- Linux-stable-mirror - lists.linaro.org

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm announcing the release of the 5.2.10 kernel. All users of the 5.2 kernel series must upgrade. The updated 5.2.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary -- Thanks, Sasha Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Alan Stern (1): USB: core: Fix races in character device registration and deregistraion Aleix Roca Nonell (1): io_uring: fix manual setup of iov_iter for fixed buffers Anders Roxell (1): arm64: KVM: regmap: Fix unexpected switch fall-through Aneesh Kumar K.V (1): powerpc/nvdimm: Pick nearby online node if the device node is not online Arnaldo Carvalho de Melo (1): tools perf beauty: Fix usbdevfs_ioctl table generator to handle _IOC() Arnd Bergmann (1): page flags: prioritize kasan bits over last-cpuid Aya Levin (2): net/mlx5e: Fix false negative indication on tx reporter CQE recovery net/mlx5e: Remove redundant check in CQE recovery flow of tx reporter Bob Ham (1): USB: serial: option: add the BroadMobi BM818 card Chen-Yu Tsai (1): net: dsa: Check existence of .port_mdb_add callback before calling it Chris Packham (1): tipc: initialise addr_trail_end when setting node addresses Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_process_fence_dep Christoph Hellwig (2): dma-mapping: check pfn validity in dma_common_{mmap,get_sgtable} mm/hmm: always return EBUSY for invalid ranges in hmm_range_{fault,snapshot} Chuhong Yuan (1): IB/mlx5: Replace kfree with kvfree Chunyan Zhang (1): clk: sprd: Select REGMAP_MMIO to avoid compile errors Codrin Ciubotariu (1): clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1 Colin Ian King (1): drm/exynos: fix missing decrement of retry counter David Ahern (2): netdevsim: Restore per-network namespace accounting for fib entries netlink: Fix nlmsg_parse as a wrapper for strict message parsing Denis Kirjanov (1): net: usb: pegasus: fix improper read if get_registers() fail Dirk Morris (1): netfilter: conntrack: Use consistent ct id hash calculation Don Brace (1): scsi: hpsa: correct scsi command status issue after reset Eric Dumazet (2): bpf: fix access to skb_shared_info->gso_segs net/packet: fix race in tpacket_snd() Evan Quan (1): drm/amd/powerplay: fix null pointer dereference around dpm state relates Fabio Estevam (1): Revert "i2c: imx: improve the error handling in i2c_imx_dma_request()" Filipe Manana (1): Btrfs: fix deadlock between fiemap and transaction commits Florian Westphal (1): netfilter: ebtables: also count base chain policies Gal Pressman (1): RDMA/restrack: Track driver QP types in resource tracker Geert Uytterhoeven (1): clk: renesas: cpg-mssr: Fix reset control race condition Gustavo A. R. Silva (1): sh: kernel: hw_breakpoint: Fix missing break in switch statement Guy Levi (1): IB/mlx5: Fix MR registration flow to use UMR properly Haim Dreyfuss (1): iwlwifi: Add support for SAR South Korea limitation Heiner Kallweit (1): net: phy: consider AN_RESTART status when reading link status Henry Burns (2): mm/z3fold.c: fix z3fold_destroy_pool() ordering mm/z3fold.c: fix z3fold_destroy_pool() race condition Hillf Danton (2): HID: hiddev: avoid opening a disconnected device HID: hiddev: do cleanup in failure of opening a device Hui Peng (2): ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit Hui Wang (2): ALSA: hda - Add a generic reboot_notify ALSA: hda - Let all conexant codec enter D3 when rebooting Huy Nguyen (1): net/mlx5e: Only support tx/rx pause setting for port owner Ian Abbott (2): staging: comedi: dt3000: Fix signed integer overflow 'divider * base' staging: comedi: dt3000: Fix rounding up of timer divisor Isaac J. Manjarres (1): mm/usercopy: use memory range to be accessed for wraparound check Ivan Khoronzhuk (1): net: sched: sch_taprio: fix memleak in error path for sched list parse Jack Morgenstein (1): IB/mad: Fix use-after-free in ib mad completion handling Jacopo Mondi (1): iio: adc: max9611: Fix temperature reading in probe Jaegeuk Kim (1): f2fs: fix to read source block before invalidating it Jakub Kicinski (1): net/tls: prevent skb_orphan() from leaking TLS plain text with offload Jean Delvare (1): platform/x86: pcengines-apuv2: Fix softdep statement Jeffrey Hugo (1): drm: msm: Fix add_gpu_components Jia-Ju Bai (1): scsi: qla2xxx: Fix possible fcport null-pointer dereferences Julien Thierry (1): arm64: Lower priority mask for GIC_PRIO_IRQON Kees Cook (1): libata: zpodd: Fix small read overflow in zpodd_get_mech_type() Kent Russell (1): drm/amdkfd: Fix byte align on VegaM Leon Romanovsky (1): RDMA/mlx5: Release locks during notifier unregister Lucas Stach (1): irqchip/irq-imx-gpcv2: Forward irq type to parent Lyude Paul (1): drm/nouveau: Only recalculate PBN/VCPI on mode/connector changes Manish Chopra (1): bnx2x: Fix VF's VLAN reconfiguration in reload. Mao Han (1): riscv: Fix perf record without libelf support Masahiro Yamada (2): tracing: Fix header include guards in trace event headers kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules Masami Hiramatsu (3): arm64: unwind: Prohibit probing on return_address() arm64: kprobes: Recover pstate.D in single-step exception handler arm64: Make debug exception handlers visible from RCU Max Filippov (1): xtensa: add missing isync to the cpu_reset TLB code Maxim Mikityanskiy (1): net/mlx5e: Use flow keys dissector to parse packets for ARFS Mel Gorman (1): mm, vmscan: do not special-case slab reclaim when watermarks are boosted Michael Chan (2): bnxt_en: Fix VNIC clearing logic for 57500 chips. bnxt_en: Improve RX doorbell sequence. Michal Kalderon (1): RDMA/qedr: Fix the hca_type and hca_rev returned in device attributes Miles Chen (1): mm/memcontrol.c: fix use after free in mem_cgroup_iter() Miquel Raynal (1): ata: libahci: do not complain in case of deferred probe Mohamad Heib (1): net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off Nayna Jain (1): tpm: tpm_ibm_vtpm: Fix unallocated banks NeilBrown (1): seq_file: fix problem when seeking mid-record Nianyao Tang (1): irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail Numfor Mbiziwo-Tiapo (1): perf header: Fix use of unitialized value warning Oliver Neukum (5): HID: holtek: test for sanity of intfdata Input: kbtab - sanity check for endpoint type Input: iforce - add sanity checks usb: cdc-acm: make sure a refcount is taken early enough USB: CDC: fix sanity checks in CDC union parser Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: fix gfx9 soft recovery Qian Cai (4): arm64/efi: fix variable 'si' set but not used arm64/mm: fix variable 'pud' set but not used arm64/mm: fix variable 'tag' set but not used asm-generic: fix -Wtype-limits compiler warnings Rajneesh Bhardwaj (1): platform/x86: intel_pmc_core: Add ICL-NNPI support to PMC Core Ralph Campbell (1): mm/hmm: fix bad subpage pointer in try_to_unmap_one Roberto Sassu (1): KEYS: trusted: allow module init if TPM is inactive or deactivated Rogan Dawes (1): USB: serial: option: add D-Link DWM-222 device ID Roman Mashak (2): net sched: update skbedit action for batched events operations tc-testing: updated skbedit action tests with batch create/delete Ross Lagerwall (1): xen/netback: Reset nr_frags before freeing skb Sasha Levin (1): Linux 5.2.10-rc1 Somnath Kotur (1): bnxt_en: Fix to include flow direction in L2 key Stephen Boyd (1): kbuild: Check for unknown options with cc-option usage in Kconfig and clang Takashi Iwai (2): ALSA: hda/realtek - Add quirk for HP Envy x360 ALSA: hda - Apply workaround for another AMD chip 1022:1487 Thiébaud Weksteen (1): usb: setup authorized_default attributes using usb_bus_notify Tony Lindgren (1): USB: serial: option: Add Motorola modem UARTs Tony Luck (1): IB/core: Add mitigation for Spectre V1 Vasundhara Volam (2): bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails bnxt_en: Suppress HWRM errors for HWRM_NVM_GET_VARIABLE command Venkat Duvvuru (1): bnxt_en: Use correct src_fid to determine direction of the flow Vince Weaver (1): perf header: Fix divide by zero error if f_header.attr_size==0 Vincent Chen (2): riscv: Correct the initialized flow of FP register riscv: Make __fstate_clean() work correctly. Viresh Kumar (1): cpufreq: schedutil: Don't skip freq update when limits change Wang Xiayang (1): drm/amdgpu: fix a potential information leaking bug Wei Yongjun (1): RDMA/hns: Fix error return code in hns_roce_v1_rsv_lp_qp() Wenwen Wang (2): ALSA: hda - Fix a memory leak bug net/mlx4_en: fix a memory leak bug Will Deacon (1): arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side Xi Wang (1): RDMA/hns: Fix sg offset non-zero issue Xin Long (1): sctp: fix the transport error_count check Yang Shi (3): mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and MPOL_MF_STRICT were specified mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind Revert "kmemleak: allow to coexist with fault injection" Yoshiaki Okamoto (1): USB: serial: option: Add support for ZTE MF871A Yoshihiro Shimoda (1): usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" YueHaibing (7): xen/pciback: remove set but not used variable 'old_state' drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m drm/bridge: tc358764: Fix build error ocfs2: remove set but not used variable 'last_hash' Input: psmouse - fix build error of multiple definition bonding: Add vlan tx offload to hw_enc_features team: Add vlan tx offload to hw_enc_features Yuki Tsunashima (1): ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain zhengbin (2): blk-mq: move cancel of requeue_work to the front of blk_exit_queue sctp: fix memleak in sctp_send_reset_streams -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAl1inmcACgkQ3qZv95d3 LNzabRAAjqvSCmJchMUM45PSlfkYCRyeCASyBbxDifS5cqjMkNEohxgV/Fel9B9W Q8rPpLG+pUtGetRRTi/SPuC8Zd4Wyru27WgBz/JcRI6ZZzYFW9aMMJhIVNF4cthZ GaxrXCTXye/sI1gifriO4yrL81shh7byl4TJFeZoR7/50AR8c703DFmkboVBaSHY FveMOt5Ic5o50KsapYDOiwgfYiUCGJzydh8e48thLTVwCAa8vXxoA/OrjIH4Exak peIjJoZEdvWswZ+CIkTmP8THHn5KzoKmImhHI3BR4/3ai40c4M9glLtin3SYC1I7 d4VDi8mIpJTFanD63pv7gaIxBUoIQVnXEbc3qMhgegTZzqqp/JxUGghb/j9I/g/G LfU3GgUyeAIcXR7nRVcNY+yBzln1yzmLe/rzmXb5bSU2oa3+bUnGzr8wUBTb8BIE XXEmamsFPW+FdMGvOeVu6+iPVVE0gw+BH+uW9ILE11H1uXr5BjeZzIb2m6jD9YnY 0slHXaSU8dLnujx+uAVD0oaJd3bc9iX+qiVXtnC4gtMiR/nNXazfLDTuhPr7j1rR urazhJ0FYcTfy7yc2U5WVllBklx+MpnA27tefVrd/NACiJAFVwQ5O0ER8W5S9Z7h YesJ0Duym0GPTWna/8IMB31XuwTqsU7+zxiaXa27OOjAIU42WGk= =BhSJ -----END PGP SIGNATURE-----

5 years, 8 months

6
17
0 0

[git:media_tree/master] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table Author: Hans de Goede <hdegoede(a)redhat.com> Date: Sun Aug 18 12:03:23 2019 -0300 Like a bunch of other MSI laptops the MS-1039 uses a 0c45:627b SN9C201 + OV7660 webcam which is mounted upside down. Add it to the sn9c20x flip_dmi_table to deal with this. Cc: stable(a)vger.kernel.org Reported-by: Rui Salvaterra <rsalvaterra(a)gmail.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/gspca/sn9c20x.c | 7 +++++++ 1 file changed, 7 insertions(+) --- diff --git a/drivers/media/usb/gspca/sn9c20x.c b/drivers/media/usb/gspca/sn9c20x.c index 12a2395a36ac..2a6d0a1265a7 100644 --- a/drivers/media/usb/gspca/sn9c20x.c +++ b/drivers/media/usb/gspca/sn9c20x.c @@ -124,6 +124,13 @@ static const struct dmi_system_id flip_dmi_table[] = { } }, { + .ident = "MSI MS-1039", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "MICRO-STAR INT'L CO.,LTD."), + DMI_MATCH(DMI_PRODUCT_NAME, "MS-1039"), + } + }, + { .ident = "MSI MS-1632", .matches = { DMI_MATCH(DMI_BOARD_VENDOR, "MSI"),

5 years, 8 months

1
0
0 0

iwlwifi: mvm: disable TX-AMSDU on older NICs

by Jean Delvare

Please consider picking: commit cfb21b11b891b08b79be07be57c40a85bb926668 Author: Johannes Berg Date: Wed Jun 12 11:09:58 2019 +0200 iwlwifi: mvm: disable TX-AMSDU on older NICs for stable kernel 5.2. It was not tagged but it matches all the criteria. It fixes commit 438af9698b0f1 which went into kernel 5.1. Thanks, -- Jean Delvare SUSE L3 Support

5 years, 8 months

2
1
0 0

[PATCH] watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout

by Rasmus Villemoes

Converting from ms to s requires dividing by 1000, not multiplying. So this is currently taking the smaller of new_timeout and 1.28e8, i.e. effectively new_timeout. The driver knows what it set max_hw_heartbeat_ms to, so use that value instead of doing a division at run-time. FWIW, this can easily be tested by booting into a busybox shell and doing "watchdog -t 5 -T 130 /dev/watchdog" - without this patch, the watchdog fires after 130&127 == 2 seconds. Fixes: b07e228eee69 "watchdog: imx2_wdt: Fix set_timeout for big timeout values" Cc: stable(a)vger.kernel.org # 5.2 plus anything the above got backported to Signed-off-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> --- This should really be handled in the watchdog core for any driver that reports max_hw_heartbeat_ms. The same pattern appears in aspeed_wdt.c. I don't have the hardware, but s#wdd->max_hw_heartbeat_ms * 1000#WDT_MAX_TIMEOUT_MS/1000U# should fix that one. drivers/watchdog/imx2_wdt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/watchdog/imx2_wdt.c b/drivers/watchdog/imx2_wdt.c index 32af3974e6bb..8d019a961ccc 100644 --- a/drivers/watchdog/imx2_wdt.c +++ b/drivers/watchdog/imx2_wdt.c @@ -55,7 +55,7 @@ #define IMX2_WDT_WMCR 0x08 /* Misc Register */ -#define IMX2_WDT_MAX_TIME 128 +#define IMX2_WDT_MAX_TIME 128U #define IMX2_WDT_DEFAULT_TIME 60 /* in seconds */ #define WDOG_SEC_TO_COUNT(s) ((s * 2 - 1) << 8) @@ -180,7 +180,7 @@ static int imx2_wdt_set_timeout(struct watchdog_device *wdog, { unsigned int actual; - actual = min(new_timeout, wdog->max_hw_heartbeat_ms * 1000); + actual = min(new_timeout, IMX2_WDT_MAX_TIME); __imx2_wdt_set_timeout(wdog, actual); wdog->timeout = new_timeout; return 0; -- 2.20.1

5 years, 8 months

2
2
0 0

[PATCH] HID: logitech-dj: Fix crash when initial logi_dj_recv_query_paired_devices fails

by Hans de Goede

Before this commit dj_probe would exit with an error if the initial logi_dj_recv_query_paired_devices fails. The initial call may fail when the receiver is connected through a kvm and the focus is away. When the call fails this causes 2 problems: 1) dj_probe calls logi_dj_recv_query_paired_devices after calling hid_device_io_start() so a HID report may have been received in between and our delayedwork_callback may be running. It seems that the initial logi_dj_recv_query_paired_devices failure happening with some KVMs triggers this exact scenario, causing the work-queue to run on free-ed memory, leading to: BUG: unable to handle page fault for address: 0000000000001e88 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 3 PID: 257 Comm: kworker/3:3 Tainted: G OE 5.3.0-rc5+ #100 Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./B150M Pro4S/D3, BIOS P7.10 12/06/2016 Workqueue: events 0xffffffffc02ba200 RIP: 0010:0xffffffffc02ba1bd Code: e8 e8 13 00 d8 48 89 c5 48 85 c0 74 4c 48 8b 7b 10 48 89 ea b9 07 00 00 00 41 b9 09 00 00 00 41 b8 01 00 00 00 be 10 00 00 00 <48> 8b 87 88 1e 00 00 48 8b 40 40 e8 b3 6b b4 d8 48 89 ef 41 89 c4 RSP: 0018:ffffb760c046bdb8 EFLAGS: 00010286 RAX: ffff935038ea4550 RBX: ffff935046778000 RCX: 0000000000000007 RDX: ffff935038ea4550 RSI: 0000000000000010 RDI: 0000000000000000 RBP: ffff935038ea4550 R08: 0000000000000001 R09: 0000000000000009 R10: 000000000000e011 R11: 0000000000000001 R12: ffff9350467780e8 R13: ffff935046778000 R14: 0000000000000000 R15: ffff935046778070 FS: 0000000000000000(0000) GS:ffff935054e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001e88 CR3: 000000075a612002 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: 0xffffffffc02ba2f7 ? process_one_work+0x1b1/0x560 process_one_work+0x234/0x560 worker_thread+0x50/0x3b0 kthread+0x10a/0x140 ? process_one_work+0x560/0x560 ? kthread_park+0x80/0x80 ret_from_fork+0x3a/0x50 Modules linked in: vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) bnep vfat fat btusb btrtl btbcm btintel bluetooth intel_rapl_msr ecdh_generic rfkill ecc snd_usb_audio snd_usbmidi_lib intel_rapl_common snd_rawmidi mc x86_pkg_temp_thermal intel_powerclamp coretemp iTCO_wdt iTCO_vendor_support mei_wdt mei_hdcp ppdev kvm_intel kvm irqbypass crct10dif_pclmul crc32_generic crc32_pclmul snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio ghash_clmulni_intel intel_cstate snd_hda_intel snd_hda_codec intel_uncore snd_hda_core snd_hwdep intel_rapl_perf snd_seq snd_seq_device snd_pcm snd_timer intel_wmi_thunderbolt snd e1000e soundcore mxm_wmi i2c_i801 bfq mei_me mei intel_pch_thermal parport_pc parport acpi_pad binfmt_misc hid_lg_g15(E) hid_logitech_dj(E) i915 crc32c_intel i2c_algo_bit drm_kms_helper nvme nvme_core drm wmi video uas usb_storage i2c_dev CR2: 0000000000001e88 ---[ end trace 1d3f8afdcfcbd842 ]--- 2) Even if we were to fix 1. by making sure the work is stopped before failing probe, failing probe is the wrong thing to do, we have logi_dj_recv_queue_unknown_work to deal with the initial logi_dj_recv_query_paired_devices failure. Rather then error-ing out of the probe, causing the receiver to not work at all we should rely on this, so that the attached devices will get properly enumerated once the KVM focus is switched back. Cc: stable(a)vger.kernel.org Fixes: 74808f9115ce ("HID: logitech-dj: add support for non unifying receivers") Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/hid/hid-logitech-dj.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c index cc47f948c1d0..7badbaa18878 100644 --- a/drivers/hid/hid-logitech-dj.c +++ b/drivers/hid/hid-logitech-dj.c @@ -1734,14 +1734,14 @@ static int logi_dj_probe(struct hid_device *hdev, if (retval < 0) { hid_err(hdev, "%s: logi_dj_recv_query_paired_devices error:%d\n", __func__, retval); - goto logi_dj_recv_query_paired_devices_failed; + /* + * This can happen with a KVM, let the probe succeed, + * logi_dj_recv_queue_unknown_work will retry later. + */ } } - return retval; - -logi_dj_recv_query_paired_devices_failed: - hid_hw_close(hdev); + return 0; llopen_failed: switch_to_dj_mode_fail: -- 2.23.0

5 years, 8 months

2
5
0 0

[PATCH v2] MIPS: Treat Loongson Extensions as ASEs

by Jiaxun Yang

Recently, binutils had split Loongson-3 Extensions into four ASEs: MMI, CAM, EXT, EXT2. This patch do the samething in kernel and expose them in cpuinfo so applications can probe supported ASEs at runtime. Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> Cc: Huacai Chen <chenhc(a)lemote.com> Cc: Yunqiang Su <ysu(a)wavecomp.com> Cc: stable(a)vger.kernel.org # v4.14+ --- arch/mips/include/asm/cpu-features.h | 16 ++++++++++++++++ arch/mips/include/asm/cpu.h | 4 ++++ arch/mips/kernel/cpu-probe.c | 6 ++++++ arch/mips/kernel/proc.c | 4 ++++ 4 files changed, 30 insertions(+) diff --git a/arch/mips/include/asm/cpu-features.h b/arch/mips/include/asm/cpu-features.h index 6998a9796499..4e2bea8875f5 100644 --- a/arch/mips/include/asm/cpu-features.h +++ b/arch/mips/include/asm/cpu-features.h @@ -397,6 +397,22 @@ #define cpu_has_dsp3 __ase(MIPS_ASE_DSP3) #endif +#ifndef cpu_has_loongson_mmi +#define cpu_has_loongson_mmi __ase(MIPS_ASE_LOONGSON_MMI) +#endif + +#ifndef cpu_has_loongson_cam +#define cpu_has_loongson_cam __ase(MIPS_ASE_LOONGSON_CAM) +#endif + +#ifndef cpu_has_loongson_ext +#define cpu_has_loongson_ext __ase(MIPS_ASE_LOONGSON_EXT) +#endif + +#ifndef cpu_has_loongson_ext2 +#define cpu_has_loongson_ext2 __ase(MIPS_ASE_LOONGSON_EXT2) +#endif + #ifndef cpu_has_mipsmt #define cpu_has_mipsmt __isa_lt_and_ase(6, MIPS_ASE_MIPSMT) #endif diff --git a/arch/mips/include/asm/cpu.h b/arch/mips/include/asm/cpu.h index 6ad7d3cabd91..cc15670ef43a 100644 --- a/arch/mips/include/asm/cpu.h +++ b/arch/mips/include/asm/cpu.h @@ -438,5 +438,9 @@ enum cpu_type_enum { #define MIPS_ASE_MSA 0x00000100 /* MIPS SIMD Architecture */ #define MIPS_ASE_DSP3 0x00000200 /* Signal Processing ASE Rev 3*/ #define MIPS_ASE_MIPS16E2 0x00000400 /* MIPS16e2 */ +#define MIPS_ASE_LOONGSON_MMI 0x00000800 /* Loongson MultiMedia extensions Instructions */ +#define MIPS_ASE_LOONGSON_CAM 0x00001000 /* Loongson CAM */ +#define MIPS_ASE_LOONGSON_EXT 0x00002000 /* Loongson EXTensions */ +#define MIPS_ASE_LOONGSON_EXT2 0x00004000 /* Loongson EXTensions R2 */ #endif /* _ASM_CPU_H */ diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c index 6126b77d5a62..f349be1cf5b8 100644 --- a/arch/mips/kernel/cpu-probe.c +++ b/arch/mips/kernel/cpu-probe.c @@ -1577,6 +1577,8 @@ static inline void cpu_probe_legacy(struct cpuinfo_mips *c, unsigned int cpu) __cpu_name[cpu] = "ICT Loongson-3"; set_elf_platform(cpu, "loongson3a"); set_isa(c, MIPS_CPU_ISA_M64R1); + c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM | + MIPS_ASE_LOONGSON_EXT); break; case PRID_REV_LOONGSON3B_R1: case PRID_REV_LOONGSON3B_R2: @@ -1584,6 +1586,8 @@ static inline void cpu_probe_legacy(struct cpuinfo_mips *c, unsigned int cpu) __cpu_name[cpu] = "ICT Loongson-3"; set_elf_platform(cpu, "loongson3b"); set_isa(c, MIPS_CPU_ISA_M64R1); + c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM | + MIPS_ASE_LOONGSON_EXT); break; } @@ -1950,6 +1954,8 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips *c, unsigned int cpu) decode_configs(c); c->options |= MIPS_CPU_FTLB | MIPS_CPU_TLBINV | MIPS_CPU_LDPTE; c->writecombine = _CACHE_UNCACHED_ACCELERATED; + c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM | + MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2); break; default: panic("Unknown Loongson Processor ID!"); diff --git a/arch/mips/kernel/proc.c b/arch/mips/kernel/proc.c index b2de408a259e..f8d36710cd58 100644 --- a/arch/mips/kernel/proc.c +++ b/arch/mips/kernel/proc.c @@ -124,6 +124,10 @@ static int show_cpuinfo(struct seq_file *m, void *v) if (cpu_has_eva) seq_printf(m, "%s", " eva"); if (cpu_has_htw) seq_printf(m, "%s", " htw"); if (cpu_has_xpa) seq_printf(m, "%s", " xpa"); + if (cpu_has_loongson_mmi) seq_printf(m, "%s", " loongson-mmi"); + if (cpu_has_loongson_cam) seq_printf(m, "%s", " loongson-cam"); + if (cpu_has_loongson_ext) seq_printf(m, "%s", " loongson-ext"); + if (cpu_has_loongson_ext2) seq_printf(m, "%s", " loongson-ext2"); seq_printf(m, "\n"); if (cpu_has_mmips) { -- 2.21.0

5 years, 8 months

3
3
0 0

[PATCH] ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint

by Jarkko Nikula

My assumption in the commit b53548f9d9e4 ("spi: pxa2xx: Remove LPSS private register restoring during resume") that Intel Lynxpoint and compatible based chipsets may not need LPSS private registers saving and restoring over suspend/resume cycle turned out to be false on Intel Broadwell. Curtis Malainey sent a patch bringing above change back and reported the LPSS SPI Chip Select control was lost over suspend/resume cycle on Broadwell machine. Instead of reverting above commit lets add LPSS private register saving/restoring also for all LPSS SPI, I2C and UART controllers on Lynxpoint and compatible chipset to make sure context is not lost in case nothing else preserves it like firmware or if LPSS is always on. Fixes: b53548f9d9e4 ("spi: pxa2xx: Remove LPSS private register restoring during resume") Reported-by: Curtis Malainey <cujomalainey(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> --- drivers/acpi/acpi_lpss.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c index d696f165a50e..60bbc5090abe 100644 --- a/drivers/acpi/acpi_lpss.c +++ b/drivers/acpi/acpi_lpss.c @@ -219,12 +219,13 @@ static void bsw_pwm_setup(struct lpss_private_data *pdata) } static const struct lpss_device_desc lpt_dev_desc = { - .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR, + .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR + | LPSS_SAVE_CTX, .prv_offset = 0x800, }; static const struct lpss_device_desc lpt_i2c_dev_desc = { - .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_LTR, + .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_LTR | LPSS_SAVE_CTX, .prv_offset = 0x800, }; @@ -236,7 +237,8 @@ static struct property_entry uart_properties[] = { }; static const struct lpss_device_desc lpt_uart_dev_desc = { - .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR, + .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR + | LPSS_SAVE_CTX, .clk_con_id = "baudclk", .prv_offset = 0x800, .setup = lpss_uart_setup, -- 2.23.0.rc1

5 years, 8 months

4
3
0 0

FAILED: patch "[PATCH] IB/hfi1: Drop stale TID RDMA packets" failed to apply to 5.2-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.2-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d58c1834bf0d218a0bc00f8fb44874551b21da84 Mon Sep 17 00:00:00 2001 From: Kaike Wan <kaike.wan(a)intel.com> Date: Thu, 15 Aug 2019 15:20:33 -0400 Subject: [PATCH] IB/hfi1: Drop stale TID RDMA packets In a congested fabric with adaptive routing enabled, traces show that the sender could receive stale TID RDMA NAK packets that contain newer KDETH PSNs and older Verbs PSNs. If not dropped, these packets could cause the incorrect rewinding of the software flows and the incorrect completion of TID RDMA WRITE requests, and eventually leading to memory corruption and kernel crash. The current code drops stale TID RDMA ACK/NAK packets solely based on KDETH PSNs, which may lead to erroneous processing. This patch fixes the issue by also checking the Verbs PSN. Addition checks are added before rewinding the TID RDMA WRITE DATA packets. Fixes: 9e93e967f7b4 ("IB/hfi1: Add a function to receive TID RDMA ACK packet") Cc: <stable(a)vger.kernel.org> Reviewed-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Kaike Wan <kaike.wan(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> Link: https://lore.kernel.org/r/20190815192033.105923.44192.stgit@awfm-01.aw.inte… Signed-off-by: Doug Ledford <dledford(a)redhat.com> diff --git a/drivers/infiniband/hw/hfi1/tid_rdma.c b/drivers/infiniband/hw/hfi1/tid_rdma.c index 996fc298207e..94070144fef5 100644 --- a/drivers/infiniband/hw/hfi1/tid_rdma.c +++ b/drivers/infiniband/hw/hfi1/tid_rdma.c @@ -4509,7 +4509,7 @@ void hfi1_rc_rcv_tid_rdma_ack(struct hfi1_packet *packet) struct rvt_swqe *wqe; struct tid_rdma_request *req; struct tid_rdma_flow *flow; - u32 aeth, psn, req_psn, ack_psn, resync_psn, ack_kpsn; + u32 aeth, psn, req_psn, ack_psn, flpsn, resync_psn, ack_kpsn; unsigned long flags; u16 fidx; @@ -4538,6 +4538,9 @@ void hfi1_rc_rcv_tid_rdma_ack(struct hfi1_packet *packet) ack_kpsn--; } + if (unlikely(qp->s_acked == qp->s_tail)) + goto ack_op_err; + wqe = rvt_get_swqe_ptr(qp, qp->s_acked); if (wqe->wr.opcode != IB_WR_TID_RDMA_WRITE) @@ -4550,7 +4553,8 @@ void hfi1_rc_rcv_tid_rdma_ack(struct hfi1_packet *packet) trace_hfi1_tid_flow_rcv_tid_ack(qp, req->acked_tail, flow); /* Drop stale ACK/NAK */ - if (cmp_psn(psn, full_flow_psn(flow, flow->flow_state.spsn)) < 0) + if (cmp_psn(psn, full_flow_psn(flow, flow->flow_state.spsn)) < 0 || + cmp_psn(req_psn, flow->flow_state.resp_ib_psn) < 0) goto ack_op_err; while (cmp_psn(ack_kpsn, @@ -4712,7 +4716,12 @@ done: switch ((aeth >> IB_AETH_CREDIT_SHIFT) & IB_AETH_CREDIT_MASK) { case 0: /* PSN sequence error */ + if (!req->flows) + break; flow = &req->flows[req->acked_tail]; + flpsn = full_flow_psn(flow, flow->flow_state.lpsn); + if (cmp_psn(psn, flpsn) > 0) + break; trace_hfi1_tid_flow_rcv_tid_ack(qp, req->acked_tail, flow); req->r_ack_psn = mask_psn(be32_to_cpu(ohdr->bth[2]));

5 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c49a0a80137c7ca7d6ced4c812c9e07a949f6f24 Mon Sep 17 00:00:00 2001 From: Tom Lendacky <thomas.lendacky(a)amd.com> Date: Mon, 19 Aug 2019 15:52:35 +0000 Subject: [PATCH] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h There have been reports of RDRAND issues after resuming from suspend on some AMD family 15h and family 16h systems. This issue stems from a BIOS not performing the proper steps during resume to ensure RDRAND continues to function properly. RDRAND support is indicated by CPUID Fn00000001_ECX[30]. This bit can be reset by clearing MSR C001_1004[62]. Any software that checks for RDRAND support using CPUID, including the kernel, will believe that RDRAND is not supported. Update the CPU initialization to clear the RDRAND CPUID bit for any family 15h and 16h processor that supports RDRAND. If it is known that the family 15h or family 16h system does not have an RDRAND resume issue or that the system will not be placed in suspend, the "rdrand=force" kernel parameter can be used to stop the clearing of the RDRAND CPUID bit. Additionally, update the suspend and resume path to save and restore the MSR C001_1004 value to ensure that the RDRAND CPUID setting remains in place after resuming from suspend. Note, that clearing the RDRAND CPUID bit does not prevent a processor that normally supports the RDRAND instruction from executing it. So any code that determined the support based on family and model won't #UD. Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Cc: Andrew Cooper <andrew.cooper3(a)citrix.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Chen Yu <yu.c.chen(a)intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: "linux-doc(a)vger.kernel.org" <linux-doc(a)vger.kernel.org> Cc: "linux-pm(a)vger.kernel.org" <linux-pm(a)vger.kernel.org> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: "Rafael J. Wysocki" <rjw(a)rjwysocki.net> Cc: <stable(a)vger.kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: "x86(a)kernel.org" <x86(a)kernel.org> Link: https://lkml.kernel.org/r/7543af91666f491547bd86cebb1e17c66824ab9f.15662299… diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 47d981a86e2f..4c1971960afa 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -4090,6 +4090,13 @@ Run specified binary instead of /init from the ramdisk, used for early userspace startup. See initrd. + rdrand= [X86] + force - Override the decision by the kernel to hide the + advertisement of RDRAND support (this affects + certain AMD processors because of buggy BIOS + support, specifically around the suspend/resume + path). + rdt= [HW,X86,RDT] Turn on/off individual RDT features. List is: cmt, mbmtotal, mbmlocal, l3cat, l3cdp, l2cat, l2cdp, diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 6b4fc2788078..271d837d69a8 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -381,6 +381,7 @@ #define MSR_AMD64_PATCH_LEVEL 0x0000008b #define MSR_AMD64_TSC_RATIO 0xc0000104 #define MSR_AMD64_NB_CFG 0xc001001f +#define MSR_AMD64_CPUID_FN_1 0xc0011004 #define MSR_AMD64_PATCH_LOADER 0xc0010020 #define MSR_AMD64_OSVW_ID_LENGTH 0xc0010140 #define MSR_AMD64_OSVW_STATUS 0xc0010141 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 8d4e50428b68..68c363c341bf 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -804,6 +804,64 @@ static void init_amd_ln(struct cpuinfo_x86 *c) msr_set_bit(MSR_AMD64_DE_CFG, 31); } +static bool rdrand_force; + +static int __init rdrand_cmdline(char *str) +{ + if (!str) + return -EINVAL; + + if (!strcmp(str, "force")) + rdrand_force = true; + else + return -EINVAL; + + return 0; +} +early_param("rdrand", rdrand_cmdline); + +static void clear_rdrand_cpuid_bit(struct cpuinfo_x86 *c) +{ + /* + * Saving of the MSR used to hide the RDRAND support during + * suspend/resume is done by arch/x86/power/cpu.c, which is + * dependent on CONFIG_PM_SLEEP. + */ + if (!IS_ENABLED(CONFIG_PM_SLEEP)) + return; + + /* + * The nordrand option can clear X86_FEATURE_RDRAND, so check for + * RDRAND support using the CPUID function directly. + */ + if (!(cpuid_ecx(1) & BIT(30)) || rdrand_force) + return; + + msr_clear_bit(MSR_AMD64_CPUID_FN_1, 62); + + /* + * Verify that the CPUID change has occurred in case the kernel is + * running virtualized and the hypervisor doesn't support the MSR. + */ + if (cpuid_ecx(1) & BIT(30)) { + pr_info_once("BIOS may not properly restore RDRAND after suspend, but hypervisor does not support hiding RDRAND via CPUID.\n"); + return; + } + + clear_cpu_cap(c, X86_FEATURE_RDRAND); + pr_info_once("BIOS may not properly restore RDRAND after suspend, hiding RDRAND via CPUID. Use rdrand=force to reenable.\n"); +} + +static void init_amd_jg(struct cpuinfo_x86 *c) +{ + /* + * Some BIOS implementations do not restore proper RDRAND support + * across suspend and resume. Check on whether to hide the RDRAND + * instruction support via CPUID. + */ + clear_rdrand_cpuid_bit(c); +} + static void init_amd_bd(struct cpuinfo_x86 *c) { u64 value; @@ -818,6 +876,13 @@ static void init_amd_bd(struct cpuinfo_x86 *c) wrmsrl_safe(MSR_F15H_IC_CFG, value); } } + + /* + * Some BIOS implementations do not restore proper RDRAND support + * across suspend and resume. Check on whether to hide the RDRAND + * instruction support via CPUID. + */ + clear_rdrand_cpuid_bit(c); } static void init_amd_zn(struct cpuinfo_x86 *c) @@ -860,6 +925,7 @@ static void init_amd(struct cpuinfo_x86 *c) case 0x10: init_amd_gh(c); break; case 0x12: init_amd_ln(c); break; case 0x15: init_amd_bd(c); break; + case 0x16: init_amd_jg(c); break; case 0x17: init_amd_zn(c); break; } diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c index 24b079e94bc2..c9ef6a7a4a1a 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c @@ -12,6 +12,7 @@ #include <linux/smp.h> #include <linux/perf_event.h> #include <linux/tboot.h> +#include <linux/dmi.h> #include <asm/pgtable.h> #include <asm/proto.h> @@ -23,7 +24,7 @@ #include <asm/debugreg.h> #include <asm/cpu.h> #include <asm/mmu_context.h> -#include <linux/dmi.h> +#include <asm/cpu_device_id.h> #ifdef CONFIG_X86_32 __visible unsigned long saved_context_ebx; @@ -397,15 +398,14 @@ static int __init bsp_pm_check_init(void) core_initcall(bsp_pm_check_init); -static int msr_init_context(const u32 *msr_id, const int total_num) +static int msr_build_context(const u32 *msr_id, const int num) { - int i = 0; + struct saved_msrs *saved_msrs = &saved_context.saved_msrs; struct saved_msr *msr_array; + int total_num; + int i, j; - if (saved_context.saved_msrs.array || saved_context.saved_msrs.num > 0) { - pr_err("x86/pm: MSR quirk already applied, please check your DMI match table.\n"); - return -EINVAL; - } + total_num = saved_msrs->num + num; msr_array = kmalloc_array(total_num, sizeof(struct saved_msr), GFP_KERNEL); if (!msr_array) { @@ -413,19 +413,30 @@ static int msr_init_context(const u32 *msr_id, const int total_num) return -ENOMEM; } - for (i = 0; i < total_num; i++) { - msr_array[i].info.msr_no = msr_id[i]; + if (saved_msrs->array) { + /* + * Multiple callbacks can invoke this function, so copy any + * MSR save requests from previous invocations. + */ + memcpy(msr_array, saved_msrs->array, + sizeof(struct saved_msr) * saved_msrs->num); + + kfree(saved_msrs->array); + } + + for (i = saved_msrs->num, j = 0; i < total_num; i++, j++) { + msr_array[i].info.msr_no = msr_id[j]; msr_array[i].valid = false; msr_array[i].info.reg.q = 0; } - saved_context.saved_msrs.num = total_num; - saved_context.saved_msrs.array = msr_array; + saved_msrs->num = total_num; + saved_msrs->array = msr_array; return 0; } /* - * The following section is a quirk framework for problematic BIOSen: + * The following sections are a quirk framework for problematic BIOSen: * Sometimes MSRs are modified by the BIOSen after suspended to * RAM, this might cause unexpected behavior after wakeup. * Thus we save/restore these specified MSRs across suspend/resume @@ -440,7 +451,7 @@ static int msr_initialize_bdw(const struct dmi_system_id *d) u32 bdw_msr_id[] = { MSR_IA32_THERM_CONTROL }; pr_info("x86/pm: %s detected, MSR saving is needed during suspending.\n", d->ident); - return msr_init_context(bdw_msr_id, ARRAY_SIZE(bdw_msr_id)); + return msr_build_context(bdw_msr_id, ARRAY_SIZE(bdw_msr_id)); } static const struct dmi_system_id msr_save_dmi_table[] = { @@ -455,9 +466,58 @@ static const struct dmi_system_id msr_save_dmi_table[] = { {} }; +static int msr_save_cpuid_features(const struct x86_cpu_id *c) +{ + u32 cpuid_msr_id[] = { + MSR_AMD64_CPUID_FN_1, + }; + + pr_info("x86/pm: family %#hx cpu detected, MSR saving is needed during suspending.\n", + c->family); + + return msr_build_context(cpuid_msr_id, ARRAY_SIZE(cpuid_msr_id)); +} + +static const struct x86_cpu_id msr_save_cpu_table[] = { + { + .vendor = X86_VENDOR_AMD, + .family = 0x15, + .model = X86_MODEL_ANY, + .feature = X86_FEATURE_ANY, + .driver_data = (kernel_ulong_t)msr_save_cpuid_features, + }, + { + .vendor = X86_VENDOR_AMD, + .family = 0x16, + .model = X86_MODEL_ANY, + .feature = X86_FEATURE_ANY, + .driver_data = (kernel_ulong_t)msr_save_cpuid_features, + }, + {} +}; + +typedef int (*pm_cpu_match_t)(const struct x86_cpu_id *); +static int pm_cpu_check(const struct x86_cpu_id *c) +{ + const struct x86_cpu_id *m; + int ret = 0; + + m = x86_match_cpu(msr_save_cpu_table); + if (m) { + pm_cpu_match_t fn; + + fn = (pm_cpu_match_t)m->driver_data; + ret = fn(m); + } + + return ret; +} + static int pm_check_save_msr(void) { dmi_check_system(msr_save_dmi_table); + pm_cpu_check(msr_save_cpu_table); + return 0; }

5 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: Fix NULL pointer dereference in" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7c7cfdcf7f1777c7376fc9a239980de04b6b5ea1 Mon Sep 17 00:00:00 2001 From: Adrian Hunter <adrian.hunter(a)intel.com> Date: Wed, 14 Aug 2019 15:59:50 +0300 Subject: [PATCH] scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() Fix the following BUG: [ 187.065689] BUG: kernel NULL pointer dereference, address: 000000000000001c [ 187.065790] RIP: 0010:ufshcd_vreg_set_hpm+0x3c/0x110 [ufshcd_core] [ 187.065938] Call Trace: [ 187.065959] ufshcd_resume+0x72/0x290 [ufshcd_core] [ 187.065980] ufshcd_system_resume+0x54/0x140 [ufshcd_core] [ 187.065993] ? pci_pm_restore+0xb0/0xb0 [ 187.066005] ufshcd_pci_resume+0x15/0x20 [ufshcd_pci] [ 187.066017] pci_pm_thaw+0x4c/0x90 [ 187.066030] dpm_run_callback+0x5b/0x150 [ 187.066043] device_resume+0x11b/0x220 Voltage regulators are optional, so functions must check they exist before dereferencing. Note this issue is hidden if CONFIG_REGULATORS is not set, because the offending code is optimised away. Notes for stable: The issue first appears in commit 57d104c153d3 ("ufs: add UFS power management support") but is inadvertently fixed in commit 60f0187031c0 ("scsi: ufs: disable vccq if it's not needed by UFS device") which in turn was reverted by commit 730679817d83 ("Revert "scsi: ufs: disable vccq if it's not needed by UFS device""). So fix applies v3.18 to v4.5 and v5.1+ Fixes: 57d104c153d3 ("ufs: add UFS power management support") Fixes: 730679817d83 ("Revert "scsi: ufs: disable vccq if it's not needed by UFS device"") Cc: stable(a)vger.kernel.org Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index e274053109d0..029da74bb2f5 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -7062,6 +7062,9 @@ static inline int ufshcd_config_vreg_lpm(struct ufs_hba *hba, static inline int ufshcd_config_vreg_hpm(struct ufs_hba *hba, struct ufs_vreg *vreg) { + if (!vreg) + return 0; + return ufshcd_config_vreg_load(hba->dev, vreg, vreg->max_uA); }

5 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror