May 2018 - Linux-stable-mirror

[PATCH] ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs

by Hui Wang

We have several Lenovo AIOs like M810z, M820z and M920z, they have the same design for mic-mute hotkey and led and they use the same codec with the same pin configuration, so use the pin conf table to apply fix to all of them. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 240a1a4..d64dcb9 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6603,7 +6603,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x3138, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), - SND_PCI_QUIRK(0x17aa, 0x3112, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY), SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI), SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP), @@ -6775,6 +6774,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1b, 0x01111010}, {0x1e, 0x01451130}, {0x21, 0x02211020}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY, + {0x12, 0x90a60140}, + {0x14, 0x90170110}, + {0x19, 0x02a11030}, + {0x21, 0x02211020}), SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, {0x12, 0x90a60140}, {0x14, 0x90170110}, -- 2.7.4

6 years, 7 months

2
1
0 0

[PATCH 3.18 000/185] 3.18.111-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.111 release. There are 185 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 30 10:00:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.111-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.111-rc1 Randy Dunlap <rdunlap(a)infradead.org> kdb: make "mdr" command repeat Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix frequency of Release WQE CQEs James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issue_lip if link is disabled Richard Haines <richard_c_haines(a)btinternet.com> netlabel: If PF_INET6, check sk_buff ip header version Richard Guy Briggs <rgb(a)redhat.com> audit: return on memory error to avoid null pointer dereference Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos3250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5250: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: exynos5260: Fix PLL rates Andrzej Hajda <a.hajda(a)samsung.com> clk: samsung: s3c2410: Fix PLL rates Colin Ian King <colin.king(a)canonical.com> media: cx25821: prevent out-of-bounds read on array card Jan Kara <jack(a)suse.cz> udf: Provide saner default for invalid uid / gid Thomas Vincent-Cross <me(a)tvc.id.au> PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Geert Uytterhoeven <geert+renesas(a)glider.be> serial: arc_uart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: fsl_lpuart: Fix out-of-bounds access through DT alias Geert Uytterhoeven <geert+renesas(a)glider.be> serial: imx: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: samsung: Fix out-of-bounds access through serial port index Geert Uytterhoeven <geert+renesas(a)glider.be> serial: xuartps: Fix out-of-bounds access through DT alias Colin Ian King <colin.king(a)canonical.com> rtc: tx4939: avoid unintended sign extension on a 24 bit shift Colin Ian King <colin.king(a)canonical.com> staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr Brad Love <brad(a)nextdimension.cc> media: em28xx: USB bulk packet size fix Qi Hou <qi.hou(a)windriver.com> dmaengine: pl330: fix a race condition in case of threaded irqs Arnd Bergmann <arnd(a)arndb.de> media: s3c-camif: fix out-of-bounds array access Brad Love <brad(a)nextdimension.cc> media: cx23885: Set subdev host data to clk_freq pointer Brad Love <brad(a)nextdimension.cc> media: cx23885: Override 888 ImpactVCBe crystal frequency Takashi Iwai <tiwai(a)suse.de> ALSA: vmaster: Propagate slave error Chris Dickens <christopher.a.dickens(a)gmail.com> usb: gadget: composite: fix incorrect handling of OS desc requests Wolfram Sang <wsa+renesas(a)sang-engineering.com> usb: gadget: udc: change comparison to bitshift when dealing with a mask Maurizio Lombardi <mlombard(a)redhat.com> cdrom: do not call check_disk_change() inside cdrom_open() Guenter Roeck <linux(a)roeck-us.net> hwmon: (pmbus/adm1275) Accept negative page register values Guenter Roeck <linux(a)roeck-us.net> hwmon: (pmbus/max8688) Accept negative page register values Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix perf_output_read_group() Mathieu Malaterre <malat(a)debian.org> powerpc: Add missing prototype for arch_irq_work_raise() Lars-Peter Clausen <lars(a)metafoo.de> usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: dwc2: Fix interval type issue Rafael J. Wysocki <rjw(a)rjwysocki.net> PCI: Restore config space on runtime resume despite being unbound Mathias Kresin <dev(a)kresin.me> MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: zero usb device slot_id member when disabling and freeing a xhci slot Gregory CLEMENT <gregory.clement(a)bootlin.com> i2c: mv64xxx: Apply errata delay only in standard mode Seunghun Han <kkamagui(a)gmail.com> ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Erik Schmauss <erik.schmauss(a)intel.com> ACPICA: Events: add a return on failure from acpi_hw_register_read Coly Li <colyli(a)suse.de> bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Michael Schmitz <schmitzmic(a)gmail.com> zorro: Set up z->dev.dma_mask for the DMA API Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Philipp Puschmann <pp(a)emlix.com> arm: dts: socfpga: fix GIC PPI warning Jay Vosburgh <jay.vosburgh(a)canonical.com> virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Petr Vorel <pvorel(a)suse.cz> ima: Fallback to the builtin hash algorithm Karthikeyan Periyasamy <periyasa(a)codeaurora.org> ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Leon Romanovsky <leonro(a)mellanox.com> net/mlx5: Protect from command bit overflow Frank Asseg <frank.asseg(a)objecthunter.net> tools/thermal: tmon: fix for segfault Michael Ellerman <mpe(a)ellerman.id.au> powerpc/perf: Fix kernel address leak via sampling registers Madhavan Srinivasan <maddy(a)linux.vnet.ibm.com> powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix writing pwmX_mode Helge Deller <deller(a)gmx.de> parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Greg Ungerer <gerg(a)linux-m68k.org> m68k: set dma and coherent masks for platform FEC ethernets Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mpic: Check if cpu_possible() in mpic_physmask() Lenny Szubowicz <lszubowi(a)redhat.com> ACPI: acpi_pad: Fix memory leak in power saving threads Dan Carpenter <dan.carpenter(a)oracle.com> xen/acpi: off by one in read_acpi_id() Jeff Mahoney <jeffm(a)suse.com> btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Filipe Manana <fdmanana(a)suse.com> Btrfs: fix copy_items() return value when logging an inode Qu Wenruo <wqu(a)suse.com> btrfs: tests/qgroup: Fix wrong tree backref level David S. Miller <davem(a)davemloft.net> sparc64: Make atomic_xchg() an inline function rather than a macro. Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: VMX: raise internal error for exception during invalid protected mode state Davidlohr Bueso <dave(a)stgolabs.net> sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix possible softlock on single core machines Liu Bo <bo.liu(a)linux.alibaba.com> Btrfs: fix NULL pointer dereference in log_dir_items Liu Bo <bo.liu(a)linux.alibaba.com> Btrfs: bail out on error during replay_dir_deletes Huang Ying <ying.huang(a)intel.com> mm: fix races between address_space dereference and free in page_evicatable Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> mm/ksm: fix interaction with THP Esben Haabendal <eha(a)deif.com> dp83640: Ensure against premature access to PHY registers after reset Dave Carroll <david.carroll(a)microsemi.com> scsi: aacraid: Insure command thread is not recursively stopped Carlos Maiolino <cmaiolino(a)redhat.com> Force log to disk before reading the AGF during a fstrim Jens Axboe <axboe(a)kernel.dk> sr: get/drop reference to device in revalidate and check_events Tom Abraham <tabraham(a)suse.com> swap: divide-by-zero when zero length swap file on ssd Danilo Krummrich <danilokrummrich(a)dk-develop.de> fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Rich Felker <dalias(a)libc.org> sh: fix debug trap failure to process signals before return to user Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix enable of all initialized RXQs Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> net: Fix untag for vlan packets without ethernet header Cong Wang <xiyou.wangcong(a)gmail.com> llc: properly handle dev_queue_xmit() return value Giuseppe Lippolis <giu.lippolis(a)gmail.com> net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Pawel Dembicki <paweldembicki(a)gmail.com> net: qmi_wwan: add BroadMobi BM806U 2020:2033 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: fix packet loss for broadcasted DHCP packets to a server Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: fix multicast-via-unicast transmission with AP isolation Masami Hiramatsu <mhiramat(a)kernel.org> selftests: ftrace: Add a testcase for probepoint Masami Hiramatsu <mhiramat(a)kernel.org> selftests: ftrace: Add a testcase for string type with kprobe_event Masami Hiramatsu <mhiramat(a)kernel.org> selftests: ftrace: Add probe event argument syntax testcase Yisheng Xie <xieyisheng1(a)huawei.com> mm/mempolicy.c: avoid use uninitialized preferred_node Stefano Brivio <sbrivio(a)redhat.com> vti4: Don't override MTU passed on link creation via IFLA_MTU Stefano Brivio <sbrivio(a)redhat.com> vti4: Don't count header length twice on tunnel setup Matthias Schiffer <mschiffer(a)universe-factory.net> batman-adv: fix header size check in batadv_dbg_arp() Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off Rob Herring <robh(a)kernel.org> microblaze: switch to NO_BOOTMEM Florian Westphal <fw(a)strlen.de> netfilter: ebtables: fix erroneous reject of last rule Fredrik Noring <noring(a)nocrew.org> USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Arvind Yadav <arvind.yadav.cs(a)gmail.com> xen: xenbus: use put_device() instead of kfree() Peter Malone <peter.malone(a)gmail.com> fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Jeremy Cline <jeremy(a)jcline.org> scsi: sd: Keep disk read-only when re-reading partition Merlijn Wajer <merlijn(a)wizzup.org> usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers Pierre-Yves Kerbrat <pkerbrat(a)kalray.eu> e1000e: allocate ring descriptors with dma_zalloc_coherent Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix check_for_link return value with autoneg off Igor Pylypiv <igor.pylypiv(a)gmail.com> watchdog: f71808e_wdt: Fix magic close handling Filipe Manana <fdmanana(a)suse.com> Btrfs: send, fix issuing write op when processing hole in no data mode Roger Pau Monne <roger.pau(a)citrix.com> xen/pirq: fix error path cleanup when binding MSIs Joey Pabalinas <joeypabalinas(a)gmail.com> net/tcp/illinois: replace broken algorithm reference link Xin Long <lucien.xin(a)gmail.com> sit: fix IFLA_MTU ignored on NEWLINK Tang Junhui <tang.junhui(a)zte.com.cn> bcache: fix kcrashes with fio in RAID5 backend dev Eric Dumazet <edumazet(a)google.com> r8152: fix tx packets accounting Colin Ian King <colin.king(a)canonical.com> clocksource/drivers/fsl_ftm_timer: Fix error return checking Florian Westphal <fw(a)strlen.de> netfilter: ebtables: convert BUG_ONs to WARN_ONs Matthias Schiffer <mschiffer(a)universe-factory.net> batman-adv: invalidate checksum on fragment reassembly Matthias Schiffer <mschiffer(a)universe-factory.net> batman-adv: fix packet checksum in receive path Yufen Yu <yuyufen(a)huawei.com> md/raid1: fix NULL pointer dereference Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: dmxdev: fix error code for invalid ioctls Samuel Neves <sneves(a)dei.uc.pt> x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations Andrea Parri <parri.andrea(a)gmail.com> locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Johannes Berg <johannes.berg(a)intel.com> regulatory: add NUL to request alpha2 Eric Dumazet <edumazet(a)google.com> smsc75xx: fix smsc75xx_set_features() Tony Lindgren <tony(a)atomide.com> ARM: OMAP: Fix dmtimer init for omap1 Sebastian Ott <sebott(a)linux.vnet.ibm.com> s390/cio: clear timer when terminating driver I/O Sebastian Ott <sebott(a)linux.vnet.ibm.com> s390/cio: fix return code after missing interrupt David Rientjes <rientjes(a)google.com> kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Andrea Parri <parri.andrea(a)gmail.com> locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() Markus Elfring <elfring(a)users.sourceforge.net> drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/exynos: fix comparison to bitshift when dealing with a mask Yufen Yu <yuyufen(a)huawei.com> md raid10: fix NULL deference in handle_write_completed() Felix Fietkau <nbd(a)nbd.name> mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Kees Cook <keescook(a)chromium.org> NFC: llcp: Limit size of SDP URI Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: OMAP1: clock: Fix debugfs_create_*() usage Tony Lindgren <tony(a)atomide.com> ARM: OMAP3: Fix prm wake interrupt for resume Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qla4xxx: skip error recovery in case of register disconnect. Meelis Roos <mroos(a)linux.ee> scsi: aacraid: fix shutdown crash when init fails Anders Roxell <anders.roxell(a)linaro.org> selftests: memfd: add config fragment for fuse Stefan Agner <stefan(a)agner.ch> usb: gadget: fsl_udc_core: fix ep valid checks John Keeping <john(a)metanate.com> usb: gadget: f_uac2: fix bFirstInterface in composite gadget Bart Van Assche <bart.vanassche(a)wdc.com> scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: sym53c8xx_2: iterator underflow in sym_getsync() Chad Dupuis <chad.dupuis(a)cavium.com> scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Sujit Reddy Thumma <sthumma(a)codeaurora.org> scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Mark Salter <msalter(a)redhat.com> irqchip/gic-v3: Change pr_debug message to pr_devel Tang Junhui <tang.junhui(a)zte.com.cn> bcache: return attach error when no cache set exist Tang Junhui <tang.junhui(a)zte.com.cn> bcache: fix for data collapse after re-attaching an attached device Tang Junhui <tang.junhui(a)zte.com.cn> bcache: fix for allocator and register thread race Coly Li <colyli(a)suse.de> bcache: properly set task state in bch_writeback_thread() Arnd Bergmann <arnd(a)arndb.de> cifs: silence compiler warnings showing up with gcc-8.0.0 Alexey Dobriyan <adobriyan(a)gmail.com> proc: fix /proc/*/map_files lookup Ross Lagerwall <ross.lagerwall(a)citrix.com> xen/grant-table: Use put_page instead of free_page Matt Redfearn <matt.redfearn(a)mips.com> MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Chen Yu <yu.c.chen(a)intel.com> ACPI: processor_perflib: Do not send _PPC change notification if not ready Jean Delvare <jdelvare(a)suse.de> firmware: dmi_scan: Fix handling of empty DMI strings Arnd Bergmann <arnd(a)arndb.de> x86/power: Fix swsusp_arch_resume prototype Alex Estrin <alex.estrin(a)intel.com> IB/ipoib: Fix for potential no-carrier state Mel Gorman <mgorman(a)techsingularity.net> mm: pin address_space before dereferencing it while isolating an LRU page Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> asm-generic: provide generic_pmdp_establish() Yisheng Xie <xieyisheng1(a)huawei.com> mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Yisheng Xie <xieyisheng1(a)huawei.com> mm/mempolicy: fix the check of nodemask from user piaojun <piaojun(a)huawei.com> ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute piaojun <piaojun(a)huawei.com> ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Jake Daryll Obina <jake.obina(a)gmail.com> jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path Dan Carpenter <dan.carpenter(a)oracle.com> HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Arnd Bergmann <arnd(a)arndb.de> scsi: fas216: fix sense buffer initialization Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix out of bounds access in btrfs_search_slot Ulf Magnusson <ulfalizer(a)gmail.com> kconfig: Fix expr_free() E_NOT leak Ulf Magnusson <ulfalizer(a)gmail.com> kconfig: Fix automatic menu creation mem leak Ulf Magnusson <ulfalizer(a)gmail.com> kconfig: Don't leak main menus during parsing Guenter Roeck <linux(a)roeck-us.net> watchdog: sp5100_tco: Fix watchdog disable bit Jan Chochol <jan(a)chochol.info> nfs: Do not convert nfs_idmap_cache_timeout to jiffies mulhern <amulhern(a)redhat.com> dm thin: fix documentation relative to low water mark threshold Steven Rostedt (VMware) <rostedt(a)goodmis.org> tools lib traceevent: Fix get_field_str() for dynamic strings Alex Williamson <alex.williamson(a)redhat.com> PCI: Add function 1 DMA alias quirk for Marvell 9128 Anna-Maria Gleixner <anna-maria(a)linutronix.de> tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Paolo Bonzini <pbonzini(a)redhat.com> kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() Hector Martin <marcan(a)marcan.st> firewire-ohci: work around oversized DMA reads on JMicron controllers zhongjiang <zhongjiang(a)huawei.com> kernel/signal.c: avoid undefined behaviour in kill_something_info Joe Jin <joe.jin(a)oracle.com> xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Tejun Heo <tj(a)kernel.org> libata: Blacklist some Sandisk SSDs for NCQ Al Viro <viro(a)zeniv.linux.org.uk> do d_instantiate/unlock_new_inode combinations safely Al Viro <viro(a)zeniv.linux.org.uk> aio: fix io_destroy(2) vs. lookup_ioctx() race Al Viro <viro(a)zeniv.linux.org.uk> affs_lookup(): close a race with affs_remove_link() Colin Ian King <colin.king(a)canonical.com> KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" Maciej W. Rozycki <macro(a)mips.com> MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Maciej W. Rozycki <macro(a)mips.com> MIPS: ptrace: Expose FIR register through FP regset ------------- Diffstat: Documentation/device-mapper/thin-provisioning.txt | 8 +- Makefile | 4 +- arch/alpha/include/asm/xchg.h | 30 +++++-- arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/mach-omap1/clock.c | 6 +- arch/arm/mach-omap2/pm.c | 4 +- arch/arm/plat-omap/dmtimer.c | 7 +- arch/m68k/coldfire/device.c | 12 ++- arch/microblaze/Kconfig | 1 + arch/microblaze/mm/init.c | 56 ++----------- arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +- arch/mips/kernel/ptrace.c | 22 ++++- arch/mips/kernel/ptrace32.c | 4 +- arch/mips/kvm/mips.c | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/include/asm/irq_work.h | 1 + arch/powerpc/perf/core-book3s.c | 25 ++++++ arch/powerpc/sysdev/mpic.c | 2 +- arch/sh/kernel/entry-common.S | 2 +- arch/sparc/include/asm/atomic_64.h | 6 +- arch/x86/kernel/smpboot.c | 1 + arch/x86/kvm/vmx.c | 20 +++-- arch/x86/kvm/x86.c | 7 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- drivers/acpi/acpi_pad.c | 3 + drivers/acpi/acpica/evevent.c | 9 +- drivers/acpi/acpica/nseval.c | 8 ++ drivers/acpi/processor_perflib.c | 2 +- drivers/ata/libata-core.c | 4 + drivers/block/paride/pcd.c | 2 + drivers/cdrom/cdrom.c | 3 - drivers/cdrom/gdrom.c | 3 + drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 ++-- drivers/clocksource/fsl_ftm_timer.c | 2 +- drivers/dma/pl330.c | 6 +- drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 ++--- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 +- drivers/gpu/drm/exynos/regs-fimc.h | 2 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwmon/nct6775.c | 10 +-- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/i2c/busses/i2c-mv64xxx.c | 8 +- drivers/ide/ide-cd.c | 2 + drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/request.c | 2 +- drivers/md/bcache/super.c | 23 +++-- drivers/md/bcache/sysfs.c | 11 ++- drivers/md/bcache/writeback.c | 27 ++++-- drivers/md/raid1.c | 11 +++ drivers/md/raid10.c | 6 +- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 +++ drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/marvell/mvneta.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/phy/dp83640.c | 18 ++++ drivers/net/usb/qmi_wwan.c | 4 + drivers/net/usb/r8152.c | 2 +- drivers/net/usb/smsc75xx.c | 7 +- drivers/net/virtio_net.c | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 10 +++ drivers/parisc/lba_pci.c | 20 ++++- drivers/pci/pci-driver.c | 17 ++-- drivers/pci/quirks.c | 5 ++ drivers/regulator/of_regulator.c | 1 + drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/cio/device_fsm.c | 7 +- drivers/s390/cio/io_sch.h | 1 + drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/lpfc/lpfc_attr.c | 5 ++ drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 ++++++++++ drivers/scsi/sd.c | 3 +- drivers/scsi/sr.c | 21 ++++- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/staging/rtl8192u/r8192U_core.c | 2 + drivers/tty/serial/arc_uart.c | 5 ++ drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 ++ drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/composite.c | 40 +++++---- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/musb/musb_core.c | 2 + drivers/video/fbdev/sbuslib.c | 4 +- drivers/watchdog/f71808e_wdt.c | 3 +- drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/events/events_base.c | 4 +- drivers/xen/grant-table.c | 4 +- drivers/xen/swiotlb-xen.c | 2 +- drivers/xen/xen-acpi-processor.c | 6 +- drivers/xen/xenbus/xenbus_probe.c | 5 +- drivers/zorro/zorro.c | 12 +++ fs/affs/namei.c | 10 ++- fs/aio.c | 4 +- fs/btrfs/ctree.c | 12 ++- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/inode.c | 16 +--- fs/btrfs/send.c | 3 + fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/tree-log.c | 12 ++- fs/cifs/cifssmb.c | 4 +- fs/dcache.c | 22 +++++ fs/ecryptfs/inode.c | 3 +- fs/ext2/namei.c | 6 +- fs/ext4/namei.c | 6 +- fs/f2fs/namei.c | 12 +-- fs/jffs2/dir.c | 12 +-- fs/jffs2/fs.c | 1 - fs/jfs/namei.c | 12 +-- fs/nfs/nfs4sysctl.c | 2 +- fs/nilfs2/namei.c | 6 +- fs/ocfs2/acl.c | 6 ++ fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 ++++++- fs/proc/proc_sysctl.c | 3 + fs/reiserfs/namei.c | 12 +-- fs/udf/namei.c | 6 +- fs/udf/super.c | 5 +- fs/ufs/namei.c | 6 +- fs/xfs/xfs_discard.c | 14 ++-- include/asm-generic/pgtable.h | 15 ++++ include/linux/dcache.h | 1 + include/linux/suspend.h | 2 + include/linux/usb/composite.h | 3 + include/net/llc_conn.h | 2 +- include/net/mac80211.h | 2 +- include/net/regulatory.h | 2 +- include/trace/events/timer.h | 20 ++++- include/uapi/linux/if_ether.h | 1 + kernel/audit.c | 2 + kernel/debug/kdb/kdb_main.c | 27 ++++-- kernel/events/core.c | 3 +- kernel/power/power.h | 3 - kernel/relay.c | 2 +- kernel/sched/rt.c | 2 + kernel/signal.c | 4 + mm/ksm.c | 28 +++++++ mm/mempolicy.c | 36 ++++++-- mm/swapfile.c | 4 + mm/vmscan.c | 22 ++++- net/batman-adv/distributed-arp-table.c | 2 +- net/batman-adv/fragmentation.c | 3 +- net/batman-adv/gateway_client.c | 3 + net/batman-adv/multicast.c | 4 +- net/batman-adv/soft-interface.c | 8 +- net/bridge/netfilter/ebtables.c | 33 +++++--- net/core/skbuff.c | 9 +- net/ipv4/ip_vti.c | 2 - net/ipv4/tcp_illinois.c | 2 +- net/ipv6/sit.c | 7 ++ net/llc/llc_c_ac.c | 15 ++-- net/llc/llc_conn.c | 32 +++++-- net/netlabel/netlabel_unlabeled.c | 10 +++ net/nfc/llcp_commands.c | 4 + net/nfc/netlink.c | 3 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 ++++++-- security/integrity/ima/ima_crypto.c | 2 + security/integrity/ima/ima_main.c | 13 +++ sound/core/vmaster.c | 5 +- sound/soc/au1x/ac97c.c | 6 +- tools/lib/traceevent/parse-filter.c | 10 ++- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 ++++++++++ .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++++++++++++++++++++++ .../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 ++++++++++ tools/testing/selftests/memfd/config | 1 + tools/thermal/tmon/sysfs.c | 12 +-- tools/thermal/tmon/tmon.c | 1 - 204 files changed, 1228 insertions(+), 450 deletions(-)

6 years, 7 months

7
180
0 0

[PATCH V2] PCI/portdrv: do not disable device on reboot/shutdown

by Sinan Kaya

'Commit cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown")' has been added to kernel to shutdown pending PCIe port service interrupts during reboot so that a newly started kexec kernel wouldn't observe pending interrupts. pcie_port_device_remove() is disabling the root port and switches by calling pci_disable_device() after all PCIe service drivers are shutdown. pci_disable_device() has a much wider impact then port service itself and it prevents all inbound transactions to reach to the system and impacts the entire PCI traffic behind the bridge. Issue is that pcie_port_device_remove() doesn't maintain any coordination with the rest of the PCI device drivers in the system before clearing the bus master bit. This has been found to cause crashes on HP DL360 Gen9 machines during reboot. Besides, kexec is already clearing the bus master bit in pci_device_shutdown() after all PCI drivers are removed. Just remove the extra clear in shutdown path by seperating the remove and shutdown APIs in the PORTDRV. Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199779 Fixes: cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown") Cc: stable(a)vger.kernel.org Reported-by: Ryan Finnie <ryan(a)finnie.org> --- drivers/pci/pcie/portdrv.h | 2 +- drivers/pci/pcie/portdrv_core.c | 5 +++-- drivers/pci/pcie/portdrv_pci.c | 16 +++++++++++++--- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/drivers/pci/pcie/portdrv.h b/drivers/pci/pcie/portdrv.h index d0c6783..f6e88fe 100644 --- a/drivers/pci/pcie/portdrv.h +++ b/drivers/pci/pcie/portdrv.h @@ -86,7 +86,7 @@ int pcie_port_device_register(struct pci_dev *dev); int pcie_port_device_suspend(struct device *dev); int pcie_port_device_resume(struct device *dev); #endif -void pcie_port_device_remove(struct pci_dev *dev); +void pcie_port_device_remove(struct pci_dev *dev, bool disable); int __must_check pcie_port_bus_register(void); void pcie_port_bus_unregister(void); diff --git a/drivers/pci/pcie/portdrv_core.c b/drivers/pci/pcie/portdrv_core.c index c9c0663..f35341e 100644 --- a/drivers/pci/pcie/portdrv_core.c +++ b/drivers/pci/pcie/portdrv_core.c @@ -405,11 +405,12 @@ static int remove_iter(struct device *dev, void *data) * Remove PCI Express port service devices associated with given port and * disable MSI-X or MSI for the port. */ -void pcie_port_device_remove(struct pci_dev *dev) +void pcie_port_device_remove(struct pci_dev *dev, bool disable) { device_for_each_child(&dev->dev, NULL, remove_iter); pci_free_irq_vectors(dev); - pci_disable_device(dev); + if (disable) + pci_disable_device(dev); } /** diff --git a/drivers/pci/pcie/portdrv_pci.c b/drivers/pci/pcie/portdrv_pci.c index 973f1b8..29afaf3 100644 --- a/drivers/pci/pcie/portdrv_pci.c +++ b/drivers/pci/pcie/portdrv_pci.c @@ -137,7 +137,7 @@ static int pcie_portdrv_probe(struct pci_dev *dev, return 0; } -static void pcie_portdrv_remove(struct pci_dev *dev) +static void __pcie_portdrv_remove(struct pci_dev *dev, bool disable) { if (pci_bridge_d3_possible(dev)) { pm_runtime_forbid(&dev->dev); @@ -145,7 +145,17 @@ static void pcie_portdrv_remove(struct pci_dev *dev) pm_runtime_dont_use_autosuspend(&dev->dev); } - pcie_port_device_remove(dev); + pcie_port_device_remove(dev, disable); +} + +static void pcie_portdrv_remove(struct pci_dev *dev) +{ + return __pcie_portdrv_remove(dev, true); +} + +static void pcie_portdrv_shutdown(struct pci_dev *dev) +{ + return __pcie_portdrv_remove(dev, false); } static pci_ers_result_t pcie_portdrv_error_detected(struct pci_dev *dev, @@ -218,7 +228,7 @@ static struct pci_driver pcie_portdriver = { .probe = pcie_portdrv_probe, .remove = pcie_portdrv_remove, - .shutdown = pcie_portdrv_remove, + .shutdown = pcie_portdrv_shutdown, .err_handler = &pcie_portdrv_err_handler, -- 2.7.4

6 years, 7 months

3
10
0 0

[PATCH V3 1/2] PCI: Try to clean up resources via remove if shutdown doesn't exist

by Sinan Kaya

It is up to a driver to implement shutdown() callback. If shutdown() callback is not implemented, PCI device can have pending interrupt and even do DMA transactions while the system is going down. If kexec is in use, this can damage the newly booting kexec kernel or even prevent it from booting altogether. Fallback to calling the remove() callback if shutdown() isn't implemented for a given driver. Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199779 Fixes: cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown") Cc: stable(a)vger.kernel.org Reported-by: Ryan Finnie <ryan(a)finnie.org> --- drivers/pci/pci-driver.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index cbda0e6..75a00fe 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -477,8 +477,17 @@ static void pci_device_shutdown(struct device *dev) pm_runtime_resume(dev); + /* + * Try shutdown callback if it exists, otherwise fallback to remove + * callback. PCI drivers can do DMA and have pending interrupts. + * Leaving the DMA and interrupts pending could damage the newly + * booting kexec kernel as well as prevent it from booting altogether + * if the pending interrupt is level. + */ if (drv && drv->shutdown) drv->shutdown(pci_dev); + else if (drv && drv->remove) + drv->remove(pci_dev); /* * If this is a kexec reboot, turn off Bus Master bit on the -- 2.7.4

6 years, 7 months

2
3
0 0

[PATCH v8 1/8] softirq: reorder trace_softirqs_on to prevent lockdep splat

by Joel Fernandes

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> I'm able to reproduce a lockdep splat with config options: CONFIG_PROVE_LOCKING=y, CONFIG_DEBUG_LOCK_ALLOC=y and CONFIG_PREEMPTIRQ_EVENTS=y $ echo 1 > /d/tracing/events/preemptirq/preempt_enable/enable [ 26.112609] DEBUG_LOCKS_WARN_ON(current->softirqs_enabled) [ 26.112636] WARNING: CPU: 0 PID: 118 at kernel/locking/lockdep.c:3854 [...] [ 26.144229] Call Trace: [ 26.144926] <IRQ> [ 26.145506] lock_acquire+0x55/0x1b0 [ 26.146499] ? __do_softirq+0x46f/0x4d9 [ 26.147571] ? __do_softirq+0x46f/0x4d9 [ 26.148646] trace_preempt_on+0x8f/0x240 [ 26.149744] ? trace_preempt_on+0x4d/0x240 [ 26.150862] ? __do_softirq+0x46f/0x4d9 [ 26.151930] preempt_count_sub+0x18a/0x1a0 [ 26.152985] __do_softirq+0x46f/0x4d9 [ 26.153937] irq_exit+0x68/0xe0 [ 26.154755] smp_apic_timer_interrupt+0x271/0x280 [ 26.156056] apic_timer_interrupt+0xf/0x20 [ 26.157105] </IRQ> The issue was this: preempt_count = 1 << SOFTIRQ_SHIFT __local_bh_enable(cnt = 1 << SOFTIRQ_SHIFT) { if (softirq_count() == (cnt && SOFTIRQ_MASK)) { trace_softirqs_on() { current->softirqs_enabled = 1; } } preempt_count_sub(cnt) { trace_preempt_on() { tracepoint() { rcu_read_lock_sched() { // jumps into lockdep Where preempt_count still has softirqs disabled, but current->softirqs_enabled is true, and we get a splat. Cc: stable(a)vger.kernel.org Reviewed-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Fixes: d59158162e032 ("tracing: Add support for preempt and irq enable/disable events") Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- kernel/softirq.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/softirq.c b/kernel/softirq.c index 177de3640c78..8a040bcaa033 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -139,9 +139,13 @@ static void __local_bh_enable(unsigned int cnt) { lockdep_assert_irqs_disabled(); + if (preempt_count() == cnt) + trace_preempt_on(CALLER_ADDR0, get_lock_parent_ip()); + if (softirq_count() == (cnt & SOFTIRQ_MASK)) trace_softirqs_on(_RET_IP_); - preempt_count_sub(cnt); + + __preempt_count_sub(cnt); } /* -- 2.17.0.921.gf22659ad46-goog

6 years, 7 months

1
0
0 0

+ ocfs2-fix-a-misuse-a-of-brelse-after-failing-ocfs2_check_dir_entry.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry has been added to the -mm tree. Its filename is ocfs2-fix-a-misuse-a-of-brelse-after-failing-ocfs2_check_dir_entry.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/ocfs2-fix-a-misuse-a-of-brelse-aft… and later at http://ozlabs.org/~akpm/mmotm/broken-out/ocfs2-fix-a-misuse-a-of-brelse-aft… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Changwei Ge <ge.changwei(a)h3c.com> Subject: ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry Somehow, file system metadata was corrupted, which causes ocfs2_check_dir_entry() to fail in function ocfs2_dir_foreach_blk_el(). According to the original design intention, if above happens we should skip the problematic block and continue to retrieve dir entry. But there is obviouse misuse of brelse around related code. After failure of ocfs2_check_dir_entry(), currunt code just moves to next position and uses the problematic buffer head again and again during which the problematic buffer head is released for multiple times. I suppose, this a serious issue which is long-lived in ocfs2. This may cause other file systems which is also used in a the same host insane. So we should also consider about bakcporting this patch into linux -stable. Link: http://lkml.kernel.org/r/HK2PR06MB045211675B43EED794E597B6D56E0@HK2PR06MB04… Signed-off-by: Changwei Ge <ge.changwei(a)h3c.com> Suggested-by: Changkuo Shi <shi.changkuo(a)h3c.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dir.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff -puN fs/ocfs2/dir.c~ocfs2-fix-a-misuse-a-of-brelse-after-failing-ocfs2_check_dir_entry fs/ocfs2/dir.c --- a/fs/ocfs2/dir.c~ocfs2-fix-a-misuse-a-of-brelse-after-failing-ocfs2_check_dir_entry +++ a/fs/ocfs2/dir.c @@ -1897,8 +1897,7 @@ static int ocfs2_dir_foreach_blk_el(stru /* On error, skip the f_pos to the next block. */ ctx->pos = (ctx->pos | (sb->s_blocksize - 1)) + 1; - brelse(bh); - continue; + break; } if (le64_to_cpu(de->inode)) { unsigned char d_type = DT_UNKNOWN; _ Patches currently in -mm which might be from ge.changwei(a)h3c.com are ocfs2-fix-a-misuse-a-of-brelse-after-failing-ocfs2_check_dir_entry.patch ocfs2-dont-put-and-assign-null-to-bh-allocated-outside.patch ocfs2-dont-use-iocb-when-eiocbqueued-returns.patch

6 years, 7 months

1
0
0 0

[PATCH] fs/binfmt_misc.c: do not allow offset overflow

by Thadeu Lima de Souza Cascardo

It's possible to overflow the offset to get a negative value, which might crash the system, or possibly leak kernel data. Here is a crash log when using 2500000000 as offset: [ 6050.251552] BUG: unable to handle kernel paging request at ffff989cfd6edca0 [ 6050.252053] IP: load_misc_binary+0x22b/0x470 [binfmt_misc] [ 6050.252053] PGD 1ef3e067 P4D 1ef3e067 PUD 0 [ 6050.252053] Oops: 0000 [#1] SMP NOPTI [ 6050.252053] Modules linked in: binfmt_misc kvm_intel ppdev kvm irqbypass joydev input_leds serio_raw mac_hid parport_pc qemu_fw_cfg parpy [ 6050.252053] CPU: 0 PID: 2499 Comm: bash Not tainted 4.15.0-22-generic #24-Ubuntu [ 6050.252053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1 04/01/2014 [ 6050.252053] RIP: 0010:load_misc_binary+0x22b/0x470 [binfmt_misc] [ 6050.252053] RSP: 0018:ffffb6e383017e18 EFLAGS: 00010202 [ 6050.252053] RAX: 0000000000000003 RBX: ffff989d74a47100 RCX: ffff989cfd6edca0 [ 6050.252053] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff989d7d2e95e5 [ 6050.252053] RBP: ffffb6e383017e48 R08: 0000000000000001 R09: 0000000000000000 [ 6050.252053] R10: 0000000000000000 R11: fefefefefefefeff R12: 0000000000000001 [ 6050.252053] R13: ffff989d7d2e9580 R14: 0000000000000000 R15: ffffffffc0592160 [ 6050.252053] FS: 00007fa424c89740(0000) GS:ffff989d7fc00000(0000) knlGS:0000000000000000 [ 6050.252053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6050.252053] CR2: ffff989cfd6edca0 CR3: 000000003db08000 CR4: 00000000000006f0 [ 6050.252053] Call Trace: [ 6050.252053] search_binary_handler+0x97/0x1d0 [ 6050.252053] do_execveat_common.isra.34+0x667/0x810 [ 6050.252053] SyS_execve+0x31/0x40 [ 6050.252053] do_syscall_64+0x73/0x130 [ 6050.252053] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Use kstrtoint instead of simple_strtoul. It will work as the code already set the delimiter byte to '\0' and we only do it when the field is not empty. Tested with offsets -1, 2500000000, UINT_MAX and INT_MAX. Also tested with examples documented at Documentation/admin-guide/binfmt-misc.rst and other registrations from packages on Ubuntu. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org --- fs/binfmt_misc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index a41b48f82a70..4de191563261 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -387,8 +387,13 @@ static Node *create_entry(const char __user *buffer, size_t count) s = strchr(p, del); if (!s) goto einval; - *s++ = '\0'; - e->offset = simple_strtoul(p, &p, 10); + *s = '\0'; + if (p != s) { + int r = kstrtoint(p, 10, &e->offset); + if (r != 0 || e->offset < 0) + goto einval; + } + p = s; if (*p++) goto einval; pr_debug("register: offset: %#x\n", e->offset); @@ -428,7 +433,8 @@ static Node *create_entry(const char __user *buffer, size_t count) if (e->mask && string_unescape_inplace(e->mask, UNESCAPE_HEX) != e->size) goto einval; - if (e->size + e->offset > BINPRM_BUF_SIZE) + if (e->size > BINPRM_BUF_SIZE || + BINPRM_BUF_SIZE - e->size < e->offset) goto einval; pr_debug("register: magic/mask length: %i\n", e->size); if (USE_DEBUG) { -- 2.17.0

6 years, 7 months

2
2
0 0

[merged] kasan-fix-memory-hotplug-during-boot.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan: fix memory hotplug during boot has been removed from the -mm tree. Its filename was kasan-fix-memory-hotplug-during-boot.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: kasan: fix memory hotplug during boot Using module_init() is wrong. E.g. ACPI adds and onlines memory before our memory notifier gets registered. This makes sure that ACPI memory detected during boot up will not result in a kernel crash. Easily reproducible with QEMU, just specify a DIMM when starting up. Link: http://lkml.kernel.org/r/20180522100756.18478-3-david@redhat.com Fixes: 786a8959912e ("kasan: disable memory hotplug") Signed-off-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/kasan/kasan.c~kasan-fix-memory-hotplug-during-boot mm/kasan/kasan.c --- a/mm/kasan/kasan.c~kasan-fix-memory-hotplug-during-boot +++ a/mm/kasan/kasan.c @@ -898,5 +898,5 @@ static int __init kasan_memhotplug_init( return 0; } -module_init(kasan_memhotplug_init); +core_initcall(kasan_memhotplug_init); #endif _ Patches currently in -mm which might be from david(a)redhat.com are

6 years, 7 months

1
0
0 0

[merged] kasan-free-allocated-shadow-memory-on-mem_cancel_online.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan: free allocated shadow memory on MEM_CANCEL_ONLINE has been removed from the -mm tree. Its filename was kasan-free-allocated-shadow-memory-on-mem_cancel_online.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: kasan: free allocated shadow memory on MEM_CANCEL_ONLINE We have to free memory again when we cancel onlining, otherwise a later onlining attempt will fail. Link: http://lkml.kernel.org/r/20180522100756.18478-2-david@redhat.com Fixes: fa69b5989bb0 ("mm/kasan: add support for memory hotplug") Signed-off-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan.c | 1 + 1 file changed, 1 insertion(+) diff -puN mm/kasan/kasan.c~kasan-free-allocated-shadow-memory-on-mem_cancel_online mm/kasan/kasan.c --- a/mm/kasan/kasan.c~kasan-free-allocated-shadow-memory-on-mem_cancel_online +++ a/mm/kasan/kasan.c @@ -866,6 +866,7 @@ static int __meminit kasan_mem_notifier( kmemleak_ignore(ret); return NOTIFY_OK; } + case MEM_CANCEL_ONLINE: case MEM_OFFLINE: { struct vm_struct *vm; _ Patches currently in -mm which might be from david(a)redhat.com are

6 years, 7 months

1
0
0 0

[merged] kernel-sys-fix-potential-spectre-v1.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kernel/sys.c: fix potential Spectre v1 issue has been removed from the -mm tree. Its filename was kernel-sys-fix-potential-spectre-v1.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Gustavo A. R. Silva" <gustavo(a)embeddedor.com> Subject: kernel/sys.c: fix potential Spectre v1 issue `resource' can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: kernel/sys.c:1474 __do_compat_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) kernel/sys.c:1455 __do_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) Fix this by sanitizing *resource* before using it to index current->signal->rlim Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Link: http://lkml.kernel.org/r/20180515030038.GA11822@embeddedor.com Signed-off-by: Gustavo A. R. Silva <gustavo(a)embeddedor.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/sys.c | 5 +++++ 1 file changed, 5 insertions(+) diff -puN kernel/sys.c~kernel-sys-fix-potential-spectre-v1 kernel/sys.c --- a/kernel/sys.c~kernel-sys-fix-potential-spectre-v1 +++ a/kernel/sys.c @@ -71,6 +71,9 @@ #include <asm/io.h> #include <asm/unistd.h> +/* Hardening for Spectre-v1 */ +#include <linux/nospec.h> + #include "uid16.h" #ifndef SET_UNALIGN_CTL @@ -1453,6 +1456,7 @@ SYSCALL_DEFINE2(old_getrlimit, unsigned if (resource >= RLIM_NLIMITS) return -EINVAL; + resource = array_index_nospec(resource, RLIM_NLIMITS); task_lock(current->group_leader); x = current->signal->rlim[resource]; task_unlock(current->group_leader); @@ -1472,6 +1476,7 @@ COMPAT_SYSCALL_DEFINE2(old_getrlimit, un if (resource >= RLIM_NLIMITS) return -EINVAL; + resource = array_index_nospec(resource, RLIM_NLIMITS); task_lock(current->group_leader); r = current->signal->rlim[resource]; task_unlock(current->group_leader); _ Patches currently in -mm which might be from gustavo(a)embeddedor.com are

6 years, 7 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2018