- Linux-stable-mirror - lists.linaro.org

by Greg KH

I'm announcing the release of the 4.19.48 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 9 arch/Kconfig | 1 arch/arm/kernel/jump_label.c | 4 arch/arm64/kernel/jump_label.c | 4 arch/mips/kernel/jump_label.c | 4 arch/powerpc/include/asm/asm-prototypes.h | 2 arch/powerpc/kernel/jump_label.c | 2 arch/powerpc/platforms/powernv/opal-tracepoints.c | 2 arch/powerpc/platforms/powernv/opal-wrappers.S | 2 arch/powerpc/platforms/pseries/hvCall.S | 4 arch/powerpc/platforms/pseries/lpar.c | 2 arch/s390/kernel/Makefile | 3 arch/s390/kernel/jump_label.c | 4 arch/sparc/kernel/Makefile | 2 arch/sparc/kernel/jump_label.c | 4 arch/x86/Makefile | 2 arch/x86/entry/calling.h | 2 arch/x86/include/asm/cpufeature.h | 2 arch/x86/include/asm/jump_label.h | 13 - arch/x86/include/asm/rmwcc.h | 6 arch/x86/kernel/Makefile | 3 arch/x86/kernel/jump_label.c | 4 arch/x86/kvm/emulate.c | 2 drivers/crypto/vmx/ghash.c | 212 +++++++------------ drivers/net/bonding/bond_main.c | 15 - drivers/net/dsa/mv88e6xxx/chip.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 5 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/marvell/mvneta.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 10 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 13 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 3 drivers/net/phy/marvell10g.c | 13 + drivers/net/usb/usbnet.c | 6 drivers/xen/xen-pciback/pciback_ops.c | 2 include/linux/compiler.h | 17 - include/linux/compiler_types.h | 4 include/linux/dynamic_debug.h | 6 include/linux/jump_label.h | 22 - include/linux/jump_label_ratelimit.h | 8 include/linux/module.h | 2 include/linux/netfilter.h | 4 include/linux/netfilter_ingress.h | 2 include/linux/siphash.h | 5 include/net/netns/ipv4.h | 2 include/uapi/linux/tipc_config.h | 10 init/Kconfig | 3 kernel/jump_label.c | 10 kernel/module.c | 2 kernel/sched/core.c | 2 kernel/sched/debug.c | 4 kernel/sched/fair.c | 6 kernel/sched/sched.h | 6 lib/dynamic_debug.c | 2 net/core/dev.c | 8 net/ipv4/igmp.c | 47 ++-- net/ipv4/route.c | 12 - net/ipv6/output_core.c | 30 +- net/ipv6/raw.c | 2 net/ipv6/route.c | 6 net/llc/llc_output.c | 2 net/netfilter/core.c | 6 net/sched/act_api.c | 3 net/tipc/core.c | 32 +- net/tipc/subscr.h | 5 net/tipc/topsrv.c | 14 + net/tls/tls_device.c | 9 scripts/gcc-goto.sh | 2 tools/arch/x86/include/asm/rmwcc.h | 6 72 files changed, 337 insertions(+), 350 deletions(-) Andy Duan (1): net: fec: fix the clk mismatch in failed_reset path Antoine Tenart (1): net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value Chris Packham (1): tipc: Avoid copying bytes beyond the supplied data Daniel Axtens (1): crypto: vmx - ghash: do nosimd fallback manually David Ahern (1): ipv6: Fix redirect with VRF David S. Miller (1): Revert "tipc: fix modprobe tipc failed after switch order of device registration" Eric Dumazet (5): inet: switch IP ID generator to siphash ipv4/igmp: fix another memory leak in igmpv3_del_delrec() ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST llc: fix skb leak in llc_build_and_send_ui_pkt() net-gro: fix use-after-free read in napi_gro_frags() Greg Kroah-Hartman (1): Linux 4.19.48 Jakub Kicinski (2): net/tls: fix state removal with feature flags off net/tls: don't ignore netdev notifications if no TLS features Jarod Wilson (1): bonding/802.3ad: fix slave link initialization transition states Jisheng Zhang (2): net: mvneta: Fix err code path of probe net: stmmac: fix reset gpio free missing Junwei Hu (1): tipc: fix modprobe tipc failed after switch order of device registration Kloetzke Jan (1): usbnet: fix kernel crash after disconnect Konrad Rzeszutek Wilk (1): xen/pciback: Don't disable PCI_COMMAND on PCI device reset. Masahiro Yamada (2): compiler.h: give up __compiletime_assert_fallback() jump_label: move 'asm goto' support test to Kconfig Michael Chan (1): bnxt_en: Fix aggregation buffer leak under OOM condition. Mike Manning (1): ipv6: Consider sk_bound_dev_if when binding a raw socket to an address Parav Pandit (2): net/mlx5: Avoid double free in fs init error unwinding path net/mlx5: Allocate root ns memory using kzalloc to match kfree Raju Rangoju (1): cxgb4: offload VLAN flows regardless of VLAN ethtype Rasmus Villemoes (1): net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT Russell King (1): net: phy: marvell10g: report if the PHY fails to boot firmware Saeed Mahameed (1): net/mlx5e: Disable rxhash when CQE compress is enabled Vlad Buslov (1): net: sched: don't use tc_action->order during action dump Weifeng Voon (1): net: stmmac: dma channel control register need to be init first ndesaulniers(a)google.com (1): include/linux/compiler*.h: define asm_volatile_goto

5 years, 12 months

1
1
0 0

[PATCH v2] mmc: dw_mmc: Disable SDIO interrupts while suspended to fix suspend/resume

by Douglas Anderson

Processing SDIO interrupts while dw_mmc is suspended (or partly suspended) seems like a bad idea. We really don't want to be processing them until we've gotten ourselves fully powered up. You might be wondering how it's even possible to become suspended when an SDIO interrupt is active. As can be seen in dw_mci_enable_sdio_irq(), we explicitly keep dw_mmc out of runtime suspend when the SDIO interrupt is enabled. ...but even though we stop normal runtime suspend transitions when SDIO interrupts are enabled, the dw_mci_runtime_suspend() can still get called for a full system suspend. Let's handle all this by explicitly masking SDIO interrupts in the suspend call and unmasking them later in the resume call. To do this cleanly I'll keep track of whether the client requested that SDIO interrupts be enabled so that we can reliably restore them regardless of whether we're masking them for one reason or another. It should be noted that if dw_mci_enable_sdio_irq() is never called (for instance, if we don't have an SDIO card plugged in) that "client_sdio_enb" will always be false. In those cases this patch adds a tiny bit of overhead to suspend/resume (a spinlock and a read/write of INTMASK) but other than that is a no-op. The SDMMC_INT_SDIO bit should always be clear and clearing it again won't hurt. Without this fix it can be seen that rk3288-veyron Chromebooks with Marvell WiFi would sometimes fail to resume WiFi even after picking my recent mwifiex patch [1]. Specifically you'd see messages like this: mwifiex_sdio mmc1:0001:1: Firmware wakeup failed mwifiex_sdio mmc1:0001:1: PREP_CMD: FW in reset state ...and tracing through the resume code in the failing cases showed that we were processing a SDIO interrupt really early in the resume call. NOTE: downstream in Chrome OS 3.14 and 3.18 kernels (both of which support the Marvell SDIO WiFi card) we had a patch ("CHROMIUM: sdio: Defer SDIO interrupt handling until after resume") [2]. Presumably this is the same problem that was solved by that patch. [1] https://lkml.kernel.org/r/20190404040106.40519-1-dianders@chromium.org [2] https://crrev.com/c/230765 Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: Douglas Anderson <dianders(a)chromium.org> --- I didn't put any "Fixes" tag here, but presumably this could be backported to whichever kernels folks found it useful for. I have at least confirmed that kernels v4.14 and v4.19 (as well as v5.1-rc2) show the problem. It is very easy to pick this to v4.19 and it definitely fixes the problem there. I haven't spent the time to pick this to 4.14 myself, but presumably it wouldn't be too hard to backport this as far as v4.13 since that contains commit 32dba73772f8 ("mmc: dw_mmc: Convert to use MMC_CAP2_SDIO_IRQ_NOTHREAD for SDIO IRQs"). Prior to that it might make sense for anyone experiencing this problem to just pick the old CHROMIUM patch to fix them. Changes in v2: - Suggested 4.14+ in the stable tag (Sasha-bot) - Extra note that this is a noop on non-SDIO (Shawn / Emil) - Make boolean logic cleaner as per https://crrev.com/c/1586207/1 - Hopefully clear comments as per https://crrev.com/c/1586207/1 drivers/mmc/host/dw_mmc.c | 27 +++++++++++++++++++++++---- drivers/mmc/host/dw_mmc.h | 3 +++ 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c index 80dc2fd6576c..480067b87a94 100644 --- a/drivers/mmc/host/dw_mmc.c +++ b/drivers/mmc/host/dw_mmc.c @@ -1664,7 +1664,8 @@ static void dw_mci_init_card(struct mmc_host *mmc, struct mmc_card *card) } } -static void __dw_mci_enable_sdio_irq(struct dw_mci_slot *slot, int enb) +static void __dw_mci_enable_sdio_irq(struct dw_mci_slot *slot, bool enb, + bool client_requested) { struct dw_mci *host = slot->host; unsigned long irqflags; @@ -1672,6 +1673,20 @@ static void __dw_mci_enable_sdio_irq(struct dw_mci_slot *slot, int enb) spin_lock_irqsave(&host->irq_lock, irqflags); + /* + * If we're being called directly from dw_mci_enable_sdio_irq() + * (which means that the client driver actually wants to enable or + * disable interrupts) then save the request. Otherwise this + * wasn't directly requested by the client and we should logically + * AND it with the client request since we want to disable if + * _either_ the client disabled OR we have some other reason to + * disable temporarily. + */ + if (client_requested) + host->client_sdio_enb = enb; + else + enb &= host->client_sdio_enb; + /* Enable/disable Slot Specific SDIO interrupt */ int_mask = mci_readl(host, INTMASK); if (enb) @@ -1688,7 +1703,7 @@ static void dw_mci_enable_sdio_irq(struct mmc_host *mmc, int enb) struct dw_mci_slot *slot = mmc_priv(mmc); struct dw_mci *host = slot->host; - __dw_mci_enable_sdio_irq(slot, enb); + __dw_mci_enable_sdio_irq(slot, enb, true); /* Avoid runtime suspending the device when SDIO IRQ is enabled */ if (enb) @@ -1701,7 +1716,7 @@ static void dw_mci_ack_sdio_irq(struct mmc_host *mmc) { struct dw_mci_slot *slot = mmc_priv(mmc); - __dw_mci_enable_sdio_irq(slot, 1); + __dw_mci_enable_sdio_irq(slot, true, false); } static int dw_mci_execute_tuning(struct mmc_host *mmc, u32 opcode) @@ -2734,7 +2749,7 @@ static irqreturn_t dw_mci_interrupt(int irq, void *dev_id) if (pending & SDMMC_INT_SDIO(slot->sdio_id)) { mci_writel(host, RINTSTS, SDMMC_INT_SDIO(slot->sdio_id)); - __dw_mci_enable_sdio_irq(slot, 0); + __dw_mci_enable_sdio_irq(slot, false, false); sdio_signal_irq(slot->mmc); } @@ -3424,6 +3439,8 @@ int dw_mci_runtime_suspend(struct device *dev) { struct dw_mci *host = dev_get_drvdata(dev); + __dw_mci_enable_sdio_irq(host->slot, false, false); + if (host->use_dma && host->dma_ops->exit) host->dma_ops->exit(host); @@ -3490,6 +3507,8 @@ int dw_mci_runtime_resume(struct device *dev) /* Now that slots are all setup, we can enable card detect */ dw_mci_enable_cd(host); + __dw_mci_enable_sdio_irq(host->slot, true, false); + return 0; err: diff --git a/drivers/mmc/host/dw_mmc.h b/drivers/mmc/host/dw_mmc.h index 46e9f8ec5398..dfbace0f5043 100644 --- a/drivers/mmc/host/dw_mmc.h +++ b/drivers/mmc/host/dw_mmc.h @@ -127,6 +127,7 @@ struct dw_mci_dma_slave { * @cmd11_timer: Timer for SD3.0 voltage switch over scheme. * @cto_timer: Timer for broken command transfer over scheme. * @dto_timer: Timer for broken data transfer over scheme. + * @client_sdio_enb: The value last passed to enable_sdio_irq. * * Locking * ======= @@ -234,6 +235,8 @@ struct dw_mci { struct timer_list cmd11_timer; struct timer_list cto_timer; struct timer_list dto_timer; + + bool client_sdio_enb; }; /* DMA ops for Internal/External DMAC interface */ -- 2.21.0.593.g511ec345e18-goog

5 years, 12 months

5
9
0 0

AW: [PATCH 3/5] usb: xhci: avoid null pointer deref when bos field is NULL

by Schmid, Carsten

Hi Sasha, i have (back)ported the patch to the older kernels mentioned below where the original patch failed. The patch appended to this mail applies to v4.14.121, v4.9.178, v4.4.180 and v3.18.140. Some changes within the xhci driver prevented git from finding the correct position. Hope this helps :-) Best regards Carsten ________________________________________ Von: Sasha Levin <sashal(a)kernel.org> Gesendet: Mittwoch, 29. Mai 2019 15:14 An: Sasha Levin; Mathias Nyman; Schmid, Carsten; gregkh(a)linuxfoundation.org Cc: linux-usb(a)vger.kernel.org; Stable; stable(a)vger.kernel.org Betreff: Re: [PATCH 3/5] usb: xhci: avoid null pointer deref when bos field is NULL Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v5.1.4, v5.0.18, v4.19.45, v4.14.121, v4.9.178, v4.4.180, v3.18.140. v5.1.4: Build OK! v5.0.18: Build OK! v4.19.45: Build OK! v4.14.121: Failed to apply! Possible dependencies: 01451ad47e272 ("powerpc/powermac: Use setup_timer() helper") 38986ffa6a748 ("xhci: use port structures instead of port arrays in xhci.c functions") 83ad1e6a1dc04 ("powerpc/oprofile: Use setup_timer() helper") 8d6b1bf20f61c ("powerpc/6xx: Use setup_timer() helper") b1fc2839d2f92 ("drm/msm: Implement preemption for A5XX targets") b9eaf18722221 ("treewide: init_timer() -> setup_timer()") cd414f3d93168 ("drm/msm: Move memptrs to msm_gpu") e629cfa36ea08 ("MIPS: Lasat: Use setup_timer() helper") e99e88a9d2b06 ("treewide: setup_timer() -> timer_setup()") eec874ce5ff1f ("drm/msm/adreno: load gpu at probe/bind time") f7de15450e906 ("drm/msm: Add per-instance submit queues") f97decac5f4c2 ("drm/msm: Support multiple ringbuffers") v4.9.178: Failed to apply! Possible dependencies: 01451ad47e272 ("powerpc/powermac: Use setup_timer() helper") 38986ffa6a748 ("xhci: use port structures instead of port arrays in xhci.c functions") 53460c53b7619 ("[media] au0828: Add timer to restart TS stream if no data arrives on bulk endpoint") 7c96f59e0cafe ("[media] s5p-mfc: Fix initialization of internal structures") 83ad1e6a1dc04 ("powerpc/oprofile: Use setup_timer() helper") 8d6b1bf20f61c ("powerpc/6xx: Use setup_timer() helper") b9eaf18722221 ("treewide: init_timer() -> setup_timer()") cf43e6be865a5 ("block: add scalable completion tracking of requests") e629cfa36ea08 ("MIPS: Lasat: Use setup_timer() helper") e806402130c9c ("block: split out request-only flags into a new namespace") e99e88a9d2b06 ("treewide: setup_timer() -> timer_setup()") v4.4.180: Failed to apply! Possible dependencies: 01451ad47e272 ("powerpc/powermac: Use setup_timer() helper") 37f895d7e85e7 ("NFC: pn533: Fix socket deadlock") 38986ffa6a748 ("xhci: use port structures instead of port arrays in xhci.c functions") 53460c53b7619 ("[media] au0828: Add timer to restart TS stream if no data arrives on bulk endpoint") 7c96f59e0cafe ("[media] s5p-mfc: Fix initialization of internal structures") 80c1bce9aa315 ("[media] au0828: Refactoring for start_urb_transfer()") 83ad1e6a1dc04 ("powerpc/oprofile: Use setup_timer() helper") 8d6b1bf20f61c ("powerpc/6xx: Use setup_timer() helper") 9815c7cf22dac ("NFC: pn533: Separate physical layer from the core implementation") b9eaf18722221 ("treewide: init_timer() -> setup_timer()") e629cfa36ea08 ("MIPS: Lasat: Use setup_timer() helper") e997ebbe46fe4 ("NFC: pn533: Send ATR_REQ only if NFC_PROTO_NFC_DEP bit is set") e99e88a9d2b06 ("treewide: setup_timer() -> timer_setup()") v3.18.140: Failed to apply! Possible dependencies: 0a5942c8e1480 ("NFC: Add ACPI support for NXP PN544") 34ac49664149d ("NFC: nci: remove current SLEEP mode management") 3590ebc040c9e ("NFC: logging neatening") 3682f49f32051 ("NFC: netlink: Add new netlink command NFC_CMD_ACTIVATE_TARGET") 37f895d7e85e7 ("NFC: pn533: Fix socket deadlock") 38986ffa6a748 ("xhci: use port structures instead of port arrays in xhci.c functions") 53460c53b7619 ("[media] au0828: Add timer to restart TS stream if no data arrives on bulk endpoint") 5df848f37b1d2 ("NFC: pn533: fix error return code") 7c96f59e0cafe ("[media] s5p-mfc: Fix initialization of internal structures") 80c1bce9aa315 ("[media] au0828: Refactoring for start_urb_transfer()") 9295b5b569fc4 ("NFC: nci: Add support for different NCI_DEACTIVATE_TYPE") 96d4581f0b371 ("NFC: netlink: Add mode parameter to deactivate_target functions") 9815c7cf22dac ("NFC: pn533: Separate physical layer from the core implementation") b9eaf18722221 ("treewide: init_timer() -> setup_timer()") d7979e130ebb0 ("NFC: NCI: Signal deactivation in Target mode") e997ebbe46fe4 ("NFC: pn533: Send ATR_REQ only if NFC_PROTO_NFC_DEP bit is set") e99e88a9d2b06 ("treewide: setup_timer() -> timer_setup()") How should we proceed with this patch? -- Thanks, Sasha

5 years, 12 months

1
1
0 0

[PATCH 5.1 00/40] 5.1.7-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.1.7 release. There are 40 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed 05 Jun 2019 09:04:46 AM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.7-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.1.7-rc1 Junwei Hu <hujunwei4(a)huawei.com> tipc: fix modprobe tipc failed after switch order of device registration David S. Miller <davem(a)davemloft.net> Revert "tipc: fix modprobe tipc failed after switch order of device registration" Daniel Axtens <dja(a)axtens.net> crypto: vmx - ghash: do nosimd fallback manually Willem de Bruijn <willemb(a)google.com> net: correct zerocopy refcnt with udp MSG_MORE Vishal Kulkarni <vishal(a)chelsio.com> cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size" Jakub Kicinski <jakub.kicinski(a)netronome.com> net/tls: don't ignore netdev notifications if no TLS features Jakub Kicinski <jakub.kicinski(a)netronome.com> net/tls: fix state removal with feature flags off Jakub Kicinski <jakub.kicinski(a)netronome.com> selftests/tls: add test for sleeping even though there is data Jakub Kicinski <jakub.kicinski(a)netronome.com> net/tls: fix no wakeup on partial reads Jakub Kicinski <jakub.kicinski(a)netronome.com> selftests/tls: test for lowat overshoot with multiple records Jakub Kicinski <jakub.kicinski(a)netronome.com> net/tls: fix lowat calculation if some data came from previous record Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Reduce memory usage when running in kdump kernel. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix possible BUG() condition when calling pci_disable_msix(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix aggregation buffer leak under OOM condition. Weifeng Voon <weifeng.voon(a)intel.com> net: stmmac: dma channel control register need to be init first Tan, Tee Min <tee.min.tan(a)intel.com> net: stmmac: fix ethtool flow control not able to get/set Saeed Mahameed <saeedm(a)mellanox.com> net/mlx5e: Disable rxhash when CQE compress is enabled Parav Pandit <parav(a)mellanox.com> net/mlx5: Allocate root ns memory using kzalloc to match kfree Chris Packham <chris.packham(a)alliedtelesis.co.nz> tipc: Avoid copying bytes beyond the supplied data Parav Pandit <parav(a)mellanox.com> net/mlx5: Avoid double free in fs init error unwinding path Kloetzke Jan <Jan.Kloetzke(a)preh.de> usbnet: fix kernel crash after disconnect Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix MAC address being lost in PCI D3 Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: stmmac: fix reset gpio free missing Vlad Buslov <vladbu(a)mellanox.com> net: sched: don't use tc_action->order during action dump Russell King <rmk+kernel(a)armlinux.org.uk> net: phy: marvell10g: report if the PHY fails to boot firmware Antoine Tenart <antoine.tenart(a)bootlin.com> net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: mvneta: Fix err code path of probe Eric Dumazet <edumazet(a)google.com> net-gro: fix use-after-free read in napi_gro_frags() Andy Duan <fugang.duan(a)nxp.com> net: fec: fix the clk mismatch in failed_reset path Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT Jiri Pirko <jiri(a)mellanox.com> mlxsw: spectrum_acl: Avoid warning after identical rules insertion Eric Dumazet <edumazet(a)google.com> llc: fix skb leak in llc_build_and_send_ui_pkt() David Ahern <dsahern(a)gmail.com> ipv6: Fix redirect with VRF Mike Manning <mmanning(a)vyatta.att-mail.com> ipv6: Consider sk_bound_dev_if when binding a raw socket to an address Eric Dumazet <edumazet(a)google.com> ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST Eric Dumazet <edumazet(a)google.com> ipv4/igmp: fix another memory leak in igmpv3_del_delrec() Eric Dumazet <edumazet(a)google.com> inet: switch IP ID generator to siphash Maxime Chevallier <maxime.chevallier(a)bootlin.com> ethtool: Check for vlan etype or vlan tci when parsing flow_rule Raju Rangoju <rajur(a)chelsio.com> cxgb4: offload VLAN flows regardless of VLAN ethtype Jarod Wilson <jarod(a)redhat.com> bonding/802.3ad: fix slave link initialization transition states ------------- Diffstat: Makefile | 4 +- drivers/crypto/vmx/ghash.c | 212 +++++++++------------ drivers/net/bonding/bond_main.c | 15 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 +- .../net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 5 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 11 ++ drivers/net/ethernet/freescale/fec_main.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 13 ++ drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 11 +- drivers/net/ethernet/realtek/r8169.c | 3 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 3 +- drivers/net/phy/marvell10g.c | 13 ++ drivers/net/usb/usbnet.c | 6 + include/linux/siphash.h | 5 + include/net/netns/ipv4.h | 2 + include/uapi/linux/tipc_config.h | 10 +- net/core/dev.c | 2 +- net/core/ethtool.c | 8 +- net/core/skbuff.c | 6 +- net/ipv4/igmp.c | 47 +++-- net/ipv4/ip_output.c | 4 +- net/ipv4/route.c | 12 +- net/ipv6/ip6_output.c | 4 +- net/ipv6/output_core.c | 30 +-- net/ipv6/raw.c | 2 + net/ipv6/route.c | 6 + net/llc/llc_output.c | 2 + net/sched/act_api.c | 3 +- net/tipc/core.c | 32 ++-- net/tipc/subscr.h | 5 +- net/tipc/topsrv.c | 14 +- net/tls/tls_device.c | 9 +- net/tls/tls_sw.c | 19 +- tools/testing/selftests/net/tls.c | 34 ++++ 43 files changed, 360 insertions(+), 257 deletions(-)

5 years, 12 months

7
50
0 0

[stable] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.

by Ben Hutchings

I'm looking at CVE-2015-8553 which is fixed by: commit 7681f31ec9cdacab4fd10570be924f2cef6669ba Author: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Date: Wed Feb 13 18:21:31 2019 -0500 xen/pciback: Don't disable PCI_COMMAND on PCI device reset. I'm aware that this change is incompatible with qemu < 2.5, but that's now quite old. Do you think it makes sense to apply this change to some stable branches? Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

5 years, 12 months

4
6
0 0

[PATCH 0/7] NCR5380 drivers: fixes and improvements

by Finn Thain

Among other improvements, this patch series fixes a data corruption bug in the mac_scsi driver and a bug in the EH abort routine in the core 5380 driver. For consistency I have ignored certain checkpatch.pl complaints about the indentation in mac_scsi.c. The remaining complaints seem to be false positives. Some of these patches are not trivial to backport. Those patches have been nominated for recent -stable branches only. Finn Thain (7): Revert "scsi: ncr5380: Increase register polling limit" scsi: NCR5380: Always re-enable reselection interrupt scsi: NCR5380: Handle PDMA failure reliably scsi: mac_scsi: Increase PIO/PDMA transfer length threshold scsi: mac_scsi: Fix pseudo DMA implementation, take 2 scsi: mac_scsi: Enable PDMA on Mac IIfx scsi: mac_scsi: Treat Last Byte Sent time-out as failure arch/m68k/include/asm/mac_pdma.h | 179 ++++++++++++++++++++++ arch/m68k/mac/config.c | 10 +- drivers/scsi/NCR5380.c | 18 +-- drivers/scsi/NCR5380.h | 2 +- drivers/scsi/mac_scsi.c | 249 +++++++++++-------------------- 5 files changed, 280 insertions(+), 178 deletions(-) create mode 100644 arch/m68k/include/asm/mac_pdma.h -- 2.21.0

5 years, 12 months

3
12
0 0

[PATCH 5.0 00/36] 5.0.21-stable review

by Greg Kroah-Hartman

Note, this is going to be the LAST 5.0.y kernel release. After this one, it is end-of-life, please move to 5.1.y at this point in time. If there is anything wrong with the 5.1.y tree, preventing you from moving to 5.1.y, please let me know. This is the start of the stable review cycle for the 5.0.21 release. There are 36 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed 05 Jun 2019 09:04:48 AM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.0.21-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.0.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.0.21-rc1 Junwei Hu <hujunwei4(a)huawei.com> tipc: fix modprobe tipc failed after switch order of device registration David S. Miller <davem(a)davemloft.net> Revert "tipc: fix modprobe tipc failed after switch order of device registration" Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> xen/pciback: Don't disable PCI_COMMAND on PCI device reset. Daniel Axtens <dja(a)axtens.net> crypto: vmx - ghash: do nosimd fallback manually Willem de Bruijn <willemb(a)google.com> net: correct zerocopy refcnt with udp MSG_MORE Vishal Kulkarni <vishal(a)chelsio.com> cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size" Jakub Kicinski <jakub.kicinski(a)netronome.com> net/tls: don't ignore netdev notifications if no TLS features Jakub Kicinski <jakub.kicinski(a)netronome.com> net/tls: fix state removal with feature flags off Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Reduce memory usage when running in kdump kernel. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix possible BUG() condition when calling pci_disable_msix(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix aggregation buffer leak under OOM condition. Weifeng Voon <weifeng.voon(a)intel.com> net: stmmac: dma channel control register need to be init first Tan, Tee Min <tee.min.tan(a)intel.com> net: stmmac: fix ethtool flow control not able to get/set Saeed Mahameed <saeedm(a)mellanox.com> net/mlx5e: Disable rxhash when CQE compress is enabled Parav Pandit <parav(a)mellanox.com> net/mlx5: Allocate root ns memory using kzalloc to match kfree Chris Packham <chris.packham(a)alliedtelesis.co.nz> tipc: Avoid copying bytes beyond the supplied data Parav Pandit <parav(a)mellanox.com> net/mlx5: Avoid double free in fs init error unwinding path Kloetzke Jan <Jan.Kloetzke(a)preh.de> usbnet: fix kernel crash after disconnect Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix MAC address being lost in PCI D3 Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: stmmac: fix reset gpio free missing Vlad Buslov <vladbu(a)mellanox.com> net: sched: don't use tc_action->order during action dump Russell King <rmk+kernel(a)armlinux.org.uk> net: phy: marvell10g: report if the PHY fails to boot firmware Antoine Tenart <antoine.tenart(a)bootlin.com> net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: mvneta: Fix err code path of probe Eric Dumazet <edumazet(a)google.com> net-gro: fix use-after-free read in napi_gro_frags() Andy Duan <fugang.duan(a)nxp.com> net: fec: fix the clk mismatch in failed_reset path Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT Jiri Pirko <jiri(a)mellanox.com> mlxsw: spectrum_acl: Avoid warning after identical rules insertion Eric Dumazet <edumazet(a)google.com> llc: fix skb leak in llc_build_and_send_ui_pkt() David Ahern <dsahern(a)gmail.com> ipv6: Fix redirect with VRF Mike Manning <mmanning(a)vyatta.att-mail.com> ipv6: Consider sk_bound_dev_if when binding a raw socket to an address Eric Dumazet <edumazet(a)google.com> ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST Eric Dumazet <edumazet(a)google.com> ipv4/igmp: fix another memory leak in igmpv3_del_delrec() Eric Dumazet <edumazet(a)google.com> inet: switch IP ID generator to siphash Raju Rangoju <rajur(a)chelsio.com> cxgb4: offload VLAN flows regardless of VLAN ethtype Jarod Wilson <jarod(a)redhat.com> bonding/802.3ad: fix slave link initialization transition states ------------- Diffstat: Makefile | 4 +- drivers/crypto/vmx/ghash.c | 212 +++++++++------------ drivers/net/bonding/bond_main.c | 15 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 +- .../net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 5 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 11 ++ drivers/net/ethernet/freescale/fec_main.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 13 ++ drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 11 +- drivers/net/ethernet/realtek/r8169.c | 3 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 3 +- drivers/net/phy/marvell10g.c | 13 ++ drivers/net/usb/usbnet.c | 6 + drivers/xen/xen-pciback/pciback_ops.c | 2 - include/linux/siphash.h | 5 + include/net/netns/ipv4.h | 2 + include/uapi/linux/tipc_config.h | 10 +- net/core/dev.c | 2 +- net/core/skbuff.c | 6 +- net/ipv4/igmp.c | 47 +++-- net/ipv4/ip_output.c | 4 +- net/ipv4/route.c | 12 +- net/ipv6/ip6_output.c | 4 +- net/ipv6/output_core.c | 30 +-- net/ipv6/raw.c | 2 + net/ipv6/route.c | 6 + net/llc/llc_output.c | 2 + net/sched/act_api.c | 3 +- net/tipc/core.c | 32 ++-- net/tipc/subscr.h | 5 +- net/tipc/topsrv.c | 14 +- net/tls/tls_device.c | 9 +- 41 files changed, 313 insertions(+), 245 deletions(-)

5 years, 12 months

6
40
0 0

[PATCHv3] fs/proc: allow reporting eip/esp for all coredumping threads

by John Ogness

Commit 0a1eb2d474ed ("fs/proc: Stop reporting eip and esp in /proc/PID/stat") stopped reporting eip/esp and commit fd7d56270b52 ("fs/proc: Report eip/esp in /prod/PID/stat for coredumping") reintroduced the feature to fix a regression with userspace core dump handlers (such as minicoredumper). Because PF_DUMPCORE is only set for the primary thread, this didn't fix the original problem for secondary threads. Allow reporting the eip/esp for all threads by checking for PF_EXITING as well. This is set for all the other threads when they are killed. coredump_wait() waits for all the tasks to become inactive before proceeding to invoke a core dumper. Fixes: fd7d56270b526ca3 ("fs/proc: Report eip/esp in /prod/PID/stat for coredumping") Reported-by: Jan Luebbe <jlu(a)pengutronix.de> Signed-off-by: John Ogness <john.ogness(a)linutronix.de> --- This is a rework of Jan's v1 patch that allows accessing eip/esp of all the threads without risk of the task still executing on a CPU. The code chagnes are the same as v2. With v3 I included a "Fixes" tag, fixed a typo in the commit message, and Cc'd stable. fs/proc/array.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 2edbb657f859..55180501b915 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -462,7 +462,7 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, * a program is not able to use ptrace(2) in that case. It is * safe because the task has stopped executing permanently. */ - if (permitted && (task->flags & PF_DUMPCORE)) { + if (permitted && (task->flags & (PF_EXITING|PF_DUMPCORE))) { if (try_get_task_stack(task)) { eip = KSTK_EIP(task); esp = KSTK_ESP(task); -- 2.11.0

5 years, 12 months

3
2
0 0

[merged] mm-compaction-make-sure-we-isolate-a-valid-pfn.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, compaction: make sure we isolate a valid PFN has been removed from the -mm tree. Its filename was mm-compaction-make-sure-we-isolate-a-valid-pfn.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Subject: mm, compaction: make sure we isolate a valid PFN When we have holes in a normal memory zone, we could endup having cached_migrate_pfns which may not necessarily be valid, under heavy memory pressure with swapping enabled ( via __reset_isolation_suitable(), triggered by kswapd). Later if we fail to find a page via fast_isolate_freepages(), we may end up using the migrate_pfn we started the search with, as valid page. This could lead to accessing NULL pointer derefernces like below, due to an invalid mem_section pointer. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 [47/1825] Mem abort info: ESR = 0x96000004 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp = 0000000082f94ae9 [0000000000000008] pgd=0000000000000000 Internal error: Oops: 96000004 [#1] SMP ... CPU: 10 PID: 6080 Comm: qemu-system-aar Not tainted 510-rc1+ #6 Hardware name: AmpereComputing(R) OSPREY EV-883832-X3-0001/OSPREY, BIOS 4819 09/25/2018 pstate: 60000005 (nZCv daif -PAN -UAO) pc : set_pfnblock_flags_mask+0x58/0xe8 lr : compaction_alloc+0x300/0x950 [...] Process qemu-system-aar (pid: 6080, stack limit = 0x0000000095070da5) Call trace: set_pfnblock_flags_mask+0x58/0xe8 compaction_alloc+0x300/0x950 migrate_pages+0x1a4/0xbb0 compact_zone+0x750/0xde8 compact_zone_order+0xd8/0x118 try_to_compact_pages+0xb4/0x290 __alloc_pages_direct_compact+0x84/0x1e0 __alloc_pages_nodemask+0x5e0/0xe18 alloc_pages_vma+0x1cc/0x210 do_huge_pmd_anonymous_page+0x108/0x7c8 __handle_mm_fault+0xdd4/0x1190 handle_mm_fault+0x114/0x1c0 __get_user_pages+0x198/0x3c0 get_user_pages_unlocked+0xb4/0x1d8 __gfn_to_pfn_memslot+0x12c/0x3b8 gfn_to_pfn_prot+0x4c/0x60 kvm_handle_guest_abort+0x4b0/0xcd8 handle_exit+0x140/0x1b8 kvm_arch_vcpu_ioctl_run+0x260/0x768 kvm_vcpu_ioctl+0x490/0x898 do_vfs_ioctl+0xc4/0x898 ksys_ioctl+0x8c/0xa0 __arm64_sys_ioctl+0x28/0x38 el0_svc_common+0x74/0x118 el0_svc_handler+0x38/0x78 el0_svc+0x8/0xc Code: f8607840 f100001f 8b011401 9a801020 (f9400400) ---[ end trace af6a35219325a9b6 ]--- The issue was reported on an arm64 server with 128GB with holes in the zone (e.g, [32GB@4GB, 96GB@544GB]), with a swap device enabled, while running 100 KVM guest instances. This patch fixes the issue by ensuring that the page belongs to a valid PFN when we fallback to using the lower limit of the scan range upon failure in fast_isolate_freepages(). Link: http://lkml.kernel.org/r/1558711908-15688-1-git-send-email-suzuki.poulose@a… Fixes: 5a811889de10f1eb ("mm, compaction: use free lists to quickly locate a migration target") Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Reported-by: Marc Zyngier <marc.zyngier(a)arm.com> Reviewed-by: Mel Gorman <mgorman(a)techsingularity.net> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Qian Cai <cai(a)lca.pw> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/compaction.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/compaction.c~mm-compaction-make-sure-we-isolate-a-valid-pfn +++ a/mm/compaction.c @@ -1399,7 +1399,7 @@ fast_isolate_freepages(struct compact_co page = pfn_to_page(highest); cc->free_pfn = highest; } else { - if (cc->direct_compaction) { + if (cc->direct_compaction && pfn_valid(min_pfn)) { page = pfn_to_page(min_pfn); cc->free_pfn = min_pfn; } _ Patches currently in -mm which might be from suzuki.poulose(a)arm.com are

5 years, 12 months

1
0
0 0

[merged] signal-trace_signal_deliver-when-signal_group_exit.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kernel/signal.c: trace_signal_deliver when signal_group_exit has been removed from the -mm tree. Its filename was signal-trace_signal_deliver-when-signal_group_exit.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Zhenliang Wei <weizhenliang(a)huawei.com> Subject: kernel/signal.c: trace_signal_deliver when signal_group_exit In the fixes commit, removing SIGKILL from each thread signal mask and executing "goto fatal" directly will skip the call to "trace_signal_deliver". At this point, the delivery tracking of the SIGKILL signal will be inaccurate. Therefore, we need to add trace_signal_deliver before "goto fatal" after executing sigdelset. Note: SEND_SIG_NOINFO matches the fact that SIGKILL doesn't have any info. Link: http://lkml.kernel.org/r/20190425025812.91424-1-weizhenliang@huawei.com Fixes: cf43a757fd4944 ("signal: Restore the stop PTRACE_EVENT_EXIT") Signed-off-by: Zhenliang Wei <weizhenliang(a)huawei.com> Reviewed-by: Christian Brauner <christian(a)brauner.io> Reviewed-by: Oleg Nesterov <oleg(a)redhat.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: Ivan Delalande <colona(a)arista.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Deepa Dinamani <deepa.kernel(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/signal.c | 2 ++ 1 file changed, 2 insertions(+) --- a/kernel/signal.c~signal-trace_signal_deliver-when-signal_group_exit +++ a/kernel/signal.c @@ -2485,6 +2485,8 @@ relock: if (signal_group_exit(signal)) { ksig->info.si_signo = signr = SIGKILL; sigdelset(&current->pending.signal, SIGKILL); + trace_signal_deliver(SIGKILL, SEND_SIG_NOINFO, + &sighand->action[SIGKILL - 1]); recalc_sigpending(); goto fatal; } _ Patches currently in -mm which might be from weizhenliang(a)huawei.com are

5 years, 12 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror