patch queue-4.9/target-fix-queue_full-scsi-task-attribute-handling.patch queue-4.9/mips-bcm47xx-fix-led-inversion-for-wrt54gsv1.patch queue-4.9/vsock-use-new-wait-api-for-vsock_stream_sendmsg.patch queue-4.9/lockd-double-unregister-of-inetaddr-notifiers.patch queue-4.9/autofs-don-t-fail-mount-for-transient-error.patch queue-4.9/net-9p-switch-to-wait_event_killable.patch queue-4.9/media-v4l2-ctrl-fix-flags-field-on-control-events.patch queue-4.9/p54-don-t-unregister-leds-when-they-are-not-initialized.patch queue-4.9/e1000e-fix-error-path-in-link-detection.patch queue-4.9/mips-ralink-fix-mt7628-pinmux.patch queue-4.9/e1000e-separate-signaling-for-link-check-link-up.patch queue-4.9/x86-entry-64-add-missing-irqflags-tracing-to-native_load_gs_index.patch queue-4.9/iscsi-target-fix-non-immediate-tmr-reference-leak.patch queue-4.9/alsa-usb-audio-add-sanity-checks-in-v2-clock-parsers.patch queue-4.9/rt2x00usb-mark-device-removed-when-get-enoent-usb-error.patch queue-4.9/isofs-fix-timestamps-beyond-2027.patch queue-4.9/nfs-fix-typo-in-nomigration-mount-option.patch queue-4.9/alsa-hda-fix-too-short-hdmi-dp-chmap-reporting.patch queue-4.9/fs-9p-compare-qid.path-in-v9fs_test_inode.patch queue-4.9/x86-mm-fix-use-after-free-of-vma-during-userfaultfd-fault.patch queue-4.9/alsa-hda-realtek-fix-alc700-family-no-sound-issue.patch queue-4.9/pm-opp-add-missing-of_node_put-np.patch queue-4.9/ixgbevf-use-smp_rmb-rather-than-read_barrier_depends.patch queue-4.9/sched-rt-simplify-the-ipi-based-rt-balancing-logic.patch queue-4.9/igbvf-use-smp_rmb-rather-than-read_barrier_depends.patch queue-4.9/e1000e-fix-return-value-test.patch queue-4.9/s390-runtime-instrumention-fix-possible-memory-corruption.patch queue-4.9/nfsd-deal-with-revoked-delegations-appropriately.patch queue-4.9/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch queue-4.9/ata-fixes-kernel-crash-while-tracing-ata_eh_link_autopsy-event.patch queue-4.9/ipv6-only-call-ip6_route_dev_notify-once-for-netdev_unregister.patch queue-4.9/fm10k-use-smp_rmb-rather-than-read_barrier_depends.patch queue-4.9/pci-set-cavium-acs-capability-quirk-flags-to-assert-rr-cr-sv-uf.patch queue-4.9/bcache-check-ca-alloc_thread-initialized-before-wake-up-it.patch queue-4.9/ixgbe-fix-skb-list-corruption-on-power-systems.patch queue-4.9/alsa-usb-audio-fix-potential-out-of-bound-access-at-parsing-su.patch queue-4.9/mips-fix-odd-fp-register-warnings-with-mips64r2.patch queue-4.9/acpi-ec-fix-regression-related-to-triggering-source-of-ec-event-handling.patch queue-4.9/alsa-pcm-update-tstamp-only-if-audio_tstamp-changed.patch queue-4.9/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch queue-4.9/parisc-fix-validity-check-of-pointer-size-argument-in-new-cas-implementation.patch queue-4.9/e1000e-avoid-receiver-overrun-interrupt-bursts.patch queue-4.9/mips-pci-remove-kern_warn-instance-inside-the-mt7620-driver.patch queue-4.9/fix-a-page-leak-in-vhost_scsi_iov_to_sgl-error-recovery.patch queue-4.9/mips-ralink-fix-typo-in-mt7628-pinmux-function.patch queue-4.9/powerpc-signal-properly-handle-return-value-from-uprobe_deny_signal.patch queue-4.9/dm-bufio-fix-integer-overflow-when-limiting-maximum-cache-size.patch queue-4.9/mips-dts-remove-bogus-bcm96358nb4ser.dtb-from-dtb-y-entry.patch queue-4.9/nilfs2-fix-race-condition-that-causes-file-system-corruption.patch queue-4.9/ib-srp-avoid-that-a-cable-pull-can-trigger-a-kernel-crash.patch queue-4.9/irqchip-gic-v3-fix-ppi-partitions-lookup.patch queue-4.9/libnvdimm-namespace-make-resource-attribute-only-readable-by-root.patch queue-4.9/ib-srpt-do-not-accept-invalid-initiator-port-names.patch queue-4.9/nfc-fix-device-allocation-error-return.patch queue-4.9/rtlwifi-rtl8192ee-fix-memory-leak-when-loading-firmware.patch queue-4.9/arm64-implement-arch-specific-pte_access_permitted.patch queue-4.9/mtd-nand-omap2-fix-subpage-write.patch queue-4.9/libceph-don-t-warn-if-user-tries-to-add-invalid-key.patch queue-4.9/media-don-t-do-dma-on-stack-for-firmware-upload-in-the-as102-driver.patch queue-4.9/i40e-use-smp_rmb-rather-than-read_barrier_depends.patch queue-4.9/libnvdimm-namespace-fix-label-initialization-to-use-valid-seq-numbers.patch queue-4.9/alsa-usb-audio-add-sanity-checks-to-fe-parser.patch queue-4.9/sunrpc-fix-tracepoint-storage-issues-with-svc_recv-and-svc_rqst_status.patch queue-4.9/ext4-fix-interaction-between-i_size-fallocate-and-delalloc-after-a-crash.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "e1000e: Separate signaling for link check/link up" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled e1000e: Separate signaling for link check/link up to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: e1000e-separate-signaling-for-link-check-link-up.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 19110cfbb34d4af0cdfe14cd243f3b09dc95b013 Mon Sep 17 00:00:00 2001 From: Benjamin Poirier <bpoirier(a)suse.com> Date: Fri, 21 Jul 2017 11:36:26 -0700 Subject: e1000e: Separate signaling for link check/link up From: Benjamin Poirier <bpoirier(a)suse.com> commit 19110cfbb34d4af0cdfe14cd243f3b09dc95b013 upstream. Lennart reported the following race condition: \ e1000_watchdog_task \ e1000e_has_link \ hw->mac.ops.check_for_link() === e1000e_check_for_copper_link /* link is up */ mac->get_link_status = false; /* interrupt */ \ e1000_msix_other hw->mac.get_link_status = true; link_active = !hw->mac.get_link_status /* link_active is false, wrongly */ This problem arises because the single flag get_link_status is used to signal two different states: link status needs checking and link status is down. Avoid the problem by using the return value of .check_for_link to signal the link status to e1000e_has_link(). Reported-by: Lennart Sorensen <lsorense(a)csclub.uwaterloo.ca> Signed-off-by: Benjamin Poirier <bpoirier(a)suse.com> Tested-by: Aaron Brown <aaron.f.brown(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/e1000e/mac.c | 11 ++++++++--- drivers/net/ethernet/intel/e1000e/netdev.c | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/intel/e1000e/mac.c +++ b/drivers/net/ethernet/intel/e1000e/mac.c @@ -410,6 +410,9 @@ void e1000e_clear_hw_cntrs_base(struct e * Checks to see of the link status of the hardware has changed. If a * change in link status has been detected, then we read the PHY registers * to get the current speed/duplex if link exists. + * + * Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link + * up). **/ s32 e1000e_check_for_copper_link(struct e1000_hw *hw) { @@ -423,7 +426,7 @@ s32 e1000e_check_for_copper_link(struct * Change or Rx Sequence Error interrupt. */ if (!mac->get_link_status) - return 0; + return 1; /* First we want to see if the MII Status Register reports * link. If so, then we want to get the current speed/duplex @@ -461,10 +464,12 @@ s32 e1000e_check_for_copper_link(struct * different link partner. */ ret_val = e1000e_config_fc_after_link_up(hw); - if (ret_val) + if (ret_val) { e_dbg("Error configuring flow control\n"); + return ret_val; + } - return ret_val; + return 1; } /** --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -5056,7 +5056,7 @@ static bool e1000e_has_link(struct e1000 case e1000_media_type_copper: if (hw->mac.get_link_status) { ret_val = hw->mac.ops.check_for_link(hw); - link_active = !hw->mac.get_link_status; + link_active = ret_val > 0; } else { link_active = true; } Patches currently in stable-queue which might be from bpoirier(a)suse.com are queue-4.9/e1000e-fix-error-path-in-link-detection.patch queue-4.9/e1000e-separate-signaling-for-link-check-link-up.patch queue-4.9/e1000e-fix-return-value-test.patch queue-4.9/e1000e-avoid-receiver-overrun-interrupt-bursts.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "e1000e: Fix return value test" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled e1000e: Fix return value test to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: e1000e-fix-return-value-test.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d3509f8bc7b0560044c15f0e3ecfde1d9af757a6 Mon Sep 17 00:00:00 2001 From: Benjamin Poirier <bpoirier(a)suse.com> Date: Fri, 21 Jul 2017 11:36:25 -0700 Subject: e1000e: Fix return value test From: Benjamin Poirier <bpoirier(a)suse.com> commit d3509f8bc7b0560044c15f0e3ecfde1d9af757a6 upstream. All the helpers return -E1000_ERR_PHY. Signed-off-by: Benjamin Poirier <bpoirier(a)suse.com> Tested-by: Aaron Brown <aaron.f.brown(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/e1000e/netdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -5074,7 +5074,7 @@ static bool e1000e_has_link(struct e1000 break; } - if ((ret_val == E1000_ERR_PHY) && (hw->phy.type == e1000_phy_igp_3) && + if ((ret_val == -E1000_ERR_PHY) && (hw->phy.type == e1000_phy_igp_3) && (er32(CTRL) & E1000_PHY_CTRL_GBE_DISABLE)) { /* See e1000_kmrn_lock_loss_workaround_ich8lan() */ e_info("Gigabit has been disabled, downgrading speed\n"); Patches currently in stable-queue which might be from bpoirier(a)suse.com are queue-4.9/e1000e-fix-error-path-in-link-detection.patch queue-4.9/e1000e-separate-signaling-for-link-check-link-up.patch queue-4.9/e1000e-fix-return-value-test.patch queue-4.9/e1000e-avoid-receiver-overrun-interrupt-bursts.patch

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] Patch "e1000e: Fix error path in link detection" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled e1000e: Fix error path in link detection to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: e1000e-fix-error-path-in-link-detection.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c4c40e51f9c32c6dd8adf606624c930a1c4d9bbb Mon Sep 17 00:00:00 2001 From: Benjamin Poirier <bpoirier(a)suse.com> Date: Fri, 21 Jul 2017 11:36:23 -0700 Subject: e1000e: Fix error path in link detection From: Benjamin Poirier <bpoirier(a)suse.com> commit c4c40e51f9c32c6dd8adf606624c930a1c4d9bbb upstream. In case of error from e1e_rphy(), the loop will exit early and "success" will be set to true erroneously. Signed-off-by: Benjamin Poirier <bpoirier(a)suse.com> Tested-by: Aaron Brown <aaron.f.brown(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/intel/e1000e/phy.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/drivers/net/ethernet/intel/e1000e/phy.c +++ b/drivers/net/ethernet/intel/e1000e/phy.c @@ -1744,6 +1744,7 @@ s32 e1000e_phy_has_link_generic(struct e s32 ret_val = 0; u16 i, phy_status; + *success = false; for (i = 0; i < iterations; i++) { /* Some PHYs require the MII_BMSR register to be read * twice due to the link bit being sticky. No harm doing @@ -1763,16 +1764,16 @@ s32 e1000e_phy_has_link_generic(struct e ret_val = e1e_rphy(hw, MII_BMSR, &phy_status); if (ret_val) break; - if (phy_status & BMSR_LSTATUS) + if (phy_status & BMSR_LSTATUS) { + *success = true; break; + } if (usec_interval >= 1000) msleep(usec_interval / 1000); else udelay(usec_interval); } - *success = (i < iterations); - return ret_val; } Patches currently in stable-queue which might be from bpoirier(a)suse.com are queue-4.9/e1000e-fix-error-path-in-link-detection.patch queue-4.9/e1000e-separate-signaling-for-link-check-link-up.patch queue-4.9/e1000e-fix-return-value-test.patch queue-4.9/e1000e-avoid-receiver-overrun-interrupt-bursts.patch

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror