- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "spi: spi-axi: fix potential use-after-free after deregistration" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: spi-axi: fix potential use-after-free after deregistration to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Johan Hovold <johan(a)kernel.org> Date: Mon, 30 Oct 2017 11:35:27 +0100 Subject: spi: spi-axi: fix potential use-after-free after deregistration From: Johan Hovold <johan(a)kernel.org> [ Upstream commit 4d5e0689dc9d5640ad46cdfbe1896b74d8df1661 ] Take an extra reference to the controller before deregistering it to prevent use-after-free in the interrupt handler in case an interrupt fires before the line is disabled. Fixes: b1353d1c1d45 ("spi: Add Analog Devices AXI SPI Engine controller support") Acked-by: Lars-Peter Clausen <lars(a)metafoo.de> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-axi-spi-engine.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/spi/spi-axi-spi-engine.c +++ b/drivers/spi/spi-axi-spi-engine.c @@ -553,7 +553,7 @@ err_put_master: static int spi_engine_remove(struct platform_device *pdev) { - struct spi_master *master = platform_get_drvdata(pdev); + struct spi_master *master = spi_master_get(platform_get_drvdata(pdev)); struct spi_engine *spi_engine = spi_master_get_devdata(master); int irq = platform_get_irq(pdev, 0); @@ -561,6 +561,8 @@ static int spi_engine_remove(struct plat free_irq(irq, master); + spi_master_put(master); + writel_relaxed(0xff, spi_engine->base + SPI_ENGINE_REG_INT_PENDING); writel_relaxed(0x00, spi_engine->base + SPI_ENGINE_REG_INT_ENABLE); writel_relaxed(0x01, spi_engine->base + SPI_ENGINE_REG_RESET); Patches currently in stable-queue which might be from johan(a)kernel.org are queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch queue-4.14/usb-serial-usb_debug-add-new-usb-device-id.patch queue-4.14/spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch queue-4.14/usb-serial-option-add-quectel-bg96-id.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "spi: sh-msiof: Fix DMA transfer size check" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled spi: sh-msiof: Fix DMA transfer size check to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: spi-sh-msiof-fix-dma-transfer-size-check.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> Date: Thu, 2 Nov 2017 10:32:36 +0100 Subject: spi: sh-msiof: Fix DMA transfer size check From: Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> [ Upstream commit 36735783fdb599c94b9c86824583df367c65900b ] DMA supports 32-bit words only, even if BITLEN1 of SITMDR2 register is 16bit. Fixes: b0d0ce8b6b91 ("spi: sh-msiof: Add DMA support") Signed-off-by: Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> Signed-off-by: Simon Horman <horms+renesas(a)verge.net.au> Acked-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Acked-by: Dirk Behme <dirk.behme(a)de.bosch.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/spi-sh-msiof.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/spi/spi-sh-msiof.c +++ b/drivers/spi/spi-sh-msiof.c @@ -900,7 +900,7 @@ static int sh_msiof_transfer_one(struct break; copy32 = copy_bswap32; } else if (bits <= 16) { - if (l & 1) + if (l & 3) break; copy32 = copy_wswap32; } else { Patches currently in stable-queue which might be from hiromitsu.yamasaki.ym(a)renesas.com are queue-4.14/spi-sh-msiof-fix-dma-transfer-size-check.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: sh-sci: suppress warning for ports without dma channels" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: sh-sci: suppress warning for ports without dma channels to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Andy Lowe <andy_lowe(a)mentor.com> Date: Fri, 22 Sep 2017 20:29:30 +0200 Subject: serial: sh-sci: suppress warning for ports without dma channels From: Andy Lowe <andy_lowe(a)mentor.com> [ Upstream commit 7464779fa8551b90d5797d4020b0bdb7e6422eb9 ] If a port has no dma channel defined in the device tree, then don't attempt to allocate a dma channel for the port. Also suppress the warning message concerning the failure to allocate a dma channel. Continue to emit the warning message if a dma channel is defined but cannot be allocated. Signed-off-by: Andy Lowe <andy_lowe(a)mentor.com> Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/sh-sci.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -1491,6 +1491,14 @@ static void sci_request_dma(struct uart_ return; s->cookie_tx = -EINVAL; + + /* + * Don't request a dma channel if no channel was specified + * in the device tree. + */ + if (!of_find_property(port->dev->of_node, "dmas", NULL)) + return; + chan = sci_request_dma_chan(port, DMA_MEM_TO_DEV); dev_dbg(port->dev, "%s: TX: got channel %p\n", __func__, chan); if (chan) { Patches currently in stable-queue which might be from andy_lowe(a)mentor.com are queue-4.14/serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: imx: Update cached mctrl value when changing RTS" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: imx: Update cached mctrl value when changing RTS to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-imx-update-cached-mctrl-value-when-changing-rts.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Ian Jamison <ian.dev(a)arkver.com> Date: Thu, 21 Sep 2017 10:13:12 +0200 Subject: serial: imx: Update cached mctrl value when changing RTS From: Ian Jamison <ian.dev(a)arkver.com> [ Upstream commit a0983c742a5885f82afb282166f83f1d3d8addf4 ] UART core function uart_update_mctrl relies on a cached value of modem control lines. This was used but not updated by local RTS control functions within imx.c. These are used for RS485 line driver enable signalling. Having an out-of-date value in the cached mctrl can result in the transmitter being enabled when it shouldn't be. Fix this by updating the mctrl value before applying it. Signed-off-by: Ian Jamison <ian.dev(a)arkver.com> Origin: id:8195c96e674517b82a6ff7fe914c7ba0f86e702b.1505375165.git.ian.dev@arkver.com Acked-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Tested-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Tested-by: Clemens Gruber <clemens.gruber(a)pqgruber.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/imx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -334,7 +334,8 @@ static void imx_port_rts_active(struct i { *ucr2 &= ~(UCR2_CTSC | UCR2_CTS); - mctrl_gpio_set(sport->gpios, sport->port.mctrl | TIOCM_RTS); + sport->port.mctrl |= TIOCM_RTS; + mctrl_gpio_set(sport->gpios, sport->port.mctrl); } static void imx_port_rts_inactive(struct imx_port *sport, unsigned long *ucr2) @@ -342,7 +343,8 @@ static void imx_port_rts_inactive(struct *ucr2 &= ~UCR2_CTSC; *ucr2 |= UCR2_CTS; - mctrl_gpio_set(sport->gpios, sport->port.mctrl & ~TIOCM_RTS); + sport->port.mctrl &= ~TIOCM_RTS; + mctrl_gpio_set(sport->gpios, sport->port.mctrl); } static void imx_port_rts_auto(struct imx_port *sport, unsigned long *ucr2) Patches currently in stable-queue which might be from ian.dev(a)arkver.com are queue-4.14/serial-imx-update-cached-mctrl-value-when-changing-rts.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Lukas Wunner <lukas(a)wunner.de> Date: Sat, 28 Oct 2017 11:35:49 +0200 Subject: serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() From: Lukas Wunner <lukas(a)wunner.de> [ Upstream commit 3236a965486ba0c6043cf2c7b51943d8b382ae29 ] This driver's ->rs485_config callback checks if SER_RS485_RTS_ON_SEND and SER_RS485_RTS_AFTER_SEND have the same value. If they do, it means the user has passed in invalid data with the TIOCSRS485 ioctl() since RTS must have a different polarity when sending and when not sending. In this case, rs485 mode is not enabled (the RS485_URA bit is not set in the RS485 Enable Register) and this is supposed to be signaled back to the user by clearing the SER_RS485_ENABLED bit in struct serial_rs485 ... except a missing tilde character is preventing that from happening. Fixes: 28e3fb6c4dce ("serial: Add support for Fintek F81216A LPC to 4 UART") Cc: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> Cc: "Ji-Ze Hong (Peter Hong)" <hpeter(a)gmail.com> Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_fintek.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/tty/serial/8250/8250_fintek.c +++ b/drivers/tty/serial/8250/8250_fintek.c @@ -211,7 +211,7 @@ static int fintek_8250_rs485_config(stru if ((!!(rs485->flags & SER_RS485_RTS_ON_SEND)) == (!!(rs485->flags & SER_RS485_RTS_AFTER_SEND))) - rs485->flags &= SER_RS485_ENABLED; + rs485->flags &= ~SER_RS485_ENABLED; else config |= RS485_URA; Patches currently in stable-queue which might be from lukas(a)wunner.de are queue-4.14/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-8250-preserve-dld-for-port_xr17v35x.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Aaron Sierra <asierra(a)xes-inc.com> Date: Wed, 4 Oct 2017 10:01:28 -0500 Subject: serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X From: Aaron Sierra <asierra(a)xes-inc.com> [ Upstream commit 0ab84da2e076948c49d36197ee7d254125c53eab ] The upper four bits of the XR17V35x fractional divisor register (DLD) control general chip function (RS-485 direction pin polarity, multidrop mode, XON/XOFF parity check, and fast IR mode). Don't allow these bits to be clobbered when setting the baudrate. Signed-off-by: Aaron Sierra <asierra(a)xes-inc.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2586,8 +2586,11 @@ static void serial8250_set_divisor(struc serial_dl_write(up, quot); /* XR17V35x UARTs have an extra fractional divisor register (DLD) */ - if (up->port.type == PORT_XR17V35X) + if (up->port.type == PORT_XR17V35X) { + /* Preserve bits not related to baudrate; DLD[7:4]. */ + quot_frac |= serial_port_in(port, 0x2) & 0xf0; serial_port_out(port, 0x2, quot_frac); + } } static unsigned int serial8250_get_baud_rate(struct uart_port *port, Patches currently in stable-queue which might be from asierra(a)xes-inc.com are queue-4.14/serial-8250-preserve-dld-for-port_xr17v35x.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "selftests/x86/ldt_get: Add a few additional tests for limits" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled selftests/x86/ldt_get: Add a few additional tests for limits to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Andy Lutomirski <luto(a)kernel.org> Date: Sat, 4 Nov 2017 04:19:52 -0700 Subject: selftests/x86/ldt_get: Add a few additional tests for limits From: Andy Lutomirski <luto(a)kernel.org> [ Upstream commit fec8f5ae1715a01c72ad52cb2ecd8aacaf142302 ] We weren't testing the .limit and .limit_in_pages fields very well. Add more tests. This addition seems to trigger the "bits 16:19 are undefined" issue that was fixed in an earlier patch. I think that, at least on my CPU, the high nibble of the limit ends in LAR bits 16:19. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/5601c15ea9b3113d288953fd2838b18bedf6bc67.150979432… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/x86/ldt_gdt.c +++ b/tools/testing/selftests/x86/ldt_gdt.c @@ -367,9 +367,24 @@ static void do_simple_tests(void) install_invalid(&desc, false); desc.seg_not_present = 0; - desc.read_exec_only = 0; desc.seg_32bit = 1; + desc.read_exec_only = 0; + desc.limit = 0xfffff; + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB); + + desc.limit_in_pages = 1; + + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB | AR_G); + desc.read_exec_only = 1; + install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P | AR_DB | AR_G); + desc.contents = 1; + desc.read_exec_only = 0; + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); + desc.read_exec_only = 1; + install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); + + desc.limit = 0; install_invalid(&desc, true); } Patches currently in stable-queue which might be from luto(a)kernel.org are queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Andy Lutomirski <luto(a)kernel.org> Date: Sat, 4 Nov 2017 04:19:49 -0700 Subject: selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities From: Andy Lutomirski <luto(a)kernel.org> [ Upstream commit d60ad744c9741586010d4bea286f09a063a90fbd ] Bits 19:16 of LAR's result are undefined, and some upcoming improvements to the test case seem to trigger this. Mask off those bits to avoid spurious failures. commit 5b781c7e317f ("x86/tls: Forcibly set the accessed bit in TLS segments") adds a valid case in which LAR's output doesn't quite agree with set_thread_area()'s input. This isn't triggered in the test as is, but it will be if we start calling set_thread_area() with the accessed bit clear. Work around this discrepency. I've added a Fixes tag so that -stable can pick this up if neccesary. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Fixes: 5b781c7e317f ("x86/tls: Forcibly set the accessed bit in TLS segments") Link: http://lkml.kernel.org/r/b82f3f89c034b53580970ac865139fd8863f44e2.150979432… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/x86/ldt_gdt.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/x86/ldt_gdt.c +++ b/tools/testing/selftests/x86/ldt_gdt.c @@ -115,7 +115,15 @@ static void check_valid_segment(uint16_t return; } - if (ar != expected_ar) { + /* The SDM says "bits 19:16 are undefined". Thanks. */ + ar &= ~0xF0000; + + /* + * NB: Different Linux versions do different things with the + * accessed bit in set_thread_area(). + */ + if (ar != expected_ar && + (ldt || ar != (expected_ar | AR_ACCESSED))) { printf("[FAIL]\t%s entry %hu has AR 0x%08X but expected 0x%08X\n", (ldt ? "LDT" : "GDT"), index, ar, expected_ar); nerrs++; Patches currently in stable-queue which might be from luto(a)kernel.org are queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "s390: vfio-ccw: Do not attempt to free no-op, test and tic cda." has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390: vfio-ccw: Do not attempt to free no-op, test and tic cda. to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: "Jason J. Herne" <jjherne(a)linux.vnet.ibm.com> Date: Tue, 7 Nov 2017 10:22:32 -0500 Subject: s390: vfio-ccw: Do not attempt to free no-op, test and tic cda. From: "Jason J. Herne" <jjherne(a)linux.vnet.ibm.com> [ Upstream commit 408358b50deaf59b07c82a7bff8c7e7cce031fae ] Because we do not make use of the cda (channel data address) for test, no-op ccws no address translation takes place. This means cda could contain a guest address which we do not want to attempt to free. Let's check the command type and skip cda free when it is not needed. For a TIC ccw, ccw->cda points to either a ccw in an existing chain or it points to a whole new allocated chain. In either case the data will be freed when the owning chain is freed. Signed-off-by: Jason J. Herne <jjherne(a)linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel(a)linux.vnet.ibm.com> Message-Id: <1510068152-21988-1-git-send-email-jjherne(a)linux.vnet.ibm.com> Reviewed-by: Halil Pasic <pasic(a)linux.vnet.ibm.com> Acked-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/cio/vfio_ccw_cp.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -330,6 +330,8 @@ static void ccwchain_cda_free(struct ccw { struct ccw1 *ccw = chain->ch_ccw + idx; + if (ccw_is_test(ccw) || ccw_is_noop(ccw) || ccw_is_tic(ccw)) + return; if (!ccw->count) return; Patches currently in stable-queue which might be from jjherne(a)linux.vnet.ibm.com are queue-4.14/s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] Patch "s390/ptrace: fix guarded storage regset handling" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/ptrace: fix guarded storage regset handling to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-ptrace-fix-guarded-storage-regset-handling.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 18:04:41 CET 2017 From: Heiko Carstens <heiko.carstens(a)de.ibm.com> Date: Mon, 11 Sep 2017 11:24:23 +0200 Subject: s390/ptrace: fix guarded storage regset handling From: Heiko Carstens <heiko.carstens(a)de.ibm.com> [ Upstream commit 5ef2d5231d547c672c67bdf84c13a4adaf477964 ] If the guarded storage regset for current is supposed to be changed, the regset from user space is copied directly into the guarded storage control block. If then the process gets scheduled away while the control block is being copied and before the new control block has been loaded, the result is random: the process can be scheduled away due to a page fault or preemption. If that happens the already copied parts will be overwritten by save_gs_cb(), called from switch_to(). Avoid this by copying the data to a temporary buffer on the stack and do the actual update with preemption disabled. Fixes: f5bbd7219891 ("s390/ptrace: guarded storage regset for the current task") Signed-off-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/s390/kernel/ptrace.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c @@ -1172,26 +1172,37 @@ static int s390_gs_cb_set(struct task_st unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { - struct gs_cb *data = target->thread.gs_cb; + struct gs_cb gs_cb = { }, *data = NULL; int rc; if (!MACHINE_HAS_GS) return -ENODEV; - if (!data) { + if (!target->thread.gs_cb) { data = kzalloc(sizeof(*data), GFP_KERNEL); if (!data) return -ENOMEM; - data->gsd = 25; - target->thread.gs_cb = data; - if (target == current) - __ctl_set_bit(2, 4); - } else if (target == current) { - save_gs_cb(data); } + if (!target->thread.gs_cb) + gs_cb.gsd = 25; + else if (target == current) + save_gs_cb(&gs_cb); + else + gs_cb = *target->thread.gs_cb; rc = user_regset_copyin(&pos, &count, &kbuf, &ubuf, - data, 0, sizeof(struct gs_cb)); - if (target == current) - restore_gs_cb(data); + &gs_cb, 0, sizeof(gs_cb)); + if (rc) { + kfree(data); + return -EFAULT; + } + preempt_disable(); + if (!target->thread.gs_cb) + target->thread.gs_cb = data; + *target->thread.gs_cb = gs_cb; + if (target == current) { + __ctl_set_bit(2, 4); + restore_gs_cb(target->thread.gs_cb); + } + preempt_enable(); return rc; } Patches currently in stable-queue which might be from heiko.carstens(a)de.ibm.com are queue-4.14/s390-ptrace-fix-guarded-storage-regset-handling.patch queue-4.14/s390-pci-do-not-require-ais-facility.patch queue-4.14/perf-test-attr-fix-ignored-test-case-result.patch queue-4.14/s390-runtime-instrumentation-simplify-task-exit-handling.patch queue-4.14/perf-test-attr-fix-python-error-on-empty-result.patch

7 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror