February 2019 - Linux-stable-mirror

by Guenter Roeck

Just in case it hasn't been reported yet: drivers/tty/serial/samsung.c: In function 's3c24xx_serial_set_termios': drivers/tty/serial/samsung.c:820:19: error: 'UPSTAT_AUTOCTS' undeclared Guenter

5 years, 10 months

2
1
0 0

[PATCH 1/2] chardev: fix an overlap misjudgement case in __register_chrdev_region()

by Chengguang Xu

Current overlap check of minor range cannot correctly handle a case which is baseminor < existing baseminor && baseminor + minorct > existing baseminor + minorct. Fix it and meanwhile do some code cleanups. Fixes: 01d553d0fe9f90 ("Chardev checking of overlapping ranges") Signed-off-by: Chengguang Xu <cgxu519(a)gmx.com> Cc: stable(a)vger.kernel.org --- fs/char_dev.c | 94 ++++++++++++++++++++++++--------------------------- 1 file changed, 44 insertions(+), 50 deletions(-) diff --git a/fs/char_dev.c b/fs/char_dev.c index a279c58fe360..b25b1da097d5 100644 --- a/fs/char_dev.c +++ b/fs/char_dev.c @@ -88,86 +88,80 @@ static int find_dynamic_major(void) /* * Register a single major with a specified minor range. * - * If major == 0 this functions will dynamically allocate a major and return - * its number. - * - * If major > 0 this function will attempt to reserve the passed range of - * minors and will return zero on success. + * If major == 0 this function will dynamically allocate an unused major, + * otherwise attempt to reserve the range of minors with given major. * - * Returns a -ve errno on failure. */ static struct char_device_struct * __register_chrdev_region(unsigned int major, unsigned int baseminor, int minorct, const char *name) { - struct char_device_struct *cd, **cp; - int ret = 0; + struct char_device_struct *new, *curr, *prev = NULL; + int ret = -EBUSY; int i; - cd = kzalloc(sizeof(struct char_device_struct), GFP_KERNEL); - if (cd == NULL) + if (major >= CHRDEV_MAJOR_MAX) { + pr_err("CHRDEV \"%s\" major requested (%u) is greater than the maximum (%u)\n", + name, major, CHRDEV_MAJOR_MAX-1); + return ERR_PTR(-EINVAL); + } + + if (minorct > MINORMASK + 1 - baseminor) { + pr_err("CHRDEV \"%s\" minor range requested (%u-%u) is out of range of maximum range (%u-%u) for a single major\n", + name, baseminor, baseminor + minorct - 1, 0, MINORMASK); + return ERR_PTR(-EINVAL); + } + + new = kzalloc(sizeof(struct char_device_struct), GFP_KERNEL); + if (new == NULL) return ERR_PTR(-ENOMEM); mutex_lock(&chrdevs_lock); if (major == 0) { - ret = find_dynamic_major(); - if (ret < 0) { + major = find_dynamic_major(); + if (major < 0) { pr_err("CHRDEV \"%s\" dynamic allocation region is full\n", name); goto out; } - major = ret; } - if (major >= CHRDEV_MAJOR_MAX) { - pr_err("CHRDEV \"%s\" major requested (%u) is greater than the maximum (%u)\n", - name, major, CHRDEV_MAJOR_MAX-1); - ret = -EINVAL; - goto out; - } - - cd->major = major; - cd->baseminor = baseminor; - cd->minorct = minorct; - strlcpy(cd->name, name, sizeof(cd->name)); - i = major_to_index(major); + for (curr = chrdevs[i]; curr; prev = curr, curr = curr->next) { + if (curr->major < major) + continue; - for (cp = &chrdevs[i]; *cp; cp = &(*cp)->next) - if ((*cp)->major > major || - ((*cp)->major == major && - (((*cp)->baseminor >= baseminor) || - ((*cp)->baseminor + (*cp)->minorct > baseminor)))) + if (curr->major > major) break; - /* Check for overlapping minor ranges. */ - if (*cp && (*cp)->major == major) { - int old_min = (*cp)->baseminor; - int old_max = (*cp)->baseminor + (*cp)->minorct - 1; - int new_min = baseminor; - int new_max = baseminor + minorct - 1; + if (curr->baseminor + curr->minorct <= baseminor) + continue; - /* New driver overlaps from the left. */ - if (new_max >= old_min && new_max <= old_max) { - ret = -EBUSY; - goto out; - } + if (curr->baseminor >= baseminor + minorct) + break; - /* New driver overlaps from the right. */ - if (new_min <= old_max && new_min >= old_min) { - ret = -EBUSY; - goto out; - } + goto out; + } + + new->major = major; + new->baseminor = baseminor; + new->minorct = minorct; + strlcpy(new->name, name, sizeof(new->name)); + + if (!prev) { + new->next = curr; + chrdevs[i] = new; + } else { + new->next = prev->next; + prev->next = new; } - cd->next = *cp; - *cp = cd; mutex_unlock(&chrdevs_lock); - return cd; + return new; out: mutex_unlock(&chrdevs_lock); - kfree(cd); + kfree(new); return ERR_PTR(ret); } -- 2.20.1

5 years, 10 months

3
7
0 0

[PATCH] x86/speculation: Add document to describe Spectre and its mitigations

by Tim Chen

Thomas, Andi and I have made an update to our draft of the Spectre admin guide. We may be out on Christmas vacation for a while. But we want to send it out for everyone to take a look. Thanks. Tim From: Andi Kleen <ak(a)linux.intel.com> There are no document in admin guides describing Spectre v1 and v2 side channels and their mitigations in Linux. Create a document to describe Spectre and the mitigation methods used in the kernel. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Tim Chen <tim.c.chen(a)linux.intel.com> --- Documentation/admin-guide/spectre.rst | 502 ++++++++++++++++++++++++++++++++++ 1 file changed, 502 insertions(+) create mode 100644 Documentation/admin-guide/spectre.rst diff --git a/Documentation/admin-guide/spectre.rst b/Documentation/admin-guide/spectre.rst new file mode 100644 index 0000000..0ba708e --- /dev/null +++ b/Documentation/admin-guide/spectre.rst @@ -0,0 +1,502 @@ +Spectre side channels +===================== + +Spectre is a class of side channel attacks against modern CPUs that +exploit branch prediction and speculative execution to read memory, +possibly bypassing access controls. These exploits do not modify memory. + +This document covers Spectre variant 1 and 2. + +Affected processors +------------------- + +The vulnerability affects a wide range of modern high performance +processors, since most modern high speed processors use branch prediction +and speculative execution. + +The following CPUs are vulnerable: + + - Intel Core, Atom, Pentium, Xeon CPUs + - AMD CPUs like Phenom, EPYC, Zen. + - IBM processors like POWER and zSeries + - Higher end ARM processors + - Apple CPUs + - Higher end MIPS CPUs + - Likely most other high performance CPUs. Contact your CPU vendor for details. + +This document describes the mitigations on Intel CPUs. Mitigations +on other architectures may be different. + +Related CVEs +------------ + +The following CVE entries describe Spectre variants: + + ============= ======================= ========== + CVE-2017-5753 Bounds check bypass Spectre-V1 + CVE-2017-5715 Branch target injection Spectre-V2 + +Problem +------- + +CPUs have shared caches, such as buffers for branch prediction, which are +later used to guide speculative execution. These buffers are not flushed +over context switches or change in privilege levels. Malicious software +might influence these buffers and trigger specific speculative execution +in the kernel or different user processes. This speculative execution can +then be used to read data in memory and cause side effects, such as displacing +data in a data cache. The side effect can then later be measured by the +malicious software, and used to determine the memory values read speculatively. + +Spectre attacks allow tricking other software to disclose +values in their memory. + +In a typical Spectre variant 1 attack, the attacker passes an parameter +to a victim. The victim boundary checks the parameter and rejects illegal +values. However due to speculation over branch prediction the code path +for correct values might be speculatively executed, then reference memory +controlled by the input parameter and leave measurable side effects in +the caches. The attacker could then measure these side effects +and determine the leaked value. + +There are some extensions of Spectre variant 1 attacks for reading +data over the network, see [2]. However the attacks are very +difficult, low bandwidth and fragile and considered low risk. + +For Spectre variant 2 the attacker poisons the indirect branch +predictors of the CPU. Then control is passed to the victim, which +executes indirect branches. Due to the poisoned branch predictor data +the CPU can speculatively execute arbitrary code in the victim's +address space, such as a code sequence ("disclosure gadget") that +reads arbitrary data on some input parameter and causes a measurable +cache side effect based on the value. The attacker can then measure +this side effect after gaining control again and determine the value. + +The most useful gadgets take an attacker-controlled input parameter so +that the memory read can be controlled. Gadgets without input parameters +might be possible, but the attacker would have very little control over what +memory can be read, reducing the risk of the attack revealing useful data. + +Attack scenarios +---------------- + +Here is a list of attack scenarios that have been anticipated, but +may not cover all possible attack patterns. Reduing the occurrences of +attack pre-requisites listed can reduce the risk that a spectre attack +leaks useful data. + +1. Local User process attacking kernel +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Code in system calls often enforces access controls with conditional +branches based on user data. These branches are potential targets for +Spectre v2 exploits. Interrupt handlers, on the other hand, rarely +handle user data or enforce access controls, which makes them unlikely +exploit targets. + +For typical variant 2 attack, the attacker may poison the CPU branch +buffers first, and then enter the kernel and trick it into jumping to a +disclosure gadget through an indirect branch. If the attacker wants to control the +memory addresses leaked, it would also need to pass a parameter +to the gadget, either through a register or through a known address in +memory. Finally when it executes again it can measure the side effect. + +Necessary Prequisites: +1. Malicious local process passing parameters to kernel +2. Kernel has secrets. + +2. User process attacking another user process +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In this scenario an malicious user process wants to attack another +user process through a context switch. + +For variant 1 this generally requires passing some parameter between +the processes, which needs a data passing relationship, such a remote +procedure calls (RPC). + +For variant 2 the poisoning can happen through a context switch, or +on CPUs with simultaneous multi-threading (SMT) potentially on the +thread sibling executing in parallel on the same core. In either case, +controlling the memory leaked by the disclosure gadget also requires a data +passing relationship to the victim process, otherwise while it may +observe values through side effects, it won't know which memory +addresses they relate to. + +Necessary Prerequisites: +1. Malicious code running as local process +2. Victim processes containing secrets running on same core. + +3. User sandbox attacking runtime in process +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A process, such as a web browser, might be running interpreted or JITed +untrusted code, such as javascript code downloaded from a website. +It uses restrictions in the JIT code generator and checks in a run time +to prevent the untrusted code from attacking the hosting process. + +The untrusted code might either use variant 1 or 2 to trick +a disclosure gadget in the run time to read memory inside the process. + +Necessary Prerequisites: +1. Sandbox in process running untrusted code. +2. Runtime in same process containing secrets. + +4. Kernel sandbox attacking kernel +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The kernel has support for running user-supplied programs within the +kernel. Specific rules (such as bounds checking) are enforced on these +programs by the kernel to ensure that they do not violate access controls. + +eBPF is a kernel sub-system that uses user-supplied program +to execute JITed untrusted byte code inside the kernel. eBPF is used +for manipulating and examining network packets, examining system call +parameters for sand boxes and other uses. + +A malicious local process could upload and trigger an malicious +eBPF script to the kernel, with the script attacking the kernel +using variant 1 or 2 and reading memory. + +Necessary Prerequisites: +1. Malicious local process +2. eBPF JIT enabled for unprivileged users, attacking kernel with secrets +on the same machine. + +5. Virtualization guest attacking host +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +An untrusted guest might attack the host through a hyper call +or other virtualization exit. + +Necessary Prerequisites: +1. Untrusted guest attacking host +2. Host has secrets on local machine. + +For variant 1 VM exits use appropriate mitigations +("bounds clipping") to prevent speculation leaking data +in kernel code. For variant 2 the kernel flushes the branch buffer. + +6. Virtualization guest attacking other guest +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +An untrusted guest attacking another guest containing +secrets. Mitigations are similar to when a guest attack +the host. + +Runtime vulnerability information +--------------------------------- + +The kernel reports the vulnerability and mitigation status in +/sys/devices/system/cpu/vulnerabilities/* + +The spectre_v1 file describes the always enabled variant 1 +mitigation: + +/sys/devices/system/cpu/vulnerabilities/spectre_v1 + +The value in this file: + + ======================================= ================================= + 'Mitigation: __user pointer sanitation' Protection in kernel on a case by + case base with explicit pointer + sanitation. + ======================================= ================================= + +The spectre_v2 kernel file reports if the kernel has been compiled with a +retpoline aware compiler, if the CPU has hardware mitigation, and if the +CPU has microcode support for additional process specific mitigations. + +It also reports CPU features enabled by microcode to mitigate attack +between user processes: + +1. Indirect Branch Prediction Barrier (IBPB) to add additional + isolation between processes of different users +2. Single Thread Indirect Branch Prediction (STIBP) to additional + isolation between CPU threads running on the same core. + +These CPU features may impact performance when used and can +be enabled per process on a case-by-case base. + +/sys/devices/system/cpu/vulnerabilities/spectre_v2 + +The values in this file: + + - Kernel status: + + ==================================== ================================= + 'Not affected' The processor is not vulnerable + 'Vulnerable' Vulnerable, no mitigation + 'Mitigation: Full generic retpoline' Software-focused mitigation + 'Mitigation: Full AMD retpoline' AMD-specific software mitigation + 'Mitigation: Enhanced IBRS' Hardware-focused mitigation + ==================================== ================================= + + - Firmware status: + + ========== ============================================================= + 'IBRS_FW' Protection against user program attacks when calling firmware + ========== ============================================================= + + - Indirect branch prediction barrier (IBPB) status for protection between + processes of different users. This feature can be controlled through + prctl per process, or through kernel command line options. For more details + see below. + + =================== ======================================================== + 'IBPB: disabled' IBPB unused + 'IBPB: always-on' Use IBPB on all tasks + 'IBPB: conditional' Use IBPB on SECCOMP or indirect branch restricted tasks + =================== ======================================================== + + - Single threaded indirect branch prediction (STIBP) status for protection + between different hyper threads. This feature can be controlled through + prctl per process, or through kernel command line options. For more details + see below. + + ==================== ======================================================== + 'STIBP: disabled' STIBP unused + 'STIBP: forced' Use STIBP on all tasks + 'STIBP: conditional' Use STIBP on SECCOMP or indirect branch restricted tasks + ==================== ======================================================== + + - Return stack buffer (RSB) protection status: + + ============= =========================================== + 'RSB filling' Protection of RSB on context switch enabled + ============= =========================================== + +Full mitigations might require an microcode update from the CPU +vendor. When the necessary microcode is not available the kernel +will report vulnerability. + +Kernel mitigation +----------------- + +The kernel has default on mitigations for Variant 1 and Variant 2 +against attacks from user programs or guests. For variant 1 it +annotates vulnerable kernel code (as determined by the sparse code +scanning tool and code audits) to use "bounds clipping" to avoid any +usable disclosure gadgets. + +For variant 2 the kernel employs "retpoline" with compiler help to secure +the indirect branches inside the kernel, when CONFIG_RETPOLINE is enabled +and the compiler supports retpoline. On Intel Skylake-era systems the +mitigation covers most, but not all, cases, see [1] for more details. + +On CPUs with hardware mitigations for variant 2, retpoline is +automatically disabled at runtime. + +Using kernel address space randomization (CONFIG_RANDOMIZE_SLAB=y +and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) +makes attacks on the kernel generally more difficult. + +Host mitigation +--------------- + +The Linux kernel uses retpoline to eliminate attacks on indirect +branches. It also flushes the Return Branch Stack on every VM exit to +prevent guests from attacking the host kernel when retpoline is +enabled. + +Variant 1 attacks are mitigated unconditionally. + +The kernel also allows guests to use any microcode based mitigations +they chose to use (such as IBPB or STIBP), assuming the +host has an updated microcode and reports the feature in +/sys/devices/system/cpu/vulnerabilities/spectre_v2. + +Mitigation control at kernel build time +--------------------------------------- + +When the CONFIG_RETPOLINE option is enabled the kernel uses special +code sequences to avoid attacks on indirect branches through +Variant 2 attacks. + +The compiler also needs to support retpoline and support the +-mindirect-branch=thunk-extern -mindirect-branch-register options +for gcc, or -mretpoline-external-thunk option for clang. + +When the compiler doesn't support these options the kernel +will report that it is vulnerable. + +Variant 1 mitigations and other side channel related user APIs are +enabled unconditionally. + +Hardware mitigation +------------------- + +Some CPUs have hardware mitigations (e.g. enhanced IBRS) for Spectre +variant 2. The 4.19 kernel has support for detecting this capability +and automatically disable any unnecessary workarounds at runtime. + +User program mitigation +----------------------- + +For variant 1 user programs can use LFENCE or bounds clipping. For more +details see [3]. + +For variant 2 user programs can be compiled with retpoline or +restricting its indirect branch speculation via prctl. (See +Documenation/speculation.txt for detailed API.) + +User programs should use address space randomization +(/proc/sys/kernel/randomize_va_space = 1 or 2) to make any attacks +more difficult. + +Mitigation control on the kernel command line +--------------------------------------------- + +Spectre v2 mitigations can be disabled and force enabled at the kernel +command line. + + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 + (indirect branch prediction) vulnerability. System may + allow data leaks with this option, which is equivalent + to spectre_v2=off. + + + spectre_v2= [X86] Control mitigation of Spectre variant 2 + (indirect branch speculation) vulnerability. + The default operation protects the kernel from + user space attacks. + + on - unconditionally enable, implies + spectre_v2_user=on + off - unconditionally disable, implies + spectre_v2_user=off + auto - kernel detects whether your CPU model is + vulnerable + + Selecting 'on' will, and 'auto' may, choose a + mitigation method at run time according to the + CPU, the available microcode, the setting of the + CONFIG_RETPOLINE configuration option, and the + compiler with which the kernel was built. + + Selecting 'on' will also enable the mitigation + against user space to user space task attacks. + + Selecting 'off' will disable both the kernel and + the user space protections. + + Specific mitigations can also be selected manually: + + retpoline - replace indirect branches + retpoline,generic - google's original retpoline + retpoline,amd - AMD-specific minimal thunk + + Not specifying this option is equivalent to + spectre_v2=auto. + +For user space mitigation: + + spectre_v2_user= + [X86] Control mitigation of Spectre variant 2 + (indirect branch speculation) vulnerability between + user space tasks + + on - Unconditionally enable mitigations. Is + enforced by spectre_v2=on + + off - Unconditionally disable mitigations. Is + enforced by spectre_v2=off + + prctl - Indirect branch speculation is enabled, + but mitigation can be enabled via prctl + per thread. The mitigation control state + is inherited on fork. + + prctl,ibpb + - Like "prctl" above, but only STIBP is + controlled per thread. IBPB is issued + always when switching between different user + space processes. + + seccomp + - Same as "prctl" above, but all seccomp + threads will enable the mitigation unless + they explicitly opt out. + + seccomp,ibpb + - Like "seccomp" above, but only STIBP is + controlled per thread. IBPB is issued + always when switching between different + user space processes. + + auto - Kernel selects the mitigation depending on + the available CPU features and vulnerability. + + Default mitigation: + If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" + + Not specifying this option is equivalent to + spectre_v2_user=auto. + + In general the kernel by default selects + reasonable mitigations for the current CPU. To + disable Spectre v2 mitigations boot with + spectre_v2=off. Spectre v1 mitigations cannot + be disabled. + +APIs for mitigation control of user process +------------------------------------------- + +When enabling the "prctl" option for spectre_v2_user boot parameter, +prctl can be used to restrict indirect branch speculation on a process. +See Documenation/speculation.txt for detailed API. + +Processes containing secrets, such as cryptographic keys, may invoke +this prctl for extra protection against Spectre v2. + +Before running untrusted processes, restricting their indirect branch +speculation will prevent such processes from launching Spectre v2 attacks. + +Restricting indirect branch speuclation on a process should be only used +as needed, as restricting speculation reduces both performance of the +process, and also process running on the sibling CPU thread. + +Under the "seccomp" option, the processes sandboxed with SECCOMP will +have indirect branch speculation restricted automatically. + +References +---------- + +Intel white papers and documents on Spectre: + +https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf + +[1] +https://software.intel.com/security-software-guidance/api-app/sites/default/files/Retpoline-A-Branch-Target-Injection-Mitigation.pdf + +https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html + +[3] https://software.intel.com/security-software-guidance/ + +https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors + +AMD white papers: + +https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf + +https://www.amd.com/en/corporate/security-updates + +ARM white papers: + +https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper + +https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/cache-speculation-issues-update + +MIPS: + +https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/ + +Academic papers: + +https://spectreattack.com/spectre.pdf [original spectre paper] + +[2] https://arxiv.org/abs/1807.10535 [NetSpectre] + +https://arxiv.org/abs/1811.05441 [generalization of Spectre] + +https://arxiv.org/abs/1807.07940 [Spectre RSB, a variant of Spectre v2] -- 2.9.4

5 years, 10 months

8
24
0 0

Re: [PATCH 19/19] bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata

by Coly Li

On 2019/2/12 9:28 下午, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v4.20.7, v4.19.20, v4.14.98, v4.9.155, v4.4.173, v3.18.134. > > v4.20.7: Build OK! > v4.19.20: Failed to apply! Possible dependencies: > 752f66a75aba ("bcache: use REQ_PRIO to indicate bio for metadata") > > v4.14.98: Failed to apply! Possible dependencies: > 752f66a75aba ("bcache: use REQ_PRIO to indicate bio for metadata") > b41c9b0266e8 ("bcache: update bio->bi_opf bypass/writeback REQ_ flag hints") > > v4.9.155: Failed to apply! Possible dependencies: > 752f66a75aba ("bcache: use REQ_PRIO to indicate bio for metadata") > 83b5df67c509 ("bcache: use op_is_sync to check for synchronous requests") > b41c9b0266e8 ("bcache: update bio->bi_opf bypass/writeback REQ_ flag hints") > > v4.4.173: Failed to apply! Possible dependencies: > 09cbfeaf1a5a ("mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros") > 1c2e54e1ed6f ("dm thin: bump thin and thin-pool target versions") > 1eff9d322a44 ("block: rename bio bi_rw to bi_opf") > 202bae52934d ("dm thin: unroll issue_discard() to create longer discard bio chains") > 38f252553300 ("block: add __blkdev_issue_discard") > 3dba53a958a7 ("dm thin: use __blkdev_issue_discard for async discard support") > 4e49ea4a3d27 ("block/fs/drivers: remove rw argument from submit_bio") > 83b5df67c509 ("bcache: use op_is_sync to check for synchronous requests") > 9082e87bfbf8 ("block: remove struct bio_batch") > a6111d11b8b5 ("btrfs: raid56: Use raid_write_end_io for scrub") > b41c9b0266e8 ("bcache: update bio->bi_opf bypass/writeback REQ_ flag hints") > bbd848e0fade ("block: reinstate early return of -EOPNOTSUPP from blkdev_issue_discard") > c3667cc61904 ("dm thin: consistently return -ENOSPC if pool has run out of data space") > c8d93247f1d0 ("bcache: use op_is_write instead of checking for REQ_WRITE") > d57d611505d9 ("kernel/fs: fix I/O wait not accounted for RW O_DSYNC") > > v3.18.134: Failed to apply! Possible dependencies: > 1b94b5567e9c ("Btrfs, raid56: use a variant to record the operation type") > 1eff9d322a44 ("block: rename bio bi_rw to bi_opf") > 2c8cdd6ee4e7 ("Btrfs, replace: write dirty pages into the replace target device") > 326e1dbb5736 ("block: remove management of bi_remaining when restoring original bi_end_io") > 4245215d6a8d ("Btrfs, raid56: fix use-after-free problem in the final device replace procedure on raid56") > 5a6ac9eacb49 ("Btrfs, raid56: support parity scrub on raid56") > 6e9606d2a2dc ("Btrfs: add ref_count and free function for btrfs_bio") > 83b5df67c509 ("bcache: use op_is_sync to check for synchronous requests") > 8e5cfb55d3f7 ("Btrfs: Make raid_map array be inlined in btrfs_bio structure") > af8e2d1df984 ("Btrfs, scrub: repair the common data on RAID5/6 if it is corrupted") > b41c9b0266e8 ("bcache: update bio->bi_opf bypass/writeback REQ_ flag hints") > b7c44ed9d2fc ("block: manipulate bio->bi_flags through helpers") > b89e1b012c7f ("Btrfs, raid56: don't change bbio and raid_map") > c4cf5261f8bf ("bio: skip atomic inc/dec of ->bi_remaining for non-chains") > c8d93247f1d0 ("bcache: use op_is_write instead of checking for REQ_WRITE") > f90523d1aa3c ("Btrfs: remove noused bbio_ret in __btrfs_map_block in condition") > > > How should we proceed with this patch? Can I rebase this patch for each stable kernel, and send the patch to stable(a)vger.kernel.org ? Thanks. -- Coly Li

5 years, 10 months

1
0
0 0

Re: [PATCH 06/19] bcache: treat stale && dirty keys as bad keys

by Coly Li

On 2019/2/12 9:28 下午, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v4.20.7, v4.19.20, v4.14.98, v4.9.155, v4.4.173, v3.18.134. > > v4.20.7: Build OK! > v4.19.20: Failed to apply! Possible dependencies: > 149d0efada77 ("bcache: replace hard coded number with BUCKET_GC_GEN_MAX") > > v4.14.98: Failed to apply! Possible dependencies: > 1d316e658374 ("bcache: implement PI controller for writeback rate") > 25d8be77e192 ("block: move bio_alloc_pages() to bcache") > 27a40ab9269e ("bcache: add backing_request_endio() for bi_end_io") > 2831231d4c3f ("bcache: reduce cache_set devices iteration by devices_max_used") > 3b304d24a718 ("bcache: convert cached_dev.count from atomic_t to refcount_t") > 3fd47bfe55b0 ("bcache: stop dc->writeback_rate_update properly") > 5138ac6748e3 ("bcache: fix misleading error message in bch_count_io_errors()") > 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") > 5fa89fb9a86b ("bcache: don't write back data if reading it failed") > 6f10f7d1b02b ("bcache: style fix to replace 'unsigned' by 'unsigned int'") > 771f393e8ffc ("bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags") > 7ba0d830dc0e ("bcache: set error_limit correctly") > 7e027ca4b534 ("bcache: add stop_when_cache_set_failed option to backing device") > 804f3c6981f5 ("bcache: fix cached_dev->count usage for bch_cache_set_error()") > a8500fc816b1 ("bcache: rearrange writeback main thread ratelimit") > b1092c9af9ed ("bcache: allow quick writeback when backing idle") > bc082a55d25c ("bcache: fix inaccurate io state for detached bcache devices") > c7b7bd07404c ("bcache: add io_disable to struct cached_dev") > > v4.9.155: Failed to apply! Possible dependencies: > 1d316e658374 ("bcache: implement PI controller for writeback rate") > 2831231d4c3f ("bcache: reduce cache_set devices iteration by devices_max_used") > 297e3d854784 ("blk-throttle: make throtl_slice tunable") > 3fd47bfe55b0 ("bcache: stop dc->writeback_rate_update properly") > 4e4cbee93d56 ("block: switch bios to blk_status_t") > 5138ac6748e3 ("bcache: fix misleading error message in bch_count_io_errors()") > 6f10f7d1b02b ("bcache: style fix to replace 'unsigned' by 'unsigned int'") > 7e027ca4b534 ("bcache: add stop_when_cache_set_failed option to backing device") > 87760e5eef35 ("block: hook up writeback throttling") > 9e234eeafbe1 ("blk-throttle: add a simple idle detection") > c7b7bd07404c ("bcache: add io_disable to struct cached_dev") > cf43e6be865a ("block: add scalable completion tracking of requests") > e806402130c9 ("block: split out request-only flags into a new namespace") > fbbaf700e7b1 ("block: trace completion of all bios.") > > v4.4.173: Failed to apply! Possible dependencies: > 005411ea7ee7 ("doc: update block/queue-sysfs.txt entries") > 1d316e658374 ("bcache: implement PI controller for writeback rate") > 27489a3c827b ("blk-mq: turn hctx->run_work into a regular work struct") > 2831231d4c3f ("bcache: reduce cache_set devices iteration by devices_max_used") > 297e3d854784 ("blk-throttle: make throtl_slice tunable") > 38f8baae8905 ("block: factor out chained bio completion") > 3fd47bfe55b0 ("bcache: stop dc->writeback_rate_update properly") > 4e4cbee93d56 ("block: switch bios to blk_status_t") > 511cbce2ff8b ("irq_poll: make blk-iopoll available outside the block layer") > 5138ac6748e3 ("bcache: fix misleading error message in bch_count_io_errors()") > 6f10f7d1b02b ("bcache: style fix to replace 'unsigned' by 'unsigned int'") > 7e027ca4b534 ("bcache: add stop_when_cache_set_failed option to backing device") > 87760e5eef35 ("block: hook up writeback throttling") > 8d354f133e86 ("blk-mq: improve layout of blk_mq_hw_ctx") > 9467f85960a3 ("blk-mq/cpu-notif: Convert to new hotplug state machine") > 9e234eeafbe1 ("blk-throttle: add a simple idle detection") > af3e3a5259e3 ("block: don't unecessarily clobber bi_error for chained bios") > ba8c6967b739 ("block: cleanup bio_endio") > c7b7bd07404c ("bcache: add io_disable to struct cached_dev") > cf43e6be865a ("block: add scalable completion tracking of requests") > e57690fe009b ("blk-mq: don't overwrite rq->mq_ctx") > fbbaf700e7b1 ("block: trace completion of all bios.") > > v3.18.134: Failed to apply! Possible dependencies: > 0f8087ecdeac ("block: Consolidate static integrity profile properties") > 1b94b5567e9c ("Btrfs, raid56: use a variant to record the operation type") > 1d316e658374 ("bcache: implement PI controller for writeback rate") > 2831231d4c3f ("bcache: reduce cache_set devices iteration by devices_max_used") > 2c8cdd6ee4e7 ("Btrfs, replace: write dirty pages into the replace target device") > 326e1dbb5736 ("block: remove management of bi_remaining when restoring original bi_end_io") > 3fd47bfe55b0 ("bcache: stop dc->writeback_rate_update properly") > 4246a0b63bd8 ("block: add a bi_error field to struct bio") > 4e4cbee93d56 ("block: switch bios to blk_status_t") > 5138ac6748e3 ("bcache: fix misleading error message in bch_count_io_errors()") > 5a6ac9eacb49 ("Btrfs, raid56: support parity scrub on raid56") > 6e9606d2a2dc ("Btrfs: add ref_count and free function for btrfs_bio") > 6f10f7d1b02b ("bcache: style fix to replace 'unsigned' by 'unsigned int'") > 7e027ca4b534 ("bcache: add stop_when_cache_set_failed option to backing device") > 8e5cfb55d3f7 ("Btrfs: Make raid_map array be inlined in btrfs_bio structure") > af8e2d1df984 ("Btrfs, scrub: repair the common data on RAID5/6 if it is corrupted") > b89e1b012c7f ("Btrfs, raid56: don't change bbio and raid_map") > c4cf5261f8bf ("bio: skip atomic inc/dec of ->bi_remaining for non-chains") > c7b7bd07404c ("bcache: add io_disable to struct cached_dev") > f90523d1aa3c ("Btrfs: remove noused bbio_ret in __btrfs_map_block in condition") > > > How should we proceed with this patch? Can we rebase this patch for stable kernels, and send them to stable kernel maintainers separately? If this behavior is accepted for stable kernel maintenance, I would suggest Junhui Tang to think about to rebase for these stable kernels. Thanks. -- Coly Li

5 years, 10 months

1
0
0 0

[PATCH 4.19 000/313] 4.19.21-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.21 release. There are 313 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 13 14:17:25 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.21-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.21-rc1 Peter Zijlstra <peterz(a)infradead.org> perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Add limit test for RC/UC send via loopback Huacai Chen <chenhc(a)lemote.com> cacheinfo: Keep the old value if of_property_read_u32 fails Chris Brandt <chris.brandt(a)renesas.com> serial: sh-sci: Do not free irqs that have already been freed Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Make PCI class test non fatal Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> serial: fix race between flush_to_ldisc and tty_open Gustavo A. R. Silva <gustavo(a)embeddedor.com> perf tests evsel-tp-sched: Fix bitwise operator Mark Rutland <mark.rutland(a)arm.com> perf/core: Don't WARN() for impossible ring-buffer sizes Tony Luck <tony.luck(a)intel.com> x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Add Node ID mask Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM Peter Shier <pshier(a)google.com> KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) Jann Horn <jannh(a)google.com> kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) James Bottomley <James.Bottomley(a)HansenPartnership.com> scsi: aic94xx: fix module loading Vaibhav Jain <vaibhav(a)linux.ibm.com> scsi: cxlflash: Prevent deadlock when adapter probe fails Johan Hovold <johan(a)kernel.org> staging: speakup: fix tty-operation NULL derefs Paul Elder <paul.elder(a)ideasonboard.com> usb: gadget: musb: fix short isoc packets with inventra dma Gustavo A. R. Silva <gustavo(a)embeddedor.com> usb: gadget: udc: net2272: Fix bitwise and boolean operations Tejas Joglekar <tejas.joglekar(a)synopsys.com> usb: dwc3: gadget: Handle 0 xfer length for OUT EP Bin Liu <b-liu(a)ti.com> usb: phy: am335x: fix race condition in _probe Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID Thomas Gleixner <tglx(a)linutronix.de> futex: Handle early deadlock return correctly Leonid Iziumtsev <leonid.iziumtsev(a)gmail.com> dmaengine: imx-dma: fix wrong callback invoke Lukas Wunner <lukas(a)wunner.de> dmaengine: bcm2835: Fix abort of transactions Lukas Wunner <lukas(a)wunner.de> dmaengine: bcm2835: Fix interrupt race on RT Vladis Dronov <vdronov(a)redhat.com> HID: debug: fix the ring buffer implementation Miklos Szeredi <mszeredi(a)redhat.com> fuse: handle zero sized retrieve correctly Miklos Szeredi <mszeredi(a)redhat.com> fuse: decrement NR_WRITEBACK_TEMP on the right page Jann Horn <jannh(a)google.com> fuse: call pipe_buf_release() under pipe lock Jeremy Soller <jeremy(a)system76.com> ALSA: hda/realtek - Headset microphone support for System76 darp5 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Use a common helper for hp pin reference Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix lose hp_pins for disable auto mute Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Serialize codec registrations Udo Eberhardt <udo.eberhardt(a)thesycon.de> ALSA: usb-audio: Add support for new T+A USB DAC Charles Keepax <ckeepax(a)opensource.cirrus.com> ALSA: compress: Fix stop handling on compressed capture streams Brian Foster <bfoster(a)redhat.com> xfs: eof trim writeback mapping as soon as it is cached Raed Salem <raeds(a)mellanox.com> net/mlx5e: FPGA, fix Innova IPsec TX offload data path performance Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Account for tx bytes and packets on sending xdp_frames Dan Carpenter <dan.carpenter(a)oracle.com> skge: potential memory corruption in skge_get_regs() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> sctp: walk the list of asoc safely Xin Long <lucien.xin(a)gmail.com> sctp: check and update stream->out_curr when allocating stream_out Eric Dumazet <edumazet(a)google.com> rxrpc: bad unlock balance in rxrpc_recvmsg Russell King <rmk+kernel(a)armlinux.org.uk> Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for 88e151x" Eric Dumazet <edumazet(a)google.com> rds: fix refcount bug in rds_sock_addref Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix WoL with password after deep sleep Cong Wang <xiyou.wangcong(a)gmail.com> net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames Rundong Ge <rdong.ge(a)gmail.com> net: dsa: slave: Don't propagate flag changes on down slave interfaces Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix counting of ATU violations Dan Carpenter <dan.carpenter(a)oracle.com> net: dsa: Fix NULL checking in dsa_slave_set_eee() Marc Zyngier <marc.zyngier(a)arm.com> net: dsa: Fix lockdep false positive splat Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: dp83640: expire old TX-skb Bart Van Assche <bvanassche(a)acm.org> lib/test_rhashtable: Make test_insert_dup() allocate its hash table dynamically Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: fix checksum validation for IPv6 Eric Dumazet <edumazet(a)google.com> dccp: fool proof ccid_hc_[rt]x_parse_options() Eduardo Valentin <edubezval(a)gmail.com> thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set Eric Sandeen <sandeen(a)redhat.com> xfs: fix inverted return from xfs_btree_sblock_verify_crc Darrick J. Wong <darrick.wong(a)oracle.com> xfs: fix PAGE_MASK usage in xfs_free_file_space Ye Yin <dbyin(a)tencent.com> fs/xfs: fix f_ffree value for statfs when project quota is set Dave Chinner <dchinner(a)redhat.com> xfs: delalloc -> unwritten COW fork allocation can go wrong Dave Chinner <dchinner(a)redhat.com> xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers Brian Foster <bfoster(a)redhat.com> xfs: fix shared extent data corruption due to missing cow reservation Dave Chinner <dchinner(a)redhat.com> xfs: fix overflow in xfs_attr3_leaf_verify Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> xfs: Fix error code in 'xfs_ioc_getbmap()' Christoph Hellwig <hch(a)lst.de> xfs: cancel COW blocks before swapext Carlos Maiolino <cmaiolino(a)redhat.com> xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat Du Changbin <changbin.du(a)gmail.com> scripts/gdb: fix lx-version string output Anders Roxell <anders.roxell(a)linaro.org> kernel/kcov.c: mark write_comp_data() as notrace Oleg Nesterov <oleg(a)redhat.com> exec: load_script: don't blindly truncate shebang string Davidlohr Bueso <dave(a)stgolabs.net> fs/epoll: drop ovflist branch prediction Liu, Chuansheng <chuansheng.liu(a)intel.com> kernel/hung_task.c: force console verbose before panic Cheng Lin <cheng.lin130(a)zte.com.cn> proc/sysctl: fix return error for proc_doulongvec_minmax() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> kernel/hung_task.c: break RCU locks based on jiffies Benjamin Gordon <bmgordon(a)google.com> fs/proc/base.c: use ns_capable instead of capable for timerslack_ns Dave Martin <Dave.Martin(a)arm.com> arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition Aditya Pakki <pakki001(a)umn.edu> HID: lenovo: Add checks to fix of_led_classdev_register Bjorn Andersson <bjorn.andersson(a)linaro.org> thermal: generic-adc: Fix adc to temp interpolation Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx: Enable MSI from downstream components Douglas Anderson <dianders(a)chromium.org> kdb: Don't back trace on a cpu that didn't round up Matthias Brugger <mbrugger(a)suse.com> thermal: bcm2835: enable hwmon explicitly Finn Thain <fthain(a)telegraphics.com.au> block/swim3: Fix -EBUSY error when re-opening device after unmount Scott Wood <oss(a)buserror.net> fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() Wenwen Wang <wang6495(a)umn.edu> gdrom: fix a memory leak bug Jia-Ju Bai <baijiaju1990(a)gmail.com> isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() Minchan Kim <minchan(a)kernel.org> zram: fix lockdep warning of free block handling Waiman Long <longman(a)redhat.com> mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init Larry Chen <lchen(a)suse.com> ocfs2: improve ocfs2 Makefile Junxiao Bi <junxiao.bi(a)oracle.com> ocfs2: don't clear bh uptodate for block read Randy Dunlap <rdunlap(a)infradead.org> arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning Marc Zyngier <marc.zyngier(a)arm.com> scripts/decode_stacktrace: only strip base path when a prefix of the path Jiri Olsa <jolsa(a)kernel.org> perf python: Do not force closing original perf descriptor in evlist.get_pollfd() Ondrej Mosnacek <omosnace(a)redhat.com> cgroup: fix parsing empty mount option string Sahitya Tummala <stummala(a)codeaurora.org> f2fs: fix sbi->extent_list corruption issue Kangjie Lu <kjlu(a)umn.edu> niu: fix missing checks of niu_pci_eeprom_read Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Avoid marking pages with "changed protection" Sahitya Tummala <stummala(a)codeaurora.org> f2fs: fix use-after-free issue when accessing sbi->stat_info Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: check ntwrk_buf_start for NULL before dereferencing it Stefan Roese <sr(a)denx.de> MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 Nathan Chancellor <natechancellor(a)gmail.com> crypto: ux500 - Use proper enum in hash_set_dma_transfer Nathan Chancellor <natechancellor(a)gmail.com> crypto: ux500 - Use proper enum in cryp_set_dma_transfer Michael Ellerman <mpe(a)ellerman.id.au> seq_buf: Make seq_buf_puts() null-terminate the buffer Kangjie Lu <kjlu(a)umn.edu> hwmon: (lm80) fix a missing check of bus read in lm80 probe Kangjie Lu <kjlu(a)umn.edu> hwmon: (lm80) fix a missing check of the status of SMBus read Stanislav Fomichev <sdf(a)google.com> perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz Chris Perl <cperl(a)janestreet.com> NFS: nfs_compare_mount_options always compare auth flavors. Jim Mattson <jmattson(a)google.com> kvm: Change offset in kvm_write_guest_offset_cached to unsigned Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Do not allow hot-remove memory from fadump reserved area. Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/mm: Fix reporting of kernel execute faults on the 8xx Noralf Trønnes <noralf(a)tronnes.org> fbdev: fbcon: Fix unregister crash when more than one framebuffer Lenny Szubowicz <lszubowi(a)redhat.com> ACPI/APEI: Clear GHES block_status before panic() Kai-Heng Feng <kai.heng.feng(a)canonical.com> igb: Fix an issue that PME is not enabled during runtime suspend Young Xiao <YangX92(a)hotmail.com> ice: Do not enable NAPI on q_vectors that have no rings Konstantin Khorenko <khorenko(a)virtuozzo.com> i40e: define proper net_device::neigh_priv_len Peter Rosin <peda(a)axentia.se> fbdev: fbmem: behave better with small rotated displays and many CPUs Guoqing Jiang <gqjiang(a)suse.com> md: fix raid10 hang issue caused by barrier Alexey Khoroshilov <khoroshilov(a)ispras.ru> video: clps711x-fb: release disp device node in probe() Wenjing Liu <Wenjing.Liu(a)amd.com> drm/amd/display: validate extended dongle caps Nathan Chancellor <natechancellor(a)gmail.com> drbd: Avoid Clang warning about pointless switch statment Lars Ellenberg <lars.ellenberg(a)linbit.com> drbd: skip spurious timeout (ping-timeo) when failing promote Lars Ellenberg <lars.ellenberg(a)linbit.com> drbd: disconnect, if the wrong UUIDs are attached on a connected peer Roland Kammerer <roland.kammerer(a)linbit.com> drbd: narrow rcu_read_lock in drbd_sync_handshake Miroslav Lichvar <mlichvar(a)redhat.com> mlx5: update timecounter at least twice per counter overflow Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand Naftali Goldstein <naftali.goldstein(a)intel.com> iwlwifi: mvm: fix setting HE ppe FW config Madhavan Srinivasan <maddy(a)linux.vnet.ibm.com> powerpc/perf: Fix thresholding counter data for unknown type Jian Shen <shenjian15(a)huawei.com> net: hns3: add max vector number check for pf Jia-Ju Bai <baijiaju1990(a)gmail.com> cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() Mahesh Rajashekhara <mahesh.rajashekhara(a)microsemi.com> scsi: smartpqi: increase fw status register read timeout Dave Carroll <david.carroll(a)microsemi.com> scsi: smartpqi: correct volume status Mahesh Rajashekhara <mahesh.rajashekhara(a)microsemi.com> scsi: smartpqi: correct host serial num for ssa Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG YueHaibing <yuehaibing(a)huawei.com> xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi Johannes Berg <johannes.berg(a)intel.com> mac80211: fix radiotap vendor presence bitmap handling Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/uaccess: fix warning/error with access_ok() Eric Yang <Eric.Yang2(a)amd.com> drm/amd/display: fix YCbCr420 blank color Chen-Yu Tsai <wens(a)csie.org> Bluetooth: hci_bcm: Handle deferred probing for the clock supply Paul Hsieh <paul.hsieh(a)amd.com> drm/amd/display: Add retry to read ddc_clock pin Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data() Dennis Zhou <dennis(a)kernel.org> percpu: convert spin_lock_irq to spin_lock_irqsave. Arnaldo Carvalho de Melo <acme(a)redhat.com> perf tools: Cast off_t to s64 to avoid warning on bionic libc Arnaldo Carvalho de Melo <acme(a)redhat.com> perf header: Fix up argument to ctime() Bin Liu <b-liu(a)ti.com> usb: musb: dsps: fix runtime pm for peripheral mode Bin Liu <b-liu(a)ti.com> usb: musb: dsps: fix otg state machine Mark Rutland <mark.rutland(a)arm.com> arm64: KVM: Skip MMIO insn after emulation Nicholas Mc Guire <hofrat(a)osadl.org> livepatch: check kzalloc return values Doug Smythies <doug.smythies(a)gmail.com> tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file Michael Mueller <mimu(a)linux.ibm.com> KVM: s390: unregister debug feature on failing arch init Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings. Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) Arnaldo Carvalho de Melo <acme(a)redhat.com> perf probe: Fix unchecked usage of strncpy() Ethan Lien <ethanlien(a)synology.com> btrfs: use tagged writepage to mitigate livelock of snapshot Arnaldo Carvalho de Melo <acme(a)redhat.com> perf header: Fix unchecked usage of strncpy() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf dso: Fix unchecked usage of strncpy() Adrian Hunter <adrian.hunter(a)intel.com> perf test: Fix perf_event_attr test failure Beomho Seo <beomho.seo(a)samsung.com> tty: serial: samsung: Properly set flags in autoCTS mode Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Fix locking in sci_submit_rx() David Sterba <dsterba(a)suse.com> btrfs: reada: reorder dev-replace locks before radix tree preload Anand Jain <anand.jain(a)oracle.com> btrfs: harden agaist duplicate fsid on scanned devices Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> usb: renesas_usbhs: add support for RZ/G2E Linus Walleij <linus.walleij(a)linaro.org> mmc: jz4740: Get CD/WP GPIOs from descriptors Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci-xenon: Fix timeout checks Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci-omap: Fix timeout checks Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci-of-esdhc: Fix timeout checks Kai-Heng Feng <kai.heng.feng(a)canonical.com> memstick: Prevent memstick host from getting runtime suspended during card detection Nicholas Mc Guire <hofrat(a)osadl.org> mmc: meson-mx-sdio: check devm_kasprintf for failure Michal Suchanek <msuchanek(a)suse.de> mmc: bcm2835: reset host on timeout Phil Elwell <phil(a)raspberrypi.org> mmc: bcm2835: Recover from MMC_SEND_EXT_CSD Suraj Jitindar Singh <sjitindarsingh(a)gmail.com> KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines Arnd Bergmann <arnd(a)arndb.de> ARM: mmp: fix timer_init calls Fabio Estevam <festevam(a)gmail.com> ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M Arnd Bergmann <arnd(a)arndb.de> ARM: pxa: avoid section mismatch warning Stanislav Fomichev <sdf(a)google.com> selftests/bpf: use __bpf_constant_htons in test_prog.c Joey Zhang <joey.zhang(a)microchip.com> switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite Jan Kara <jack(a)suse.cz> udf: Fix BUG on corrupted inode Nir Dotan <nird(a)mellanox.com> mlxsw: spectrum_acl: Limit priority value Icenowy Zheng <icenowy(a)aosc.io> phy: sun4i-usb: add support for missing USB PHY index Adamski, Krzysztof (Nokia - PL/Wroclaw) <krzysztof.adamski(a)nokia.com> i2c-axxia: check for error conditions first Hua Su <suhua.tanke(a)gmail.com> lightnvm: pblk: add lock protection to list operations Hans Holmberg <hans.holmberg(a)cnexlabs.com> lightnvm: pblk: fix resubmission of overwritten write err lbas Sean Paul <seanpaul(a)chromium.org> drm/msm: dpu: Only check flush register against pending flushes Abhinav Kumar <abhinavk(a)codeaurora.org> drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> tee: optee: avoid possible double list_del() Viresh Kumar <viresh.kumar(a)linaro.org> OPP: Use opp_table->regulators to verify no regulator case Yangtao Li <tiny.windzz(a)gmail.com> cpuidle: big.LITTLE: fix refcount leak Vadim Pasternak <vadimp(a)mellanox.com> platform/x86: mlx-platform: Fix tachometer registers Anson Huang <anson.huang(a)nxp.com> clk: imx6sl: ensure MMDC CH0 handshake is bypassed Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> sata_rcar: fix deferred probing Will Deacon <will.deacon(a)arm.com> iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer Vivek Gautam <vivek.gautam(a)codeaurora.org> iommu/arm-smmu: Add support for qcom,smmu-v2 variant Zhen Lei <thunder.leizhen(a)huawei.com> iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads Tejas Joglekar <tejas.joglekar(a)synopsys.com> usb: dwc3: gadget: Disable CSP for stream OUT ep Andrey Smirnov <andrew.smirnov(a)gmail.com> ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1 Wolfram Sang <wsa+renesas(a)sang-engineering.com> watchdog: renesas_wdt: don't set divider while watchdog is running Dan Carpenter <dan.carpenter(a)oracle.com> tracing: Have trace_stack nr_entries compare not be so subtle Linus Walleij <linus.walleij(a)linaro.org> ARM: dts: Fix up the D-Link DIR-685 MTD partition info Philipp Zabel <p.zabel(a)pengutronix.de> media: coda: fix H.264 deblocking filter controls Jiong Wang <jiong.wang(a)netronome.com> mips: bpf: fix encoding bug for mm_srlv32_op Russell King - ARM Linux <linux(a)armlinux.org.uk> ARM: dts: Fix OMAP4430 SDP Ethernet startup Yu Zhao <yuzhao(a)google.com> iommu/amd: Fix amd_iommu=force_isolation Nicholas Mc Guire <hofrat(a)osadl.org> pinctrl: sx150x: handle failure case of devm_kstrdup Nicholas Mc Guire <hofrat(a)osadl.org> gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack Nicholas Mc Guire <hofrat(a)osadl.org> gpio: mt7621: report failure of devm_kasprintf() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: trace: add missing break statement to make compiler happy Kaike Wan <kaike.wan(a)intel.com> IB/hfi1: Unreserve a reserved request when it is completed Peter Rajnoha <prajnoha(a)redhat.com> kobject: return error code if writing /sys/.../uevent fails Alexander Duyck <alexander.h.duyck(a)linux.intel.com> driver core: Move async_synchronize_full call Hoang Le <hoang.h.le(a)dektech.com.au> tipc: fix node keep alive interval calculation Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2) Luca Ceresoli <luca(a)lucaceresoli.net> media: imx274: select REGMAP_I2C Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) Bart Van Assche <bvanassche(a)acm.org> timekeeping: Use proper seqcount initializer Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: delay hub autosuspend if USB3 port is still link training Marek Szyprowski <m.szyprowski(a)samsung.com> usb: dwc2: Disable power down feature on Samsung SoCs Anurag Kumar Vulisha <anurag.kumar.vulisha(a)xilinx.com> usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() Max Filippov <jcmvbkbc(a)gmail.com> xtensa: xtfpga.dtsi: fix dtc warnings about SPI Zoran Markovic <zmarkovic(a)sierrawireless.com> smack: fix access permissions for keyring Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: DaVinci-VPBE: fix error handling in vpbe_initialize() Arnd Bergmann <arnd(a)arndb.de> media: i2c: TDA1997x: select CONFIG_HDMI Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> x86/fpu: Add might_fault() to user_insn() Rob Herring <robh(a)kernel.org> ARM: dts: aspeed: add missing memory unit-address Lubomir Rintel <lkundrak(a)v3.sk> ARM: mmp/mmp2: dt: enable the clock Lubomir Rintel <lkundrak(a)v3.sk> ARM: dts: mmp2: fix TWSI2 Eric Anholt <eric(a)anholt.net> drm/v3d: Fix prime imports of buffers from other drivers. Mark Rutland <mark.rutland(a)arm.com> arm64: ftrace: don't adjust the LR value Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mt76x0: dfs: fix IBI_R11 configuration on non-radar channels Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: improve special ap message cmd handling Arend van Spriel <arend.vanspriel(a)broadcom.com> firmware/efi: Add NULL pointer checks in efivars API functions Thara Gopinath <thara.gopinath(a)linaro.org> thermal: Fix locking in cooling device sysfs update cur_state Wei Wang <wvw(a)google.com> Thermal: do not clear passive state during system sleep Will Deacon <will.deacon(a)arm.com> arm64: io: Ensure value passed to __iormb() is held in a 64-bit register Nicholas Mc Guire <hofrat(a)osadl.org> perf: arm_spe: handle devm_kasprintf() failure Sean Paul <seanpaul(a)chromium.org> drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() J. Bruce Fields <bfields(a)redhat.com> nfsd4: fix crash on writing v4_end_grace before nfsd startup Yangtao Li <tiny.windzz(a)gmail.com> soc: bcm: brcmstb: Don't leak device tree node reference Young Xiao <YangX92(a)hotmail.com> sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN YueHaibing <yuehaibing(a)huawei.com> net: aquantia: return 'err' if set MPI_DEINIT state fails Will Deacon <will.deacon(a)arm.com> arm64: io: Ensure calls to delay routines are ordered against prior readX() Simon Horman <horms+renesas(a)verge.net.au> i2c: sh_mobile: add support for r8a77990 (R-Car E3) Tiezhu Yang <kernelpatch(a)126.com> f2fs: fix wrong return value of f2fs_acl_create Sheng Yong <shengyong1(a)huawei.com> f2fs: fix race between write_checkpoint and write_begin Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: avoid build warn of fall_through Yunlei He <heyunlei(a)huawei.com> f2fs: move dir data flush to write checkpoint process Michael Straube <straube.linux(a)gmail.com> staging: pi433: fix potential null dereference Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: SPCR: Consider baud rate 0 as preconfigured state Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: adv*/tc358743/ths8200: fill in min width/height/pixelclock Hans de Goede <hdegoede(a)redhat.com> iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> iio: adc: meson-saradc: fix internal clock names Nicholas Mc Guire <hofrat(a)osadl.org> iio: adc: meson-saradc: check for devm_kasprintf failure Mathieu Malaterre <malat(a)debian.org> powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly Nathan Chancellor <natechancellor(a)gmail.com> dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll YueHaibing <yuehaibing(a)huawei.com> ptp: Fix pass zero to ERR_PTR() in ptp_clock_register Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: meson8b: fix the width of the cpu_scale_div clock Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel Babu Moger <Babu.Moger(a)amd.com> x86/resctrl: Fixup the user-visible strings Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix the definition of DBG_BUGON Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() Akinobu Mita <akinobu.mita(a)gmail.com> media: video-i2c: avoid accessing released memory area when removing driver Sean Young <sean(a)mess.org> media: rc: ensure close() is called on rc_unregister_device Yangtao Li <tiny.windzz(a)gmail.com> soc/tegra: Don't leak device tree node reference Pu Wen <puwen(a)hygon.cn> perf tools: Add Hygon Dhyana support Sami Tolvanen <samitolvanen(a)google.com> modpost: validate symbol names also in find_elf_symbol Saeed Mahameed <saeedm(a)mellanox.com> net/mlx5: EQ, Use the right place to store/read IRQ affinity hint Stanislav Fomichev <sdf(a)google.com> bpf: libbpf: retry map creation without the name Yogesh Mohan Marimuthu <yogesh.mohanmarimuthu(a)amd.com> drm/amd/display: calculate stream->phy_pix_clk before clock mapping Murton Liu <murton.liu(a)amd.com> drm/amd/display: fix gamma not being applied correctly Nathan Chancellor <natechancellor(a)gmail.com> ARM: OMAP2+: hwmod: Fix some section annotations Damian Kos <dkos(a)cadence.com> drm/rockchip: fix for mailbox read size Ben Dooks <ben.dooks(a)codethink.co.uk> usbnet: smsc95xx: fix rx packet alignment Renato Lui Geh <renatogeh(a)gmail.com> staging: iio: ad7780: update voltage on read Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: change the time of SAS SSP connection Alan Brady <alan.brady(a)intel.com> i40e: prevent overlapping tx_timeout recover Brian Norris <briannorris(a)chromium.org> platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup Arnd Bergmann <arnd(a)arndb.de> vbox: fix link error with 'gcc -Og' Anatolij Gustschin <agust(a)denx.de> fpga: altera-cvp: fix 'bad IO access' on x86_64 Dexuan Cui <decui(a)microsoft.com> Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1 Andreas Puhm <puhm(a)oregano.at> fpga: altera-cvp: Fix registration for CvP incapable devices Matheus Tavares <matheus.bernardino(a)usp.br> staging:iio:ad2s90: Make probe handle spi_setup failure Naftali Goldstein <naftali.goldstein(a)intel.com> iwlwifi: fw: do not set sgi bits for HE connection Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-ptp: defer probe when portal allocation failed Paul Burton <paul.burton(a)mips.com> MIPS: Boston: Disable EG20T prefetch Miroslav Lichvar <mlichvar(a)redhat.com> ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl Andy Duan <fugang.duan(a)nxp.com> serial: fsl_lpuart: clear parity enable bit when disable parity Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE Eric Biggers <ebiggers(a)google.com> crypto: aes_ti - disable interrupts while accessing S-box Frank Rowand <frank.rowand(a)sony.com> powerpc/pseries: add of_node_put() in dlpar_detach_node() Colin Ian King <colin.king(a)canonical.com> x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) Bob Peterson <rpeterso(a)redhat.com> dlm: Don't swamp the CPU with callbacks queued during recovery Yi Wang <wang.yi59(a)zte.com.cn> clk: boston: fix possible memory leak in clk_boston_setup() Yufen Wang <wangyufen(a)huawei.com> ARM: 8808/1: kexec:offline panic_smp_self_stop CPU James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event Suganath Prabu <suganath-prabu.subramani(a)broadcom.com> scsi: mpt3sas: Call sas_remove_host before removing the target devices James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Correct LCB RJT handling Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ath9k: dynack: use authentication messages for 'late' ack Brian Norris <briannorris(a)chromium.org> ath10k: assign 'n_cipher_suites' for WCN3990 Lior David <liord(a)codeaurora.org> wil6210: fix memory leak in wil_find_tx_bcast_2 Alexei Avshalom Lazar <ailizaro(a)codeaurora.org> wil6210: fix reset flow for Talyn-mb Nickhu <nickhu(a)andestech.com> nds32: Fix gcc 8.0 compiler option incompatible. Steve Longerbeam <slongerbeam(a)gmail.com> gpu: ipu-v3: image-convert: Prevent race between run and unprepare Long Li <longli(a)microsoft.com> genirq/affinity: Spread IRQs to all available NUMA nodes Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Initialize registers in tcon-top driver Muchun Song <smuchun(a)gmail.com> gpiolib: Fix possible use after free on label Arnd Bergmann <arnd(a)arndb.de> ASoC: Intel: mrfld: fix uninitialized variable access Lukas Wunner <lukas(a)wunner.de> pinctrl: bcm2835: Use raw spinlock for RT compatibility Deepak Sharma <deepak.sharma(a)amd.com> drm/vgem: Fix vgem_init to get drm device available. Slawomir Stepien <sst(a)poczta.fm> staging: iio: adc: ad7280a: handle error from __ad7280_read32() Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/bufs: Fix Spectre v1 vulnerability Alexey Brodkin <alexey.brodkin(a)synopsys.com> devres: Align data[] to ARCH_KMALLOC_MINALIGN ------------- Diffstat: Makefile | 4 +- .../boot/dts/aspeed-bmc-arm-centriq2400-rep.dts | 2 +- arch/arm/boot/dts/aspeed-bmc-intel-s2600wf.dts | 2 +- arch/arm/boot/dts/aspeed-bmc-opp-lanyang.dts | 3 +- arch/arm/boot/dts/aspeed-bmc-portwell-neptune.dts | 2 +- arch/arm/boot/dts/gemini-dlink-dir-685.dts | 16 ++- arch/arm/boot/dts/imx51-zii-rdu1.dts | 17 ++- arch/arm/boot/dts/mmp2.dtsi | 9 +- arch/arm/boot/dts/omap4-sdp.dts | 1 + arch/arm/kernel/smp.c | 15 +++ arch/arm/mach-mmp/common.h | 2 +- arch/arm/mach-mmp/mmp2.c | 2 +- arch/arm/mach-mmp/pxa168.c | 2 +- arch/arm/mach-mmp/pxa910.c | 2 +- arch/arm/mach-mmp/time.c | 32 +++--- arch/arm/mach-omap2/omap_hwmod.c | 6 +- arch/arm/mach-pxa/cm-x300.c | 2 +- arch/arm/mach-pxa/littleton.c | 2 +- arch/arm/mach-pxa/zeus.c | 2 +- arch/arm64/include/asm/io.h | 32 ++++-- arch/arm64/include/uapi/asm/ptrace.h | 2 +- arch/arm64/kernel/entry-ftrace.S | 1 - arch/mips/boot/dts/img/boston.dts | 6 ++ arch/mips/include/asm/mach-jz4740/jz4740_mmc.h | 2 - arch/mips/include/uapi/asm/inst.h | 2 +- arch/mips/jz4740/board-qi_lb60.c | 12 ++- arch/mips/ralink/Kconfig | 1 + arch/nds32/mm/Makefile | 6 +- arch/powerpc/include/asm/fadump.h | 2 +- arch/powerpc/include/asm/uaccess.h | 2 +- arch/powerpc/kernel/fadump.c | 10 +- arch/powerpc/kernel/vmlinux.lds.S | 4 + arch/powerpc/kvm/powerpc.c | 5 +- arch/powerpc/mm/fault.c | 4 +- arch/powerpc/perf/isa207-common.c | 7 +- arch/powerpc/platforms/powernv/pci-ioda-tce.c | 2 +- arch/powerpc/platforms/pseries/dlpar.c | 2 + arch/powerpc/platforms/pseries/hotplug-memory.c | 7 +- arch/s390/include/uapi/asm/zcrypt.h | 4 +- arch/s390/kvm/kvm-s390.c | 17 ++- arch/sh/boards/mach-kfr2r09/setup.c | 1 - arch/um/include/asm/pgtable.h | 9 +- arch/x86/events/intel/core.c | 10 +- arch/x86/events/intel/uncore_snbep.c | 4 +- arch/x86/include/asm/fpu/internal.h | 3 + arch/x86/kernel/cpu/bugs.c | 2 +- arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c | 22 ++-- arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 34 +++--- arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 36 +++---- arch/x86/kernel/cpu/mcheck/mce.c | 1 + arch/x86/kvm/svm.c | 7 ++ arch/x86/kvm/vmx.c | 4 +- arch/x86/kvm/x86.c | 7 ++ arch/x86/pci/broadcom_bus.c | 4 +- arch/xtensa/boot/dts/xtfpga.dtsi | 2 +- crypto/Kconfig | 3 +- crypto/aes_ti.c | 18 ++++ drivers/acpi/apei/ghes.c | 2 + drivers/acpi/spcr.c | 11 ++ drivers/ata/sata_rcar.c | 4 +- drivers/base/bus.c | 12 ++- drivers/base/cacheinfo.c | 6 +- drivers/base/core.c | 8 +- drivers/base/dd.c | 6 +- drivers/base/devres.c | 10 +- drivers/block/drbd/drbd_nl.c | 15 +-- drivers/block/drbd/drbd_receiver.c | 13 +-- drivers/block/sunvdc.c | 5 + drivers/block/swim3.c | 6 +- drivers/block/zram/zram_drv.c | 38 ++++--- drivers/block/zram/zram_drv.h | 2 +- drivers/bluetooth/hci_bcm.c | 4 + drivers/cdrom/gdrom.c | 1 + drivers/clk/imgtec/clk-boston.c | 11 +- drivers/clk/imx/clk-imx6sl.c | 6 ++ drivers/clk/meson/meson8b.c | 16 ++- drivers/clk/sunxi-ng/ccu-sun8i-a33.c | 6 +- drivers/cpuidle/cpuidle-big_little.c | 7 +- drivers/crypto/ux500/cryp/cryp_core.c | 4 +- drivers/crypto/ux500/hash/hash_core.c | 2 +- drivers/dma/bcm2835-dma.c | 70 +++++------- drivers/dma/imx-dma.c | 8 +- drivers/dma/xilinx/zynqmp_dma.c | 2 +- drivers/firmware/efi/vars.c | 99 +++++++++++++---- drivers/fpga/altera-cvp.c | 15 ++- drivers/gpio/gpio-mt7621.c | 10 +- drivers/gpio/gpiolib.c | 25 ++++- drivers/gpu/drm/amd/display/dc/core/dc_link.c | 23 ++-- drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 + .../amd/display/dc/dce110/dce110_hw_sequencer.c | 11 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 12 ++- .../drm/amd/powerplay/smumgr/polaris10_smumgr.c | 17 ++- drivers/gpu/drm/drm_atomic_helper.c | 8 +- drivers/gpu/drm/drm_bufs.c | 3 + .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 2 +- drivers/gpu/drm/msm/dsi/pll/dsi_pll_10nm.c | 8 +- drivers/gpu/drm/rockchip/cdn-dp-reg.c | 2 +- drivers/gpu/drm/sun4i/sun8i_tcon_top.c | 7 ++ drivers/gpu/drm/v3d/v3d_bo.c | 1 + drivers/gpu/drm/vc4/vc4_plane.c | 12 ++- drivers/gpu/drm/vgem/vgem_drv.c | 16 +-- drivers/gpu/ipu-v3/ipu-image-convert.c | 10 +- drivers/hid/hid-debug.c | 120 ++++++++------------- drivers/hid/hid-lenovo.c | 10 +- drivers/hwmon/lm80.c | 26 +++-- drivers/i2c/busses/i2c-axxia.c | 32 +++--- drivers/i2c/busses/i2c-sh_mobile.c | 2 + drivers/iio/accel/kxcjk-1013.c | 1 + drivers/iio/adc/meson_saradc.c | 14 ++- drivers/infiniband/hw/hfi1/rc.c | 2 + drivers/infiniband/hw/hfi1/ruc.c | 7 +- drivers/infiniband/hw/qib/qib_ruc.c | 7 +- drivers/iommu/amd_iommu.c | 9 +- drivers/iommu/arm-smmu-v3.c | 14 ++- drivers/iommu/arm-smmu.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 32 +++++- drivers/isdn/hisax/hfc_pci.c | 2 + drivers/lightnvm/pblk-core.c | 13 ++- drivers/lightnvm/pblk-write.c | 8 +- drivers/md/raid10.c | 4 + drivers/media/i2c/Kconfig | 2 + drivers/media/i2c/ad9389b.c | 2 +- drivers/media/i2c/adv7511.c | 2 +- drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 4 +- drivers/media/i2c/tc358743.c | 2 +- drivers/media/i2c/ths8200.c | 2 +- drivers/media/i2c/video-i2c.c | 11 +- drivers/media/platform/coda/coda-bit.c | 19 ++-- drivers/media/platform/coda/coda-common.c | 15 ++- drivers/media/platform/coda/coda.h | 6 +- drivers/media/platform/coda/coda_regs.h | 2 +- drivers/media/platform/davinci/vpbe.c | 7 +- .../media/platform/mtk-vcodec/mtk_vcodec_enc_pm.c | 10 +- drivers/media/rc/rc-main.c | 2 + drivers/memstick/core/memstick.c | 3 + drivers/mmc/host/bcm2835.c | 12 +++ drivers/mmc/host/jz4740_mmc.c | 20 ++-- drivers/mmc/host/meson-mx-sdio.c | 6 ++ drivers/mmc/host/sdhci-of-esdhc.c | 16 ++- drivers/mmc/host/sdhci-omap.c | 16 ++- drivers/mmc/host/sdhci-xenon-phy.c | 10 +- drivers/mmc/host/sdhci-xenon.c | 10 +- drivers/net/dsa/mv88e6xxx/global1_atu.c | 21 ++-- .../aquantia/atlantic/hw_atl/hw_atl_utils.c | 2 + drivers/net/ethernet/broadcom/bcmsysport.c | 25 ++--- drivers/net/ethernet/broadcom/bcmsysport.h | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 ++-- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/fman/fman_memac.c | 2 +- drivers/net/ethernet/freescale/fman/fman_tgec.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 16 +-- drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 8 ++ drivers/net/ethernet/intel/ice/ice_main.c | 16 ++- drivers/net/ethernet/intel/igb/igb_main.c | 8 +- drivers/net/ethernet/marvell/skge.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 14 +++ drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 6 ++ .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 +-- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 23 ++++ .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 5 +- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 27 +---- drivers/net/ethernet/sun/niu.c | 10 +- drivers/net/phy/dp83640.c | 13 ++- drivers/net/phy/marvell.c | 12 --- drivers/net/usb/smsc95xx.c | 1 + drivers/net/virtio_net.c | 20 +++- drivers/net/wireless/ath/ath10k/core.c | 1 + drivers/net/wireless/ath/ath9k/dynack.c | 3 +- drivers/net/wireless/ath/wil6210/main.c | 11 +- drivers/net/wireless/ath/wil6210/txrx.c | 2 + drivers/net/wireless/intel/iwlwifi/fw/api/mac.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c | 4 + drivers/net/wireless/mediatek/mt76/mt76x2_dfs.c | 8 +- drivers/net/wireless/st/cw1200/scan.c | 13 ++- drivers/opp/core.c | 11 +- drivers/pci/controller/dwc/pci-imx6.c | 10 ++ drivers/pci/switch/switchtec.c | 3 + drivers/perf/arm_spe_pmu.c | 5 + drivers/phy/allwinner/phy-sun4i-usb.c | 7 ++ drivers/pinctrl/bcm/pinctrl-bcm2835.c | 16 +-- drivers/pinctrl/meson/pinctrl-meson8.c | 3 + drivers/pinctrl/meson/pinctrl-meson8b.c | 13 ++- drivers/pinctrl/pinctrl-sx150x.c | 11 +- drivers/platform/chrome/cros_ec_proto.c | 18 +++- drivers/platform/x86/mlx-platform.c | 12 +-- drivers/ptp/ptp_chardev.c | 5 +- drivers/ptp/ptp_clock.c | 5 +- drivers/s390/crypto/zcrypt_error.h | 2 + drivers/scsi/aic94xx/aic94xx_init.c | 8 +- drivers/scsi/cxlflash/main.c | 2 + drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 2 +- drivers/scsi/lpfc/lpfc_els.c | 52 +++++---- drivers/scsi/lpfc/lpfc_nportdisc.c | 5 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 7 +- drivers/scsi/smartpqi/smartpqi_init.c | 6 ++ drivers/scsi/smartpqi/smartpqi_sis.c | 2 +- drivers/soc/bcm/brcmstb/common.c | 6 +- drivers/soc/tegra/common.c | 6 +- drivers/staging/erofs/internal.h | 2 +- drivers/staging/fsl-dpaa2/rtc/rtc.c | 5 +- drivers/staging/iio/adc/ad7280a.c | 17 ++- drivers/staging/iio/adc/ad7780.c | 6 +- drivers/staging/iio/resolver/ad2s90.c | 7 +- drivers/staging/pi433/pi433_if.c | 4 + drivers/staging/speakup/spk_ttyio.c | 6 +- drivers/tee/optee/supp.c | 13 +-- drivers/thermal/broadcom/bcm2835_thermal.c | 11 ++ drivers/thermal/thermal-generic-adc.c | 12 ++- drivers/thermal/thermal_core.c | 12 ++- drivers/thermal/thermal_hwmon.h | 4 +- drivers/thermal/thermal_sysfs.c | 11 +- drivers/tty/serial/8250/8250_pci.c | 9 +- drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/samsung.c | 3 + drivers/tty/serial/serial_core.c | 6 ++ drivers/tty/serial/sh-sci.c | 32 ++++-- drivers/usb/core/hub.c | 10 ++ drivers/usb/dwc2/params.c | 10 +- drivers/usb/dwc3/gadget.c | 16 +-- drivers/usb/dwc3/trace.h | 2 + drivers/usb/gadget/udc/net2272.c | 2 +- drivers/usb/mtu3/mtu3_core.c | 4 +- drivers/usb/mtu3/mtu3_gadget_ep0.c | 8 +- drivers/usb/musb/musb_dsps.c | 21 +++- drivers/usb/musb/musb_gadget.c | 13 +-- drivers/usb/musb/musbhsdma.c | 21 ++-- drivers/usb/phy/phy-am335x.c | 5 +- drivers/usb/renesas_usbhs/common.c | 4 + drivers/video/fbdev/clps711x-fb.c | 5 +- drivers/video/fbdev/core/fbcon.c | 2 +- drivers/video/fbdev/core/fbmem.c | 8 +- drivers/virt/vboxguest/vboxguest_core.c | 2 +- drivers/watchdog/renesas_wdt.c | 9 +- fs/binfmt_script.c | 10 +- fs/btrfs/btrfs_inode.h | 1 + fs/btrfs/ctree.h | 2 +- fs/btrfs/extent_io.c | 17 ++- fs/btrfs/inode.c | 11 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/reada.c | 12 ++- fs/btrfs/volumes.c | 29 +++++ fs/cifs/readdir.c | 9 +- fs/dlm/ast.c | 10 ++ fs/eventpoll.c | 2 +- fs/f2fs/acl.c | 14 +-- fs/f2fs/data.c | 12 ++- fs/f2fs/f2fs.h | 12 ++- fs/f2fs/file.c | 3 + fs/f2fs/shrinker.c | 2 +- fs/f2fs/super.c | 27 ++--- fs/fuse/dev.c | 4 +- fs/fuse/file.c | 2 +- fs/nfs/super.c | 3 +- fs/nfsd/nfsctl.c | 2 + fs/ocfs2/Makefile | 2 +- fs/ocfs2/buffer_head_io.c | 2 - fs/ocfs2/dlm/Makefile | 2 +- fs/ocfs2/dlmfs/Makefile | 2 +- fs/proc/base.c | 12 ++- fs/udf/inode.c | 6 ++ fs/xfs/libxfs/xfs_attr_leaf.c | 11 +- fs/xfs/libxfs/xfs_bmap.c | 5 +- fs/xfs/libxfs/xfs_btree.c | 2 +- fs/xfs/xfs_aops.c | 2 + fs/xfs/xfs_bmap_util.c | 10 +- fs/xfs/xfs_buf_item.c | 28 +++-- fs/xfs/xfs_ioctl.c | 2 +- fs/xfs/xfs_qm_bhv.c | 2 +- fs/xfs/xfs_reflink.c | 1 + fs/xfs/xfs_stats.c | 2 +- include/linux/cpu.h | 2 - include/linux/genl_magic_struct.h | 5 +- include/linux/gpio/consumer.h | 6 +- include/linux/hid-debug.h | 9 +- include/linux/kvm_host.h | 3 +- include/linux/mlx5/driver.h | 2 +- include/sound/compress_driver.h | 6 +- kernel/cgroup/cgroup.c | 2 +- kernel/cpu.c | 33 +----- kernel/debug/debug_core.c | 4 + kernel/debug/kdb/kdb_bt.c | 11 +- kernel/debug/kdb/kdb_debugger.c | 7 -- kernel/events/ring_buffer.c | 3 + kernel/futex.c | 28 +++-- kernel/hung_task.c | 20 ++-- kernel/irq/affinity.c | 5 +- kernel/kcov.c | 2 +- kernel/locking/rtmutex.c | 37 ++++++- kernel/module.c | 6 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 - kernel/sysctl.c | 2 + kernel/time/timekeeping.c | 4 +- kernel/trace/trace_stack.c | 2 +- lib/seq_buf.c | 6 +- lib/test_rhashtable.c | 23 ++-- mm/page_alloc.c | 37 +++++-- mm/percpu-km.c | 5 +- net/dccp/ccid.h | 4 +- net/dsa/master.c | 4 + net/dsa/slave.c | 17 +-- net/ipv6/xfrm6_tunnel.c | 3 + net/mac80211/rx.c | 5 +- net/rds/bind.c | 6 +- net/rxrpc/recvmsg.c | 3 +- net/sctp/socket.c | 4 +- net/sctp/stream.c | 20 ++++ net/tipc/node.c | 6 ++ samples/livepatch/livepatch-shadow-fix1.c | 5 + samples/livepatch/livepatch-shadow-mod.c | 4 + scripts/decode_stacktrace.sh | 2 +- scripts/gdb/linux/proc.py | 2 +- scripts/mod/modpost.c | 50 ++++----- security/smack/smack_lsm.c | 12 ++- sound/pci/hda/hda_bind.c | 3 +- sound/pci/hda/hda_codec.h | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 62 ++++++----- sound/soc/fsl/Kconfig | 2 +- sound/soc/intel/atom/sst/sst_loader.c | 8 +- sound/usb/quirks.c | 1 + tools/build/Makefile.feature | 4 +- tools/build/feature/Makefile | 10 +- tools/hv/hv_kvp_daemon.c | 15 ++- tools/lib/bpf/bpf.c | 11 +- tools/perf/Makefile.config | 44 ++++---- tools/perf/arch/x86/util/kvm-stat.c | 2 +- tools/perf/tests/attr.py | 2 +- tools/perf/tests/evsel-tp-sched.c | 2 +- tools/perf/util/dso.c | 2 +- tools/perf/util/header.c | 6 +- tools/perf/util/probe-file.c | 2 +- tools/perf/util/python.c | 3 +- tools/perf/util/s390-cpumsf.c | 2 +- .../x86/intel_pstate_tracer/intel_pstate_tracer.py | 4 +- tools/testing/selftests/bpf/test_progs.c | 8 +- virt/kvm/arm/mmio.c | 11 +- virt/kvm/kvm_main.c | 6 +- 345 files changed, 2152 insertions(+), 1087 deletions(-)

5 years, 10 months

7
321
0 0

Applied "regulator: s2mps11: Fix steps for buck7, buck8 and LDO35" to the regulator tree

by Mark Brown

The patch regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 56b5d4ea778c1b0989c5cdb5406d4a488144c416 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzk(a)kernel.org> Date: Sat, 9 Feb 2019 18:14:14 +0100 Subject: [PATCH] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 LDO35 uses 25 mV step, not 50 mV. Bucks 7 and 8 use 12.5 mV step instead of 6.25 mV. Wrong step caused over-voltage (LDO35) or under-voltage (buck7 and 8) if regulators were used (e.g. on Exynos5420 Arndale Octa board). Cc: <stable(a)vger.kernel.org> Fixes: cb74685ecb39 ("regulator: s2mps11: Add samsung s2mps11 regulator driver") Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> --- drivers/regulator/s2mps11.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/regulator/s2mps11.c b/drivers/regulator/s2mps11.c index ee4a23ab0663..134c62db36c5 100644 --- a/drivers/regulator/s2mps11.c +++ b/drivers/regulator/s2mps11.c @@ -362,7 +362,7 @@ static const struct regulator_desc s2mps11_regulators[] = { regulator_desc_s2mps11_ldo(32, STEP_50_MV), regulator_desc_s2mps11_ldo(33, STEP_50_MV), regulator_desc_s2mps11_ldo(34, STEP_50_MV), - regulator_desc_s2mps11_ldo(35, STEP_50_MV), + regulator_desc_s2mps11_ldo(35, STEP_25_MV), regulator_desc_s2mps11_ldo(36, STEP_50_MV), regulator_desc_s2mps11_ldo(37, STEP_50_MV), regulator_desc_s2mps11_ldo(38, STEP_50_MV), @@ -372,8 +372,8 @@ static const struct regulator_desc s2mps11_regulators[] = { regulator_desc_s2mps11_buck1_4(4), regulator_desc_s2mps11_buck5, regulator_desc_s2mps11_buck67810(6, MIN_600_MV, STEP_6_25_MV), - regulator_desc_s2mps11_buck67810(7, MIN_600_MV, STEP_6_25_MV), - regulator_desc_s2mps11_buck67810(8, MIN_600_MV, STEP_6_25_MV), + regulator_desc_s2mps11_buck67810(7, MIN_600_MV, STEP_12_5_MV), + regulator_desc_s2mps11_buck67810(8, MIN_600_MV, STEP_12_5_MV), regulator_desc_s2mps11_buck9, regulator_desc_s2mps11_buck67810(10, MIN_750_MV, STEP_12_5_MV), }; -- 2.20.1

5 years, 11 months

1
0
0 0

[PATCH 3.18] HID: debug: fix the ring buffer implementation

by Vladis Dronov

commit 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035 upstream. Ring buffer implementation in hid_debug_event() and hid_debug_events_read() is strange allowing lost or corrupted data. After commit 717adfdaf147 ("HID: debug: check length before copy_to_user()") it is possible to enter an infinite loop in hid_debug_events_read() by providing 0 as count, this locks up a system. Fix this by rewriting the ring buffer implementation with kfifo and simplify the code. This fixes CVE-2019-3819. Backport to v3.18: some (tree-wide) patches are missing in v3.18 so cherry-pick relevant pieces from: * 6396bb221514 ("treewide: kzalloc() -> kcalloc()") * a9a08845e9ac ("vfs: do bulk POLL* -> EPOLL* replacement") * 92529623d242 ("HID: debug: improve hid_debug_event()") * 174cd4b1e5fb ("sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>") * 8fec02a73e31 ("HID: debug: fix error handling in hid_debug_events_read()") Link: https://bugzilla.redhat.com/show_bug.cgi?id=1669187 Cc: stable(a)vger.kernel.org # v3.18 Fixes: cd667ce24796 ("HID: use debugfs for events/reports dumping") Fixes: 717adfdaf147 ("HID: debug: check length before copy_to_user()") Signed-off-by: Vladis Dronov <vdronov(a)redhat.com> --- drivers/hid/hid-debug.c | 126 +++++++++++++++----------------------- include/linux/hid-debug.h | 9 ++- 2 files changed, 54 insertions(+), 81 deletions(-) diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c index 6c60f4b63d21..d7179dd3c9ef 100644 --- a/drivers/hid/hid-debug.c +++ b/drivers/hid/hid-debug.c @@ -30,6 +30,7 @@ #include <linux/debugfs.h> #include <linux/seq_file.h> +#include <linux/kfifo.h> #include <linux/sched.h> #include <linux/export.h> #include <linux/slab.h> @@ -454,7 +455,7 @@ static char *resolv_usage_page(unsigned page, struct seq_file *f) { char *buf = NULL; if (!f) { - buf = kzalloc(sizeof(char) * HID_DEBUG_BUFSIZE, GFP_ATOMIC); + buf = kzalloc(HID_DEBUG_BUFSIZE, GFP_ATOMIC); if (!buf) return ERR_PTR(-ENOMEM); } @@ -658,17 +659,12 @@ EXPORT_SYMBOL_GPL(hid_dump_device); /* enqueue string to 'events' ring buffer */ void hid_debug_event(struct hid_device *hdev, char *buf) { - int i; struct hid_debug_list *list; unsigned long flags; spin_lock_irqsave(&hdev->debug_list_lock, flags); - list_for_each_entry(list, &hdev->debug_list, node) { - for (i = 0; i < strlen(buf); i++) - list->hid_debug_buf[(list->tail + i) % HID_DEBUG_BUFSIZE] = - buf[i]; - list->tail = (list->tail + i) % HID_DEBUG_BUFSIZE; - } + list_for_each_entry(list, &hdev->debug_list, node) + kfifo_in(&list->hid_debug_fifo, buf, strlen(buf)); spin_unlock_irqrestore(&hdev->debug_list_lock, flags); wake_up_interruptible(&hdev->debug_wait); @@ -719,8 +715,7 @@ void hid_dump_input(struct hid_device *hdev, struct hid_usage *usage, __s32 valu hid_debug_event(hdev, buf); kfree(buf); - wake_up_interruptible(&hdev->debug_wait); - + wake_up_interruptible(&hdev->debug_wait); } EXPORT_SYMBOL_GPL(hid_dump_input); @@ -1085,8 +1080,8 @@ static int hid_debug_events_open(struct inode *inode, struct file *file) goto out; } - if (!(list->hid_debug_buf = kzalloc(sizeof(char) * HID_DEBUG_BUFSIZE, GFP_KERNEL))) { - err = -ENOMEM; + err = kfifo_alloc(&list->hid_debug_fifo, HID_DEBUG_FIFOSIZE, GFP_KERNEL); + if (err) { kfree(list); goto out; } @@ -1106,76 +1101,57 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) { struct hid_debug_list *list = file->private_data; - int ret = 0, len; + int ret = 0, copied; DECLARE_WAITQUEUE(wait, current); mutex_lock(&list->read_mutex); - while (ret == 0) { - if (list->head == list->tail) { - add_wait_queue(&list->hdev->debug_wait, &wait); - set_current_state(TASK_INTERRUPTIBLE); - - while (list->head == list->tail) { - if (file->f_flags & O_NONBLOCK) { - ret = -EAGAIN; - break; - } - if (signal_pending(current)) { - ret = -ERESTARTSYS; - break; - } + if (kfifo_is_empty(&list->hid_debug_fifo)) { + add_wait_queue(&list->hdev->debug_wait, &wait); + set_current_state(TASK_INTERRUPTIBLE); + + while (kfifo_is_empty(&list->hid_debug_fifo)) { + if (file->f_flags & O_NONBLOCK) { + ret = -EAGAIN; + break; + } - if (!list->hdev || !list->hdev->debug) { - ret = -EIO; - break; - } + if (signal_pending(current)) { + ret = -ERESTARTSYS; + break; + } - /* allow O_NONBLOCK from other threads */ - mutex_unlock(&list->read_mutex); - schedule(); - mutex_lock(&list->read_mutex); - set_current_state(TASK_INTERRUPTIBLE); + /* if list->hdev is NULL we cannot remove_wait_queue(). + * if list->hdev->debug is 0 then hid_debug_unregister() + * was already called and list->hdev is being destroyed. + * if we add remove_wait_queue() here we can hit a race. + */ + if (!list->hdev || !list->hdev->debug) { + ret = -EIO; + set_current_state(TASK_RUNNING); + goto out; } - set_current_state(TASK_RUNNING); - remove_wait_queue(&list->hdev->debug_wait, &wait); + /* allow O_NONBLOCK from other threads */ + mutex_unlock(&list->read_mutex); + schedule(); + mutex_lock(&list->read_mutex); + set_current_state(TASK_INTERRUPTIBLE); } - if (ret) - goto out; + __set_current_state(TASK_RUNNING); + remove_wait_queue(&list->hdev->debug_wait, &wait); - /* pass the ringbuffer contents to userspace */ -copy_rest: - if (list->tail == list->head) + if (ret) goto out; - if (list->tail > list->head) { - len = list->tail - list->head; - if (len > count) - len = count; - - if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { - ret = -EFAULT; - goto out; - } - ret += len; - list->head += len; - } else { - len = HID_DEBUG_BUFSIZE - list->head; - if (len > count) - len = count; - - if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { - ret = -EFAULT; - goto out; - } - list->head = 0; - ret += len; - count -= len; - if (count > 0) - goto copy_rest; - } - } + + /* pass the fifo content to userspace, locking is not needed with only + * one concurrent reader and one concurrent writer + */ + ret = kfifo_to_user(&list->hid_debug_fifo, buffer, count, &copied); + if (ret) + goto out; + ret = copied; out: mutex_unlock(&list->read_mutex); return ret; @@ -1186,7 +1162,7 @@ static unsigned int hid_debug_events_poll(struct file *file, poll_table *wait) struct hid_debug_list *list = file->private_data; poll_wait(file, &list->hdev->debug_wait, wait); - if (list->head != list->tail) + if (!kfifo_is_empty(&list->hid_debug_fifo)) return POLLIN | POLLRDNORM; if (!list->hdev->debug) return POLLERR | POLLHUP; @@ -1201,7 +1177,7 @@ static int hid_debug_events_release(struct inode *inode, struct file *file) spin_lock_irqsave(&list->hdev->debug_list_lock, flags); list_del(&list->node); spin_unlock_irqrestore(&list->hdev->debug_list_lock, flags); - kfree(list->hid_debug_buf); + kfifo_free(&list->hid_debug_fifo); kfree(list); return 0; @@ -1252,4 +1228,3 @@ void hid_debug_exit(void) { debugfs_remove_recursive(hid_debug_root); } - diff --git a/include/linux/hid-debug.h b/include/linux/hid-debug.h index 8663f216c563..2d6100edf204 100644 --- a/include/linux/hid-debug.h +++ b/include/linux/hid-debug.h @@ -24,7 +24,10 @@ #ifdef CONFIG_DEBUG_FS +#include <linux/kfifo.h> + #define HID_DEBUG_BUFSIZE 512 +#define HID_DEBUG_FIFOSIZE 512 void hid_dump_input(struct hid_device *, struct hid_usage *, __s32); void hid_dump_report(struct hid_device *, int , u8 *, int); @@ -37,11 +40,8 @@ void hid_debug_init(void); void hid_debug_exit(void); void hid_debug_event(struct hid_device *, char *); - struct hid_debug_list { - char *hid_debug_buf; - int head; - int tail; + DECLARE_KFIFO_PTR(hid_debug_fifo, char); struct fasync_struct *fasync; struct hid_device *hdev; struct list_head node; @@ -64,4 +64,3 @@ struct hid_debug_list { #endif #endif - -- 2.20.1

5 years, 11 months

1
0
0 0

Stable queue: queue-4.20

by CKI

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: fb978c0292e7 Linux 4.20.7 The results of these automated tests are provided below. Overall result: PASSED Patch merge: OK Compile: OK Kernel tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: fb978c0292e7 Linux 4.20.7 We then merged the following patches with `git am`: drm-bufs-fix-spectre-v1-vulnerability.patch drm-v3d-fix-a-use-after-free-race-accessing-the-sche.patch staging-iio-adc-ad7280a-handle-error-from-__ad7280_r.patch drm-vgem-fix-vgem_init-to-get-drm-device-available.patch pinctrl-bcm2835-use-raw-spinlock-for-rt-compatibilit.patch clk-sunxi-ng-h6-set-video-plls-limits.patch asoc-intel-mrfld-fix-uninitialized-variable-access.patch gpiolib-fix-possible-use-after-free-on-label.patch drm-sun4i-initialize-registers-in-tcon-top-driver.patch ath10k-fixup-extended-per-sta-tx-statistics.patch genirq-affinity-spread-irqs-to-all-available-numa-no.patch gpu-ipu-v3-image-convert-prevent-race-between-run-an.patch drm-amd-display-fix-potential-nullptr-error.patch nds32-fix-gcc-8.0-compiler-option-incompatible.patch wil6210-fix-reset-flow-for-talyn-mb.patch wil6210-fix-memory-leak-in-wil_find_tx_bcast_2.patch ath10k-assign-n_cipher_suites-for-wcn3990.patch ath9k-dynack-use-authentication-messages-for-late-ac.patch scsi-lpfc-correct-lcb-rjt-handling.patch scsi-mpt3sas-call-sas_remove_host-before-removing-th.patch scsi-lpfc-fix-logo-plogi-handling-when-triggerd-by-a.patch arm-8808-1-kexec-offline-panic_smp_self_stop-cpu.patch clk-boston-fix-possible-memory-leak-in-clk_boston_se.patch dlm-don-t-swamp-the-cpu-with-callbacks-queued-during.patch x86-pci-fix-broadcom-cnb20le-unintended-sign-extensi.patch powerpc-pseries-add-of_node_put-in-dlpar_detach_node.patch bpftool-improve-handling-of-enoent-on-map-dumps.patch s390-qeth-utilize-virtual-mac-for-layer2-osd-devices.patch crypto-aes_ti-disable-interrupts-while-accessing-s-b.patch drm-vc4-x_scaling-1-should-never-be-set-to-vc4_scali.patch serial-fsl_lpuart-clear-parity-enable-bit-when-disab.patch ptp-check-gettime64-return-code-in-ptp_sys_offset-io.patch mips-boston-disable-eg20t-prefetch.patch dpaa2-ptp-defer-probe-when-portal-allocation-failed.patch iwlwifi-fw-do-not-set-sgi-bits-for-he-connection.patch staging-iio-ad2s90-make-probe-handle-spi_setup-failu.patch fpga-altera-cvp-fix-registration-for-cvp-incapable-d.patch tools-hv-kvp-fix-a-warning-of-buffer-overflow-with-g.patch fpga-altera-cvp-fix-bad-io-access-on-x86_64.patch vbox-fix-link-error-with-gcc-og.patch platform-chrome-don-t-report-ec_mkbp_event_sensor_fi.patch i40e-suppress-bogus-error-message.patch i40e-prevent-overlapping-tx_timeout-recover.patch scsi-hisi_sas-change-the-time-of-sas-ssp-connection.patch staging-iio-ad7780-update-voltage-on-read.patch usbnet-smsc95xx-fix-rx-packet-alignment.patch drm-rockchip-fix-for-mailbox-read-size.patch arm-omap2-hwmod-fix-some-section-annotations.patch drm-amd-display-fix-gamma-not-being-applied-correctl.patch drm-amd-display-calculate-stream-phy_pix_clk-before-.patch bpf-libbpf-retry-map-creation-without-the-name.patch net-mlx5-eq-use-the-right-place-to-store-read-irq-af.patch modpost-validate-symbol-names-also-in-find_elf_symbo.patch perf-tools-add-hygon-dhyana-support.patch scsi-cxgb4i-fix-thermal-configuration-dependencies.patch soc-tegra-don-t-leak-device-tree-node-reference.patch media-rc-ensure-close-is-called-on-rc_unregister_dev.patch media-video-i2c-avoid-accessing-released-memory-area.patch media-mtk-vcodec-release-device-nodes-in-mtk_vcodec_.patch staging-erofs-fix-the-definition-of-dbg_bugon.patch staging-erofs-fix-race-when-the-managed-cache-is-ena.patch media-vivid-fill-in-media_device-bus_info.patch rdma-core-sync-unregistration-with-netlink-commands.patch drm-rcar-du-fix-external-clock-error-checks.patch clk-meson-meson8b-do-not-use-cpu_div3-for-cpu_scale_.patch clk-meson-meson8b-fix-the-width-of-the-cpu_scale_div.patch clk-meson-meson8b-mark-the-cpu-clock-as-clk_is_criti.patch ptp-fix-pass-zero-to-err_ptr-in-ptp_clock_register.patch dmaengine-xilinx_dma-remove-__aligned-attribute-on-z.patch powerpc-32-add-.data.lubsan_data-.data.lubsan_type-s.patch iio-adc-meson-saradc-check-for-devm_kasprintf-failur.patch iio-adc-meson-saradc-fix-internal-clock-names.patch iio-accel-kxcjk1013-add-kiox010a-acpi-hardware-id.patch media-adv-tc358743-ths8200-fill-in-min-width-height-.patch acpi-spcr-consider-baud-rate-0-as-preconfigured-stat.patch staging-pi433-fix-potential-null-dereference.patch f2fs-avoid-gc-causing-encrypted-file-corrupted.patch f2fs-move-dir-data-flush-to-write-checkpoint-process.patch f2fs-fix-race-between-write_checkpoint-and-write_beg.patch f2fs-fix-wrong-return-value-of-f2fs_acl_create.patch i2c-sh_mobile-add-support-for-r8a77990-r-car-e3.patch arm64-io-ensure-calls-to-delay-routines-are-ordered-.patch net-aquantia-return-err-if-set-mpi_deinit-state-fail.patch sunvdc-do-not-spin-in-an-infinite-loop-when-vio_ldc_.patch soc-bcm-brcmstb-don-t-leak-device-tree-node-referenc.patch nfsd4-fix-crash-on-writing-v4_end_grace-before-nfsd-.patch drm-clear-state-acquire_ctx-before-leaving-drm_atomi.patch perf-arm_spe-handle-devm_kasprintf-failure.patch arm64-io-ensure-value-passed-to-__iormb-is-held-in-a.patch thermal-do-not-clear-passive-state-during-system-sle.patch thermal-fix-locking-in-cooling-device-sysfs-update-c.patch firmware-efi-add-null-pointer-checks-in-efivars-api-.patch s390-zcrypt-improve-special-ap-message-cmd-handling.patch mt76x0-dfs-fix-ibi_r11-configuration-on-non-radar-ch.patch arm64-ftrace-don-t-adjust-the-lr-value.patch drm-v3d-fix-prime-imports-of-buffers-from-other-driv.patch arm-dts-mmp2-fix-twsi2.patch arm-dts-aspeed-add-missing-memory-unit-address.patch spi-fix-spi-at91-usart.c-build-errors-when-pinctrl-i.patch x86-fpu-add-might_fault-to-user_insn.patch media-i2c-tda1997x-select-config_hdmi.patch media-davinci-vpbe-fix-error-handling-in-vpbe_initia.patch platform-x86-fix-config-space-access-for-intel_atomi.patch smack-fix-access-permissions-for-keyring.patch xtensa-xtfpga.dtsi-fix-dtc-warnings-about-spi.patch usb-dwc3-correct-the-logic-for-checking-trb-full-in-.patch dmaengine-sprd-support-dma-link-list-cyclic-callback.patch usb-dwc2-disable-power-down-feature-on-samsung-socs.patch usb-hub-delay-hub-autosuspend-if-usb3-port-is-still-.patch timekeeping-use-proper-seqcount-initializer.patch usb-mtu3-fix-the-issue-about-setfeature-u1-u2_enable.patch clk-sunxi-ng-a33-set-clk_set_rate_parent-for-all-aud.patch media-imx274-select-regmap_i2c.patch mac80211-fix-deauth-tx-when-we-disconnect.patch pinctrl-nuvoton-check-for-devm_kasprintf-failure.patch drm-amdgpu-powerplay-fix-clock-stretcher-limits-on-p.patch tipc-fix-node-keep-alive-interval-calculation.patch arm64-dts-rockchip-fix-rk3399-rockpro64-regulator-gp.patch driver-core-move-async_synchronize_full-call.patch kobject-return-error-code-if-writing-sys-.-uevent-fa.patch ib-hfi1-unreserve-a-reserved-request-when-it-is-comp.patch usb-dwc3-trace-add-missing-break-statement-to-make-c.patch gpio-mt7621-report-failure-of-devm_kasprintf.patch gpio-mt7621-pass-mediatek_gpio_bank_probe-failure-up.patch pinctrl-sx150x-handle-failure-case-of-devm_kstrdup.patch iommu-amd-fix-amd_iommu-force_isolation.patch media-v4l2-device-link-subdevices-to-their-parent-de.patch arm-omap1-ams-delta-fix-audio-permanently-muted.patch arm-dts-fix-omap4430-sdp-ethernet-startup.patch mips-bpf-fix-encoding-bug-for-mm_srlv32_op.patch media-coda-fix-h.264-deblocking-filter-controls.patch arm64-dts-meson-fix-irq-trigger-type-for-macirq.patch arm-dts-fix-up-the-d-link-dir-685-mtd-partition-info.patch watchdog-renesas_wdt-don-t-set-divider-while-watchdo.patch arm-dts-imx51-zii-rdu1-do-not-specify-power-gpio-for.patch usb-dwc3-gadget-disable-csp-for-stream-out-ep.patch iommu-arm-smmu-v3-avoid-memory-corruption-from-hisil.patch iommu-arm-smmu-add-support-for-qcom-smmu-v2-variant.patch iommu-arm-smmu-v3-use-explicit-mb-when-moving-cons-p.patch sata_rcar-fix-deferred-probing.patch clk-imx6sl-ensure-mmdc-ch0-handshake-is-bypassed.patch platform-x86-mlx-platform-fix-tachometer-registers.patch cpuidle-big.little-fix-refcount-leak.patch opp-use-opp_table-regulators-to-verify-no-regulator-.patch tee-optee-avoid-possible-double-list_del.patch drm-msm-dsi-fix-dsi-clock-names-in-dsi-10nm-pll-driv.patch drm-msm-dpu-only-check-flush-register-against-pendin.patch lightnvm-pblk-fix-resubmission-of-overwritten-write-.patch lightnvm-pblk-add-lock-protection-to-list-operations.patch i2c-axxia-check-for-error-conditions-first.patch lightnvm-fix-uninitialized-return-value-in-nvm_get_c.patch phy-sun4i-usb-add-support-for-missing-usb-phy-index.patch mlxsw-spectrum_acl-limit-priority-value.patch udf-fix-bug-on-corrupted-inode.patch switchtec-fix-switchtec_ioctl_event_idx_all-flags-ov.patch selftests-bpf-use-__bpf_constant_htons-in-test_prog..patch arm-pxa-avoid-section-mismatch-warning.patch asoc-fsl-fix-snd_soc_eukrea_tlv320-build-error-on-i..patch fix-dma-buf-udmabuf-selftest.patch clk-qcom-leave-mmss-noc-on-for-8998.patch f2fs-fix-to-reorder-set_page_dirty-and-wait_on_page_.patch ipv6-fix-handling-of-lla-with-vrf-and-sockets-bound-.patch tools-bpftool-fix-wmissing-declaration-warnings.patch kvm-ppc-book3s-only-report-kvm_cap_spapr_tce_vfio-on.patch mmc-bcm2835-recover-from-mmc_send_ext_csd.patch mmc-bcm2835-reset-host-on-timeout.patch mmc-meson-mx-sdio-check-devm_kasprintf-for-failure.patch memstick-prevent-memstick-host-from-getting-runtime-.patch mmc-sdhci-of-esdhc-fix-timeout-checks.patch mmc-sdhci-omap-fix-timeout-checks.patch mmc-sdhci-xenon-fix-timeout-checks.patch mmc-jz4740-get-cd-wp-gpios-from-descriptors.patch usb-renesas_usbhs-add-support-for-rz-g2e.patch btrfs-harden-agaist-duplicate-fsid-on-scanned-device.patch serial-sh-sci-fix-locking-in-sci_submit_rx.patch serial-sh-sci-resume-pio-in-sci_rx_interrupt-on-dma-.patch tty-serial-samsung-properly-set-flags-in-autocts-mod.patch perf-stat-fix-csv-mode-column-output-for-non-cgroup-.patch perf-test-fix-perf_event_attr-test-failure.patch perf-dso-fix-unchecked-usage-of-strncpy.patch perf-header-fix-unchecked-usage-of-strncpy.patch btrfs-use-tagged-writepage-to-mitigate-livelock-of-s.patch perf-probe-fix-unchecked-usage-of-strncpy.patch i2c-sh_mobile-add-support-for-r8a774c0-rz-g2e.patch bnxt_en-disable-msix-before-re-reserving-nqs-cmpl-ri.patch tools-power-x86-intel_pstate_tracer-fix-non-root-exe.patch pinctrl-rza1-handle-devm_kasprintf-failure-cases.patch mac80211-properly-handle-skb-with-radiotap-only.patch livepatch-check-kzalloc-return-values.patch arm64-kvm-skip-mmio-insn-after-emulation.patch usb-musb-dsps-fix-otg-state-machine.patch usb-musb-dsps-fix-runtime-pm-for-peripheral-mode.patch perf-header-fix-up-argument-to-ctime.patch perf-tools-cast-off_t-to-s64-to-avoid-warning-on-bio.patch percpu-convert-spin_lock_irq-to-spin_lock_irqsave.patch net-hns3-fix-error-handling-int-the-hns3_get_vector_.patch net-hns3-fix-incomplete-uninitialization-of-irq-in-t.patch drm-amd-display-add-retry-to-read-ddc_clock-pin.patch drm-amd-display-wait-edp-hpd-to-high-in-detect_sink.patch bluetooth-hci_bcm-handle-deferred-probing-for-the-cl.patch drm-amd-display-fix-ycbcr420-blank-color.patch powerpc-uaccess-fix-warning-error-with-access_ok.patch mac80211-fix-radiotap-vendor-presence-bitmap-handlin.patch xfrm6_tunnel-fix-spi-check-in-__xfrm6_tunnel_alloc_s.patch mlxsw-spectrum-properly-cleanup-lag-uppers-when-remo.patch scsi-smartpqi-correct-host-serial-num-for-ssa.patch scsi-smartpqi-correct-volume-status.patch scsi-smartpqi-increase-fw-status-register-read-timeo.patch cw1200-fix-concurrency-use-after-free-bugs-in-cw1200.patch net-hns3-add-max-vector-number-check-for-pf.patch net-hns3-fix-the-descriptor-index-when-get-rss-type.patch net-hns3-don-t-restore-rules-when-flow-director-is-d.patch powerpc-perf-fix-thresholding-counter-data-for-unkno.patch iwlwifi-mvm-fix-setting-he-ppe-fw-config.patch powerpc-powernv-ioda-allocate-indirect-tce-levels-of.patch mlx5-update-timecounter-at-least-twice-per-counter-o.patch drbd-narrow-rcu_read_lock-in-drbd_sync_handshake.patch drbd-disconnect-if-the-wrong-uuids-are-attached-on-a.patch drbd-skip-spurious-timeout-ping-timeo-when-failing-p.patch drbd-avoid-clang-warning-about-pointless-switch-stat.patch ath10k-fix-kernel-panic-due-to-use-after-free.patch ath10k-fix-tx_stats-memory-leak.patch drm-amd-display-validate-extended-dongle-caps.patch video-clps711x-fb-release-disp-device-node-in-probe.patch md-fix-raid10-hang-issue-caused-by-barrier.patch fbdev-fbmem-behave-better-with-small-rotated-display.patch i40e-define-proper-net_device-neigh_priv_len.patch ice-do-not-enable-napi-on-q_vectors-that-have-no-rin.patch igb-fix-an-issue-that-pme-is-not-enabled-during-runt.patch acpi-apei-clear-ghes-block_status-before-panic.patch fbdev-fbcon-fix-unregister-crash-when-more-than-one-.patch bpf-sk_msg-zap-ingress-queue-on-psock-down.patch powerpc-mm-fix-reporting-of-kernel-execute-faults-on.patch bpf-sk_msg-fix-socket-data_ready-events.patch pinctrl-meson-meson8-fix-the-gpio-function-for-the-g.patch pinctrl-meson-meson8b-fix-the-gpio-function-for-the-.patch kvm-x86-svm-report-msr_ia32_mcg_ext_ctl-as-unsupport.patch powerpc-fadump-do-not-allow-hot-remove-memory-from-f.patch selftests-kvm-report-failed-stage-when-exit-reason-i.patch kvm-change-offset-in-kvm_write_guest_offset_cached-t.patch nfs-nfs_compare_mount_options-always-compare-auth-fl.patch perf-build-don-t-unconditionally-link-the-libbfd-fea.patch hwmon-lm80-fix-a-missing-check-of-the-status-of-smbu.patch hwmon-lm80-fix-a-missing-check-of-bus-read-in-lm80-p.patch seq_buf-make-seq_buf_puts-null-terminate-the-buffer.patch crypto-ux500-use-proper-enum-in-cryp_set_dma_transfe.patch crypto-ux500-use-proper-enum-in-hash_set_dma_transfe.patch mips-ralink-select-config_cpu_mipsr2_irq_vi-on-mt762.patch cifs-check-ntwrk_buf_start-for-null-before-dereferen.patch f2fs-fix-use-after-free-issue-when-accessing-sbi-sta.patch um-avoid-marking-pages-with-changed-protection.patch niu-fix-missing-checks-of-niu_pci_eeprom_read.patch f2fs-fix-sbi-extent_list-corruption-issue.patch cgroup-fix-parsing-empty-mount-option-string.patch perf-python-do-not-force-closing-original-perf-descr.patch scripts-decode_stacktrace-only-strip-base-path-when-.patch arch-sh-boards-mach-kfr2r09-setup.c-fix-struct-mtd_o.patch ocfs2-don-t-clear-bh-uptodate-for-block-read.patch ocfs2-improve-ocfs2-makefile.patch mm-page_alloc.c-don-t-call-kasan_free_pages-at-defer.patch zram-fix-lockdep-warning-of-free-block-handling.patch isdn-hisax-hfc_pci-fix-a-possible-concurrency-use-af.patch gdrom-fix-a-memory-leak-bug.patch fsl-fman-use-gfp_atomic-in-memac-tgec-_add_hash_mac_.patch block-swim3-fix-ebusy-error-when-re-opening-device-a.patch thermal-bcm2835-enable-hwmon-explicitly.patch kdb-don-t-back-trace-on-a-cpu-that-didn-t-round-up.patch thermal-tsens-qcom-do-not-create-duplicate-regmap-de.patch pci-imx-enable-msi-from-downstream-components.patch block-swim3-fix-regression-on-powerbook-g3.patch thermal-generic-adc-fix-adc-to-temp-interpolation.patch hid-lenovo-add-checks-to-fix-of_led_classdev_registe.patch arm64-sve-ptrace-fix-sve_pt_regs_offset-definition.patch kernel-hung_task.c-break-rcu-locks-based-on-jiffies.patch proc-sysctl-fix-return-error-for-proc_doulongvec_min.patch kernel-hung_task.c-force-console-verbose-before-pani.patch fs-epoll-drop-ovflist-branch-prediction.patch exec-load_script-don-t-blindly-truncate-shebang-stri.patch kernel-kcov.c-mark-write_comp_data-as-notrace.patch scripts-gdb-fix-lx-version-string-output.patch xprtrdma-don-t-wake-pending-tasks-until-disconnect-i.patch thermal-hwmon-inline-helpers-when-config_thermal_hwmon-is-not-set.patch dccp-fool-proof-ccid_hc_x_parse_options.patch enic-fix-checksum-validation-for-ipv6.patch lib-test_rhashtable-make-test_insert_dup-allocate-its-hash-table-dynamically.patch net-dp83640-expire-old-tx-skb.patch net-dsa-fix-lockdep-false-positive-splat.patch net-dsa-fix-null-checking-in-dsa_slave_set_eee.patch net-dsa-mv88e6xxx-fix-counting-of-atu-violations.patch net-dsa-slave-don-t-propagate-flag-changes-on-down-slave-interfaces.patch net-systemport-fix-wol-with-password-after-deep-sleep.patch rds-fix-refcount-bug-in-rds_sock_addref.patch revert-net-phy-marvell-avoid-pause-mode-on-sgmii-to-copper-for-88e151x.patch rxrpc-bad-unlock-balance-in-rxrpc_recvmsg.patch sctp-check-and-update-stream-out_curr-when-allocating-stream_out.patch sctp-walk-the-list-of-asoc-safely.patch skge-potential-memory-corruption-in-skge_get_regs.patch virtio_net-account-for-tx-bytes-and-packets-on-sending-xdp_frames.patch bnxt_en-disable-interrupts-when-allocating-cp-rings-or-nqs.patch net-cls_flower-remove-filter-from-mask-before-freeing-it.patch net-dsa-b53-fix-for-failure-when-irq-is-not-defined-in-dt.patch net-mlx5e-use-the-inner-headers-to-determine-tc-pedit-offload-limitation-on-decap-flows.patch net-mlx5e-force-checksum_unnecessary-for-short-ethernet-frames.patch xfs-eof-trim-writeback-mapping-as-soon-as-it-is-cached.patch alsa-compress-fix-stop-handling-on-compressed-capture-streams.patch alsa-usb-audio-add-support-for-new-t-a-usb-dac.patch alsa-hda-serialize-codec-registrations.patch alsa-hda-realtek-fix-lose-hp_pins-for-disable-auto-mute.patch alsa-hda-realtek-use-a-common-helper-for-hp-pin-reference.patch alsa-hda-realtek-headset-microphone-support-for-system76-darp5.patch fuse-call-pipe_buf_release-under-pipe-lock.patch fuse-decrement-nr_writeback_temp-on-the-right-page.patch fuse-handle-zero-sized-retrieve-correctly.patch cuse-fix-ioctl.patch hid-debug-fix-the-ring-buffer-implementation.patch dmaengine-bcm2835-fix-interrupt-race-on-rt.patch dmaengine-bcm2835-fix-abort-of-transactions.patch dmaengine-imx-dma-fix-wrong-callback-invoke.patch futex-handle-early-deadlock-return-correctly.patch irqchip-gic-v3-its-plug-allocation-race-for-devices-sharing-a-devid.patch arm64-dts-allwinner-a64-fix-usb-otg-regulator.patch usb-phy-am335x-fix-race-condition-in-_probe.patch usb-dwc3-gadget-handle-0-xfer-length-for-out-ep.patch usb-gadget-udc-net2272-fix-bitwise-and-boolean-operations.patch usb-gadget-musb-fix-short-isoc-packets-with-inventra-dma.patch staging-speakup-fix-tty-operation-null-derefs.patch scsi-sd_zbc-fix-zone-information-messages.patch scsi-cxlflash-prevent-deadlock-when-adapter-probe-fails.patch scsi-aic94xx-fix-module-loading.patch kvm-x86-work-around-leak-of-uninitialized-stack-contents-cve-2019-7222.patch kvm-fix-kvm_ioctl_create_device-reference-counting-cve-2019-6974.patch kvm-nvmx-unconditionally-cancel-preemption-timer-in-free_nested-cve-2019-7221.patch cpu-hotplug-fix-smt-disabled-by-bios-detection-for-kvm.patch perf-x86-intel-uncore-add-node-id-mask.patch perf-x86-intel-delay-memory-deallocation-until-x86_pmu_dead_cpu.patch x86-mce-initialize-mce.bank-in-the-case-of-a-fatal-error-in-mce_no_way_out.patch perf-core-don-t-warn-for-impossible-ring-buffer-sizes.patch perf-tests-evsel-tp-sched-fix-bitwise-operator.patch serial-fix-race-between-flush_to_ldisc-and-tty_open.patch serial-8250_pci-make-pci-class-test-non-fatal.patch serial-sh-sci-do-not-free-irqs-that-have-already-been-freed.patch cacheinfo-keep-the-old-value-if-of_property_read_u32-fails.patch nfsd-fix-error-return-values-for-nfsd4_clone_file_range.patch ath9k-dynack-make-ewma-estimation-faster.patch ath9k-dynack-check-da-enabled-first-in-sampling-routines.patch Compile testing --------------- We compiled the kernel for 4 architectures: s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/s390x/7321de78860284ee0e9e6772dbef… powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/ppc64le/80c1ef725e1223720968375314… aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/aarch64/316b3e22a7d4fbed59a93f2a58… x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/x86_64/da69a0a093413583ea346e79fdb… Hardware testing ---------------- We booted each kernel and ran the following tests: s390: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… Loopdev Sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Ethernet drivers sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… powerpc: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… Loopdev Sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Ethernet drivers sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… arm64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… Loopdev Sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Ethernet drivers sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… x86_64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… Loopdev Sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Ethernet drivers sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…

5 years, 11 months

1
0
0 0

[PATCH 4.9] HID: debug: fix the ring buffer implementation

by Vladis Dronov

commit 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035 upstream. Ring buffer implementation in hid_debug_event() and hid_debug_events_read() is strange allowing lost or corrupted data. After commit 717adfdaf147 ("HID: debug: check length before copy_to_user()") it is possible to enter an infinite loop in hid_debug_events_read() by providing 0 as count, this locks up a system. Fix this by rewriting the ring buffer implementation with kfifo and simplify the code. This fixes CVE-2019-3819. Backport to v4.9: some tree-wide patches are missing in v4.9 so cherry-pick relevant pieces from: * 6396bb22151 ("treewide: kzalloc() -> kcalloc()") * a9a08845e9ac ("vfs: do bulk POLL* -> EPOLL* replacement") * 174cd4b1e5fb ("sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>") Link: https://bugzilla.redhat.com/show_bug.cgi?id=1669187 Cc: stable(a)vger.kernel.org # v4.9 Fixes: cd667ce24796 ("HID: use debugfs for events/reports dumping") Fixes: 717adfdaf147 ("HID: debug: check length before copy_to_user()") Signed-off-by: Vladis Dronov <vdronov(a)redhat.com> --- drivers/hid/hid-debug.c | 126 +++++++++++++++----------------------- include/linux/hid-debug.h | 9 ++- 2 files changed, 54 insertions(+), 81 deletions(-) diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c index ae8c8e66a6c4..a90967cd4987 100644 --- a/drivers/hid/hid-debug.c +++ b/drivers/hid/hid-debug.c @@ -30,6 +30,7 @@ #include <linux/debugfs.h> #include <linux/seq_file.h> +#include <linux/kfifo.h> #include <linux/sched.h> #include <linux/export.h> #include <linux/slab.h> @@ -457,7 +456,7 @@ static char *resolv_usage_page(unsigned page, struct seq_file *f) { char *buf = NULL; if (!f) { - buf = kzalloc(sizeof(char) * HID_DEBUG_BUFSIZE, GFP_ATOMIC); + buf = kzalloc(HID_DEBUG_BUFSIZE, GFP_ATOMIC); if (!buf) return ERR_PTR(-ENOMEM); } @@ -661,17 +660,12 @@ EXPORT_SYMBOL_GPL(hid_dump_device); /* enqueue string to 'events' ring buffer */ void hid_debug_event(struct hid_device *hdev, char *buf) { - unsigned i; struct hid_debug_list *list; unsigned long flags; spin_lock_irqsave(&hdev->debug_list_lock, flags); - list_for_each_entry(list, &hdev->debug_list, node) { - for (i = 0; buf[i]; i++) - list->hid_debug_buf[(list->tail + i) % HID_DEBUG_BUFSIZE] = - buf[i]; - list->tail = (list->tail + i) % HID_DEBUG_BUFSIZE; - } + list_for_each_entry(list, &hdev->debug_list, node) + kfifo_in(&list->hid_debug_fifo, buf, strlen(buf)); spin_unlock_irqrestore(&hdev->debug_list_lock, flags); wake_up_interruptible(&hdev->debug_wait); @@ -722,8 +716,7 @@ void hid_dump_input(struct hid_device *hdev, struct hid_usage *usage, __s32 valu hid_debug_event(hdev, buf); kfree(buf); - wake_up_interruptible(&hdev->debug_wait); - + wake_up_interruptible(&hdev->debug_wait); } EXPORT_SYMBOL_GPL(hid_dump_input); @@ -1088,8 +1081,8 @@ static int hid_debug_events_open(struct inode *inode, struct file *file) goto out; } - if (!(list->hid_debug_buf = kzalloc(sizeof(char) * HID_DEBUG_BUFSIZE, GFP_KERNEL))) { - err = -ENOMEM; + err = kfifo_alloc(&list->hid_debug_fifo, HID_DEBUG_FIFOSIZE, GFP_KERNEL); + if (err) { kfree(list); goto out; } @@ -1109,77 +1102,57 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) { struct hid_debug_list *list = file->private_data; - int ret = 0, len; + int ret = 0, copied; DECLARE_WAITQUEUE(wait, current); mutex_lock(&list->read_mutex); - while (ret == 0) { - if (list->head == list->tail) { - add_wait_queue(&list->hdev->debug_wait, &wait); - set_current_state(TASK_INTERRUPTIBLE); - - while (list->head == list->tail) { - if (file->f_flags & O_NONBLOCK) { - ret = -EAGAIN; - break; - } - if (signal_pending(current)) { - ret = -ERESTARTSYS; - break; - } + if (kfifo_is_empty(&list->hid_debug_fifo)) { + add_wait_queue(&list->hdev->debug_wait, &wait); + set_current_state(TASK_INTERRUPTIBLE); + + while (kfifo_is_empty(&list->hid_debug_fifo)) { + if (file->f_flags & O_NONBLOCK) { + ret = -EAGAIN; + break; + } - if (!list->hdev || !list->hdev->debug) { - ret = -EIO; - set_current_state(TASK_RUNNING); - goto out; - } + if (signal_pending(current)) { + ret = -ERESTARTSYS; + break; + } - /* allow O_NONBLOCK from other threads */ - mutex_unlock(&list->read_mutex); - schedule(); - mutex_lock(&list->read_mutex); - set_current_state(TASK_INTERRUPTIBLE); + /* if list->hdev is NULL we cannot remove_wait_queue(). + * if list->hdev->debug is 0 then hid_debug_unregister() + * was already called and list->hdev is being destroyed. + * if we add remove_wait_queue() here we can hit a race. + */ + if (!list->hdev || !list->hdev->debug) { + ret = -EIO; + set_current_state(TASK_RUNNING); + goto out; } - set_current_state(TASK_RUNNING); - remove_wait_queue(&list->hdev->debug_wait, &wait); + /* allow O_NONBLOCK from other threads */ + mutex_unlock(&list->read_mutex); + schedule(); + mutex_lock(&list->read_mutex); + set_current_state(TASK_INTERRUPTIBLE); } - if (ret) - goto out; + __set_current_state(TASK_RUNNING); + remove_wait_queue(&list->hdev->debug_wait, &wait); - /* pass the ringbuffer contents to userspace */ -copy_rest: - if (list->tail == list->head) + if (ret) goto out; - if (list->tail > list->head) { - len = list->tail - list->head; - if (len > count) - len = count; - - if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { - ret = -EFAULT; - goto out; - } - ret += len; - list->head += len; - } else { - len = HID_DEBUG_BUFSIZE - list->head; - if (len > count) - len = count; - - if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { - ret = -EFAULT; - goto out; - } - list->head = 0; - ret += len; - count -= len; - if (count > 0) - goto copy_rest; - } - } + + /* pass the fifo content to userspace, locking is not needed with only + * one concurrent reader and one concurrent writer + */ + ret = kfifo_to_user(&list->hid_debug_fifo, buffer, count, &copied); + if (ret) + goto out; + ret = copied; out: mutex_unlock(&list->read_mutex); return ret; @@ -1190,7 +1163,7 @@ static unsigned int hid_debug_events_poll(struct file *file, poll_table *wait) struct hid_debug_list *list = file->private_data; poll_wait(file, &list->hdev->debug_wait, wait); - if (list->head != list->tail) + if (!kfifo_is_empty(&list->hid_debug_fifo)) return POLLIN | POLLRDNORM; if (!list->hdev->debug) return POLLERR | POLLHUP; @@ -1205,7 +1178,7 @@ static int hid_debug_events_release(struct inode *inode, struct file *file) spin_lock_irqsave(&list->hdev->debug_list_lock, flags); list_del(&list->node); spin_unlock_irqrestore(&list->hdev->debug_list_lock, flags); - kfree(list->hid_debug_buf); + kfifo_free(&list->hid_debug_fifo); kfree(list); return 0; @@ -1256,4 +1229,3 @@ void hid_debug_exit(void) { debugfs_remove_recursive(hid_debug_root); } - diff --git a/include/linux/hid-debug.h b/include/linux/hid-debug.h index 8663f216c563..2d6100edf204 100644 --- a/include/linux/hid-debug.h +++ b/include/linux/hid-debug.h @@ -24,7 +24,10 @@ #ifdef CONFIG_DEBUG_FS +#include <linux/kfifo.h> + #define HID_DEBUG_BUFSIZE 512 +#define HID_DEBUG_FIFOSIZE 512 void hid_dump_input(struct hid_device *, struct hid_usage *, __s32); void hid_dump_report(struct hid_device *, int , u8 *, int); @@ -37,11 +40,8 @@ void hid_debug_init(void); void hid_debug_exit(void); void hid_debug_event(struct hid_device *, char *); - struct hid_debug_list { - char *hid_debug_buf; - int head; - int tail; + DECLARE_KFIFO_PTR(hid_debug_fifo, char); struct fasync_struct *fasync; struct hid_device *hdev; struct list_head node; @@ -64,4 +64,3 @@ struct hid_debug_list { #endif #endif - -- 2.20.1

5 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2019