May 2018 - Linux-stable-mirror

by Guenter Roeck

Hi Greg, the following are some more patches for stable releases. I collected the following clang patches from chromeos-4.14. They are not really needed to build x86_64:defconfig in v4.14.y with clang (5.0), but they do fix a couple of build warnings if the respective drivers are enabled. I'll leave it up to you if you want to apply them or not. I did make sure that defconfig and allmodconfig still build using gcc with the patches applied. df16aaac26e9 kbuild: clang: remove crufty HOSTCFLAGS cad9946c2a43 drm/i915: Always sanity check engine state upon idling 531beb067c61 dma-buf: remove redundant initialization of sg_table 42b5122e828a drm/amd/powerplay: Fix enum mismatch fb239c1209bb rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c 271ef65b5882 ASoC: Intel: sst: remove redundant variable dma_dev_name d3b56c566d4b platform/chrome: cros_ec_lpc: remove redundant pointer request 0a5f41767444 kbuild: clang: disable unused variable warnings The following patch is needed in v4.4.y to be able to build arm:footbridge_defconfig with gcc 7.3.0. c9bd28233b6d irda: fix overly long udelay() Thanks, Guenter

6 years, 4 months

2
1
0 0

[PATCH] Revert "ima: limit file hash setting by user to fix and log modes"

by Mike Rapoport

Hi, On a system that has IMA appraisal enabled it is impossible to create security.ima extended attribute files that contain IMA hash. For instance, consider the following use case: 1) extract application files to a staging area as non root user 2) verify that installation is correct 3) create IMA extended attributes for the installed files 4) move the files to their destination 5) change the files ownership to root With the longterm kernels 4.4.x and 4.9.x step 3 will fail. The issues is fixed in upstream kernels by the commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b ("Revert "ima: limit file hash setting by user to fix and log modes"), with the patch also quoted below. -- Sincerely yours, Mike. >From f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b Mon Sep 17 00:00:00 2001 From: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Date: Wed, 2 Nov 2016 09:14:16 -0400 Subject: [PATCH] Revert "ima: limit file hash setting by user to fix and log modes" Userspace applications have been modified to write security xattrs, but they are not context aware. In the case of security.ima, the security xattr can be either a file hash or a file signature. Permitting writing one, but not the other requires the application to be context aware. In addition, userspace applications might write files to a staging area, which might not be in policy, and then change some file metadata (eg. owner) making it in policy. As a result, these files are not labeled properly. This reverts commit c68ed80c97d9720f51ef31fe91560fdd1e121533, which prevents writing file hashes as security.ima xattrs. Requested-by: Patrick Ohly <patrick.ohly(a)intel.com> Cc: Dmitry Kasatkin <dmitry.kasatkin(a)gmail.com> Signed-off-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> --- security/integrity/ima/ima_appraise.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 389325ac6067..a705598ced5f 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -384,14 +384,10 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); if (result == 1) { - bool digsig; - if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) return -EINVAL; - digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG); - if (!digsig && (ima_appraise & IMA_APPRAISE_ENFORCE)) - return -EPERM; - ima_reset_appraise_flags(d_backing_inode(dentry), digsig); + ima_reset_appraise_flags(d_backing_inode(dentry), + (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); result = 0; } return result; -- 2.7.4

6 years, 4 months

2
1
0 0

[PATCH 0/1] Fix for xfs agfl wrap crash for stable kernels

by Dave Chiluk

When moving xfs volumes between kernels that have 96f859d52 and don't have 96f859d52, there is potential for a filesystem crash if the agfl has wrapped (flfirst > fllast). Depending on which filesystem this is this can take down the whole machine. Such is the case when upgrading from the stock Centos 7 3.13 to the kernel.org stable kernels (via elrepo). Another possible common boundary cross I noticed was early Ubuntu kernel v4.4 to recent v4.4. We've been hitting this crash roughly once a week in our cloud, and it has produced the below stack trace. The solution prefers to reset the agfl and leak a few blocks instead of shutting down the filesystem. The leaked blocks can be recovered using a xfs_repair. The attached patch is a backport of a27ba2607 due to a78ee256c. It is intended for and tested on the v4.4 stream, but should apply to all kernels that lack upstream a78ee256c. Thanks, Dave Chiluk vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv XFS (dm-4): Internal error XFS_WANT_CORRUPTED_GOTO at line 3505 of file fs/xfs/libxfs/xfs_btree.c. Caller xfs_free_ag_extent+0x35d/0x7a0 [xfs] CPU: 18 PID: 9896 Comm: mesos-slave Not tainted 4.10.10-1.el7.elrepo.x86_64 #1 Hardware name: Supermicro PIO-618U-TR4T+-ST031/X10DRU-i+, BIOS 2.0 12/17/2015 Call Trace: dump_stack+0x63/0x87 xfs_error_report+0x3b/0x40 [xfs] ? xfs_free_ag_extent+0x35d/0x7a0 [xfs] xfs_btree_insert+0x1b0/0x1c0 [xfs] xfs_free_ag_extent+0x35d/0x7a0 [xfs] xfs_free_extent+0xbb/0x150 [xfs] xfs_trans_free_extent+0x4f/0x110 [xfs] ? xfs_trans_add_item+0x5d/0x90 [xfs] xfs_extent_free_finish_item+0x26/0x40 [xfs] xfs_defer_finish+0x149/0x410 [xfs] xfs_remove+0x281/0x330 [xfs] xfs_vn_unlink+0x55/0xa0 [xfs] vfs_rmdir+0xb6/0x130 do_rmdir+0x1b3/0x1d0 SyS_rmdir+0x16/0x20 do_syscall_64+0x67/0x180 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x7f85d8d92397 RSP: 002b:00007f85cef9b758 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 RAX: ffffffffffffffda RBX: 00007f858c00b4c0 RCX: 00007f85d8d92397 RDX: 00007f858c09ad70 RSI: 0000000000000000 RDI: 00007f858c09ad70 RBP: 00007f85cef9bc30 R08: 0000000000000001 R09: 0000000000000002 R10: 0000006f74656c67 R11: 0000000000000246 R12: 00007f85cef9c640 R13: 00007f85cef9bc50 R14: 00007f85cef9bcc0 R15: 00007f85cef9bc40 XFS (dm-4): xfs_do_force_shutdown(0x8) called from line 236 of file fs/xfs/libxfs/xfs_defer.c. Return address = 0xffffffffa028f087 XFS (dm-4): Corruption of in-memory data detected. Shutting down filesystem XFS (dm-4): Please umount the filesystem and rectify the problem(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

6 years, 4 months

2
2
0 0

[PATCH-RESEND] cxl: Disable prefault_mode in Radix mode

by Vaibhav Jain

From: Vaibhav Jain <vaibhav(a)linux.ibm.com> Currently we see a kernel-oops reported on Power-9 while attaching a context to an AFU, with radix-mode and sysfs attr 'prefault_mode' set to anything other than 'none'. The backtrace of the oops is of this form: Unable to handle kernel paging request for data at address 0x00000080 Faulting instruction address: 0xc00800000bcf3b20 cpu 0x1: Vector: 300 (Data Access) at [c00000037f003800] pc: c00800000bcf3b20: cxl_load_segment+0x178/0x290 [cxl] lr: c00800000bcf39f0: cxl_load_segment+0x48/0x290 [cxl] sp: c00000037f003a80 msr: 9000000000009033 dar: 80 dsisr: 40000000 current = 0xc00000037f280000 paca = 0xc0000003ffffe600 softe: 3 irq_happened: 0x01 pid = 3529, comm = afp_no_int <snip> [c00000037f003af0] c00800000bcf4424 cxl_prefault+0xfc/0x248 [cxl] [c00000037f003b50] c00800000bcf8a40 process_element_entry_psl9+0xd8/0x1a0 [cxl] [c00000037f003b90] c00800000bcf944c cxl_attach_dedicated_process_psl9+0x44/0x130 [cxl] [c00000037f003bd0] c00800000bcf5448 native_attach_process+0xc0/0x130 [cxl] [c00000037f003c50] c00800000bcf16cc afu_ioctl+0x3f4/0x5e0 [cxl] [c00000037f003d00] c00000000039d98c do_vfs_ioctl+0xdc/0x890 [c00000037f003da0] c00000000039e1a8 ksys_ioctl+0x68/0xf0 [c00000037f003df0] c00000000039e270 sys_ioctl+0x40/0xa0 [c00000037f003e30] c00000000000b320 system_call+0x58/0x6c --- Exception: c01 (System Call) at 0000000010053bb0 The issue is caused as on Power-8 the AFU attr 'prefault_mode' was used to improve initial storage fault performance by prefaulting process segments. However on Power-9 with radix mode we don't have Storage-Segments that we can prefault. Also prefaulting process Pages will be too costly and fine-grained. Hence, since the prefaulting mechanism doesn't makes sense of radix-mode, this patch updates prefault_mode_store() to not allow any other value apart from CXL_PREFAULT_NONE when radix mode is enabled. Cc: <stable(a)vger.kernel.org> Fixes: f24be42aab37 ("cxl: Add psl9 specific code") Signed-off-by: Vaibhav Jain <vaibhav(a)linux.ibm.com> --- Change-log: Resend -> Updated the commit description to add more info on the issue seen [Andrew] --- Documentation/ABI/testing/sysfs-class-cxl | 4 +++- drivers/misc/cxl/sysfs.c | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-cxl b/Documentation/ABI/testing/sysfs-class-cxl index 640f65e79ef1..267920a1874b 100644 --- a/Documentation/ABI/testing/sysfs-class-cxl +++ b/Documentation/ABI/testing/sysfs-class-cxl @@ -69,7 +69,9 @@ Date: September 2014 Contact: linuxppc-dev(a)lists.ozlabs.org Description: read/write Set the mode for prefaulting in segments into the segment table - when performing the START_WORK ioctl. Possible values: + when performing the START_WORK ioctl. Only applicable when + running under hashed page table mmu. + Possible values: none: No prefaulting (default) work_element_descriptor: Treat the work element descriptor as an effective address and diff --git a/drivers/misc/cxl/sysfs.c b/drivers/misc/cxl/sysfs.c index 4b5a4c5d3c01..629e2e156412 100644 --- a/drivers/misc/cxl/sysfs.c +++ b/drivers/misc/cxl/sysfs.c @@ -353,12 +353,20 @@ static ssize_t prefault_mode_store(struct device *device, struct cxl_afu *afu = to_cxl_afu(device); enum prefault_modes mode = -1; - if (!strncmp(buf, "work_element_descriptor", 23)) - mode = CXL_PREFAULT_WED; - if (!strncmp(buf, "all", 3)) - mode = CXL_PREFAULT_ALL; if (!strncmp(buf, "none", 4)) mode = CXL_PREFAULT_NONE; + else { + if (!radix_enabled()) { + + /* only allowed when not in radix mode */ + if (!strncmp(buf, "work_element_descriptor", 23)) + mode = CXL_PREFAULT_WED; + if (!strncmp(buf, "all", 3)) + mode = CXL_PREFAULT_ALL; + } else { + dev_err(device, "Cannot prefault with radix enabled\n"); + } + } if (mode == -1) return -EINVAL; -- 2.17.0

6 years, 4 months

5
5
0 0

[PATCH] vmw_balloon: fixing double free when batching mode is off

by Nadav Amit

From: Gil Kupfer <gilkup(a)gmail.com> The balloon.page field is used for two different purposes if paging is on or off. If batching is on, the field point to the page which is used to communicate with with the hypervisor. If it is off, balloon.page points to the page that is about to be (un)locked. Unfortunately, this dual-purpose of the field introduced a bug: when the balloon is popped (e.g., when the machine is reset or the balloon driver is explicitly removed), the balloon driver frees, unconditionally, the page that is held in balloon.page. As a result, if batching is disabled, this leads to double freeing the last page that is sent to the hypervisor. batching and pointer to current page otherwise. When the balloon is popped (during reset or rmmode), it tries to free the communication page. If batching is disabled, this leads to double free of the last page sent to the backend. The following error occurs during rmmod when kernel checkers are on, and the balloon is not empty: [ 42.307653] ------------[ cut here ]------------ [ 42.307657] Kernel BUG at ffffffffba1e4b28 [verbose debug info unavailable] [ 42.307720] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC [ 42.312512] Modules linked in: vmw_vsock_vmci_transport vsock ppdev joydev vmw_balloon(-) input_leds serio_raw vmw_vmci parport_pc shpchp parport i2c_piix4 nfit mac_hid autofs4 vmwgfx drm_kms_helper hid_generic syscopyarea sysfillrect usbhid sysimgblt fb_sys_fops hid ttm mptspi scsi_transport_spi ahci mptscsih drm psmouse vmxnet3 libahci mptbase pata_acpi [ 42.312766] CPU: 10 PID: 1527 Comm: rmmod Not tainted 4.12.0+ #5 [ 42.312803] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/30/2016 [ 42.313042] task: ffff9bf9680f8000 task.stack: ffffbfefc1638000 [ 42.313290] RIP: 0010:__free_pages+0x38/0x40 [ 42.313510] RSP: 0018:ffffbfefc163be98 EFLAGS: 00010246 [ 42.313731] RAX: 000000000000003e RBX: ffffffffc02b9720 RCX: 0000000000000006 [ 42.313972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9bf97e08e0a0 [ 42.314201] RBP: ffffbfefc163be98 R08: 0000000000000000 R09: 0000000000000000 [ 42.314435] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffc02b97e4 [ 42.314505] R13: ffffffffc02b9748 R14: ffffffffc02b9728 R15: 0000000000000200 [ 42.314550] FS: 00007f3af5fec700(0000) GS:ffff9bf97e080000(0000) knlGS:0000000000000000 [ 42.314599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.314635] CR2: 00007f44f6f4ab24 CR3: 00000003a7d12000 CR4: 00000000000006e0 [ 42.314864] Call Trace: [ 42.315774] vmballoon_pop+0x102/0x130 [vmw_balloon] [ 42.315816] vmballoon_exit+0x42/0xd64 [vmw_balloon] [ 42.315853] SyS_delete_module+0x1e2/0x250 [ 42.315891] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 42.315924] RIP: 0033:0x7f3af5b0e8e7 [ 42.315949] RSP: 002b:00007fffe6ce0148 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 42.315996] RAX: ffffffffffffffda RBX: 000055be676401e0 RCX: 00007f3af5b0e8e7 [ 42.316951] RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055be67640248 [ 42.317887] RBP: 0000000000000003 R08: 0000000000000000 R09: 1999999999999999 [ 42.318845] R10: 0000000000000883 R11: 0000000000000206 R12: 00007fffe6cdf130 [ 42.319755] R13: 0000000000000000 R14: 0000000000000000 R15: 000055be676401e0 [ 42.320606] Code: c0 74 1c f0 ff 4f 1c 74 02 5d c3 85 f6 74 07 e8 0f d8 ff ff 5d c3 31 f6 e8 c6 fb ff ff 5d c3 48 c7 c6 c8 0f c5 ba e8 58 be 02 00 <0f> 0b 66 0f 1f 44 00 00 66 66 66 66 90 48 85 ff 75 01 c3 55 48 [ 42.323462] RIP: __free_pages+0x38/0x40 RSP: ffffbfefc163be98 [ 42.325735] ---[ end trace 872e008e33f81508 ]--- To solve the bug, we eliminate the dual purpose of balloon.page. Fixes: 220a80f0c2e7 ("VMware balloon: add batching to the vmw_balloon.") Cc: stable(a)vger.kernel.org Reported-by: Oleksandr Natalenko <onatalen(a)redhat.com> Signed-off-by: Gil Kupfer <gilkup(a)gmail.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> --- drivers/misc/vmw_balloon.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 9047c0a529b2..efd733472a35 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -576,15 +576,9 @@ static void vmballoon_pop(struct vmballoon *b) } } - if (b->batch_page) { - vunmap(b->batch_page); - b->batch_page = NULL; - } - - if (b->page) { - __free_page(b->page); - b->page = NULL; - } + /* Clearing the batch_page unconditionally has no adverse effect */ + free_page((unsigned long)b->batch_page); + b->batch_page = NULL; } /* @@ -991,16 +985,13 @@ static const struct vmballoon_ops vmballoon_batched_ops = { static bool vmballoon_init_batching(struct vmballoon *b) { - b->page = alloc_page(VMW_PAGE_ALLOC_NOSLEEP); - if (!b->page) - return false; + struct page *page; - b->batch_page = vmap(&b->page, 1, VM_MAP, PAGE_KERNEL); - if (!b->batch_page) { - __free_page(b->page); + page = alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!page) return false; - } + b->batch_page = page_address(page); return true; } -- 2.14.1

6 years, 4 months

3
18
0 0

Re: [PATCH V3 2/2] scsi: hpsa: drop shutdown callback

by okaya＠codeaurora.org

On 2018-05-30 15:25, Don Brace wrote: >> -----Original Message----- >> From: Ryan Finnie [mailto:ryan@finnie.org] >> Sent: Tuesday, May 29, 2018 8:50 PM >> To: Sinan Kaya <okaya(a)codeaurora.org>; linux-pci(a)vger.kernel.org; >> timur(a)codeaurora.org >> Cc: linux-arm-msm(a)vger.kernel.org; >> linux-arm-kernel(a)lists.infradead.org; >> stable(a)vger.kernel.org; Don Brace <don.brace(a)microsemi.com>; James >> E.J. >> Bottomley <jejb(a)linux.vnet.ibm.com>; Martin K. Petersen >> <martin.petersen(a)oracle.com>; esc.storagedev >> <esc.storagedev(a)microsemi.com>; open list:HEWLETT-PACKARD SMART ARRAY >> RAID DRIVER (hpsa) <linux-scsi(a)vger.kernel.org>; open list <linux- >> kernel(a)vger.kernel.org> >> Subject: Re: [PATCH V3 2/2] scsi: hpsa: drop shutdown callback >> >> EXTERNAL EMAIL >> >> >> On 05/28/2018 02:21 PM, Sinan Kaya wrote: >> > 'Commit cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during >> > shutdown")' has been added to kernel to shutdown pending PCIe port >> > service interrupts during reboot so that a newly started kexec kernel >> > wouldn't observe pending interrupts. >> > >> > pcie_port_device_remove() is disabling the root port and switches by >> > calling pci_disable_device() after all PCIe service drivers are shutdown. >> > >> > This has been found to cause crashes on HP DL360 Gen9 machines during >> > reboot due to hpsa driver not clearing the bus master bit during the >> > shutdown procedure by calling pci_disable_device(). >> > >> > Drop the shutdown API and do an orderly clean up by using the remove. >> > >> > Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> >> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=199779 >> > Fixes: cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown") >> > Cc: stable(a)vger.kernel.org >> > Reported-by: Ryan Finnie <ryan(a)finnie.org> >> >> Tested successfully on DL360 Gen9 and DL380 Gen9. >> >> Tested-by: Ryan Finnie <ryan(a)finnie.org> > > The shutdown path issues a cache flush to the controller. > Without this flush, you will see "Dirty Cache" messages at POST. > It is best to keep the shutdown path. > I have seen that shutdown() is also called from remove(). remove() is supposed to do a safe cleanup too. If it is leaving the hw in inconsistent state even though it is c lling shutdown , it is yet another bug. > Thanks, > Don Brace > ESC - Smart Storage > Microsemi Corporation

6 years, 4 months

2
1
0 0

[PATCH v3 1/2] cpufreq: ti-cpufreq: Fix an incorrect error return value

by Suman Anna

Commit 05829d9431df ("cpufreq: ti-cpufreq: kfree opp_data when failure") has fixed a memory leak in the failure path, however the patch returned a positive value on get_cpu_device() failure instead of the previous negative value. Fix this incorrect error return value properly. Fixes: 05829d9431df ("cpufreq: ti-cpufreq: kfree opp_data when failure") Cc: Zumeng Chen <zumeng.chen(a)gmail.com> Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Suman Anna <s-anna(a)ti.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> --- drivers/cpufreq/ti-cpufreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cpufreq/ti-cpufreq.c b/drivers/cpufreq/ti-cpufreq.c index 6ba709b6f095..896caba5dfe5 100644 --- a/drivers/cpufreq/ti-cpufreq.c +++ b/drivers/cpufreq/ti-cpufreq.c @@ -226,7 +226,7 @@ static int ti_cpufreq_probe(struct platform_device *pdev) opp_data->cpu_dev = get_cpu_device(0); if (!opp_data->cpu_dev) { pr_err("%s: Failed to get device for CPU0\n", __func__); - ret = ENODEV; + ret = -ENODEV; goto free_opp_data; } -- 2.17.0

6 years, 4 months

1
0
0 0

[PATCH] MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs

by Maciej W. Rozycki

Use 64-bit accesses for 64-bit floating-point general registers with PTRACE_PEEKUSR, removing the truncation of their upper halves in the FR=1 mode, caused by commit bbd426f542cb ("MIPS: Simplify FP context access"), which inadvertently switched them to using 32-bit accesses. The PTRACE_POKEUSR side is fine as it's never been broken and continues using 64-bit accesses. Cc: <stable(a)vger.kernel.org> # 3.19+ Fixes: bbd426f542cb ("MIPS: Simplify FP context access") Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> --- Hi, Here's another one, spotted in the course of GDB PR gdb/22286 regression testing with the n64 ABI. Please apply. Maciej --- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) linux-mips-ptrace-peekusr-fp64.diff Index: linux/arch/mips/kernel/ptrace.c =================================================================== --- linux.orig/arch/mips/kernel/ptrace.c 2018-05-15 17:44:25.000000000 +0100 +++ linux/arch/mips/kernel/ptrace.c 2018-05-16 11:22:00.714605000 +0100 @@ -1070,7 +1070,7 @@ long arch_ptrace(struct task_struct *chi break; } #endif - tmp = get_fpr32(&fregs[addr - FPR_BASE], 0); + tmp = get_fpr64(&fregs[addr - FPR_BASE], 0); break; case PC: tmp = regs->cp0_epc; Index: linux/arch/mips/kernel/ptrace32.c =================================================================== --- linux.orig/arch/mips/kernel/ptrace32.c 2018-05-15 17:45:16.000000000 +0100 +++ linux/arch/mips/kernel/ptrace32.c 2018-05-16 11:22:16.313698000 +0100 @@ -109,7 +109,7 @@ long compat_arch_ptrace(struct task_stru addr & 1); break; } - tmp = get_fpr32(&fregs[addr - FPR_BASE], 0); + tmp = get_fpr64(&fregs[addr - FPR_BASE], 0); break; case PC: tmp = regs->cp0_epc;

6 years, 4 months

3
4
0 0

[PATCH] MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests

by Maciej W. Rozycki

Having PR_FP_MODE_FRE (i.e. Config5.FRE) set without PR_FP_MODE_FR (i.e. Status.FR) is not supported as the lone purpose of Config5.FRE is to emulate Status.FR=0 handling on FPU hardware that has Status.FR=1 hardwired[1][2]. Also we do not handle this case elsewhere, and assume throughout our code that TIF_HYBRID_FPREGS and TIF_32BIT_FPREGS cannot be set both at once for a task, leading to inconsistent behaviour if this does happen. Return unsuccessfully then from prctl(2) PR_SET_FP_MODE calls requesting PR_FP_MODE_FRE to be set with PR_FP_MODE_FR clear. This corresponds to modes allowed by `mips_set_personality_fp'. References: [1] "MIPS Architecture For Programmers, Vol. III: MIPS32 / microMIPS32 Privileged Resource Architecture", Imagination Technologies, Document Number: MD00090, Revision 6.02, July 10, 2015, Table 9.69 "Config5 Register Field Descriptions", p. 262 [2] "MIPS Architecture For Programmers, Volume III: MIPS64 / microMIPS64 Privileged Resource Architecture", Imagination Technologies, Document Number: MD00091, Revision 6.03, December 22, 2015, Table 9.72 "Config5 Register Field Descriptions", p. 288 Cc: stable(a)vger.kernel.org # 4.0+ Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> --- arch/mips/kernel/process.c | 4 ++++ 1 file changed, 4 insertions(+) linux-mips-set-process-fp-mode-fr-fre.diff Index: linux/arch/mips/kernel/process.c =================================================================== --- linux.orig/arch/mips/kernel/process.c 2018-05-12 22:52:11.000000000 +0100 +++ linux/arch/mips/kernel/process.c 2018-05-12 23:07:15.147112000 +0100 @@ -721,6 +721,10 @@ int mips_set_process_fp_mode(struct task if (value & ~known_bits) return -EOPNOTSUPP; + /* Setting FRE without FR is not supported. */ + if ((value & (PR_FP_MODE_FR | PR_FP_MODE_FRE)) == PR_FP_MODE_FRE) + return -EOPNOTSUPP; + /* Avoid inadvertently triggering emulation */ if ((value & PR_FP_MODE_FR) && raw_cpu_has_fpu && !(raw_current_cpu_data.fpu_id & MIPS_FPIR_F64))

6 years, 4 months

3
3
0 0

[PATCH 03/18] drm/amd/display: Make atomic-check validate underscan changes

by Harry Wentland

From: David Francis <David.Francis(a)amd.com> When the underscan state was changed, atomic-check was triggering a validation but passing the old underscan values. This change adds a somewhat hacky check in dm_update_crtcs_state that will update the stream if old and newunderscan values are different. This was causing 4k on Fiji to allow underscan when it wasn't permitted. Signed-off-by: David Francis <David.Francis(a)amd.com> Reviewed-by: David Francis <David.Francis(a)amd.com> Acked-by: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 26 +++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 07f4793a945f..e7ecddf359da 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4679,8 +4679,8 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, new_crtc_state, i) { struct amdgpu_crtc *acrtc = NULL; struct amdgpu_dm_connector *aconnector = NULL; - struct drm_connector_state *new_con_state = NULL; - struct dm_connector_state *dm_conn_state = NULL; + struct drm_connector_state *drm_new_conn_state = NULL, *drm_old_conn_state = NULL; + struct dm_connector_state *dm_new_conn_state = NULL, *dm_old_conn_state = NULL; struct drm_plane_state *new_plane_state = NULL; new_stream = NULL; @@ -4701,19 +4701,24 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, /* TODO This hack should go away */ if (aconnector && enable) { // Make sure fake sink is created in plug-in scenario - new_con_state = drm_atomic_get_connector_state(state, + drm_new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base); + drm_old_conn_state = drm_atomic_get_old_connector_state(state, + &aconnector->base); + - if (IS_ERR(new_con_state)) { - ret = PTR_ERR_OR_ZERO(new_con_state); + + if (IS_ERR(drm_new_conn_state)) { + ret = PTR_ERR_OR_ZERO(drm_new_conn_state); break; } - dm_conn_state = to_dm_connector_state(new_con_state); + dm_new_conn_state = to_dm_connector_state(drm_new_conn_state); + dm_old_conn_state = to_dm_connector_state(drm_old_conn_state); new_stream = create_stream_for_sink(aconnector, &new_crtc_state->mode, - dm_conn_state); + dm_new_conn_state); /* * we can have no stream on ACTION_SET if a display @@ -4729,7 +4734,7 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, } set_freesync_on_stream(dm, dm_new_crtc_state, - dm_conn_state, new_stream); + dm_new_conn_state, new_stream); if (dc_is_stream_unchanged(new_stream, dm_old_crtc_state->stream) && dc_is_stream_scaling_unchanged(new_stream, dm_old_crtc_state->stream)) { @@ -4837,6 +4842,11 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, */ BUG_ON(dm_new_crtc_state->stream == NULL); + /* Scaling or underscan settings */ + if (is_scaling_state_different(dm_old_conn_state, dm_new_conn_state)) + update_stream_scaling_settings( + &new_crtc_state->mode, dm_new_conn_state, dm_new_crtc_state->stream); + /* Color managment settings */ if (dm_new_crtc_state->base.color_mgmt_changed) { ret = amdgpu_dm_set_regamma_lut(dm_new_crtc_state); -- 2.17.0

6 years, 4 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2018