August 2019 - Linux-stable-mirror

FAILED: patch "[PATCH] ALSA: hiface: fix multiple memory leak bugs" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3d92aa45fbfd7319e3a19f4ec59fd32b3862b723 Mon Sep 17 00:00:00 2001 From: Wenwen Wang <wenwen(a)cs.uga.edu> Date: Wed, 7 Aug 2019 04:08:51 -0500 Subject: [PATCH] ALSA: hiface: fix multiple memory leak bugs In hiface_pcm_init(), 'rt' is firstly allocated through kzalloc(). Later on, hiface_pcm_init_urb() is invoked to initialize 'rt->out_urbs[i]'. In hiface_pcm_init_urb(), 'rt->out_urbs[i].buffer' is allocated through kzalloc(). However, if hiface_pcm_init_urb() fails, both 'rt' and 'rt->out_urbs[i].buffer' are not deallocated, leading to memory leak bugs. Also, 'rt->out_urbs[i].buffer' is not deallocated if snd_pcm_new() fails. To fix the above issues, free 'rt' and 'rt->out_urbs[i].buffer'. Fixes: a91c3fb2f842 ("Add M2Tech hiFace USB-SPDIF driver") Signed-off-by: Wenwen Wang <wenwen(a)cs.uga.edu> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/usb/hiface/pcm.c b/sound/usb/hiface/pcm.c index 14fc1e1d5d13..c406497c5919 100644 --- a/sound/usb/hiface/pcm.c +++ b/sound/usb/hiface/pcm.c @@ -600,14 +600,13 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) ret = hiface_pcm_init_urb(&rt->out_urbs[i], chip, OUT_EP, hiface_pcm_out_urb_handler); if (ret < 0) - return ret; + goto error; } ret = snd_pcm_new(chip->card, "USB-SPDIF Audio", 0, 1, 0, &pcm); if (ret < 0) { - kfree(rt); dev_err(&chip->dev->dev, "Cannot create pcm instance\n"); - return ret; + goto error; } pcm->private_data = rt; @@ -620,4 +619,10 @@ int hiface_pcm_init(struct hiface_chip *chip, u8 extra_freq) chip->pcm = rt; return 0; + +error: + for (i = 0; i < PCM_N_URBS; i++) + kfree(rt->out_urbs[i].buffer); + kfree(rt); + return ret; }

6 years, 1 month

1
0
0 0

[PATCH] KVM/nSVM: properly map nested VMCB

by Paolo Bonzini

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> [ upstream commit 8f38302c0be2d2daf3b40f7d2142ec77e35d209e ] Commit 8c5fbf1a7231 ("KVM/nSVM: Use the new mapping API for mapping guest memory") broke nested SVM completely: kvm_vcpu_map()'s second parameter is GFN so vmcb_gpa needs to be converted with gpa_to_gfn(), not the other way around. Fixes: 8c5fbf1a7231 ("KVM/nSVM: Use the new mapping API for mapping guest memory") Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Reviewed-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- arch/x86/kvm/svm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 735b8c01895e..5beca1030c9a 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -3293,7 +3293,7 @@ static int nested_svm_vmexit(struct vcpu_svm *svm) vmcb->control.exit_int_info_err, KVM_ISA_SVM); - rc = kvm_vcpu_map(&svm->vcpu, gfn_to_gpa(svm->nested.vmcb), &map); + rc = kvm_vcpu_map(&svm->vcpu, gpa_to_gfn(svm->nested.vmcb), &map); if (rc) { if (rc == -EINVAL) kvm_inject_gp(&svm->vcpu, 0); @@ -3583,7 +3583,7 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm) vmcb_gpa = svm->vmcb->save.rax; - rc = kvm_vcpu_map(&svm->vcpu, gfn_to_gpa(vmcb_gpa), &map); + rc = kvm_vcpu_map(&svm->vcpu, gpa_to_gfn(vmcb_gpa), &map); if (rc) { if (rc == -EINVAL) kvm_inject_gp(&svm->vcpu, 0); -- 1.8.3.1

6 years, 1 month

2
1
0 0

[PATCH v3] Revert "i2c: imx: improve the error handling in i2c_imx_dma_request()"

by Fabio Estevam

Since commit e1ab9a468e3b ("i2c: imx: improve the error handling in i2c_imx_dma_request()") when booting with the DMA driver as module (such as CONFIG_FSL_EDMA=m) the following endless clk warnings are seen: [ 153.077831] ------------[ cut here ]------------ [ 153.082528] WARNING: CPU: 0 PID: 15 at drivers/clk/clk.c:924 clk_core_disable_lock+0x18/0x24 [ 153.093077] i2c0 already disabled [ 153.096416] Modules linked in: [ 153.099521] CPU: 0 PID: 15 Comm: kworker/0:1 Tainted: G W 5.2.0+ #321 [ 153.107290] Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) [ 153.113772] Workqueue: events deferred_probe_work_func [ 153.118979] [<c0019560>] (unwind_backtrace) from [<c0014734>] (show_stack+0x10/0x14) [ 153.126778] [<c0014734>] (show_stack) from [<c083f8dc>] (dump_stack+0x9c/0xd4) [ 153.134051] [<c083f8dc>] (dump_stack) from [<c0031154>] (__warn+0xf8/0x124) [ 153.141056] [<c0031154>] (__warn) from [<c0031248>] (warn_slowpath_fmt+0x38/0x48) [ 153.148580] [<c0031248>] (warn_slowpath_fmt) from [<c040fde0>] (clk_core_disable_lock+0x18/0x24) [ 153.157413] [<c040fde0>] (clk_core_disable_lock) from [<c058f520>] (i2c_imx_probe+0x554/0x6ec) [ 153.166076] [<c058f520>] (i2c_imx_probe) from [<c04b9178>] (platform_drv_probe+0x48/0x98) [ 153.174297] [<c04b9178>] (platform_drv_probe) from [<c04b7298>] (really_probe+0x1d8/0x2c0) [ 153.182605] [<c04b7298>] (really_probe) from [<c04b7554>] (driver_probe_device+0x5c/0x174) [ 153.190909] [<c04b7554>] (driver_probe_device) from [<c04b58c8>] (bus_for_each_drv+0x44/0x8c) [ 153.199480] [<c04b58c8>] (bus_for_each_drv) from [<c04b746c>] (__device_attach+0xa0/0x108) [ 153.207782] [<c04b746c>] (__device_attach) from [<c04b65a4>] (bus_probe_device+0x88/0x90) [ 153.215999] [<c04b65a4>] (bus_probe_device) from [<c04b6a04>] (deferred_probe_work_func+0x60/0x90) [ 153.225003] [<c04b6a04>] (deferred_probe_work_func) from [<c004f190>] (process_one_work+0x204/0x634) [ 153.234178] [<c004f190>] (process_one_work) from [<c004f618>] (worker_thread+0x20/0x484) [ 153.242315] [<c004f618>] (worker_thread) from [<c0055c2c>] (kthread+0x118/0x150) [ 153.249758] [<c0055c2c>] (kthread) from [<c00090b4>] (ret_from_fork+0x14/0x20) [ 153.257006] Exception stack(0xdde43fb0 to 0xdde43ff8) [ 153.262095] 3fa0: 00000000 00000000 00000000 00000000 [ 153.270306] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 153.278520] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 153.285159] irq event stamp: 3323022 [ 153.288787] hardirqs last enabled at (3323021): [<c0861c4c>] _raw_spin_unlock_irq+0x24/0x2c [ 153.297261] hardirqs last disabled at (3323022): [<c040d7a0>] clk_enable_lock+0x10/0x124 [ 153.305392] softirqs last enabled at (3322092): [<c000a504>] __do_softirq+0x344/0x540 [ 153.313352] softirqs last disabled at (3322081): [<c00385c0>] irq_exit+0x10c/0x128 [ 153.320946] ---[ end trace a506731ccd9bd703 ]--- This endless clk warnings behaviour is well explained by Andrey Smirnov: "Allocating DMA after registering I2C adapter can lead to infinite probing loop, for example, consider the following scenario: 1. i2c_imx_probe() is called and successfully registers an I2C adapter via i2c_add_numbered_adapter() 2. As a part of i2c_add_numbered_adapter() new I2C slave devices are added from DT which results in a call to driver_deferred_probe_trigger() 3. i2c_imx_probe() continues and calls i2c_imx_dma_request() which due to lack of proper DMA driver returns -EPROBE_DEFER 4. i2c_imx_probe() fails, removes I2C adapter and returns -EPROBE_DEFER, which places it into deferred probe list 5. Deferred probe work triggered in #2 above kicks in and calls i2c_imx_probe() again thus bringing us to step #1" So revert commit e1ab9a468e3b ("i2c: imx: improve the error handling in i2c_imx_dma_request()") and restore the old behaviour, in order to avoid regressions on existing setups. Cc: <stable(a)vger.kernel.org> Reported-by: Andrey Smirnov <andrew.smirnov(a)gmail.com> Reported-by: Russell King <linux(a)armlinux.org.uk> Fixes: e1ab9a468e3b ("i2c: imx: improve the error handling in i2c_imx_dma_request()") Signed-off-by: Fabio Estevam <festevam(a)gmail.com> --- Changes since v2: - Revert e1ab9a468e3b ("i2c: imx: improve the error handling in i2c_imx_dma_request()") drivers/i2c/busses/i2c-imx.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/drivers/i2c/busses/i2c-imx.c b/drivers/i2c/busses/i2c-imx.c index b1b8b938d7f4..15f6cde6452f 100644 --- a/drivers/i2c/busses/i2c-imx.c +++ b/drivers/i2c/busses/i2c-imx.c @@ -273,8 +273,8 @@ static inline unsigned char imx_i2c_read_reg(struct imx_i2c_struct *i2c_imx, } /* Functions for DMA support */ -static int i2c_imx_dma_request(struct imx_i2c_struct *i2c_imx, - dma_addr_t phy_addr) +static void i2c_imx_dma_request(struct imx_i2c_struct *i2c_imx, + dma_addr_t phy_addr) { struct imx_i2c_dma *dma; struct dma_slave_config dma_sconfig; @@ -283,7 +283,7 @@ static int i2c_imx_dma_request(struct imx_i2c_struct *i2c_imx, dma = devm_kzalloc(dev, sizeof(*dma), GFP_KERNEL); if (!dma) - return -ENOMEM; + return; dma->chan_tx = dma_request_chan(dev, "tx"); if (IS_ERR(dma->chan_tx)) { @@ -328,7 +328,7 @@ static int i2c_imx_dma_request(struct imx_i2c_struct *i2c_imx, dev_info(dev, "using %s (tx) and %s (rx) for DMA transfers\n", dma_chan_name(dma->chan_tx), dma_chan_name(dma->chan_rx)); - return 0; + return; fail_rx: dma_release_channel(dma->chan_rx); @@ -336,8 +336,6 @@ static int i2c_imx_dma_request(struct imx_i2c_struct *i2c_imx, dma_release_channel(dma->chan_tx); fail_al: devm_kfree(dev, dma); - /* return successfully if there is no dma support */ - return ret == -ENODEV ? 0 : ret; } static void i2c_imx_dma_callback(void *arg) @@ -1165,17 +1163,13 @@ static int i2c_imx_probe(struct platform_device *pdev) dev_dbg(&i2c_imx->adapter.dev, "device resources: %pR\n", res); dev_dbg(&i2c_imx->adapter.dev, "adapter name: \"%s\"\n", i2c_imx->adapter.name); + dev_info(&i2c_imx->adapter.dev, "IMX I2C adapter registered\n"); /* Init DMA config if supported */ - ret = i2c_imx_dma_request(i2c_imx, phy_addr); - if (ret < 0) - goto del_adapter; + i2c_imx_dma_request(i2c_imx, phy_addr); - dev_info(&i2c_imx->adapter.dev, "IMX I2C adapter registered\n"); return 0; /* Return OK */ -del_adapter: - i2c_del_adapter(&i2c_imx->adapter); clk_notifier_unregister: clk_notifier_unregister(i2c_imx->clk, &i2c_imx->clk_change_nb); rpm_disable: -- 2.17.1

6 years, 1 month

2
1
0 0

✅ PASS: Stable queue: queue-5.2

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: d36a8d2fb62c - Linux 5.2.8 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://artifacts.cki-project.org/pipelines/99643 We hope that these logs can help you find the problem quickly. For the full detail on our testing procedures, please scroll to the bottom of this message. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out the following commit: Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: d36a8d2fb62c - Linux 5.2.8 We grabbed the e939b44eeef5 commit of the stable queue repository. We then merged the patchset with `git am`: revert-pci-add-missing-link-delays-required-by-the-pcie-spec.patch iio-ingenic-jz47xx-set-clock-divider-on-probe.patch iio-cros_ec_accel_legacy-fix-incorrect-channel-setting.patch iio-imu-mpu6050-add-missing-available-scan-masks.patch iio-adc-gyroadc-fix-uninitialized-return-code.patch iio-adc-max9611-fix-misuse-of-genmask-macro.patch staging-gasket-apex-fix-copy-paste-typo.patch staging-wilc1000-flush-the-workqueue-before-deinit-the-host.patch staging-android-ion-bail-out-upon-sigkill-when-allocating-memory.patch staging-fbtft-fix-probing-of-gpio-descriptor.patch staging-fbtft-fix-reset-assertion-when-using-gpio-descriptor.patch crypto-ccp-fix-oops-by-properly-managing-allocated-structures.patch crypto-ccp-add-support-for-valid-authsize-values-less-than-16.patch crypto-ccp-ignore-tag-length-when-decrypting-gcm-ciphertext.patch driver-core-platform-return-enxio-for-missing-gpioint.patch usb-usbfs-fix-double-free-of-usb-memory-upon-submiturb-error.patch revert-usb-rio500-simplify-locking.patch usb-iowarrior-fix-deadlock-on-disconnect.patch sound-fix-a-memory-leak-bug.patch mmc-cavium-set-the-correct-dma-max-segment-size-for-mmc_host.patch mmc-cavium-add-the-missing-dma-unmap-when-the-dma-has-finished.patch loop-set-pf_memalloc_noio-for-the-worker-thread.patch bdev-fixup-error-handling-in-blkdev_get.patch input-usbtouchscreen-initialize-pm-mutex-before-using-it.patch input-elantech-enable-smbus-on-new-2018-systems.patch input-synaptics-enable-rmi-mode-for-hp-spectre-x360.patch x86-mm-check-for-pfn-instead-of-page-in-vmalloc_sync_one.patch x86-mm-sync-also-unmappings-in-vmalloc_sync_all.patch mm-vmalloc-sync-unmappings-in-__purge_vmap_area_lazy.patch coresight-fix-debug_locks_warn_on-for-uninitialized-attribute.patch perf-annotate-fix-s390-gap-between-kernel-end-and-module-start.patch perf-db-export-fix-thread__exec_comm.patch perf-record-fix-module-size-on-s390.patch x86-purgatory-do-not-use-__builtin_memcpy-and-__builtin_memset.patch x86-purgatory-use-cflags_remove-rather-than-reset-kbuild_cflags.patch genirq-affinity-create-affinity-mask-for-single-vector.patch gfs2-gfs2_walk_metadata-fix.patch usb-host-xhci-rcar-fix-timeout-in-xhci_suspend.patch usb-yurex-fix-use-after-free-in-yurex_delete.patch usb-typec-ucsi-ccg-fix-uninitilized-symbol-error.patch usb-typec-tcpm-free-log-buf-memory-when-remove-debug-file.patch usb-typec-tcpm-remove-tcpm-dir-if-no-children.patch usb-typec-tcpm-add-null-check-before-dereferencing-config.patch usb-typec-tcpm-ignore-unsupported-unknown-alternate-mode-requests.patch can-rcar_canfd-fix-possible-irq-storm-on-high-load.patch can-flexcan-fix-stop-mode-acknowledgment.patch can-flexcan-fix-an-use-after-free-in-flexcan_setup_stop_mode.patch can-peak_usb-fix-potential-double-kfree_skb.patch powerpc-fix-off-by-one-in-max_zone_pfn-initializatio.patch netfilter-nfnetlink-avoid-deadlock-due-to-synchronou.patch vfio-ccw-set-pa_nr-to-0-if-memory-allocation-fails-f.patch vfio-ccw-don-t-call-cp_free-if-we-are-processing-a-c.patch netfilter-fix-rpfilter-dropping-vrf-packets-by-mista.patch netfilter-nf_tables-fix-module-autoload-for-redir.patch netfilter-conntrack-always-store-window-size-un-scal.patch netfilter-nft_hash-fix-symhash-with-modulus-one.patch scripts-sphinx-pre-install-fix-script-for-rhel-cento.patch scripts-sphinx-pre-install-don-t-use-latex-with-cent.patch scripts-sphinx-pre-install-fix-latexmk-dependencies.patch rq-qos-don-t-reset-has_sleepers-on-spurious-wakeups.patch rq-qos-set-ourself-task_uninterruptible-after-we-sch.patch rq-qos-use-a-mb-for-got_token.patch netfilter-nf_tables-support-auto-loading-for-inet-na.patch drm-amd-display-no-audio-endpoint-for-dell-mst-displ.patch drm-amd-display-clock-does-not-lower-in-updateplanes.patch drm-amd-display-wait-for-backlight-programming-compl.patch drm-amd-display-fix-dmcu-hang-when-going-into-modern.patch drm-amd-display-use-encoder-s-engine-id-to-find-matc.patch drm-amd-display-put-back-front-end-initialization-se.patch drm-amd-display-allocate-4-ddc-engines-for-rv2.patch drm-amd-display-fix-dc_create-failure-handling-and-6.patch drm-amd-display-only-enable-audio-if-speaker-allocat.patch drm-amd-display-increase-size-of-audios-array.patch iscsi_ibft-make-iscsi_ibft-dependson-acpi-instead-of.patch nl80211-fix-nl80211_he_max_capability_len.patch mac80211-fix-possible-memory-leak-in-ieee80211_assig.patch mac80211-don-t-warn-about-cw-params-when-not-using-t.patch allocate_flower_entry-should-check-for-null-deref.patch hwmon-occ-fix-division-by-zero-issue.patch hwmon-nct6775-fix-register-address-and-added-missed-.patch arm-dts-imx6ul-fix-clock-frequency-property-name-of-.patch powerpc-papr_scm-force-a-scm-unbind-if-initial-scm-b.patch arm64-force-ssbs-on-context-switch.patch arm64-entry-sp-alignment-fault-doesn-t-write-to-far_.patch iommu-vt-d-check-if-domain-pgd-was-allocated.patch drm-msm-dpu-correct-dpu-encoder-spinlock-initializat.patch drm-silence-variable-conn-set-but-not-used.patch arm64-dts-imx8mm-correct-sai3-rxc-txfs-pin-s-mux-opt.patch arm64-dts-imx8mq-fix-sai-compatible.patch cpufreq-pasemi-fix-use-after-free-in-pas_cpufreq_cpu.patch s390-qdio-add-sanity-checks-to-the-fast-requeue-path.patch alsa-compress-fix-regression-on-compressed-capture-s.patch alsa-compress-prevent-bypasses-of-set_params.patch alsa-compress-don-t-allow-paritial-drain-operations-.patch alsa-compress-be-more-restrictive-about-when-a-drain.patch perf-script-fix-off-by-one-in-brstackinsn-ipc-comput.patch perf-tools-fix-proper-buffer-size-for-feature-proces.patch perf-stat-fix-segfault-for-event-group-in-repeat-mod.patch perf-session-fix-loading-of-compressed-data-split-ac.patch perf-probe-avoid-calling-freeing-routine-multiple-ti.patch drbd-dynamically-allocate-shash-descriptor.patch acpi-iort-fix-off-by-one-check-in-iort_dev_find_its_.patch nvme-ignore-subnqn-for-adata-sx6000lnp.patch nvme-fix-memory-leak-caused-by-incorrect-subsystem-f.patch arm-davinci-fix-sleep.s-build-error-on-armv4.patch arm-dts-bcm-bcm47094-add-missing-cells-for-mdio-bus-.patch scsi-megaraid_sas-fix-panic-on-loading-firmware-cras.patch scsi-ibmvfc-fix-warn_on-during-event-pool-release.patch scsi-scsi_dh_alua-always-use-a-2-second-delay-before.patch test_firmware-fix-a-memory-leak-bug.patch tty-ldsem-locking-rwsem-add-missing-acquire-to-read_.patch perf-x86-intel-fix-slots-pebs-event-constraint.patch perf-x86-intel-fix-invalid-bit-13-for-icelake-msr_of.patch perf-x86-apply-more-accurate-check-on-hypervisor-pla.patch perf-core-fix-creating-kernel-counters-for-pmus-that.patch s390-dma-provide-proper-arch_zone_dma_bits-value.patch gen_compile_commands-lower-the-entry-count-threshold.patch Compile testing --------------- We compiled the kernel for 3 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test [0] ✅ xfstests: xfs [1] ✅ selinux-policy: serge-testsuite [2] ✅ lvm thinp sanity [3] ✅ storage: software RAID testing [4] 🚧 ✅ Storage blktests [5] Host 2: ✅ Boot test [0] ✅ Podman system integration test (as root) [6] ✅ Podman system integration test (as user) [6] ✅ LTP lite [7] ✅ Loopdev Sanity [8] ✅ jvm test suite [9] ✅ AMTU (Abstract Machine Test Utility) [10] ✅ LTP: openposix test suite [11] ✅ Ethernet drivers sanity [12] ✅ Networking socket: fuzz [13] ✅ audit: audit testsuite test [14] ✅ httpd: mod_ssl smoke sanity [15] ✅ iotop: sanity [16] ✅ tuned: tune-processes-through-perf [17] ✅ pciutils: update pci ids test [18] ✅ Usex - version 1.9-29 [19] ✅ storage: SCSI VPD [20] ppc64le: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. x86_64: Host 1: ✅ Boot test [0] ✅ xfstests: xfs [1] ✅ selinux-policy: serge-testsuite [2] ✅ lvm thinp sanity [3] ✅ storage: software RAID testing [4] 🚧 ✅ Storage blktests [5] Host 2: ✅ Boot test [0] ✅ Podman system integration test (as root) [6] ✅ Podman system integration test (as user) [6] ✅ LTP lite [7] ✅ Loopdev Sanity [8] ✅ jvm test suite [9] ✅ AMTU (Abstract Machine Test Utility) [10] ✅ LTP: openposix test suite [11] ✅ Ethernet drivers sanity [12] ✅ Networking socket: fuzz [13] ✅ audit: audit testsuite test [14] ✅ httpd: mod_ssl smoke sanity [15] ✅ iotop: sanity [16] ✅ tuned: tune-processes-through-perf [17] ✅ pciutils: sanity smoke test [22] ✅ pciutils: update pci ids test [18] ✅ Usex - version 1.9-29 [19] ✅ storage: SCSI VPD [20] ✅ stress: stress-ng [21] Test source: 💚 Pull requests are welcome for new tests or improvements to existing tests! [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/swra… [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/blk [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/container/p… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/jvm [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/upd… [19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/scsi… [21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres… [22]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/san… Waived tests (marked with 🚧) ----------------------------- This test run included waived tests. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed.

6 years, 1 month

1
0
0 0

[PATCH v9 1/7] powerpc/mce: Schedule work from irq_work

by Santosh Sivaraj

schedule_work() cannot be called from MCE exception context as MCE can interrupt even in interrupt disabled context. fixes: 733e4a4c ("powerpc/mce: hookup memory_failure for UE errors") Suggested-by: Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> Signed-off-by: Santosh Sivaraj <santosh(a)fossix.org> Cc: stable(a)vger.kernel.org # v4.15+ --- arch/powerpc/kernel/mce.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/mce.c b/arch/powerpc/kernel/mce.c index b18df633eae9..cff31d4a501f 100644 --- a/arch/powerpc/kernel/mce.c +++ b/arch/powerpc/kernel/mce.c @@ -33,6 +33,7 @@ static DEFINE_PER_CPU(struct machine_check_event[MAX_MC_EVT], mce_ue_event_queue); static void machine_check_process_queued_event(struct irq_work *work); +static void machine_check_ue_irq_work(struct irq_work *work); void machine_check_ue_event(struct machine_check_event *evt); static void machine_process_ue_event(struct work_struct *work); @@ -40,6 +41,10 @@ static struct irq_work mce_event_process_work = { .func = machine_check_process_queued_event, }; +static struct irq_work mce_ue_event_irq_work = { + .func = machine_check_ue_irq_work, +}; + DECLARE_WORK(mce_ue_event_work, machine_process_ue_event); static void mce_set_error_info(struct machine_check_event *mce, @@ -199,6 +204,10 @@ void release_mce_event(void) get_mce_event(NULL, true); } +static void machine_check_ue_irq_work(struct irq_work *work) +{ + schedule_work(&mce_ue_event_work); +} /* * Queue up the MCE event which then can be handled later. @@ -216,7 +225,7 @@ void machine_check_ue_event(struct machine_check_event *evt) memcpy(this_cpu_ptr(&mce_ue_event_queue[index]), evt, sizeof(*evt)); /* Queue work to process this event later. */ - schedule_work(&mce_ue_event_work); + irq_work_queue(&mce_ue_event_irq_work); } /* -- 2.21.0

6 years, 1 month

3
2
0 0

Re: [PATCH 5.3] mt76: mt76x0e: disable 5GHz band for MT7630E

by Stanislaw Gruszka

On Tue, Aug 13, 2019 at 05:55:26PM +0000, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v5.2.8, v4.19.66, v4.14.138, v4.9.189, v4.4.189. > > v5.2.8: Build OK! > v4.19.66: Failed to apply! Possible dependencies: > 86c71d3deefa ("mt76: move eeprom utility routines in mt76x02_eeprom.h") > d6500cf3700f ("mt76x0: add quirk to disable 2.4GHz band for Archer T1U") > eef40d209ad0 ("mt76: move common eeprom definitions in mt76x02-lib module") <snip> > NOTE: The patch will not be queued to stable trees until it is upstream. > > How should we proceed with this patch? mt76x0e support was added in 4.20 , so it's fine just to apply this commit in 5.2 . Stanislaw

6 years, 1 month

1
0
0 0

[PATCH v2 2/2] riscv: Make __fstate_clean() work correctly.

by Vincent Chen

Make the __fstate_clean() function correctly set the state of sstatus.FS in pt_regs to SR_FS_CLEAN. Fixes: 7db91e5 ("RISC-V: Task implementation") Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Vincent Chen <vincent.chen(a)sifive.com> Reviewed-by: Anup Patel <anup(a)brainfault.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> --- arch/riscv/include/asm/switch_to.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/switch_to.h b/arch/riscv/include/asm/switch_to.h index 0575b8a..0aa5b94 100644 --- a/arch/riscv/include/asm/switch_to.h +++ b/arch/riscv/include/asm/switch_to.h @@ -16,7 +16,7 @@ extern void __fstate_restore(struct task_struct *restore_from); static inline void __fstate_clean(struct pt_regs *regs) { - regs->sstatus |= (regs->sstatus & ~(SR_FS)) | SR_FS_CLEAN; + regs->sstatus = (regs->sstatus & ~SR_FS) | SR_FS_CLEAN; } static inline void fstate_off(struct task_struct *task, -- 2.7.4

6 years, 1 month

1
0
0 0

[PATCH] phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role"

by Yoshihiro Shimoda

Since the role_store() uses strncmp(), it's possible to refer out-of-memory if the sysfs data size is smaller than strlen("host"). This patch fixes it by using sysfs_streq() instead of strncmp(). Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 9bb86777fb71 ("phy: rcar-gen3-usb2: add sysfs for usb role swap") Cc: <stable(a)vger.kernel.org> # v4.10+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> --- Just a record. The role_store() doesn't need to check the count because the sysfs_streq() checks the first argument is NULL or not. On "if (sysfs_streq(buf, "host"))" Example 1: echo ho > role --> In this case, the count is 3 and the buf has "ho" + NULL. So, the third character differs between NULL and 's'. Example 2: echo host-is-not-used > role --> In this case, the count is 17 and the buf has "host-is-not-used" + NULL. So, the fifth character differs between '-' and NULL. drivers/phy/renesas/phy-rcar-gen3-usb2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 1322185..cc18970 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -20,6 +20,7 @@ #include <linux/platform_device.h> #include <linux/pm_runtime.h> #include <linux/regulator/consumer.h> +#include <linux/string.h> #include <linux/usb/of.h> #include <linux/workqueue.h> @@ -317,9 +318,9 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) return -EIO; - if (!strncmp(buf, "host", strlen("host"))) + if (sysfs_streq(buf, "host")) new_mode = PHY_MODE_USB_HOST; - else if (!strncmp(buf, "peripheral", strlen("peripheral"))) + else if (sysfs_streq(buf, "peripheral")) new_mode = PHY_MODE_USB_DEVICE; else return -EINVAL; -- 2.7.4

6 years, 1 month

3
4
0 0

[git:media_tree/master] media: tm6000: double free if usb disconnect while streaming

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: tm6000: double free if usb disconnect while streaming Author: Sean Young <sean(a)mess.org> Date: Tue Aug 13 13:45:09 2019 -0300 The usb_bulk_urb will kfree'd on disconnect, so ensure the pointer is set to NULL after each free. stop stream urb killing urb buffer free tm6000: got start feed request tm6000_start_feed tm6000: got start stream request tm6000_start_stream tm6000: pipe reset tm6000: got start feed request tm6000_start_feed tm6000: got start feed request tm6000_start_feed tm6000: got start feed request tm6000_start_feed tm6000: got start feed request tm6000_start_feed tm6000: IR URB failure: status: -71, length 0 xhci_hcd 0000:00:14.0: ERROR unknown event type 37 xhci_hcd 0000:00:14.0: ERROR unknown event type 37 tm6000: error tm6000_urb_received usb 1-2: USB disconnect, device number 5 tm6000: disconnecting tm6000 #0 ================================================================== BUG: KASAN: use-after-free in dvb_fini+0x75/0x140 [tm6000_dvb] Read of size 8 at addr ffff888241044060 by task kworker/2:0/22 CPU: 2 PID: 22 Comm: kworker/2:0 Tainted: G W 5.3.0-rc4+ #1 Hardware name: LENOVO 20KHCTO1WW/20KHCTO1WW, BIOS N23ET65W (1.40 ) 07/02/2019 Workqueue: usb_hub_wq hub_event Call Trace: dump_stack+0x9a/0xf0 print_address_description.cold+0xae/0x34f __kasan_report.cold+0x75/0x93 ? tm6000_fillbuf+0x390/0x3c0 [tm6000_alsa] ? dvb_fini+0x75/0x140 [tm6000_dvb] kasan_report+0xe/0x12 dvb_fini+0x75/0x140 [tm6000_dvb] tm6000_close_extension+0x51/0x80 [tm6000] tm6000_usb_disconnect.cold+0xd4/0x105 [tm6000] usb_unbind_interface+0xe4/0x390 device_release_driver_internal+0x121/0x250 bus_remove_device+0x197/0x260 device_del+0x268/0x550 ? __device_links_no_driver+0xd0/0xd0 ? usb_remove_ep_devs+0x30/0x3b usb_disable_device+0x122/0x400 usb_disconnect+0x153/0x430 hub_event+0x800/0x1e40 ? trace_hardirqs_on_thunk+0x1a/0x20 ? hub_port_debounce+0x1f0/0x1f0 ? retint_kernel+0x10/0x10 ? lock_is_held_type+0xf1/0x130 ? hub_port_debounce+0x1f0/0x1f0 ? process_one_work+0x4ae/0xa00 process_one_work+0x4ba/0xa00 ? pwq_dec_nr_in_flight+0x160/0x160 ? do_raw_spin_lock+0x10a/0x1d0 worker_thread+0x7a/0x5c0 ? process_one_work+0xa00/0xa00 kthread+0x1d5/0x200 ? kthread_create_worker_on_cpu+0xd0/0xd0 ret_from_fork+0x3a/0x50 Allocated by task 2682: save_stack+0x1b/0x80 __kasan_kmalloc.constprop.0+0xc2/0xd0 usb_alloc_urb+0x28/0x60 tm6000_start_feed+0x10a/0x300 [tm6000_dvb] dmx_ts_feed_start_filtering+0x86/0x120 [dvb_core] dvb_dmxdev_start_feed+0x121/0x180 [dvb_core] dvb_dmxdev_filter_start+0xcb/0x540 [dvb_core] dvb_demux_do_ioctl+0x7ed/0x890 [dvb_core] dvb_usercopy+0x97/0x1f0 [dvb_core] dvb_demux_ioctl+0x11/0x20 [dvb_core] do_vfs_ioctl+0x5d8/0x9d0 ksys_ioctl+0x5e/0x90 __x64_sys_ioctl+0x3d/0x50 do_syscall_64+0x74/0xe0 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 22: save_stack+0x1b/0x80 __kasan_slab_free+0x12c/0x170 kfree+0xfd/0x3a0 xhci_giveback_urb_in_irq+0xfe/0x230 xhci_td_cleanup+0x276/0x340 xhci_irq+0x1129/0x3720 __handle_irq_event_percpu+0x6e/0x420 handle_irq_event_percpu+0x6f/0x100 handle_irq_event+0x55/0x84 handle_edge_irq+0x108/0x3b0 handle_irq+0x2e/0x40 do_IRQ+0x83/0x1a0 Cc: stable(a)vger.kernel.org Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/tm6000/tm6000-dvb.c | 3 +++ 1 file changed, 3 insertions(+) --- diff --git a/drivers/media/usb/tm6000/tm6000-dvb.c b/drivers/media/usb/tm6000/tm6000-dvb.c index e4d2dcd5cc0f..19c90fa9e443 100644 --- a/drivers/media/usb/tm6000/tm6000-dvb.c +++ b/drivers/media/usb/tm6000/tm6000-dvb.c @@ -97,6 +97,7 @@ static void tm6000_urb_received(struct urb *urb) printk(KERN_ERR "tm6000: error %s\n", __func__); kfree(urb->transfer_buffer); usb_free_urb(urb); + dev->dvb->bulk_urb = NULL; } } } @@ -127,6 +128,7 @@ static int tm6000_start_stream(struct tm6000_core *dev) dvb->bulk_urb->transfer_buffer = kzalloc(size, GFP_KERNEL); if (!dvb->bulk_urb->transfer_buffer) { usb_free_urb(dvb->bulk_urb); + dvb->bulk_urb = NULL; return -ENOMEM; } @@ -153,6 +155,7 @@ static int tm6000_start_stream(struct tm6000_core *dev) kfree(dvb->bulk_urb->transfer_buffer); usb_free_urb(dvb->bulk_urb); + dvb->bulk_urb = NULL; return ret; }

6 years, 1 month

1
0
0 0

[PATCH 0/3 5.2-stable] Sync mappings in vmalloc/ioremap areas

by Joerg Roedel

From: Joerg Roedel <jroedel(a)suse.de> Backport commits from upstream to fix a data corruption issue that gets exposed when using PTI on x86-32. Please consider them for inclusion into stable-5.2. Joerg Roedel (3): x86/mm: Check for pfn instead of page in vmalloc_sync_one() x86/mm: Sync also unmappings in vmalloc_sync_all() mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() arch/x86/mm/fault.c | 15 ++++++--------- mm/vmalloc.c | 9 +++++++++ 2 files changed, 15 insertions(+), 9 deletions(-) -- 2.16.4

6 years, 1 month

3
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2019