December 2017 - Linux-stable-mirror

[Linux-stable-mirror] [PULL 04/19] KVM: arm/arm64: vgic: Preserve the revious read from the pending table

by Christoffer Dall

From: Marc Zyngier <marc.zyngier(a)arm.com> The current pending table parsing code assumes that we keep the previous read of the pending bits, but keep that variable in the current block, making sure it is discarded on each loop. We end-up using whatever is on the stack. Who knows, it might just be the right thing... Fixes: 280771252c1ba ("KVM: arm64: vgic-v3: KVM_DEV_ARM_VGIC_SAVE_PENDING_TABLES") Cc: <stable(a)vger.kernel.org> # 4.12 Reported-by: AKASHI Takahiro <takahiro.akashi(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Christoffer Dall <christoffer.dall(a)linaro.org> --- virt/kvm/arm/vgic/vgic-v3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c index 2f05f732d3fd..f47e8481fa45 100644 --- a/virt/kvm/arm/vgic/vgic-v3.c +++ b/virt/kvm/arm/vgic/vgic-v3.c @@ -327,13 +327,13 @@ int vgic_v3_save_pending_tables(struct kvm *kvm) int last_byte_offset = -1; struct vgic_irq *irq; int ret; + u8 val; list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) { int byte_offset, bit_nr; struct kvm_vcpu *vcpu; gpa_t pendbase, ptr; bool stored; - u8 val; vcpu = irq->target_vcpu; if (!vcpu) -- 2.14.2

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [PULL 03/19] KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation

by Christoffer Dall

From: Marc Zyngier <marc.zyngier(a)arm.com> Using the size of the structure we're allocating is a good idea and avoids any surprise... In this case, we're happilly confusing kvm_kernel_irq_routing_entry and kvm_irq_routing_entry... Fixes: 95b110ab9a09 ("KVM: arm/arm64: Enable irqchip routing") Cc: <stable(a)vger.kernel.org> # 4.8 Reported-by: AKASHI Takahiro <takahiro.akashi(a)linaro.org> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Christoffer Dall <christoffer.dall(a)linaro.org> --- virt/kvm/arm/vgic/vgic-irqfd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-irqfd.c b/virt/kvm/arm/vgic/vgic-irqfd.c index b7baf581611a..99e026d2dade 100644 --- a/virt/kvm/arm/vgic/vgic-irqfd.c +++ b/virt/kvm/arm/vgic/vgic-irqfd.c @@ -112,8 +112,7 @@ int kvm_vgic_setup_default_irq_routing(struct kvm *kvm) u32 nr = dist->nr_spis; int i, ret; - entries = kcalloc(nr, sizeof(struct kvm_kernel_irq_routing_entry), - GFP_KERNEL); + entries = kcalloc(nr, sizeof(*entries), GFP_KERNEL); if (!entries) return -ENOMEM; -- 2.14.2

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "drm/i915: Prevent zero length "index" write" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/i915: Prevent zero length "index" write to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-i915-prevent-zero-length-index-write.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 56350fb8978bbf4aafe08f21234e161dd128b417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Thu, 23 Nov 2017 21:41:57 +0200 Subject: drm/i915: Prevent zero length "index" write MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit 56350fb8978bbf4aafe08f21234e161dd128b417 upstream. The hardware always writes one or two bytes in the index portion of an indexed transfer. Make sure the message we send as the index doesn't have a zero length. Cc: Daniel Kurtz <djkurtz(a)chromium.org> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Sean Paul <seanpaul(a)chromium.org> Fixes: 56f9eac05489 ("drm/i915/intel_i2c: use INDEX cycles for i2c read transactions") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20171123194157.25367-3-ville.… Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> (cherry picked from commit bb9e0d4bca50f429152e74a459160b41f3d60fb2) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/i915/intel_i2c.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/intel_i2c.c +++ b/drivers/gpu/drm/i915/intel_i2c.c @@ -431,7 +431,8 @@ gmbus_is_index_read(struct i2c_msg *msgs { return (i + 1 < num && msgs[i].addr == msgs[i + 1].addr && - !(msgs[i].flags & I2C_M_RD) && msgs[i].len <= 2 && + !(msgs[i].flags & I2C_M_RD) && + (msgs[i].len == 1 || msgs[i].len == 2) && (msgs[i + 1].flags & I2C_M_RD)); } Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are queue-4.9/drm-i915-prevent-zero-length-index-write.patch queue-4.9/drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "drm/i915: Don't try indexed reads to alternate slave addresses" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/i915: Don't try indexed reads to alternate slave addresses to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ae5c631e605a452a5a0e73205a92810c01ed954b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Thu, 23 Nov 2017 21:41:56 +0200 Subject: drm/i915: Don't try indexed reads to alternate slave addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit ae5c631e605a452a5a0e73205a92810c01ed954b upstream. We can only specify the one slave address to indexed reads/writes. Make sure the messages we check are destined to the same slave address before deciding to do an indexed transfer. Cc: Daniel Kurtz <djkurtz(a)chromium.org> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Sean Paul <seanpaul(a)chromium.org> Fixes: 56f9eac05489 ("drm/i915/intel_i2c: use INDEX cycles for i2c read transactions") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20171123194157.25367-2-ville.… Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> (cherry picked from commit c4deb62d7821672265b87952bcd1c808f3bf3e8f) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/i915/intel_i2c.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/gpu/drm/i915/intel_i2c.c +++ b/drivers/gpu/drm/i915/intel_i2c.c @@ -430,6 +430,7 @@ static bool gmbus_is_index_read(struct i2c_msg *msgs, int i, int num) { return (i + 1 < num && + msgs[i].addr == msgs[i + 1].addr && !(msgs[i].flags & I2C_M_RD) && msgs[i].len <= 2 && (msgs[i + 1].flags & I2C_M_RD)); } Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are queue-4.9/drm-i915-prevent-zero-length-index-write.patch queue-4.9/drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "nfsd: Make init_open_stateid() a bit more whole" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfsd: Make init_open_stateid() a bit more whole to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfsd-make-init_open_stateid-a-bit-more-whole.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 8c7245abda877d4689b3371db8ae2a4400d7d9ce Mon Sep 17 00:00:00 2001 From: Oleg Drokin <green(a)linuxhacker.ru> Date: Tue, 14 Jun 2016 23:28:06 -0400 Subject: nfsd: Make init_open_stateid() a bit more whole From: Oleg Drokin <green(a)linuxhacker.ru> commit 8c7245abda877d4689b3371db8ae2a4400d7d9ce upstream. Move the state selection logic inside from the caller, always making it return correct stp to use. Signed-off-by: J . Bruce Fields <bfields(a)fieldses.org> Signed-off-by: Oleg Drokin <green(a)linuxhacker.ru> Signed-off-by: J. Bruce Fields <bfields(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/nfsd/nfs4state.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -3420,13 +3420,14 @@ alloc_init_open_stateowner(unsigned int } static struct nfs4_ol_stateid * -init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp, - struct nfsd4_open *open) +init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open) { struct nfs4_openowner *oo = open->op_openowner; struct nfs4_ol_stateid *retstp = NULL; + struct nfs4_ol_stateid *stp; + stp = open->op_stp; /* We are moving these outside of the spinlocks to avoid the warnings */ mutex_init(&stp->st_mutex); mutex_lock(&stp->st_mutex); @@ -3437,6 +3438,8 @@ init_open_stateid(struct nfs4_ol_stateid retstp = nfsd4_find_existing_open(fp, open); if (retstp) goto out_unlock; + + open->op_stp = NULL; atomic_inc(&stp->st_stid.sc_count); stp->st_stid.sc_type = NFS4_OPEN_STID; INIT_LIST_HEAD(&stp->st_locks); @@ -3454,10 +3457,11 @@ out_unlock: spin_unlock(&oo->oo_owner.so_client->cl_lock); if (retstp) { mutex_lock(&retstp->st_mutex); - /* Not that we need to, just for neatness */ + /* To keep mutex tracking happy */ mutex_unlock(&stp->st_mutex); + stp = retstp; } - return retstp; + return stp; } /* @@ -4260,7 +4264,6 @@ nfsd4_process_open2(struct svc_rqst *rqs struct nfs4_client *cl = open->op_openowner->oo_owner.so_client; struct nfs4_file *fp = NULL; struct nfs4_ol_stateid *stp = NULL; - struct nfs4_ol_stateid *swapstp = NULL; struct nfs4_delegation *dp = NULL; __be32 status; @@ -4297,16 +4300,10 @@ nfsd4_process_open2(struct svc_rqst *rqs goto out; } } else { - stp = open->op_stp; - open->op_stp = NULL; - /* - * init_open_stateid() either returns a locked stateid - * it found, or initializes and locks the new one we passed in - */ - swapstp = init_open_stateid(stp, fp, open); - if (swapstp) { - nfs4_put_stid(&stp->st_stid); - stp = swapstp; + /* stp is returned locked. */ + stp = init_open_stateid(fp, open); + /* See if we lost the race to some other thread */ + if (stp->st_access_bmap != 0) { status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); if (status) { Patches currently in stable-queue which might be from green(a)linuxhacker.ru are queue-4.4/nfsd-make-init_open_stateid-a-bit-more-whole.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "nfsd: Fix another OPEN stateid race" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfsd: Fix another OPEN stateid race to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfsd-fix-another-open-stateid-race.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0 Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)primarydata.com> Date: Fri, 3 Nov 2017 08:00:11 -0400 Subject: nfsd: Fix another OPEN stateid race From: Trond Myklebust <trond.myklebust(a)primarydata.com> commit d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0 upstream. If nfsd4_process_open2() is initialising a new stateid, and yet the call to nfs4_get_vfs_file() fails for some reason, then we must declare the stateid closed, and unhash it before dropping the mutex. Right now, we unhash the stateid after dropping the mutex, and without changing the stateid type, meaning that another OPEN could theoretically look it up and attempt to use it. Reported-by: Andrew W Elble <aweits(a)rit.edu> Signed-off-by: Trond Myklebust <trond.myklebust(a)primarydata.com> Signed-off-by: J. Bruce Fields <bfields(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/nfsd/nfs4state.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -4319,6 +4319,7 @@ nfsd4_process_open2(struct svc_rqst *rqs struct nfs4_ol_stateid *stp = NULL; struct nfs4_delegation *dp = NULL; __be32 status; + bool new_stp = false; /* * Lookup file; if found, lookup stateid and check open request, @@ -4338,11 +4339,19 @@ nfsd4_process_open2(struct svc_rqst *rqs goto out; } + if (!stp) { + stp = init_open_stateid(fp, open); + if (!open->op_stp) + new_stp = true; + } + /* * OPEN the file, or upgrade an existing OPEN. * If truncate fails, the OPEN fails. + * + * stp is already locked. */ - if (stp) { + if (!new_stp) { /* Stateid was found, this is an OPEN upgrade */ status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); if (status) { @@ -4350,22 +4359,11 @@ nfsd4_process_open2(struct svc_rqst *rqs goto out; } } else { - /* stp is returned locked. */ - stp = init_open_stateid(fp, open); - /* See if we lost the race to some other thread */ - if (stp->st_access_bmap != 0) { - status = nfs4_upgrade_open(rqstp, fp, current_fh, - stp, open); - if (status) { - mutex_unlock(&stp->st_mutex); - goto out; - } - goto upgrade_out; - } status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open); if (status) { - mutex_unlock(&stp->st_mutex); + stp->st_stid.sc_type = NFS4_CLOSED_STID; release_open_stateid(stp); + mutex_unlock(&stp->st_mutex); goto out; } @@ -4374,7 +4372,7 @@ nfsd4_process_open2(struct svc_rqst *rqs if (stp->st_clnt_odstate == open->op_odstate) open->op_odstate = NULL; } -upgrade_out: + nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid); mutex_unlock(&stp->st_mutex); Patches currently in stable-queue which might be from trond.myklebust(a)primarydata.com are queue-4.4/nfsd-fix-stateid-races-between-open-and-close.patch queue-4.4/nfsd-fix-another-open-stateid-race.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "nfsd: Fix stateid races between OPEN and CLOSE" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfsd: Fix stateid races between OPEN and CLOSE to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfsd-fix-stateid-races-between-open-and-close.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 15ca08d3299682dc49bad73251677b2c5017ef08 Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)primarydata.com> Date: Fri, 3 Nov 2017 08:00:10 -0400 Subject: nfsd: Fix stateid races between OPEN and CLOSE From: Trond Myklebust <trond.myklebust(a)primarydata.com> commit 15ca08d3299682dc49bad73251677b2c5017ef08 upstream. Open file stateids can linger on the nfs4_file list of stateids even after they have been closed. In order to avoid reusing such a stateid, and confusing the client, we need to recheck the nfs4_stid's type after taking the mutex. Otherwise, we risk reusing an old stateid that was already closed, which will confuse clients that expect new stateids to conform to RFC7530 Sections 9.1.4.2 and 16.2.5 or RFC5661 Sections 8.2.2 and 18.2.4. Signed-off-by: Trond Myklebust <trond.myklebust(a)primarydata.com> Signed-off-by: J. Bruce Fields <bfields(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/nfsd/nfs4state.c | 67 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 8 deletions(-) --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -3379,7 +3379,9 @@ nfsd4_find_existing_open(struct nfs4_fil /* ignore lock owners */ if (local->st_stateowner->so_is_open_owner == 0) continue; - if (local->st_stateowner == &oo->oo_owner) { + if (local->st_stateowner != &oo->oo_owner) + continue; + if (local->st_stid.sc_type == NFS4_OPEN_STID) { ret = local; atomic_inc(&ret->st_stid.sc_count); break; @@ -3388,6 +3390,52 @@ nfsd4_find_existing_open(struct nfs4_fil return ret; } +static __be32 +nfsd4_verify_open_stid(struct nfs4_stid *s) +{ + __be32 ret = nfs_ok; + + switch (s->sc_type) { + default: + break; + case NFS4_CLOSED_STID: + case NFS4_CLOSED_DELEG_STID: + ret = nfserr_bad_stateid; + break; + case NFS4_REVOKED_DELEG_STID: + ret = nfserr_deleg_revoked; + } + return ret; +} + +/* Lock the stateid st_mutex, and deal with races with CLOSE */ +static __be32 +nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp) +{ + __be32 ret; + + mutex_lock(&stp->st_mutex); + ret = nfsd4_verify_open_stid(&stp->st_stid); + if (ret != nfs_ok) + mutex_unlock(&stp->st_mutex); + return ret; +} + +static struct nfs4_ol_stateid * +nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open) +{ + struct nfs4_ol_stateid *stp; + for (;;) { + spin_lock(&fp->fi_lock); + stp = nfsd4_find_existing_open(fp, open); + spin_unlock(&fp->fi_lock); + if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok) + break; + nfs4_put_stid(&stp->st_stid); + } + return stp; +} + static struct nfs4_openowner * alloc_init_open_stateowner(unsigned int strhashval, struct nfsd4_open *open, struct nfsd4_compound_state *cstate) @@ -3432,6 +3480,7 @@ init_open_stateid(struct nfs4_file *fp, mutex_init(&stp->st_mutex); mutex_lock(&stp->st_mutex); +retry: spin_lock(&oo->oo_owner.so_client->cl_lock); spin_lock(&fp->fi_lock); @@ -3456,7 +3505,11 @@ out_unlock: spin_unlock(&fp->fi_lock); spin_unlock(&oo->oo_owner.so_client->cl_lock); if (retstp) { - mutex_lock(&retstp->st_mutex); + /* Handle races with CLOSE */ + if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) { + nfs4_put_stid(&retstp->st_stid); + goto retry; + } /* To keep mutex tracking happy */ mutex_unlock(&stp->st_mutex); stp = retstp; @@ -4277,9 +4330,7 @@ nfsd4_process_open2(struct svc_rqst *rqs status = nfs4_check_deleg(cl, open, &dp); if (status) goto out; - spin_lock(&fp->fi_lock); - stp = nfsd4_find_existing_open(fp, open); - spin_unlock(&fp->fi_lock); + stp = nfsd4_find_and_lock_existing_open(fp, open); } else { open->op_file = NULL; status = nfserr_bad_stateid; @@ -4293,7 +4344,6 @@ nfsd4_process_open2(struct svc_rqst *rqs */ if (stp) { /* Stateid was found, this is an OPEN upgrade */ - mutex_lock(&stp->st_mutex); status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); if (status) { mutex_unlock(&stp->st_mutex); @@ -5150,7 +5200,6 @@ static void nfsd4_close_open_stateid(str bool unhashed; LIST_HEAD(reaplist); - s->st_stid.sc_type = NFS4_CLOSED_STID; spin_lock(&clp->cl_lock); unhashed = unhash_open_stateid(s, &reaplist); @@ -5189,10 +5238,12 @@ nfsd4_close(struct svc_rqst *rqstp, stru nfsd4_bump_seqid(cstate, status); if (status) goto out; + + stp->st_stid.sc_type = NFS4_CLOSED_STID; nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid); - mutex_unlock(&stp->st_mutex); nfsd4_close_open_stateid(stp); + mutex_unlock(&stp->st_mutex); /* put reference from nfs4_preprocess_seqid_op */ nfs4_put_stid(&stp->st_stid); Patches currently in stable-queue which might be from trond.myklebust(a)primarydata.com are queue-4.4/nfsd-fix-stateid-races-between-open-and-close.patch queue-4.4/nfsd-fix-another-open-stateid-race.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "drm/i915: Prevent zero length "index" write" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/i915: Prevent zero length "index" write to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-i915-prevent-zero-length-index-write.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 56350fb8978bbf4aafe08f21234e161dd128b417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Thu, 23 Nov 2017 21:41:57 +0200 Subject: drm/i915: Prevent zero length "index" write MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit 56350fb8978bbf4aafe08f21234e161dd128b417 upstream. The hardware always writes one or two bytes in the index portion of an indexed transfer. Make sure the message we send as the index doesn't have a zero length. Cc: Daniel Kurtz <djkurtz(a)chromium.org> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Sean Paul <seanpaul(a)chromium.org> Fixes: 56f9eac05489 ("drm/i915/intel_i2c: use INDEX cycles for i2c read transactions") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20171123194157.25367-3-ville.… Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> (cherry picked from commit bb9e0d4bca50f429152e74a459160b41f3d60fb2) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/i915/intel_i2c.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/intel_i2c.c +++ b/drivers/gpu/drm/i915/intel_i2c.c @@ -441,7 +441,8 @@ gmbus_is_index_read(struct i2c_msg *msgs { return (i + 1 < num && msgs[i].addr == msgs[i + 1].addr && - !(msgs[i].flags & I2C_M_RD) && msgs[i].len <= 2 && + !(msgs[i].flags & I2C_M_RD) && + (msgs[i].len == 1 || msgs[i].len == 2) && (msgs[i + 1].flags & I2C_M_RD)); } Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are queue-4.4/drm-i915-prevent-zero-length-index-write.patch queue-4.4/drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "drm/i915: Don't try indexed reads to alternate slave addresses" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/i915: Don't try indexed reads to alternate slave addresses to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ae5c631e605a452a5a0e73205a92810c01ed954b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Thu, 23 Nov 2017 21:41:56 +0200 Subject: drm/i915: Don't try indexed reads to alternate slave addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> commit ae5c631e605a452a5a0e73205a92810c01ed954b upstream. We can only specify the one slave address to indexed reads/writes. Make sure the messages we check are destined to the same slave address before deciding to do an indexed transfer. Cc: Daniel Kurtz <djkurtz(a)chromium.org> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Sean Paul <seanpaul(a)chromium.org> Fixes: 56f9eac05489 ("drm/i915/intel_i2c: use INDEX cycles for i2c read transactions") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20171123194157.25367-2-ville.… Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> (cherry picked from commit c4deb62d7821672265b87952bcd1c808f3bf3e8f) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/i915/intel_i2c.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/gpu/drm/i915/intel_i2c.c +++ b/drivers/gpu/drm/i915/intel_i2c.c @@ -440,6 +440,7 @@ static bool gmbus_is_index_read(struct i2c_msg *msgs, int i, int num) { return (i + 1 < num && + msgs[i].addr == msgs[i + 1].addr && !(msgs[i].flags & I2C_M_RD) && msgs[i].len <= 2 && (msgs[i + 1].flags & I2C_M_RD)); } Patches currently in stable-queue which might be from ville.syrjala(a)linux.intel.com are queue-4.4/drm-i915-prevent-zero-length-index-write.patch queue-4.4/drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "[PATCH] Revert "x86/entry/64: Add missing irqflags tracing to" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "x86/entry/64: Add missing irqflags tracing to to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-x86-entry-64-add-missing-irqflags-tracing-to.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 0ed6c0c778e67f00978a778612862441e48cc529 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Mon, 4 Dec 2017 12:59:57 +0100 Subject: [PATCH] Revert "x86/entry/64: Add missing irqflags tracing to native_load_gs_index()" This reverts commit f9a64e23a9da528e7d8aa1bd2c7bb92be4ebb724 which is commit 0d794d0d018f23fb09c50f6ae26868bd6ae343d6 upstream. Andy writes: I think the thing to do is to revert the patch from -stable. The bug it fixes is very minor, and the regression is that it made a pre-existing bug in some nearly-undebuggable core resume code much easier to hit. I don't feel comfortable with a backport of the latter fix until it has a good long soak in Linus' tree. Reported-by: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/entry/entry_64.S | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -51,19 +51,15 @@ ENTRY(native_usergs_sysret64) END(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ -.macro TRACE_IRQS_FLAGS flags:req +.macro TRACE_IRQS_IRETQ #ifdef CONFIG_TRACE_IRQFLAGS - bt $9, \flags /* interrupts off? */ + bt $9, EFLAGS(%rsp) /* interrupts off? */ jnc 1f TRACE_IRQS_ON 1: #endif .endm -.macro TRACE_IRQS_IRETQ - TRACE_IRQS_FLAGS EFLAGS(%rsp) -.endm - /* * When dynamic function tracer is enabled it will add a breakpoint * to all locations that it is about to modify, sync CPUs, update @@ -927,13 +923,11 @@ ENTRY(native_load_gs_index) FRAME_BEGIN pushfq DISABLE_INTERRUPTS(CLBR_ANY & ~CLBR_RDI) - TRACE_IRQS_OFF SWAPGS .Lgs_change: movl %edi, %gs 2: ALTERNATIVE "", "mfence", X86_BUG_SWAPGS_FENCE SWAPGS - TRACE_IRQS_FLAGS (%rsp) popfq FRAME_END ret Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.14/nvme-pci-add-quirk-for-delay-before-chk-rdy-for-wdc-sn200.patch queue-4.14/drm-i915-prevent-zero-length-index-write.patch queue-4.14/autofs-revert-autofs-fix-at_no_automount-not-being-honored.patch queue-4.14/crypto-af_alg-remove-locking-in-async-callback.patch queue-4.14/i2c-i801-fix-failed-to-allocate-irq-2147483648-error.patch queue-4.14/drm-amd-pp-fix-typecast-error-in-powerplay.patch queue-4.14/mmc-block-check-return-value-of-blk_get_request.patch queue-4.14/drm-panel-simple-add-missing-panel_simple_unprepare-calls.patch queue-4.14/drm-ttm-fix-ttm_bo_cleanup_refs_or_queue-once-more.patch queue-4.14/drm-i915-re-register-pmic-bus-access-notifier-on-runtime-resume.patch queue-4.14/platform-x86-hp-wmi-fix-tablet-mode-detection-for-convertibles.patch queue-4.14/mm-hugetlbfs-introduce-split-to-vm_operations_struct.patch queue-4.14/mmc-block-fix-missing-blk_put_request.patch queue-4.14/ib-hfi1-do-not-warn-on-lid-conversions-for-opa.patch queue-4.14/mmc-block-ensure-that-debugfs-files-are-removed.patch queue-4.14/mmc-core-do-not-leave-the-block-driver-in-a-suspended-state.patch queue-4.14/arm64-ftrace-emit-ftrace-mod.o-contents-through-code.patch queue-4.14/kvm-lapic-fixup-ldr-on-load-in-x2apic.patch queue-4.14/powerpc-powernv-fix-kexec-crashes-caused-by-tlbie-tracing.patch queue-4.14/s390-revert-elf_et_dyn_base-base-changes.patch queue-4.14/mm-oom_reaper-gather-each-vma-to-prevent-leaking-tlb-entry.patch queue-4.14/drm-omapdrm-fix-dpi-on-platforms-using-the-dsi-vdds.patch queue-4.14/kvm-x86-inject-exceptions-produced-by-x86_decode_insn.patch queue-4.14/mm-memory_hotplug-do-not-back-off-draining-pcp-free-pages-from-kworker-context.patch queue-4.14/ib-core-disable-memory-registration-of-filesystem-dax-vmas.patch queue-4.14/drm-hisilicon-ensure-ldi-regs-are-properly-configured.patch queue-4.14/bcache-fix-building-error-on-mips.patch queue-4.14/exec-avoid-rlimit_stack-races-with-prlimit.patch queue-4.14/nfsd-fix-stateid-races-between-open-and-close.patch queue-4.14/drm-i915-gvt-correct-addr_4k-2m-1g_mask-definition.patch queue-4.14/drm-ttm-once-more-fix-ttm_buffer_object_transfer.patch queue-4.14/mm-introduce-get_user_pages_longterm.patch queue-4.14/bcache-only-permit-to-recovery-read-error-when-cache-device-is-clean.patch queue-4.14/mm-fail-get_vaddr_frames-for-filesystem-dax-mappings.patch queue-4.14/revert-x86-entry-64-add-missing-irqflags-tracing-to.patch queue-4.14/ib-core-do-not-warn-on-lid-conversions-for-opa.patch queue-4.14/drm-amdgpu-potential-uninitialized-variable-in-amdgpu_vce_ring_parse_cs.patch queue-4.14/drm-edid-don-t-send-non-zero-yq-in-avi-infoframe-for-hdmi-1.x-sinks.patch queue-4.14/acpi-ec-fix-regression-related-to-pm-ops-support-in-ecdt-device.patch queue-4.14/arm64-module-plts-factor-out-plt-generation-code-for-ftrace.patch queue-4.14/device-dax-implement-split-to-catch-invalid-munmap-attempts.patch queue-4.14/drm-radeon-fix-atombios-on-big-endian.patch queue-4.14/eeprom-at24-fix-reading-from-24mac402-24mac602.patch queue-4.14/drm-amdgpu-reserve-root-pd-while-releasing-it.patch queue-4.14/hwmon-jc42-optionally-try-to-disable-the-smbus-timeout.patch queue-4.14/e1000e-fix-the-use-of-magic-numbers-for-buffer-overrun-issue.patch queue-4.14/powerpc-kexec-fix-kexec-kdump-in-p9-guest-kernels.patch queue-4.14/kvm-x86-exit-to-user-mode-on-ud-intercept-when-emulator-requires.patch queue-4.14/drm-amdgpu-properly-allocate-vm-invalidate-eng-v2.patch queue-4.14/v4l2-disable-filesystem-dax-mapping-support.patch queue-4.14/lockd-lost-rollback-of-set_grace_period-in-lockd_down_net.patch queue-4.14/eeprom-at24-check-at24_read-write-arguments.patch queue-4.14/kvm-lapic-split-out-x2apic-ldr-calculation.patch queue-4.14/mmc-core-prepend-0x-to-ocr-entry-in-sysfs.patch queue-4.14/fs-fat-inode.c-fix-sb_rdonly-change.patch queue-4.14/mm-memcg-fix-mem_cgroup_swapout-for-thps.patch queue-4.14/nfsd-fix-panic-in-posix_unblock_lock-called-from-nfs4_laundromat.patch queue-4.14/bcache-recover-data-from-backing-when-data-is-clean.patch queue-4.14/crypto-algif_aead-skip-sgl-entries-with-null-page.patch queue-4.14/drm-amdgpu-correct-reference-clock-value-on-vega10.patch queue-4.14/mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages.patch queue-4.14/mm-hugetlb-fix-null-pointer-dereference-on-5-level-paging-machine.patch queue-4.14/drm-i915-fix-false-positive-assert_rpm_wakelock_held-in-i915_pmic_bus_access_notifier-v2.patch queue-4.14/drm-tilcdc-precalculate-total-frametime-in-tilcdc_crtc_set_mode.patch queue-4.14/kvm-x86-pvclock-handle-first-time-write-to-pvclock-page-contains-random-junk.patch queue-4.14/drm-amdgpu-set-adev-vcn.irq.num_types-for-vcn.patch queue-4.14/drm-amdgpu-potential-uninitialized-variable-in-amdgpu_vm_update_directories.patch queue-4.14/nfsd-fix-another-open-stateid-race.patch queue-4.14/crypto-skcipher-fix-skcipher_walk_aead_common.patch queue-4.14/drm-amdgpu-fix-error-handling-in-amdgpu_bo_do_create.patch queue-4.14/md-forbid-a-raid5-from-having-both-a-bitmap-and-a-journal.patch queue-4.14/drm-fsl-dcu-don-t-set-connector-dpms-property.patch queue-4.14/omapdrm-hdmi4-correct-the-soc-revision-matching.patch queue-4.14/btrfs-clear-space-cache-inode-generation-always.patch queue-4.14/mmc-sdhci-avoid-swiotlb-buffer-being-full.patch queue-4.14/mmc-core-prepend-0x-to-pre_eol_info-entry-in-sysfs.patch queue-4.14/autofs-revert-autofs-take-more-care-to-not-update-last_used-on-path-walk.patch queue-4.14/eeprom-at24-correctly-set-the-size-for-at24mac402.patch queue-4.14/mm-cma-fix-alloc_contig_range-ret-code-potential-leak.patch queue-4.14/drm-i915-fbdev-serialise-early-hotplug-events-with-async-fbdev-config.patch queue-4.14/cxl-check-if-vphb-exists-before-iterating-over-afu-devices.patch queue-4.14/include-linux-compiler-clang.h-handle-randomizable-anonymous-structs.patch queue-4.14/drm-ttm-always-and-only-destroy-bo-ttm_resv-in-ttm_bo_release_list.patch queue-4.14/mm-thp-do-not-make-page-table-dirty-unconditionally-in-touch_pd.patch queue-4.14/revert-drm-radeon-dont-switch-vt-on-suspend.patch queue-4.14/drm-i915-don-t-try-indexed-reads-to-alternate-slave-addresses.patch queue-4.14/drm-amdgpu-remove-check-which-is-not-valid-for-certain-vbios.patch queue-4.14/mm-migrate-fix-an-incorrect-call-of-prep_transhuge_page.patch queue-4.14/apparmor-fix-oops-in-audit_signal_cb-hook.patch queue-4.14/dma-buf-make-reservation_object_copy_fences-rcu-save.patch queue-4.14/drm-amdgpu-move-uvd-vce-and-vcn-structure-out-from-union.patch queue-4.14/drm-vblank-fix-flip-event-vblank-count.patch queue-4.14/drm-fb_helper-disable-all-crtc-s-when-initial-setup-fails.patch queue-4.14/drm-vblank-tune-drm_crtc_accurate_vblank_count-warn-down-to-a-debug.patch queue-4.14/mm-madvise.c-fix-madvise-infinite-loop-under-special-circumstances.patch

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2017