November 2019 - Linux-stable-mirror

[PATCH] KVM: X86: Dynamically allocating MSR number lists(msrs_to_save[], emulated_msrs[], msr_based_features[])

by Chenyi Qiang

The three msr number lists(msrs_to_save[], emulated_msrs[] and msr_based_features[]) are global arrays of kvm.ko, which are initialized/adjusted (copy supported MSRs forward to override the unsupported MSRs) when installing kvm-{intel,amd}.ko, but it doesn't reset these three arrays to their initial value when uninstalling kvm-{intel,amd}.ko. Thus, at the next installation, kvm-{intel,amd}.ko will initialize the modified arrays with some MSRs lost and some MSRs duplicated. So allocate and initialize these three MSR number lists dynamically when installing kvm-{intel,amd}.ko and free them when uninstalling. Cc: stable(a)vger.kernel.org Reviewed-by: Xiaoyao Li <xiaoyao.li(a)intel.com> Signed-off-by: Chenyi Qiang <chenyi.qiang(a)intel.com> --- arch/x86/kvm/x86.c | 86 ++++++++++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 29 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ff395f812719..08efcf6351cc 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1132,13 +1132,15 @@ EXPORT_SYMBOL_GPL(kvm_rdpmc); * List of msr numbers which we expose to userspace through KVM_GET_MSRS * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST. * - * This list is modified at module load time to reflect the + * The three msr number lists(msrs_to_save, emulated_msrs, msr_based_features) + * are allocated and initialized at module load time and freed at unload time. + * msrs_to_save is selected from the msrs_to_save_all to reflect the * capabilities of the host cpu. This capabilities test skips MSRs that are - * kvm-specific. Those are put in emulated_msrs; filtering of emulated_msrs + * kvm-specific. Those are put in emulated_msrs_all; filtering of emulated_msrs * may depend on host virtualization features rather than host cpu features. */ -static u32 msrs_to_save[] = { +const u32 msrs_to_save_all[] = { MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP, MSR_STAR, #ifdef CONFIG_X86_64 @@ -1179,9 +1181,10 @@ static u32 msrs_to_save[] = { MSR_ARCH_PERFMON_EVENTSEL0 + 16, MSR_ARCH_PERFMON_EVENTSEL0 + 17, }; +static u32 *msrs_to_save; static unsigned num_msrs_to_save; -static u32 emulated_msrs[] = { +const u32 emulated_msrs_all[] = { MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK, MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW, HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL, @@ -1220,7 +1223,7 @@ static u32 emulated_msrs[] = { * by arch/x86/kvm/vmx/nested.c based on CPUID or other MSRs. * We always support the "true" VMX control MSRs, even if the host * processor does not, so I am putting these registers here rather - * than in msrs_to_save. + * than in msrs_to_save_all. */ MSR_IA32_VMX_BASIC, MSR_IA32_VMX_TRUE_PINBASED_CTLS, @@ -1239,13 +1242,14 @@ static u32 emulated_msrs[] = { MSR_KVM_POLL_CONTROL, }; +static u32 *emulated_msrs; static unsigned num_emulated_msrs; /* * List of msr numbers which are used to expose MSR-based features that * can be used by a hypervisor to validate requested CPU features. */ -static u32 msr_based_features[] = { +const u32 msr_based_features_all[] = { MSR_IA32_VMX_BASIC, MSR_IA32_VMX_TRUE_PINBASED_CTLS, MSR_IA32_VMX_PINBASED_CTLS, @@ -1270,6 +1274,7 @@ static u32 msr_based_features[] = { MSR_IA32_ARCH_CAPABILITIES, }; +static u32 *msr_based_features; static unsigned int num_msr_based_features; static u64 kvm_get_arch_capabilities(void) @@ -3311,11 +3316,11 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; - if (copy_to_user(user_msr_list->indices, &msrs_to_save, + if (copy_to_user(user_msr_list->indices, msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; if (copy_to_user(user_msr_list->indices + num_msrs_to_save, - &emulated_msrs, + emulated_msrs, num_emulated_msrs * sizeof(u32))) goto out; r = 0; @@ -3364,7 +3369,7 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; - if (copy_to_user(user_msr_list->indices, &msr_based_features, + if (copy_to_user(user_msr_list->indices, msr_based_features, num_msr_based_features * sizeof(u32))) goto out; r = 0; @@ -5086,26 +5091,41 @@ long kvm_arch_vm_ioctl(struct file *filp, return r; } -static void kvm_init_msr_list(void) +static int kvm_init_msr_list(void) { struct x86_pmu_capability x86_pmu; u32 dummy[2]; unsigned i, j; BUILD_BUG_ON_MSG(INTEL_PMC_MAX_FIXED != 4, - "Please update the fixed PMCs in msrs_to_save[]"); + "Please update the fixed PMCs in msrs_to_saved_all[]"); perf_get_x86_pmu_capability(&x86_pmu); - for (i = j = 0; i < ARRAY_SIZE(msrs_to_save); i++) { - if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0) + msrs_to_save = kmalloc(sizeof(msrs_to_save_all), + GFP_KERNEL_ACCOUNT); + if (!msrs_to_save) + return -ENOMEM; + + emulated_msrs = kmalloc(sizeof(emulated_msrs_all), + GFP_KERNEL_ACCOUNT); + if (!emulated_msrs) + goto free_msrs_to_save; + + msr_based_features = kmalloc(sizeof(msr_based_features_all), + GFP_KERNEL_ACCOUNT); + if (!msr_based_features) + goto free_emulated_msrs; + + for (i = j = 0; i < ARRAY_SIZE(msrs_to_save_all); i++) { + if (rdmsr_safe(msrs_to_save_all[i], &dummy[0], &dummy[1]) < 0) continue; /* * Even MSRs that are valid in the host may not be exposed * to the guests in some cases. */ - switch (msrs_to_save[i]) { + switch (msrs_to_save_all[i]) { case MSR_IA32_BNDCFGS: if (!kvm_mpx_supported()) continue; @@ -5133,17 +5153,17 @@ static void kvm_init_msr_list(void) break; case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: { if (!kvm_x86_ops->pt_supported() || - msrs_to_save[i] - MSR_IA32_RTIT_ADDR0_A >= + msrs_to_save_all[i] - MSR_IA32_RTIT_ADDR0_A >= intel_pt_validate_hw_cap(PT_CAP_num_address_ranges) * 2) continue; break; case MSR_ARCH_PERFMON_PERFCTR0 ... MSR_ARCH_PERFMON_PERFCTR0 + 17: - if (msrs_to_save[i] - MSR_ARCH_PERFMON_PERFCTR0 >= + if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_PERFCTR0 >= min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp)) continue; break; case MSR_ARCH_PERFMON_EVENTSEL0 ... MSR_ARCH_PERFMON_EVENTSEL0 + 17: - if (msrs_to_save[i] - MSR_ARCH_PERFMON_EVENTSEL0 >= + if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_EVENTSEL0 >= min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp)) continue; } @@ -5151,34 +5171,40 @@ static void kvm_init_msr_list(void) break; } - if (j < i) - msrs_to_save[j] = msrs_to_save[i]; + if (j <= i) + msrs_to_save[j] = msrs_to_save_all[i]; j++; } num_msrs_to_save = j; - for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) { - if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i])) + for (i = j = 0; i < ARRAY_SIZE(emulated_msrs_all); i++) { + if (!kvm_x86_ops->has_emulated_msr(emulated_msrs_all[i])) continue; - if (j < i) - emulated_msrs[j] = emulated_msrs[i]; + if (j <= i) + emulated_msrs[j] = emulated_msrs_all[i]; j++; } num_emulated_msrs = j; - for (i = j = 0; i < ARRAY_SIZE(msr_based_features); i++) { + for (i = j = 0; i < ARRAY_SIZE(msr_based_features_all); i++) { struct kvm_msr_entry msr; - msr.index = msr_based_features[i]; + msr.index = msr_based_features_all[i]; if (kvm_get_msr_feature(&msr)) continue; - if (j < i) - msr_based_features[j] = msr_based_features[i]; + if (j <= i) + msr_based_features[j] = msr_based_features_all[i]; j++; } num_msr_based_features = j; + return 0; +free_emulated_msrs: + kfree(emulated_msrs); +free_msrs_to_save: + kfree(msrs_to_save); + return -ENOMEM; } static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len, @@ -9294,12 +9320,14 @@ int kvm_arch_hardware_setup(void) kvm_default_tsc_scaling_ratio = 1ULL << kvm_tsc_scaling_ratio_frac_bits; } - kvm_init_msr_list(); - return 0; + return kvm_init_msr_list(); } void kvm_arch_hardware_unsetup(void) { + kfree(msr_based_features); + kfree(emulated_msrs); + kfree(msrs_to_save); kvm_x86_ops->hardware_unsetup(); } -- 2.17.1

5 years, 2 months

4
7
0 0

[PATCH 4.14 00/95] 4.14.152-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.152 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.152-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.152-rc1 Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix mutex deadlock at releasing card Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Simplify error path in snd_timer_open() Vratislav Bendel <vbendel(a)redhat.com> xfs: Correctly invert xfs_buftarg LRU isolation logic Xin Long <lucien.xin(a)gmail.com> sctp: not bind the socket in sctp_connect Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that flags are ignored when using kernel_connect Eric Dumazet <edumazet(a)google.com> sch_netem: fix rcu splat in netem_enqueue() Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: usb: sr9800: fix uninitialized local variable Eric Dumazet <edumazet(a)google.com> bonding: fix potential NULL deref in bond_update_slave_arr Johan Hovold <johan(a)kernel.org> NFC: pn533: fix use-after-free and memleaks David Howells <dhowells(a)redhat.com> rxrpc: Fix call ref leak Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_conn_service() Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_sap_state_process() Tony Lindgren <tony(a)atomide.com> dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle Laura Abbott <labbott(a)redhat.com> rtlwifi: Fix potential overflow on P2P code Catalin Marinas <catalin.marinas(a)arm.com> arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/idle: fix cpu idle time calculation Yihui ZENG <yzeng56(a)asu.edu> s390/cmm: fix information leak in cmm_timeout_handler() Markus Theil <markus.theil(a)tu-ilmenau.de> nl80211: fix validation of mesh path nexthop Michał Mirosław <mirq-linux(a)rere.qmqm.pl> HID: fix error message in hid_open_report() Alan Stern <stern(a)rowland.harvard.edu> HID: Fix assumption that devices have inputs Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: add Trekstor Primebook C11B to descriptor override Bart Van Assche <bvanassche(a)acm.org> scsi: target: cxgbit: Fix cxgbit_fw4_ack() Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix line-speed endianness Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix potential slab corruption Johan Hovold <johan(a)kernel.org> USB: ldusb: fix control-message timeout Johan Hovold <johan(a)kernel.org> USB: ldusb: fix ring-buffer locking Alan Stern <stern(a)rowland.harvard.edu> usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: Reject endpoints with 0 maxpacket value Alan Stern <stern(a)rowland.harvard.edu> UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add support for ALC623 Aaron Ma <aaron.ma(a)canonical.com> ALSA: hda/realtek - Fix 2 front mics of codec 0x623 Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: Fix prototype of helper function to return negative value Miklos Szeredi <mszeredi(a)redhat.com> fuse: truncate pending writes on O_TRUNC Miklos Szeredi <mszeredi(a)redhat.com> fuse: flush dirty data/metadata before non-truncate setattr Hui Peng <benquike(a)gmail.com> ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use 32-bit writes when writing ring producer/consumer Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: check cops->tcf_block in tc_bind_tclass() Dan Carpenter <dan.carpenter(a)oracle.com> USB: legousbtower: fix a signedness bug in tower_probe() Mike Christie <mchristi(a)redhat.com> nbd: verify socket is supported during setup Petr Mladek <pmladek(a)suse.com> tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Christian Borntraeger <borntraeger(a)de.ibm.com> s390/uaccess: avoid (false positive) compiler warnings Chuck Lever <chuck.lever(a)oracle.com> NFSv4: Fix leak of clp->cl_acceptor string Xiubo Li <xiubli(a)redhat.com> nbd: fix possible sysfs duplicate warning Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: fw: sni: Fix out of bounds init of o32 stack Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: include: Mark __xchg as __always_inline Tom Lendacky <thomas.lendacky(a)amd.com> perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp Frederic Weisbecker <frederic(a)kernel.org> sched/vtime: Fix guest/system mis-accounting on task switch Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Jia Guo <guojia12(a)huawei.com> ocfs2: clear zero in unaligned direct IO Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/xen: Return from panic notifier Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: include: Mark __cmpxchg as __always_inline Dave Young <dyoung(a)redhat.com> efi/x86: Do not clean dummy variable in kexec path Lukas Wunner <lukas(a)wunner.de> efi/cper: Fix endianness of PCIe class code Adam Ford <aford173(a)gmail.com> serial: mctrl_gpio: Check for NULL pointer Austin Kim <austindh.kim(a)gmail.com> fs: cifs: mute -Wunused-const-variable message Thierry Reding <treding(a)nvidia.com> gpio: max77620: Use correct unit for debounce times Randy Dunlap <rdunlap(a)infradead.org> tty: n_hdlc: fix build on SPARC Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' James Morse <james.morse(a)arm.com> arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 ZhangXiaoxu <zhangxiaoxu5(a)huawei.com> nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request Dexuan Cui <decui(a)microsoft.com> HID: hyperv: Use in-place iterator API in the channel callback Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a lock inversion issue Navid Emamdoost <navid.emamdoost(a)gmail.com> RDMA/hfi1: Prevent memory leak in sdma_init Connor Kuehl <connor.kuehl(a)canonical.com> staging: rtl8188eu: fix null dereference when kzalloc fails Andi Kleen <ak(a)linux.intel.com> perf jevents: Fix period for Intel fixed counters Steve MacLean <Steve.MacLean(a)microsoft.com> perf map: Fix overlapped map handling Ian Rogers <irogers(a)google.com> perf tests: Avoid raising SEGV using an obvious NULL dereference Ian Rogers <irogers(a)google.com> libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature Pascal Bouwmann <bouwmann(a)tau-tec.de> iio: fix center temperature of bmc150-accel-core Remi Pommarel <repk(a)triplefau.lt> iio: adc: meson_saradc: Fix memory allocation order Sven Van Asbroeck <thesven73(a)gmail.com> power: supply: max14656: fix potential use-after-free Sven Van Asbroeck <thesven73(a)gmail.com> PCI/PME: Fix possible use-after-free on remove Kees Cook <keescook(a)chromium.org> exec: load_script: Do not exec truncated interpreter path Lucas A. M. Magalhães <lucmaga(a)gmail.com> media: vimc: Remove unused but set variables Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume Nir Dotan <nird(a)mellanox.com> mlxsw: spectrum: Set LAG port collector only when active Sam Ravnborg <sam(a)ravnborg.org> rtc: pcf8523: set xtal load capacitance from DT Jan-Marek Glogowski <glogow(a)fbihome.de> usb: handle warm-reset port requests on hub resume NOGUCHI Hiroshi <drvlabo(a)gmail.com> HID: Add ASUS T100CHI keyboard dock battery quirks Brian Norris <briannorris(a)chromium.org> scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks Yi Wang <wang.yi59(a)zte.com.cn> clk: boston: unregister clks on failure in clk_boston_setup() Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: Add Odys Winbook 13 to descriptor override Kan Liang <kan.liang(a)linux.intel.com> x86/cpu: Add Atom Tremont (Jacobsville) Julian Sax <jsbc(a)gmx.de> HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override David Hildenbrand <david(a)redhat.com> powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() Phil Elwell <phil(a)raspberrypi.org> sc16is7xx: Fix for "Unexpected interrupt: 8" James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix a duplicate 0711 log message number. Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: flush quota blocks after turnning it off Kent Overstreet <kent.overstreet(a)gmail.com> dm: Use kzalloc for all structs with embedded biosets/mempools Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: rework COW throttling to fix deadlock Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: introduce account_start_copy() and account_end_copy() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: use mutex instead of rw_semaphore Sasha Levin <sashal(a)kernel.org> zram: fix race between backing_dev_show and backing_dev_store ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 4 + Makefile | 4 +- arch/arm64/include/asm/pgtable-prot.h | 15 +- arch/arm64/kernel/ftrace.c | 8 +- arch/mips/fw/sni/sniprom.c | 2 +- arch/mips/include/asm/cmpxchg.h | 9 +- arch/powerpc/platforms/powernv/memtrace.c | 4 +- arch/s390/include/asm/uaccess.h | 4 +- arch/s390/kernel/idle.c | 29 +++- arch/s390/mm/cmm.c | 12 +- arch/x86/events/amd/core.c | 30 ++-- arch/x86/include/asm/intel-family.h | 3 +- arch/x86/platform/efi/efi.c | 3 - arch/x86/xen/enlighten.c | 28 +++- drivers/block/nbd.c | 25 +++- drivers/block/zram/zram_drv.c | 5 +- drivers/clk/imgtec/clk-boston.c | 18 ++- drivers/dma/cppi41.c | 21 ++- drivers/firmware/efi/cper.c | 2 +- drivers/gpio/gpio-max77620.c | 6 +- drivers/hid/hid-axff.c | 11 +- drivers/hid/hid-core.c | 7 +- drivers/hid/hid-dr.c | 12 +- drivers/hid/hid-emsff.c | 12 +- drivers/hid/hid-gaff.c | 12 +- drivers/hid/hid-holtekff.c | 12 +- drivers/hid/hid-hyperv.c | 56 ++----- drivers/hid/hid-input.c | 3 + drivers/hid/hid-lg2ff.c | 12 +- drivers/hid/hid-lg3ff.c | 11 +- drivers/hid/hid-lg4ff.c | 11 +- drivers/hid/hid-lgff.c | 11 +- drivers/hid/hid-logitech-hidpp.c | 11 +- drivers/hid/hid-sony.c | 12 +- drivers/hid/hid-tmff.c | 12 +- drivers/hid/hid-zpff.c | 12 +- drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 35 +++++ drivers/iio/accel/bmc150-accel-core.c | 2 +- drivers/iio/adc/meson_saradc.c | 10 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/hfi1/sdma.c | 5 +- drivers/md/dm-bio-prison-v1.c | 2 +- drivers/md/dm-bio-prison-v2.c | 2 +- drivers/md/dm-io.c | 2 +- drivers/md/dm-kcopyd.c | 2 +- drivers/md/dm-region-hash.c | 2 +- drivers/md/dm-snap.c | 178 +++++++++++++++-------- drivers/md/dm-thin.c | 2 +- drivers/media/platform/vimc/vimc-sensor.c | 7 - drivers/net/bonding/bond_main.c | 2 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 62 +++++--- drivers/net/usb/sr9800.c | 2 +- drivers/net/wireless/ath/ath6kl/usb.c | 8 + drivers/net/wireless/realtek/rtlwifi/ps.c | 6 + drivers/nfc/pn533/usb.c | 9 +- drivers/pci/pcie/pme.c | 1 + drivers/power/supply/max14656_charger_detector.c | 17 ++- drivers/rtc/rtc-pcf8523.c | 28 +++- drivers/scsi/lpfc/lpfc_scsi.c | 2 +- drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 +- drivers/target/iscsi/cxgbit/cxgbit_cm.c | 3 +- drivers/thunderbolt/nhi.c | 22 ++- drivers/tty/n_hdlc.c | 5 + drivers/tty/serial/owl-uart.c | 2 +- drivers/tty/serial/sc16is7xx.c | 28 ++++ drivers/tty/serial/serial_mctrl_gpio.c | 3 + drivers/usb/core/hub.c | 7 + drivers/usb/gadget/udc/core.c | 11 ++ drivers/usb/misc/ldusb.c | 6 +- drivers/usb/misc/legousbtower.c | 2 +- drivers/usb/serial/whiteheat.c | 13 +- drivers/usb/serial/whiteheat.h | 2 +- drivers/usb/storage/scsiglue.c | 10 -- drivers/usb/storage/uas.c | 20 --- fs/binfmt_script.c | 57 ++++++-- fs/cifs/netmisc.c | 4 - fs/f2fs/super.c | 6 + fs/fuse/dir.c | 13 ++ fs/fuse/file.c | 10 +- fs/nfs/nfs4proc.c | 1 + fs/nfs/write.c | 5 +- fs/ocfs2/aops.c | 25 +++- fs/ocfs2/ioctl.c | 2 +- fs/ocfs2/xattr.c | 56 +++---- fs/xfs/xfs_buf.c | 2 +- include/net/llc_conn.h | 2 +- include/net/sch_generic.h | 5 + include/net/sctp/sctp.h | 2 + kernel/sched/cputime.c | 6 +- kernel/trace/trace.c | 1 + net/llc/llc_c_ac.c | 8 +- net/llc/llc_conn.c | 32 ++-- net/llc/llc_s_ac.c | 12 +- net/llc/llc_sap.c | 23 +-- net/rxrpc/sendmsg.c | 1 + net/sched/sch_api.c | 2 + net/sched/sch_netem.c | 2 +- net/sctp/ipv6.c | 2 +- net/sctp/protocol.c | 2 +- net/sctp/socket.c | 55 +++---- net/wireless/nl80211.c | 3 +- scripts/setlocalversion | 12 +- sound/core/timer.c | 63 ++++---- sound/firewire/bebob/bebob_stream.c | 3 +- sound/pci/hda/patch_realtek.c | 15 +- tools/lib/subcmd/Makefile | 8 +- tools/perf/pmu-events/jevents.c | 12 +- tools/perf/tests/perf-hooks.c | 3 +- tools/perf/util/map.c | 3 + 109 files changed, 959 insertions(+), 477 deletions(-)

5 years, 2 months

7
101
0 0

[PATCH 4.4 00/46] 4.4.199-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.199 release. There are 46 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.199-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.199-rc1 Vratislav Bendel <vbendel(a)redhat.com> xfs: Correctly invert xfs_buftarg LRU isolation logic Xin Long <lucien.xin(a)gmail.com> sctp: not bind the socket in sctp_connect Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that flags are ignored when using kernel_connect Eric Dumazet <edumazet(a)google.com> sch_netem: fix rcu splat in netem_enqueue() Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: usb: sr9800: fix uninitialized local variable Eric Dumazet <edumazet(a)google.com> bonding: fix potential NULL deref in bond_update_slave_arr Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_conn_service() Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_sap_state_process() Laura Abbott <labbott(a)redhat.com> rtlwifi: Fix potential overflow on P2P code Yihui ZENG <yzeng56(a)asu.edu> s390/cmm: fix information leak in cmm_timeout_handler() Markus Theil <markus.theil(a)tu-ilmenau.de> nl80211: fix validation of mesh path nexthop Michał Mirosław <mirq-linux(a)rere.qmqm.pl> HID: fix error message in hid_open_report() Alan Stern <stern(a)rowland.harvard.edu> HID: Fix assumption that devices have inputs Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix line-speed endianness Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix potential slab corruption Johan Hovold <johan(a)kernel.org> USB: ldusb: fix control-message timeout Johan Hovold <johan(a)kernel.org> USB: ldusb: fix ring-buffer locking Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: Reject endpoints with 0 maxpacket value Alan Stern <stern(a)rowland.harvard.edu> UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: Fix prototype of helper function to return negative value Miklos Szeredi <mszeredi(a)redhat.com> fuse: truncate pending writes on O_TRUNC Miklos Szeredi <mszeredi(a)redhat.com> fuse: flush dirty data/metadata before non-truncate setattr Hui Peng <benquike(a)gmail.com> ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use 32-bit writes when writing ring producer/consumer Dan Carpenter <dan.carpenter(a)oracle.com> USB: legousbtower: fix a signedness bug in tower_probe() Petr Mladek <pmladek(a)suse.com> tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Chuck Lever <chuck.lever(a)oracle.com> NFSv4: Fix leak of clp->cl_acceptor string Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: fw: sni: Fix out of bounds init of o32 stack Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Dave Young <dyoung(a)redhat.com> efi/x86: Do not clean dummy variable in kexec path Lukas Wunner <lukas(a)wunner.de> efi/cper: Fix endianness of PCIe class code Adam Ford <aford173(a)gmail.com> serial: mctrl_gpio: Check for NULL pointer Austin Kim <austindh.kim(a)gmail.com> fs: cifs: mute -Wunused-const-variable message Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a lock inversion issue Steve MacLean <Steve.MacLean(a)microsoft.com> perf map: Fix overlapped map handling Pascal Bouwmann <bouwmann(a)tau-tec.de> iio: fix center temperature of bmc150-accel-core Kees Cook <keescook(a)chromium.org> exec: load_script: Do not exec truncated interpreter path Jan-Marek Glogowski <glogow(a)fbihome.de> usb: handle warm-reset port requests on hub resume Brian Norris <briannorris(a)chromium.org> scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks Kan Liang <kan.liang(a)linux.intel.com> x86/cpu: Add Atom Tremont (Jacobsville) Phil Elwell <phil(a)raspberrypi.org> sc16is7xx: Fix for "Unexpected interrupt: 8" Kent Overstreet <kent.overstreet(a)gmail.com> dm: Use kzalloc for all structs with embedded biosets/mempools Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: rework COW throttling to fix deadlock Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: introduce account_start_copy() and account_end_copy() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: use mutex instead of rw_semaphore ------------- Diffstat: Makefile | 4 +- arch/mips/fw/sni/sniprom.c | 2 +- arch/s390/mm/cmm.c | 12 +- arch/x86/include/asm/intel-family.h | 3 +- arch/x86/platform/efi/efi.c | 3 - drivers/firmware/efi/cper.c | 2 +- drivers/hid/hid-axff.c | 11 +- drivers/hid/hid-core.c | 7 +- drivers/hid/hid-dr.c | 12 +- drivers/hid/hid-emsff.c | 12 +- drivers/hid/hid-gaff.c | 12 +- drivers/hid/hid-holtekff.c | 12 +- drivers/hid/hid-lg2ff.c | 12 +- drivers/hid/hid-lg3ff.c | 11 +- drivers/hid/hid-lg4ff.c | 11 +- drivers/hid/hid-lgff.c | 11 +- drivers/hid/hid-sony.c | 12 +- drivers/hid/hid-tmff.c | 12 +- drivers/hid/hid-zpff.c | 12 +- drivers/iio/accel/bmc150-accel-core.c | 2 +- drivers/infiniband/core/cma.c | 3 +- drivers/md/dm-bio-prison.c | 2 +- drivers/md/dm-io.c | 2 +- drivers/md/dm-kcopyd.c | 2 +- drivers/md/dm-region-hash.c | 2 +- drivers/md/dm-snap.c | 178 ++++++++++++++++++++---------- drivers/md/dm-thin.c | 2 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/usb/sr9800.c | 2 +- drivers/net/wireless/ath/ath6kl/usb.c | 8 ++ drivers/net/wireless/realtek/rtlwifi/ps.c | 6 + drivers/thunderbolt/nhi.c | 22 +++- drivers/tty/serial/sc16is7xx.c | 28 +++++ drivers/tty/serial/serial_mctrl_gpio.c | 3 + drivers/usb/core/hub.c | 7 ++ drivers/usb/misc/ldusb.c | 6 +- drivers/usb/misc/legousbtower.c | 2 +- drivers/usb/serial/whiteheat.c | 13 ++- drivers/usb/serial/whiteheat.h | 2 +- drivers/usb/storage/uas.c | 20 ---- fs/binfmt_script.c | 57 ++++++++-- fs/cifs/netmisc.c | 4 - fs/fuse/dir.c | 13 +++ fs/fuse/file.c | 10 +- fs/nfs/nfs4proc.c | 1 + fs/ocfs2/ioctl.c | 2 +- fs/ocfs2/xattr.c | 56 ++++------ fs/xfs/xfs_buf.c | 2 +- include/linux/usb/gadget.h | 10 ++ include/net/llc_conn.h | 2 +- include/net/sch_generic.h | 5 + include/net/sctp/sctp.h | 2 + kernel/trace/trace.c | 1 + net/llc/llc_c_ac.c | 8 +- net/llc/llc_conn.c | 32 ++---- net/llc/llc_s_ac.c | 12 +- net/llc/llc_sap.c | 23 ++-- net/sched/sch_netem.c | 2 +- net/sctp/ipv6.c | 2 +- net/sctp/protocol.c | 2 +- net/sctp/socket.c | 55 ++++----- net/wireless/nl80211.c | 3 +- scripts/setlocalversion | 12 +- sound/firewire/bebob/bebob_stream.c | 3 +- tools/perf/util/map.c | 3 + 65 files changed, 532 insertions(+), 277 deletions(-)

5 years, 2 months

6
51
0 0

[PATCH 06/25] ext4: Fix credit estimate for final inode freeing

by Jan Kara

Estimate for the number of credits needed for final freeing of inode in ext4_evict_inode() was to small. We may modify 4 blocks (inode & sb for orphan deletion, bitmap & group descriptor for inode freeing) and not just 3. Fixes: e50e5129f384 ("ext4: xattr-in-inode support") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ext4/inode.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 516faa280ced..81bc2fb23c40 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -196,7 +196,12 @@ void ext4_evict_inode(struct inode *inode) { handle_t *handle; int err; - int extra_credits = 3; + /* + * Credits for final inode cleanup and freeing: + * sb + inode (ext4_orphan_del()), block bitmap, group descriptor + * (xattr block freeing), bitmap, group descriptor (inode freeing) + */ + int extra_credits = 6; struct ext4_xattr_inode_array *ea_inode_array = NULL; trace_ext4_evict_inode(inode); @@ -252,8 +257,12 @@ void ext4_evict_inode(struct inode *inode) if (!IS_NOQUOTA(inode)) extra_credits += EXT4_MAXQUOTAS_DEL_BLOCKS(inode->i_sb); + /* + * Block bitmap, group descriptor, and inode are accounted in both + * ext4_blocks_for_truncate() and extra_credits. So subtract 3. + */ handle = ext4_journal_start(inode, EXT4_HT_TRUNCATE, - ext4_blocks_for_truncate(inode)+extra_credits); + ext4_blocks_for_truncate(inode) + extra_credits - 3); if (IS_ERR(handle)) { ext4_std_error(inode->i_sb, PTR_ERR(handle)); /* -- 2.16.4

5 years, 2 months

2
1
0 0

[PATCH] clone3: validate stack arguments

by Christian Brauner

Validate the stack arguments and setup the stack depening on whether or not it is growing down or up. Legacy clone() required userspace to know in which direction the stack is growing and pass down the stack pointer appropriately. To make things more confusing microblaze uses a variant of the clone() syscall selected by CONFIG_CLONE_BACKWARDS3 that takes an additional stack_size argument. IA64 has a separate clone2() syscall which also takes an additional stack_size argument. Finally, parisc has a stack that is growing upwards. Userspace therefore has a lot nasty code like the following: #define __STACK_SIZE (8 * 1024 * 1024) pid_t sys_clone(int (*fn)(void *), void *arg, int flags, int *pidfd) { pid_t ret; void *stack; stack = malloc(__STACK_SIZE); if (!stack) return -ENOMEM; #ifdef __ia64__ ret = __clone2(fn, stack, __STACK_SIZE, flags | SIGCHLD, arg, pidfd); #elif defined(__parisc__) /* stack grows up */ ret = clone(fn, stack, flags | SIGCHLD, arg, pidfd); #else ret = clone(fn, stack + __STACK_SIZE, flags | SIGCHLD, arg, pidfd); #endif return ret; } or even crazier variants such as [3]. With clone3() we have the ability to validate the stack. We can check that when stack_size is passed, the stack pointer is valid and the other way around. We can also check that the memory area userspace gave us is fine to use via access_ok(). Furthermore, we probably should not require userspace to know in which direction the stack is growing. It is easy for us to do this in the kernel and I couldn't find the original reasoning behind exposing this detail to userspace. /* Intentional user visible API change */ clone3() was released with 5.3. Currently, it is not documented and very unclear to userspace how the stack and stack_size argument have to be passed. After talking to glibc folks we concluded that trying to change clone3() to setup the stack instead of requiring userspace to do this is the right course of action. Note, that this is an explicit change in user visible behavior we introduce with this patch. If it breaks someone's use-case we will revert! (And then e.g. place the new behavior under an appropriate flag.) Breaking someone's use-case is very unlikely though. First, neither glibc nor musl currently expose a wrapper for clone3(). Second, there is no real motivation for anyone to use clone3() directly since it does not provide features that legacy clone doesn't. New features for clone3() will first happen in v5.5 which is why v5.4 is still a good time to try and make that change now and backport it to v5.3. Searches on [4] did not reveal any packages calling clone3(). [1]: https://lore.kernel.org/r/CAG48ez3q=BeNcuVTKBN79kJui4vC6nw0Bfq6xc-i0neheT17… [2]: https://lore.kernel.org/r/20191028172143.4vnnjpdljfnexaq5@wittgenstein [3]: https://github.com/systemd/systemd/blob/5238e9575906297608ff802a27e2ff9effa… [4]: https://codesearch.debian.net Fixes: 7f192e3cd316 ("fork: add clone3") Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Kees Cook <keescook(a)chromium.org> Cc: Jann Horn <jannh(a)google.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: linux-api(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # 5.3 Cc: GNU C Library <libc-alpha(a)sourceware.org> Signed-off-by: Christian Brauner <christian.brauner(a)ubuntu.com> --- include/uapi/linux/sched.h | 4 ++++ kernel/fork.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 99335e1f4a27..25b4fa00bad1 100644 --- a/include/uapi/linux/sched.h +++ b/include/uapi/linux/sched.h @@ -51,6 +51,10 @@ * sent when the child exits. * @stack: Specify the location of the stack for the * child process. + * Note, @stack is expected to point to the + * lowest address. The stack direction will be + * determined by the kernel and set up + * appropriately based on @stack_size. * @stack_size: The size of the stack for the child process. * @tls: If CLONE_SETTLS is set, the tls descriptor * is set to tls. diff --git a/kernel/fork.c b/kernel/fork.c index bcdf53125210..55af6931c6ec 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2561,7 +2561,35 @@ noinline static int copy_clone_args_from_user(struct kernel_clone_args *kargs, return 0; } -static bool clone3_args_valid(const struct kernel_clone_args *kargs) +/** + * clone3_stack_valid - check and prepare stack + * @kargs: kernel clone args + * + * Verify that the stack arguments userspace gave us are sane. + * In addition, set the stack direction for userspace since it's easy for us to + * determine. + */ +static inline bool clone3_stack_valid(struct kernel_clone_args *kargs) +{ + if (kargs->stack == 0) { + if (kargs->stack_size > 0) + return false; + } else { + if (kargs->stack_size == 0) + return false; + + if (!access_ok((void __user *)kargs->stack, kargs->stack_size)) + return false; + +#if !defined(CONFIG_STACK_GROWSUP) && !defined(CONFIG_IA64) + kargs->stack += kargs->stack_size; +#endif + } + + return true; +} + +static bool clone3_args_valid(struct kernel_clone_args *kargs) { /* * All lower bits of the flag word are taken. @@ -2581,6 +2609,9 @@ static bool clone3_args_valid(const struct kernel_clone_args *kargs) kargs->exit_signal) return false; + if (!clone3_stack_valid(kargs)) + return false; + return true; } -- 2.23.0

5 years, 2 months

7
11
0 0

[PATCH 3/3] perf tools: Fix time sorting

by Arnaldo Carvalho de Melo

From: Jiri Olsa <jolsa(a)kernel.org> The final sort might get confused when the comparison is done over bigger numbers than int like for -s time. Check the following report for longer workloads: $ perf report -s time -F time,overhead --stdio Fix hist_entry__sort() to properly return int64_t and not possible cut int. Fixes: 043ca389a318 ("perf tools: Use hpp formats to sort final output") Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Michael Petlan <mpetlan(a)redhat.com> Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org # v3.16+ Link: http://lore.kernel.org/lkml/20191104232711.16055-1-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> --- tools/perf/util/hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c index 679a1d75090c..7b6eaf5e0bda 100644 --- a/tools/perf/util/hist.c +++ b/tools/perf/util/hist.c @@ -1625,7 +1625,7 @@ int hists__collapse_resort(struct hists *hists, struct ui_progress *prog) return 0; } -static int hist_entry__sort(struct hist_entry *a, struct hist_entry *b) +static int64_t hist_entry__sort(struct hist_entry *a, struct hist_entry *b) { struct hists *hists = a->hists; struct perf_hpp_fmt *fmt; -- 2.21.0

5 years, 2 months

1
0
0 0

patch "mei: me: add comet point V device id" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: me: add comet point V device id to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 82b29b9f72afdccb40ea5f3c13c6a3cb65a597bc Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Tue, 5 Nov 2019 17:05:14 +0200 Subject: mei: me: add comet point V device id Comet Point (Comet Lake) V device id. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Link: https://lore.kernel.org/r/20191105150514.14010-2-tomas.winkler@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/misc/mei/hw-me-regs.h b/drivers/misc/mei/hw-me-regs.h index c09f8bb49495..b359f06f05e7 100644 --- a/drivers/misc/mei/hw-me-regs.h +++ b/drivers/misc/mei/hw-me-regs.h @@ -81,6 +81,7 @@ #define MEI_DEV_ID_CMP_LP 0x02e0 /* Comet Point LP */ #define MEI_DEV_ID_CMP_LP_3 0x02e4 /* Comet Point LP 3 (iTouch) */ +#define MEI_DEV_ID_CMP_V 0xA3BA /* Comet Point Lake V */ #define MEI_DEV_ID_ICP_LP 0x34E0 /* Ice Lake Point LP */ diff --git a/drivers/misc/mei/pci-me.c b/drivers/misc/mei/pci-me.c index 3dca63eddaa0..ce43415a536c 100644 --- a/drivers/misc/mei/pci-me.c +++ b/drivers/misc/mei/pci-me.c @@ -98,6 +98,7 @@ static const struct pci_device_id mei_me_pci_tbl[] = { {MEI_PCI_DEVICE(MEI_DEV_ID_CMP_LP, MEI_ME_PCH12_CFG)}, {MEI_PCI_DEVICE(MEI_DEV_ID_CMP_LP_3, MEI_ME_PCH8_CFG)}, + {MEI_PCI_DEVICE(MEI_DEV_ID_CMP_V, MEI_ME_PCH12_CFG)}, {MEI_PCI_DEVICE(MEI_DEV_ID_ICP_LP, MEI_ME_PCH12_CFG)}, -- 2.23.0

5 years, 2 months

1
0
0 0

patch "mei: bus: prefix device names on bus with the bus name" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: bus: prefix device names on bus with the bus name to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 7a2b9e6ec84588b0be65cc0ae45a65bac431496b Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Tue, 5 Nov 2019 17:05:13 +0200 Subject: mei: bus: prefix device names on bus with the bus name Add parent device name to the name of devices on bus to avoid device names collisions for same client UUID available from different MEI heads. Namely this prevents sysfs collision under /sys/bus/mei/device/ In the device part leave just UUID other parameters that are required for device matching are not required here and are just bloating the name. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Link: https://lore.kernel.org/r/20191105150514.14010-1-tomas.winkler@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/bus.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 985bd4fd3328..53bb394ccba6 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -873,15 +873,16 @@ static const struct device_type mei_cl_device_type = { /** * mei_cl_bus_set_name - set device name for me client device + * <controller>-<client device> + * Example: 0000:00:16.0-55213584-9a29-4916-badf-0fb7ed682aeb * * @cldev: me client device */ static inline void mei_cl_bus_set_name(struct mei_cl_device *cldev) { - dev_set_name(&cldev->dev, "mei:%s:%pUl:%02X", - cldev->name, - mei_me_cl_uuid(cldev->me_cl), - mei_me_cl_ver(cldev->me_cl)); + dev_set_name(&cldev->dev, "%s-%pUl", + dev_name(cldev->bus->dev), + mei_me_cl_uuid(cldev->me_cl)); } /** -- 2.23.0

5 years, 2 months

1
0
0 0

patch "tty: serial: fsl_lpuart: use the sg count from dma_map_sg" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: serial: fsl_lpuart: use the sg count from dma_map_sg to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 487ee861de176090b055eba5b252b56a3b9973d6 Mon Sep 17 00:00:00 2001 From: Peng Fan <peng.fan(a)nxp.com> Date: Tue, 5 Nov 2019 05:51:10 +0000 Subject: tty: serial: fsl_lpuart: use the sg count from dma_map_sg The dmaengine_prep_slave_sg needs to use sg count returned by dma_map_sg, not use sport->dma_tx_nents, because the return value of dma_map_sg is not always same with "nents". When enabling iommu for lpuart + edma, iommu framework may concatenate two sgs into one. Fixes: 6250cc30c4c4e ("tty: serial: fsl_lpuart: Use scatter/gather DMA for Tx") Cc: <stable(a)vger.kernel.org> Signed-off-by: Peng Fan <peng.fan(a)nxp.com> Link: https://lore.kernel.org/r/1572932977-17866-1-git-send-email-peng.fan@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/fsl_lpuart.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c index 22df5f8f48b6..4e128d19e0ad 100644 --- a/drivers/tty/serial/fsl_lpuart.c +++ b/drivers/tty/serial/fsl_lpuart.c @@ -437,8 +437,8 @@ static void lpuart_dma_tx(struct lpuart_port *sport) } sport->dma_tx_desc = dmaengine_prep_slave_sg(sport->dma_tx_chan, sgl, - sport->dma_tx_nents, - DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT); + ret, DMA_MEM_TO_DEV, + DMA_PREP_INTERRUPT); if (!sport->dma_tx_desc) { dma_unmap_sg(dev, sgl, sport->dma_tx_nents, DMA_TO_DEVICE); dev_err(dev, "Cannot prepare TX slave DMA!\n"); -- 2.23.0

5 years, 2 months

1
0
0 0

patch "staging: rtl8192e: fix potential use after free" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8192e: fix potential use after free to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From b7aa39a2ed0112d07fc277ebd24a08a7b2368ab9 Mon Sep 17 00:00:00 2001 From: Pan Bian <bianpan2016(a)163.com> Date: Tue, 5 Nov 2019 22:49:11 +0800 Subject: staging: rtl8192e: fix potential use after free The variable skb is released via kfree_skb() when the return value of _rtl92e_tx is not zero. However, after that, skb is accessed again to read its length, which may result in a use after free bug. This patch fixes the bug by moving the release operation to where skb is never used later. Signed-off-by: Pan Bian <bianpan2016(a)163.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/1572965351-6745-1-git-send-email-bianpan2016@163.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c index b08712a9c029..dace81a7d1ba 100644 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c @@ -1616,14 +1616,15 @@ static void _rtl92e_hard_data_xmit(struct sk_buff *skb, struct net_device *dev, memcpy((unsigned char *)(skb->cb), &dev, sizeof(dev)); skb_push(skb, priv->rtllib->tx_headroom); ret = _rtl92e_tx(dev, skb); - if (ret != 0) - kfree_skb(skb); if (queue_index != MGNT_QUEUE) { priv->rtllib->stats.tx_bytes += (skb->len - priv->rtllib->tx_headroom); priv->rtllib->stats.tx_packets++; } + + if (ret != 0) + kfree_skb(skb); } static int _rtl92e_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) -- 2.23.0

5 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2019