- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: VDSO: Always map near top of user memory" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ea7e0480a4b695d0aa6b3fa99bd658a003122113 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 25 Sep 2018 15:51:26 -0700 Subject: [PATCH] MIPS: VDSO: Always map near top of user memory When using the legacy mmap layout, for example triggered using ulimit -s unlimited, get_unmapped_area() fills memory from bottom to top starting from a fairly low address near TASK_UNMAPPED_BASE. This placement is suboptimal if the user application wishes to allocate large amounts of heap memory using the brk syscall. With the VDSO being located low in the user's virtual address space, the amount of space available for access using brk is limited much more than it was prior to the introduction of the VDSO. For example: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00cc3000-00ce4000 rwxp 00000000 00:00 0 [heap] 2ab96000-2ab98000 r--p 00000000 00:00 0 [vvar] 2ab98000-2ab99000 r-xp 00000000 00:00 0 [vdso] 2ab99000-2ab9d000 rwxp 00000000 00:00 0 ... Resolve this by adjusting STACK_TOP to reserve space for the VDSO & providing an address hint to get_unmapped_area() causing it to use this space even when using the legacy mmap layout. We reserve enough space for the VDSO, plus 1MB or 256MB for 32 bit & 64 bit systems respectively within which we randomize the VDSO base address. Previously this randomization was taken care of by the mmap base address randomization performed by arch_mmap_rnd(). The 1MB & 256MB sizes are somewhat arbitrary but chosen such that we have some randomization without taking up too much of the user's virtual address space, which is often in short supply for 32 bit systems. With this the VDSO is always mapped at a high address, leaving lots of space for statically linked programs to make use of brk: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00c28000-00c49000 rwxp 00000000 00:00 0 [heap] ... 7f67c000-7f69d000 rwxp 00000000 00:00 0 [stack] 7f7fc000-7f7fd000 rwxp 00000000 00:00 0 7fcf1000-7fcf3000 r--p 00000000 00:00 0 [vvar] 7fcf3000-7fcf4000 r-xp 00000000 00:00 0 [vdso] Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Huacai Chen <chenhc(a)lemote.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: Huacai Chen <chenhc(a)lemote.com> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h index b2fa62922d88..49d6046ca1d0 100644 --- a/arch/mips/include/asm/processor.h +++ b/arch/mips/include/asm/processor.h @@ -13,6 +13,7 @@ #include <linux/atomic.h> #include <linux/cpumask.h> +#include <linux/sizes.h> #include <linux/threads.h> #include <asm/cachectl.h> @@ -80,11 +81,10 @@ extern unsigned int vced_count, vcei_count; #endif -/* - * One page above the stack is used for branch delay slot "emulation". - * See dsemul.c for details. - */ -#define STACK_TOP ((TASK_SIZE & PAGE_MASK) - PAGE_SIZE) +#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_256M) + +extern unsigned long mips_stack_top(void); +#define STACK_TOP mips_stack_top() /* * This decides where the kernel will search for a free chunk of vm diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8fc69891e117..d4f7fd4550e1 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -32,6 +32,7 @@ #include <linux/nmi.h> #include <linux/cpu.h> +#include <asm/abi.h> #include <asm/asm.h> #include <asm/bootinfo.h> #include <asm/cpu.h> @@ -39,6 +40,7 @@ #include <asm/dsp.h> #include <asm/fpu.h> #include <asm/irq.h> +#include <asm/mips-cps.h> #include <asm/msa.h> #include <asm/pgtable.h> #include <asm/mipsregs.h> @@ -645,6 +647,29 @@ unsigned long get_wchan(struct task_struct *task) return pc; } +unsigned long mips_stack_top(void) +{ + unsigned long top = TASK_SIZE & PAGE_MASK; + + /* One page for branch delay slot "emulation" */ + top -= PAGE_SIZE; + + /* Space for the VDSO, data page & GIC user page */ + top -= PAGE_ALIGN(current->thread.abi->vdso->size); + top -= PAGE_SIZE; + top -= mips_gic_present() ? PAGE_SIZE : 0; + + /* Space for cache colour alignment */ + if (cpu_has_dc_aliases) + top -= shm_align_mask + 1; + + /* Space to randomize the VDSO base */ + if (current->flags & PF_RANDOMIZE) + top -= VDSO_RANDOMIZE_SIZE; + + return top; +} + /* * Don't forget that the stack pointer must be aligned on a 8 bytes * boundary for 32-bits ABI and 16 bytes for 64-bits ABI. diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 8f845f6e5f42..48a9c6b90e07 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -15,6 +15,7 @@ #include <linux/ioport.h> #include <linux/kernel.h> #include <linux/mm.h> +#include <linux/random.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/timekeeper_internal.h> @@ -97,6 +98,21 @@ void update_vsyscall_tz(void) } } +static unsigned long vdso_base(void) +{ + unsigned long base; + + /* Skip the delay slot emulation page */ + base = STACK_TOP + PAGE_SIZE; + + if (current->flags & PF_RANDOMIZE) { + base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1); + base = PAGE_ALIGN(base); + } + + return base; +} + int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct mips_vdso_image *image = current->thread.abi->vdso; @@ -137,7 +153,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (cpu_has_dc_aliases) size += shm_align_mask + 1; - base = get_unmapped_area(NULL, 0, size, 0, 0); + base = get_unmapped_area(NULL, vdso_base(), size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out;

6 years, 11 months

1
0
0 0

stable backport request: 28e2c4bb99aa ("mm/vmstat.c: fix outdated vmstat_text")

by Jann Horn

I guess I should put more stable backport tags on stuff, I've been bugged about not having requested a backport for the following: commit 28e2c4bb99aa ("mm/vmstat.c: fix outdated vmstat_text"), for stable kernels 4.14 and 4.18.

6 years, 11 months

2
1
0 0

[PATCH] drm/atomic_helper: Stop modesets on unregistered connectors harder

by Lyude Paul

Unfortunately, it appears our fix in: commit b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Which attempted to work around the problems introduced by: commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Is still not the right solution, as modesets can still be triggered outside of drm_atomic_set_crtc_for_connector(). So in order to fix this, while still being careful that we don't break modesets that a driver may perform before being registered with userspace, we replace connector->registered with a tristate member, connector->registration_state. This allows us to keep track of whether or not a connector is still initializing and hasn't been exposed to userspace, is currently registered and exposed to userspace, or has been legitimately removed from the system after having once been present. Using this info, we can prevent userspace from performing new modesets on unregistered connectors while still allowing the driver to perform modesets on unregistered connectors before the driver has finished being registered. Fixes: b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/drm_atomic_helper.c | 60 +++++++++++++++++++++---- drivers/gpu/drm/drm_atomic_uapi.c | 21 --------- drivers/gpu/drm/drm_connector.c | 10 ++--- drivers/gpu/drm/i915/intel_dp_mst.c | 8 ++-- include/drm/drm_connector.h | 68 ++++++++++++++++++++++++++++- 5 files changed, 127 insertions(+), 40 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..6cadeaf28ae4 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -529,6 +529,35 @@ mode_valid(struct drm_atomic_state *state) return 0; } +static int +unregistered_connector_check(struct drm_atomic_state *state, + struct drm_connector *connector, + struct drm_connector_state *old_conn_state, + struct drm_connector_state *new_conn_state) +{ + struct drm_crtc_state *crtc_state; + struct drm_crtc *crtc; + + if (!drm_connector_unregistered(connector)) + return 0; + + crtc = new_conn_state->crtc; + if (!crtc) + return 0; + + crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!crtc_state || !drm_atomic_crtc_needs_modeset(crtc_state)) + return 0; + + if (crtc_state->mode_changed) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] can't change mode on unregistered connector\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} + /** * drm_atomic_helper_check_modeset - validate state object for modeset changes * @dev: DRM device @@ -684,18 +713,33 @@ drm_atomic_helper_check_modeset(struct drm_device *dev, return ret; } - /* - * Iterate over all connectors again, to make sure atomic_check() - * has been called on them when a modeset is forced. - */ for_each_oldnew_connector_in_state(state, connector, old_connector_state, new_connector_state, i) { const struct drm_connector_helper_funcs *funcs = connector->helper_private; - if (connectors_mask & BIT(i)) - continue; + /* Make sure atomic_check() is called on any unchecked + * connectors when a modeset has been forced + */ + if (connectors_mask & BIT(i) && funcs->atomic_check) { + ret = funcs->atomic_check(connector, + new_connector_state); + if (ret) + return ret; + } - if (funcs->atomic_check) - ret = funcs->atomic_check(connector, new_connector_state); + /* + * Prevent userspace from turning on new displays or setting + * new modes using connectors which have been removed from + * userspace. This is racy since an unplug could happen at any + * time including after this check, but that's OK: we only + * care about preventing userspace from trying to set invalid + * state using destroyed connectors that it's been notified + * about. No one can save us after the atomic check completes + * but ourselves. + */ + ret = unregistered_connector_check(state, + connector, + old_connector_state, + new_connector_state); if (ret) return ret; } diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index a22d6f269b07..d5b7f315098c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,27 +299,6 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On<->Off modesets on unregistered connectors, since - * legacy modesetting users will not be expecting these to fail. We do - * not however, want to allow legacy users to assign a connector - * that's been unregistered from sysfs to another CRTC, since doing - * this with a now non-existent connector could potentially leave us - * in an invalid state. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't use this connector for new - * configurations after it's been notified that the connector is no - * longer present. - */ - if (!READ_ONCE(connector->registered) && crtc) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - if (conn_state->crtc == crtc) return 0; diff --git a/drivers/gpu/drm/drm_connector.c b/drivers/gpu/drm/drm_connector.c index 5d01414ec9f7..79943102fe18 100644 --- a/drivers/gpu/drm/drm_connector.c +++ b/drivers/gpu/drm/drm_connector.c @@ -396,7 +396,7 @@ void drm_connector_cleanup(struct drm_connector *connector) /* The connector should have been removed from userspace long before * it is finally destroyed. */ - if (WARN_ON(connector->registered)) + if (WARN_ON(!drm_connector_unregistered(connector))) drm_connector_unregister(connector); if (connector->tile_group) { @@ -453,7 +453,7 @@ int drm_connector_register(struct drm_connector *connector) return 0; mutex_lock(&connector->mutex); - if (connector->registered) + if (connector->registration_state != DRM_CONNECTOR_INITIALIZING) goto unlock; ret = drm_sysfs_connector_add(connector); @@ -473,7 +473,7 @@ int drm_connector_register(struct drm_connector *connector) drm_mode_object_register(connector->dev, &connector->base); - connector->registered = true; + connector->registration_state = DRM_CONNECTOR_REGISTERED; goto unlock; err_debugfs: @@ -495,7 +495,7 @@ EXPORT_SYMBOL(drm_connector_register); void drm_connector_unregister(struct drm_connector *connector) { mutex_lock(&connector->mutex); - if (!connector->registered) { + if (connector->registration_state != DRM_CONNECTOR_REGISTERED) { mutex_unlock(&connector->mutex); return; } @@ -506,7 +506,7 @@ void drm_connector_unregister(struct drm_connector *connector) drm_sysfs_connector_remove(connector); drm_debugfs_connector_remove(connector); - connector->registered = false; + connector->registration_state = DRM_CONNECTOR_UNREGISTERED; mutex_unlock(&connector->mutex); } EXPORT_SYMBOL(drm_connector_unregister); diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index b268bdd71bd3..ad367309e10b 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -78,7 +78,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->pbn = mst_pbn; /* Zombie connectors can't have VCPI slots */ - if (READ_ONCE(connector->registered)) { + if (!drm_connector_unregistered(connector)) { slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, port, @@ -314,7 +314,7 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return intel_connector_update_modes(connector, NULL); edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -330,7 +330,7 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return connector_status_disconnected; return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -361,7 +361,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) diff --git a/include/drm/drm_connector.h b/include/drm/drm_connector.h index 5b3cf909fd5e..5f3e4a37bcd2 100644 --- a/include/drm/drm_connector.h +++ b/include/drm/drm_connector.h @@ -82,6 +82,51 @@ enum drm_connector_status { connector_status_unknown = 3, }; +/** + * enum drm_connector_registration_status - userspace registration status for + * a &drm_connector + * + * This enum is used to track the status of initializing a connector and + * registering it with userspace, so that DRM can prevent bogus modesets on + * connectors that no longer exist. + */ +enum drm_connector_registration_state { + /** + * @DRM_CONNECTOR_INITIALIZING: The connector has just been created, + * but has yet to be exposed to userspace. There should be no + * additional restrictions to how the state of this connector may be + * modified. connector to a new CRTC. + */ + DRM_CONNECTOR_INITIALIZING = 0, + + /** + * @DRM_CONNECTOR_REGISTERED: The connector has been fully initialized + * and registered with sysfs, as such it has been exposed to + * userspace. There should be no additional restrictions to how the + * state of this connector may be modified. + */ + DRM_CONNECTOR_REGISTERED = 1, + + /** + * @DRM_CONNECTOR_UNREGISTERED: The connector has either been exposed + * to userspace and has since been unregistered and removed from + * userspace, or the connector was destroyed before it had a chance to + * be exposed to userspace. There are additional restrictions to how + * the state of an unregistered connector may be modified: + * + * - The current display mode as exposed to userspace must remain the + * same as it was when the connector was unregistered. + * - The connector's currently assigned CRTC may be unassigned from + * this connector. Unassigning the connector's CRTC must be + * permanent. + * - New CRTCs must not be assigned to this connector. + * - The DPMS state of the connector (for compatibility with legacy + * modesetting) may modified freely, so long as doing so does not + * cause the new atomic state to violate any of these rules. + */ + DRM_CONNECTOR_UNREGISTERED = 2, +}; + enum subpixel_order { SubPixelUnknown = 0, SubPixelHorizontalRGB, @@ -853,10 +898,12 @@ struct drm_connector { bool ycbcr_420_allowed; /** - * @registered: Is this connector exposed (registered) with userspace? + * @registration_state: Is this connector initializing, exposed + * (registered) with userspace, or unregistered? + * * Protected by @mutex. */ - bool registered; + enum drm_connector_registration_state registration_state; /** * @modes: @@ -1167,6 +1214,23 @@ static inline void drm_connector_unreference(struct drm_connector *connector) drm_connector_put(connector); } +/** + * drm_connector_unregistered - has the connector been unregistered from + * userspace? + * @connector: DRM connector + * + * Checks whether or not @connector has been unregistered from userspace. + * + * Returns: + * True if the connector was unregistered, false if the connector is + * registered or has not yet been registered with userspace. + */ +static inline bool drm_connector_unregistered(struct drm_connector *connector) +{ + return READ_ONCE(connector->registration_state) == + DRM_CONNECTOR_UNREGISTERED; +} + const char *drm_get_connector_status_name(enum drm_connector_status status); const char *drm_get_subpixel_order_name(enum subpixel_order order); const char *drm_get_dpms_name(int val); -- 2.17.2

6 years, 11 months

2
1
0 0

patch "USB: fix the usbfs flag sanitization for control transfers" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: fix the usbfs flag sanitization for control transfers to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 665c365a77fbfeabe52694aedf3446d5f2f1ce42 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 15 Oct 2018 16:55:04 -0400 Subject: USB: fix the usbfs flag sanitization for control transfers Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via usbfs. However, the check for whether the USBDEVFS_URB_SHORT_NOT_OK flag should be allowed for a control transfer was added in the wrong place, before the code has properly determined the direction of the control transfer. (Control transfers are special because for them, the direction is set by the bRequestType byte of the Setup packet rather than direction bit of the endpoint address.) This patch moves code which sets up the allow_short flag for control transfers down after is_in has been set to the correct value. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-and-tested-by: syzbot+24a30223a4b609bb802e(a)syzkaller.appspotmail.com Fixes: 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") CC: Oliver Neukum <oneukum(a)suse.com> CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 244417d0dfd1..ffccd40ea67d 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1474,8 +1474,6 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = 0; switch (uurb->type) { case USBDEVFS_URB_TYPE_CONTROL: - if (is_in) - allow_short = true; if (!usb_endpoint_xfer_control(&ep->desc)) return -EINVAL; /* min 8 byte setup packet */ @@ -1505,6 +1503,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb is_in = 0; uurb->endpoint &= ~USB_DIR_IN; } + if (is_in) + allow_short = true; snoop(&ps->dev->dev, "control urb: bRequestType=%02x " "bRequest=%02x wValue=%04x " "wIndex=%04x wLength=%04x\n", -- 2.19.1

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-12102018 for you to fetch changes up to 6504d46ffb696d2b116606dbb44a16b06241cf49: mm: slowly shrink slabs with a relatively small number of objects (2018-10-03 22:24:11 -0400) - ---------------------------------------------------------------- for-greg-4.18-12102018 - ---------------------------------------------------------------- Akshu Agrawal (1): ASoC: AMD: Ensure reset bit is cleared before configuring Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Anders Roxell (2): selftests: android: move config up a level selftests: add headers_install to lib.mk Charles Keepax (1): ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Corentin Labbe (1): net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Guenter Roeck (4): hwmon: (nct6775) Fix access to fan pulse registers hwmon: (nct6775) Fix virtual temperature sources for NCT6796D hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D hwmon: (nct6775) Use different register to get fan RPM for fan7 Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jay Kamat (2): Fix cg_read_strcmp() Add tests for memory.oom.group Johan Hedberg (1): Bluetooth: SMP: Fix trying to use non-existent local OOB data Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Martin KaFai Lau (1): bpf: btf: Fix end boundary calculation for type section Matias Karhumaa (1): Bluetooth: Use correct tfm to generate OOB data Nicholas Piggin (1): KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roman Gushchin (1): mm: slowly shrink slabs with a relatively small number of objects Ryan Lee (2): ASoC: max98373: Added speaker FS gain cotnrol register to volatile. ASoC: max98373: Added 10ms sleep after amp software reset Simon Detheridge (1): pinctrl: cannonlake: Fix gpio base for GPP-E Srinivas Kandagatla (1): ASoC: q6routing: initialize data correctly Stephen Hemminger (2): PCI: hv: support reporting serial number as slot information hv_netvsc: pair VF based on serial number Thiago Jung Bauermann (1): selftests: kselftest: Remove outdated comment Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Tushar Dave (1): bpf: use __GFP_COMP while allocating page Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yong Zhao (2): drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc zhong jiang (1): drm/pl111: Make sure of_device_id tables are NULL terminated Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 14 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 91 ++++----- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 ++- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 ++- drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 +- drivers/gpu/drm/pl111/pl111_vexpress.c | 3 +- drivers/hwmon/nct6775.c | 70 ++++--- drivers/mfd/omap-usb-host.c | 11 +- drivers/net/ethernet/cadence/macb_main.c | 8 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/hyperv/netvsc.c | 3 + drivers/net/hyperv/netvsc_drv.c | 58 +++--- drivers/pci/controller/pci-hyperv.c | 37 ++++ drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 ++- fs/ubifs/super.c | 3 + include/sound/hdaudio.h | 1 + include/sound/soc-dapm.h | 1 + kernel/bpf/btf.c | 2 +- mm/vmscan.c | 11 ++ net/bluetooth/smp.c | 16 +- net/core/filter.c | 3 +- scripts/subarch.include | 13 ++ sound/hda/hdac_controller.c | 15 +- sound/soc/amd/acp-pcm-dma.c | 21 +++ sound/soc/codecs/max98373.c | 3 + sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + sound/soc/soc-core.c | 4 +- sound/soc/soc-dapm.c | 4 + tools/testing/selftests/android/Makefile | 2 +- tools/testing/selftests/android/{ion => }/config | 0 tools/testing/selftests/android/ion/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 38 +++- tools/testing/selftests/cgroup/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_memcontrol.c | 205 +++++++++++++++++++++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/futex/functional/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 7 +- tools/testing/selftests/kselftest.h | 1 - tools/testing/selftests/kvm/Makefile | 7 +- tools/testing/selftests/lib.mk | 12 ++ tools/testing/selftests/memory-hotplug/config | 1 + tools/testing/selftests/net/Makefile | 1 + .../selftests/networking/timestamping/Makefile | 1 + tools/testing/selftests/vm/Makefile | 4 - 66 files changed, 661 insertions(+), 198 deletions(-) create mode 100644 scripts/subarch.include rename tools/testing/selftests/android/{ion => }/config (100%) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsVIACgkQ3qZv95d3 LNzS0A/+LZrhb4rh1ifRLjDSnBSMWN6vAhRvxHt1qzmU+aFjfyhYjAUmyYjt5mVC z+zO6rHsWbplvVdQnKK+/PJdyROsOwSxpTwlsCAC7AfneMpcBdxAs+fJUczkVxgz AI8e3/hbAfqGf+RaLTDnj6muuFK1RlQCjxCjX5iu5jkWaQj1OJ+BdXXMpkynaxiz OwRRUtV8jmpv3VhU/2ae0Posk96qJoogtj/sDfWQB9t1R/pnsU8udUwFft1NfB7x 2OSwfIGm84gMrzVhgbcvHaSKzj4SqC/tsZ3Q9+cdmtA2WDOlJcwI7E7kNYeeo+tD VhVJuqtGZRQUT81WIVPIK+bLBn8tF0kkTBQyKopsHvGfxRT/+k9/nGz+WNn8Zm7G r8Uhf4c/YkXprsxvbIc+2TRaJ3hmu71HigXakdowndu42ndZmqQSPJtLZPHBP27E LBI1gz/hFCiLv13cN7cvlGmy2SVM2LbYh10st8nw6buEY4S7CKRcXxuVDrBI7wtQ PlbjdM1FWW9BnfIv8yJuzQpBycB/R9Fz+++qWV3uAXqN52tiW/51ylh+9fvEKfid +gEuAyL1pVHh1RFcRzHbX2lEZ3kDAzrWS22IRBSmQSdkForiidNZbOHyCMCV6gLt o4OUAAHzu5XnjGHZ3+dRBEPBEjTvWQPLmbDEiEtHjXiKQsI8vW4= =DhcF -----END PGP SIGNATURE-----

6 years, 11 months

2
1
0 0

[PATCH 1/2] arm64: dts: meson: fix reserve memory regions

by Jerome Brunet

Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem") was merged Amlogic's boards using mainline u-boot started showing the following warning: WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254 pstate: 40000005 (nZcv daif -PAN -UAO) pc : reserve_memblock_reserved_regions+0xd8/0x144 lr : reserve_memblock_reserved_regions+0xd0/0x144 [...] This is due to u-boot setting some /reservedmem/ region while our dts declares reserved memory on the same region with no-map. The conflict produce the warning. This is fixed by using /reservedmem/ in our dts as well, which is probably something we should have done from the beginning. Cc: stable(a)vger.kernel.org Cc: Neil Armstrong <narmstrong(a)baylibre.com> Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> --- Hi Kevin, I would have liked to put a Fixes tag above but I could not figure out which commit to pick, considering how much we changed those regions in the past. If you have suggestion, I'll be happy to repost this patch. If you prefer, feel free to amend this patch directly. Cheers Jerome arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++-------------- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 27 ++++++++-------------- 2 files changed, 15 insertions(+), 36 deletions(-) diff --git a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi index 178d8e8c56b8..06a06f11f114 100644 --- a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi @@ -13,6 +13,12 @@ #include <dt-bindings/reset/amlogic,meson-axg-audio-arb.h> #include <dt-bindings/reset/amlogic,meson-axg-reset.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { compatible = "amlogic,meson-axg"; @@ -115,24 +121,6 @@ method = "smc"; }; - reserved-memory { - #address-cells = <2>; - #size-cells = <2>; - ranges; - - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - }; - soc { compatible = "simple-bus"; #address-cells = <2>; diff --git a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi index 676a995fb912..23e879b29b1e 100644 --- a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi @@ -13,6 +13,15 @@ #include <dt-bindings/interrupt-controller/irq.h> #include <dt-bindings/interrupt-controller/arm-gic.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 2 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x10000000 0x200000; + +/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { interrupt-parent = <&gic>; #address-cells = <2>; @@ -23,24 +32,6 @@ #size-cells = <2>; ranges; - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* 2 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@10000000 { - reg = <0x0 0x10000000 0x0 0x200000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved_alt: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - linux,cma { compatible = "shared-dma-pool"; reusable; -- 2.17.2

6 years, 11 months

3
3
0 0

+ mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() has been added to the -mm tree. Its filename is mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-proc-pid-smaps_rollup-fix-null-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-proc-pid-smaps_rollup-fix-null-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Leonardo reports an apparent regression in 4.19-rc7: BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 6032 Comm: python Not tainted 4.19.0-041900rc7-lowlatency #201810071631 Hardware name: LENOVO 80UG/Toronto 4A2, BIOS 0XCN45WW 08/09/2018 RIP: 0010:smaps_pte_range+0x32d/0x540 Code: 80 00 00 00 00 74 a9 48 89 de 41 f6 40 52 40 0f 85 04 02 00 00 49 2b 30 48 c1 ee 0c 49 03 b0 98 00 00 00 49 8b 80 a0 00 00 00 <48> 8b b8 f0 00 00 00 e8 b7 ef ec ff 48 85 c0 0f 84 71 ff ff ff a8 RSP: 0018:ffffb0cbc484fb88 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000560ddb9e9000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000560ddb9e9 RDI: 0000000000000001 RBP: ffffb0cbc484fbc0 R08: ffff94a5a227a578 R09: ffff94a5a227a578 R10: 0000000000000000 R11: 0000560ddbbe7000 R12: ffffe903098ba728 R13: ffffb0cbc484fc78 R14: ffffb0cbc484fcf8 R15: ffff94a5a2e9cf48 FS: 00007f6dfb683740(0000) GS:ffff94a5aaf80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 000000011c118001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __walk_page_range+0x3c2/0x6f0 walk_page_vma+0x42/0x60 smap_gather_stats+0x79/0xe0 ? gather_pte_stats+0x320/0x320 ? gather_hugetlb_stats+0x70/0x70 show_smaps_rollup+0xcd/0x1c0 seq_read+0x157/0x400 __vfs_read+0x3a/0x180 ? security_file_permission+0x93/0xc0 ? security_file_permission+0x93/0xc0 vfs_read+0x8f/0x140 ksys_read+0x55/0xc0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x5a/0x110 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Decoded code matched to local compilation+disassembly points to smaps_pte_entry(): } else if (unlikely(IS_ENABLED(CONFIG_SHMEM) && mss->check_shmem_swap && pte_none(*pte))) { page = find_get_entry(vma->vm_file->f_mapping, linear_page_index(vma, addr)); Here, vma->vm_file is NULL. mss->check_shmem_swap should be false in that case, however for smaps_rollup, smap_gather_stats() can set the flag true for one vma and leave it true for subsequent vma's where it should be false. To fix, reset the check_shmem_swap flag to false. There's also related bug which sets mss->swap to shmem_swapped, which in the context of smaps_rollup overwrites any value accumulated from previous vma's. Fix that as well. Note that the report suggests a regression between 4.17.19 and 4.19-rc7, which makes the 4.19 series ending with commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") suspicious. But the mss was reused for rollup since 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") so let's play it safe with the stable backport. Link: http://lkml.kernel.org/r/555fbd1f-4ac9-0b58-dcd4-5dc4380ff7ca@suse.cz Link: https://bugzilla.kernel.org/show_bug.cgi?id=201377 Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Tested-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Daniel Colascione <dancol(a)google.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range +++ a/fs/proc/task_mmu.c @@ -713,6 +713,8 @@ static void smap_gather_stats(struct vm_ smaps_walk.private = mss; #ifdef CONFIG_SHMEM + /* In case of smaps_rollup, reset the value from previous vma */ + mss->check_shmem_swap = false; if (vma->vm_file && shmem_mapping(vma->vm_file->f_mapping)) { /* * For shared or readonly shmem mappings we know that all @@ -728,7 +730,7 @@ static void smap_gather_stats(struct vm_ if (!shmem_swapped || (vma->vm_flags & VM_SHARED) || !(vma->vm_flags & VM_WRITE)) { - mss->swap = shmem_swapped; + mss->swap += shmem_swapped; } else { mss->check_shmem_swap = true; smaps_walk.pte_hole = smaps_pte_hole; _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch mm-slab-combine-kmalloc_caches-and-kmalloc_dma_caches.patch mm-slab-slub-introduce-kmalloc-reclaimable-caches.patch dcache-allocate-external-names-from-reclaimable-kmalloc-caches.patch mm-rename-and-change-semantics-of-nr_indirectly_reclaimable_bytes.patch mm-proc-add-kreclaimable-to-proc-meminfo.patch mm-slab-shorten-kmalloc-cache-names-for-large-sizes.patch

6 years, 11 months

2
1
0 0

[GIT] PATCHES

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.18 -stable, respectively. Thanks!

6 years, 11 months

2
1
0 0

[PATCH AUTOSEL 3.18 01/15] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 4fe43d80c153..ca99638b5d5a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -150,10 +150,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1285,10 +1291,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
14
0 0

[PATCH AUTOSEL 4.9 01/38] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6e768093d7c8..b7ac834a6091 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1316,10 +1322,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
37
0 0

[PATCH AUTOSEL 4.14 01/61] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 5554d28a32eb..4292347bf45e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1353,10 +1359,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
60
0 0

[PATCH AUTOSEL 4.18 001/100] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 33878e6e0d0a..5151b3ebf068 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1359,10 +1365,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 11 months

1
99
0 0

Re: [PATCH] powerpc/traps: restore recoverability of machine_check interrupts

by Christophe LEROY

Cc: stable(a)vger.kernel.org <stable(a)vger.kernel.org> Le 13/10/2018 à 11:16, Christophe Leroy a écrit : > commit b96672dd840f ("powerpc: Machine check interrupt is a non- > maskable interrupt") added a call to nmi_enter() at the beginning of > machine check restart exception handler. Due to that, in_interrupt() > always returns true regardless of the state before entering the > exception, and die() panics even when the system was not already in > interrupt. > > This patch calls nmi_exit() before calling die() in order to restore > the interrupt state we had before calling nmi_enter() > > Fixes: b96672dd840f ("powerpc: Machine check interrupt is a non-maskable interrupt") > Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> > --- > arch/powerpc/kernel/traps.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c > index fd58749b4d6b..4f880c2a6e4c 100644 > --- a/arch/powerpc/kernel/traps.c > +++ b/arch/powerpc/kernel/traps.c > @@ -765,12 +765,17 @@ void machine_check_exception(struct pt_regs *regs) > if (check_io_access(regs)) > goto bail; > > - die("Machine check", regs, SIGBUS); > - > /* Must die if the interrupt is not recoverable */ > if (!(regs->msr & MSR_RI)) > nmi_panic(regs, "Unrecoverable Machine check"); > > + if (!nested) > + nmi_exit(); > + > + die("Machine check", regs, SIGBUS); > + > + return; > + > bail: > if (!nested) > nmi_exit(); >

6 years, 11 months

2
1
0 0

[PATCH] ext4: Fix error code in ext4_xattr_set_entry()

by Daniel Rosenberg

ext4_xattr_set_entry should return EFSCORRUPTED instead of EIO for corrupted xattr entries. Fixes b469713e0c0c ("ext4: add corruption check in ext4_xattr_set_entry()") Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- Apply to 4.9 fs/ext4/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index c10180d0b0189..7d6da09e637b7 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -657,7 +657,7 @@ ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, next = EXT4_XATTR_NEXT(last); if ((void *)next >= s->end) { EXT4_ERROR_INODE(inode, "corrupted xattr entries"); - return -EIO; + return -EFSCORRUPTED; } if (last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 11 months

1
0
0 0

[PATCH v2] ext4: add corruption check in ext4_xattr_set_entry()

by Daniel Rosenberg

From: Theodore Ts'o <tytso(a)mit.edu> commit 5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d upstream. In theory this should have been caught earlier when the xattr list was verified, but in case it got missed, it's simple enough to add check to make sure we don't overrun the xattr buffer. This addresses CVE-2018-10879. https://bugzilla.kernel.org/show_bug.cgi?id=200001 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: Andreas Dilger <adilger(a)dilger.ca> [bwh: Backported to 3.16: - Add inode parameter to ext4_xattr_set_entry() and update callers - Adjust context] Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> [adjusted for 4.4 context] Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- fs/ext4/xattr.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index d0aaf338fa9fa..d6bae37489af0 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -638,14 +638,20 @@ static size_t ext4_xattr_free_space(struct ext4_xattr_entry *last, } static int -ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s) +ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, + struct inode *inode) { - struct ext4_xattr_entry *last; + struct ext4_xattr_entry *last, *next; size_t free, min_offs = s->end - s->base, name_len = strlen(i->name); /* Compute min_offs and last. */ last = s->first; - for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { + for (; !IS_LAST_ENTRY(last); last = next) { + next = EXT4_XATTR_NEXT(last); + if ((void *)next >= s->end) { + EXT4_ERROR_INODE(inode, "corrupted xattr entries"); + return -EFSCORRUPTED; + } if (!last->e_value_block && last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); if (offs < min_offs) @@ -825,7 +831,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, ce = NULL; } ea_bdebug(bs->bh, "modifying in-place"); - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (!error) { if (!IS_LAST_ENTRY(s->first)) ext4_xattr_rehash(header(s->base), @@ -875,7 +881,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, s->end = s->base + sb->s_blocksize; } - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error == -EFSCORRUPTED) goto bad_block; if (error) @@ -1037,7 +1043,7 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error) { if (error == -ENOSPC && ext4_has_inline_data(inode)) { @@ -1049,7 +1055,7 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, error = ext4_xattr_ibody_find(inode, i, is); if (error) return error; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); } if (error) return error; @@ -1075,7 +1081,7 @@ static int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error) return error; header = IHDR(inode, ext4_raw_inode(&is->iloc)); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 11 months

1
0
0 0

[PATCH] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

by Mikhail Nikiforov

Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail Nikiforov <jackxviichaos(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/input/mouse/elan_i2c_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c index f5ae24865355..b0f9d19b3410 100644 --- a/drivers/input/mouse/elan_i2c_core.c +++ b/drivers/input/mouse/elan_i2c_core.c @@ -1346,6 +1346,7 @@ static const struct acpi_device_id elan_acpi_id[] = { { "ELAN0611", 0 }, { "ELAN0612", 0 }, { "ELAN0618", 0 }, + { "ELAN061C", 0 }, { "ELAN061D", 0 }, { "ELAN0622", 0 }, { "ELAN1000", 0 }, -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH] acpi, nfit: Fix Address Range Scrub completion tracking

by Dan Williams

The Address Range Scrub implementation tried to skip running scrubs against ranges that were already scrubbed by the BIOS. Unfortunately that support also resulted in early scrub completions as evidenced by this debug output from nfit_test: nd_region region9: ARS: range 1 short complete nd_region region3: ARS: range 1 short complete nd_region region4: ARS: range 2 ARS start (0) nd_region region4: ARS: range 2 short complete ...i.e. completions without any indications that the scrub was started. This state of affairs was hard to see in the code due to the proliferation of state bits and mistakenly trying to track done state per-range when the completion is a global property of the bus. So, kill the four ARS state bits (ARS_REQ, ARS_REQ_REDO, ARS_DONE, and ARS_SHORT), and replace them with just 2 request flags ARS_REQ_SHORT and ARS_REQ_LONG. The implementation will still complete and reap the results of BIOS initiated ARS, but it will not attempt to use that information to affect the completion status of scrubbing the ranges from a Linux perspective. Instead, try to synchronously run a short ARS per range at init time and schedule a long scrub in the background. If ARS is busy with an ARS request schedule both a short and a long scrub for when ARS returns to idle. This logic also satisfies the intent of what ARS_REQ_REDO was trying to achieve. The new rule is that the REQ flag stays set until the next successful ars_start() for that range. With the new policy that the REQ flags are not cleared until the next start, the implementation no longer loses requests as can be seen from the following log: nd_region region3: ARS: range 1 ARS start short (0) nd_region region9: ARS: range 1 ARS start short (0) nd_region region3: ARS: range 1 complete nd_region region4: ARS: range 2 ARS start short (0) nd_region region9: ARS: range 1 complete nd_region region9: ARS: range 1 ARS start long (0) nd_region region4: ARS: range 2 complete nd_region region3: ARS: range 1 ARS start long (0) nd_region region9: ARS: range 1 complete nd_region region3: ARS: range 1 complete nd_region region4: ARS: range 2 ARS start long (0) nd_region region4: ARS: range 2 complete ...note that the nfit_test emulated driver provides 2 buses, that is why some of the range indices are duplicated. Notice that each range now successfully completes a short and long scrub. Cc: <stable(a)vger.kernel.org> Fixes: 14c73f997a5e ("nfit, address-range-scrub: introduce nfit_spa->ars_state") Fixes: cc3d3458d46f ("acpi/nfit: queue issuing of ars when an uc error...") Reported-by: Jacek Zloch <jacek.zloch(a)intel.com> Reported-by: Krzysztof Rusocki <krzysztof.rusocki(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 169 ++++++++++++++++++++++++++-------------------- drivers/acpi/nfit/nfit.h | 10 +-- 2 files changed, 101 insertions(+), 78 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index a0dfbcf8220d..f7efcd9843e0 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -2572,7 +2572,8 @@ static int ars_get_cap(struct acpi_nfit_desc *acpi_desc, return cmd_rc; } -static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa) +static int ars_start(struct acpi_nfit_desc *acpi_desc, + struct nfit_spa *nfit_spa, enum nfit_ars_state req_type) { int rc; int cmd_rc; @@ -2583,7 +2584,7 @@ static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa memset(&ars_start, 0, sizeof(ars_start)); ars_start.address = spa->address; ars_start.length = spa->length; - if (test_bit(ARS_SHORT, &nfit_spa->ars_state)) + if (req_type == ARS_REQ_SHORT) ars_start.flags = ND_ARS_RETURN_PREV_DATA; if (nfit_spa_type(spa) == NFIT_SPA_PM) ars_start.type = ND_ARS_PERSISTENT; @@ -2640,6 +2641,15 @@ static void ars_complete(struct acpi_nfit_desc *acpi_desc, struct nd_region *nd_region = nfit_spa->nd_region; struct device *dev; + lockdep_assert_held(&acpi_desc->init_mutex); + /* + * Only advance the ARS state for ARS runs initiated by the + * kernel, ignore ARS results from BIOS initiated runs for scrub + * completion tracking. + */ + if (acpi_desc->scrub_spa != nfit_spa) + return; + if ((ars_status->address >= spa->address && ars_status->address < spa->address + spa->length) || (ars_status->address < spa->address)) { @@ -2659,28 +2669,13 @@ static void ars_complete(struct acpi_nfit_desc *acpi_desc, } else return; - if (test_bit(ARS_DONE, &nfit_spa->ars_state)) - return; - - if (!test_and_clear_bit(ARS_REQ, &nfit_spa->ars_state)) - return; - + acpi_desc->scrub_spa = NULL; if (nd_region) { dev = nd_region_dev(nd_region); nvdimm_region_notify(nd_region, NVDIMM_REVALIDATE_POISON); } else dev = acpi_desc->dev; - - dev_dbg(dev, "ARS: range %d %s complete\n", spa->range_index, - test_bit(ARS_SHORT, &nfit_spa->ars_state) - ? "short" : "long"); - clear_bit(ARS_SHORT, &nfit_spa->ars_state); - if (test_and_clear_bit(ARS_REQ_REDO, &nfit_spa->ars_state)) { - set_bit(ARS_SHORT, &nfit_spa->ars_state); - set_bit(ARS_REQ, &nfit_spa->ars_state); - dev_dbg(dev, "ARS: processing scrub request received while in progress\n"); - } else - set_bit(ARS_DONE, &nfit_spa->ars_state); + dev_dbg(dev, "ARS: range %d complete\n", spa->range_index); } static int ars_status_process_records(struct acpi_nfit_desc *acpi_desc) @@ -2961,46 +2956,55 @@ static int acpi_nfit_query_poison(struct acpi_nfit_desc *acpi_desc) return 0; } -static int ars_register(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa, - int *query_rc) +static int ars_register(struct acpi_nfit_desc *acpi_desc, + struct nfit_spa *nfit_spa) { - int rc = *query_rc; + int rc; - if (no_init_ars) + if (no_init_ars || test_bit(ARS_FAILED, &nfit_spa->ars_state)) return acpi_nfit_register_region(acpi_desc, nfit_spa); - set_bit(ARS_REQ, &nfit_spa->ars_state); - set_bit(ARS_SHORT, &nfit_spa->ars_state); + set_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); + set_bit(ARS_REQ_LONG, &nfit_spa->ars_state); - switch (rc) { + switch (acpi_nfit_query_poison(acpi_desc)) { case 0: case -EAGAIN: - rc = ars_start(acpi_desc, nfit_spa); - if (rc == -EBUSY) { - *query_rc = rc; + rc = ars_start(acpi_desc, nfit_spa, ARS_REQ_SHORT); + /* shouldn't happen, try again later */ + if (rc == -EBUSY) break; - } else if (rc == 0) { - rc = acpi_nfit_query_poison(acpi_desc); - } else { + if (rc) { set_bit(ARS_FAILED, &nfit_spa->ars_state); break; } - if (rc == -EAGAIN) - clear_bit(ARS_SHORT, &nfit_spa->ars_state); - else if (rc == 0) - ars_complete(acpi_desc, nfit_spa); + clear_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); + rc = acpi_nfit_query_poison(acpi_desc); + if (rc) + break; + acpi_desc->scrub_spa = nfit_spa; + ars_complete(acpi_desc, nfit_spa); + /* + * If ars_complete() says we didn't complete the + * short scrub, we'll try again with a long + * request. + */ + acpi_desc->scrub_spa = NULL; break; case -EBUSY: + case -ENOMEM: case -ENOSPC: + /* + * BIOS was using ARS, wait for it to complete (or + * resources to become available) and then perform our + * own scrubs. + */ break; default: set_bit(ARS_FAILED, &nfit_spa->ars_state); break; } - if (test_and_clear_bit(ARS_DONE, &nfit_spa->ars_state)) - set_bit(ARS_REQ, &nfit_spa->ars_state); - return acpi_nfit_register_region(acpi_desc, nfit_spa); } @@ -3022,6 +3026,8 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, struct device *dev = acpi_desc->dev; struct nfit_spa *nfit_spa; + lockdep_assert_held(&acpi_desc->init_mutex); + if (acpi_desc->cancel) return 0; @@ -3045,21 +3051,49 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, ars_complete_all(acpi_desc); list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { + enum nfit_ars_state req_type; + int rc; + if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) continue; - if (test_bit(ARS_REQ, &nfit_spa->ars_state)) { - int rc = ars_start(acpi_desc, nfit_spa); - - clear_bit(ARS_DONE, &nfit_spa->ars_state); - dev = nd_region_dev(nfit_spa->nd_region); - dev_dbg(dev, "ARS: range %d ARS start (%d)\n", - nfit_spa->spa->range_index, rc); - if (rc == 0 || rc == -EBUSY) - return 1; - dev_err(dev, "ARS: range %d ARS failed (%d)\n", - nfit_spa->spa->range_index, rc); - set_bit(ARS_FAILED, &nfit_spa->ars_state); + + /* prefer short ARS requests first */ + if (test_bit(ARS_REQ_SHORT, &nfit_spa->ars_state)) + req_type = ARS_REQ_SHORT; + else if (test_bit(ARS_REQ_LONG, &nfit_spa->ars_state)) + req_type = ARS_REQ_LONG; + else + continue; + rc = ars_start(acpi_desc, nfit_spa, req_type); + + dev = nd_region_dev(nfit_spa->nd_region); + dev_dbg(dev, "ARS: range %d ARS start %s (%d)\n", + nfit_spa->spa->range_index, + req_type == ARS_REQ_SHORT ? "short" : "long", + rc); + /* + * Hmm, we raced someone else starting ARS? Try again in + * a bit. + */ + if (rc == -EBUSY) + return 1; + if (rc == 0) { + dev_WARN_ONCE(dev, acpi_desc->scrub_spa, + "scrub start while range %d active\n", + acpi_desc->scrub_spa->spa->range_index); + clear_bit(req_type, &nfit_spa->ars_state); + acpi_desc->scrub_spa = nfit_spa; + /* + * Consider this spa last for future scrub + * requests + */ + list_move_tail(&nfit_spa->list, &acpi_desc->spas); + return 1; } + + dev_err(dev, "ARS: range %d ARS failed (%d)\n", + nfit_spa->spa->range_index, rc); + set_bit(ARS_FAILED, &nfit_spa->ars_state); } return 0; } @@ -3115,6 +3149,7 @@ static void acpi_nfit_init_ars(struct acpi_nfit_desc *acpi_desc, struct nd_cmd_ars_cap ars_cap; int rc; + set_bit(ARS_FAILED, &nfit_spa->ars_state); memset(&ars_cap, 0, sizeof(ars_cap)); rc = ars_get_cap(acpi_desc, &ars_cap, nfit_spa); if (rc < 0) @@ -3131,16 +3166,14 @@ static void acpi_nfit_init_ars(struct acpi_nfit_desc *acpi_desc, nfit_spa->clear_err_unit = ars_cap.clear_err_unit; acpi_desc->max_ars = max(nfit_spa->max_ars, acpi_desc->max_ars); clear_bit(ARS_FAILED, &nfit_spa->ars_state); - set_bit(ARS_REQ, &nfit_spa->ars_state); } static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) { struct nfit_spa *nfit_spa; - int rc, query_rc; + int rc; list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { - set_bit(ARS_FAILED, &nfit_spa->ars_state); switch (nfit_spa_type(nfit_spa->spa)) { case NFIT_SPA_VOLATILE: case NFIT_SPA_PM: @@ -3149,20 +3182,12 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) } } - /* - * Reap any results that might be pending before starting new - * short requests. - */ - query_rc = acpi_nfit_query_poison(acpi_desc); - if (query_rc == 0) - ars_complete_all(acpi_desc); - list_for_each_entry(nfit_spa, &acpi_desc->spas, list) switch (nfit_spa_type(nfit_spa->spa)) { case NFIT_SPA_VOLATILE: case NFIT_SPA_PM: /* register regions and kick off initial ARS run */ - rc = ars_register(acpi_desc, nfit_spa, &query_rc); + rc = ars_register(acpi_desc, nfit_spa); if (rc) return rc; break; @@ -3374,7 +3399,8 @@ static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc, return __acpi_nfit_clear_to_send(nd_desc, nvdimm, cmd); } -int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) +int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, + enum nfit_ars_state req_type) { struct device *dev = acpi_desc->dev; int scheduled = 0, busy = 0; @@ -3394,14 +3420,10 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) continue; - if (test_and_set_bit(ARS_REQ, &nfit_spa->ars_state)) { + if (test_and_set_bit(req_type, &nfit_spa->ars_state)) busy++; - set_bit(ARS_REQ_REDO, &nfit_spa->ars_state); - } else { - if (test_bit(ARS_SHORT, &flags)) - set_bit(ARS_SHORT, &nfit_spa->ars_state); + else scheduled++; - } } if (scheduled) { sched_ars(acpi_desc); @@ -3587,10 +3609,11 @@ static void acpi_nfit_update_notify(struct device *dev, acpi_handle handle) static void acpi_nfit_uc_error_notify(struct device *dev, acpi_handle handle) { struct acpi_nfit_desc *acpi_desc = dev_get_drvdata(dev); - unsigned long flags = (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) ? - 0 : 1 << ARS_SHORT; - acpi_nfit_ars_rescan(acpi_desc, flags); + if (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) + acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_LONG); + else + acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_SHORT); } void __acpi_nfit_notify(struct device *dev, acpi_handle handle, u32 event) diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 8c1af38a5dee..a7d95b427efd 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -133,10 +133,8 @@ enum nfit_dimm_notifiers { }; enum nfit_ars_state { - ARS_REQ, - ARS_REQ_REDO, - ARS_DONE, - ARS_SHORT, + ARS_REQ_SHORT, + ARS_REQ_LONG, ARS_FAILED, }; @@ -223,6 +221,7 @@ struct acpi_nfit_desc { struct device *dev; u8 ars_start_flags; struct nd_cmd_ars_status *ars_status; + struct nfit_spa *scrub_spa; struct delayed_work dwork; struct list_head list; struct kernfs_node *scrub_count_state; @@ -277,7 +276,8 @@ struct nfit_blk { extern struct list_head acpi_descs; extern struct mutex acpi_desc_lock; -int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags); +int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, + enum nfit_ars_state req_type); #ifdef CONFIG_X86_MCE void nfit_mce_register(void);

6 years, 11 months

2
1
0 0

Working test 5

by Judy

Did you get my email from last week? Let me know if you have photos for cutting out or retouching? We are an image team who can do editing for your the web store photos, industry photos or portrait photos. Send photos, we will do testing for you to check quality. Waiting for your reply soon. Thanks, Judy

6 years, 11 months

1
0
0 0

[PATCH] afs: Fix clearance of reply

by David Howells

The recent patch to fix the afs_server struct leak didn't actually fix the bug, but rather fixed some of the symptoms. The problem is that an asynchronous call that holds a resource pointed to by call->reply[0] will find the pointer cleared in the call destructor, thereby preventing the resource from being cleaned up. In the case of the server record leak, the afs_fs_get_capabilities() function in devel code sets up a call with reply[0] pointing at the server record that should be altered when the result is obtained, but this was being cleared before the destructor was called, so the put in the destructor does nothing and the record is leaked. Commit f014ffb025c1 removed the additional ref obtained by afs_install_server(), but the removal of this ref is actually used by the garbage collector to mark a server record as being defunct after the record has expired through lack of use. The offending clearance of call->reply[0] upon completion in afs_process_async_call() has been there from the origin of the code, but none of the asynchronous calls actually use that pointer currently, so it should be safe to remove (note that synchronous calls don't involve this function). Fix this by the following means: (1) Revert commit f014ffb025c1. (2) Remove the clearance of reply[0] from afs_process_async_call(). Without this, afs_manage_servers() will suffer an assertion failure if it sees a server record that didn't get used because the usage count is not 1. Fixes: f014ffb025c1 ("afs: Fix afs_server struct leak") Fixes: 08e0e7c82eea ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.") Signed-off-by: David Howells <dhowells(a)redhat.com> --- fs/afs/rxrpc.c | 2 -- fs/afs/server.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c index 748b37b130a2..9bbb8af000b4 100644 --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -620,8 +620,6 @@ static void afs_process_async_call(struct work_struct *work) } if (call->state == AFS_CALL_COMPLETE) { - call->reply[0] = NULL; - /* We have two refs to release - one from the alloc and one * queued with the work item - and we can't just deallocate the * call because the work item may be queued again. diff --git a/fs/afs/server.c b/fs/afs/server.c index d5ef05e24e18..1a087eb8f2d7 100644 --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -199,11 +199,9 @@ static struct afs_server *afs_install_server(struct afs_net *net, write_sequnlock(&net->fs_addr_lock); ret = 0; - goto out; exists: afs_get_server(server); -out: write_sequnlock(&net->fs_lock); return server; }

6 years, 11 months

2
1
0 0

[git:media_tree/master] media: cec: forgot to cancel delayed work

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: forgot to cancel delayed work Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 15 06:14:22 2018 -0400 If the wait for completion was interrupted, then make sure to cancel any delayed work. This can only happen if a transmit is waiting for a reply, and you press Ctrl-C or reboot/poweroff or something like that which interrupts the thread waiting for the reply and then proceeds to delete the CEC message. Since the delayed work wasn't canceled, once it would trigger it referred to stale data and resulted in a kernel oops. Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/cec/cec-adap.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 0c0d9107383e..31d1f4ab915e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -844,6 +844,8 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, */ mutex_unlock(&adap->lock); wait_for_completion_killable(&data->c); + if (!data->completed) + cancel_delayed_work_sync(&data->work); mutex_lock(&adap->lock); /* Cancel the transmit if it was interrupted */

6 years, 11 months

1
0
0 0

[PATCHv5 0/7] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

Hi all, Three fixes that worth to have in the @stable, as they were hit by different people, including Arista on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. The last patch is an optional and probably, timeout can be dropped for read_lock(). I'll do it if everyone agrees. (Or as per discussion with Peter in v3, just convert ldisc to a regular rwsem). Thanks, Dima Changes since v4: - back to lock ldisc with (5*HZ) timeout in tty_reopen() (LKP report link: lkml.kernel.org/r/<1536940609.3185.29.camel(a)arista.com>) - reordered 3/7 with 2/7 for LKP robot Changes since v3: - Added tested-by Mark Rutland (thanks!) - Dropped patch with smp_wmb() - wrong idea - lockdep_assert_held() should be actually lockdep_assert_held_exclusive() - Described why tty_ldisc_open() can be called without ldisc_sem held for pty slave end (o_tty). - Added Peter's patch for dropping self-made lockdep annotations - Fix for a reader(s) of ldisc semaphore waiting for an active reader(s) Changes since v2: - Added reviewed-by tags - Hopefully, fixed reported by 0-day issue. - Added optional fix for wait_readers decrement Changes since v1: - Added tested-by/reported-by tags - Dropped 3/4 (locking tty pair for lockdep sake), Because of that - not adding lockdep_assert_held() in tty_ldisc_open() - Added 4/4 cleanup to inc tty->count only on success of tty_ldisc_reinit() - lock ldisc without (5*HZ) timeout in tty_reopen() v1 link: lkml.kernel.org/r/<20180829022353.23568-1-dima(a)arista.com> v2 link: lkml.kernel.org/r/<20180903165257.29227-1-dima(a)arista.com> v3 link: lkml.kernel.org/r/<20180911014821.26286-1-dima(a)arista.com> v4 link: lkml.kernel.org/r/<20180912001702.18522-1-dima(a)arista.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Nathan March <nathan(a)gt.net> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: "Rong, Chen" <rong.a.chen(a)intel.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (6): tty: Drop tty->count on tty_reopen() failure tty/ldsem: Wake up readers after timed out down_write() tty: Hold tty_ldisc_lock() during tty_reopen() tty: Simplify tty->count math in tty_reopen() tty/ldsem: Add lockdep asserts for ldisc_sem tty/ldsem: Decrement wait_readers on timeouted down_read() Peter Zijlstra (1): tty/ldsem: Convert to regular lockdep annotations drivers/tty/tty_io.c | 13 ++++++++--- drivers/tty/tty_ldisc.c | 9 +++++++ drivers/tty/tty_ldsem.c | 62 ++++++++++++++++++++----------------------------- 3 files changed, 44 insertions(+), 40 deletions(-) -- 2.13.6

6 years, 11 months

4
13
0 0

[PATCH] fs: fix possible Spectre V1 indexing in __close_fd()

by Greg Hackmann

__close_fd() is reachable via the close() syscall with a userspace-controlled fd. Ensure that it can't be used to speculatively access past the end of current->fdt. Reported-by: Omer Tripp <trippo(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- fs/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/file.c b/fs/file.c index 7ffd6e9d103d..a80cf82be96b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -18,6 +18,7 @@ #include <linux/bitops.h> #include <linux/spinlock.h> #include <linux/rcupdate.h> +#include <linux/nospec.h> unsigned int sysctl_nr_open __read_mostly = 1024*1024; unsigned int sysctl_nr_open_min = BITS_PER_LONG; @@ -626,6 +627,7 @@ int __close_fd(struct files_struct *files, unsigned fd) fdt = files_fdtable(files); if (fd >= fdt->max_fds) goto out_unlock; + fd = array_index_nospec(fd, fdt->max_fds); file = fdt->fd[fd]; if (!file) goto out_unlock; -- 2.19.0.397.gdd90340f6a-goog

6 years, 11 months

2
2
0 0

Apply For Affordable Loan Offer

by rifat

Do you need a loan? If YES Kindly contact us via: citigrouploaninvestment(a)aol.com

6 years, 11 months

1
0
0 0

Re: [PATCH 3.16 194/366] drivers: tty: Merge alloc_tty_struct and initialize_tty_struct

by Ben Hutchings

On Sun, 2018-10-14 at 19:22 +0200, Rasmus Villemoes wrote: > IIRC, I messed up back then, so you'll need some followup as well, but I'm > on my phone ATM. I guess that's commit 07584d4a356e "drivers: tty: Fix use-after-free in pty_common_install"? I missed that but will add it now. > I assume you're taking this to make it easier to backport > some actual fix? This is required as preparation for commit 903f9db10f18 "tty: Don't call panic() at tty_ldisc_init()". Ben. > > On Sun, Oct 14, 2018, 17:39 Ben Hutchings <ben(a)decadent.org.uk> wrote: > > > 3.16.60-rc1 review patch. If anyone has any objections, please let me > > know. > > > > ------------------ > > > > From: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> > > > > commit 2c964a2f4191f2229566895f1a0e85f8339f5dd1 upstream. > > > > The two functions alloc_tty_struct and initialize_tty_struct are > > always called together. Merge them into alloc_tty_struct, updating its > > prototype and the only two callers of these functions. > > > > Signed-off-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> > > --- > > drivers/tty/pty.c | 19 +++++++++---------- > > drivers/tty/tty_io.c | 37 +++++++++++++------------------------ > > include/linux/tty.h | 4 +--- > > 3 files changed, 23 insertions(+), 37 deletions(-) > > > > --- a/drivers/tty/pty.c > > +++ b/drivers/tty/pty.c > > @@ -319,7 +319,7 @@ done: > > * pty_common_install - set up the pty pair > > * @driver: the pty driver > > * @tty: the tty being instantiated > > - * @bool: legacy, true if this is BSD style > > + * @legacy: true if this is BSD style > > * > > * Perform the initial set up for the tty/pty pair. Called from the > > * tty layer when the port is first opened. > > @@ -334,18 +334,17 @@ static int pty_common_install(struct tty > > int idx = tty->index; > > int retval = -ENOMEM; > > > > - o_tty = alloc_tty_struct(); > > - if (!o_tty) > > - goto err; > > ports[0] = kmalloc(sizeof **ports, GFP_KERNEL); > > ports[1] = kmalloc(sizeof **ports, GFP_KERNEL); > > if (!ports[0] || !ports[1]) > > - goto err_free_tty; > > + goto err; > > if (!try_module_get(driver->other->owner)) { > > /* This cannot in fact currently happen */ > > - goto err_free_tty; > > + goto err; > > } > > - initialize_tty_struct(o_tty, driver->other, idx); > > + o_tty = alloc_tty_struct(driver->other, idx); > > + if (!o_tty) > > + goto err_put_module; > > > > if (legacy) { > > /* We always use new tty termios data so we can do this > > @@ -390,12 +389,12 @@ err_free_termios: > > tty_free_termios(tty); > > err_deinit_tty: > > deinitialize_tty_struct(o_tty); > > + free_tty_struct(o_tty); > > +err_put_module: > > module_put(o_tty->driver->owner); > > -err_free_tty: > > +err: > > kfree(ports[0]); > > kfree(ports[1]); > > - free_tty_struct(o_tty); > > -err: > > return retval; > > } > > > > --- a/drivers/tty/tty_io.c > > +++ b/drivers/tty/tty_io.c > > @@ -157,20 +157,6 @@ static void __proc_set_tty(struct task_s > > static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); > > > > /** > > - * alloc_tty_struct - allocate a tty object > > - * > > - * Return a new empty tty structure. The data fields have not > > - * been initialized in any way but has been zeroed > > - * > > - * Locking: none > > - */ > > - > > -struct tty_struct *alloc_tty_struct(void) > > -{ > > - return kzalloc(sizeof(struct tty_struct), GFP_KERNEL); > > -} > > - > > -/** > > * free_tty_struct - free a disused tty > > * @tty: tty struct to free > > * > > @@ -1455,12 +1441,11 @@ struct tty_struct *tty_init_dev(struct t > > if (!try_module_get(driver->owner)) > > return ERR_PTR(-ENODEV); > > > > - tty = alloc_tty_struct(); > > + tty = alloc_tty_struct(driver, idx); > > if (!tty) { > > retval = -ENOMEM; > > goto err_module_put; > > } > > - initialize_tty_struct(tty, driver, idx); > > > > tty_lock(tty); > > retval = tty_driver_install_tty(driver, tty); > > @@ -3034,19 +3019,21 @@ static struct device *tty_get_device(str > > > > > > /** > > - * initialize_tty_struct > > - * @tty: tty to initialize > > + * alloc_tty_struct > > * > > - * This subroutine initializes a tty structure that has been newly > > - * allocated. > > + * This subroutine allocates and initializes a tty structure. > > * > > - * Locking: none - tty in question must not be exposed at this point > > + * Locking: none - tty in question is not exposed at this point > > */ > > > > -void initialize_tty_struct(struct tty_struct *tty, > > - struct tty_driver *driver, int idx) > > +struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) > > { > > - memset(tty, 0, sizeof(struct tty_struct)); > > + struct tty_struct *tty; > > + > > + tty = kzalloc(sizeof(*tty), GFP_KERNEL); > > + if (!tty) > > + return NULL; > > + > > kref_init(&tty->kref); > > tty->magic = TTY_MAGIC; > > tty_ldisc_init(tty); > > @@ -3070,6 +3057,8 @@ void initialize_tty_struct(struct tty_st > > tty->index = idx; > > tty_line_name(driver, idx, tty->name); > > tty->dev = tty_get_device(tty); > > + > > + return tty; > > } > > > > /** > > --- a/include/linux/tty.h > > +++ b/include/linux/tty.h > > @@ -477,13 +477,11 @@ extern int tty_mode_ioctl(struct tty_str > > unsigned int cmd, unsigned long arg); > > extern int tty_perform_flush(struct tty_struct *tty, unsigned long arg); > > extern void tty_default_fops(struct file_operations *fops); > > -extern struct tty_struct *alloc_tty_struct(void); > > +extern struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int > > idx); > > extern int tty_alloc_file(struct file *file); > > extern void tty_add_file(struct tty_struct *tty, struct file *file); > > extern void tty_free_file(struct file *file); > > extern void free_tty_struct(struct tty_struct *tty); > > -extern void initialize_tty_struct(struct tty_struct *tty, > > - struct tty_driver *driver, int idx); > > extern void deinitialize_tty_struct(struct tty_struct *tty); > > extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int > > idx); > > extern int tty_release(struct inode *inode, struct file *filp); > > > > -- Ben Hutchings I haven't lost my mind; it's backed up on tape somewhere.

6 years, 11 months

1
0
0 0

What is the expected date of release for 4.19

by salil GK

Hello I would like to know the expected date of release of 4.19 kernel. Thanks ~S

6 years, 11 months

2
1
0 0

URGENT RESPONSE NEEDED

by Sean Kim.

Hello my dear. Did you receive my email message to you? Please, get back to me ASAP as the matter is becoming late. Expecting your urgent response. Sean.

6 years, 11 months

1
0
0 0

patch "usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c02588a352defaf985fc1816eb6232663159e1b8 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Mon, 1 Oct 2018 18:53:05 +0300 Subject: usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 722860eb5a91..51dd8e00c4f8 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -179,10 +179,12 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_PME_STUCK_QUIRK; } if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) xhci->quirks |= XHCI_SSIC_PORT_UNUSED; + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; - } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || -- 2.19.1

6 years, 11 months

1
0
0 0

patch "usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 009b1948e153ae448f62f1887e2b58d0e05db51b Mon Sep 17 00:00:00 2001 From: Wan Ahmad Zainie <wan.ahmad.zainie.wan.mohamad(a)intel.com> Date: Tue, 9 Oct 2018 12:52:47 +0800 Subject: usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable Add missing pm_runtime_disable() to remove(), in order to avoid an Unbalanced pm_runtime_enable when the module is removed and re-probed. Error log: root@intel-corei7-64:~# modprobe -r intel_xhci_usb_role_switch root@intel-corei7-64:~# modprobe intel_xhci_usb_role_switch intel_xhci_usb_sw intel_xhci_usb_sw: Unbalanced pm_runtime_enable! Fixes: cb2968468605 (usb: roles: intel_xhci: Enable runtime PM) Cc: <stable(a)vger.kernel.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Wan Ahmad Zainie <wan.ahmad.zainie.wan.mohamad(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/roles/intel-xhci-usb-role-switch.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/roles/intel-xhci-usb-role-switch.c b/drivers/usb/roles/intel-xhci-usb-role-switch.c index 1fb3dd0f1dfa..277de96181f9 100644 --- a/drivers/usb/roles/intel-xhci-usb-role-switch.c +++ b/drivers/usb/roles/intel-xhci-usb-role-switch.c @@ -161,6 +161,8 @@ static int intel_xhci_usb_remove(struct platform_device *pdev) { struct intel_xhci_usb_data *data = platform_get_drvdata(pdev); + pm_runtime_disable(&pdev->dev); + usb_role_switch_unregister(data->role_sw); return 0; } -- 2.19.1

6 years, 11 months

1
0
0 0

patch "cdc-acm: correct counting of UART states in serial state notification" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: correct counting of UART states in serial state notification to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f976d0e5747ca65ccd0fb2a4118b193d70aa1836 Mon Sep 17 00:00:00 2001 From: Tobias Herzog <t-herzog(a)gmx.de> Date: Sat, 22 Sep 2018 22:11:11 +0200 Subject: cdc-acm: correct counting of UART states in serial state notification The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent signals" (DSR, DCD), and "irregular signals" (break, ring, parity error, framing error, overrun). The bits of "irregular signals" are set, if this error/event occurred on the device side and are immeadeatly unset, if the serial state notification was sent. Like other drivers of real serial ports do, just the occurence of those events should be counted in serial_icounter_struct (but no 1->0 transitions). Signed-off-by: Tobias Herzog <t-herzog(a)gmx.de> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index e43ea9641416..9ede35cecb12 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -310,17 +310,17 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) if (difference & ACM_CTRL_DSR) acm->iocount.dsr++; - if (difference & ACM_CTRL_BRK) - acm->iocount.brk++; - if (difference & ACM_CTRL_RI) - acm->iocount.rng++; if (difference & ACM_CTRL_DCD) acm->iocount.dcd++; - if (difference & ACM_CTRL_FRAMING) + if (newctrl & ACM_CTRL_BRK) + acm->iocount.brk++; + if (newctrl & ACM_CTRL_RI) + acm->iocount.rng++; + if (newctrl & ACM_CTRL_FRAMING) acm->iocount.frame++; - if (difference & ACM_CTRL_PARITY) + if (newctrl & ACM_CTRL_PARITY) acm->iocount.parity++; - if (difference & ACM_CTRL_OVERRUN) + if (newctrl & ACM_CTRL_OVERRUN) acm->iocount.overrun++; spin_unlock_irqrestore(&acm->read_lock, flags); -- 2.19.1

6 years, 11 months

1
0
0 0

patch "usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 81f7567c51ad97668d1c3a48e8ecc482e64d4161 Mon Sep 17 00:00:00 2001 From: "Shuah Khan (Samsung OSG)" <shuah(a)kernel.org> Date: Fri, 5 Oct 2018 16:17:44 -0600 Subject: usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference port_status[] only with a valid rhport value when invalid_rhport flag is true. The invalid_rhport flag is set early on after detecting in port value is within the bounds or not. The following is used reproduce the problem and verify the fix: C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ed8ab6400000 Reported-by: syzbot+bccc1fe10b70fadc78d0(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vhci_hcd.c | 57 ++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..1e592ec94ba4 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -318,8 +318,9 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, struct vhci_hcd *vhci_hcd; struct vhci *vhci; int retval = 0; - int rhport; + int rhport = -1; unsigned long flags; + bool invalid_rhport = false; u32 prev_port_status[VHCI_HC_PORTS]; @@ -334,9 +335,19 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) - pr_err("invalid port number %d\n", wIndex); - rhport = wIndex - 1; + /* + * wIndex can be 0 for some request types (typeReq). rhport is + * in valid range when wIndex >= 1 and < VHCI_HC_PORTS. + * + * Reference port_status[] only with valid rhport when + * invalid_rhport is false. + */ + if (wIndex < 1 || wIndex > VHCI_HC_PORTS) { + invalid_rhport = true; + if (wIndex > VHCI_HC_PORTS) + pr_err("invalid port number %d\n", wIndex); + } else + rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); vhci = vhci_hcd->vhci; @@ -345,8 +356,9 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, /* store old status and compare now and old later */ if (usbip_dbg_flag_vhci_rh) { - memcpy(prev_port_status, vhci_hcd->port_status, - sizeof(prev_port_status)); + if (!invalid_rhport) + memcpy(prev_port_status, vhci_hcd->port_status, + sizeof(prev_port_status)); } switch (typeReq) { @@ -354,8 +366,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh(" ClearHubFeature\n"); break; case ClearPortFeature: - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } switch (wValue) { case USB_PORT_FEAT_SUSPEND: if (hcd->speed == HCD_USB3) { @@ -415,9 +429,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, break; case GetPortStatus: usbip_dbg_vhci_rh(" GetPortStatus port %x\n", wIndex); - if (wIndex < 1) { + if (invalid_rhport) { pr_err("invalid port number %d\n", wIndex); retval = -EPIPE; + goto error; } /* we do not care about resume. */ @@ -513,16 +528,20 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, goto error; } - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } vhci_hcd->port_status[rhport] |= USB_PORT_STAT_SUSPEND; break; case USB_PORT_FEAT_POWER: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_POWER\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } if (hcd->speed == HCD_USB3) vhci_hcd->port_status[rhport] |= USB_SS_PORT_STAT_POWER; else @@ -531,8 +550,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_BH_PORT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_BH_PORT_RESET\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } /* Applicable only for USB3.0 hub */ if (hcd->speed != HCD_USB3) { pr_err("USB_PORT_FEAT_BH_PORT_RESET req not " @@ -543,8 +564,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_RESET\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } /* if it's already enabled, disable */ if (hcd->speed == HCD_USB3) { vhci_hcd->port_status[rhport] = 0; @@ -565,8 +588,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, default: usbip_dbg_vhci_rh(" SetPortFeature: default %d\n", wValue); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } if (hcd->speed == HCD_USB3) { if ((vhci_hcd->port_status[rhport] & USB_SS_PORT_STAT_POWER) != 0) { @@ -608,7 +633,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, if (usbip_dbg_flag_vhci_rh) { pr_debug("port %d\n", rhport); /* Only dump valid port status */ - if (rhport >= 0) { + if (!invalid_rhport) { dump_port_status_diff(prev_port_status[rhport], vhci_hcd->port_status[rhport], hcd->speed == HCD_USB3); @@ -618,8 +643,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, spin_unlock_irqrestore(&vhci->lock, flags); - if ((vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) + if (!invalid_rhport && + (vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) { usb_hcd_poll_rh_status(hcd); + } return retval; } -- 2.19.1

6 years, 11 months

1
0
0 0

patch "cdc-acm: fix race between reset and control messaging" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: fix race between reset and control messaging to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 9397940ed812b942c520e0c25ed4b2c64d57e8b9 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 4 Oct 2018 15:49:06 +0200 Subject: cdc-acm: fix race between reset and control messaging If a device splits up a control message and a reset() happens between the parts, the message is lost and already recieved parts must be dropped. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1aba579f3cf51 ("cdc-acm: handle read pipe errors") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index bc03b0a690b4..1833912f7f5f 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1642,6 +1642,7 @@ static int acm_pre_reset(struct usb_interface *intf) struct acm *acm = usb_get_intfdata(intf); clear_bit(EVENT_RX_STALL, &acm->flags); + acm->nb_index = 0; /* pending control transfers are lost */ return 0; } -- 2.19.1

6 years, 11 months

1
0
0 0

patch "cdc-acm: do not reset notification buffer index upon urb unlinking" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: do not reset notification buffer index upon urb unlinking to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From dae3ddba36f8c337fb59cef07d564da6fc9b7551 Mon Sep 17 00:00:00 2001 From: Tobias Herzog <t-herzog(a)gmx.de> Date: Sat, 22 Sep 2018 22:11:10 +0200 Subject: cdc-acm: do not reset notification buffer index upon urb unlinking Resetting the write index of the notification buffer on urb unlink (e.g. closing a cdc-acm device from userspace) may lead to wrong interpretation of further received notifications, in case the index is not 0 when urb unlink happens (i.e. when parts of a notification already have been transferred). On the device side there is no "reset" of the notification transimission and thus we would get out of sync with the device. Signed-off-by: Tobias Herzog <t-herzog(a)gmx.de> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 1833912f7f5f..e43ea9641416 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -355,7 +355,6 @@ static void acm_ctrl_irq(struct urb *urb) case -ENOENT: case -ESHUTDOWN: /* this urb is terminated, clean up */ - acm->nb_index = 0; dev_dbg(&acm->control->dev, "%s - urb shutting down with status: %d\n", __func__, status); -- 2.19.1

6 years, 11 months

1
0
0 0

[PATCH] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()

by Luca Coelho

From: Luca Coelho <luciano.coelho(a)intel.com> The rs_rate_from_ucode_rate() function may return -EINVAL if the rate is invalid, but none of the callsites check for the error, potentially making us access arrays with index IWL_RATE_INVALID, which is larger than the arrays, causing an out-of-bounds access. This will trigger KASAN warnings, such as the one reported in the bugzilla issue mentioned below. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659 Cc: stable(a)vger.kernel.org Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 24 ++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c index 2c75f51a04e4..089972280daa 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c @@ -1239,7 +1239,11 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, !(info->flags & IEEE80211_TX_STAT_AMPDU)) return; - rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, &tx_resp_rate); + if (rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, + &tx_resp_rate)) { + WARN_ON_ONCE(1); + return; + } #ifdef CONFIG_MAC80211_DEBUGFS /* Disable last tx check if we are debugging with fixed rate but @@ -1290,7 +1294,10 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, */ table = &lq_sta->lq; lq_hwrate = le32_to_cpu(table->rs_table[0]); - rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate); + if (rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate)) { + WARN_ON_ONCE(1); + return; + } /* Here we actually compare this rate to the latest LQ command */ if (lq_color != LQ_FLAG_COLOR_GET(table->flags)) { @@ -1392,8 +1399,12 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, /* Collect data for each rate used during failed TX attempts */ for (i = 0; i <= retries; ++i) { lq_hwrate = le32_to_cpu(table->rs_table[i]); - rs_rate_from_ucode_rate(lq_hwrate, info->band, - &lq_rate); + if (rs_rate_from_ucode_rate(lq_hwrate, info->band, + &lq_rate)) { + WARN_ON_ONCE(1); + return; + } + /* * Only collect stats if retried rate is in the same RS * table as active/search. @@ -3260,7 +3271,10 @@ static void rs_build_rates_table_from_fixed(struct iwl_mvm *mvm, for (i = 0; i < num_rates; i++) lq_cmd->rs_table[i] = ucode_rate_le32; - rs_rate_from_ucode_rate(ucode_rate, band, &rate); + if (rs_rate_from_ucode_rate(ucode_rate, band, &rate)) { + WARN_ON_ONCE(1); + return; + } if (is_mimo(&rate)) lq_cmd->mimo_delim = num_rates - 1; -- 2.19.1

6 years, 11 months

3
2
0 0

Linux 3.18.124

by Greg KH

I'm announcing the release of the 3.18.124 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kernel/entry.S | 3 arch/arm64/kvm/guest.c | 55 +++++++++++++++ arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/vdso/vclock_gettime.c | 26 ++++--- crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/base/power/main.c | 5 + drivers/block/floppy.c | 3 drivers/crypto/mxs-dcp.c | 53 ++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/hid/hid-core.c | 3 drivers/hid/hid-ids.h | 2 drivers/hid/hid-ntrig.c | 2 drivers/hid/hid-sony.c | 6 + drivers/hwmon/adt7475.c | 14 ++-- drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 ++++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++++- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/mtd/spi-nor/fsl-quadspi.c | 20 ++--- drivers/net/appletalk/ipddp.c | 8 +- drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hp/hp100.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/pci/pci.c | 27 +++++-- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 10 +- drivers/spi/spi-sh-msiof.c | 3 drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 ++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++++ drivers/usb/core/driver.c | 28 ++++---- drivers/usb/core/usb.c | 2 drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/serial/usb-serial-simple.c | 3 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 + drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/balloc.c | 21 +++--- fs/ext4/dir.c | 20 ++--- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 fs/ext4/extents.c | 6 + fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 42 +----------- fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 6 + fs/ext4/mmp.c | 1 fs/ext4/resize.c | 20 +++++ fs/ext4/super.c | 14 +++- fs/ext4/xattr.c | 49 ++++++-------- fs/jbd2/transaction.c | 2 fs/nfsd/nfs4proc.c | 1 fs/ocfs2/buffer_head_io.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 ++++ fs/seq_file.c | 7 +- fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/seq_file.h | 13 +-- include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/cgroup.c | 6 + kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 kernel/trace/ring_buffer.c | 2 mm/madvise.c | 2 mm/shmem.c | 2 mm/slub.c | 6 - net/bridge/netfilter/ebt_arpreply.c | 3 net/core/neighbour.c | 13 ++- net/ipv4/af_inet.c | 1 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 3 net/mac80211/cfg.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 ++++++- net/mac80211/mlme.c | 53 +++++++++++++++ net/wireless/nl80211.c | 1 sound/aoa/core/gpio-feature.c | 4 - sound/firewire/bebob/bebob_maudio.c | 24 ++++-- sound/pci/emu10k1/emufx.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/cs4265.c | 4 - sound/soc/soc-dapm.c | 7 ++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 124 files changed, 891 insertions(+), 404 deletions(-) Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (1): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Catalin Marinas (1): arm64: Add trace_hardirqs_off annotation in ret_to_user Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): net: hp100: fix always-true check for link up state Dan Carpenter (3): rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (1): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Eric Dumazet (1): ipv6: fix possible use-after-free in ip6_xmit() Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Geert Uytterhoeven (1): spi: rspi: Fix interrupted DMA transfers Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 3.18.124 Han Xu (1): mtd: fsl-quadspi: fix macro collision problems with READ/WRITE Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Joel Fernandes (Google) (1): mm: shmem.c: Correctly annotate new inodes for lockdep Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling USB: serial: simple: add Motorola Tetra MTP6550 id Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Junxiao Bi (1): ocfs2: fix ocfs2 read block panic Kai-Heng Feng (2): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Li Dongyang (1): ext4: don't mark mmp buffer head dirty Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Torvalds (1): Make file credentials available to the seqfile interfaces Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roderick Colenbrander (2): HID: sony: Update device ids HID: sony: Support DS4 dongle Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sébastien Szymanski (1): ASoC: cs4265: fix MMTLR Data switch control Takashi Sakamoto (1): ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Theodore Ts'o (14): ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: verify the depth of extent tree in ext4_find_extent() ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Toke Høiland-Jørgensen (1): gso_segment: Reset skb->mac_len after modifying network header Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vasily Khoruzhick (1): neighbour: confirm neigh entries when ARP packet is received Vincent Pelletier (2): scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Willy Tarreau (2): ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

1
1
0 0

Linux 3.18.123

by Greg KH

I'm announcing the release of the 3.18.124 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kernel/entry.S | 3 arch/arm64/kvm/guest.c | 55 +++++++++++++++ arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/vdso/vclock_gettime.c | 26 ++++--- crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/base/power/main.c | 5 + drivers/block/floppy.c | 3 drivers/crypto/mxs-dcp.c | 53 ++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/hid/hid-core.c | 3 drivers/hid/hid-ids.h | 2 drivers/hid/hid-ntrig.c | 2 drivers/hid/hid-sony.c | 6 + drivers/hwmon/adt7475.c | 14 ++-- drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 ++++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++++- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/mtd/spi-nor/fsl-quadspi.c | 20 ++--- drivers/net/appletalk/ipddp.c | 8 +- drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hp/hp100.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/pci/pci.c | 27 +++++-- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 10 +- drivers/spi/spi-sh-msiof.c | 3 drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 ++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++++ drivers/usb/core/driver.c | 28 ++++---- drivers/usb/core/usb.c | 2 drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/serial/usb-serial-simple.c | 3 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 + drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/balloc.c | 21 +++--- fs/ext4/dir.c | 20 ++--- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 fs/ext4/extents.c | 6 + fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 42 +----------- fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 6 + fs/ext4/mmp.c | 1 fs/ext4/resize.c | 20 +++++ fs/ext4/super.c | 14 +++- fs/ext4/xattr.c | 49 ++++++-------- fs/jbd2/transaction.c | 2 fs/nfsd/nfs4proc.c | 1 fs/ocfs2/buffer_head_io.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 ++++ fs/seq_file.c | 7 +- fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/seq_file.h | 13 +-- include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/cgroup.c | 6 + kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 kernel/trace/ring_buffer.c | 2 mm/madvise.c | 2 mm/shmem.c | 2 mm/slub.c | 6 - net/bridge/netfilter/ebt_arpreply.c | 3 net/core/neighbour.c | 13 ++- net/ipv4/af_inet.c | 1 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 3 net/mac80211/cfg.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 ++++++- net/mac80211/mlme.c | 53 +++++++++++++++ net/wireless/nl80211.c | 1 sound/aoa/core/gpio-feature.c | 4 - sound/firewire/bebob/bebob_maudio.c | 24 ++++-- sound/pci/emu10k1/emufx.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/cs4265.c | 4 - sound/soc/soc-dapm.c | 7 ++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 124 files changed, 891 insertions(+), 404 deletions(-) Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (1): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Catalin Marinas (1): arm64: Add trace_hardirqs_off annotation in ret_to_user Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): net: hp100: fix always-true check for link up state Dan Carpenter (3): rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (1): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Eric Dumazet (1): ipv6: fix possible use-after-free in ip6_xmit() Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Geert Uytterhoeven (1): spi: rspi: Fix interrupted DMA transfers Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 3.18.124 Han Xu (1): mtd: fsl-quadspi: fix macro collision problems with READ/WRITE Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Joel Fernandes (Google) (1): mm: shmem.c: Correctly annotate new inodes for lockdep Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling USB: serial: simple: add Motorola Tetra MTP6550 id Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Junxiao Bi (1): ocfs2: fix ocfs2 read block panic Kai-Heng Feng (2): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Li Dongyang (1): ext4: don't mark mmp buffer head dirty Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Torvalds (1): Make file credentials available to the seqfile interfaces Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roderick Colenbrander (2): HID: sony: Update device ids HID: sony: Support DS4 dongle Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sébastien Szymanski (1): ASoC: cs4265: fix MMTLR Data switch control Takashi Sakamoto (1): ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Theodore Ts'o (14): ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: verify the depth of extent tree in ext4_find_extent() ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Toke Høiland-Jørgensen (1): gso_segment: Reset skb->mac_len after modifying network header Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vasily Khoruzhick (1): neighbour: confirm neigh entries when ARP packet is received Vincent Pelletier (2): scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Willy Tarreau (2): ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

2
3
0 0

Linux 4.18.14

by Greg KH

I'm announcing the release of the 4.18.14 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 ++ arch/powerpc/include/asm/setup.h | 1 arch/powerpc/lib/code-patching.c | 14 + arch/powerpc/mm/mem.c | 2 arch/x86/entry/vdso/Makefile | 16 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +-- arch/x86/kvm/mmu.c | 24 ++- arch/x86/kvm/vmx.c | 7 block/blk-mq.c | 4 drivers/base/power/main.c | 5 drivers/clocksource/timer-atmel-pit.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 drivers/gpu/drm/drm_lease.c | 6 drivers/gpu/drm/drm_syncobj.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-metadata.c | 4 drivers/md/dm-cache-target.c | 9 - drivers/md/dm-mpath.c | 14 + drivers/mmc/core/host.c | 2 drivers/mmc/core/slot-gpio.c | 2 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 - drivers/net/xen-netback/hash.c | 12 - drivers/of/unittest.c | 26 ++- drivers/pci/pci.c | 27 ++- drivers/tty/tty_io.c | 11 + drivers/usb/class/cdc-acm.c | 6 drivers/usb/host/xhci-mtk.c | 4 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/option.c | 15 +- drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 fs/f2fs/checkpoint.c | 9 - fs/pstore/ram.c | 29 +++- fs/ubifs/super.c | 3 include/linux/hugetlb.h | 14 + include/linux/mm.h | 6 kernel/events/core.c | 6 mm/huge_memory.c | 2 mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 mm/rmap.c | 42 +++++ mm/vmstat.c | 3 net/mac80211/cfg.c | 2 net/mac80211/iface.c | 3 net/rds/ib.h | 2 net/rds/ib_cm.c | 2 net/rds/ib_recv.c | 10 - net/tipc/netlink_compat.c | 2 net/tipc/socket.c | 17 +- net/tipc/socket.h | 1 tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 53 files changed, 562 insertions(+), 114 deletions(-) Alexandre Belloni (1): clocksource/drivers/timer-atmel-pit: Properly handle error cases Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Only enable vDSO retpolines when enabled and supported x86/vdso: Fix vDSO syscall fallback asm constraint regression Chao Yu (1): f2fs: fix invalid memory access Christophe Leroy (1): powerpc/lib: fix book3s/32 boot failure due to code patching Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (2): tipc: call start and done ops directly in __tipc_nl_compat_dumpit() ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (2): mac80211: allocate TXQs for active monitor interfaces mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Greg Kroah-Hartman (1): Linux 4.18.14 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Ilya Dryomov (1): blk-mq: I/O and timer unplugs are inverted in blktrace Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jann Horn (2): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly drm: fix use-after-free read in drm_mode_create_lease_ioctl() Jason Ekstrand (1): drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (2): USB: serial: simple: add Motorola Tetra MTP6550 id USB: serial: option: add two-endpoints device-id flag Ka-Cheong Poon (1): rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Kees Cook (1): pstore/ram: Fix failure-path memory leak in ramoops_init Kirill A. Shutemov (1): mm, thp: fix mlocking THP page with migration enabled Kristian Evensen (1): USB: serial: option: improve Quectel EP06 detection Marek Szyprowski (1): mmc: slot-gpio: Fix debounce time to use miliseconds again Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michael Neuling (1): powerpc: Avoid code patching freed init sections Mike Kravetz (1): mm: migration: fix migration of huge PMD shared pages Mike Snitzer (2): dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Reinette Chatre (1): perf/core: Add sanity check to deal with pinned event failure Rex Zhu (1): drm/amdgpu: Fix vce work queue was not cancelled when suspend Richard Weinberger (1): ubifs: Check for name being NULL while mounting Romain Izard (1): usb: cdc_acm: Do not leak URB buffers Sean Christopherson (2): KVM: x86: fix L1TF's MMIO GFN calculation KVM: VMX: check for existence of secondary exec controls before accessing Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): mmc: core: Fix debounce time to use microseconds Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

Linux 4.14.76

by Greg KH

I'm announcing the release of the 4.14.76 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 ++ arch/powerpc/include/asm/setup.h | 1 arch/powerpc/lib/code-patching.c | 45 +++--- arch/powerpc/mm/mem.c | 2 arch/x86/entry/vdso/Makefile | 16 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +-- arch/x86/kvm/mmu.c | 24 ++- block/blk-mq.c | 4 drivers/base/power/main.c | 5 drivers/clocksource/timer-atmel-pit.c | 20 +- drivers/crypto/chelsio/chcr_algo.c | 41 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 drivers/gpu/drm/drm_syncobj.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-metadata.c | 4 drivers/md/dm-cache-target.c | 9 - drivers/net/wireless/ath/ath10k/debug.c | 12 + drivers/net/wireless/ath/ath10k/trace.h | 12 - drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 - drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/xen-netback/hash.c | 12 - drivers/nvme/host/fc.c | 4 drivers/of/unittest.c | 26 ++- drivers/pci/pci.c | 27 ++- drivers/tty/tty_io.c | 11 + drivers/usb/class/cdc-acm.c | 6 drivers/usb/host/xhci-mtk.c | 4 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 drivers/virtio/virtio_balloon.c | 23 ++- fs/f2fs/checkpoint.c | 9 - fs/ubifs/super.c | 3 include/linux/balloon_compaction.h | 35 ++++ include/linux/hugetlb.h | 14 + include/linux/mm.h | 6 kernel/events/core.c | 6 mm/balloon_compaction.c | 28 ++- mm/huge_memory.c | 2 mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 mm/rmap.c | 42 +++++ mm/vmstat.c | 3 net/mac80211/cfg.c | 2 net/rds/ib.h | 2 net/rds/ib_cm.c | 2 net/rds/ib_recv.c | 10 - tools/perf/builtin-script.c | 14 - tools/perf/util/annotate.c | 17 +- tools/perf/util/path.c | 14 + tools/perf/util/path.h | 3 tools/perf/util/setup.py | 2 tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 56 files changed, 660 insertions(+), 158 deletions(-) Alexandre Belloni (1): clocksource/drivers/timer-atmel-pit: Properly handle error cases Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Only enable vDSO retpolines when enabled and supported x86/vdso: Fix vDSO syscall fallback asm constraint regression Arnaldo Carvalho de Melo (1): perf annotate: Use asprintf when formatting objdump command line Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Chao Yu (1): f2fs: fix invalid memory access Christophe Leroy (2): powerpc/lib/code-patching: refactor patch_instruction() powerpc/lib: fix book3s/32 boot failure due to code patching Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Greg Kroah-Hartman (1): Linux 4.14.76 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Harsh Jain (1): crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Ilya Dryomov (1): blk-mq: I/O and timer unplugs are inverted in blktrace James Smart (1): nvme_fc: fix ctrl create failures racing with workq items Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jan Stancek (1): virtio_balloon: fix increment of vb->num_pfns in fill_balloon() Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Jason Ekstrand (1): drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Jiri Olsa (2): perf tools: Fix python extension build for gcc 8 perf utils: Move is_directory() to path.h Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Ka-Cheong Poon (1): rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Kirill A. Shutemov (1): mm, thp: fix mlocking THP page with migration enabled Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michael Neuling (1): powerpc: Avoid code patching freed init sections Michael S. Tsirkin (1): virtio_balloon: fix deadlock on OOM Mike Kravetz (1): mm: migration: fix migration of huge PMD shared pages Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Reinette Chatre (1): perf/core: Add sanity check to deal with pinned event failure Rex Zhu (1): drm/amdgpu: Fix vce work queue was not cancelled when suspend Richard Weinberger (1): ubifs: Check for name being NULL while mounting Romain Izard (1): usb: cdc_acm: Do not leak URB buffers Sean Christopherson (1): KVM: x86: fix L1TF's MMIO GFN calculation Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yu Wang (1): ath10k: fix kernel panic issue during pci probe Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

Linux 4.9.133

by Greg KH

I'm announcing the release of the 4.9.133 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kernel-parameters.txt | 6 --- Makefile | 2 - arch/arc/kernel/process.c | 20 ++++++++++++ arch/powerpc/kernel/fadump.c | 23 +++++++++----- arch/x86/crypto/crc32c-intel_glue.c | 17 ++-------- arch/x86/entry/vdso/vclock_gettime.c | 26 ++++++++-------- arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/fixmap.h | 10 ++++++ arch/x86/include/asm/fpu/internal.h | 37 ---------------------- arch/x86/include/asm/fpu/types.h | 34 -------------------- arch/x86/include/asm/pgtable_64.h | 3 + arch/x86/include/asm/trace/fpu.h | 5 --- arch/x86/kernel/fpu/core.c | 39 ++---------------------- arch/x86/kernel/fpu/signal.c | 8 +--- arch/x86/kernel/fpu/xstate.c | 9 ----- arch/x86/kernel/head_64.S | 16 +++++++-- arch/x86/kvm/cpuid.c | 4 -- arch/x86/kvm/x86.c | 10 ------ arch/x86/mm/pgtable.c | 9 +++++ arch/x86/mm/pkeys.c | 3 - arch/x86/xen/mmu.c | 8 +++- drivers/base/power/main.c | 5 ++- drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 ++++- drivers/net/wireless/ath/ath10k/debug.c | 12 ++++++- drivers/net/wireless/ath/ath10k/trace.h | 12 ++----- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 ++-- drivers/net/wireless/ath/ath10k/wmi.c | 2 - drivers/net/xen-netback/hash.c | 12 ++++--- drivers/of/unittest.c | 28 +++++++++++------ drivers/pci/pci.c | 27 +++++++++++----- drivers/tty/tty_io.c | 11 ++++-- drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 ++- fs/ext4/xattr.c | 28 ++++++++++------- fs/f2fs/checkpoint.c | 9 +++-- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 +++ kernel/cgroup.c | 6 +++ mm/vmstat.c | 3 + net/bridge/netfilter/ebt_arpreply.c | 3 + net/mac80211/cfg.c | 2 - tools/arch/x86/include/asm/cpufeatures.h | 1 46 files changed, 243 insertions(+), 253 deletions(-) Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression x86/fpu: Remove use_eager_fpu() x86/fpu: Finish excising 'eagerfpu' Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Chao Yu (1): f2fs: fix invalid memory access Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Feng Tang (1): x86/mm: Expand static page table for fixmap space Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Greg Kroah-Hartman (2): Revert "perf: sync up x86/.../cpufeatures.h" Linux 4.9.133 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Richard Weinberger (1): ubifs: Check for name being NULL while mounting Rik van Riel (1): x86/fpu: Remove struct fpu::counter Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yu Wang (1): ath10k: fix kernel panic issue during pci probe Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

Linux 4.4.161

by Greg KH

I'm announcing the release of the 4.4.161 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 + arch/powerpc/kernel/fadump.c | 23 - arch/x86/entry/vdso/vclock_gettime.c | 26 - drivers/base/power/main.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-target.c | 9 drivers/net/wireless/ath/ath10k/trace.h | 12 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/of/unittest.c | 28 + drivers/pci/pci.c | 27 + drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 fs/ext4/xattr.c | 6 fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 include/linux/skbuff.h | 8 include/linux/tcp.h | 7 include/net/sock.h | 7 include/net/tcp.h | 2 kernel/cgroup.c | 6 mm/vmstat.c | 3 net/bridge/netfilter/ebt_arpreply.c | 3 net/core/skbuff.c | 19 + net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 417 ++++++++++++++---------- net/ipv4/tcp_ipv4.c | 3 net/ipv4/tcp_minisocks.c | 1 net/ipv6/tcp_ipv6.c | 1 net/mac80211/cfg.c | 2 32 files changed, 438 insertions(+), 233 deletions(-) Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Greg Kroah-Hartman (1): Linux 4.4.161 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Richard Weinberger (1): ubifs: Check for name being NULL while mounting Theodore Ts'o (1): ext4: always verify the magic number in xattr blocks Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yaogong Wang (1): tcp: use an RB tree for ooo receive queue Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 11 months

1
1
0 0

[PATCH 3.18 000/120] 3.18.124-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.124 release. There are 120 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:29 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.124-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.124-rc1 Gao Feng <gfree.wind(a)vip.163.com> ebtables: arpreply: Add the standard target sanity check Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Prateek Sood <prsood(a)codeaurora.org> cgroup: Fix deadlock in cpu hotplug path Theodore Ts'o <tytso(a)mit.edu> ext4: avoid running out of journal credits when appending to an inline file Theodore Ts'o <tytso(a)mit.edu> jbd2: don't mark block as modified if the handle is out of credits Theodore Ts'o <tytso(a)mit.edu> ext4: add more inode number paranoia checks Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Theodore Ts'o <tytso(a)mit.edu> ext4: always verify the magic number in xattr blocks Theodore Ts'o <tytso(a)mit.edu> ext4: add corruption check in ext4_xattr_set_entry() Theodore Ts'o <tytso(a)mit.edu> ext4: fix false negatives *and* false positives in ext4_check_descriptors() Theodore Ts'o <tytso(a)mit.edu> ext4: always check block group bounds in ext4_init_block_bitmap() Theodore Ts'o <tytso(a)mit.edu> ext4: fix check to prevent initializing reserved inodes Theodore Ts'o <tytso(a)mit.edu> ext4: only look at the bg_flags field if it is valid Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Linus Torvalds <torvalds(a)linux-foundation.org> Make file credentials available to the seqfile interfaces Mike Snitzer <snitzer(a)redhat.com> dm thin metadata: fix __udivdi3 undefined on 32-bit Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Prevent freeing event subscriptions while accessed Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Sanitize PSTATE.M when being set from userspace Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Theodore Ts'o <tytso(a)mit.edu> ext4: verify the depth of extent tree in ext4_find_extent() Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Greg Hackmann <ghackmann(a)android.com> staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Support DS4 dongle Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Update device ids Catalin Marinas <catalin.marinas(a)arm.com> arm64: Add trace_hardirqs_off annotation in ret_to_user Li Dongyang <dongyangli(a)ddn.com> ext4: don't mark mmp buffer head dirty Theodore Ts'o <tytso(a)mit.edu> ext4: fix online resize's handling of a too-small final block group Theodore Ts'o <tytso(a)mit.edu> ext4: recalucate superblock checksum after updating free blocks/inodes Theodore Ts'o <tytso(a)mit.edu> ext4: avoid divide by zero fault when deleting corrupted inline directories Junxiao Bi <junxiao.bi(a)oracle.com> ocfs2: fix ocfs2 read block panic Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use hex2bin instead of a re-implementation Eric Dumazet <edumazet(a)google.com> ipv6: fix possible use-after-free in ip6_xmit() Vasily Khoruzhick <vasilykh(a)arista.com> neighbour: confirm neigh entries when ARP packet is received Colin Ian King <colin.king(a)canonical.com> net: hp100: fix always-true check for link up state Willy Tarreau <w(a)1wt.eu> net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Toke Høiland-Jørgensen <toke(a)toke.dk> gso_segment: Reset skb->mac_len after modifying network header Joel Fernandes (Google) <joel(a)joelfernandes.org> mm: shmem.c: Correctly annotate new inodes for lockdep Vaibhav Nagarnaik <vnagarnaik(a)google.com> ring-buffer: Allow for rescheduling when removing pages Willy Tarreau <w(a)1wt.eu> ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ASoC: cs4265: fix MMTLR Data switch control ------------- Diffstat: Makefile | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm64/include/asm/kvm_emulate.h | 5 ++ arch/arm64/kernel/entry.S | 3 + arch/arm64/kvm/guest.c | 55 +++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 7 ++- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/vdso/vclock_gettime.c | 26 ++++---- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/base/power/main.c | 5 +- drivers/block/floppy.c | 3 + drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/hid/hid-core.c | 3 + drivers/hid/hid-ids.h | 2 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/hid-sony.c | 6 ++ drivers/hwmon/adt7475.c | 14 +++-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 34 +++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +++- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 +++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++------ drivers/media/v4l2-core/v4l2-fh.c | 2 + drivers/misc/tsl2550.c | 2 +- drivers/net/appletalk/ipddp.c | 8 ++- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/pci/pci.c | 27 +++++--- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/spi/spi-rspi.c | 10 +-- drivers/spi/spi-sh-msiof.c | 3 +- drivers/spi/spi-tegra20-slink.c | 31 ++++++--- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/android/ion/ion.c | 60 +++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 +++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 ++- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++++++- drivers/usb/core/driver.c | 28 ++++----- drivers/usb/core/usb.c | 2 + drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/kobil_sct.c | 12 +++- drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ext4/balloc.c | 21 ++++--- fs/ext4/dir.c | 20 +++--- fs/ext4/ext4.h | 8 --- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 19 +++++- fs/ext4/inline.c | 42 ++----------- fs/ext4/inode.c | 3 +- fs/ext4/mballoc.c | 6 +- fs/ext4/mmp.c | 1 - fs/ext4/resize.c | 20 ++++++ fs/ext4/super.c | 14 ++++- fs/ext4/xattr.c | 49 +++++++-------- fs/jbd2/transaction.c | 2 +- fs/nfsd/nfs4proc.c | 1 + fs/ocfs2/buffer_head_io.c | 1 + fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/seq_file.c | 7 ++- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 ++ include/linux/seq_file.h | 13 ++-- include/linux/slub_def.h | 3 +- include/media/v4l2-fh.h | 1 + kernel/cgroup.c | 6 +- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- kernel/trace/ring_buffer.c | 2 + mm/madvise.c | 2 +- mm/shmem.c | 2 + mm/slub.c | 6 +- net/bridge/netfilter/ebt_arpreply.c | 3 + net/core/neighbour.c | 13 ++-- net/ipv4/af_inet.c | 1 + net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 26 ++++++-- net/mac80211/mlme.c | 53 ++++++++++++++++ net/wireless/nl80211.c | 1 + sound/aoa/core/gpio-feature.c | 4 +- sound/firewire/bebob/bebob_maudio.c | 24 ++++--- sound/pci/emu10k1/emufx.c | 2 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/cs4265.c | 4 +- sound/soc/soc-dapm.c | 7 +++ tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 123 files changed, 882 insertions(+), 395 deletions(-)

6 years, 11 months

4
133
0 0

[patch 3/4] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2

by akpm＠linux-foundation.org

From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/huge_memory.c~mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2 +++ a/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) _

6 years, 11 months

1
0
0 0

[patch 2/4] mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include <sys/mman.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn <jannh(a)google.com> Reported-by: Daniel Micay <danielmicay(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: Kees Cook <keescook(a)chromium.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace +++ a/mm/mmap.c @@ -1410,7 +1410,7 @@ unsigned long do_mmap(struct file *file, if (flags & MAP_FIXED_NOREPLACE) { struct vm_area_struct *vma = find_vma(mm, addr); - if (vma && vma->vm_start <= addr) + if (vma && vma->vm_start < addr + len) return -EEXIST; } _

6 years, 11 months

1
0
0 0

+ mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 has been added to the -mm tree. Its filename is mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-call-to-mmu_notifier-in… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-call-to-mmu_notifier-in… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/huge_memory.c~mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2 +++ a/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) _ Patches currently in -mm which might be from jglisse(a)redhat.com are mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch

6 years, 11 months

1
0
0 0

[PATCH v7 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

[ apologies for the resend, script error ] Changes since v6 [1]: * Rebase on next-20181008 and fixup conflicts with the xarray conversion and hotplug optimizations * It has soaked on a 0day visible branch for a few days without any reports. [1]: https://lkml.org/lkml/2018/9/13/104 --- Hi Andrew, Jérôme has reviewed the cleanups, thanks Jérôme. We still disagree on the EXPORT_SYMBOL_GPL status of the core HMM implementation, but Logan, Christoph and I continue to support marking all devm_memremap_pages() derivatives EXPORT_SYMBOL_GPL. HMM has been upstream for over a year, with no in-tree users it is clear it was designed first and foremost for out of tree drivers. It takes advantage of a facility Christoph and I spearheaded to support persistent memory. It continues to see expanding use cases with no clear end date when it will stop attracting features / revisions. It is not suitable to export devm_memremap_pages() as a stable 3rd party driver api. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give out-of-tree drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is a deep integration point into the core kernel, and an EXPORT_SYMBOL_GPL() interface. Commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 152 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 126 insertions(+), 323 deletions(-) Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 14 -- drivers/nvdimm/pmem.c | 13 +- include/linux/hmm.h | 4 include/linux/memremap.h | 2 kernel/memremap.c | 94 +++++++---- mm/hmm.c | 305 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 17 ++ 7 files changed, 126 insertions(+), 323 deletions(-)

6 years, 11 months

2
2
0 0

[PATCH] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2

by jglisse＠redhat.com

From: Jérôme Glisse <jglisse(a)redhat.com> Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Changed since v1: - removed call to invalidate_range() and updated commit message Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: stable(a)vger.kernel.org --- mm/huge_memory.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 533f9b00147d..a5b28547e321 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) -- 2.17.2

6 years, 11 months

1
0
0 0

[PATCH v7 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

Changes since v6 [1]: * Rebase on next-20181008 and fixup conflicts with the xarray conversion and hotplug optimizations * It has soaked on a 0day visible branch for a few days without any reports. [1]: https://lkml.org/lkml/2018/9/13/104 --- Hi Andrew, Jérôme has reviewed the cleanups, thanks Jérôme. We still disagree on the EXPORT_SYMBOL_GPL status of the core HMM implementation, but Logan, Christoph and I continue to support marking all devm_memremap_pages() derivatives EXPORT_SYMBOL_GPL. HMM has been upstream for over a year, with no in-tree users it is clear it was designed first and foremost for out of tree drivers. It takes advantage of a facility Christoph and I spearheaded to support persistent memory. It continues to see expanding use cases with no clear end date when it will stop attracting features / revisions. It is not suitable to export devm_memremap_pages() as a stable 3rd party driver api. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give out-of-tree drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is a deep integration point into the core kernel, and an EXPORT_SYMBOL_GPL() interface. Commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 152 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 126 insertions(+), 323 deletions(-) Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 14 -- drivers/nvdimm/pmem.c | 13 +- include/linux/hmm.h | 4 include/linux/memremap.h | 2 kernel/memremap.c | 94 +++++++---- mm/hmm.c | 305 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 17 ++ 7 files changed, 126 insertions(+), 323 deletions(-)

6 years, 11 months

1
0
0 0

[PATCH 4.4 00/27] 4.4.161-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.161 release. There are 27 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:23 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.161-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.161-rc1 Gao Feng <gfree.wind(a)vip.163.com> ebtables: arpreply: Add the standard target sanity check Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Eric Dumazet <edumazet(a)google.com> tcp: add tcp_ooo_try_coalesce() helper Eric Dumazet <edumazet(a)google.com> tcp: call tcp_drop() from tcp_data_queue_ofo() Eric Dumazet <edumazet(a)google.com> tcp: free batches of packets in tcp_prune_ofo_queue() Eric Dumazet <edumazet(a)google.com> tcp: fix a stale ooo_last_skb after a replace Yaogong Wang <wygivan(a)google.com> tcp: use an RB tree for ooo receive queue Eric Dumazet <edumazet(a)google.com> tcp: increment sk_drops for dropped rx packets Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Michal Suchanek <msuchanek(a)suse.de> powerpc/fadump: Return error when fadump registration fails Carl Huang <cjhuang(a)codeaurora.org> ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Prateek Sood <prsood(a)codeaurora.org> cgroup: Fix deadlock in cpu hotplug path Theodore Ts'o <tytso(a)mit.edu> ext4: always verify the magic number in xattr blocks Theodore Ts'o <tytso(a)mit.edu> ext4: add corruption check in ext4_xattr_set_entry() Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 ++ arch/powerpc/kernel/fadump.c | 23 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +- drivers/base/power/main.c | 5 +- drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-target.c | 9 +- drivers/net/wireless/ath/ath10k/trace.h | 12 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- drivers/of/unittest.c | 28 +- drivers/pci/pci.c | 27 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- fs/ext4/xattr.c | 28 +- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- kernel/cgroup.c | 6 +- mm/vmstat.c | 3 + net/bridge/netfilter/ebt_arpreply.c | 3 + net/core/skbuff.c | 19 ++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++--------- net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + net/mac80211/cfg.c | 2 +- 32 files changed, 453 insertions(+), 242 deletions(-)

6 years, 11 months

6
32
0 0

Re: [PATCH] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry()

by Jerome Glisse

On Fri, Oct 12, 2018 at 06:55:48PM +0200, Michal Hocko wrote: > On Fri 12-10-18 12:09:53, jglisse(a)redhat.com wrote: > > From: Jérôme Glisse <jglisse(a)redhat.com> > > > > Inside set_pmd_migration_entry() we are holding page table locks and > > thus we can not sleep so we can not call invalidate_range_start/end() > > > > So remove call to mmu_notifier_invalidate_range_start/end() and add > > call to mmu_notifier_invalidate_range(). Note that we are already > > calling mmu_notifier_invalidate_range_start/end() inside the function > > calling set_pmd_migration_entry() (see try_to_unmap_one()). > > > > Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> > > Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> > > Cc: Andrew Morton <akpm(a)linux-foundation.org> > > Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> > > Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> > > Cc: "H. Peter Anvin" <hpa(a)zytor.com> > > Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> > > Cc: Dave Hansen <dave.hansen(a)intel.com> > > Cc: David Nellans <dnellans(a)nvidia.com> > > Cc: Ingo Molnar <mingo(a)elte.hu> > > Cc: Mel Gorman <mgorman(a)techsingularity.net> > > Cc: Minchan Kim <minchan(a)kernel.org> > > Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> > > Cc: Thomas Gleixner <tglx(a)linutronix.de> > > Cc: Vlastimil Babka <vbabka(a)suse.cz> > > Cc: Michal Hocko <mhocko(a)kernel.org> > > Cc: Andrea Arcangeli <aarcange(a)redhat.com> > > Is this worth backporting to stable trees? Yes it is i forgot to cc stable :( > > The patch looks good to me > Acked-by: Michal Hocko <mhocko(a)suse.com> > > > --- > > mm/huge_memory.c | 7 +------ > > 1 file changed, 1 insertion(+), 6 deletions(-) > > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > > index 533f9b00147d..93cb80fe12cb 100644 > > --- a/mm/huge_memory.c > > +++ b/mm/huge_memory.c > > @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, > > if (!(pvmw->pmd && !pvmw->pte)) > > return; > > > > - mmu_notifier_invalidate_range_start(mm, address, > > - address + HPAGE_PMD_SIZE); > > - > > flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); > > pmdval = *pvmw->pmd; > > pmdp_invalidate(vma, address, pvmw->pmd); > > @@ -2898,11 +2895,9 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, > > if (pmd_soft_dirty(pmdval)) > > pmdswp = pmd_swp_mksoft_dirty(pmdswp); > > set_pmd_at(mm, address, pvmw->pmd, pmdswp); > > + mmu_notifier_invalidate_range(mm, address, address + HPAGE_PMD_SIZE); > > page_remove_rmap(page, true); > > put_page(page); > > - > > - mmu_notifier_invalidate_range_end(mm, address, > > - address + HPAGE_PMD_SIZE); > > } > > > > void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) > > -- > > 2.17.2 > > -- > Michal Hocko > SUSE Labs

6 years, 11 months

1
0
0 0

Applied "ASoC: sta32x: set ->component pointer in private struct" to the asoc tree

by Mark Brown

The patch ASoC: sta32x: set ->component pointer in private struct has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 747df19747bc9752cd40b9cce761e17a033aa5c2 Mon Sep 17 00:00:00 2001 From: Daniel Mack <daniel(a)zonque.org> Date: Thu, 11 Oct 2018 20:32:05 +0200 Subject: [PATCH] ASoC: sta32x: set ->component pointer in private struct The ESD watchdog code in sta32x_watchdog() dereferences the pointer which is never assigned. This is a regression from a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.") which went unnoticed since nobody seems to use that ESD workaround. Fixes: a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.") Signed-off-by: Daniel Mack <daniel(a)zonque.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/sta32x.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/codecs/sta32x.c b/sound/soc/codecs/sta32x.c index d5035f2f2b2b..ce508b4cc85c 100644 --- a/sound/soc/codecs/sta32x.c +++ b/sound/soc/codecs/sta32x.c @@ -879,6 +879,9 @@ static int sta32x_probe(struct snd_soc_component *component) struct sta32x_priv *sta32x = snd_soc_component_get_drvdata(component); struct sta32x_platform_data *pdata = sta32x->pdata; int i, ret = 0, thermal = 0; + + sta32x->component = component; + ret = regulator_bulk_enable(ARRAY_SIZE(sta32x->supplies), sta32x->supplies); if (ret != 0) { -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH 4.18 00/44] 4.18.14-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.14 release. There are 44 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:24:36 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.14-rc1 Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Cong Wang <xiyou.wangcong(a)gmail.com> tipc: call start and done ops directly in __tipc_nl_compat_dumpit() Chao Yu <yuchao0(a)huawei.com> f2fs: fix invalid memory access Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib: fix book3s/32 boot failure due to code patching Michael Neuling <mikey(a)neuling.org> powerpc: Avoid code patching freed init sections Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Dmitry Safonov <dima(a)arista.com> tty: Drop tty->count on tty_reopen() failure Romain Izard <romain.izard.pro(a)gmail.com> usb: cdc_acm: Do not leak URB buffers Johan Hovold <johan(a)kernel.org> USB: serial: option: add two-endpoints device-id flag Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: improve Quectel EP06 detection Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: resume USB3 roothub first Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Joe Thornber <ejt(a)redhat.com> dm cache metadata: ignore hints array being too small during resize Mike Snitzer <snitzer(a)redhat.com> dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Only enable vDSO retpolines when enabled and supported Andy Lutomirski <luto(a)kernel.org> selftests/x86: Add clock_gettime() tests to test_vdso Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Jann Horn <jannh(a)google.com> drm: fix use-after-free read in drm_mode_create_lease_ioctl() Jason Ekstrand <jason(a)jlekstrand.net> drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Fix vce work queue was not cancelled when suspend Felix Fietkau <nbd(a)nbd.name> mac80211: allocate TXQs for active monitor interfaces Marek Szyprowski <m.szyprowski(a)samsung.com> mmc: slot-gpio: Fix debounce time to use miliseconds again Tony Lindgren <tony(a)atomide.com> mmc: core: Fix debounce time to use microseconds Jan Beulich <JBeulich(a)suse.com> xen-netback: fix input validation in xenvif_set_hash_mapping() Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Alexandre Belloni <alexandre.belloni(a)bootlin.com> clocksource/drivers/timer-atmel-pit: Properly handle error cases Kees Cook <keescook(a)chromium.org> pstore/ram: Fix failure-path memory leak in ramoops_init Ilya Dryomov <idryomov(a)gmail.com> blk-mq: I/O and timer unplugs are inverted in blktrace Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: VMX: check for existence of secondary exec controls before accessing Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: fix L1TF's MMIO GFN calculation Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, thp: fix mlocking THP page with migration enabled Mike Kravetz <mike.kravetz(a)oracle.com> mm: migration: fix migration of huge PMD shared pages Reinette Chatre <reinette.chatre(a)intel.com> perf/core: Add sanity check to deal with pinned event failure ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 +++ arch/powerpc/include/asm/setup.h | 1 + arch/powerpc/lib/code-patching.c | 14 +- arch/powerpc/mm/mem.c | 2 + arch/x86/entry/vdso/Makefile | 16 ++- arch/x86/entry/vdso/vclock_gettime.c | 26 ++-- arch/x86/kvm/mmu.c | 24 +++- arch/x86/kvm/vmx.c | 7 +- block/blk-mq.c | 4 +- drivers/base/power/main.c | 5 +- drivers/clocksource/timer-atmel-pit.c | 20 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 +- drivers/gpu/drm/drm_lease.c | 6 +- drivers/gpu/drm/drm_syncobj.c | 5 + drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 +- drivers/md/dm-mpath.c | 14 +- drivers/mmc/core/host.c | 2 +- drivers/mmc/core/slot-gpio.c | 2 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/xen-netback/hash.c | 12 +- drivers/of/unittest.c | 26 ++-- drivers/pci/pci.c | 27 ++-- drivers/tty/tty_io.c | 11 +- drivers/usb/class/cdc-acm.c | 6 + drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/option.c | 15 ++- drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- fs/f2fs/checkpoint.c | 9 +- fs/pstore/ram.c | 29 +++- fs/ubifs/super.c | 3 + include/linux/hugetlb.h | 14 ++ include/linux/mm.h | 6 + kernel/events/core.c | 6 + mm/huge_memory.c | 2 +- mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 + mm/rmap.c | 42 +++++- mm/vmstat.c | 3 + net/mac80211/cfg.c | 2 +- net/mac80211/iface.c | 3 +- net/rds/ib.h | 2 +- net/rds/ib_cm.c | 2 +- net/rds/ib_recv.c | 10 +- net/tipc/netlink_compat.c | 2 + net/tipc/socket.c | 17 ++- net/tipc/socket.h | 1 + tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 53 files changed, 563 insertions(+), 115 deletions(-)

6 years, 11 months

4
48
0 0

[PATCH] afs: Fix afs_server struct leak

by David Howells

Fix a leak of afs_server structs. The routine that installs them in the various lookup lists and trees gets a ref on leaving the function, whether it added the server or a server already exists. It shouldn't increment the refcount if it added the server. The effect of this that "rmmod kafs" will hang waiting for the leaked server to become unused. Fixes: d2ddc776a458 ("afs: Overhaul volume and server record caching and fileserver rotation") Signed-off-by: David Howells <dhowells(a)redhat.com> --- fs/afs/server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/afs/server.c b/fs/afs/server.c index 1d329e6981d5..2f306c0cc4ee 100644 --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -199,9 +199,11 @@ static struct afs_server *afs_install_server(struct afs_net *net, write_sequnlock(&net->fs_addr_lock); ret = 0; + goto out; exists: afs_get_server(server); +out: write_sequnlock(&net->fs_lock); return server; }

6 years, 11 months

2
1
0 0

[PATCH 4.9 0/4] Fix softirq time accounting issues on 4.9

by Ivan Delalande

Hi Greg, This series fixes issues we've seen with softirq time accounting in 4.9: - when ksoftirqd is running at 100% on a CPU, none of the values reported by /proc/stat for that CPU will change, sometimes for dozens of seconds, - large deviations in the total number of ticks accumulated over a fixed time for a CPU, probably because of the first issue hitting for shorter periods. We found out that something pretty similar had been reported 9 months ago, see the reference link below. In that discussion, Rabin Vincent had made a 4.9 specific patch which fixes our first issue, but we were still seeing some deviation from the total number of ticks (up to 1.7% from expected, where we had only 0.2% on older kernels), and you had also asked for a direct backport from the mainline series, if possible. As mentioned in that thread, a lot of changes (probably 50+) went into 4.11 to remove cputime, but we could get something working with only the 4 attached patches to fix these two issues. Three of these patches apply without change, and the second one in the series ("sched/cputime: Convert kcpustat to nsecs") needed a minor change as a cast had been added in 527b0a76f41d ("sched/cpuacct: Avoid %lld seq_printf warning") to fix a build warning on s390. I guess we could also include that patch in this series, let me know if this is the preferred way to handle this. We ran our tests on 3.18, 4.4 and 4.9 and confirmed that only 4.9 would need this series, and that this series indeed restores the behavior we were seeing on those older kernels. Thanks! Reference: http://lkml.kernel.org/r/%3C1513159876-5125-1-git-send-email-rabin.vincent@… Frederic Weisbecker (4): time: Introduce jiffies64_to_nsecs() sched/cputime: Convert kcpustat to nsecs sched/cputime: Increment kcpustat directly on irqtime account sched/cputime: Fix ksoftirqd cputime accounting regression arch/s390/appldata/appldata_os.c | 16 +++---- drivers/cpufreq/cpufreq.c | 6 +-- drivers/cpufreq/cpufreq_governor.c | 2 +- drivers/cpufreq/cpufreq_stats.c | 1 - drivers/macintosh/rack-meter.c | 2 +- fs/proc/stat.c | 68 +++++++++++++-------------- fs/proc/uptime.c | 7 +-- include/linux/jiffies.h | 2 + kernel/sched/cpuacct.c | 2 +- kernel/sched/cputime.c | 75 +++++++++++++----------------- kernel/sched/sched.h | 12 +++-- kernel/time/time.c | 10 ++++ kernel/time/timeconst.bc | 6 +++ 13 files changed, 109 insertions(+), 100 deletions(-) -- 2.18.0

6 years, 11 months

2
8
0 0

[PATCH] drm/i915: Large page offsets for pread/pwrite

by Chris Wilson

Handle integer overflow when computing the sub-page length for shmem backed pread/pwrite. Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/i915_gem.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index 7d45e71100bc..93d09282710d 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -1127,11 +1127,7 @@ i915_gem_shmem_pread(struct drm_i915_gem_object *obj, offset = offset_in_page(args->offset); for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { struct page *page = i915_gem_object_get_page(obj, idx); - int length; - - length = remain; - if (offset + length > PAGE_SIZE) - length = PAGE_SIZE - offset; + unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); ret = shmem_pread(page, offset, length, user_data, page_to_phys(page) & obj_do_bit17_swizzling, @@ -1575,11 +1571,7 @@ i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj, offset = offset_in_page(args->offset); for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { struct page *page = i915_gem_object_get_page(obj, idx); - int length; - - length = remain; - if (offset + length > PAGE_SIZE) - length = PAGE_SIZE - offset; + unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); ret = shmem_pwrite(page, offset, length, user_data, page_to_phys(page) & obj_do_bit17_swizzling, -- 2.19.1

6 years, 11 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-12102018 for you to fetch changes up to a2d2ae775f75f02d321a460304a08bd54ba5035c: ubifs: Check for name being NULL while mounting (2018-09-30 09:20:38 -0400) - ---------------------------------------------------------------- for-greg-3.18-12102018 - ---------------------------------------------------------------- Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Colin Ian King (1): net: hp100: fix always-true check for link up state Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Lei Yang (1): selftests/efivarfs: add required kernel configs Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children drivers/block/floppy.c | 3 +++ drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- fs/ubifs/super.c | 3 +++ tools/testing/selftests/efivarfs/config | 1 + 6 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsXMACgkQ3qZv95d3 LNxOlQ//ZAaryjy7Ag365v91Oil+S+khKLagLFG76rWWsI5i2ANRM9ZJa4acr56u T4sbqPEZMsIVY5c6xhq6ZwvHVk1nxesihbfGh30KNvsRh+WtIvhmozYPXX7F3X9K PpUBFVomZHl5b3K58R1cF/NFOJwcMo7Mj1oDf0ojYXhtNmwhPaosqnfjOpzBZ3By 3Zqf41srQfbVMuHe5G58gVh3hsKqqrTzvCZRjPk1OyuFeLv0t5dCtXkIjDbskeii sQEyqcykplD05g1sZjkt9YaSvVH9Pn7B9oTIML1Bbyl/gbCitRMAPeoX3sJUUCWA 3nbzNSOCyFHPjmoGIrBth8gFeo68lsbHPRgh2KeWMLBYoQDuPADnCnioFuvEEdg0 m0sr0V3X+RAf2dq5fmLwG24FbTqb227tU73R8uf/bmtD9QbgEdJwZ5pxFAWOqKvX unaQAwIUiACMoajzK/46sfdTMZUeZy8aHxgwPuhoIL7JGxhdAJ4/qjEysykxrVr0 vw/IPvFAklDCMnSQfBuLvbzPwE5uXpBetc3A1rUE4OLAWGxa5ofYBEYSkWcZIp6S vloi8jWVkb7oqTLcM8YoUN3WlMJxSOVKJbcr53H4E/3nF77a6X+7igxf99ah35II NtkqIxrE4PPbj2616Azb6manOJHyTLzRt7bRh/mod7+6U9URNAM= =hSsg -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-12102018 for you to fetch changes up to b31f37e2464344b280d92298f7330803c887376b: ubifs: Check for name being NULL while mounting (2018-09-30 09:20:30 -0400) - ---------------------------------------------------------------- for-greg-4.4-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Lei Yang (1): selftests/efivarfs: add required kernel configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Yu Zhao (1): sound: enable interrupt after dma buffer initialization Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- drivers/block/floppy.c | 3 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/cadence/macb.c | 8 ++++++++ drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- fs/ubifs/super.c | 3 +++ sound/hda/hdac_controller.c | 8 ++++++-- sound/soc/codecs/sigmadsp.c | 3 +-- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- tools/testing/selftests/efivarfs/config | 1 + 12 files changed, 47 insertions(+), 15 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsWsACgkQ3qZv95d3 LNxOsg//UcgqG5gMEQkgrEhj5E8zjY4gJLptiwXywYcHSjE22lost/kRMEoZltcq eqew1h9IIpn/MWuuxaz0Yt/bDhtlU1hxSbsW03J/j6MAbdae0SP9Gy7U3bVUQwOS 3JtozDcGc6KzSVqZzzlZXupo+2gpU60MkGUF0NT2p3lInO9MLxeH05bUd3FXo+2p t0RLnSNBgutyb9kMIPu1ZTRMADBIldwlGWYZHkKdUNxycUj7a1A2pCwaVdxUHsp9 zNnyHRBjRQhOe9VQDYra9lMkqDGnt6BNK0UyfugYfeBOCZE11OWNU0WGACX9vMpP +CMvZUO5vglHJOrk1hYhwEaIffODbY4LGSKdTofx57eBzIF62BP2Ia2X5oHUkkjA K7jJZiMWa5T+qDqhrvGXYZNx2CKfwI534pU+M45Jl5oF1oSgYAjFugpAHPX37PQK /BFQN8ckkJ4UlQLqaEUsJLxlKZj0ZSe0HQOaf4cJz/I2konvP6rajD6DBOaoZvxW FPkzAH7iEY6EaMksnoRZOmmI+nRXwaAmTO+J4yOfvICDm84080PXwUhVWCyB4gbn TSiV51Zn2cdvWofi0o7TOSRiNixlZrXJQJdW1CExM1RhHa66Z6kGefjhNYn+hjQg 5yqU0srpClNd6HR4wz+j52VkbZBe11bL0GVA6hcFZN7QVdf/saU= =Oywh -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-12102018 for you to fetch changes up to d514c460687636708db3def7a68150092dc785c0: ubifs: Check for name being NULL while mounting (2018-10-03 22:24:27 -0400) - ---------------------------------------------------------------- for-greg-4.9-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yu Zhao (1): sound: enable interrupt after dma buffer initialization Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++++++++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/cadence/macb.c | 8 ++++++++ .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- drivers/scsi/qla2xxx/qla_target.h | 4 ++-- drivers/target/iscsi/iscsi_target.c | 22 ++++++++++++++-------- fs/ubifs/super.c | 3 +++ sound/hda/hdac_controller.c | 8 ++++++-- sound/soc/codecs/sigmadsp.c | 3 +-- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 16 files changed, 81 insertions(+), 28 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsWUACgkQ3qZv95d3 LNw2dxAAknTmD/Y3wcfhcAEK3xci39b3ouXaCUABLe8zL/jwOiJzgZrq4JQbqCNL Kd0p5JK4gGSaokfU65aYeTFAAKOPyoaK0fzP1avfFI5FuaKqrMoZtcZCGerfL6dX HolN96N2qEDMCpgl+Uzb2+OtJi+ZBcWqZgnaYuLQVgfS/4S7+Rqh2NptdPXJNU3h ZVsJ3oZ9y3clOpSF3om5UWsicXC+4MRRor+Bi32K0aEI+XvDxgqIUNxA9wd43jHf UDxsRTG4R8om66aWB87lTUJONTquRCIw/bJIj9mDnpa6tOZ3AIwjcj42QlObuJEw PSuLA7Yuup8QaySaulyGazDs9Z/ARhJw8SKlBQjdIrg07Ld6NZMOl7iOQVdM9HWG Rl3pynuPjBOLmIC3FH6qKr4qabEoKHo7BoIA728FQ7hh5UoyKkSWDfDTmjOF+jAd RyojoRqC4V5MSrPpaTvyjya68Wn2RMDAWH2SpUUTUkkRo+tNG95+N/xIR1Pe0bLv 9cUycnMNIJKXVvp2h3AgaisFz7Kx1PaN88fxWNPKVsjqziZKND9S/PrGKuTmZIF2 gml7Nb5zgUrWaFZm8xKiVOFWu5BCbHTZvasAhcCU8qO8Llm7C9GoVkGo6bqrRdYW 7JUgFFilululaoGch/824F/MGchxTtbymnlrj97FxZeKK/Bpw84= =JL5/ -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-12102018 for you to fetch changes up to cb9c65e3917e1f240e8a30729afeffe1b1f1338f: ubifs: Check for name being NULL while mounting (2018-10-03 22:24:19 -0400) - ---------------------------------------------------------------- for-greg-4.14-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Stephen Hemminger (2): hv_netvsc: fix schedule in RCU context PCI: hv: support reporting serial number as slot information Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++-- drivers/bluetooth/hci_ldisc.c | 2 ++ drivers/clk/x86/clk-pmc-atom.c | 18 +++++++---- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++--- drivers/net/ethernet/cadence/macb_main.c | 8 +++++ .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++- drivers/net/hyperv/netvsc_drv.c | 9 ++---- drivers/pci/host/pci-hyperv.c | 37 ++++++++++++++++++++++ drivers/scsi/qla2xxx/qla_target.h | 4 +-- drivers/target/iscsi/iscsi_target.c | 22 ++++++++----- fs/ubifs/super.c | 3 ++ include/sound/hdaudio.h | 1 + sound/hda/hdac_controller.c | 15 ++++++--- sound/soc/codecs/rt5514.c | 8 ++--- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/sh/rcar/adg.c | 5 +++ sound/soc/sh/rcar/core.c | 10 +++++- sound/soc/sh/rcar/dma.c | 4 +++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 26 files changed, 162 insertions(+), 50 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsV4ACgkQ3qZv95d3 LNyWgQ//XANh5mQDMTeunoBjoec8HKAhmEnQgvldgovAeQ0xZobjzliIj4N8vWQ0 XGsCc/LD1Vhe1LhTwoY2GHzS2NayHOMq5X4/+kgUakBJaBFS5i76J24mFcJK7rZq Qmgl51xfiIk9Y/tdk3vjAUfp4bv+hZnOv+WvRSTA22l07wTh0yh7btODNmYtNoRl +Xgwi73O1tmUyBY3fAiu1Gyo4nTrJlOHtXBUyvoJKlGoZuL2C5A4uU/r5sOf1ROt ng+2dTU9KaGsI5z8MyjTS9ZyI+3mUyXtWhsBlnzTHgMRw/AnbJIWTn6Sq9Ij8yYO 4BRIJfmz4mn2EC5m2T/u/RbDdmArwjaygwZwP/20rr8ChqAiqwvOMjAjmzV3pToT AqEnlwZZSMd+sdP/HnAC1qQJCgt1Kk6G+98klZlSTYXx2iGekkshL+jAX1WPOSwS mu4HUKjsKdusQTuikFhKOdvLULcizQ3isMVmIGKKBQVeg/zr4tPopNGrW/kpyr9L eEed6B/g5ioi3Oel1nLHNalu2sjuFuScbxuyXDEVYvA8Yhb07lbNpAMEfH9xF0wn OCv8l48+Gp25c7rtVZ0+erkmAmfWKXS0Kv9mVrNHSREzbGVmwLsBh5jX72jwLRiT P7JOMZvSI9BYhYI8sieJWJI8K8J9z69KgCmTe/oeqFD75St3ggg= =+Ugj -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[PATCH v3] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB

by Liu Xiang

If the size of spi-nor flash is larger than 16MB, the read_opcode is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can cause read operation fail. Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liu Xiang <liu.xiang6(a)zte.com.cn> --- Changes in v3: move changelog position. drivers/mtd/spi-nor/fsl-quadspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c..64304a3 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd) { switch (cmd) { case SPINOR_OP_READ_1_1_4: + case SPINOR_OP_READ_1_1_4_4B: return SEQID_READ; case SPINOR_OP_WREN: return SEQID_WREN; -- 1.9.1

6 years, 11 months

2
2
0 0

Re: PROBLEM: brcmfmac driver crashes on resuming if no firmware is loaded

by Jon Hunter

Correcting stable address ... On 12/10/18 13:37, Jon Hunter wrote: > [1.] One line summary of the problem: > brcmfmac driver crashes on resuming if no firmware is loaded > > [2.] Full description of the problem/report: > In stable-v4.4, if the brcmfmac driver fails to load the required > firmware on boot for an SDIO based device, then the driver fails > to remove one of the two devices it registered during probe with > the kernel. If the kernel then enters suspend, on resume the > kernel tries to resume the device registered by brcmfmac driver > and crashes due to a NULL pointer deference (see 6 below). > > This issue is seen in stable-v4.4 but not in stable-v4.9 and I > believe is fixed by commit 7a51461fc2da ("brcmfmac: unbind all > devices upon failure in firmware callback"). Unfortunately, this > fix is dependent on other changes and so is not easily > back-ported AFAICT. > > This issue is seen on Tegra20 Ventana and Tegra30 Cardhu. > > [3.] Keywords (i.e., modules, networking, kernel): > BROADCOM BRCM80211 > > [4.] Kernel information > [4.1.] Kernel version (from /proc/version): > Linux version 4.4.160-rc1-00116-g5826f1d1ce56 > [4.2.] Kernel .config file: > Generated using tegra_defconfig > > [5.] Most recent kernel version which did not have the bug: > Not seen in current mainline or -next. > > [6.] Output of Oops.. message (if applicable) with symbolic information > > [ 51.941094] Unable to handle kernel NULL pointer dereference at virtual address 00000000 > > [ 51.949836] pgd = eee54000 > > [ 51.952771] [00000000] *pgd=2db16831, *pte=00000000, *ppte=00000000 > > [ 51.959722] Internal error: Oops: 17 [#1] SMP ARM > > [ 51.964774] Modules linked in: snd_soc_tegra_wm8903 snd_soc_wm8903 snd_soc_tegra_utils snd_soc_core snd_pcm_dmaengine snd_pcm brcmfmac brcmutil cfg80211 snd_timer snd soundcore ac97_bus snd_soc_tegra20_das > > [ 51.984922] CPU: 1 PID: 512 Comm: rtcwake Not tainted 4.4.160-rc1-00116-g5826f1d1ce56 #1 > > [ 51.993577] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree) > > [ 52.000303] task: eefa3900 ti: ed93c000 task.ti: ed93c000 > > [ 52.006294] PC is at brcmf_ops_sdio_resume+0x10/0x5c [brcmfmac] > > [ 52.012672] LR is at pm_generic_resume+0x2c/0x38 > > [ 52.017641] pc : [<bf12bbb8>] lr : [<c06502d4>] psr: 60000113 > > [ 52.017641] sp : ed93ddb8 ip : eed72e74 fp : c0f4a2d8 > > [ 52.029914] r10: c0fa7580 r9 : 00000010 r8 : 00000000 > > [ 52.035522] r7 : 00000010 r6 : eed7303c r5 : 00000001 r4 : c06502a8 > > [ 52.042514] r3 : 00000000 r2 : 00000002 r1 : eed73008 r0 : eed73008 > > [ 52.049511] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > > [ 52.057156] Control: 10c5387d Table: 2ee5404a DAC: 00000051 > > [ 52.063319] Process rtcwake (pid: 512, stack limit = 0xed93c220) > > [ 52.069761] Stack: (0xed93ddb8 to 0xed93e000) > > [ 52.074450] dda0: c06502a8 c06502d4 > > [ 52.083225] ddc0: c0cae914 c0653674 17c10408 c027fc00 eed72e08 eed73008 00000001 c0653cdc > > [ 52.091993] dde0: eed73070 eed73008 c0fa7548 c0fa7578 c104ce7c c0655018 c0f4a2d8 c0654ee8 > > [ 52.100757] de00: 0ea73a40 0000000c 0ea73a40 0000000c 0e3050d8 00000010 00000003 00000000 > > [ 52.109529] de20: c0f1650c c10109f4 c0f170a4 00000000 00000000 c06552e8 c10109f4 c02870b0 > > [ 52.118399] de40: 00000000 c028a464 c0d3b71c ed93de6c c0f49314 c02cd350 00000003 c10109f4 > > [ 52.127166] de60: 00000003 00000000 00000003 edbb45c0 00000004 00000000 00000000 c0287540 > > [ 52.135933] de80: 00000003 c0c8401c c1010a04 c02862fc 00000004 ee8f86e0 edbb45c0 edbb4fcc > > [ 52.144698] dea0: 00000004 ed93df80 00028290 c048c684 00000004 c036dec8 c036de84 edbb4fc0 > > [ 52.169613] dec0: edbb45c0 c036d70c 00000000 00000000 000081a4 c0a0113c 00028290 eee13b40 > > [ 52.194484] dee0: ed93df80 00000004 00028290 00000000 00000005 c030f990 c0f1ba64 ed93dfb0 > > [ 52.219219] df00: 00002710 000001ff b6fb42e4 c020a29c 5a9fd343 0b532b80 5a9fd343 0b532b80 > > [ 52.244031] df20: 0000050e 00000000 eee13b40 becb54b8 00028128 00028128 000000c5 eee13b40 > > [ 52.268893] df40: eee13b40 00028290 ed93df80 00000004 00000004 c031018c 0000000f 000081a4 > > [ 52.293765] df60: 00000001 00000000 00000000 eee13b40 eee13b40 00000004 00028290 c0310994 > > [ 52.318818] df80: 00000000 00000000 5a9fd343 00000004 00028290 00028128 00000004 c0210c44 > > [ 52.343980] dfa0: ed93c000 c0210a80 00000004 00028290 00000004 00028290 00000004 00000000 > > [ 52.369292] dfc0: 00000004 00028290 00028128 00000004 00014f40 00026180 00014ca4 00000005 > > [ 52.394701] dfe0: 00000000 becb5a1c b6f3479b b6f700d6 000f0030 00000004 00000000 00000000 > > [ 52.420294] [<bf12bbb8>] (brcmf_ops_sdio_resume [brcmfmac]) from [<c06502d4>] (pm_generic_resume+0x2c/0x38) > > [ 52.447649] [<c06502d4>] (pm_generic_resume) from [<c0653674>] (dpm_run_callback+0x1c/0x58) > > [ 52.474009] [<c0653674>] (dpm_run_callback) from [<c0653cdc>] (device_resume+0x98/0x260) > > [ 52.500177] [<c0653cdc>] (device_resume) from [<c0655018>] (dpm_resume+0x100/0x228) > > [ 52.525931] [<c0655018>] (dpm_resume) from [<c06552e8>] (dpm_resume_end+0xc/0x18) > > [ 52.551807] [<c06552e8>] (dpm_resume_end) from [<c02870b0>] (suspend_devices_and_enter+0x124/0x420) > > [ 52.579701] [<c02870b0>] (suspend_devices_and_enter) from [<c0287540>] (pm_suspend+0x194/0x254) > > [ 52.607599] [<c0287540>] (pm_suspend) from [<c02862fc>] (state_store+0x6c/0xbc) > > [ 52.634364] [<c02862fc>] (state_store) from [<c048c684>] (kobj_attr_store+0x14/0x20) > > [ 52.661518] [<c048c684>] (kobj_attr_store) from [<c036dec8>] (sysfs_kf_write+0x44/0x48) > > [ 52.688909] [<c036dec8>] (sysfs_kf_write) from [<c036d70c>] (kernfs_fop_write+0xbc/0x1b0) > > [ 52.716566] [<c036d70c>] (kernfs_fop_write) from [<c030f990>] (__vfs_write+0x24/0xd8) > > [ 52.743917] [<c030f990>] (__vfs_write) from [<c031018c>] (vfs_write+0x94/0x154) > > [ 52.770230] [<c031018c>] (vfs_write) from [<c0310994>] (SyS_write+0x40/0x94) > > [ 52.795713] [<c0310994>] (SyS_write) from [<c0210a80>] (ret_fast_syscall+0x0/0x48) > > [ 52.821478] Code: e92d4010 e590218c e5903058 e3520002 (e5934000) > > [ 52.845762] ---[ end trace d797b5b1ce195377 ]--- > -- nvpublic

6 years, 11 months

1
0
0 0

Re: [PATCH 4.4 00/27] 4.4.161-stable review

by Greg Kroah-Hartman

On Thu, Oct 11, 2018 at 03:22:11PM -0700, kernelci.org bot wrote: > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.160-28-… > > Tree: stable-rc > Branch: linux-4.4.y > Git Describe: v4.4.160-28-gb3522afcec59 > Git Commit: b3522afcec59a6a8030ebf4397f5b285b3e804d2 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 39 unique boards, 20 SoC families, 13 builds out of 178 > > Boot Regressions Detected: > > x86: > > x86_64_defconfig: > qemu: > lab-baylibre: new failure (last pass: v4.4.160) Should I worry about this? thanks, greg k-h

6 years, 11 months

2
1
0 0

URGENT RESPONSE NEEDED

by Sean Kim.

Hello my dear. Did you receive my email message to you? Please, get back to me ASAP as the matter is becoming late. Expecting your urgent response. Sean.

6 years, 11 months

1
0
0 0

[PATCH] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)

by Jeremy Cline

The Lenovo G50-30, like other G50 models, has a Conexant codec that requires a quirk for its inverted stereo dmic. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1249364 Reported-by: Alexander Ploumistos <alex.ploumistos(a)gmail.com> Tested-by: Alexander Ploumistos <alex.ploumistos(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- sound/pci/hda/patch_conexant.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c index 5592557fe50e..950e02e71766 100644 --- a/sound/pci/hda/patch_conexant.c +++ b/sound/pci/hda/patch_conexant.c @@ -943,6 +943,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410), SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410), SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD), + SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC), -- 2.19.1

6 years, 11 months

2
1
0 0

[RESEND][PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occur due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. NB: The problem had been fixed by commit 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; -- 2.16.2.dirty

6 years, 11 months

1
0
0 0

Fwd: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by salil GK

I was looking for fix for CVE-2018-5390 and CVE-2018-5390) in 4.18.x. Will these fix be available in 4.18 train ? PS: Sorry for sending again - I got a rejection message as my previous message contains html tags ! Thanks ~S On Oct 11, 2018 7:38 PM, "Greg KH" <gregkh(a)linux-foundation.org> wrote: On Wed, Sep 26, 2018 at 10:21:21PM +0200, Greg KH wrote: > On Tue, Sep 25, 2018 at 10:10:15PM +0800, maowenan wrote: > > Hi Greg: > > > > can you review this patch set? > > It is still in the queue, don't worry. It will take some more time to > properly review and test it. > > Ideally you could get someone else to test this and provide a > "tested-by:" tag for it? All now queued up, let's see what breaks :) thanks, greg k-h

6 years, 11 months

1
0
0 0

Re: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by maowenan

On 2018/10/12 10:28, salil GK wrote: > I was looking for fix for CVE-2018-5390 and CVE-2018-5390) in 4.18.x. Will these fix be available in 4.18 train ? The fixes of CVE-2018-5390 have already existed in stable 4.18. These fixes only available with < 4.9 that don't using RB tree. 58152ec tcp: add tcp_ooo_try_coalesce() helper 8541b21 tcp: call tcp_drop() from tcp_data_queue_ofo() 3d4bf93 tcp: detect malicious patterns in tcp_collapse_ofo_queue() f4a3313 tcp: avoid collapses in tcp_prune_queue() if possible 72cd43b tcp: free batches of packets in tcp_prune_ofo_queue() > > Thanks > ~S > > On Oct 11, 2018 7:38 PM, "Greg KH" <gregkh(a)linux-foundation.org <mailto:gregkh@linux-foundation.org>> wrote: > > On Wed, Sep 26, 2018 at 10:21:21PM +0200, Greg KH wrote: > > On Tue, Sep 25, 2018 at 10:10:15PM +0800, maowenan wrote: > > > Hi Greg: > > > > > > can you review this patch set? > > > > It is still in the queue, don't worry. It will take some more time to > > properly review and test it. > > > > Ideally you could get someone else to test this and provide a > > "tested-by:" tag for it? > > All now queued up, let's see what breaks :) > > thanks, > > greg k-h > >

6 years, 11 months

1
0
0 0

[PATCH AUTOSEL 4.18 01/58] soundwire: Fix duplicate stream state assignment

by Sasha Levin

From: Shreyas NC <shreyas.nc(a)intel.com> [ Upstream commit 0aebe40bae6cf5652fdc3d05ecee15fbf5748194 ] For a SoundWire stream it is expected that a Slave is added to the stream before Master is added. So, move the stream state to CONFIGURED after the first Slave is added and remove the stream state assignment for Master add. Along with these changes, add additional comments to explain the same. Signed-off-by: Shreyas NC <shreyas.nc(a)intel.com> Acked-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/soundwire/stream.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c index 4b5e250e8615..7ba6d4d8cd03 100644 --- a/drivers/soundwire/stream.c +++ b/drivers/soundwire/stream.c @@ -1123,8 +1123,6 @@ int sdw_stream_add_master(struct sdw_bus *bus, if (ret) goto stream_error; - stream->state = SDW_STREAM_CONFIGURED; - stream_error: sdw_release_master_stream(stream); error: @@ -1141,6 +1139,10 @@ EXPORT_SYMBOL(sdw_stream_add_master); * @stream: SoundWire stream * @port_config: Port configuration for audio stream * @num_ports: Number of ports + * + * It is expected that Slave is added before adding Master + * to the Stream. + * */ int sdw_stream_add_slave(struct sdw_slave *slave, struct sdw_stream_config *stream_config, @@ -1186,6 +1188,12 @@ int sdw_stream_add_slave(struct sdw_slave *slave, if (ret) goto stream_error; + /* + * Change stream state to CONFIGURED on first Slave add. + * Bus is not aware of number of Slave(s) in a stream at this + * point so cannot depend on all Slave(s) to be added in order to + * change stream state to CONFIGURED. + */ stream->state = SDW_STREAM_CONFIGURED; goto error; -- 2.17.1

6 years, 11 months

5
75
0 0

[PATCH 4/6] ocfs2: fix locking for res->tracking and dlm->tracking_list

by Rodrigo Vivi

From: Ashish Samant <ashish.samant(a)oracle.com> In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c index aaca0949fe53..826f0567ec43 100644 --- a/fs/ocfs2/dlm/dlmmaster.c +++ b/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ctxt *dlm, res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH 2/6] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

by Rodrigo Vivi

From: Jann Horn <jannh(a)google.com> 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/vmstat.c b/mm/vmstat.c index 4cea7b8f519d..7878da76abf2 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH] blk-wbt: wake up all when we scale up, not down

by Josef Bacik

Tetsuo brought to my attention that I screwed up the scale_up/scale_down helpers when I factored out the rq-qos code. We need to wake up all the waiters when we add slots for requests to make, not when we shrink the slots. Otherwise we'll end up things waiting forever. This was a mistake and simply puts everything back the way it was. cc: stable(a)vger.kernel.org Fixes: a79050434b45 ("blk-rq-qos: refactor out common elements of blk-wbt") eported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- JENS! I did this on for-4.20/block FYI block/blk-wbt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 8e20a0677dcf..8ac93fcbaa2e 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -310,6 +310,7 @@ static void scale_up(struct rq_wb *rwb) rq_depth_scale_up(&rwb->rq_depth); calc_wb_limits(rwb); rwb->unknown_cnt = 0; + rwb_wake_all(rwb); rwb_trace_step(rwb, "scale up"); } @@ -318,7 +319,6 @@ static void scale_down(struct rq_wb *rwb, bool hard_throttle) rq_depth_scale_down(&rwb->rq_depth, hard_throttle); calc_wb_limits(rwb); rwb->unknown_cnt = 0; - rwb_wake_all(rwb); rwb_trace_step(rwb, "scale down"); } -- 2.14.3

6 years, 11 months

2
1
0 0

[PATCH] pci: Add a few new IDs for Intel GPU "spurious interrupt" quirk

by Bin Meng

Add more PCI IDs to the Intel GPU "spurious interrupt" quirk table, which are known to break. See commit f67fd55fa96f ("PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs"), and commit 7c82126a94e6 ("PCI: Add new ID for Intel GPU "spurious interrupt" quirk") for some history. Based on current findings, it is highly possible that all Intel 1st/2nd/3rd generation Core processors' IGD has such quirk. Signed-off-by: Bin Meng <bmeng.cn(a)gmail.com> Cc: <stable(a)vger.kernel.org> # v3.4+ --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 6bc27b7..c0673a7 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -3190,7 +3190,11 @@ static void disable_igfx_irq(struct pci_dev *dev) pci_iounmap(dev, regs); } +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0042, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0046, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x004a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0102, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0106, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x010a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0152, disable_igfx_irq); -- 2.7.4

6 years, 11 months

4
12
0 0

Backports that remove FPU lazy-mode deadcode

by Daniel Sangorrin

Hello Greg, This is my 3rd attempt* at sending to you the FPU backported patches that complete the removal of FPU lazy-mode code, documentation and comments. Please apply the next patch before the 4.4.y 3-patch series. - a1dbf52c1a38 ("KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch") [PATCH v3 4.4.y 1/3] x86/fpu: Remove use_eager_fpu() [PATCH v3 4.4.y 2/3] x86/fpu: Remove struct fpu::counter [PATCH v3 4.4.y 3/3] x86/fpu: Finish excising 'eagerfpu' [Note] I already sent to you a patch backported for 4.9.y (please make sure you follow the annotations). https://www.spinics.net/lists/stable/msg247014.html Thanks, Daniel *Sorry if I mess up again. I am going to use the get_maintainer.pl from the upstream kernel because last time I had some "returned e-mails".

6 years, 11 months

2
4
0 0

Backports that remove FPU lazy-mode deadcode for 4.9.y

by Daniel Sangorrin

Hello Greg, Please consider this backport for 4.9.y. It completes the removal of FPU lazy-mode code, documentation and comments. [PATCH v3 4.9] x86/fpu: Remove use_eager_fpu() After applying the patch, please do the following: - cherry-pick: 3913cc350757 ("x86/fpu: Remove struct fpu::counter") - revert: f09a7b0eead7 ("perf: sync up x86/.../cpufeatures.h") - Because the modification in this patch actually belongs to e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") - cherry-pick: e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") Thanks, Daniel

6 years, 11 months

3
4
0 0

[PATCH] selinux: fix byte order and alignment issues in policydb.c

by Ondrej Mosnacek

Add missing LE conversions to the Infiniband-related range checks. These were causing a failure to load any policy with an ibendportcon rule on BE systems. Also, the temporary buffers are only guaranteed to be aligned for 32-bit access so use (get/put)_unaligned_be64() for 64-bit accesses. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <james.l.morris(a)oracle.com> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..2b310e8f2923 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -37,6 +37,7 @@ #include <linux/errno.h> #include <linux/audit.h> #include <linux/flex_array.h> +#include <asm/unaligned.h> #include "security.h" #include "policydb.h" @@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; - __le32 buf[3]; + __le32 buf[4]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(buf, fp, sizeof(u32) * 4); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + c->u.ibpkey.subnet_prefix = get_unaligned_be64(buf); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (le32_to_cpu(buf[2]) > 0xffff || + le32_to_cpu(buf[3]) > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); rc = context_read_and_validate(&c->context[0], p, @@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + if (le32_to_cpu(buf[1]) > 0xff || + le32_to_cpu(buf[1]) == 0) { rc = -EINVAL; goto out; } @@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; - __le32 buf[3]; + __le32 buf[4]; u32 nodebuf[8]; struct ocontext *c; for (i = 0; i < info->ocon_num; i++) { @@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + put_unaligned_be64(c->u.ibpkey.subnet_prefix, buf); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 4, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.1

6 years, 11 months

1
0
0 0

[for -stable] commit "c82919888064 ath10k: fix scan crash due to incorrect length calculation"

by Brian Norris

Hi Greg / stable maintainer(s), IIUC, this commit is a good candidate for -stable. I just hit the bug on 4.14, because of new vendor firmware that noticed the mismatched length (an internal "assert"), but it seems like this is equally problematic from the kernel side for as long as this code existed [1]: commit c8291988806407e02a01b4b15b4504eafbcc04e0 Author: Zhi Chen <zhichen(a)codeaurora.org> Date: Mon Jun 18 17:00:39 2018 +0300 ath10k: fix scan crash due to incorrect length calculation Thanks, Brian [1] I guess that would be: Fixes: ca996ec56608 ("ath10k: implement wmi-tlv backend") which was in v4.0.

6 years, 11 months

3
2
0 0

request for 4.14-stable: c7cdff0e8647 ("virtio_balloon: fix deadlock on OOM")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be in stable. Please apply to your queue of 4.14-stable. And at the same time, there was another later patch which fixed a bug in this patch. Both are attached as a series to this mail. -- Regards Sudip

6 years, 11 months

2
1
0 0

[PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by Mao Wenan

There are five patches to fix CVE-2018-5390 in latest mainline branch, but only two patches exist in stable 4.4 and 3.18: dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible I have tested with stable 4.4 kernel, and found the cpu usage was very high. So I think only two patches can't fix the CVE-2018-5390. test results: with fix patch： 78.2% ksoftirqd withoutfix patch： 90% ksoftirqd Then I try to imitate 72cd43ba(tcp: free batches of packets in tcp_prune_ofo_queue()) to drop at least 12.5 % of sk_rcvbuf to avoid malicious attacks with simple queue instead of RB tree. The result is not very well. After analysing the codes of stable 4.4, and debuging the system, shows that search of ofo_queue(tcp ofo using a simple queue) cost more cycles. So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline, good news is that ksoftirqd is turn to about 20%, which is the same with mainline now. Stable 4.4 have already back port two patches, f4a3313d(tcp: avoid collapses in tcp_prune_queue() if possible) 3d4bf93a(tcp: detect malicious patterns in tcp_collapse_ofo_queue()) If we want to change simple queue to RB tree to finally resolve, we should apply previous patch 9f5afeae(tcp: use an RB tree for ooo receive queue.) firstly, but 9f5afeae have many conflicts with 3d4bf93a and f4a3313d, which are part of patch series from Eric in mainline to fix CVE-2018-5390, so I need revert part of patches in stable 4.4 firstly, then apply 9f5afeae, and reapply five patches from Eric. V1->V2: 1) Don't revert 3d4bf93a and f4a3313d firstly, all of 6 patches based on 4.4.155. 2) Add one bug fix patch for RB tree:76f0dcbb5ae1a7c3dbeec13dd98233b8e6b0b32a tcp: fix a stale ooo_last_skb Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Yaogong Wang (1): tcp: use an RB tree for ooo receive queue include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- net/core/skbuff.c | 19 +++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++++++++++++++++------------------ net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + 10 files changed, 297 insertions(+), 172 deletions(-) -- 1.8.3.1

6 years, 11 months

3
9
0 0

[PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

Hi Greg, The problem had been fixed by 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Which one is your preference ? Hi Andreas, Could you please help review the patch ? Thanks, Tao --- From: Hou Tao <houtao1(a)huawei.com> When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occurs due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; --

6 years, 11 months

2
1
0 0

[PATCH] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452

by Jason Gerecke

The DTK-2451 and DTH-2452 have a buggy HID descriptor which incorrectly contains a Cintiq-like report, complete with pen tilt, rotation, twist, serial number, etc. The hardware doesn't actually support this data but our driver duitifully sets up the device as though it does. To ensure userspace has a correct view of devices without updated firmware, we clean up this incorrect data in wacom_setup_device_quirks. We're also careful to clear the WACOM_QUIRK_TOOLSERIAL flag since its presence causes the driver to wait for serial number information (via wacom_wac_pen_serial_enforce) that never comes, resulting in the pen being non-responsive. Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 8341720642 ("HID: wacom: Queue events with missing type/serial data for later processing") Cc: stable(a)vger.kernel.org # v4.16+ --- drivers/hid/wacom_wac.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index e0a06be5ef5c..b4b4a30e3982 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -3335,6 +3335,7 @@ static void wacom_setup_intuos(struct wacom_wac *wacom_wac) void wacom_setup_device_quirks(struct wacom *wacom) { + struct wacom_wac *wacom_wac = &wacom->wacom_wac; struct wacom_features *features = &wacom->wacom_wac.features; /* The pen and pad share the same interface on most devices */ @@ -3464,6 +3465,25 @@ void wacom_setup_device_quirks(struct wacom *wacom) if (features->type == REMOTE) features->device_type |= WACOM_DEVICETYPE_WL_MONITOR; + + /* HID descriptor for DTK-2451 / DTH-2452 claims to report lots + * of things it shouldn't. Lets fix up the damage... + */ + if (wacom->hdev->product == 0x382 || wacom->hdev->product == 0x37d) { + features->quirks &= ~WACOM_QUIRK_TOOLSERIAL; + __clear_bit(BTN_TOOL_BRUSH, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_PENCIL, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_AIRBRUSH, wacom_wac->pen_input->keybit); + __clear_bit(ABS_Z, wacom_wac->pen_input->absbit); + __clear_bit(ABS_DISTANCE, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_X, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_Y, wacom_wac->pen_input->absbit); + __clear_bit(ABS_WHEEL, wacom_wac->pen_input->absbit); + __clear_bit(ABS_MISC, wacom_wac->pen_input->absbit); + __clear_bit(MSC_SERIAL, wacom_wac->pen_input->mscbit); + __clear_bit(EV_MSC, wacom_wac->pen_input->evbit); + } } int wacom_setup_pen_input_capabilities(struct input_dev *input_dev, -- 2.19.1

6 years, 11 months

2
1
0 0

[PATCH 1/1] crypto:chelsio: Fix memory corruption in DMA Mapped buffers.

by Harsh Jain

commit add92a817e60e308a419693413a38d9d1e663aff upstream Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: Harsh Jain <harsh(a)chelsio.com> --- drivers/crypto/chelsio/chcr_algo.c | 41 ++++++++++++++++++++++++------------ drivers/crypto/chelsio/chcr_crypto.h | 2 ++ 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 0e81607..bb7b59f 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -384,7 +384,8 @@ static inline int is_hmac(struct crypto_tfm *tfm) static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { struct phys_sge_pairs *to; unsigned int len = 0, left_size = sg_param->obsize; @@ -402,6 +403,7 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(sg_param->qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; to = (struct phys_sge_pairs *)((unsigned char *)phys_cpl + sizeof(struct cpl_rx_phys_dsgl)); for (i = 0; nents && left_size; to++) { @@ -418,7 +420,8 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, static inline int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { if (!sg || !sg_param->nents) return -EINVAL; @@ -428,7 +431,7 @@ static inline int map_writesg_phys_cpl(struct device *dev, pr_err("CHCR : DMA mapping failed\n"); return -EINVAL; } - write_phys_cpl(phys_cpl, sg, sg_param); + write_phys_cpl(phys_cpl, sg, sg_param, pci_chan_id); return 0; } @@ -608,7 +611,7 @@ static inline void create_wreq(struct chcr_context *ctx, is_iv ? iv_loc : IV_NOP, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8), 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -698,7 +701,8 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) sg_param.obsize = wrparam->bytes; sg_param.qid = wrparam->qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto map_fail1; @@ -1228,16 +1232,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2066,7 +2077,8 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2389,7 +2401,7 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2545,7 +2557,8 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 30af1ee..e039d9a 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -222,6 +222,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; }; -- 2.1.4

6 years, 11 months

2
1
0 0

[PATCH backport for 4.9] x86/mm: Expand static page table for fixmap space

by Feng Tang

commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream We met a kernel panic when enabling earlycon, which is due to the fixmap address of earlycon is not statically setup. Currently the static fixmap setup in head_64.S only covers 2M virtual address space, while it actually could be in 4M space with different kernel configurations, e.g. when VSYSCALL emulation is disabled. So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2, and add a build time check to ensure that the fixmap is covered by the initial static page tables. Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Feng Tang <feng.tang(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # v4.9 Cc: Juergen Gross <jgross(a)suse.com> Cc: H Peter Anvin <hpa(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Andy Lutomirsky <luto(a)kernel.org> --- arch/x86/include/asm/fixmap.h | 10 ++++++++++ arch/x86/include/asm/pgtable_64.h | 3 ++- arch/x86/kernel/head_64.S | 16 ++++++++++++---- arch/x86/mm/pgtable.c | 9 +++++++++ arch/x86/xen/mmu.c | 8 ++++++-- 5 files changed, 39 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h index 8554f960..2515284 100644 --- a/arch/x86/include/asm/fixmap.h +++ b/arch/x86/include/asm/fixmap.h @@ -14,6 +14,16 @@ #ifndef _ASM_X86_FIXMAP_H #define _ASM_X86_FIXMAP_H +/* + * Exposed to assembly code for setting up initial page tables. Cannot be + * calculated in assembly code (fixmap entries are an enum), but is sanity + * checked in the actual fixmap C code to make sure that the fixmap is + * covered fully. + */ +#define FIXMAP_PMD_NUM 2 +/* fixmap starts downwards from the 507th entry in level2_fixmap_pgt */ +#define FIXMAP_PMD_TOP 507 + #ifndef __ASSEMBLY__ #include <linux/kernel.h> #include <asm/acpi.h> diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index 221a32e..d5c4df9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -13,13 +13,14 @@ #include <asm/processor.h> #include <linux/bitops.h> #include <linux/threads.h> +#include <asm/fixmap.h> extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; extern pmd_t level2_kernel_pgt[512]; extern pmd_t level2_fixmap_pgt[512]; extern pmd_t level2_ident_pgt[512]; -extern pte_t level1_fixmap_pgt[512]; +extern pte_t level1_fixmap_pgt[512 * FIXMAP_PMD_NUM]; extern pgd_t init_level4_pgt[]; #define swapper_pg_dir init_level4_pgt diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 9d72cf5..b0d6697 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -23,6 +23,7 @@ #include "../entry/calling.h" #include <asm/export.h> #include <asm/nospec-branch.h> +#include <asm/fixmap.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -493,13 +494,20 @@ NEXT_PAGE(level2_kernel_pgt) KERNEL_IMAGE_SIZE/PMD_SIZE) NEXT_PAGE(level2_fixmap_pgt) - .fill 506,8,0 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */ - .fill 5,8,0 + .fill (512 - 4 - FIXMAP_PMD_NUM),8,0 + pgtno = 0 + .rept (FIXMAP_PMD_NUM) + .quad level1_fixmap_pgt + (pgtno << PAGE_SHIFT) - __START_KERNEL_map \ + + _PAGE_TABLE; + pgtno = pgtno + 1 + .endr + /* 6 MB reserved space + a 2MB hole */ + .fill 4,8,0 NEXT_PAGE(level1_fixmap_pgt) + .rept (FIXMAP_PMD_NUM) .fill 512,8,0 + .endr #undef PMDS diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e30baa8..8cbed30 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -536,6 +536,15 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) { unsigned long address = __fix_to_virt(idx); +#ifdef CONFIG_X86_64 + /* + * Ensure that the static initial page tables are covering the + * fixmap completely. + */ + BUILD_BUG_ON(__end_of_permanent_fixed_addresses > + (FIXMAP_PMD_NUM * PTRS_PER_PTE)); +#endif + if (idx >= __end_of_fixed_addresses) { BUG(); return; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index c92f75f..ebceaba 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1936,7 +1936,7 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); - /* L3_k[511][506] -> level1_fixmap_pgt */ + /* L3_k[511][508-FIXMAP_PMD_NUM ... 507] -> level1_fixmap_pgt */ convert_pfn_mfn(level2_fixmap_pgt); } /* We get [511][511] and have Xen's version of level2_kernel_pgt */ @@ -1970,7 +1970,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); - set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO); + + for (i = 0; i < FIXMAP_PMD_NUM; i++) { + set_page_prot(level1_fixmap_pgt + i * PTRS_PER_PTE, + PAGE_KERNEL_RO); + } /* Pin down new L4 */ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, -- 2.7.4

6 years, 11 months

2
1
0 0

[PATCH 0/1] Fix 4.4-stable and 4.9-stable ppc build

by Kleber Sacilotto de Souza

Hi Greg, The backport of upstream commit 1bd6a1c4b80a ("powerpc/fadump: handle crash memory ranges array index overflow") introduced a ppc build failure on 4.4-stable and 4.9-stable when CONFIG_FA_DUMP is enabled: arch/powerpc/kernel/fadump.c: In function ‘register_fadump’: arch/powerpc/kernel/fadump.c:1015:10: error: ‘return’ with a value, in function returning void [-Werror] return ret; ^~~ arch/powerpc/kernel/fadump.c:1000:13: note: declared here static void register_fadump(void) ^~~~~~~~~~~~~~~ I am suggesting to fix it by backporting 98b8cd7f7564 ("powerpc/fadump: Return error when fadump registration fails"), which is an earlier commit that (among other things) set the return of register_fadump() to int and has little functional changes. It was applied upstream for v4.13, so 4.14-stable and later are already fixed. Thanks, Kleber Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails arch/powerpc/kernel/fadump.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) -- 2.17.1

6 years, 11 months

2
2
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 11 months

3
2
0 0

[PATCH for-4.14.y 1/4] cgroup/cpuset: remove circular dependency deadlock

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit aa24163b2ee5c92120e32e99b5a93143a0f4258e upstream. Remove circular dependency deadlock in a scenario where hotplug of CPU is being done while there is updation in cgroup and cpuset triggered from userspace. Process A => kthreadd => Process B => Process C => Process A Process A cpu_subsys_offline(); cpu_down(); _cpu_down(); percpu_down_write(&cpu_hotplug_lock); //held cpuhp_invoke_callback(); workqueue_offline_cpu(); queue_work_on(); // unbind_work on system_highpri_wq __queue_work(); insert_work(); wake_up_worker(); flush_work(); wait_for_completion(); worker_thread(); manage_workers(); create_worker(); kthread_create_on_node(); wake_up_process(kthreadd_task); kthreadd kthreadd(); kernel_thread(); do_fork(); copy_process(); percpu_down_read(&cgroup_threadgroup_rwsem); __rwsem_down_read_failed_common(); //waiting Process B kernfs_fop_write(); cgroup_file_write(); cgroup_procs_write(); percpu_down_write(&cgroup_threadgroup_rwsem); //held cgroup_attach_task(); cgroup_migrate(); cgroup_migrate_execute(); cpuset_can_attach(); mutex_lock(&cpuset_mutex); //waiting Process C kernfs_fop_write(); cgroup_file_write(); cpuset_write_resmask(); mutex_lock(&cpuset_mutex); //held update_cpumask(); update_cpumasks_hier(); rebuild_sched_domains_locked(); get_online_cpus(); percpu_down_read(&cpu_hotplug_lock); //waiting Eliminating deadlock by reversing the locking order for cpuset_mutex and cpu_hotplug_lock. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- Build tested on 4.14.74 for ARCH=arm/arm64 allmodconfig. kernel/cgroup/cpuset.c | 53 ++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 4657e2924ecb..54f4855b92fa 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -817,6 +817,18 @@ static int generate_sched_domains(cpumask_var_t **domains, return ndoms; } +static void cpuset_sched_change_begin(void) +{ + cpus_read_lock(); + mutex_lock(&cpuset_mutex); +} + +static void cpuset_sched_change_end(void) +{ + mutex_unlock(&cpuset_mutex); + cpus_read_unlock(); +} + /* * Rebuild scheduler domains. * @@ -826,16 +838,14 @@ static int generate_sched_domains(cpumask_var_t **domains, * 'cpus' is removed, then call this routine to rebuild the * scheduler's dynamic sched domains. * - * Call with cpuset_mutex held. Takes get_online_cpus(). */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { struct sched_domain_attr *attr; cpumask_var_t *doms; int ndoms; lockdep_assert_held(&cpuset_mutex); - get_online_cpus(); /* * We have raced with CPU hotplug. Don't do anything to avoid @@ -843,27 +853,25 @@ static void rebuild_sched_domains_locked(void) * Anyways, hotplug work item will rebuild sched domains. */ if (!cpumask_equal(top_cpuset.effective_cpus, cpu_active_mask)) - goto out; + return; /* Generate domain masks and attrs */ ndoms = generate_sched_domains(&doms, &attr); /* Have scheduler rebuild the domains */ partition_sched_domains(ndoms, doms, attr); -out: - put_online_cpus(); } #else /* !CONFIG_SMP */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { } #endif /* CONFIG_SMP */ void rebuild_sched_domains(void) { - mutex_lock(&cpuset_mutex); - rebuild_sched_domains_locked(); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_begin(); + rebuild_sched_domains_cpuslocked(); + cpuset_sched_change_end(); } /** @@ -949,7 +957,7 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus) rcu_read_unlock(); if (need_rebuild_sched_domains) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } /** @@ -1281,7 +1289,7 @@ static int update_relax_domain_level(struct cpuset *cs, s64 val) cs->relax_domain_level = val; if (!cpumask_empty(cs->cpus_allowed) && is_sched_load_balance(cs)) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } return 0; @@ -1314,7 +1322,6 @@ static void update_tasks_flags(struct cpuset *cs) * * Call with cpuset_mutex held. */ - static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, int turning_on) { @@ -1347,7 +1354,7 @@ static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, spin_unlock_irq(&callback_lock); if (!cpumask_empty(trialcs->cpus_allowed) && balance_flag_changed) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); if (spread_flag_changed) update_tasks_flags(cs); @@ -1615,7 +1622,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = 0; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) { retval = -ENODEV; goto out_unlock; @@ -1651,7 +1658,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1662,7 +1669,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = -ENODEV; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1675,7 +1682,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1714,7 +1721,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, kernfs_break_active_protection(of->kn); flush_work(&cpuset_hotplug_work); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1738,7 +1745,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, free_trial_cpuset(trialcs); out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); kernfs_unbreak_active_protection(of->kn); css_put(&cs->css); flush_workqueue(cpuset_migrate_mm_wq); @@ -2039,14 +2046,14 @@ static int cpuset_css_online(struct cgroup_subsys_state *css) /* * If the cpuset being removed has its flag 'sched_load_balance' * enabled, then simulate turning sched_load_balance off, which - * will call rebuild_sched_domains_locked(). + * will call rebuild_sched_domains_cpuslocked(). */ static void cpuset_css_offline(struct cgroup_subsys_state *css) { struct cpuset *cs = css_cs(css); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (is_sched_load_balance(cs)) update_flag(CS_SCHED_LOAD_BALANCE, cs, 0); @@ -2054,7 +2061,7 @@ static void cpuset_css_offline(struct cgroup_subsys_state *css) cpuset_dec(); clear_bit(CS_ONLINE, &cs->flags); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); } static void cpuset_css_free(struct cgroup_subsys_state *css) -- 2.7.4

6 years, 11 months

2
6
0 0

[PATCH for-4.9.y] cgroup: Fix deadlock in cpu hotplug path

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit 116d2f7496c51b2e02e8e4ecdd2bdf5fb9d5a641 upstream. Deadlock during cgroup migration from cpu hotplug path when a task T is being moved from source to destination cgroup. kworker/0:0 cpuset_hotplug_workfn() cpuset_hotplug_update_tasks() hotplug_update_tasks_legacy() remove_tasks_in_empty_cpuset() cgroup_transfer_tasks() // stuck in iterator loop cgroup_migrate() cgroup_migrate_add_task() In cgroup_migrate_add_task() it checks for PF_EXITING flag of task T. Task T will not migrate to destination cgroup. css_task_iter_start() will keep pointing to task T in loop waiting for task T cg_list node to be removed. Task T do_exit() exit_signals() // sets PF_EXITING exit_task_namespaces() switch_task_namespaces() free_nsproxy() put_mnt_ns() drop_collected_mounts() namespace_unlock() synchronize_rcu() _synchronize_rcu_expedited() schedule_work() // on cpu0 low priority worker pool wait_event() // waiting for work item to execute Task T inserted a work item in the worklist of cpu0 low priority worker pool. It is waiting for expedited grace period work item to execute. This work item will only be executed once kworker/0:0 complete execution of cpuset_hotplug_workfn(). kworker/0:0 ==> Task T ==>kworker/0:0 In case of PF_EXITING task being migrated from source to destination cgroup, migrate next available task in source cgroup. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> [AmitP: Upstream commit cherry-pick failed, so I picked the backported changes from CAF/msm-4.9 tree instead: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=49b74f16964…] Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- This patch can be cleanly applied and build tested on 4.4.y and 3.18.y as well but I couldn't find it in msm-4.4 and msm-3.18 trees. So this patch is really untested on those stable trees. Build tested on 4.9.131, 4.4.159 and 3.18.123 for ARCH=arm/arm64 allmodconfig. kernel/cgroup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 4c233437ee1a..bb0cf1caf1cd 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -4386,7 +4386,11 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) */ do { css_task_iter_start(&from->self, &it); - task = css_task_iter_next(&it); + + do { + task = css_task_iter_next(&it); + } while (task && (task->flags & PF_EXITING)); + if (task) get_task_struct(task); css_task_iter_end(&it); -- 2.7.4

6 years, 11 months

2
1
0 0

[4.4.y 4.9.y 0/1] ext4 CVE fixes for 4.9 and 4.4

by Chenbo Feng

This patch is aimed to fixing CVE-2018-10883 and is already in 4.14 stable. The upstream one has minor conflicts when backporting to 4.4 and 4.9 but it is trivial to resolve. I have tested the patch with xfstests on kvm and there is no regression. Theodore Ts'o (1): ext4: avoid running out of journal credits when appending to an inline file fs/ext4/ext4.h | 3 --- fs/ext4/inline.c | 38 +------------------------------------- fs/ext4/xattr.c | 18 ++---------------- 3 files changed, 3 insertions(+), 56 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
2
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.9.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
3
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.4.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
3
0 0

Re: [PATCH] platform-msi: Free descriptors in platform_msi_domain_free()

by Miquel Raynal

Hi Marc, Marc Zyngier <marc.zyngier(a)arm.com> wrote on Thu, 11 Oct 2018 09:36:04 +0100: > Miquel, > > On Fri, 28 Sep 2018 16:10:29 +0100, > Miquel Raynal <miquel.raynal(a)bootlin.com> wrote: > > > > Hi Marc, > > > > [...] > > > > > At that stage, you're better off just calling > > > > > > list_del(&desc->list); > > > free_msi_entry(desc); > > > > > > I like this approach better as we only traverse the list once. > > > > Right. > > > > > > > > > } > > > > } > > > > > /** > > > > diff --git a/include/linux/msi.h b/include/linux/msi.h > > > > index 5839d8062dfc..be8ec813dbfb 100644 > > > > --- a/include/linux/msi.h > > > > +++ b/include/linux/msi.h > > > > @@ -116,6 +116,8 @@ struct msi_desc { > > > > list_first_entry(dev_to_msi_list((dev)), struct msi_desc, list) > > > > #define for_each_msi_entry(desc, dev) \ > > > > list_for_each_entry((desc), dev_to_msi_list((dev)), list) > > > > +#define for_each_msi_entry_safe(desc, tmp, dev) \ > > > > + list_for_each_entry_safe((desc), (tmp), dev_to_msi_list((dev)), list) > > > > > #ifdef CONFIG_PCI_MSI > > > > #define first_pci_msi_entry(pdev) first_msi_entry(&(pdev)->dev) > > > > > > If you repin this, I'll queue it right away. > > > > Let me test the new version to be sure I'm not breaking anything and > > I'll send a v2. > > What is the status of this? Are you still planning to send a v2? I'd > really like this fix to reach 4.19 before we put the last nail on it. Sorry about that, I was sure I already sent the v2, now it's done. The changes in this v2 are that instead of creating a platform_msi_domain_free_descs() helper that iterates over the list of descriptors, the descriptor itself is removed from the list and destroyed directly in platform_msi_domain_free(). The for_each_msi_entry() loop is also transformed to use the "_safe" alternative. Thanks, Miquèl

6 years, 11 months

1
0
0 0

[PATCH 3.18.y 00/10] recent ext4 CVE fixes

by Greg Hackmann

A batch of ext4-related CVE fixes were released to other kernels in linux-stable, but don't apply cleanly to 3.18.y. For the most part these are unmodified cherry-picks of Ben Hutchings's 3.16.y backports (exceptions are noted above my Signed-off-by). Theodore Ts'o (10): ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file fs/ext4/balloc.c | 21 ++++++++++++------- fs/ext4/ext4.h | 8 ------- fs/ext4/ialloc.c | 19 ++++++++++++++--- fs/ext4/inline.c | 38 +-------------------------------- fs/ext4/inode.c | 3 ++- fs/ext4/mballoc.c | 6 ++++-- fs/ext4/super.c | 12 +++++++++-- fs/ext4/xattr.c | 49 ++++++++++++++++++++----------------------- fs/jbd2/transaction.c | 2 +- 9 files changed, 70 insertions(+), 88 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 11 months

2
11
0 0

[PATCH 1/6] arm64: perf: Reject stand-alone CHAIN events for PMUv3

by Will Deacon

It doesn't make sense for a perf event to be configured as a CHAIN event in isolation, so extend the arm_pmu structure with a ->filter_match() function to allow the backend PMU implementation to reject CHAIN events early. Cc: <stable(a)vger.kernel.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/kernel/perf_event.c | 7 +++++++ drivers/perf/arm_pmu.c | 8 +++++++- include/linux/perf/arm_pmu.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c index 8e38d5267f22..e213f8e867f6 100644 --- a/arch/arm64/kernel/perf_event.c +++ b/arch/arm64/kernel/perf_event.c @@ -966,6 +966,12 @@ static int armv8pmu_set_event_filter(struct hw_perf_event *event, return 0; } +static int armv8pmu_filter_match(struct perf_event *event) +{ + unsigned long evtype = event->hw.config_base & ARMV8_PMU_EVTYPE_EVENT; + return evtype != ARMV8_PMUV3_PERFCTR_CHAIN; +} + static void armv8pmu_reset(void *info) { struct arm_pmu *cpu_pmu = (struct arm_pmu *)info; @@ -1114,6 +1120,7 @@ static int armv8_pmu_init(struct arm_pmu *cpu_pmu) cpu_pmu->stop = armv8pmu_stop, cpu_pmu->reset = armv8pmu_reset, cpu_pmu->set_event_filter = armv8pmu_set_event_filter; + cpu_pmu->filter_match = armv8pmu_filter_match; return 0; } diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c index 7f01f6f60b87..d0b7dd8fb184 100644 --- a/drivers/perf/arm_pmu.c +++ b/drivers/perf/arm_pmu.c @@ -485,7 +485,13 @@ static int armpmu_filter_match(struct perf_event *event) { struct arm_pmu *armpmu = to_arm_pmu(event->pmu); unsigned int cpu = smp_processor_id(); - return cpumask_test_cpu(cpu, &armpmu->supported_cpus); + int ret; + + ret = cpumask_test_cpu(cpu, &armpmu->supported_cpus); + if (ret && armpmu->filter_match) + return armpmu->filter_match(event); + + return ret; } static ssize_t armpmu_cpumask_show(struct device *dev, diff --git a/include/linux/perf/arm_pmu.h b/include/linux/perf/arm_pmu.h index 10f92e1d8e7b..bf309ff6f244 100644 --- a/include/linux/perf/arm_pmu.h +++ b/include/linux/perf/arm_pmu.h @@ -99,6 +99,7 @@ struct arm_pmu { void (*stop)(struct arm_pmu *); void (*reset)(void *); int (*map_event)(struct perf_event *event); + int (*filter_match)(struct perf_event *event); int num_events; bool secure_access; /* 32-bit ARM only */ #define ARMV8_PMUV3_MAX_COMMON_EVENTS 0x40 -- 2.1.4

6 years, 11 months

2
2
0 0

[PATCH] drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors

by Lyude Paul

It appears when testing my previous fix for some of the legacy modesetting issues with MST, I misattributed some kernel splats that started appearing on my machine after a rebase as being from upstream. But it appears they actually came from my patch series: [ 2.980512] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:65:eDP-1] [ 2.980516] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CONNECTOR:65:eDP-1] is not registered [ 2.980516] ------------[ cut here ]------------ [ 2.980519] Could not determine valid watermarks for inherited state [ 2.980553] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980556] Modules linked in: i915(O+) i2c_algo_bit drm_kms_helper(O) syscopyarea sysfillrect sysimgblt fb_sys_fops drm(O) intel_rapl x86_pkg_temp_thermal iTCO_wdt wmi_bmof coretemp crc32_pclmul psmouse i2c_i801 mei_me mei i2c_core lpc_ich mfd_core tpm_tis tpm_tis_core wmi tpm thinkpad_acpi pcc_cpufreq video ehci_pci crc32c_intel serio_raw ehci_hcd xhci_pci xhci_hcd [ 2.980577] CPU: 3 PID: 551 Comm: systemd-udevd Tainted: G O 4.19.0-rc7Lyude-Test+ #1 [ 2.980579] Hardware name: LENOVO 20BWS1KY00/20BWS1KY00, BIOS JBET63WW (1.27 ) 11/10/2016 [ 2.980605] RIP: 0010:intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980607] Code: 89 df e8 ec 27 02 00 e9 24 f2 ff ff be 03 00 00 00 48 89 df e8 da 27 02 00 e9 26 f2 ff ff 48 c7 c7 c8 d1 34 a0 e8 23 cf dc e0 <0f> 0b e9 7c fd ff ff f6 c4 04 0f 85 37 f7 ff ff 48 8b 83 60 08 00 [ 2.980611] RSP: 0018:ffffc90000287988 EFLAGS: 00010282 [ 2.980614] RAX: 0000000000000000 RBX: ffff88031b488000 RCX: 0000000000000006 [ 2.980617] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff880321ad54d0 [ 2.980620] RBP: ffffc90000287a10 R08: 000000000000040a R09: 0000000000000065 [ 2.980623] R10: ffff88030ebb8f00 R11: ffffffff81416590 R12: ffff88031b488000 [ 2.980626] R13: ffff88031b4883a0 R14: ffffc900002879a8 R15: ffff880319099800 [ 2.980630] FS: 00007f475620d180(0000) GS:ffff880321ac0000(0000) knlGS:0000000000000000 [ 2.980633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.980636] CR2: 00007f9ef28018a0 CR3: 000000031b72c001 CR4: 00000000003606e0 [ 2.980639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2.980642] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2.980645] Call Trace: [ 2.980675] i915_driver_load+0xb0e/0xdc0 [i915] [ 2.980681] ? kernfs_add_one+0xe7/0x130 [ 2.980709] i915_pci_probe+0x46/0x60 [i915] [ 2.980715] pci_device_probe+0xd4/0x150 [ 2.980719] really_probe+0x243/0x3b0 [ 2.980722] driver_probe_device+0xba/0x100 [ 2.980726] __driver_attach+0xe4/0x110 [ 2.980729] ? driver_probe_device+0x100/0x100 [ 2.980733] bus_for_each_dev+0x74/0xb0 [ 2.980736] driver_attach+0x1e/0x20 [ 2.980739] bus_add_driver+0x159/0x230 [ 2.980743] ? 0xffffffffa0393000 [ 2.980746] driver_register+0x70/0xc0 [ 2.980749] ? 0xffffffffa0393000 [ 2.980753] __pci_register_driver+0x57/0x60 [ 2.980780] i915_init+0x55/0x58 [i915] [ 2.980785] do_one_initcall+0x4a/0x1c4 [ 2.980789] ? do_init_module+0x27/0x210 [ 2.980793] ? kmem_cache_alloc_trace+0x131/0x190 [ 2.980797] do_init_module+0x60/0x210 [ 2.980800] load_module+0x2063/0x22e0 [ 2.980804] ? vfs_read+0x116/0x140 [ 2.980807] ? vfs_read+0x116/0x140 [ 2.980811] __do_sys_finit_module+0xbd/0x120 [ 2.980814] ? __do_sys_finit_module+0xbd/0x120 [ 2.980818] __x64_sys_finit_module+0x1a/0x20 [ 2.980821] do_syscall_64+0x5a/0x110 [ 2.980824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2.980826] RIP: 0033:0x7f4754e32879 [ 2.980828] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f7 45 2c 00 f7 d8 64 89 01 48 [ 2.980831] RSP: 002b:00007fff43fd97d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 2.980834] RAX: ffffffffffffffda RBX: 0000559a44ca64f0 RCX: 00007f4754e32879 [ 2.980836] RDX: 0000000000000000 RSI: 00007f475599f4cd RDI: 0000000000000018 [ 2.980838] RBP: 00007f475599f4cd R08: 0000000000000000 R09: 0000000000000000 [ 2.980839] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000 [ 2.980841] R13: 0000559a44c92fd0 R14: 0000000000020000 R15: 0000000000000000 [ 2.980881] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980884] ---[ end trace 5eb47a76277d4731 ]--- The cause of this appears to be due to the fact that if there's pre-existing display state that was set by the BIOS when i915 loads, it will attempt to perform a modeset before the driver is registered with userspace. Since this happens before the driver's registered with userspace, it's connectors are also unregistered and thus-states which would turn on DPMS on a connector end up getting rejected since the connector isn't registered. These bugs managed to get past Intel's CI partially due to the fact it never ran a full test on my patches for some reason, but also because all of the tests unload the GPU once before running. Since this bug is only really triggered when the drivers tries to perform a modeset before it's been fully registered with userspace when coming from whatever display configuration the firmware left us with, it likely would never have been picked up by CI in the first place. After some discussion with vsyrjala, we decided the best course of action would be to just move the unregistered connector checks out of update_connector_routing() and into drm_atomic_set_crtc_for_connector(). The reason for this being that legacy modesetting isn't going to be expecting failures anywhere (at least this is the case with X), so ideally we want to ensure that any DPMS changes will still work even on unregistered connectors. Instead, we now only reject new modesets which would change the current CRTC assigned to an unregistered connector unless no new CRTC is being assigned to replace the connector's previous one. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reported-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Fixes: 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 +-------------------- drivers/gpu/drm/drm_atomic_uapi.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index e6a2cf72de5e..6f66777dca4b 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,26 +319,6 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } - crtc_state = drm_atomic_get_new_crtc_state(state, - new_connector_state->crtc); - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On->Off modesets on unregistered connectors. Modesets - * which would result in anything else must be considered invalid, to - * avoid turning on new displays on dead connectors. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't do anything but shut off the - * display on a connector that was destroyed after its been notified, - * not before. - */ - if (!READ_ONCE(connector->registered) && crtc_state->active) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -383,6 +363,7 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); + crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index d5b7f315098c..7acec863b10c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,6 +299,27 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On<->Off modesets on unregistered connectors, since + * legacy modesetting users will not be expecting these to fail. We do + * not however, want to allow legacy users to assign a connector + * that's been unregistered from sysfs to another CRTC, since doing + * this with a now non-existant connector could potentially leave us + * in an invalid state. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't use this connector for new + * configurations after it's been notified that the connector is no + * longer present. + */ + if (!READ_ONCE(connector->registered) && crtc) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + if (conn_state->crtc == crtc) return 0; -- 2.17.1

6 years, 11 months

3
2
0 0

[PATCH v7 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] USB: serial: option: improve Quectel EP06 detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 36cae568404a298a19a6e8a3f18641075d4cab04 Mon Sep 17 00:00:00 2001 From: Kristian Evensen <kristian.evensen(a)gmail.com> Date: Thu, 13 Sep 2018 11:21:49 +0200 Subject: [PATCH] USB: serial: option: improve Quectel EP06 detection The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen <kristian.evensen(a)gmail.com> Acked-by: Dan Williams <dcbw(a)redhat.com> [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 0215b70c4efc..382feafbd127 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1081,8 +1081,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, - { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06), - .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), @@ -1985,6 +1986,7 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; + struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -1999,6 +2001,18 @@ static int option_probe(struct usb_serial *serial, if (device_flags & RSVD(iface_desc->bInterfaceNumber)) return -ENODEV; + /* + * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, + * subclass and protocol is 0xff for both the diagnostic port and the + * QMI interface, but the diagnostic port only has two endpoints (QMI + * has three). + */ + if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && + dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && + iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + return -ENODEV; + } + /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] USB: serial: option: add two-endpoints device-id flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 35aecc02b5b621782111f64cbb032c7f6a90bb32 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 13 Sep 2018 11:21:50 +0200 Subject: [PATCH] USB: serial: option: add two-endpoints device-id flag Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface numbers can change (e.g. Quectel EP06) to be contained in the device-id table. Tested-by: Kristian Evensen <kristian.evensen(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 382feafbd127..e72ad9f81c73 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -561,6 +561,9 @@ static void option_instat_callback(struct urb *urb); /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) +/* Interface must have two endpoints */ +#define NUMEP2 BIT(16) + static const struct usb_device_id option_ids[] = { { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, @@ -1082,7 +1085,7 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), - .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, @@ -1986,7 +1989,6 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; - struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -2002,16 +2004,11 @@ static int option_probe(struct usb_serial *serial, return -ENODEV; /* - * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, - * subclass and protocol is 0xff for both the diagnostic port and the - * QMI interface, but the diagnostic port only has two endpoints (QMI - * has three). + * Allow matching on bNumEndpoints for devices whose interface numbers + * can change (e.g. Quectel EP06). */ - if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && - dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && - iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + if (device_flags & NUMEP2 && iface_desc->bNumEndpoints != 2) return -ENODEV; - } /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

6 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror