Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

315 participants
124201 discussions

patch "kobject: Make sure the parent does not get released before its" added to driver-core-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kobject: Make sure the parent does not get released before its to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 4ef12f7198023c09ad6d25b652bd8748c965c7fa Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Wed, 13 May 2020 18:18:40 +0300 Subject: kobject: Make sure the parent does not get released before its children In the function kobject_cleanup(), kobject_del(kobj) is called before the kobj->release(). That makes it possible to release the parent of the kobject before the kobject itself. To fix that, adding function __kboject_del() that does everything that kobject_del() does except release the parent reference. kobject_cleanup() then calls __kobject_del() instead of kobject_del(), and separately decrements the reference count of the parent kobject after kobj->release() has been called. Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Reported-by: kernel test robot <rong.a.chen(a)intel.com> Fixes: 7589238a8cf3 ("Revert "software node: Simplify software_node_release() function"") Suggested-by: "Rafael J. Wysocki" <rafael(a)kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Tested-by: Brendan Higgins <brendanhiggins(a)google.com> Acked-by: Randy Dunlap <rdunlap(a)infradead.org> Link: https://lore.kernel.org/r/20200513151840.36400-1-heikki.krogerus@linux.inte… Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- lib/kobject.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/lib/kobject.c b/lib/kobject.c index 83198cb37d8d..2bd631460e18 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -599,14 +599,7 @@ int kobject_move(struct kobject *kobj, struct kobject *new_parent) } EXPORT_SYMBOL_GPL(kobject_move); -/** - * kobject_del() - Unlink kobject from hierarchy. - * @kobj: object. - * - * This is the function that should be called to delete an object - * successfully added via kobject_add(). - */ -void kobject_del(struct kobject *kobj) +static void __kobject_del(struct kobject *kobj) { struct kernfs_node *sd; const struct kobj_type *ktype; @@ -625,9 +618,23 @@ void kobject_del(struct kobject *kobj) kobj->state_in_sysfs = 0; kobj_kset_leave(kobj); - kobject_put(kobj->parent); kobj->parent = NULL; } + +/** + * kobject_del() - Unlink kobject from hierarchy. + * @kobj: object. + * + * This is the function that should be called to delete an object + * successfully added via kobject_add(). + */ +void kobject_del(struct kobject *kobj) +{ + struct kobject *parent = kobj->parent; + + __kobject_del(kobj); + kobject_put(parent); +} EXPORT_SYMBOL(kobject_del); /** @@ -663,6 +670,7 @@ EXPORT_SYMBOL(kobject_get_unless_zero); */ static void kobject_cleanup(struct kobject *kobj) { + struct kobject *parent = kobj->parent; struct kobj_type *t = get_ktype(kobj); const char *name = kobj->name; @@ -684,7 +692,7 @@ static void kobject_cleanup(struct kobject *kobj) if (kobj->state_in_sysfs) { pr_debug("kobject: '%s' (%p): auto cleanup kobject_del\n", kobject_name(kobj), kobj); - kobject_del(kobj); + __kobject_del(kobj); } if (t && t->release) { @@ -698,6 +706,8 @@ static void kobject_cleanup(struct kobject *kobj) pr_debug("kobject: '%s': free name\n", name); kfree_const(name); } + + kobject_put(parent); } #ifdef CONFIG_DEBUG_KOBJECT_RELEASE -- 2.26.2

5 years, 7 months

patch "driver core: Fix handling of SYNC_STATE_ONLY + STATELESS device links" added to driver-core-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled driver core: Fix handling of SYNC_STATE_ONLY + STATELESS device links to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 44e960490ddf868fc9135151c4a658936e771dc2 Mon Sep 17 00:00:00 2001 From: Saravana Kannan <saravanak(a)google.com> Date: Tue, 19 May 2020 21:36:26 -0700 Subject: driver core: Fix handling of SYNC_STATE_ONLY + STATELESS device links Commit 21c27f06587d ("driver core: Fix SYNC_STATE_ONLY device link implementation") didn't completely fix STATELESS + SYNC_STATE_ONLY handling. What looks like an optimization in that commit is actually a bug that causes an if condition to always take the else path. This prevents reordering of devices in the dpm_list when a DL_FLAG_STATELESS device link is create on top of an existing DL_FLAG_SYNC_STATE_ONLY device link. Fixes: 21c27f06587d ("driver core: Fix SYNC_STATE_ONLY device link implementation") Signed-off-by: Saravana Kannan <saravanak(a)google.com> Cc: stable <stable(a)vger.kernel.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://lore.kernel.org/r/20200520043626.181820-1-saravanak@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/base/core.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 4e0e430315d9..0cad34f1eede 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -360,12 +360,14 @@ struct device_link *device_link_add(struct device *consumer, if (flags & DL_FLAG_STATELESS) { kref_get(&link->kref); - link->flags |= DL_FLAG_STATELESS; if (link->flags & DL_FLAG_SYNC_STATE_ONLY && - !(link->flags & DL_FLAG_STATELESS)) + !(link->flags & DL_FLAG_STATELESS)) { + link->flags |= DL_FLAG_STATELESS; goto reorder; - else + } else { + link->flags |= DL_FLAG_STATELESS; goto out; + } } /* -- 2.26.2

5 years, 7 months

[PATCH 4.4 00/86] 4.4.224-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.224 release. There are 86 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 May 2020 17:32:42 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.224-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.224-rc1 Sergei Trofimovich <slyfox(a)gentoo.org> Makefile: disallow data races on gcc-10 as well Jim Mattson <jmattson(a)google.com> KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7740: Add missing extal2 to CPG node Kai-Heng Feng <kai.heng.feng(a)canonical.com> Revert "ALSA: hda/realtek: Fix pop noise on ALC225" Wei Yongjun <weiyongjun1(a)huawei.com> usb: gadget: legacy: fix error return code in cdc_bind() Wei Yongjun <weiyongjun1(a)huawei.com> usb: gadget: legacy: fix error return code in gncm_bind() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: gadget: audio: Fix a missing error return value in audio_bind() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' Eric W. Biederman <ebiederm(a)xmission.com> exec: Move would_dump into flush_old_exec Borislav Petkov <bp(a)suse.de> x86: Fix early boot crash on gcc-10, third try Fabio Estevam <festevam(a)gmail.com> ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries Kyungtae Kim <kt0755(a)gmail.com> USB: gadget: fix illegal array access in binding with UDC Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Initialize allocated buffers Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix racy buffer resize under concurrent accesses Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 Paolo Abeni <pabeni(a)redhat.com> netlabel: cope with NULL catmap Paolo Abeni <pabeni(a)redhat.com> net: ipv4: really enforce backoff for redirects Cong Wang <xiyou.wangcong(a)gmail.com> net: fix a potential recursive NETDEV_FEAT_CHANGE Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: avoid shadowing standard library 'free()' in crypto Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/paravirt: Remove the unused irq_enable_sysexit pv op Keith Busch <keith.busch(a)intel.com> blk-mq: Allow blocking queue tag iter callbacks Jianchao Wang <jianchao.w.wang(a)oracle.com> blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter Gabriel Krisman Bertazi <krisman(a)linux.vnet.ibm.com> blk-mq: Allow timeouts to run while queue is freezing Christoph Hellwig <hch(a)lst.de> block: defer timeouts to a workqueue Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'restrict' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'stringop-overflow' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'array-bounds' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10: disable 'zero-length-bounds' warning for now Linus Torvalds <torvalds(a)linux-foundation.org> Stop the ad-hoc games with -Wno-maybe-initialized Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Linus Torvalds <torvalds(a)linux-foundation.org> gcc-10 warnings: fix low-hanging fruit Jason Gunthorpe <jgg(a)mellanox.com> pnp: Use list_for_each_entry() instead of open coding Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Test return value of calls to ib_get_cached_pkey Arnd Bergmann <arnd(a)arndb.de> netfilter: conntrack: avoid gcc-10 zero-length-bounds warning Gal Pressman <galp(a)mellanox.com> net/mlx5: Fix driver load error flow when firmware is stuck Anjali Singhai Jain <anjali.singhai(a)intel.com> i40e: avoid NVM acquire deadlock during NVM update Ben Hutchings <ben.hutchings(a)codethink.co.uk> scsi: qla2xxx: Avoid double completion of abort command zhong jiang <zhongjiang(a)huawei.com> mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() Jiri Benc <jbenc(a)redhat.com> gre: do not keep the GRE header around in collect medata mode John Hurley <john.hurley(a)netronome.com> net: openvswitch: fix csum updates for MPLS actions Vasily Averin <vvs(a)virtuozzo.com> ipc/util.c: sysvipc_find_ipc() incorrectly updates position index Vasily Averin <vvs(a)virtuozzo.com> drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() Lubomir Rintel <lkundrak(a)v3.sk> dmaengine: mmp_tdma: Reset channel error on release Madhuparna Bhowmik <madhuparnabhowmik10(a)gmail.com> dmaengine: pch_dma.c: Avoid data race between probe and irq handler Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: Fix a race condition with cifs_echo_request Samuel Cabrero <scabrero(a)suse.de> cifs: Check for timeout on Negotiate stage wuxu.wu <wuxu.wu(a)huawei.com> spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls Wu Bo <wubo40(a)huawei.com> scsi: sg: add sg_remove_request in sg_write Arnd Bergmann <arnd(a)arndb.de> drop_monitor: work around gcc-10 stringop-overflow warning Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: moxa: Fix a potential double 'free_irq()' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' David Ahern <dsa(a)cumulusnetworks.com> net: handle no dst on skb in icmp6_send Vladis Dronov <vdronov(a)redhat.com> ptp: free ptp device pin descriptors properly Vladis Dronov <vdronov(a)redhat.com> ptp: fix the race between the release of ptp_clock and cdev YueHaibing <yuehaibing(a)huawei.com> ptp: Fix pass zero to ERR_PTR() in ptp_clock_register Logan Gunthorpe <logang(a)deltatee.com> chardev: add helper function to register char devs with a struct device Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ptp: create "pins" together with the rest of attributes Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ptp: use is_visible method to hide unused attributes Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ptp: do not explicitly set drvdata in ptp_clock_register() Cengiz Can <cengiz(a)kernel.wtf> blktrace: fix dereference after null check Jan Kara <jack(a)suse.cz> blktrace: Protect q->blk_trace with RCU Jens Axboe <axboe(a)kernel.dk> blktrace: fix trace mutex deadlock Jens Axboe <axboe(a)kernel.dk> blktrace: fix unlocked access to init/start-stop/teardown Waiman Long <longman(a)redhat.com> blktrace: Fix potential deadlock between delete & sysfs ops Sabrina Dubroca <sd(a)queasysnail.net> net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup Sabrina Dubroca <sd(a)queasysnail.net> net: ipv6: add net argument to ip6_dst_lookup_flow Shijie Luo <luoshijie1(a)huawei.com> ext4: add cond_resched() to ext4_protect_reserved_inode Kees Cook <keescook(a)chromium.org> binfmt_elf: Do not move brk for INTERP-less ET_EXEC Alexandre Belloni <alexandre.belloni(a)free-electrons.com> phy: micrel: Ensure interrupts are reenabled on resume Alexandre Belloni <alexandre.belloni(a)free-electrons.com> phy: micrel: Disable auto negotiation on startup Ivan Delalande <colona(a)arista.com> scripts/decodecode: fix trapping instruction formatting George Spelvin <lkml(a)sdf.org> batman-adv: fix batadv_nc_random_weight_tq Oliver Neukum <oneukum(a)suse.com> USB: serial: garmin_gps: add sanity checking for data length Oliver Neukum <oneukum(a)suse.com> USB: uas: add quirk for LaCie 2Big Quadra Alex Estrin <alex.estrin(a)intel.com> Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" Ville Syrjälä <ville.syrjala(a)linux.intel.com> x86/apm: Don't access __preempt_count with zeroed fs Kees Cook <keescook(a)chromium.org> binfmt_elf: move brk out of mmap when doing direct loader exec Sabrina Dubroca <sd(a)queasysnail.net> ipv6: fix cleanup ordering for ip6_mr failure Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: do not overwrite error code Hans de Goede <hdegoede(a)redhat.com> Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" Eric Dumazet <edumazet(a)google.com> sch_choke: avoid potential panic in choke_reset() Eric Dumazet <edumazet(a)google.com> sch_sfq: validate silly quantum values Tariq Toukan <tariqt(a)mellanox.com> net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() Julia Lawall <Julia.Lawall(a)inria.fr> dp83640: reverse arguments to list_add_tail Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS" Matt Jolly <Kangie(a)footclan.ninja> USB: serial: qcserial: Add DW5816e support ------------- Diffstat: Makefile | 17 +- arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 4 +- arch/arm/boot/dts/r8a7740.dtsi | 2 +- arch/x86/entry/entry_32.S | 8 +- arch/x86/include/asm/apm.h | 6 - arch/x86/include/asm/paravirt.h | 7 - arch/x86/include/asm/paravirt_types.h | 9 -- arch/x86/include/asm/stackprotector.h | 7 +- arch/x86/kernel/apm_32.c | 5 + arch/x86/kernel/asm-offsets.c | 3 - arch/x86/kernel/paravirt.c | 7 - arch/x86/kernel/paravirt_patch_32.c | 2 - arch/x86/kernel/paravirt_patch_64.c | 1 - arch/x86/kernel/smpboot.c | 8 + arch/x86/kvm/x86.c | 2 +- arch/x86/xen/enlighten.c | 3 - arch/x86/xen/smp.c | 1 + arch/x86/xen/xen-asm_32.S | 14 -- arch/x86/xen/xen-ops.h | 3 - block/blk-core.c | 3 + block/blk-mq-tag.c | 7 +- block/blk-mq.c | 17 ++ block/blk-timeout.c | 3 + crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/video_detect.c | 11 -- drivers/dma/mmp_tdma.c | 2 + drivers/dma/pch_dma.c | 2 +- drivers/gpu/drm/qxl/qxl_image.c | 3 +- drivers/infiniband/core/addr.c | 6 +- drivers/infiniband/hw/mlx4/qp.c | 14 +- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 -- drivers/net/ethernet/cisco/enic/enic_main.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 98 +++++++----- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 2 - drivers/net/ethernet/mellanox/mlx4/main.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- drivers/net/ethernet/moxa/moxart_ether.c | 2 +- drivers/net/ethernet/natsemi/jazzsonic.c | 6 +- drivers/net/geneve.c | 4 +- drivers/net/phy/dp83640.c | 2 +- drivers/net/phy/micrel.c | 28 +++- drivers/net/phy/phy.c | 15 +- drivers/net/vxlan.c | 10 +- drivers/ptp/ptp_clock.c | 42 ++--- drivers/ptp/ptp_private.h | 9 +- drivers/ptp/ptp_sysfs.c | 162 ++++++++----------- drivers/scsi/qla2xxx/qla_init.c | 4 +- drivers/scsi/sg.c | 4 +- drivers/spi/spi-dw.c | 15 +- drivers/spi/spi-dw.h | 1 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/gadget/legacy/audio.c | 4 +- drivers/usb/gadget/legacy/cdc2.c | 4 +- drivers/usb/gadget/legacy/ncm.c | 4 +- drivers/usb/gadget/udc/net2272.c | 2 + drivers/usb/serial/garmin_gps.c | 4 +- drivers/usb/serial/qcserial.c | 1 + drivers/usb/storage/unusual_uas.h | 7 + fs/binfmt_elf.c | 12 ++ fs/char_dev.c | 86 ++++++++++ fs/cifs/cifssmb.c | 12 ++ fs/cifs/connect.c | 11 +- fs/cifs/smb2pdu.c | 12 ++ fs/exec.c | 4 +- fs/ext4/block_validity.c | 1 + include/linux/blkdev.h | 3 +- include/linux/blktrace_api.h | 6 +- include/linux/cdev.h | 5 + include/linux/compiler.h | 7 + include/linux/fs.h | 2 +- include/linux/pnp.h | 29 ++-- include/linux/posix-clock.h | 19 ++- include/linux/tty.h | 2 +- include/net/addrconf.h | 6 +- include/net/ipv6.h | 2 +- include/net/netfilter/nf_conntrack.h | 2 +- include/sound/rawmidi.h | 1 + init/main.c | 2 + ipc/util.c | 12 +- kernel/time/posix-clock.c | 31 ++-- kernel/trace/blktrace.c | 191 +++++++++++++++++------ mm/memory_hotplug.c | 4 +- net/batman-adv/network-coding.c | 9 +- net/core/dev.c | 4 +- net/core/drop_monitor.c | 11 +- net/dccp/ipv6.c | 6 +- net/ipv4/cipso_ipv4.c | 6 +- net/ipv4/ip_gre.c | 7 +- net/ipv4/route.c | 2 +- net/ipv6/addrconf_core.c | 11 +- net/ipv6/af_inet6.c | 10 +- net/ipv6/datagram.c | 2 +- net/ipv6/icmp.c | 6 +- net/ipv6/inet6_connection_sock.c | 4 +- net/ipv6/ip6_output.c | 8 +- net/ipv6/raw.c | 2 +- net/ipv6/syncookies.c | 2 +- net/ipv6/tcp_ipv6.c | 4 +- net/l2tp/l2tp_ip6.c | 2 +- net/mpls/af_mpls.c | 7 +- net/netfilter/nf_conntrack_core.c | 4 +- net/netlabel/netlabel_kapi.c | 6 + net/openvswitch/actions.c | 6 +- net/sched/sch_choke.c | 3 +- net/sched/sch_sfq.c | 9 ++ net/sctp/ipv6.c | 4 +- net/tipc/udp_media.c | 9 +- scripts/decodecode | 2 +- sound/core/rawmidi.c | 35 ++++- sound/pci/hda/patch_realtek.c | 12 +- 111 files changed, 805 insertions(+), 496 deletions(-)

5 years, 7 months

[net-next 05/15] e1000: Do not perform reset in reset_task if we are already down

by Jeff Kirsher

From: Alexander Duyck <alexander.h.duyck(a)linux.intel.com> We are seeing a deadlock in e1000 down when NAPI is being disabled. Looking over the kernel function trace of the system it appears that the interface is being closed and then a reset is hitting which deadlocks the interface as the NAPI interface is already disabled. To prevent this from happening I am disabling the reset task when __E1000_DOWN is already set. In addition code has been added so that we set the __E1000_DOWN while holding the __E1000_RESET flag in e1000_close in order to guarantee that the reset task will not run after we have started the close call. CC: stable <stable(a)vger.kernel.org> Signed-off-by: Alexander Duyck <alexander.h.duyck(a)linux.intel.com> Tested-by: Maxim Zhukov <mussitantesmortem(a)gmail.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> --- drivers/net/ethernet/intel/e1000/e1000_main.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c index 05bc6e216bca..d9fa4600f745 100644 --- a/drivers/net/ethernet/intel/e1000/e1000_main.c +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c @@ -542,8 +542,13 @@ void e1000_reinit_locked(struct e1000_adapter *adapter) WARN_ON(in_interrupt()); while (test_and_set_bit(__E1000_RESETTING, &adapter->flags)) msleep(1); - e1000_down(adapter); - e1000_up(adapter); + + /* only run the task if not already down */ + if (!test_bit(__E1000_DOWN, &adapter->flags)) { + e1000_down(adapter); + e1000_up(adapter); + } + clear_bit(__E1000_RESETTING, &adapter->flags); } @@ -1433,10 +1438,15 @@ int e1000_close(struct net_device *netdev) struct e1000_hw *hw = &adapter->hw; int count = E1000_CHECK_RESET_COUNT; - while (test_bit(__E1000_RESETTING, &adapter->flags) && count--) + while (test_and_set_bit(__E1000_RESETTING, &adapter->flags) && count--) usleep_range(10000, 20000); - WARN_ON(test_bit(__E1000_RESETTING, &adapter->flags)); + WARN_ON(count < 0); + + /* signal that we're down so that the reset task will no longer run */ + set_bit(__E1000_DOWN, &adapter->flags); + clear_bit(__E1000_RESETTING, &adapter->flags); + e1000_down(adapter); e1000_power_down_phy(adapter); e1000_free_irq(adapter); -- 2.26.2

5 years, 7 months

[PATCH 4.19.y] riscv: set max_pfn to the PFN of the last page

by Palmer Dabbelt

From: Vincent Chen <vincent.chen(a)sifive.com> commit c749bb2d554825e007cbc43b791f54e124dadfce upstream. The current max_pfn equals to zero. In this case, I found it caused users cannot get some page information through /proc such as kpagecount in v5.6 kernel because of new sanity checks. The following message is displayed by stress-ng test suite with the command "stress-ng --verbose --physpage 1 -t 1" on HiFive unleashed board. # stress-ng --verbose --physpage 1 -t 1 stress-ng: debug: [109] 4 processors online, 4 processors configured stress-ng: info: [109] dispatching hogs: 1 physpage stress-ng: debug: [109] cache allocate: reducing cache level from L3 (too high) to L0 stress-ng: debug: [109] get_cpu_cache: invalid cache_level: 0 stress-ng: info: [109] cache allocate: using built-in defaults as no suitable cache found stress-ng: debug: [109] cache allocate: default cache size: 2048K stress-ng: debug: [109] starting stressors stress-ng: debug: [109] 1 stressor spawned stress-ng: debug: [110] stress-ng-physpage: started [110] (instance 0) stress-ng: error: [110] stress-ng-physpage: cannot read page count for address 0x3fd34de000 in /proc/kpagecount, errno=0 (Success) stress-ng: error: [110] stress-ng-physpage: cannot read page count for address 0x3fd32db078 in /proc/kpagecount, errno=0 (Success) ... stress-ng: error: [110] stress-ng-physpage: cannot read page count for address 0x3fd32db078 in /proc/kpagecount, errno=0 (Success) stress-ng: debug: [110] stress-ng-physpage: exited [110] (instance 0) stress-ng: debug: [109] process [110] terminated stress-ng: info: [109] successful run completed in 1.00s # After applying this patch, the kernel can pass the test. # stress-ng --verbose --physpage 1 -t 1 stress-ng: debug: [104] 4 processors online, 4 processors configured stress-ng: info: [104] dispatching hogs: 1 physpage stress-ng: info: [104] cache allocate: using defaults, can't determine cache details from sysfs stress-ng: debug: [104] cache allocate: default cache size: 2048K stress-ng: debug: [104] starting stressors stress-ng: debug: [104] 1 stressor spawned stress-ng: debug: [105] stress-ng-physpage: started [105] (instance 0) stress-ng: debug: [105] stress-ng-physpage: exited [105] (instance 0) stress-ng: debug: [104] process [105] terminated stress-ng: info: [104] successful run completed in 1.01s # Cc: stable(a)vger.kernel.org Signed-off-by: Vincent Chen <vincent.chen(a)sifive.com> Reviewed-by: Anup Patel <anup(a)brainfault.org> Reviewed-by: Yash Shah <yash.shah(a)sifive.com> Tested-by: Yash Shah <yash.shah(a)sifive.com> [Palmer: back-ported to 4.19] Signed-off-by: Palmer Dabbelt <palmerdabbelt(a)google.com> --- arch/riscv/kernel/setup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index 9713d4e8c22b..6558617bd2ce 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -19,6 +19,7 @@ * to the Free Software Foundation, Inc., */ +#include <linux/bootmem.h> #include <linux/init.h> #include <linux/mm.h> #include <linux/memblock.h> @@ -187,6 +188,7 @@ static void __init setup_bootmem(void) set_max_mapnr(PFN_DOWN(mem_size)); max_low_pfn = PFN_DOWN(memblock_end_of_DRAM()); + max_pfn = max_low_pfn; #ifdef CONFIG_BLK_DEV_INITRD setup_initrd(); -- 2.26.2.761.g0e0b3e54be-goog

5 years, 7 months

[stable] KVM: SVM: Fix potential memory leak in svm_cpu_init()

by Ben Hutchings

Please pick this fix for 4.19 and 5.4 stable branches: commit d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 Author: Miaohe Lin <linmiaohe(a)huawei.com> Date: Sat Jan 4 16:56:49 2020 +0800 KVM: SVM: Fix potential memory leak in svm_cpu_init() It applies cleanly to both. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

5 years, 7 months

[4.14-stable] watchdog: Fix the race between the release of watchdog_core_data and cdev

by Ben Hutchings

Please queue up the attached backport of commit 2351c88f8296 "watchdog: Fix the race between the release of watchdog_core_data and cdev" for 4.14. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

5 years, 7 months

[4.14-stable] Security fixes

by Ben Hutchings

Here are some fixes that required backporting for 4.14. All of them are already present in later stable branches. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

5 years, 7 months

+ z3fold-fix-use-after-free-when-freeing-handles.patch added to -mm tree

by Andrew Morton

The patch titled Subject: z3fold: fix use-after-free when freeing handles has been added to the -mm tree. Its filename is z3fold-fix-use-after-free-when-freeing-handles.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/z3fold-fix-use-after-free-when-fre… and later at http://ozlabs.org/~akpm/mmotm/broken-out/z3fold-fix-use-after-free-when-fre… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Uladzislau Rezki <uladzislau.rezki(a)sony.com> Subject: z3fold: fix use-after-free when freeing handles free_handle() for a foreign handle may race with inter-page compaction, what can lead to memory corruption. To avoid that, take write lock not read lock in free_handle to be synchronized with __release_z3fold_page(). For example KASAN can detect it: [ 33.723357] ================================================================== [ 33.723401] BUG: KASAN: use-after-free in LZ4_decompress_safe+0x2c4/0x3b8 [ 33.723418] Read of size 1 at addr ffffffc976695ca3 by task GoogleApiHandle/4121 [ 33.723428] [ 33.723449] CPU: 0 PID: 4121 Comm: GoogleApiHandle Tainted: P S OE 4.19.81-perf+ #162 [ 33.723461] Hardware name: Sony Mobile Communications. PDX-203(KONA) (DT) [ 33.723473] Call trace: [ 33.723495] dump_backtrace+0x0/0x288 [ 33.723512] show_stack+0x14/0x20 [ 33.723533] dump_stack+0xe4/0x124 [ 33.723551] print_address_description+0x80/0x2e0 [ 33.723566] kasan_report+0x268/0x2d0 [ 33.723584] __asan_load1+0x4c/0x58 [ 33.723601] LZ4_decompress_safe+0x2c4/0x3b8 [ 33.723619] lz4_decompress_crypto+0x3c/0x70 [ 33.723636] crypto_decompress+0x58/0x70 [ 33.723656] zcomp_decompress+0xd4/0x120 ... Apart from that, initialize zhdr->mapped_count in init_z3fold_page() and remove "newpage" variable because it is not used anywhere. Link: http://lkml.kernel.org/r/20200520082100.28876-1-vitaly.wool@konsulko.com Signed-off-by: Uladzislau Rezki <uladzislau.rezki(a)sony.com> Signed-off-by: Vitaly Wool <vitaly.wool(a)konsulko.com> Cc: Qian Cai <cai(a)lca.pw> Cc: Raymond Jennings <shentino(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/z3fold.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/mm/z3fold.c~z3fold-fix-use-after-free-when-freeing-handles +++ a/mm/z3fold.c @@ -318,16 +318,16 @@ static inline void free_handle(unsigned slots = handle_to_slots(handle); write_lock(&slots->lock); *(unsigned long *)handle = 0; - write_unlock(&slots->lock); - if (zhdr->slots == slots) + if (zhdr->slots == slots) { + write_unlock(&slots->lock); return; /* simple case, nothing else to do */ + } /* we are freeing a foreign handle if we are here */ zhdr->foreign_handles--; is_free = true; - read_lock(&slots->lock); if (!test_bit(HANDLES_ORPHANED, &slots->pool)) { - read_unlock(&slots->lock); + write_unlock(&slots->lock); return; } for (i = 0; i <= BUDDY_MASK; i++) { @@ -336,7 +336,7 @@ static inline void free_handle(unsigned break; } } - read_unlock(&slots->lock); + write_unlock(&slots->lock); if (is_free) { struct z3fold_pool *pool = slots_to_pool(slots); @@ -422,6 +422,7 @@ static struct z3fold_header *init_z3fold zhdr->start_middle = 0; zhdr->cpu = -1; zhdr->foreign_handles = 0; + zhdr->mapped_count = 0; zhdr->slots = slots; zhdr->pool = pool; INIT_LIST_HEAD(&zhdr->buddy); _ Patches currently in -mm which might be from uladzislau.rezki(a)sony.com are z3fold-fix-use-after-free-when-freeing-handles.patch

5 years, 7 months

[PATCH AUTOSEL 5.6 01/62] kbuild: avoid concurrency issue in parallel building dtbs and dtbs_check

by Sasha Levin

From: Masahiro Yamada <masahiroy(a)kernel.org> [ Upstream commit b5154bf63e5577faaaca1d942df274f7de91dd2a ] 'make dtbs_check' checks the shecma in addition to building *.dtb files, in other words, 'make dtbs_check' is a super-set of 'make dtbs'. So, you do not have to do 'make dtbs dtbs_check', but I want to keep the build system as robust as possible in any use. Currently, 'dtbs' and 'dtbs_check' are independent of each other. In parallel building, two threads descend into arch/*/boot/dts/, one for dtbs and the other for dtbs_check, then end up with building the same DTB simultaneously. This commit fixes the concurrency issue. Otherwise, I see build errors like follows: $ make ARCH=arm64 defconfig $ make -j16 ARCH=arm64 DT_SCHEMA_FILES=Documentation/devicetree/bindings/arm/psci.yaml dtbs dtbs_check <snip> DTC arch/arm64/boot/dts/qcom/sdm845-cheza-r2.dtb DTC arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtb DTC arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-lite2.dtb DTC arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-lite2.dtb DTC arch/arm64/boot/dts/freescale/imx8mn-evk.dtb DTC arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-one-plus.dtb DTC arch/arm64/boot/dts/zte/zx296718-pcbox.dtb DTC arch/arm64/boot/dts/altera/socfpga_stratix10_socdk.dt.yaml DTC arch/arm64/boot/dts/amlogic/meson-gxl-s905d-p230.dtb DTC arch/arm64/boot/dts/xilinx/zynqmp-zc1254-revA.dtb DTC arch/arm64/boot/dts/allwinner/sun50i-h6-pine-h64.dtb DTC arch/arm64/boot/dts/rockchip/rk3399-gru-scarlet-inx.dtb DTC arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-one-plus.dtb CHECK arch/arm64/boot/dts/altera/socfpga_stratix10_socdk.dt.yaml fixdep: error opening file: arch/arm64/boot/dts/allwinner/.sun50i-h6-orangepi-lite2.dtb.d: No such file or directory make[2]: *** [scripts/Makefile.lib:296: arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-lite2.dtb] Error 2 make[2]: *** Deleting file 'arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-lite2.dtb' make[2]: *** Waiting for unfinished jobs.... DTC arch/arm64/boot/dts/rockchip/rk3399-gru-scarlet-kd.dtb DTC arch/arm64/boot/dts/amlogic/meson-gxl-s905d-p231.dtb DTC arch/arm64/boot/dts/xilinx/zynqmp-zc1275-revA.dtb DTC arch/arm64/boot/dts/freescale/imx8mn-ddr4-evk.dtb fixdep: parse error; no targets found make[2]: *** [scripts/Makefile.lib:296: arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-one-plus.dtb] Error 1 make[2]: *** Deleting file 'arch/arm64/boot/dts/allwinner/sun50i-h6-orangepi-one-plus.dtb' make[1]: *** [scripts/Makefile.build:505: arch/arm64/boot/dts/allwinner] Error 2 make[1]: *** Waiting for unfinished jobs.... DTC arch/arm64/boot/dts/renesas/r8a77951-salvator-xs.dtb Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Reviewed-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Makefile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d252219666fdd..6a8f0b278f1bb 100644 --- a/Makefile +++ b/Makefile @@ -1240,11 +1240,15 @@ ifneq ($(dtstree),) $(Q)$(MAKE) $(build)=$(dtstree) $(dtstree)/$@ PHONY += dtbs dtbs_install dtbs_check -dtbs dtbs_check: include/config/kernel.release scripts_dtc +dtbs: include/config/kernel.release scripts_dtc $(Q)$(MAKE) $(build)=$(dtstree) +ifneq ($(filter dtbs_check, $(MAKECMDGOALS)),) +dtbs: dt_binding_check +endif + dtbs_check: export CHECK_DTBS=1 -dtbs_check: dt_binding_check +dtbs_check: dtbs dtbs_install: $(Q)$(MAKE) $(dtbinst)=$(dtstree) -- 2.20.1

5 years, 7 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror