July 2019 - Linux-stable-mirror

[PATCH] ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine

by Hui Wang

Without this patch, the headset-mic and headphone-mic don't work. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 1c84c12b39b3..de224cbea7a0 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -8803,6 +8803,11 @@ static const struct snd_hda_pin_quirk alc662_pin_fixup_tbl[] = { {0x18, 0x01a19030}, {0x1a, 0x01813040}, {0x21, 0x01014020}), + SND_HDA_PIN_QUIRK(0x10ec0867, 0x1028, "Dell", ALC891_FIXUP_DELL_MIC_NO_PRESENCE, + {0x16, 0x01813030}, + {0x17, 0x02211010}, + {0x18, 0x01a19040}, + {0x21, 0x01014020}), SND_HDA_PIN_QUIRK(0x10ec0662, 0x1028, "Dell", ALC662_FIXUP_DELL_MIC_NO_PRESENCE, {0x14, 0x01014010}, {0x18, 0x01a19020}, -- 2.17.1

5 years, 5 months

3
2
0 0

[PATCH] Input: i8042 - disable KBD port on Late-2016 Razer Blade Stealth

by Lyude Paul

The late 2016 model of the Razer Blade Stealth has a built-in USB keyboard, but for some reason the BIOS exposes an i8042 controller with a connected KBD port. While this fake AT Keyboard device doesn't appear to report any events, attempting to change the state of the caps lock LED on it from on to off causes the entire system to hang. So, introduce a quirk table for disabling keyboard probing by default, i8042_dmi_nokbd_table, and add this specific model of Razer laptop to that table. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/input/serio/i8042-x86ia64io.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h index 136f6e7bf797..888f5f6feebf 100644 --- a/drivers/input/serio/i8042-x86ia64io.h +++ b/drivers/input/serio/i8042-x86ia64io.h @@ -884,6 +884,22 @@ static const struct dmi_system_id __initconst i8042_dmi_kbdreset_table[] = { { } }; +static const struct dmi_system_id i8042_dmi_nokbd_table[] __initconst = { + { + /* + * Razer Blade Stealth (Late 2016 model) - Keyboard is on USB + * but the system exposes a fake AT keyboard that crashes the + * system if the caps lock LED is changed + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Razer"), + DMI_MATCH(DMI_PRODUCT_NAME, "Blade Stealth"), + DMI_MATCH(DMI_PRODUCT_VERSION, "2.04"), + }, + }, + { } +}; + #endif /* CONFIG_X86 */ #ifdef CONFIG_PNP @@ -1040,6 +1056,9 @@ static int __init i8042_pnp_init(void) #ifdef CONFIG_X86 if (dmi_check_system(i8042_dmi_nopnp_table)) i8042_nopnp = true; + + if (dmi_check_system(i8042_dmi_nokbd_table)) + i8042_nokbd = true; #endif if (i8042_nopnp) { -- 2.20.1

5 years, 5 months

3
5
0 0

b21629da120d ("kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR")

by Zubin Mithra

Hello, Syzkaller has triggered a kernel WARNING when fuzzing a 4.4 kernel with the following stacktrace. Call Trace: [<ffffffff81989d3d>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81989d3d>] dump_stack+0xbf/0x113 lib/dump_stack.c:51 [<ffffffff813be4aa>] panic+0x1a6/0x361 kernel/panic.c:116 [<ffffffff811c2c00>] __warn+0x168/0x1b0 kernel/panic.c:470 [<ffffffff813be6a1>] warn_slowpath_null+0x3c/0x40 kernel/panic.c:514 [<ffffffff81030f13>] __x86_set_memory_region+0x1c2/0x3ef arch/x86/kvm/x86.c:7792 [<ffffffff81031185>] x86_set_memory_region+0x45/0x5c arch/x86/kvm/x86.c:7838 [<ffffffff810add1e>] vmx_set_tss_addr+0x8c/0x246 arch/x86/kvm/vmx.c:5171 [<ffffffff8103a798>] kvm_vm_ioctl_set_tss_addr arch/x86/kvm/x86.c:3520 [inline] [<ffffffff8103a798>] kvm_arch_vm_ioctl+0x26b/0x17db arch/x86/kvm/x86.c:3788 [<ffffffff81013cb4>] kvm_vm_ioctl+0xb7d/0xbfa arch/x86/kvm/../../../virt/kvm/kvm_main.c:2959 [<ffffffff8149d51a>] vfs_ioctl fs/ioctl.c:43 [inline] [<ffffffff8149d51a>] do_vfs_ioctl+0xcb0/0xd0f fs/ioctl.c:630 [<ffffffff8149d5ea>] SYSC_ioctl fs/ioctl.c:645 [inline] [<ffffffff8149d5ea>] SyS_ioctl+0x71/0xad fs/ioctl.c:636 [<ffffffff832bca35>] tracesys_phase2+0xa3/0xa8 Could the following patch be applied to v4.4.y. The patch is present in v4.9.y. * b21629da120d ("kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR") Tests run: * Syzkaller reproducer * Chrome OS tryjobs Thanks, - Zubin

5 years, 5 months

2
1
0 0

[PATCH] eeprom: make older eeprom drivers select NVMEM_SYSFS

by Arseny Solokha

misc/eeprom/{at24,at25,eeprom_93xx46} drivers all register their corresponding devices in the nvmem framework in compat mode which requires nvmem sysfs interface to be present. The latter, however, has been split out from nvmem under a separate Kconfig in commit ae0c2d725512 ("nvmem: core: add NVMEM_SYSFS Kconfig"). As a result, probing certain I2C-attached EEPROMs now fails with at24: probe of 0-0050 failed with error -38 because of a stub implementation of nvmem_sysfs_setup_compat() in drivers/nvmem/nvmem.h. Update the nvmem dependency for these drivers so they could load again: at24 0-0050: 32768 byte 24c256 EEPROM, writable, 64 bytes/write Cc: Adrian Bunk <bunk(a)kernel.org> Cc: Bartosz Golaszewski <brgl(a)bgdev.pl> Cc: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Cc: stable(a)vger.kernel.org # v5.2+ Signed-off-by: Arseny Solokha <asolokha(a)kb.kras.ru> --- drivers/misc/eeprom/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/misc/eeprom/Kconfig b/drivers/misc/eeprom/Kconfig index f88094719552..f2abe27010ef 100644 --- a/drivers/misc/eeprom/Kconfig +++ b/drivers/misc/eeprom/Kconfig @@ -5,6 +5,7 @@ config EEPROM_AT24 tristate "I2C EEPROMs / RAMs / ROMs from most vendors" depends on I2C && SYSFS select NVMEM + select NVMEM_SYSFS select REGMAP_I2C help Enable this driver to get read/write support to most I2C EEPROMs @@ -34,6 +35,7 @@ config EEPROM_AT25 tristate "SPI EEPROMs from most vendors" depends on SPI && SYSFS select NVMEM + select NVMEM_SYSFS help Enable this driver to get read/write support to most SPI EEPROMs, after you configure the board init code to know about each eeprom @@ -80,6 +82,7 @@ config EEPROM_93XX46 depends on SPI && SYSFS select REGMAP select NVMEM + select NVMEM_SYSFS help Driver for the microwire EEPROM chipsets 93xx46x. The driver supports both read and write commands and also the command to -- 2.22.0

5 years, 5 months

1
0
0 0

[PATCH] arm64: Disable unhandled signal log messages by default

by weirongguang

From: Michael Weiser <michael.weiser(a)gmx.de> BugLink: http://bugs.launchpad.net/bugs/1762453 commit 5ee39a71fd89ab7240c5339d04161c44a8e03269 upstream. aarch64 unhandled signal kernel messages are very verbose, suggesting them to be more of a debugging aid: sigsegv[33]: unhandled level 2 translation fault (11) at 0x00000000, esr 0x92000046, in sigsegv[400000+71000] CPU: 1 PID: 33 Comm: sigsegv Tainted: G W 4.15.0-rc3+ #3 Hardware name: linux,dummy-virt (DT) pstate: 60000000 (nZCv daif -PAN -UAO) pc : 0x4003f4 lr : 0x4006bc sp : 0000fffffe94a060 x29: 0000fffffe94a070 x28: 0000000000000000 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 00000000004001b0 x23: 0000000000486ac8 x22: 00000000004001c8 x21: 0000000000000000 x20: 0000000000400be8 x19: 0000000000400b30 x18: 0000000000484728 x17: 000000000865ffc8 x16: 000000000000270f x15: 00000000000000b0 x14: 0000000000000002 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000000 x10: 0008000020008008 x9 : 000000000000000f x8 : ffffffffffffffff x7 : 0004000000000000 x6 : ffffffffffffffff x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000004003e4 x2 : 0000fffffe94a1e8 x1 : 000000000000000a x0 : 0000000000000000 Disable them by default, so they can be enabled using /proc/sys/debug/exception-trace. Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael Weiser <michael.weiser(a)gmx.de> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Juerg Haefliger <juergh(a)canonical.com> Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com> Signed-off-by: Jackie Liu <liuyun01(a)kylinos.cn> --- arch/arm64/kernel/traps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 3b653d5..2423501 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -49,7 +49,7 @@ static const char *handler[]= { "Error" }; -int show_unhandled_signals = 1; +int show_unhandled_signals = 0; /* * Dump out the contents of some memory nicely... -- 2.7.4

5 years, 5 months

1
0
0 0

Re: [PATCH] Revert "gpio/spi: Fix spi-gpio regression on active high CS"

by Linus Walleij

On Tue, Jul 16, 2019 at 3:27 AM Sasha Levin <sashal(a)kernel.org> wrote: > v5.2.1: Build OK! > v5.1.18: Failed to apply! Possible dependencies: (...) > How should we proceed with this patch? Only apply it to 5.2.y once upstream. Thanks! Linus Walleij

5 years, 5 months

1
0
0 0

[PATCH] cifs: fix crash in smb2_compound_op()/smb2_set_next_command()

by Ronnie Sahlberg

RHBZ: 1722704 In low memory situations the various SMB2_*_init() functions can fail to allocate a request PDU and thus leave the request iovector as NULL. If we don't check the return code for failure we end up calling smb2_set_next_command() with a NULL iovector causing a crash when it tries to dereference it. CC: Stable <stable(a)vger.kernel.org> Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> --- fs/cifs/smb2inode.c | 12 ++++++++++++ fs/cifs/smb2ops.c | 11 ++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/fs/cifs/smb2inode.c b/fs/cifs/smb2inode.c index 278405d26c47..d8d9cdfa30b6 100644 --- a/fs/cifs/smb2inode.c +++ b/fs/cifs/smb2inode.c @@ -120,6 +120,8 @@ smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, SMB2_O_INFO_FILE, 0, sizeof(struct smb2_file_all_info) + PATH_MAX * 2, 0, NULL); + if (rc) + goto finished; smb2_set_next_command(tcon, &rqst[num_rqst]); smb2_set_related(&rqst[num_rqst++]); trace_smb3_query_info_compound_enter(xid, ses->Suid, tcon->tid, @@ -147,6 +149,8 @@ smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, COMPOUND_FID, current->tgid, FILE_DISPOSITION_INFORMATION, SMB2_O_INFO_FILE, 0, data, size); + if (rc) + goto finished; smb2_set_next_command(tcon, &rqst[num_rqst]); smb2_set_related(&rqst[num_rqst++]); trace_smb3_rmdir_enter(xid, ses->Suid, tcon->tid, full_path); @@ -163,6 +167,8 @@ smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, COMPOUND_FID, current->tgid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE, 0, data, size); + if (rc) + goto finished; smb2_set_next_command(tcon, &rqst[num_rqst]); smb2_set_related(&rqst[num_rqst++]); trace_smb3_set_eof_enter(xid, ses->Suid, tcon->tid, full_path); @@ -180,6 +186,8 @@ smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, COMPOUND_FID, current->tgid, FILE_BASIC_INFORMATION, SMB2_O_INFO_FILE, 0, data, size); + if (rc) + goto finished; smb2_set_next_command(tcon, &rqst[num_rqst]); smb2_set_related(&rqst[num_rqst++]); trace_smb3_set_info_compound_enter(xid, ses->Suid, tcon->tid, @@ -206,6 +214,8 @@ smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, COMPOUND_FID, current->tgid, FILE_RENAME_INFORMATION, SMB2_O_INFO_FILE, 0, data, size); + if (rc) + goto finished; smb2_set_next_command(tcon, &rqst[num_rqst]); smb2_set_related(&rqst[num_rqst++]); trace_smb3_rename_enter(xid, ses->Suid, tcon->tid, full_path); @@ -231,6 +241,8 @@ smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, COMPOUND_FID, current->tgid, FILE_LINK_INFORMATION, SMB2_O_INFO_FILE, 0, data, size); + if (rc) + goto finished; smb2_set_next_command(tcon, &rqst[num_rqst]); smb2_set_related(&rqst[num_rqst++]); trace_smb3_hardlink_enter(xid, ses->Suid, tcon->tid, full_path); diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 4b0b14946343..462890f4cb9c 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -2027,6 +2027,10 @@ smb2_set_related(struct smb_rqst *rqst) struct smb2_sync_hdr *shdr; shdr = (struct smb2_sync_hdr *)(rqst->rq_iov[0].iov_base); + if (shdr == NULL) { + cifs_dbg(FYI, "shdr NULL in smb2_set_related\n"); + return; + } shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS; } @@ -2041,6 +2045,12 @@ smb2_set_next_command(struct cifs_tcon *tcon, struct smb_rqst *rqst) unsigned long len = smb_rqst_len(server, rqst); int i, num_padding; + shdr = (struct smb2_sync_hdr *)(rqst->rq_iov[0].iov_base); + if (shdr == NULL) { + cifs_dbg(FYI, "shdr NULL in smb2_set_next_command\n"); + return; + } + /* SMB headers in a compound are 8 byte aligned. */ /* No padding needed */ @@ -2080,7 +2090,6 @@ smb2_set_next_command(struct cifs_tcon *tcon, struct smb_rqst *rqst) } finished: - shdr = (struct smb2_sync_hdr *)(rqst->rq_iov[0].iov_base); shdr->NextCommand = cpu_to_le32(len); } -- 2.13.6

5 years, 5 months

1
0
0 0

[PATCH] Revert "gpio/spi: Fix spi-gpio regression on active high CS"

by Linus Walleij

This reverts commit fbbf145a0e0a0177e089c52275fbfa55763e7d1d. It seems I was misguided in my fixup, which was working at the time but did not work on the final v5.2. The patch tried to avoid a quirk the gpiolib code not to treat "spi-gpio" CS gpios "special" by enforcing them to be active low, in the belief that since the "spi-gpio" driver was parsing the device tree on its own, it did not care to inspect the "spi-cs-high" attribute on the device nodes. That's wrong. The SPI core was inspecting them inside the of_spi_parse_dt() funtion and setting SPI_CS_HIGH on the nodes, and the driver inspected this flag when driving the line. As of now, the core handles the GPIO and it will consistently set the GPIO descriptor to 1 to enable CS, strictly requireing the gpiolib to invert it. And the gpiolib should indeed enforce active low on the CS line. Device trees should of course put the right flag on the GPIO handles, but it used to not matter. If we don't enforce active low on "gpio-gpio" we may run into ABI backward compatibility issues, so revert this. Cc: linux-spi(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- I am sorry that this at one point fixed a problem for me, it doesn't anymore and I don't know why it ever did. :( --- drivers/gpio/gpiolib-of.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c index f974075ff00e..a8f02f551d6b 100644 --- a/drivers/gpio/gpiolib-of.c +++ b/drivers/gpio/gpiolib-of.c @@ -118,15 +118,8 @@ static void of_gpio_flags_quirks(struct device_node *np, * Legacy handling of SPI active high chip select. If we have a * property named "cs-gpios" we need to inspect the child node * to determine if the flags should have inverted semantics. - * - * This does not apply to an SPI device named "spi-gpio", because - * these have traditionally obtained their own GPIOs by parsing - * the device tree directly and did not respect any "spi-cs-high" - * property on the SPI bus children. */ - if (IS_ENABLED(CONFIG_SPI_MASTER) && - !strcmp(propname, "cs-gpios") && - !of_device_is_compatible(np, "spi-gpio") && + if (IS_ENABLED(CONFIG_SPI_MASTER) && !strcmp(propname, "cs-gpios") && of_property_read_bool(np, "cs-gpios")) { struct device_node *child; u32 cs; -- 2.21.0

5 years, 5 months

1
0
0 0

[PATCH] ARM: dts: gemini: Set DIR-685 SPI CS as active low

by Linus Walleij

The SPI to the display on the DIR-685 is active low, we were just saved by the SPI library enforcing active low on everything before, so set it as active low to avoid ambiguity. Cc: stable(a)vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- ARM SoC folks: please apply this directly to fixes. --- arch/arm/boot/dts/gemini-dlink-dir-685.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/gemini-dlink-dir-685.dts b/arch/arm/boot/dts/gemini-dlink-dir-685.dts index 3613f05f8a80..bfaa2de63a10 100644 --- a/arch/arm/boot/dts/gemini-dlink-dir-685.dts +++ b/arch/arm/boot/dts/gemini-dlink-dir-685.dts @@ -64,7 +64,7 @@ gpio-sck = <&gpio1 5 GPIO_ACTIVE_HIGH>; gpio-miso = <&gpio1 8 GPIO_ACTIVE_HIGH>; gpio-mosi = <&gpio1 7 GPIO_ACTIVE_HIGH>; - cs-gpios = <&gpio0 20 GPIO_ACTIVE_HIGH>; + cs-gpios = <&gpio0 20 GPIO_ACTIVE_LOW>; num-chipselects = <1>; panel: display@0 { -- 2.21.0

5 years, 5 months

1
0
0 0

[v4.19.y PATCH 0/3] fix drm/udl use-after-free error

by Ross Zwisler

When testing with a device which uses the drm/udl driver, KASAN shows that on hot-remove we have a use-after-free: ================================================================== BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c/0xdd Read of size 4 at addr ffff88841863668c by task kworker/2:3/2085 CPU: 2 PID: 2085 Comm: kworker/2:3 Tainted: G U W 4.19.59-dirty #15 Hardware name: GOOGLE Samus, BIOS Google_Samus.6300.276.0 08/17/2016 Workqueue: events drm_mode_rmfb_work_fn Call Trace: dump_stack+0x62/0x8b print_address_description+0x80/0x2d2 ? do_raw_spin_lock+0x1c/0xdd kasan_report+0x26a/0x2aa do_raw_spin_lock+0x1c/0xdd _raw_spin_lock_irqsave+0x19/0x1f down_timeout+0x19/0x58 udl_get_urb+0x3d/0x13c ? udl_crtc_dpms+0x2e/0x270 udl_crtc_dpms+0x45/0x270 __drm_helper_disable_unused_functions+0xed/0x150 drm_crtc_helper_set_config+0x214/0xf25 ? ___slab_alloc.constprop.75+0xdd/0x48c ? drm_modeset_lock_all+0x33/0xbb ? ___might_sleep+0x80/0x1b6 __drm_mode_set_config_internal+0x103/0x22c drm_crtc_force_disable+0x4e/0x69 drm_framebuffer_remove+0x169/0x508 ? do_raw_spin_unlock+0xd4/0xde ? mmdrop+0x16/0x29 drm_mode_rmfb_work_fn+0x8d/0x9b process_one_work+0x309/0x4df worker_thread+0x369/0x447 ? create_worker+0x2f1/0x2f1 kthread+0x223/0x233 ? kthread_worker_fn+0x29c/0x29c ret_from_fork+0x35/0x40 Allocated by task 2085: kasan_kmalloc+0x99/0xa8 kmem_cache_alloc_trace+0x105/0x12b udl_driver_load+0x52/0x776 drm_dev_register+0x151/0x2d6 udl_usb_probe+0x4f/0xa6 usb_probe_interface+0x25e/0x311 really_probe+0x1f1/0x3ee driver_probe_device+0xd6/0x112 bus_for_each_drv+0xbb/0xe2 __device_attach+0xdb/0x159 bus_probe_device+0x5a/0x100 device_add+0x4bf/0x847 usb_set_configuration+0x972/0x9df generic_probe+0x45/0x77 really_probe+0x1f1/0x3ee driver_probe_device+0xd6/0x112 bus_for_each_drv+0xbb/0xe2 __device_attach+0xdb/0x159 bus_probe_device+0x5a/0x100 device_add+0x4bf/0x847 usb_new_device+0x540/0x6ba hub_event+0x1017/0x161c process_one_work+0x309/0x4df worker_thread+0x2de/0x447 kthread+0x223/0x233 ret_from_fork+0x35/0x40 Freed by task 2085: __kasan_slab_free+0x102/0x126 slab_free_freelist_hook+0x4d/0x9d kfree+0x127/0x1bd drm_dev_unregister+0xae/0x167 drm_dev_unplug+0x2e/0x38 usb_unbind_interface+0xc5/0x2be device_release_driver_internal+0x229/0x381 bus_remove_device+0x1a2/0x1cd device_del+0x26b/0x42c usb_disable_device+0x112/0x2c9 usb_disconnect+0xed/0x28c usb_disconnect+0xde/0x28c hub_event+0x7eb/0x161c process_one_work+0x309/0x4df worker_thread+0x2de/0x447 kthread+0x223/0x233 ret_from_fork+0x35/0x40 The buggy address belongs to the object at ffff888418636600 which belongs to the cache kmalloc-2048 of size 2048 The buggy address is located 140 bytes inside of 2048-byte region [ffff888418636600, ffff888418636e00) The buggy address belongs to the page: page:ffffea0010618c00 count:1 mapcount:0 mapping:ffff88842d403040 index:0x0 compound_mapcount: 0 flags: 0x8000000000008100(slab|head) raw: 8000000000008100 dead000000000100 dead000000000200 ffff88842d403040 raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888418636580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888418636600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888418636680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888418636700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888418636780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Disabling lock debugging due to kernel taint [drm] wait for urb interrupted: ffffffc2 available: 4 This happens 100% of the time and is resolved by the following patch upstream: commit 6ecac85eadb9 ("drm/udl: move to embedding drm device inside udl device.") This patch is the third in this series, and requires the first two patches as dependencies. All three were clean cherry-picks on top of v4.19.59. Dave Airlie (2): drm/udl: introduce a macro to convert dev to udl. drm/udl: move to embedding drm device inside udl device. Thomas Zimmermann (1): drm/udl: Replace drm_dev_unref with drm_dev_put drivers/gpu/drm/udl/udl_drv.c | 56 +++++++++++++++++++++++++++------- drivers/gpu/drm/udl/udl_drv.h | 9 +++--- drivers/gpu/drm/udl/udl_fb.c | 12 ++++---- drivers/gpu/drm/udl/udl_gem.c | 2 +- drivers/gpu/drm/udl/udl_main.c | 35 ++++++--------------- 5 files changed, 66 insertions(+), 48 deletions(-) -- 2.22.0.510.g264f2c817a-goog

5 years, 5 months

1
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2019