July 2019 - Linux-stable-mirror

✅ PASS: Test report for kernel 5.1.16-rc1-5f67e0e.cki (stable)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 5f67e0e4cdaf - Linux 5.1.16-rc1 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/aarch64/kernel-stable-aarch64-5f67… kernel build: https://artifacts.cki-project.org/builds/aarch64/kernel-stable-aarch64-5f67… ppc64le: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable-ppc64le-5f67… kernel build: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable-ppc64le-5f67… s390x: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/s390x/kernel-stable-s390x-5f67e0e4… kernel build: https://artifacts.cki-project.org/builds/s390x/kernel-stable-s390x-5f67e0e4… x86_64: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/x86_64/kernel-stable-x86_64-5f67e0… kernel build: https://artifacts.cki-project.org/builds/x86_64/kernel-stable-x86_64-5f67e0… Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: ⚡ Internal infrastructure issues prevented one or more tests from running on this architecture. This is not the fault of the kernel that was tested. ppc64le: Host 1: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ Memory function: memfd_create [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ audit: audit testsuite test [7] ✅ httpd: mod_ssl smoke sanity [8] ✅ iotop: sanity [9] ✅ redhat-rpm-config: detect-kabi-provides sanity [10] ✅ Usex - version 1.9-29 [11] ✅ lvm thinp sanity [12] 🚧 ✅ Networking socket: fuzz [13] 🚧 ✅ Networking sctp-auth: sockopts test [14] 🚧 ✅ Networking route: pmtu [15] 🚧 ✅ Networking route_func: local [16] 🚧 ✅ Networking route_func: forward [16] 🚧 ✅ Networking TCP: keepalive test [17] 🚧 ✅ Networking UDP: socket [18] 🚧 ✅ Networking tunnel: gre basic [19] 🚧 ✅ Networking tunnel: vxlan basic [20] 🚧 ✅ Networking tunnel: geneve basic test [21] 🚧 ✅ Networking ipsec: basic netns tunnel [22] 🚧 ✅ tuned: tune-processes-through-perf [23] 🚧 ✅ storage: software RAID testing [24] 🚧 ✅ Libhugetlbfs - version 2.2.1 [25] Host 2: ✅ Boot test [0] ✅ xfstests: ext4 [26] ✅ xfstests: xfs [26] ✅ selinux-policy: serge-testsuite [27] s390x: Host 1: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ Memory function: memfd_create [3] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ audit: audit testsuite test [7] ✅ httpd: mod_ssl smoke sanity [8] ✅ iotop: sanity [9] ✅ redhat-rpm-config: detect-kabi-provides sanity [10] ✅ lvm thinp sanity [12] 🚧 ✅ Networking socket: fuzz [13] 🚧 ✅ Networking sctp-auth: sockopts test [14] 🚧 ✅ Networking: igmp conformance test [28] 🚧 ✅ Networking route: pmtu [15] 🚧 ✅ Networking route_func: local [16] 🚧 ✅ Networking route_func: forward [16] 🚧 ✅ Networking TCP: keepalive test [17] 🚧 ✅ Networking UDP: socket [18] 🚧 ✅ Networking tunnel: gre basic [19] 🚧 ✅ Networking tunnel: vxlan basic [20] 🚧 ✅ Networking tunnel: geneve basic test [21] 🚧 ✅ Networking ipsec: basic netns transport [22] 🚧 ✅ Networking ipsec: basic netns tunnel [22] 🚧 ✅ tuned: tune-processes-through-perf [23] 🚧 ✅ storage: software RAID testing [24] Host 2: ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [27] Host 3: ✅ Boot test [0] ✅ kdump: sysrq-c [29] x86_64: Host 1: ✅ Boot test [0] ✅ kdump: sysrq-c [29] Host 2: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ Memory function: memfd_create [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ audit: audit testsuite test [7] ✅ httpd: mod_ssl smoke sanity [8] ✅ iotop: sanity [9] ✅ redhat-rpm-config: detect-kabi-provides sanity [10] ✅ Usex - version 1.9-29 [11] ✅ lvm thinp sanity [12] 🚧 ✅ Networking socket: fuzz [13] 🚧 ✅ Networking sctp-auth: sockopts test [14] 🚧 ✅ Networking: igmp conformance test [28] 🚧 ✅ Networking route: pmtu [15] 🚧 ✅ Networking route_func: local [16] 🚧 ✅ Networking route_func: forward [16] 🚧 ✅ Networking TCP: keepalive test [17] 🚧 ✅ Networking UDP: socket [18] 🚧 ✅ Networking tunnel: gre basic [19] 🚧 ✅ Networking tunnel: vxlan basic [20] 🚧 ✅ Networking tunnel: geneve basic test [21] 🚧 ✅ Networking ipsec: basic netns transport [22] 🚧 ✅ Networking ipsec: basic netns tunnel [22] 🚧 ✅ tuned: tune-processes-through-perf [23] 🚧 ✅ storage: SCSI VPD [30] 🚧 ✅ storage: software RAID testing [24] 🚧 ✅ Libhugetlbfs - version 2.2.1 [25] Host 3: ✅ Boot test [0] ✅ xfstests: ext4 [26] ✅ xfstests: xfs [26] ✅ selinux-policy: serge-testsuite [27] Test source: 💚 Pull requests are welcome for new tests or improvements to existing tests! [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/memory/func… [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/red… [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… [13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/s… [15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/t… [18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/u… [19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [22]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [23]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [24]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/swra… [25]: https://github.com/CKI-project/tests-beaker/archive/master.zip#vm/hugepage/… [26]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… [27]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se… [28]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/i… [29]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/kdump/kdump… [30]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/scsi… Waived tests (marked with 🚧) ----------------------------- This test run included waived tests. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed.

5 years, 5 months

1
0
0 0

✅ PASS: Test report for kernel 4.19.57-rc1-828a732.cki (stable)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 828a73287676 - Linux 4.19.57-rc1 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/aarch64/kernel-stable-aarch64-828a… kernel build: https://artifacts.cki-project.org/builds/aarch64/kernel-stable-aarch64-828a… ppc64le: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable-ppc64le-828a… kernel build: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable-ppc64le-828a… s390x: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/s390x/kernel-stable-s390x-828a7328… kernel build: https://artifacts.cki-project.org/builds/s390x/kernel-stable-s390x-828a7328… x86_64: build options: -j20 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/x86_64/kernel-stable-x86_64-828a73… kernel build: https://artifacts.cki-project.org/builds/x86_64/kernel-stable-x86_64-828a73… Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: ⚡ Internal infrastructure issues prevented one or more tests from running on this architecture. This is not the fault of the kernel that was tested. ppc64le: Host 1: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ Memory function: memfd_create [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ audit: audit testsuite test [7] ✅ httpd: mod_ssl smoke sanity [8] ✅ iotop: sanity [9] ✅ redhat-rpm-config: detect-kabi-provides sanity [10] ✅ Usex - version 1.9-29 [11] ✅ lvm thinp sanity [12] 🚧 ✅ Networking socket: fuzz [13] 🚧 ✅ Networking sctp-auth: sockopts test [14] 🚧 ✅ Networking route: pmtu [15] 🚧 ✅ Networking route_func: local [16] 🚧 ✅ Networking route_func: forward [16] 🚧 ✅ Networking TCP: keepalive test [17] 🚧 ✅ Networking UDP: socket [18] 🚧 ✅ Networking tunnel: gre basic [19] 🚧 ✅ Networking tunnel: vxlan basic [20] 🚧 ✅ Networking tunnel: geneve basic test [21] 🚧 ✅ Networking ipsec: basic netns tunnel [22] 🚧 ✅ tuned: tune-processes-through-perf [23] 🚧 ✅ storage: software RAID testing [24] 🚧 ✅ Libhugetlbfs - version 2.2.1 [25] Host 2: ✅ Boot test [0] ✅ xfstests: ext4 [26] ✅ xfstests: xfs [26] ✅ selinux-policy: serge-testsuite [27] s390x: Host 1: ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [27] Host 2: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ Memory function: memfd_create [3] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ audit: audit testsuite test [7] ✅ httpd: mod_ssl smoke sanity [8] ✅ iotop: sanity [9] ✅ redhat-rpm-config: detect-kabi-provides sanity [10] ✅ lvm thinp sanity [12] 🚧 ✅ Networking socket: fuzz [13] 🚧 ✅ Networking sctp-auth: sockopts test [14] 🚧 ✅ Networking: igmp conformance test [28] 🚧 ✅ Networking route: pmtu [15] 🚧 ✅ Networking route_func: local [16] 🚧 ✅ Networking route_func: forward [16] 🚧 ✅ Networking TCP: keepalive test [17] 🚧 ✅ Networking UDP: socket [18] 🚧 ✅ Networking tunnel: gre basic [19] 🚧 ✅ Networking tunnel: vxlan basic [20] 🚧 ✅ Networking tunnel: geneve basic test [21] 🚧 ✅ Networking ipsec: basic netns transport [22] 🚧 ✅ Networking ipsec: basic netns tunnel [22] 🚧 ✅ tuned: tune-processes-through-perf [23] 🚧 ✅ storage: software RAID testing [24] Host 3: ✅ Boot test [0] ✅ kdump: sysrq-c [29] x86_64: Host 1: ✅ Boot test [0] ✅ xfstests: ext4 [26] ✅ xfstests: xfs [26] ✅ selinux-policy: serge-testsuite [27] Host 2: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ Memory function: memfd_create [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ audit: audit testsuite test [7] ✅ httpd: mod_ssl smoke sanity [8] ✅ iotop: sanity [9] ✅ redhat-rpm-config: detect-kabi-provides sanity [10] ✅ Usex - version 1.9-29 [11] ✅ lvm thinp sanity [12] 🚧 ✅ Networking socket: fuzz [13] 🚧 ✅ Networking sctp-auth: sockopts test [14] 🚧 ✅ Networking: igmp conformance test [28] 🚧 ✅ Networking route: pmtu [15] 🚧 ✅ Networking route_func: local [16] 🚧 ✅ Networking route_func: forward [16] 🚧 ✅ Networking TCP: keepalive test [17] 🚧 ✅ Networking UDP: socket [18] 🚧 ✅ Networking tunnel: gre basic [19] 🚧 ✅ Networking tunnel: vxlan basic [20] 🚧 ✅ Networking tunnel: geneve basic test [21] 🚧 ✅ Networking ipsec: basic netns transport [22] 🚧 ✅ Networking ipsec: basic netns tunnel [22] 🚧 ✅ tuned: tune-processes-through-perf [23] 🚧 ✅ storage: SCSI VPD [30] 🚧 ✅ storage: software RAID testing [24] 🚧 ✅ Libhugetlbfs - version 2.2.1 [25] Host 3: ✅ Boot test [0] ✅ kdump: sysrq-c [29] Test source: 💚 Pull requests are welcome for new tests or improvements to existing tests! [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/memory/func… [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/red… [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… [13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/s… [15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/t… [18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/u… [19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [22]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [23]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [24]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/swra… [25]: https://github.com/CKI-project/tests-beaker/archive/master.zip#vm/hugepage/… [26]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… [27]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se… [28]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/i… [29]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/kdump/kdump… [30]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/scsi… Waived tests (marked with 🚧) ----------------------------- This test run included waived tests. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed.

5 years, 5 months

1
0
0 0

stable-rc/linux-4.4.y boot: 97 boots: 4 failed, 92 passed with 1 untried/unknown (v4.4.184-48-ge8bf9383ebc3)

by kernelci.org bot

stable-rc/linux-4.4.y boot: 97 boots: 4 failed, 92 passed with 1 untried/unknown (v4.4.184-48-ge8bf9383ebc3) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.184-48-… Tree: stable-rc Branch: linux-4.4.y Git Describe: v4.4.184-48-ge8bf9383ebc3 Git Commit: e8bf9383ebc3547d8fdb5f12a89d2ac8fc0b49c5 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 45 unique boards, 20 SoC families, 14 builds out of 190 Boot Regressions Detected: arm: omap2plus_defconfig: gcc-8: omap3-beagle-xm: lab-baylibre: new failure (last pass: v4.4.184-48-gc9cfb526e8ad) Boot Failures Detected: arm: sunxi_defconfig: gcc-8: sun7i-a20-bananapi: 1 failed lab multi_v7_defconfig: gcc-8: stih410-b2120: 1 failed lab sun7i-a20-bananapi: 1 failed lab arm64: defconfig: gcc-8: qcom-qdf2400: 1 failed lab --- For more info write to <info(a)kernelci.org>

5 years, 5 months

1
0
0 0

[PATCH v7 3/3] drm/i915/icl: whitelist PS_(DEPTH|INVOCATION)_COUNT

by Lionel Landwerlin

The same tests failing on CFL+ platforms are also failing on ICL. Documentation doesn't list the WaAllowPMDepthAndInvocationCountAccessFromUMD workaround for ICL but applying it fixes the same tests as CFL. v2: Use only one whitelist entry (Lionel) Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Tested-by: Anuj Phogat <anuj.phogat(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/gt/intel_workarounds.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/gpu/drm/i915/gt/intel_workarounds.c b/drivers/gpu/drm/i915/gt/intel_workarounds.c index b117583e38bb..a908d829d6bd 100644 --- a/drivers/gpu/drm/i915/gt/intel_workarounds.c +++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c @@ -1138,6 +1138,19 @@ static void icl_whitelist_build(struct intel_engine_cs *engine) /* WaEnableStateCacheRedirectToCS:icl */ whitelist_reg(w, GEN9_SLICE_COMMON_ECO_CHICKEN1); + + /* + * WaAllowPMDepthAndInvocationCountAccessFromUMD:icl + * + * This covers 4 register which are next to one another : + * - PS_INVOCATION_COUNT + * - PS_INVOCATION_COUNT_UDW + * - PS_DEPTH_COUNT + * - PS_DEPTH_COUNT_UDW + */ + whitelist_reg_ext(w, PS_INVOCATION_COUNT, + RING_FORCE_TO_NONPRIV_RD | + RING_FORCE_TO_NONPRIV_RANGE_4); break; case VIDEO_DECODE_CLASS: -- 2.21.0.392.gf8f6787159e

5 years, 5 months

3
3
0 0

patch "binder: return errors from buffer copy functions" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled binder: return errors from buffer copy functions to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From bb4a2e48d5100ed3ff614df158a636bca3c6bf9f Mon Sep 17 00:00:00 2001 From: Todd Kjos <tkjos(a)android.com> Date: Fri, 28 Jun 2019 09:50:12 -0700 Subject: binder: return errors from buffer copy functions The buffer copy functions assumed the caller would ensure correct alignment and that the memory to be copied was completely within the binder buffer. There have been a few cases discovered by syzkallar where a malformed transaction created by a user could violated the assumptions and resulted in a BUG_ON. The fix is to remove the BUG_ON and always return the error to be handled appropriately by the caller. Acked-by: Martijn Coenen <maco(a)android.com> Reported-by: syzbot+3ae18325f96190606754(a)syzkaller.appspotmail.com Fixes: bde4a19fc04f ("binder: use userspace pointer as base of buffer space") Suggested-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Todd Kjos <tkjos(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder.c | 153 ++++++++++++++++++++------------- drivers/android/binder_alloc.c | 44 +++++----- drivers/android/binder_alloc.h | 22 ++--- 3 files changed, 126 insertions(+), 93 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 8bf039fdeb91..38a59a630cd4 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2059,10 +2059,9 @@ static size_t binder_get_object(struct binder_proc *proc, read_size = min_t(size_t, sizeof(*object), buffer->data_size - offset); if (offset > buffer->data_size || read_size < sizeof(*hdr) || - !IS_ALIGNED(offset, sizeof(u32))) + binder_alloc_copy_from_buffer(&proc->alloc, object, buffer, + offset, read_size)) return 0; - binder_alloc_copy_from_buffer(&proc->alloc, object, buffer, - offset, read_size); /* Ok, now see if we read a complete object. */ hdr = &object->hdr; @@ -2131,8 +2130,10 @@ static struct binder_buffer_object *binder_validate_ptr( return NULL; buffer_offset = start_offset + sizeof(binder_size_t) * index; - binder_alloc_copy_from_buffer(&proc->alloc, &object_offset, - b, buffer_offset, sizeof(object_offset)); + if (binder_alloc_copy_from_buffer(&proc->alloc, &object_offset, + b, buffer_offset, + sizeof(object_offset))) + return NULL; object_size = binder_get_object(proc, b, object_offset, object); if (!object_size || object->hdr.type != BINDER_TYPE_PTR) return NULL; @@ -2212,10 +2213,12 @@ static bool binder_validate_fixup(struct binder_proc *proc, return false; last_min_offset = last_bbo->parent_offset + sizeof(uintptr_t); buffer_offset = objects_start_offset + - sizeof(binder_size_t) * last_bbo->parent, - binder_alloc_copy_from_buffer(&proc->alloc, &last_obj_offset, - b, buffer_offset, - sizeof(last_obj_offset)); + sizeof(binder_size_t) * last_bbo->parent; + if (binder_alloc_copy_from_buffer(&proc->alloc, + &last_obj_offset, + b, buffer_offset, + sizeof(last_obj_offset))) + return false; } return (fixup_offset >= last_min_offset); } @@ -2301,15 +2304,15 @@ static void binder_transaction_buffer_release(struct binder_proc *proc, for (buffer_offset = off_start_offset; buffer_offset < off_end_offset; buffer_offset += sizeof(binder_size_t)) { struct binder_object_header *hdr; - size_t object_size; + size_t object_size = 0; struct binder_object object; binder_size_t object_offset; - binder_alloc_copy_from_buffer(&proc->alloc, &object_offset, - buffer, buffer_offset, - sizeof(object_offset)); - object_size = binder_get_object(proc, buffer, - object_offset, &object); + if (!binder_alloc_copy_from_buffer(&proc->alloc, &object_offset, + buffer, buffer_offset, + sizeof(object_offset))) + object_size = binder_get_object(proc, buffer, + object_offset, &object); if (object_size == 0) { pr_err("transaction release %d bad object at offset %lld, size %zd\n", debug_id, (u64)object_offset, buffer->data_size); @@ -2432,15 +2435,16 @@ static void binder_transaction_buffer_release(struct binder_proc *proc, for (fd_index = 0; fd_index < fda->num_fds; fd_index++) { u32 fd; + int err; binder_size_t offset = fda_offset + fd_index * sizeof(fd); - binder_alloc_copy_from_buffer(&proc->alloc, - &fd, - buffer, - offset, - sizeof(fd)); - binder_deferred_fd_close(fd); + err = binder_alloc_copy_from_buffer( + &proc->alloc, &fd, buffer, + offset, sizeof(fd)); + WARN_ON(err); + if (!err) + binder_deferred_fd_close(fd); } } break; default: @@ -2683,11 +2687,12 @@ static int binder_translate_fd_array(struct binder_fd_array_object *fda, int ret; binder_size_t offset = fda_offset + fdi * sizeof(fd); - binder_alloc_copy_from_buffer(&target_proc->alloc, - &fd, t->buffer, - offset, sizeof(fd)); - ret = binder_translate_fd(fd, offset, t, thread, - in_reply_to); + ret = binder_alloc_copy_from_buffer(&target_proc->alloc, + &fd, t->buffer, + offset, sizeof(fd)); + if (!ret) + ret = binder_translate_fd(fd, offset, t, thread, + in_reply_to); if (ret < 0) return ret; } @@ -2740,8 +2745,12 @@ static int binder_fixup_parent(struct binder_transaction *t, } buffer_offset = bp->parent_offset + (uintptr_t)parent->buffer - (uintptr_t)b->user_data; - binder_alloc_copy_to_buffer(&target_proc->alloc, b, buffer_offset, - &bp->buffer, sizeof(bp->buffer)); + if (binder_alloc_copy_to_buffer(&target_proc->alloc, b, buffer_offset, + &bp->buffer, sizeof(bp->buffer))) { + binder_user_error("%d:%d got transaction with invalid parent offset\n", + proc->pid, thread->pid); + return -EINVAL; + } return 0; } @@ -3160,15 +3169,20 @@ static void binder_transaction(struct binder_proc *proc, goto err_binder_alloc_buf_failed; } if (secctx) { + int err; size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - ALIGN(secctx_sz, sizeof(u64)); t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; - binder_alloc_copy_to_buffer(&target_proc->alloc, - t->buffer, buf_offset, - secctx, secctx_sz); + err = binder_alloc_copy_to_buffer(&target_proc->alloc, + t->buffer, buf_offset, + secctx, secctx_sz); + if (err) { + t->security_ctx = 0; + WARN_ON(1); + } security_release_secctx(secctx, secctx_sz); secctx = NULL; } @@ -3234,11 +3248,16 @@ static void binder_transaction(struct binder_proc *proc, struct binder_object object; binder_size_t object_offset; - binder_alloc_copy_from_buffer(&target_proc->alloc, - &object_offset, - t->buffer, - buffer_offset, - sizeof(object_offset)); + if (binder_alloc_copy_from_buffer(&target_proc->alloc, + &object_offset, + t->buffer, + buffer_offset, + sizeof(object_offset))) { + return_error = BR_FAILED_REPLY; + return_error_param = -EINVAL; + return_error_line = __LINE__; + goto err_bad_offset; + } object_size = binder_get_object(target_proc, t->buffer, object_offset, &object); if (object_size == 0 || object_offset < off_min) { @@ -3262,15 +3281,17 @@ static void binder_transaction(struct binder_proc *proc, fp = to_flat_binder_object(hdr); ret = binder_translate_binder(fp, t, thread); - if (ret < 0) { + + if (ret < 0 || + binder_alloc_copy_to_buffer(&target_proc->alloc, + t->buffer, + object_offset, + fp, sizeof(*fp))) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_translate_failed; } - binder_alloc_copy_to_buffer(&target_proc->alloc, - t->buffer, object_offset, - fp, sizeof(*fp)); } break; case BINDER_TYPE_HANDLE: case BINDER_TYPE_WEAK_HANDLE: { @@ -3278,15 +3299,16 @@ static void binder_transaction(struct binder_proc *proc, fp = to_flat_binder_object(hdr); ret = binder_translate_handle(fp, t, thread); - if (ret < 0) { + if (ret < 0 || + binder_alloc_copy_to_buffer(&target_proc->alloc, + t->buffer, + object_offset, + fp, sizeof(*fp))) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_translate_failed; } - binder_alloc_copy_to_buffer(&target_proc->alloc, - t->buffer, object_offset, - fp, sizeof(*fp)); } break; case BINDER_TYPE_FD: { @@ -3296,16 +3318,17 @@ static void binder_transaction(struct binder_proc *proc, int ret = binder_translate_fd(fp->fd, fd_offset, t, thread, in_reply_to); - if (ret < 0) { + fp->pad_binder = 0; + if (ret < 0 || + binder_alloc_copy_to_buffer(&target_proc->alloc, + t->buffer, + object_offset, + fp, sizeof(*fp))) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_translate_failed; } - fp->pad_binder = 0; - binder_alloc_copy_to_buffer(&target_proc->alloc, - t->buffer, object_offset, - fp, sizeof(*fp)); } break; case BINDER_TYPE_FDA: { struct binder_object ptr_object; @@ -3393,15 +3416,16 @@ static void binder_transaction(struct binder_proc *proc, num_valid, last_fixup_obj_off, last_fixup_min_off); - if (ret < 0) { + if (ret < 0 || + binder_alloc_copy_to_buffer(&target_proc->alloc, + t->buffer, + object_offset, + bp, sizeof(*bp))) { return_error = BR_FAILED_REPLY; return_error_param = ret; return_error_line = __LINE__; goto err_translate_failed; } - binder_alloc_copy_to_buffer(&target_proc->alloc, - t->buffer, object_offset, - bp, sizeof(*bp)); last_fixup_obj_off = object_offset; last_fixup_min_off = 0; } break; @@ -4140,20 +4164,27 @@ static int binder_apply_fd_fixups(struct binder_proc *proc, trace_binder_transaction_fd_recv(t, fd, fixup->offset); fd_install(fd, fixup->file); fixup->file = NULL; - binder_alloc_copy_to_buffer(&proc->alloc, t->buffer, - fixup->offset, &fd, - sizeof(u32)); + if (binder_alloc_copy_to_buffer(&proc->alloc, t->buffer, + fixup->offset, &fd, + sizeof(u32))) { + ret = -EINVAL; + break; + } } list_for_each_entry_safe(fixup, tmp, &t->fd_fixups, fixup_entry) { if (fixup->file) { fput(fixup->file); } else if (ret) { u32 fd; - - binder_alloc_copy_from_buffer(&proc->alloc, &fd, - t->buffer, fixup->offset, - sizeof(fd)); - binder_deferred_fd_close(fd); + int err; + + err = binder_alloc_copy_from_buffer(&proc->alloc, &fd, + t->buffer, + fixup->offset, + sizeof(fd)); + WARN_ON(err); + if (!err) + binder_deferred_fd_close(fd); } list_del(&fixup->fixup_entry); kfree(fixup); diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index ce5603c2291c..6d79a1b0d446 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -1119,15 +1119,16 @@ binder_alloc_copy_user_to_buffer(struct binder_alloc *alloc, return 0; } -static void binder_alloc_do_buffer_copy(struct binder_alloc *alloc, - bool to_buffer, - struct binder_buffer *buffer, - binder_size_t buffer_offset, - void *ptr, - size_t bytes) +static int binder_alloc_do_buffer_copy(struct binder_alloc *alloc, + bool to_buffer, + struct binder_buffer *buffer, + binder_size_t buffer_offset, + void *ptr, + size_t bytes) { /* All copies must be 32-bit aligned and 32-bit size */ - BUG_ON(!check_buffer(alloc, buffer, buffer_offset, bytes)); + if (!check_buffer(alloc, buffer, buffer_offset, bytes)) + return -EINVAL; while (bytes) { unsigned long size; @@ -1155,25 +1156,26 @@ static void binder_alloc_do_buffer_copy(struct binder_alloc *alloc, ptr = ptr + size; buffer_offset += size; } + return 0; } -void binder_alloc_copy_to_buffer(struct binder_alloc *alloc, - struct binder_buffer *buffer, - binder_size_t buffer_offset, - void *src, - size_t bytes) +int binder_alloc_copy_to_buffer(struct binder_alloc *alloc, + struct binder_buffer *buffer, + binder_size_t buffer_offset, + void *src, + size_t bytes) { - binder_alloc_do_buffer_copy(alloc, true, buffer, buffer_offset, - src, bytes); + return binder_alloc_do_buffer_copy(alloc, true, buffer, buffer_offset, + src, bytes); } -void binder_alloc_copy_from_buffer(struct binder_alloc *alloc, - void *dest, - struct binder_buffer *buffer, - binder_size_t buffer_offset, - size_t bytes) +int binder_alloc_copy_from_buffer(struct binder_alloc *alloc, + void *dest, + struct binder_buffer *buffer, + binder_size_t buffer_offset, + size_t bytes) { - binder_alloc_do_buffer_copy(alloc, false, buffer, buffer_offset, - dest, bytes); + return binder_alloc_do_buffer_copy(alloc, false, buffer, buffer_offset, + dest, bytes); } diff --git a/drivers/android/binder_alloc.h b/drivers/android/binder_alloc.h index 71bfa95f8e09..db9c1b984695 100644 --- a/drivers/android/binder_alloc.h +++ b/drivers/android/binder_alloc.h @@ -159,17 +159,17 @@ binder_alloc_copy_user_to_buffer(struct binder_alloc *alloc, const void __user *from, size_t bytes); -void binder_alloc_copy_to_buffer(struct binder_alloc *alloc, - struct binder_buffer *buffer, - binder_size_t buffer_offset, - void *src, - size_t bytes); - -void binder_alloc_copy_from_buffer(struct binder_alloc *alloc, - void *dest, - struct binder_buffer *buffer, - binder_size_t buffer_offset, - size_t bytes); +int binder_alloc_copy_to_buffer(struct binder_alloc *alloc, + struct binder_buffer *buffer, + binder_size_t buffer_offset, + void *src, + size_t bytes); + +int binder_alloc_copy_from_buffer(struct binder_alloc *alloc, + void *dest, + struct binder_buffer *buffer, + binder_size_t buffer_offset, + size_t bytes); #endif /* _LINUX_BINDER_ALLOC_H */ -- 2.22.0

5 years, 5 months

1
0
0 0

patch "usb: gadget: ether: Fix race between gether_disconnect and rx_submit" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: ether: Fix race between gether_disconnect and rx_submit to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From d29fcf7078bc8be2b6366cbd4418265b53c94fac Mon Sep 17 00:00:00 2001 From: Kiruthika Varadarajan <Kiruthika.Varadarajan(a)harman.com> Date: Tue, 18 Jun 2019 08:39:06 +0000 Subject: usb: gadget: ether: Fix race between gether_disconnect and rx_submit On spin lock release in rx_submit, gether_disconnect get a chance to run, it makes port_usb NULL, rx_submit access NULL port USB, hence null pointer crash. Fixed by releasing the lock in rx_submit after port_usb is used. Fixes: 2b3d942c4878 ("usb ethernet gadget: split out network core") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kiruthika Varadarajan <Kiruthika.Varadarajan(a)harman.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/function/u_ether.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/u_ether.c b/drivers/usb/gadget/function/u_ether.c index 737bd77a575d..2929bb47a618 100644 --- a/drivers/usb/gadget/function/u_ether.c +++ b/drivers/usb/gadget/function/u_ether.c @@ -186,11 +186,12 @@ rx_submit(struct eth_dev *dev, struct usb_request *req, gfp_t gfp_flags) out = dev->port_usb->out_ep; else out = NULL; - spin_unlock_irqrestore(&dev->lock, flags); if (!out) + { + spin_unlock_irqrestore(&dev->lock, flags); return -ENOTCONN; - + } /* Padding up to RX_EXTRA handles minor disagreements with host. * Normally we use the USB "terminate on short read" convention; @@ -214,6 +215,7 @@ rx_submit(struct eth_dev *dev, struct usb_request *req, gfp_t gfp_flags) if (dev->port_usb->is_fixed) size = max_t(size_t, size, dev->port_usb->fixed_out_len); + spin_unlock_irqrestore(&dev->lock, flags); skb = __netdev_alloc_skb(dev->net, size + NET_IP_ALIGN, gfp_flags); if (skb == NULL) { -- 2.22.0

5 years, 5 months

1
0
0 0

patch "usb: gadget: f_fs: data_len used before properly set" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: f_fs: data_len used before properly set to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 4833a94eb383f5b22775077ff92ddaae90440921 Mon Sep 17 00:00:00 2001 From: Fei Yang <fei.yang(a)intel.com> Date: Wed, 12 Jun 2019 15:13:26 -0700 Subject: usb: gadget: f_fs: data_len used before properly set The following line of code in function ffs_epfile_io is trying to set flag io_data->use_sg in case buffer required is larger than one page. io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE; However at this point of time the variable data_len has not been set to the proper buffer size yet. The consequence is that io_data->use_sg is always set regardless what buffer size really is, because the condition (data_len > PAGE_SIZE) is effectively an unsigned comparison between -EINVAL and PAGE_SIZE which would always result in TRUE. Fixes: 772a7a724f69 ("usb: gadget: f_fs: Allow scatter-gather buffers") Signed-off-by: Fei Yang <fei.yang(a)intel.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/gadget/function/f_fs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 47be961f1bf3..c7ed90084d1a 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -997,7 +997,6 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) * earlier */ gadget = epfile->ffs->gadget; - io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE; spin_lock_irq(&epfile->ffs->eps_lock); /* In the meantime, endpoint got disabled or changed. */ @@ -1012,6 +1011,8 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) */ if (io_data->read) data_len = usb_ep_align_maybe(gadget, ep->ep, data_len); + + io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE; spin_unlock_irq(&epfile->ffs->eps_lock); data = ffs_alloc_buffer(io_data, data_len); -- 2.22.0

5 years, 5 months

1
0
0 0

patch "staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: wilc1000: fix error path cleanup in wilc_wlan_initialize() to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 6419f818ababebc1116fb2d0e220bd4fe835d0e3 Mon Sep 17 00:00:00 2001 From: Ajay Singh <ajay.kathat(a)microchip.com> Date: Wed, 26 Jun 2019 12:40:48 +0000 Subject: staging: wilc1000: fix error path cleanup in wilc_wlan_initialize() For the error path in wilc_wlan_initialize(), the resources are not cleanup in the correct order. Reverted the previous changes and use the correct order to free during error condition. Fixes: b46d68825c2d ("staging: wilc1000: remove COMPLEMENT_BOOT") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ajay Singh <ajay.kathat(a)microchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/wilc1000/wilc_netdev.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/staging/wilc1000/wilc_netdev.c b/drivers/staging/wilc1000/wilc_netdev.c index c4efec277255..0e0a4eec5486 100644 --- a/drivers/staging/wilc1000/wilc_netdev.c +++ b/drivers/staging/wilc1000/wilc_netdev.c @@ -530,17 +530,17 @@ static int wilc_wlan_initialize(struct net_device *dev, struct wilc_vif *vif) goto fail_locks; } - if (wl->gpio_irq && init_irq(dev)) { - ret = -EIO; - goto fail_locks; - } - ret = wlan_initialize_threads(dev); if (ret < 0) { ret = -EIO; goto fail_wilc_wlan; } + if (wl->gpio_irq && init_irq(dev)) { + ret = -EIO; + goto fail_threads; + } + if (!wl->dev_irq_num && wl->hif_func->enable_interrupt && wl->hif_func->enable_interrupt(wl)) { @@ -596,7 +596,7 @@ static int wilc_wlan_initialize(struct net_device *dev, struct wilc_vif *vif) fail_irq_init: if (wl->dev_irq_num) deinit_irq(dev); - +fail_threads: wlan_deinitialize_threads(dev); fail_wilc_wlan: wilc_wlan_cleanup(dev); -- 2.22.0

5 years, 5 months

1
0
0 0

patch "staging: mt7621-pci: fix PCIE_FTS_NUM_LO macro" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: mt7621-pci: fix PCIE_FTS_NUM_LO macro to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 0ae0cf509d28d8539b88b5f7f24558f5bfe57cdf Mon Sep 17 00:00:00 2001 From: Sergio Paracuellos <sergio.paracuellos(a)gmail.com> Date: Wed, 26 Jun 2019 14:43:18 +0200 Subject: staging: mt7621-pci: fix PCIE_FTS_NUM_LO macro Add missing parenthesis to PCIE_FTS_NUM_LO macro to do the same it was being done in original code. Fixes: a4b2eb912bb1 ("staging: mt7621-pci: rewrite RC FTS configuration") Signed-off-by: Sergio Paracuellos <sergio.paracuellos(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/mt7621-pci/pci-mt7621.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/mt7621-pci/pci-mt7621.c b/drivers/staging/mt7621-pci/pci-mt7621.c index a981f4f0ed03..89fa813142ab 100644 --- a/drivers/staging/mt7621-pci/pci-mt7621.c +++ b/drivers/staging/mt7621-pci/pci-mt7621.c @@ -42,7 +42,7 @@ /* MediaTek specific configuration registers */ #define PCIE_FTS_NUM 0x70c #define PCIE_FTS_NUM_MASK GENMASK(15, 8) -#define PCIE_FTS_NUM_L0(x) ((x) & 0xff << 8) +#define PCIE_FTS_NUM_L0(x) (((x) & 0xff) << 8) /* rt_sysc_membase relative registers */ #define RALINK_CLKCFG1 0x30 -- 2.22.0

5 years, 5 months

1
0
0 0

patch "staging: bcm2835-camera: Restore return behavior of" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: bcm2835-camera: Restore return behavior of to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From f816db1dc17b99b059325f41ed5a78f85d15368c Mon Sep 17 00:00:00 2001 From: Stefan Wahren <wahrenst(a)gmx.net> Date: Wed, 26 Jun 2019 17:48:11 +0200 Subject: staging: bcm2835-camera: Restore return behavior of ctrl_set_bitrate() The commit 52c4dfcead49 ("Staging: vc04_services: Cleanup in ctrl_set_bitrate()") changed the return behavior of ctrl_set_bitrate(). We cannot do this because of a bug in the firmware, which breaks probing of bcm2835-camera: bcm2835-v4l2: mmal_init: failed to set all camera controls: -3 Cleanup: Destroy video encoder Cleanup: Destroy image encoder Cleanup: Destroy video render Cleanup: Destroy camera bcm2835-v4l2: bcm2835_mmal_probe: mmal init failed: -3 bcm2835-camera: probe of bcm2835-camera failed with error -3 So restore the old behavior, add an explaining comment and a debug message to verify that the bug has been fixed in firmware. Fixes: 52c4dfcead49 ("Staging: vc04_services: Cleanup in ctrl_set_bitrate()") Signed-off-by: Stefan Wahren <wahrenst(a)gmx.net> Cc: stable <stable(a)vger.kernel.org> Acked-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- .../vc04_services/bcm2835-camera/controls.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/staging/vc04_services/bcm2835-camera/controls.c b/drivers/staging/vc04_services/bcm2835-camera/controls.c index d60e378bdfce..c251164655ba 100644 --- a/drivers/staging/vc04_services/bcm2835-camera/controls.c +++ b/drivers/staging/vc04_services/bcm2835-camera/controls.c @@ -604,15 +604,28 @@ static int ctrl_set_bitrate(struct bm2835_mmal_dev *dev, struct v4l2_ctrl *ctrl, const struct bm2835_mmal_v4l2_ctrl *mmal_ctrl) { + int ret; struct vchiq_mmal_port *encoder_out; dev->capture.encode_bitrate = ctrl->val; encoder_out = &dev->component[MMAL_COMPONENT_VIDEO_ENCODE]->output[0]; - return vchiq_mmal_port_parameter_set(dev->instance, encoder_out, - mmal_ctrl->mmal_id, &ctrl->val, - sizeof(ctrl->val)); + ret = vchiq_mmal_port_parameter_set(dev->instance, encoder_out, + mmal_ctrl->mmal_id, &ctrl->val, + sizeof(ctrl->val)); + + v4l2_dbg(1, bcm2835_v4l2_debug, &dev->v4l2_dev, + "%s: After: mmal_ctrl:%p ctrl id:0x%x ctrl val:%d ret %d(%d)\n", + __func__, mmal_ctrl, ctrl->id, ctrl->val, ret, + (ret == 0 ? 0 : -EINVAL)); + + /* + * Older firmware versions (pre July 2019) have a bug in handling + * MMAL_PARAMETER_VIDEO_BIT_RATE that result in the call + * returning -MMAL_MSG_STATUS_EINVAL. So ignore errors from this call. + */ + return 0; } static int ctrl_set_bitrate_mode(struct bm2835_mmal_dev *dev, -- 2.22.0

5 years, 5 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2019