- Linux-stable-mirror - lists.linaro.org

Patch "ALSA: aloop: Fix access to not-yet-ready substream via cable" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: aloop: Fix access to not-yet-ready substream via cable to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-aloop-fix-access-to-not-yet-ready-substream-via-cable.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 8e6b1a72a75bb5067ccb6b56d8ca4aa3a300a64e Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Thu, 22 Mar 2018 10:40:27 +0100 Subject: ALSA: aloop: Fix access to not-yet-ready substream via cable From: Takashi Iwai <tiwai(a)suse.de> commit 8e6b1a72a75bb5067ccb6b56d8ca4aa3a300a64e upstream. In loopback_open() and loopback_close(), we assign and release the substream object to the corresponding cable in a racy way. It's neither locked nor done in the right position. The open callback assigns the substream before its preparation finishes, hence the other side of the cable may pick it up, which may lead to the invalid memory access. This patch addresses these: move the assignment to the end of the open callback, and wrap with cable->lock for avoiding concurrent accesses. Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/drivers/aloop.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/sound/drivers/aloop.c +++ b/sound/drivers/aloop.c @@ -667,7 +667,9 @@ static void free_cable(struct snd_pcm_su return; if (cable->streams[!substream->stream]) { /* other stream is still alive */ + spin_lock_irq(&cable->lock); cable->streams[substream->stream] = NULL; + spin_unlock_irq(&cable->lock); } else { /* free the cable */ loopback->cables[substream->number][dev] = NULL; @@ -707,7 +709,6 @@ static int loopback_open(struct snd_pcm_ loopback->cables[substream->number][dev] = cable; } dpcm->cable = cable; - cable->streams[substream->stream] = dpcm; snd_pcm_hw_constraint_integer(runtime, SNDRV_PCM_HW_PARAM_PERIODS); @@ -739,6 +740,11 @@ static int loopback_open(struct snd_pcm_ runtime->hw = loopback_pcm_hardware; else runtime->hw = cable->hw; + + spin_lock_irq(&cable->lock); + cable->streams[substream->stream] = dpcm; + spin_unlock_irq(&cable->lock); + unlock: if (err < 0) { free_cable(substream); Patches currently in stable-queue which might be from tiwai(a)suse.de are queue-3.18/alsa-aloop-fix-access-to-not-yet-ready-substream-via-cable.patch queue-3.18/alsa-usb-audio-fix-parsing-descriptor-of-uac2-processing-unit.patch queue-3.18/alsa-aloop-sync-stale-timer-before-release.patch

7 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] RDMA/mlx5: Fix crash while accessing garbage pointer and" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f3f134f5260ae9ee1f5a4d0a8cc625c6c77655b4 Mon Sep 17 00:00:00 2001 From: Leon Romanovsky <leonro(a)mellanox.com> Date: Mon, 12 Mar 2018 21:26:37 +0200 Subject: [PATCH] RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory The failure in rereg_mr flow caused to set garbage value (error value) into mr->umem pointer. This pointer is accessed at the release stage and it causes to the following crash. There is not enough to simply change umem to point to NULL, because the MR struct is needed to be accessed during MR deregistration phase, so delay kfree too. [ 6.237617] BUG: unable to handle kernel NULL pointer dereference a 0000000000000228 [ 6.238756] IP: ib_dereg_mr+0xd/0x30 [ 6.239264] PGD 80000000167eb067 P4D 80000000167eb067 PUD 167f9067 PMD 0 [ 6.240320] Oops: 0000 [#1] SMP PTI [ 6.240782] CPU: 0 PID: 367 Comm: dereg Not tainted 4.16.0-rc1-00029-gc198fafe0453 #183 [ 6.242120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 [ 6.244504] RIP: 0010:ib_dereg_mr+0xd/0x30 [ 6.245253] RSP: 0018:ffffaf5d001d7d68 EFLAGS: 00010246 [ 6.246100] RAX: 0000000000000000 RBX: ffff95d4172daf00 RCX: 0000000000000000 [ 6.247414] RDX: 00000000ffffffff RSI: 0000000000000001 RDI: ffff95d41a317600 [ 6.248591] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 6.249810] R10: ffff95d417033c10 R11: 0000000000000000 R12: ffff95d4172c3a80 [ 6.251121] R13: ffff95d4172c3720 R14: ffff95d4172c3a98 R15: 00000000ffffffff [ 6.252437] FS: 0000000000000000(0000) GS:ffff95d41fc00000(0000) knlGS:0000000000000000 [ 6.253887] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.254814] CR2: 0000000000000228 CR3: 00000000172b4000 CR4: 00000000000006b0 [ 6.255943] Call Trace: [ 6.256368] remove_commit_idr_uobject+0x1b/0x80 [ 6.257118] uverbs_cleanup_ucontext+0xe4/0x190 [ 6.257855] ib_uverbs_cleanup_ucontext.constprop.14+0x19/0x40 [ 6.258857] ib_uverbs_close+0x2a/0x100 [ 6.259494] __fput+0xca/0x1c0 [ 6.259938] task_work_run+0x84/0xa0 [ 6.260519] do_exit+0x312/0xb40 [ 6.261023] ? __do_page_fault+0x24d/0x490 [ 6.261707] do_group_exit+0x3a/0xa0 [ 6.262267] SyS_exit_group+0x10/0x10 [ 6.262802] do_syscall_64+0x75/0x180 [ 6.263391] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 6.264253] RIP: 0033:0x7f1b39c49488 [ 6.264827] RSP: 002b:00007ffe2de05b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 6.266049] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1b39c49488 [ 6.267187] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 6.268377] RBP: 00007f1b39f258e0 R08: 00000000000000e7 R09: ffffffffffffff98 [ 6.269640] R10: 00007f1b3a147260 R11: 0000000000000246 R12: 00007f1b39f258e0 [ 6.270783] R13: 00007f1b39f2ac20 R14: 0000000000000000 R15: 0000000000000000 [ 6.271943] Code: 74 07 31 d2 e9 25 d8 6c 00 b8 da ff ff ff c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 07 53 48 8b 5f 08 <48> 8b 80 28 02 00 00 e8 f7 d7 6c 00 85 c0 75 04 3e ff 4b 18 5b [ 6.274927] RIP: ib_dereg_mr+0xd/0x30 RSP: ffffaf5d001d7d68 [ 6.275760] CR2: 0000000000000228 [ 6.276200] ---[ end trace a35641f1c474bd20 ]--- Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Cc: syzkaller <syzkaller(a)googlegroups.com> Cc: <stable(a)vger.kernel.org> Reported-by: Noa Osherovich <noaos(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c index 1961c6a45437..c51c602f06d6 100644 --- a/drivers/infiniband/hw/mlx5/mr.c +++ b/drivers/infiniband/hw/mlx5/mr.c @@ -838,7 +838,8 @@ static int mr_umem_get(struct ib_pd *pd, u64 start, u64 length, *umem = ib_umem_get(pd->uobject->context, start, length, access_flags, 0); err = PTR_ERR_OR_ZERO(*umem); - if (err < 0) { + if (err) { + *umem = NULL; mlx5_ib_err(dev, "umem get failed (%d)\n", err); return err; } @@ -1415,6 +1416,7 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, if (err) { mlx5_ib_warn(dev, "Failed to rereg UMR\n"); ib_umem_release(mr->umem); + mr->umem = NULL; clean_mr(dev, mr); return err; } @@ -1498,14 +1500,11 @@ static int clean_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) u32 key = mr->mmkey.key; err = destroy_mkey(dev, mr); - kfree(mr); if (err) { mlx5_ib_warn(dev, "failed to destroy mkey 0x%x (%d)\n", key, err); return err; } - } else { - mlx5_mr_cache_free(dev, mr); } return 0; @@ -1548,6 +1547,11 @@ static int dereg_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) atomic_sub(npages, &dev->mdev->priv.reg_pages); } + if (!mr->allocated_from_cache) + kfree(mr); + else + mlx5_mr_cache_free(dev, mr); + return 0; }

7 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] RDMA/mlx5: Fix crash while accessing garbage pointer and" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f3f134f5260ae9ee1f5a4d0a8cc625c6c77655b4 Mon Sep 17 00:00:00 2001 From: Leon Romanovsky <leonro(a)mellanox.com> Date: Mon, 12 Mar 2018 21:26:37 +0200 Subject: [PATCH] RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory The failure in rereg_mr flow caused to set garbage value (error value) into mr->umem pointer. This pointer is accessed at the release stage and it causes to the following crash. There is not enough to simply change umem to point to NULL, because the MR struct is needed to be accessed during MR deregistration phase, so delay kfree too. [ 6.237617] BUG: unable to handle kernel NULL pointer dereference a 0000000000000228 [ 6.238756] IP: ib_dereg_mr+0xd/0x30 [ 6.239264] PGD 80000000167eb067 P4D 80000000167eb067 PUD 167f9067 PMD 0 [ 6.240320] Oops: 0000 [#1] SMP PTI [ 6.240782] CPU: 0 PID: 367 Comm: dereg Not tainted 4.16.0-rc1-00029-gc198fafe0453 #183 [ 6.242120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 [ 6.244504] RIP: 0010:ib_dereg_mr+0xd/0x30 [ 6.245253] RSP: 0018:ffffaf5d001d7d68 EFLAGS: 00010246 [ 6.246100] RAX: 0000000000000000 RBX: ffff95d4172daf00 RCX: 0000000000000000 [ 6.247414] RDX: 00000000ffffffff RSI: 0000000000000001 RDI: ffff95d41a317600 [ 6.248591] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 6.249810] R10: ffff95d417033c10 R11: 0000000000000000 R12: ffff95d4172c3a80 [ 6.251121] R13: ffff95d4172c3720 R14: ffff95d4172c3a98 R15: 00000000ffffffff [ 6.252437] FS: 0000000000000000(0000) GS:ffff95d41fc00000(0000) knlGS:0000000000000000 [ 6.253887] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.254814] CR2: 0000000000000228 CR3: 00000000172b4000 CR4: 00000000000006b0 [ 6.255943] Call Trace: [ 6.256368] remove_commit_idr_uobject+0x1b/0x80 [ 6.257118] uverbs_cleanup_ucontext+0xe4/0x190 [ 6.257855] ib_uverbs_cleanup_ucontext.constprop.14+0x19/0x40 [ 6.258857] ib_uverbs_close+0x2a/0x100 [ 6.259494] __fput+0xca/0x1c0 [ 6.259938] task_work_run+0x84/0xa0 [ 6.260519] do_exit+0x312/0xb40 [ 6.261023] ? __do_page_fault+0x24d/0x490 [ 6.261707] do_group_exit+0x3a/0xa0 [ 6.262267] SyS_exit_group+0x10/0x10 [ 6.262802] do_syscall_64+0x75/0x180 [ 6.263391] entry_SYSCALL_64_after_hwframe+0x21/0x86 [ 6.264253] RIP: 0033:0x7f1b39c49488 [ 6.264827] RSP: 002b:00007ffe2de05b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 6.266049] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1b39c49488 [ 6.267187] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 6.268377] RBP: 00007f1b39f258e0 R08: 00000000000000e7 R09: ffffffffffffff98 [ 6.269640] R10: 00007f1b3a147260 R11: 0000000000000246 R12: 00007f1b39f258e0 [ 6.270783] R13: 00007f1b39f2ac20 R14: 0000000000000000 R15: 0000000000000000 [ 6.271943] Code: 74 07 31 d2 e9 25 d8 6c 00 b8 da ff ff ff c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 07 53 48 8b 5f 08 <48> 8b 80 28 02 00 00 e8 f7 d7 6c 00 85 c0 75 04 3e ff 4b 18 5b [ 6.274927] RIP: ib_dereg_mr+0xd/0x30 RSP: ffffaf5d001d7d68 [ 6.275760] CR2: 0000000000000228 [ 6.276200] ---[ end trace a35641f1c474bd20 ]--- Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Cc: syzkaller <syzkaller(a)googlegroups.com> Cc: <stable(a)vger.kernel.org> Reported-by: Noa Osherovich <noaos(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c index 1961c6a45437..c51c602f06d6 100644 --- a/drivers/infiniband/hw/mlx5/mr.c +++ b/drivers/infiniband/hw/mlx5/mr.c @@ -838,7 +838,8 @@ static int mr_umem_get(struct ib_pd *pd, u64 start, u64 length, *umem = ib_umem_get(pd->uobject->context, start, length, access_flags, 0); err = PTR_ERR_OR_ZERO(*umem); - if (err < 0) { + if (err) { + *umem = NULL; mlx5_ib_err(dev, "umem get failed (%d)\n", err); return err; } @@ -1415,6 +1416,7 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, if (err) { mlx5_ib_warn(dev, "Failed to rereg UMR\n"); ib_umem_release(mr->umem); + mr->umem = NULL; clean_mr(dev, mr); return err; } @@ -1498,14 +1500,11 @@ static int clean_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) u32 key = mr->mmkey.key; err = destroy_mkey(dev, mr); - kfree(mr); if (err) { mlx5_ib_warn(dev, "failed to destroy mkey 0x%x (%d)\n", key, err); return err; } - } else { - mlx5_mr_cache_free(dev, mr); } return 0; @@ -1548,6 +1547,11 @@ static int dereg_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) atomic_sub(npages, &dev->mdev->priv.reg_pages); } + if (!mr->allocated_from_cache) + kfree(mr); + else + mlx5_mr_cache_free(dev, mr); + return 0; }

7 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] clk: bcm2835: Fix ana->maskX definitions" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 49012d1bf5f78782d398adb984a080a88ba42965 Mon Sep 17 00:00:00 2001 From: Boris Brezillon <boris.brezillon(a)bootlin.com> Date: Thu, 8 Feb 2018 14:43:35 +0100 Subject: [PATCH] clk: bcm2835: Fix ana->maskX definitions ana->maskX values are already '~'-ed in bcm2835_pll_set_rate(). Remove the '~' in the definition to fix ANA setup. Note that this commit fixes a long standing bug preventing one from using an HDMI display if it's plugged after the FW has booted Linux. This is because PLLH is used by the HDMI encoder to generate the pixel clock. Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Reviewed-by: Eric Anholt <eric(a)anholt.net> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c index 44301a3d9963..2108a274185a 100644 --- a/drivers/clk/bcm/clk-bcm2835.c +++ b/drivers/clk/bcm/clk-bcm2835.c @@ -449,17 +449,17 @@ struct bcm2835_pll_ana_bits { static const struct bcm2835_pll_ana_bits bcm2835_ana_default = { .mask0 = 0, .set0 = 0, - .mask1 = (u32)~(A2W_PLL_KI_MASK | A2W_PLL_KP_MASK), + .mask1 = A2W_PLL_KI_MASK | A2W_PLL_KP_MASK, .set1 = (2 << A2W_PLL_KI_SHIFT) | (8 << A2W_PLL_KP_SHIFT), - .mask3 = (u32)~A2W_PLL_KA_MASK, + .mask3 = A2W_PLL_KA_MASK, .set3 = (2 << A2W_PLL_KA_SHIFT), .fb_prediv_mask = BIT(14), }; static const struct bcm2835_pll_ana_bits bcm2835_ana_pllh = { - .mask0 = (u32)~(A2W_PLLH_KA_MASK | A2W_PLLH_KI_LOW_MASK), + .mask0 = A2W_PLLH_KA_MASK | A2W_PLLH_KI_LOW_MASK, .set0 = (2 << A2W_PLLH_KA_SHIFT) | (2 << A2W_PLLH_KI_LOW_SHIFT), - .mask1 = (u32)~(A2W_PLLH_KI_HIGH_MASK | A2W_PLLH_KP_MASK), + .mask1 = A2W_PLLH_KI_HIGH_MASK | A2W_PLLH_KP_MASK, .set1 = (6 << A2W_PLLH_KP_SHIFT), .mask3 = 0, .set3 = 0,

7 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] mmc: sdhci-acpi: Fix IRQ 0" failed to apply to 4.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d58ac803cfbb92ede501409dd6afe9abb111d4f1 Mon Sep 17 00:00:00 2001 From: Adrian Hunter <adrian.hunter(a)intel.com> Date: Wed, 21 Mar 2018 11:49:40 +0200 Subject: [PATCH] mmc: sdhci-acpi: Fix IRQ 0 Zero is a valid IRQ number and is being used on some CHT tablets. Stop treating it as an error. Reported-by: Luke Ross <luke(a)lukeross.name> Fixes: 1b7ba57ecc86 ("mmc: sdhci-acpi: Handle return value of platform_get_irq") Cc: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/sdhci-acpi.c b/drivers/mmc/host/sdhci-acpi.c index 4065da58789d..32321bd596d8 100644 --- a/drivers/mmc/host/sdhci-acpi.c +++ b/drivers/mmc/host/sdhci-acpi.c @@ -680,7 +680,7 @@ static int sdhci_acpi_probe(struct platform_device *pdev) host->hw_name = "ACPI"; host->ops = &sdhci_acpi_ops_dflt; host->irq = platform_get_irq(pdev, 0); - if (host->irq <= 0) { + if (host->irq < 0) { err = -EINVAL; goto err_free; }

7 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Disable HPI for certain Micron (Numonyx) eMMC" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dbe7dc6b9b28f5b012b0bedc372aa0c52521f3e4 Mon Sep 17 00:00:00 2001 From: Dirk Behme <dirk.behme(a)de.bosch.com> Date: Wed, 14 Mar 2018 14:50:09 +0000 Subject: [PATCH] mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards Certain Micron eMMC v4.5 cards might get broken when HPI feature is used and hence this patch disables the HPI feature for such buggy cards. In U-Boot, these cards are reported as Manufacturer: Micron (ID: 0xFE) OEM: 0x4E Name: MMC32G Revision: 19 (0x13) Serial: 959241022 Manufact. date: 8/2015 (0x82) CRC: 0x00 Tran Speed: 52000000 Rd Block Len: 512 MMC version 4.5 High Capacity: Yes Capacity: 29.1 GiB Boot Partition Size: 16 MiB Bus Width: 8-bit According to JEDEC JEP106 manufacturer 0xFE is Numonyx, which was bought by Micron. Signed-off-by: Dirk Behme <dirk.behme(a)de.bosch.com> Signed-off-by: Mark Craske <Mark_Craske(a)mentor.com> Cc: <stable(a)vger.kernel.org> # 4.8+ Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/card.h b/drivers/mmc/core/card.h index 79a5b985ccf5..9c821eedd156 100644 --- a/drivers/mmc/core/card.h +++ b/drivers/mmc/core/card.h @@ -82,6 +82,7 @@ struct mmc_fixup { #define CID_MANFID_APACER 0x27 #define CID_MANFID_KINGSTON 0x70 #define CID_MANFID_HYNIX 0x90 +#define CID_MANFID_NUMONYX 0xFE #define END_FIXUP { NULL } diff --git a/drivers/mmc/core/quirks.h b/drivers/mmc/core/quirks.h index 75d317623852..5153577754f0 100644 --- a/drivers/mmc/core/quirks.h +++ b/drivers/mmc/core/quirks.h @@ -109,6 +109,12 @@ static const struct mmc_fixup mmc_ext_csd_fixups[] = { */ MMC_FIXUP_EXT_CSD_REV(CID_NAME_ANY, CID_MANFID_HYNIX, 0x014a, add_quirk, MMC_QUIRK_BROKEN_HPI, 5), + /* + * Certain Micron (Numonyx) eMMC 4.5 cards might get broken when HPI + * feature is used so disable the HPI feature for such buggy cards. + */ + MMC_FIXUP_EXT_CSD_REV(CID_NAME_ANY, CID_MANFID_NUMONYX, + 0x014e, add_quirk, MMC_QUIRK_BROKEN_HPI, 6), END_FIXUP };

7 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: ralink: Fix booting on MT7621" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a63d706ea719190a79a6c769e898f70680044d3e Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Wed, 21 Mar 2018 14:02:10 +1100 Subject: [PATCH] MIPS: ralink: Fix booting on MT7621 Since commit 3af5a67c86a3 ("MIPS: Fix early CM probing") the MT7621 has not been able to boot. This commit caused mips_cm_probe() to be called before mt7621.c::proc_soc_init(). prom_soc_init() has a comment explaining that mips_cm_probe() "wipes out the bootloader config" and means that configuration registers are no longer available. It has some code to re-enable this config. Before this re-enable code is run, the sysc register cannot be read, so when SYSC_REG_CHIP_NAME0 is read, a garbage value is returned and panic() is called. If we move the config-repair code to the top of prom_soc_init(), the registers can be read and boot can proceed. Very occasionally, the first register read after the reconfiguration returns garbage, so add a call to __sync(). Fixes: 3af5a67c86a3 ("MIPS: Fix early CM probing") Signed-off-by: NeilBrown <neil(a)brown.name> Reviewed-by: Matt Redfearn <matt.redfearn(a)mips.com> Cc: John Crispin <john(a)phrozen.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: <stable(a)vger.kernel.org> # 4.5+ Patchwork: https://patchwork.linux-mips.org/patch/18859/ Signed-off-by: James Hogan <jhogan(a)kernel.org> diff --git a/arch/mips/ralink/mt7621.c b/arch/mips/ralink/mt7621.c index 1b274742077d..d2718de60b9b 100644 --- a/arch/mips/ralink/mt7621.c +++ b/arch/mips/ralink/mt7621.c @@ -170,6 +170,28 @@ void prom_soc_init(struct ralink_soc_info *soc_info) u32 n1; u32 rev; + /* Early detection of CMP support */ + mips_cm_probe(); + mips_cpc_probe(); + + if (mips_cps_numiocu(0)) { + /* + * mips_cm_probe() wipes out bootloader + * config for CM regions and we have to configure them + * again. This SoC cannot talk to pamlbus devices + * witout proper iocu region set up. + * + * FIXME: it would be better to do this with values + * from DT, but we need this very early because + * without this we cannot talk to pretty much anything + * including serial. + */ + write_gcr_reg0_base(MT7621_PALMBUS_BASE); + write_gcr_reg0_mask(~MT7621_PALMBUS_SIZE | + CM_GCR_REGn_MASK_CMTGT_IOCU0); + __sync(); + } + n0 = __raw_readl(sysc + SYSC_REG_CHIP_NAME0); n1 = __raw_readl(sysc + SYSC_REG_CHIP_NAME1); @@ -194,26 +216,6 @@ void prom_soc_init(struct ralink_soc_info *soc_info) rt2880_pinmux_data = mt7621_pinmux_data; - /* Early detection of CMP support */ - mips_cm_probe(); - mips_cpc_probe(); - - if (mips_cps_numiocu(0)) { - /* - * mips_cm_probe() wipes out bootloader - * config for CM regions and we have to configure them - * again. This SoC cannot talk to pamlbus devices - * witout proper iocu region set up. - * - * FIXME: it would be better to do this with values - * from DT, but we need this very early because - * without this we cannot talk to pretty much anything - * including serial. - */ - write_gcr_reg0_base(MT7621_PALMBUS_BASE); - write_gcr_reg0_mask(~MT7621_PALMBUS_SIZE | - CM_GCR_REGn_MASK_CMTGT_IOCU0); - } if (!register_cps_smp_ops()) return;

7 years, 8 months

1
0
0 0

[PATCH 4.9 000/177] 4.9.90-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.90 release. There are 177 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 25 09:41:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.90-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.90-rc1 Krzysztof Opasiak <kopasiak90(a)gmail.com> usb: gadget: f_hid: fix: Move IN request allocation to set_alt() Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Don't allow join attempts for unsupported AF family Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix access to non-initialized CM_ID object Jerome Brunet <jbrunet(a)baylibre.com> clk: migrate the count of orphaned clocks at init Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix integer overflows in mlx5_ib_create_srq Vignesh R <vigneshr(a)ti.com> dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Sergej Sawazki <sergej(a)taudac.com> clk: si5351: Rename internal plls to avoid name collisions Lars-Peter Clausen <lars(a)metafoo.de> clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Stephen Boyd <sboyd(a)codeaurora.org> clk: Don't touch hardware when reparenting during registration Benjamin Coddington <bcodding(a)redhat.com> nfsd4: permit layoutget of executable-only files Joel Stanley <joel(a)jms.id.au> ARM: dts: aspeed-evb: Add unit name to memory node Anton Vasilyev <vasilyev(a)ispras.ru> RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS Alexey Kodanev <alexey.kodanev(a)oracle.com> ip6_vti: adjust vti mtu according to mtu of lower device Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: clean up pr_irq if request_threaded_irq fails Brian Norris <briannorris(a)chromium.org> pinctrl: rockchip: enable clock when reading pin direction register Florian Fainelli <f.fainelli(a)gmail.com> pinctrl: Really force states during suspend/resume Robert Walker <robert.walker(a)arm.com> coresight: Fix disabling of CoreSight TPIU Sahara <keun-o.park(a)darkmatter.ae> pty: cancel pty slave port buf's work in tty_release Peter Ujfalusi <peter.ujfalusi(a)ti.com> drm/omap: DMM: Check for DMM readiness after successful transaction commit H. Nikolaus Schaller <hns(a)goldelico.com> omapdrm: panel: fix compatible vendor string for td028ttec1 Bjorn Helgaas <bhelgaas(a)google.com> vgacon: Set VGA struct resource types Bharat Potnuri <bharat(a)chelsio.com> iser-target: avoid reinitializing rdma contexts for isert commands Artemy Kovalyov <artemyko(a)mellanox.com> IB/umem: Fix use of npages/nmap fields Parav Pandit <parav(a)mellanox.com> RDMA/cma: Use correct size when writing netlink stats Erez Shitrit <erezsh(a)mellanox.com> IB/ipoib: Avoid memory leak if the SA returns a different DGID Alexandre Belloni <alexandre.belloni(a)free-electrons.com> rtc: ac100: Fix multiple race conditions Daniel Drake <drake(a)endlessm.com> mmc: avoid removing non-removable hosts during suspend Logan Gunthorpe <logang(a)deltatee.com> drm/tilcdc: ensure nonatomic iowrite64 is not used Kedareswara rao Appana <appana.durga.rao(a)xilinx.com> dmaengine: zynqmp_dma: Fix race condition in the probe Shawn Nematbakhsh <shawnn(a)chromium.org> platform/chrome: Use proper protocol transfer function Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix potential kref imbalance when opening watchdog Arnd Bergmann <arnd(a)arndb.de> cros_ec: fix nul-termination for firmware build info Stefan Potyra <Stefan.Potyra(a)elektrobit.com> serial: 8250_dw: Disable clock on error Bjørn Mork <bjorn(a)mork.no> qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Ron Economos <w6rz(a)comcast.net> media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> ath10k: handling qos at STA side based on AP WMM enable/disable Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: bt8xx: Fix err 'bt878_probe()' Tsang-Shian Lin <thlin(a)realtek.com> rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. Geert Uytterhoeven <geert(a)linux-m68k.org> RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Prakash Kamliya <pkamliya(a)codeaurora.org> drm/msm: fix leak in failed get_pages Gustavo A. R. Silva <garsilva(a)embeddedor.com> media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: btqcomsmd: Fix skb double free corruption Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: hci_qca: Avoid setup failure on missing rampatch Peter Zijlstra <peterz(a)infradead.org> block/mq: Cure cpu hotplug lock inversion Kim Phillips <kim.phillips(a)arm.com> perf tests kmod-path: Don't fail if compressed modules aren't supported Michael Mera <dev(a)michaelmera.com> ath10k: fix out of bounds access to local buffer Moritz Fischer <mdf(a)kernel.org> rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL Moritz Fischer <mdf(a)kernel.org> rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page David Rientjes <rientjes(a)google.com> mm, vmstat: suppress pcp stats for unpopulated zones in zoneinfo Johannes Weiner <hannes(a)cmpxchg.org> mm: fix check for reclaimable pages in PF_MEMALLOC reclaim throttling Dan Carpenter <dan.carpenter(a)oracle.com> cifs: small underflow in cnvrtDosUnixTm() Timmy Li <lixiaoping3(a)huawei.com> net: hns: fix ethtool_get_strings overflow in hns driver Trond Myklebust <trond.myklebust(a)primarydata.com> pNFS: Fix a deadlock when coalescing writes and returning the layout Alexey Khoroshilov <khoroshilov(a)ispras.ru> sm501fb: don't return zero on failure path in sm501fb_start() Maksim Salau <maksim.salau(a)gmail.com> video: fbdev: udlfb: Fix buffer on stack Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/xen: split xen_smp_prepare_boot_cpu() Dmitry Monakhov <dmonakhov(a)openvz.org> tcm_fileio: Prevent information leak for short reads Sergei Trofimovich <slyfox(a)gentoo.org> ia64: fix module loading for gcc-5.4 Hans de Goede <hdegoede(a)redhat.com> ACPI / power: Delay turning off unused power resources after suspend Shaohua Li <shli(a)fb.com> md/raid10: skip spare disk as 'first' disk Johannes Thumshirn <jthumshirn(a)suse.de> IB/rxe: Don't clamp residual length to mtu Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Input: twl4030-pwrbutton - use correct device for irq request Michael Trimarchi <michael(a)amarulasolutions.com> power: supply: pda_power: move from timer to delayed_work Pan Bian <bianpan2016(a)163.com> power: supply: isp1704: Fix unchecked return value of devm_kzalloc Hans de Goede <hdegoede(a)redhat.com> power: supply: bq24190_charger: Add disable-reset device-property Scott Wood <swood(a)redhat.com> bnx2x: Align RX buffers Dan Carpenter <dan.carpenter(a)oracle.com> qed: Unlock on error in qed_vf_pf_acquire() Jiri Benc <jbenc(a)redhat.com> vxlan: correctly handle ipv6.disable module parameter Dean Jenkins <Dean_Jenkins(a)mentor.com> Bluetooth: hci_ldisc: Add protocol check to hci_uart_tx_wakeup() Dean Jenkins <Dean_Jenkins(a)mentor.com> Bluetooth: hci_ldisc: Add protocol check to hci_uart_dequeue() Valentin Longchamp <valentin.longchamp(a)keymile.com> soc/fsl/qe: round brg_freq to 1kHz granularity Christophe Leroy <christophe.leroy(a)c-s.fr> net: ethernet: ucc_geth: fix MEM_PART_MURAM mode Emil Tantilov <emil.s.tantilov(a)intel.com> ixgbevf: fix size of queue stats length Jan Kara <jack(a)suse.cz> jbd2: Fix lockdep splat with generic/270 test Mario Kleiner <mario.kleiner.de(a)gmail.com> drm/nouveau/kms: Increase max retries in scanout position queries. Chunming Zhou <David1.Zhou(a)amd.com> drm/amdgpu: fix gpu reset crash Hans de Goede <hdegoede(a)redhat.com> ACPI / PMIC: xpower: Fix power_table addresses Robert Lippert <roblip(a)gmail.com> ipmi/watchdog: fix wdog hang on panic waiting for ipmi response Oleksij Rempel <linux(a)rempel-privat.de> platform/x86: asus-wmi: try to set als by default Tadeusz Struk <tadeusz.struk(a)intel.com> IB/hfi1: Fix softlockup issue Dan Carpenter <dan.carpenter(a)oracle.com> IB/rdmavt: restore IRQs on error path in rvt_create_ah() Kishon Vijay Abraham I <kishon(a)ti.com> ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP Dan Carpenter <dan.carpenter(a)oracle.com> netfilter: x_tables: unlock on error in xt_find_table_lock() yangbo lu <yangbo.lu(a)nxp.com> mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> mac80211: Fix possible sband related NULL pointer de-reference Paolo Abeni <pabeni(a)redhat.com> ipvs: explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled Pan Bian <bianpan2016(a)163.com> staging: wilc1000: fix unchecked return value Sameer Wadgaonkar <sameer.wadgaonkar(a)unisys.com> staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> gpio: gpio-wcove: fix GPIO IRQ status mask Baoquan He <bhe(a)redhat.com> x86/KASLR: Fix kexec kernel boot crash when KASLR randomization fails Ming Lei <ming.lei(a)redhat.com> mtip32xx: use runtime tag to initialize command header Keerthy <j-keerthy(a)ti.com> mfd: palmas: Reset the POWERHOLD mux during power off Rask Ingemann Lambertsen <rask(a)formelder.dk> dt-bindings: mfd: axp20x: Add "xpowers,master-mode" property for AXP806 PMICs Colin Ian King <colin.king(a)canonical.com> iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value Lv Zheng <lv.zheng(a)intel.com> ACPICA: iasl: Fix IORT SMMU GSI disassembling Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't parse encrypted management frames in ieee80211_frame_acked Martin Brandenburg <martin(a)omnibond.com> orangefs: do not wait for timeout if umounting Filipe Manana <fdmanana(a)suse.com> Btrfs: fix extent map leak during fallocate error path Filipe Manana <fdmanana(a)suse.com> Btrfs: send, fix file hole not being preserved due to inline extent Filipe Manana <fdmanana(a)suse.com> Btrfs: fix incorrect space accounting after failure to insert inline extent Pan Bian <bianpan2016(a)163.com> rndis_wlan: add return value validation Pan Bian <bianpan2016(a)163.com> libertas: check return value of alloc_workqueue Pan Bian <bianpan2016(a)163.com> mt7601u: check return value of alloc_skb Shrirang Bagul <shrirang.bagul(a)canonical.com> iio: st_pressure: st_accel: Initialise sensor platform data properly NeilBrown <neilb(a)suse.com> NFS: don't try to cross a mountpount when there isn't one there. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Cancel refresh worker during buffer shutdown Trond Myklebust <trond.myklebust(a)primarydata.com> pNFS: Fix use after free issues in pnfs_do_read() Vlad Tsyrklevich <vlad(a)tsyrklevich.net> infiniband/uverbs: Fix integer overflows Finn Thain <fthain(a)telegraphics.com.au> scsi: mac_esp: Replace bogus memory barrier with spinlock Maarten Maathuis <madman2003(a)gmail.com> platform/x86: intel-vbtn: add volume up and down Liping Zhang <zlpnobody(a)gmail.com> netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded Pan Bian <bianpan2016(a)163.com> qlcnic: fix unchecked return value Pan Bian <bianpan2016(a)163.com> wan: pc300too: abort path on failure Pan Bian <bianpan2016(a)163.com> tipc: check return value of nlmsg_new Dan Carpenter <dan.carpenter(a)oracle.com> mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() Liping Zhang <zlpnobody(a)gmail.com> netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink Jarno Rajahalme <jarno(a)ovn.org> openvswitch: Delete conntrack entry clashing with an expectation. Gao Feng <fgao(a)ikuai8.com> netfilter: xt_CT: fix refcnt leak on error path Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> gpio: gpio-wcove: fix irq pending status bit width James Smart <jsmart2021(a)gmail.com> Fix Express lane queue creation. James Smart <jsmart2021(a)gmail.com> Fix driver usage of 128B WQEs when WQ_CREATE is V1. K. Y. Srinivasan <kys(a)microsoft.com> netvsc: Deal with rescinded channels correctly Brian King <brking(a)linux.vnet.ibm.com> ibmvnic: Disable irq prior to close Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: Intel: Skylake: Uninitialized variable in probe_codec() Moni Shoua <monis(a)mellanox.com> IB/mlx5: Set correct SL in completion for RoCE Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Change vma from shared to private Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Take write semaphore when changing the vma struct Maor Gottlieb <maorg(a)mellanox.com> IB/mlx4: Change vma from shared to private Maor Gottlieb <maorg(a)mellanox.com> IB/mlx4: Take write semaphore when changing the vma struct Dan Carpenter <dan.carpenter(a)oracle.com> HSI: ssi_protocol: double free in ssip_pn_xmit() Feras Daoud <ferasda(a)mellanox.com> IB/ipoib: Update broadcast object if PKey value was changed in index 0 Feras Daoud <ferasda(a)mellanox.com> IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow Mikhail Paulyshka <me(a)mixaill.tk> ALSA: hda - Fix headset microphone detection for ASUS N551 and N751 Bernd Faust <berndfaust(a)gmail.com> e1000e: fix timing for 82579 Gigabit Ethernet controller Eric Dumazet <edumazet(a)google.com> tcp: remove poll() flakes with FastOpen Benjamin Coddington <bcodding(a)redhat.com> NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete() Guoqing Jiang <gqjiang(a)suse.com> md/raid10: wait up frozen array in handle_write_completed Suman Anna <s-anna(a)ti.com> iommu/omap: Register driver before setting IOMMU ops Paul Burton <paul.burton(a)imgtec.com> irqchip/mips-gic: Separate IPI reservation & usage tracking Abel Vesa <abelvesa(a)linux.com> ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER Tiantian Feng <fengtiantian(a)huawei.com> x86/reboot: Turn off KVM when halting a CPU Brian Norris <briannorris(a)chromium.org> mwifiex: don't leak 'chan_stats' on reset Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Book3S PR: Exit KVM on failed mapping David Gibson <david(a)gibson.dropbear.id.au> scsi: virtio_scsi: Always try to read VPD pages Liad Kaufman <liad.kaufman(a)intel.com> iwlwifi: a000: fix memory offsets and lengths Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: split the handler and the wake parts of the notification infra Bharat Kumar Reddy Gooty <bharat.gooty(a)broadcom.com> clk: ns2: Correct SDIO bits Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath: Fix updating radar flags for coutry code India Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Remove SAO feature from Power9 DD1 Marek Vasut <marex(a)denx.de> spi: dw: Disable clock after unregistering the host Dan Williams <dan.j.williams(a)intel.com> tools/testing/nvdimm: fix nfit_test shutdown crash Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: Atom: update Thinkpad 10 quirk Adam Borowski <kilobyte(a)angband.pl> btrfs: fix a bogus warning when converting only data or metadata Jasmin J <jasmin(a)anw.at> media/dvb-core: Race condition when writing to CAM David Ahern <dsa(a)cumulusnetworks.com> net: ipv6: send unsolicited NA on admin up Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: add a MS HID Hans de Goede <hdegoede(a)redhat.com> genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs Thomas Gleixner <tglx(a)linutronix.de> cpufreq/sh: Replace racy task affinity logic Thomas Gleixner <tglx(a)linutronix.de> ACPI/processor: Replace racy task affinity logic Thomas Gleixner <tglx(a)linutronix.de> ACPI/processor: Fix error handling in __acpi_processor_start() Deepa Dinamani <deepa.kernel(a)gmail.com> time: Change posix clocks ops interfaces to use timespec64 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ar1021_i2c - fix too long name in driver's device table Hans de Goede <hdegoede(a)redhat.com> rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs Hans de Goede <hdegoede(a)redhat.com> x86: i8259: export legacy_pic symbol Liam Breck <kernel(a)networkimprov.net> power: supply: bq24190_charger: Limit over/under voltage fault logging Dong Aisheng <aisheng.dong(a)nxp.com> regulator: anatop: set default voltage selector for pcie Mahesh Bandewar <maheshb(a)google.com> bonding: handle link transition from FAIL to UP correctly Santeri Toivonen <santeri.toivonen(a)vatsul.com> platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA Jacek Anaszewski <jacek.anaszewski(a)gmail.com> led: core: Clear LED_BLINK_SW flag in led_blink_set() Jacek Anaszewski <jacek.anaszewski(a)gmail.com> Revert "led: core: Fix brightness setting when setting delay_off=0" Yisheng Xie <xieyisheng1(a)huawei.com> staging: android: ashmem: Fix possible deadlock in ashmem_ioctl Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Enable encryption during session setup phase Steve French <smfrench(a)gmail.com> SMB3: Validate negotiate request must always be signed Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: check src mod pointer for rsnd_mod_id() Jeremy Boone <jeremy.boone(a)nccgroup.trust> tpm: fix potential buffer overruns caused by bit glitches on the bus ------------- Diffstat: .../{toppoly,td028ttec1.txt => tpo,td028ttec1.txt} | 4 +- Documentation/devicetree/bindings/mfd/axp20x.txt | 3 + Makefile | 4 +- arch/alpha/kernel/console.c | 1 + arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- arch/arm/kernel/ftrace.c | 11 +-- arch/arm/mach-omap2/clockdomains7xx_data.c | 2 +- arch/ia64/kernel/module.c | 4 +- arch/powerpc/include/asm/cputable.h | 3 +- arch/powerpc/kvm/book3s_64_mmu_host.c | 5 +- arch/powerpc/kvm/book3s_pr.c | 6 +- arch/x86/boot/compressed/kaslr.c | 11 ++- arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/smp.c | 3 + arch/x86/xen/smp.c | 49 +++++++----- block/blk-mq.c | 4 +- drivers/acpi/pmic/intel_pmic_xpower.c | 50 ++++++------ drivers/acpi/power.c | 10 +++ drivers/acpi/processor_driver.c | 10 ++- drivers/acpi/processor_throttling.c | 62 ++++++++------- drivers/acpi/sleep.c | 1 + drivers/acpi/sleep.h | 1 + drivers/block/mtip32xx/mtip32xx.c | 36 ++++++--- drivers/bluetooth/btqcomsmd.c | 3 +- drivers/bluetooth/hci_ldisc.c | 11 ++- drivers/bluetooth/hci_qca.c | 3 + drivers/char/ipmi/ipmi_watchdog.c | 8 +- drivers/char/tpm/tpm-interface.c | 5 ++ drivers/char/tpm/tpm2-cmd.c | 6 ++ drivers/clk/bcm/clk-ns2.c | 2 +- drivers/clk/clk-axi-clkgen.c | 29 +++++-- drivers/clk/clk-si5351.c | 2 +- drivers/clk/clk.c | 32 +++++--- drivers/cpufreq/sh-cpufreq.c | 45 ++++++----- drivers/dma/ti-dma-crossbar.c | 10 ++- drivers/dma/xilinx/zynqmp_dma.c | 3 +- drivers/gpio/gpio-wcove.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 +- drivers/gpu/drm/msm/msm_gem.c | 14 +++- drivers/gpu/drm/nouveau/nouveau_display.c | 2 +- .../drm/omapdrm/displays/panel-tpo-td028ttec1.c | 3 + drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 5 ++ drivers/gpu/drm/tilcdc/tilcdc_regs.h | 2 +- drivers/hsi/clients/ssi_protocol.c | 5 +- drivers/hwtracing/coresight/coresight-tpiu.c | 13 +++- drivers/i2c/busses/i2c-scmi.c | 4 + drivers/iio/accel/st_accel_core.c | 7 +- .../iio/common/hid-sensors/hid-sensor-attributes.c | 4 +- drivers/iio/pressure/st_pressure_core.c | 8 +- drivers/infiniband/core/cma.c | 5 +- drivers/infiniband/core/iwpm_util.c | 1 + drivers/infiniband/core/ucma.c | 8 +- drivers/infiniband/core/umem.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 13 +++- drivers/infiniband/hw/hfi1/chip.c | 86 ++++++++++++--------- drivers/infiniband/hw/hfi1/hfi.h | 7 +- drivers/infiniband/hw/hfi1/init.c | 2 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/infiniband/hw/mlx5/cq.c | 19 ++++- drivers/infiniband/hw/mlx5/main.c | 5 +- drivers/infiniband/hw/mlx5/qp.c | 24 ++++-- drivers/infiniband/hw/mlx5/srq.c | 15 ++-- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/infiniband/sw/rdmavt/ah.c | 2 +- drivers/infiniband/sw/rxe/rxe_resp.c | 2 - drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 ++++ drivers/infiniband/ulp/ipoib/ipoib_main.c | 16 ++++ drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 11 ++- drivers/infiniband/ulp/isert/ib_isert.c | 7 ++ drivers/infiniband/ulp/isert/ib_isert.h | 1 + drivers/input/misc/twl4030-pwrbutton.c | 2 +- drivers/input/touchscreen/ar1021_i2c.c | 2 +- drivers/iommu/intel-svm.c | 9 ++- drivers/iommu/omap-iommu.c | 21 ++++- drivers/irqchip/irq-mips-gic.c | 12 +-- drivers/leds/led-core.c | 3 +- drivers/md/raid10.c | 6 ++ drivers/media/dvb-core/dvb_ca_en50221.c | 23 ++++++ drivers/media/dvb-frontends/si2168.c | 3 + drivers/media/pci/bt8xx/bt878.c | 3 +- .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 4 +- drivers/mfd/palmas.c | 14 ++++ drivers/mmc/core/core.c | 8 ++ drivers/mmc/host/omap_hsmmc.c | 4 +- drivers/mmc/host/sdhci-of-esdhc.c | 14 ++++ drivers/net/bonding/bond_main.c | 3 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 + drivers/net/ethernet/freescale/ucc_geth.c | 8 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- .../net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 18 +++++ drivers/net/ethernet/intel/e1000e/netdev.c | 6 ++ drivers/net/ethernet/intel/ixgbevf/ethtool.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 2 + drivers/net/hyperv/netvsc.c | 16 ++++ drivers/net/usb/qmi_wwan.c | 4 +- drivers/net/vxlan.c | 10 ++- drivers/net/wan/pc300too.c | 1 + drivers/net/wireless/ath/ath10k/debug.c | 16 ++-- drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/ath/regd.c | 19 +++-- drivers/net/wireless/intel/iwlwifi/iwl-a000.c | 6 +- .../net/wireless/intel/iwlwifi/iwl-notif-wait.c | 10 +-- .../net/wireless/intel/iwlwifi/iwl-notif-wait.h | 25 ++++-- drivers/net/wireless/marvell/libertas/if_spi.c | 5 ++ drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/net/wireless/mediatek/mt7601u/mcu.c | 10 ++- drivers/net/wireless/realtek/rtlwifi/pci.c | 7 ++ drivers/net/wireless/rndis_wlan.c | 4 + drivers/pinctrl/core.c | 24 ++++-- drivers/pinctrl/pinctrl-rockchip.c | 8 ++ drivers/platform/chrome/cros_ec_proto.c | 8 +- drivers/platform/chrome/cros_ec_sysfs.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 22 ++++++ drivers/platform/x86/asus-wmi.c | 12 +++ drivers/platform/x86/asus-wmi.h | 1 + drivers/platform/x86/intel-vbtn.c | 4 + drivers/power/supply/bq24190_charger.c | 10 ++- drivers/power/supply/isp1704_charger.c | 4 + drivers/power/supply/pda_power.c | 49 ++++++------ drivers/ptp/ptp_clock.c | 18 ++--- drivers/regulator/anatop-regulator.c | 5 ++ drivers/rtc/rtc-ac100.c | 19 +++-- drivers/rtc/rtc-cmos.c | 17 ++++- drivers/rtc/rtc-ds1374.c | 10 ++- drivers/scsi/lpfc/lpfc_init.c | 6 +- drivers/scsi/lpfc/lpfc_sli.c | 3 + drivers/scsi/mac_esp.c | 33 +++++--- drivers/scsi/virtio_scsi.c | 24 ++++++ drivers/soc/fsl/qe/qe.c | 13 ++++ drivers/spi/spi-dw-mmio.c | 2 +- drivers/staging/android/ashmem.c | 8 +- drivers/staging/unisys/visorhba/visorhba_main.c | 8 +- drivers/staging/wilc1000/linux_mon.c | 2 + drivers/target/target_core_file.c | 23 ++++-- drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/tty_io.c | 2 + drivers/usb/gadget/function/f_hid.c | 89 ++++++++++++++++------ drivers/video/console/vgacon.c | 34 +++++++-- .../omap2/omapfb/displays/panel-tpo-td028ttec1.c | 3 + drivers/video/fbdev/sm501fb.c | 1 + drivers/video/fbdev/udlfb.c | 14 +++- drivers/watchdog/watchdog_dev.c | 6 +- fs/btrfs/file.c | 4 +- fs/btrfs/inode.c | 6 +- fs/btrfs/send.c | 23 +++++- fs/btrfs/volumes.c | 12 ++- fs/cifs/netmisc.c | 6 +- fs/cifs/sess.c | 22 +++--- fs/cifs/smb2pdu.c | 15 ++-- fs/jbd2/journal.c | 15 +++- fs/nfs/pagelist.c | 6 +- fs/nfs/pnfs.c | 18 +++-- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/vfs.c | 24 +++++- fs/orangefs/waitqueue.c | 9 ++- include/acpi/actbl2.h | 9 +++ include/linux/mlx5/driver.h | 4 +- include/linux/posix-clock.h | 10 +-- include/soc/fsl/qe/qe.h | 1 + kernel/irq/manage.c | 4 +- kernel/time/posix-clock.c | 34 ++++++--- mm/memory-failure.c | 8 ++ mm/vmscan.c | 6 +- mm/vmstat.c | 20 +++-- net/ipv4/tcp_input.c | 16 ++-- net/ipv6/ip6_vti.c | 20 +++++ net/ipv6/ndisc.c | 2 + net/mac80211/cfg.c | 30 ++++---- net/mac80211/ibss.c | 6 +- net/mac80211/ieee80211_i.h | 36 +++++---- net/mac80211/mesh.c | 29 ++++--- net/mac80211/mesh_plink.c | 37 ++++++--- net/mac80211/mlme.c | 14 +++- net/mac80211/rate.c | 4 +- net/mac80211/sta_info.c | 13 +++- net/mac80211/status.c | 1 + net/mac80211/tdls.c | 29 ++++--- net/mac80211/tx.c | 5 +- net/mac80211/util.c | 6 +- net/netfilter/ipvs/ip_vs_ctl.c | 22 ++++-- net/netfilter/nf_conntrack_helper.c | 26 +++++-- net/netfilter/nft_dynset.c | 5 +- net/netfilter/x_tables.c | 4 +- net/netfilter/xt_CT.c | 11 ++- net/openvswitch/conntrack.c | 30 +++++++- net/sunrpc/xprtrdma/verbs.c | 1 + net/tipc/node.c | 2 + sound/pci/hda/patch_realtek.c | 12 ++- sound/soc/intel/atom/sst/sst_acpi.c | 16 +++- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/sh/rcar/cmd.c | 3 + tools/perf/tests/kmod-path.c | 2 + tools/testing/nvdimm/test/nfit.c | 10 ++- 197 files changed, 1624 insertions(+), 607 deletions(-)

7 years, 8 months

4
179
0 0

[PATCH 4.14 00/77] 4.14.30-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.30 release. There are 77 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 25 09:41:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.30-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.30-rc1 Adit Ranadive <aditr(a)vmware.com> RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file Nick Desaulniers <ndesaulniers(a)google.com> kbuild: fix linker feature test macros when cross compiling with Clang Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Don't allow join attempts for unsupported AF family Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix access to non-initialized CM_ID object Jerome Brunet <jbrunet(a)baylibre.com> clk: migrate the count of orphaned clocks at init Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/core: Do not use invalid destination in determining port reuse Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Don't fail on multiport card class Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix integer overflows in mlx5_ib_create_srq Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: wait for and flush running commands on shutdown/unload Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> scsi: mpt3sas: fix oops in error handlers after shutdown/unload Vignesh R <vigneshr(a)ti.com> dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Lars Persson <lars.persson(a)axis.com> crypto: artpec6 - set correct iv size for gcm(aes) Sergej Sawazki <sergej(a)taudac.com> clk: si5351: Rename internal plls to avoid name collisions Lars-Peter Clausen <lars(a)metafoo.de> clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Stephen Boyd <sboyd(a)codeaurora.org> clk: Don't touch hardware when reparenting during registration Romain Izard <romain.izard.pro(a)gmail.com> clk: at91: pmc: Wait for clocks when resuming Benjamin Coddington <bcodding(a)redhat.com> nfsd4: permit layoutget of executable-only files Joel Stanley <joel(a)jms.id.au> ARM: dts: aspeed-evb: Add unit name to memory node Anton Vasilyev <vasilyev(a)ispras.ru> RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issues connecting with nvme initiator James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled Johan Hovold <johan(a)kernel.org> soc: qcom: smsm: fix child-node lookup Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_gre: fix potential memory leak in erspan_rcv Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_gre: fix error path when erspan_rcv failed Alexey Kodanev <alexey.kodanev(a)oracle.com> ip6_vti: adjust vti mtu according to mtu of lower device Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: clean up pr_irq if request_threaded_irq fails Brian Norris <briannorris(a)chromium.org> pinctrl: rockchip: enable clock when reading pin direction register Florian Fainelli <f.fainelli(a)gmail.com> pinctrl: Really force states during suspend/resume Mauro Carvalho Chehab <mchehab(a)kernel.org> media: davinci: fix a debug printk Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: rcar: Handle rcar_pcie_parse_request_of_pci_ranges() failures Niklas Cassel <niklas.cassel(a)axis.com> PCI: endpoint: Fix find_first_zero_bit() usage Kishon Vijay Abraham I <kishon(a)ti.com> PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit Robert Walker <robert.walker(a)arm.com> coresight: Fix disabling of CoreSight TPIU Sahara <keun-o.park(a)darkmatter.ae> pty: cancel pty slave port buf's work in tty_release Peter Ujfalusi <peter.ujfalusi(a)ti.com> drm/omap: DMM: Check for DMM readiness after successful transaction commit Zhoujie Wu <zjwu(a)marvell.com> mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable H. Nikolaus Schaller <hns(a)goldelico.com> omapdrm: panel: fix compatible vendor string for td028ttec1 Bjorn Helgaas <bhelgaas(a)google.com> vgacon: Set VGA struct resource types Bharat Potnuri <bharat(a)chelsio.com> iser-target: avoid reinitializing rdma contexts for isert commands Artemy Kovalyov <artemyko(a)mellanox.com> IB/umem: Fix use of npages/nmap fields Parav Pandit <parav(a)mellanox.com> RDMA/cma: Use correct size when writing netlink stats Erez Shitrit <erezsh(a)mellanox.com> IB/ipoib: Avoid memory leak if the SA returns a different DGID Alexandre Belloni <alexandre.belloni(a)free-electrons.com> rtc: ac100: Fix multiple race conditions Shuah Khan <shuah(a)kernel.org> media: s5p-mfc: Fix lock contention - request_firmware() once Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix non-detection of PHY Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix EEPROM reading in the case of non-SFF8472 SFPs Jerome Brunet <jbrunet(a)baylibre.com> net: phy: meson-gxl: check phy_write return value Kees Cook <keescook(a)chromium.org> /dev/mem: Add bounce buffer for copy-out Liu, Changcheng <changcheng.liu(a)intel.com> mmc: block: fix logical error to avoid memory leak Daniel Drake <drake(a)endlessm.com> mmc: avoid removing non-removable hosts during suspend Logan Gunthorpe <logang(a)deltatee.com> drm/tilcdc: ensure nonatomic iowrite64 is not used Kedareswara rao Appana <appana.durga.rao(a)xilinx.com> dmaengine: zynqmp_dma: Fix race condition in the probe Shawn Nematbakhsh <shawnn(a)chromium.org> platform/chrome: Use proper protocol transfer function Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix kref imbalance seen if handle_boot_enabled=0 Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix potential kref imbalance when opening watchdog Arnd Bergmann <arnd(a)arndb.de> cros_ec: fix nul-termination for firmware build info Stefan Potyra <Stefan.Potyra(a)elektrobit.com> serial: 8250_dw: Disable clock on error Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> tty: goldfish: Enable 'earlycon' only if built-in Bjørn Mork <bjorn(a)mork.no> qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Ron Economos <w6rz(a)comcast.net> media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> ath10k: handling qos at STA side based on AP WMM enable/disable Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: bt8xx: Fix err 'bt878_probe()' Nicolas Iooss <nicolas.iooss_linux(a)m4x.org> rtlwifi: always initialize variables given to RT_TRACE() Tsang-Shian Lin <thlin(a)realtek.com> rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Avoid writing to registers from spi_master.setup() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the TX/RX buffer default sizes Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the receive buffer size limit Geert Uytterhoeven <geert(a)linux-m68k.org> RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Richard Leitner <richard.leitner(a)skidata.com> net: fec: add phy_reset_after_clk_enable() support Prakash Kamliya <pkamliya(a)codeaurora.org> drm/msm: fix leak in failed get_pages Gustavo A. R. Silva <garsilva(a)embeddedor.com> media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: longhaul: Revert transition_delay_us to 200 ms Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: btqcomsmd: Fix skb double free corruption Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: hci_qca: Avoid setup failure on missing rampatch Yisheng Xie <xieyisheng1(a)huawei.com> staging: android: ashmem: Fix possible deadlock in ashmem_ioctl Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers ------------- Diffstat: .../{toppoly,td028ttec1.txt => tpo,td028ttec1.txt} | 4 +- Makefile | 4 +- arch/alpha/kernel/console.c | 1 + arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- drivers/bluetooth/btqcomsmd.c | 3 +- drivers/bluetooth/hci_qca.c | 3 ++ drivers/char/mem.c | 27 +++++++++--- drivers/clk/at91/pmc.c | 24 +++++++---- drivers/clk/clk-axi-clkgen.c | 29 ++++++++++--- drivers/clk/clk-si5351.c | 2 +- drivers/clk/clk.c | 32 ++++++++------ drivers/cpufreq/longhaul.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 5 ++- drivers/dma/ti-dma-crossbar.c | 10 ++++- drivers/dma/xilinx/zynqmp_dma.c | 3 +- drivers/gpu/drm/msm/msm_gem.c | 14 ++++-- .../drm/omapdrm/displays/panel-tpo-td028ttec1.c | 3 ++ drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 5 +++ drivers/gpu/drm/tilcdc/tilcdc_regs.h | 2 +- drivers/hwtracing/coresight/coresight-tpiu.c | 13 ++++-- drivers/infiniband/core/cma.c | 17 +++++--- drivers/infiniband/core/iwpm_util.c | 1 + drivers/infiniband/core/ucma.c | 8 +++- drivers/infiniband/core/umem.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 24 ++++++++--- drivers/infiniband/hw/mlx5/srq.c | 15 ++++--- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 4 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c | 4 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 16 +++++++ drivers/infiniband/ulp/isert/ib_isert.c | 7 +++ drivers/infiniband/ulp/isert/ib_isert.h | 1 + drivers/iommu/intel-svm.c | 9 ++-- drivers/media/dvb-frontends/si2168.c | 3 ++ drivers/media/pci/bt8xx/bt878.c | 3 +- drivers/media/platform/davinci/vpif_capture.c | 4 +- drivers/media/platform/s5p-mfc/s5p_mfc.c | 6 +++ drivers/media/platform/s5p-mfc/s5p_mfc_common.h | 3 ++ drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c | 5 +++ .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 4 +- drivers/mmc/core/block.c | 1 + drivers/mmc/core/core.c | 8 ++++ drivers/mmc/host/sdhci-xenon.c | 7 +++ drivers/net/ethernet/freescale/fec_main.c | 20 +++++++++ drivers/net/hyperv/hyperv_net.h | 19 ++++++-- drivers/net/hyperv/netvsc.c | 5 +++ drivers/net/hyperv/netvsc_drv.c | 4 -- drivers/net/phy/meson-gxl.c | 50 ++++++++++++++++------ drivers/net/phy/sfp.c | 15 +++---- drivers/net/usb/qmi_wwan.c | 4 +- drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/realtek/rtlwifi/base.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 7 +++ drivers/pci/dwc/pcie-designware-ep.c | 12 ++---- drivers/pci/dwc/pcie-designware.h | 1 + drivers/pci/endpoint/pci-ep-cfs.c | 5 ++- drivers/pci/host/pcie-rcar.c | 5 ++- drivers/pinctrl/core.c | 24 ++++++++--- drivers/pinctrl/pinctrl-rockchip.c | 8 ++++ drivers/platform/chrome/cros_ec_proto.c | 8 ++-- drivers/platform/chrome/cros_ec_sysfs.c | 2 +- drivers/rtc/rtc-ac100.c | 19 +++++--- drivers/scsi/lpfc/lpfc_ct.c | 1 + drivers/scsi/lpfc/lpfc_els.c | 30 ++++++++----- drivers/scsi/lpfc/lpfc_nportdisc.c | 34 +++++++-------- drivers/scsi/megaraid/megaraid_sas_fusion.c | 42 ++++++------------ drivers/scsi/mpt3sas/mpt3sas_base.c | 8 ++-- drivers/scsi/mpt3sas/mpt3sas_base.h | 3 ++ drivers/scsi/mpt3sas/mpt3sas_scsih.c | 21 ++++++--- drivers/soc/qcom/smsm.c | 6 ++- drivers/spi/spi-sh-msiof.c | 35 ++++++++++----- drivers/staging/android/ashmem.c | 8 ++-- drivers/tty/Kconfig | 6 ++- drivers/tty/goldfish.c | 2 + drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_pci.c | 10 +++-- drivers/tty/tty_io.c | 2 + drivers/video/console/vgacon.c | 34 +++++++++++---- .../omap2/omapfb/displays/panel-tpo-td028ttec1.c | 3 ++ drivers/watchdog/watchdog_dev.c | 17 ++++---- fs/nfsd/nfs4proc.c | 6 +-- include/linux/mlx5/driver.h | 4 +- net/ipv4/ip_gre.c | 6 ++- net/ipv6/ip6_vti.c | 20 +++++++++ scripts/Kbuild.include | 5 ++- security/Kconfig | 1 + 86 files changed, 606 insertions(+), 255 deletions(-)

7 years, 8 months

4
78
0 0

[Linux-stable-mirror] [PATCH] ath9k: Protect queue draining by rcu_read_lock()

by Toke Høiland-Jørgensen

When ath9k was switched over to use the mac80211 intermediate queues, node cleanup now drains the mac80211 queues. However, this call path is not protected by rcu_read_lock() as it was previously entirely internal to the driver which uses its own locking. This leads to a possible rcu_dereference() without holding rcu_read_lock(); but only if a station is cleaned up while having packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the caller in ath9k. Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.") Cc: stable(a)vger.kernel.org Reported-by: Ben Greear <greearb(a)candelatech.com> Signed-off-by: Toke Høiland-Jørgensen <toke(a)toke.dk> --- drivers/net/wireless/ath/ath9k/xmit.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c index 396bf05c6bf6..d8b041f48ca8 100644 --- a/drivers/net/wireless/ath/ath9k/xmit.c +++ b/drivers/net/wireless/ath/ath9k/xmit.c @@ -2892,6 +2892,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc, struct ath_node *an) struct ath_txq *txq; int tidno; + rcu_read_lock(); + for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { tid = ath_node_to_tid(an, tidno); txq = tid->txq; @@ -2909,6 +2911,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc, struct ath_node *an) if (!an->sta) break; /* just one multicast ath_atx_tid */ } + + rcu_read_unlock(); } #ifdef CONFIG_ATH9K_TX99 -- 2.16.0

7 years, 8 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror