- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] KVM: VMX: hide flexpriority from guest when disabled at the" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2cf7ea9f40fabee0f8b40db4eb2d1e85cc6c0a95 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini <pbonzini(a)redhat.com> Date: Wed, 3 Oct 2018 10:34:00 +0200 Subject: [PATCH] KVM: VMX: hide flexpriority from guest when disabled at the module level As of commit 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings"), KVM will disable VIRTUALIZE_APIC_ACCESSES when a nested guest writes APIC_BASE MSR and kvm-intel.flexpriority=0, whereas previously KVM would allow a nested guest to enable VIRTUALIZE_APIC_ACCESSES so long as it's supported in hardware. That is, KVM now advertises VIRTUALIZE_APIC_ACCESSES to a guest but doesn't (always) allow setting it when kvm-intel.flexpriority=0, and may even initially allow the control and then clear it when the nested guest writes APIC_BASE MSR, which is decidedly odd even if it doesn't cause functional issues. Hide the control completely when the module parameter is cleared. reported-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Fixes: 8d860bbeedef ("kvm: vmx: Basic APIC virtualization controls have three settings") Cc: Jim Mattson <jmattson(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 764ae031054f..55b62760b694 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -3589,12 +3589,12 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv) msrs->secondary_ctls_high); msrs->secondary_ctls_low = 0; msrs->secondary_ctls_high &= - SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_DESC | SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | SECONDARY_EXEC_APIC_REGISTER_VIRT | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | SECONDARY_EXEC_WBINVD_EXITING; + /* * We can emulate "VMCS shadowing," even if the hardware * doesn't support it. @@ -3651,6 +3651,10 @@ static void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, bool apicv) msrs->secondary_ctls_high |= SECONDARY_EXEC_UNRESTRICTED_GUEST; + if (flexpriority_enabled) + msrs->secondary_ctls_high |= + SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; + /* miscellaneous data */ rdmsr(MSR_IA32_VMX_MISC, msrs->misc_low,

6 years, 11 months

1
0
0 0

[PATCH stable 4.9 00/29] backport of IP fragmentation fixes

by Florian Fainelli

This is based on Stephen's v4.14 patches, with the necessary merge conflicts, and the lack of timer_setup() on the 4.9 baseline. Perf results on a gigabit capable system, before and after are below. Series can also be found here: https://github.com/ffainelli/linux/commits/fragment-stack-v4.9 PerfTop: 457 irqs/sec kernel:74.4% exact: 0.0% [4000Hz cycles], (all, 4 CPUs) ------------------------------------------------------------------------------- 29.62% [kernel] [k] ip_defrag 6.57% [kernel] [k] arch_cpu_idle 1.72% [kernel] [k] v7_dma_inv_range 1.68% [kernel] [k] __netif_receive_skb_core 1.43% [kernel] [k] fib_table_lookup 1.30% [kernel] [k] finish_task_switch 1.08% [kernel] [k] ip_rcv 1.01% [kernel] [k] skb_release_data 0.99% [kernel] [k] __slab_free 0.96% [kernel] [k] bcm_sysport_poll 0.88% [kernel] [k] __netdev_alloc_skb 0.87% [kernel] [k] tick_nohz_idle_enter 0.86% [kernel] [k] dev_gro_receive 0.85% [kernel] [k] _raw_spin_unlock_irqrestore 0.84% [kernel] [k] __memzero 0.74% [kernel] [k] tick_nohz_idle_exit 0.73% ld-2.24.so [.] do_lookup_x 0.66% [kernel] [k] kmem_cache_free 0.66% [kernel] [k] bcm_sysport_rx_refill 0.65% [kernel] [k] eth_type_trans After patching: PerfTop: 170 irqs/sec kernel:86.5% exact: 0.0% [4000Hz cycles], (all, 4 CPUs) ------------------------------------------------------------------------------- 7.79% [kernel] [k] arch_cpu_idle 5.14% [kernel] [k] v7_dma_inv_range 4.20% [kernel] [k] ip_defrag 3.89% [kernel] [k] __netif_receive_skb_core 3.65% [kernel] [k] fib_table_lookup 2.16% [kernel] [k] finish_task_switch 1.93% [kernel] [k] _raw_spin_unlock_irqrestore 1.90% [kernel] [k] ip_rcv 1.84% [kernel] [k] bcm_sysport_poll 1.83% [kernel] [k] __memzero 1.65% [kernel] [k] __netdev_alloc_skb 1.60% [kernel] [k] __slab_free 1.49% [kernel] [k] __do_softirq 1.49% [kernel] [k] bcm_sysport_rx_refill 1.31% [kernel] [k] dma_cache_maint_page 1.25% [kernel] [k] tick_nohz_idle_enter 1.24% [kernel] [k] ip_route_input_noref 1.17% [kernel] [k] eth_type_trans 1.06% [kernel] [k] fib_validate_source 1.03% [kernel] [k] inet_frag_find Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (22): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers net: sk_buff rbnode reorg Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov (4): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Documentation/networking/ip-sysctl.txt | 13 +- include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 48 +- include/net/inet_frag.h | 133 +++--- include/net/ip.h | 1 - include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- net/core/skbuff.c | 31 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/inet_fragment.c | 379 ++++------------ net/ipv4/ip_fragment.c | 573 +++++++++++++----------- net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 33 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 212 ++++----- 18 files changed, 785 insertions(+), 960 deletions(-) -- 2.17.1

6 years, 11 months

3
33
0 0

+ mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE has been added to the -mm tree. Its filename is mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-dont-clobber-partially-overlapp… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-dont-clobber-partially-overlapp… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include <sys/mman.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn <jannh(a)google.com> Reported-by: Daniel Micay <danielmicay(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace mm/mmap.c --- a/mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace +++ a/mm/mmap.c @@ -1410,7 +1410,7 @@ unsigned long do_mmap(struct file *file, if (flags & MAP_FIXED_NOREPLACE) { struct vm_area_struct *vma = find_vma(mm, addr); - if (vma && vma->vm_start <= addr) + if (vma && vma->vm_start < addr + len) return -EEXIST; } _ Patches currently in -mm which might be from jannh(a)google.com are mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

6 years, 11 months

1
0
0 0

[GIT PULL] vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers

by Steven Rostedt

Linus (aka Greg), It was reported that trace_printk() was not reporting properly values that came after a dereference pointer. trace_printk() utilizes vbin_printf() and bstr_printf() to keep the overhead of tracing down. vbin_printf() does not do any conversions and just stors the string format and the raw arguments into the buffer. bstr_printf() is used to read the buffer and does the conversions to complete the printf() output. This can be troublesome with dereferenced pointers because the reference may be different from the time vbin_printf() is called to the time bstr_printf() is called. To fix this, a prior commit changed vbin_printf() to convert dereferenced pointers into strings and load the converted string into the buffer. But the change to bstr_printf() had an off-by-one error and didn't account for the nul character at the end of the string and this corrupted the rest of the values in the format that came after a dereferenced pointer. Please pull the latest trace-v4.19-rc5 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v4.19-rc5 Tag SHA1: b5fc80d980ae316323e88c165084deef39afd168 Head SHA1: 62165600ae73ebd76e2d9b992b36360408d570d8 Steven Rostedt (VMware) (1): vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers ---- lib/vsprintf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --------------------------- commit 62165600ae73ebd76e2d9b992b36360408d570d8 Author: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Date: Fri Oct 5 10:08:03 2018 -0400 vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers The functions vbin_printf() and bstr_printf() are used by trace_printk() to try to keep the overhead down during printing. trace_printk() uses vbin_printf() at the time of execution, as it only scans the fmt string to record the printf values into the buffer, and then uses vbin_printf() to do the conversions to print the string based on the format and the saved values in the buffer. This is an issue for dereferenced pointers, as before commit 841a915d20c7b, the processing of the pointer could happen some time after the pointer value was recorded (reading the trace buffer). This means the processing of the value at a later time could show different results, or even crash the system, if the pointer no longer existed. Commit 841a915d20c7b addressed this by processing dereferenced pointers at the time of execution and save the result in the ring buffer as a string. The bstr_printf() would then treat these pointers as normal strings, and print the value. But there was an off-by-one bug here, where after processing the argument, it move the pointer only "strlen(arg)" which made the arg pointer not point to the next argument in the ring buffer, but instead point to the nul character of the last argument. This causes any values after a dereferenced pointer to be corrupted. Cc: stable(a)vger.kernel.org Fixes: 841a915d20c7b ("vsprintf: Do not have bprintf dereference pointers") Reported-by: Nikolay Borisov <nborisov(a)suse.com> Tested-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/lib/vsprintf.c b/lib/vsprintf.c index d5b3a3f95c01..812e59e13fe6 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2794,7 +2794,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) copy = end - str; memcpy(str, args, copy); str += len; - args += len; + args += len + 1; } } if (process)

6 years, 11 months

2
1
0 0

[PATCH] drm/amdgpu: Suppress keypresses from ACPI_VIDEO events

by Lyude Paul

Currently we return NOTIFY_DONE for any event which we don't think is ours. However, many laptops will send more then just an ATIF event and will also send an ACPI_VIDEO_NOTIFY_PROBE event as well. Since we don't check for this, we return NOTIFY_DONE which causes a keypress for the ACPI event to be propogated to userspace. This is the equivalent of someone pressing the display key on a laptop every time there's a hotplug event. So, check for ACPI_VIDEO_NOTIFY_PROBE events and suppress keypresses from them. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c index 353993218f21..f008804f0b97 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c @@ -358,7 +358,9 @@ static int amdgpu_atif_get_sbios_requests(struct amdgpu_atif *atif, * * Checks the acpi event and if it matches an atif event, * handles it. - * Returns NOTIFY code + * + * Returns: + * NOTIFY_BAD or NOTIFY_DONE, depending on the event. */ static int amdgpu_atif_handler(struct amdgpu_device *adev, struct acpi_bus_event *event) @@ -372,11 +374,16 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, if (strcmp(event->device_class, ACPI_VIDEO_CLASS) != 0) return NOTIFY_DONE; + /* Is this actually our event? */ if (!atif || !atif->notification_cfg.enabled || - event->type != atif->notification_cfg.command_code) - /* Not our event */ - return NOTIFY_DONE; + event->type != atif->notification_cfg.command_code) { + /* These events will generate keypresses otherwise */ + if (event->type == ACPI_VIDEO_NOTIFY_PROBE) + return NOTIFY_BAD; + else + return NOTIFY_DONE; + } if (atif->functions.sbios_requests) { struct atif_sbios_requests req; @@ -385,7 +392,7 @@ static int amdgpu_atif_handler(struct amdgpu_device *adev, count = amdgpu_atif_get_sbios_requests(atif, &req); if (count <= 0) - return NOTIFY_DONE; + return NOTIFY_BAD; DRM_DEBUG_DRIVER("ATIF: %d pending SBIOS requests\n", count); -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH 4.4 000/113] 4.4.160-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.160 release. There are 113 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:13 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.160-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.160-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Prevent freeing event subscriptions while accessed Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Sanitize PSTATE.M when being set from userspace Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: cpufeature: Track 32bit EL0 support Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm64/include/asm/cpufeature.h | 8 ++- arch/arm64/include/asm/jump_label.h | 4 +- arch/arm64/include/asm/kvm_emulate.h | 5 ++ arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/kernel/cpufeature.c | 8 +++ arch/arm64/kvm/guest.c | 55 +++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 7 ++- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/edac/i7core_edac.c | 22 ++++--- drivers/gpio/gpio-adp5588.c | 24 +++++-- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/hid/hid-ntrig.c | 2 + drivers/hwmon/adt7475.c | 14 +++-- drivers/hwmon/ina2xx.c | 13 +++- drivers/i2c/busses/i2c-i801.c | 9 ++- drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/mouse/elantech.c | 2 + drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/md-cluster.c | 19 +++--- drivers/md/raid10.c | 5 +- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +++- drivers/media/platform/fsl-viu.c | 38 ++++++----- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 +++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++------ drivers/media/v4l2-core/v4l2-fh.c | 2 + drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/power/reset/vexpress-poweroff.c | 12 ++-- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/spi/spi-rspi.c | 34 ++++++++-- drivers/spi/spi-sh-msiof.c | 28 ++++++++- drivers/spi/spi-tegra20-slink.c | 31 ++++++--- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_auth.c | 15 +---- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 ++- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/tty/serial/imx.c | 8 +++ drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++++++- drivers/usb/core/driver.c | 28 ++++----- drivers/usb/core/usb.c | 2 + drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/kobil_sct.c | 12 +++- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ext4/xattr.c | 5 ++ fs/nfsd/nfs4proc.c | 1 + fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ include/linux/platform_data/ina2xx.h | 2 +- include/linux/slub_def.h | 3 +- include/media/v4l2-fh.h | 1 + kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- lib/klist.c | 10 +-- mm/madvise.c | 2 +- mm/slub.c | 6 +- net/6lowpan/iphc.c | 1 + net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 26 ++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 53 ++++++++++++++++ net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/soc-dapm.c | 7 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 118 files changed, 842 insertions(+), 287 deletions(-)

6 years, 11 months

10
128
0 0

[PATCH AUTOSEL 3.18 1/6] selftests/efivarfs: add required kernel configs

by Sasha Levin

From: Lei Yang <Lei.Yang(a)windriver.com> [ Upstream commit 53cf59d6c0ad3edc4f4449098706a8f8986258b6 ] add config file Signed-off-by: Lei Yang <Lei.Yang(a)windriver.com> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- tools/testing/selftests/efivarfs/config | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/efivarfs/config diff --git a/tools/testing/selftests/efivarfs/config b/tools/testing/selftests/efivarfs/config new file mode 100644 index 000000000000..4e151f1005b2 --- /dev/null +++ b/tools/testing/selftests/efivarfs/config @@ -0,0 +1 @@ +CONFIG_EFIVAR_FS=y -- 2.17.1

6 years, 11 months

2
7
0 0

[PATCH 2/2] xen: make xen_qlock_wait() nestable

by Juergen Gross

xen_qlock_wait() isn't safe for nested calls due to interrupts. A call of xen_qlock_kick() might be ignored in case a deeper nesting level was active right before the call of xen_poll_irq(): CPU 1: CPU 2: spin_lock(lock1) spin_lock(lock1) -> xen_qlock_wait() -> xen_clear_irq_pending() Interrupt happens spin_unlock(lock1) -> xen_qlock_kick(CPU 2) spin_lock_irqsave(lock2) spin_lock_irqsave(lock2) -> xen_qlock_wait() -> xen_clear_irq_pending() clears kick for lock1 -> xen_poll_irq() spin_unlock_irq_restore(lock2) -> xen_qlock_kick(CPU 2) wakes up spin_unlock_irq_restore(lock2) IRET resumes in xen_qlock_wait() -> xen_poll_irq() never wakes up The solution is to disable interrupts in xen_qlock_wait() and not to poll for the irq in case xen_qlock_wait() is called in nmi context. Cc: stable(a)vger.kernel.org Cc: Waiman.Long(a)hp.com Cc: peterz(a)infradead.org Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/spinlock.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c index cd210a4ba7b1..e8d880e98057 100644 --- a/arch/x86/xen/spinlock.c +++ b/arch/x86/xen/spinlock.c @@ -39,29 +39,25 @@ static void xen_qlock_kick(int cpu) */ static void xen_qlock_wait(u8 *byte, u8 val) { + unsigned long flags; int irq = __this_cpu_read(lock_kicker_irq); /* If kicker interrupts not initialized yet, just spin */ - if (irq == -1) + if (irq == -1 || in_nmi()) return; - /* If irq pending already clear it and return. */ + /* Guard against reentry. */ + local_irq_save(flags); + + /* If irq pending already clear it. */ if (xen_test_irq_pending(irq)) { xen_clear_irq_pending(irq); - return; + } else if (READ_ONCE(*byte) == val) { + /* Block until irq becomes pending (or a spurious wakeup) */ + xen_poll_irq(irq); } - if (READ_ONCE(*byte) != val) - return; - - /* - * If an interrupt happens here, it will leave the wakeup irq - * pending, which will cause xen_poll_irq() to return - * immediately. - */ - - /* Block until irq becomes pending (or perhaps a spurious wakeup) */ - xen_poll_irq(irq); + local_irq_restore(flags); } static irqreturn_t dummy_handler(int irq, void *dev_id) -- 2.16.4

6 years, 11 months

4
8
0 0

troubles with https://www.kernel.org/

by Pavlos Parissis

Hi, https://www.kernel.org is either down or very slow for me(based in The Netherlands, Europe). I do understand this is not the right ML to report this issue, but the contact page doesn't load for me and as a result I could find the right communication channel. Cheers, Pavlos

6 years, 11 months

2
2
0 0

Linux 4.18.13

by Greg KH

I'm announcing the release of the 4.18.13 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/sh_eth.txt | 1 Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 arch/hexagon/include/asm/bitops.h | 4 arch/hexagon/kernel/dma.c | 2 arch/nds32/include/asm/elf.h | 4 arch/nds32/include/asm/uaccess.h | 26 - arch/nds32/kernel/atl2c.c | 3 arch/nds32/kernel/module.c | 4 arch/nds32/kernel/traps.c | 2 arch/nds32/kernel/vmlinux.lds.S | 12 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/riscv/kernel/setup.c | 7 arch/x86/events/intel/lbr.c | 4 arch/x86/kernel/apm_32.c | 2 block/blk-cgroup.c | 78 +---- drivers/ata/libata-core.c | 2 drivers/base/firmware_loader/main.c | 35 +- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 drivers/crypto/caam/caamalg.c | 8 drivers/crypto/chelsio/chcr_algo.c | 32 +- drivers/crypto/chelsio/chcr_crypto.h | 2 drivers/crypto/mxs-dcp.c | 53 ++- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 drivers/crypto/qat/qat_c62x/adf_drv.c | 6 drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 drivers/firmware/arm_scmi/perf.c | 8 drivers/gpio/gpio-adp5588.c | 24 + drivers/gpio/gpio-dwapb.c | 1 drivers/gpio/gpiolib-acpi.c | 86 +++-- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 drivers/gpu/drm/nouveau/nouveau_drm.c | 14 drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 - drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 - drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 drivers/hid/hid-apple.c | 9 drivers/hid/hid-ids.h | 7 drivers/hid/hid-saitek.c | 2 drivers/hid/hid-sensor-hub.c | 23 + drivers/hid/i2c-hid/i2c-hid.c | 24 + drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 drivers/hv/connection.c | 8 drivers/i2c/busses/i2c-uniphier-f.c | 7 drivers/i2c/busses/i2c-uniphier.c | 7 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 drivers/iio/temperature/maxim_thermocouple.c | 1 drivers/infiniband/core/ucma.c | 6 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 drivers/iommu/amd_iommu.c | 2 drivers/md/dm-raid.c | 144 +++------ drivers/md/dm-thin-metadata.c | 34 ++ drivers/md/dm-thin.c | 73 ++++ drivers/md/raid10.c | 5 drivers/md/raid5-log.h | 5 drivers/md/raid5.c | 6 drivers/net/ethernet/amazon/ena/ena_com.c | 8 drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 + drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/ibm/emac/core.c | 6 drivers/net/ethernet/ibm/ibmvnic.c | 12 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 drivers/net/ethernet/realtek/r8169.c | 11 drivers/net/ethernet/renesas/sh_eth.c | 36 ++ drivers/net/wireless/broadcom/b43/dma.c | 6 drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 --- drivers/net/wireless/mac80211_hwsim.c | 12 drivers/nvme/target/rdma.c | 27 + drivers/s390/net/qeth_core_main.c | 5 drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/aacraid/aacraid.h | 2 drivers/scsi/csiostor/csio_hw.c | 71 +++- drivers/scsi/csiostor/csio_hw.h | 1 drivers/scsi/csiostor/csio_mb.c | 6 drivers/scsi/qedi/qedi.h | 7 drivers/scsi/qedi/qedi_main.c | 28 + drivers/target/iscsi/iscsi_target.c | 9 drivers/target/iscsi/iscsi_target_login.c | 149 +++++----- drivers/target/iscsi/iscsi_target_login.h | 2 drivers/usb/gadget/udc/fotg210-udc.c | 15 - drivers/usb/host/xhci-plat.c | 27 + drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 - drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 fs/afs/proc.c | 15 - fs/btrfs/ctree.h | 1 fs/btrfs/disk-io.c | 1 fs/btrfs/inode.c | 25 - fs/btrfs/ioctl.c | 16 + fs/btrfs/volumes.c | 7 fs/ceph/super.c | 16 - fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 fs/cifs/misc.c | 8 fs/cifs/smb2ops.c | 2 fs/dcache.c | 2 fs/inode.c | 53 +++ fs/notify/fsnotify.c | 13 fs/ocfs2/dlm/dlmmaster.c | 4 fs/overlayfs/dir.c | 4 fs/overlayfs/namei.c | 2 fs/overlayfs/overlayfs.h | 4 fs/overlayfs/util.c | 3 fs/proc/base.c | 14 fs/xattr.c | 24 - include/asm-generic/io.h | 3 include/linux/blk-cgroup.h | 1 include/linux/fs.h | 6 include/net/cfg80211.h | 4 include/net/regulatory.h | 4 kernel/bpf/sockmap.c | 64 ++-- kernel/bpf/verifier.c | 10 kernel/sched/topology.c | 5 mm/madvise.c | 2 net/core/filter.c | 57 ++- net/ipv4/netfilter/Kconfig | 8 net/mac80211/ibss.c | 22 - net/mac80211/main.c | 28 + net/mac80211/mesh_hwmp.c | 4 net/mac80211/mlme.c | 70 ++++ net/mac80211/tx.c | 54 ++- net/mac80211/util.c | 11 net/netfilter/Kconfig | 12 net/netfilter/nf_tables_api.c | 1 net/netfilter/nfnetlink_queue.c | 1 net/netfilter/xt_CHECKSUM.c | 22 + net/netfilter/xt_cluster.c | 14 net/netfilter/xt_hashlimit.c | 18 - net/tipc/diag.c | 2 net/tipc/netlink.c | 2 net/tipc/socket.c | 76 +++-- net/tipc/socket.h | 2 net/wireless/nl80211.c | 15 - net/wireless/reg.c | 91 ------ net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/hv/hv_fcopy_daemon.c | 1 tools/kvm/kvm_stat/kvm_stat | 25 + tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/annotate.c | 32 +- tools/perf/util/annotate.h | 1 tools/perf/util/evsel.c | 5 tools/perf/util/trace-event-info.c | 2 tools/testing/selftests/net/pmtu.sh | 7 tools/testing/selftests/rseq/param_test.c | 19 - tools/testing/selftests/tc-testing/tc-tests/actions/police.json | 48 +++ tools/vm/page-types.c | 6 tools/vm/slabinfo.c | 4 182 files changed, 1827 insertions(+), 990 deletions(-) Al Viro (1): new primitive: discard_new_inode() Alexey Khoroshilov (1): gpio: dwapb: Fix error handling in dwapb_gpio_probe() Amir Goldstein (3): fsnotify: fix ignore mask logic in fsnotify() ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file Anand Jain (1): btrfs: btrfs_shrink_device should call commit transaction at the end Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Andy Shevchenko (1): gpiolib: acpi: Switch to cansleep version of GPIO library call Anisse Astier (1): HID: i2c-hid: disable runtime PM operations on hantick touchpad Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Baruch Siach (1): net: mvpp2: initialize port of_node pointer Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Bjorn Andersson (1): firmware: Always initialize the fw_priv list object Chris Brandt (1): sh_eth: Add R7S9210 support Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (2): tipc: switch to rhashtable iterator netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (3): scsi: aacraid: fix a signedness bug cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Borkmann (6): bpf, sockmap: fix potential use after free in bpf_tcp_close bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg bpf: fix several offset tests in bpf_msg_pull_data bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev David Howells (1): afs: Fix cell specification to permit an empty address list Dennis Zhou (Facebook) (1): Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Dexuan Cui (1): Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Dreyfuss, Haim (1): mac80211: fix WMM TXOP calculation Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Geert Uytterhoeven (1): scsi: libata: Add missing newline at end of file Greentime Hu (3): nds32: fix logic for module nds32: fix build error because of wrong semicolon nds32: linker script: GCOV kernel may refers data in __exit Greg Kroah-Hartman (2): Revert "drm/amd/pp: Send khz clock values to DC for smu7/8" Linux 4.18.13 Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Haim Dreyfuss (2): nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP nl80211: Pass center frequency in kHz instead of MHz Hans de Goede (2): gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Harsh Jain (1): crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Horia Geantă (1): crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Ilya Dryomov (1): ceph: avoid a use-after-free in ceph_destroy_options() Ivan Mikhaylov (1): net/ibm/emac: wrong emac_calc_base call was used by typo Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (3): bpf: 32-bit RSH verification must truncate input before the ALU op RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Jinbum Park (1): mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johannes Berg (3): mac80211_hwsim: require at least one channel cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) mac80211: always account for A-MSDU header changes John Fastabend (2): bpf: sockmap, decrement copied count correctly in redirect error case bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (3): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Larry Finger (1): b43: fix DMA error related regression with proprietary firmware Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Lorenzo Bianconi (3): mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: fix an off-by-one issue in A-MSDU max_subframe computation iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Mathieu Desnoyers (1): rseq/selftests: fix parametrized test with -fpie Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Miklos Szeredi (3): vfs: don't evict uninitialized inode ovl: set I_CREATING on inode being created ovl: fix format of setxattr debug Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nathan Chancellor (1): cpufreq: qcom-kryo: Fix section annotations Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paolo Abeni (1): tc-testing: add test-cases for numeric and invalid control action Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (2): net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Rishabh Bhatnagar (1): firmware: Fix security issue with request_firmware_into_buf() Robbie Ko (1): Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Sabrina Dubroca (2): selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 selftests: pmtu: detect correct binary to ping ipv6 addresses Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sara Sharon (1): mac80211: avoid kernel panic when building AMSDU from non-linear SKB Sean O'Brien (1): HID: add support for Apple Magic Keyboards Shaohua Li (1): md/raid5-cache: disable reshape completely Singh, Brijesh (1): iommu/amd: Clear memory encryption mask from physical address Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Song Liu (1): ixgbe: check return value of napi_complete_done() Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stanislaw Gruszka (1): cfg80211: make wmm_rule part of the reg_rule structure Stefan Raspl (3): tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider tools/kvm_stat: fix updates for dead guests Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sudeep Holla (1): firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Thomas Falcon (1): ibmvnic: Include missing return code checks in reset function Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Tushar Dave (1): bpf: Fix bpf_msg_pull_data() Varun Prakash (2): scsi: csiostor: add a check for NULL pointer after kmalloc() scsi: csiostor: fix incorrect port capabilities Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (2): xen/manage: don't complain about an empty value in control/sysrq node tools: hv: fcopy: set 'error' in case an unknown operation was requested Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard YueHaibing (1): nds32: add NULL entry to the end of_device_id array Zong Li (2): nds32: Fix empty call trace nds32: Fix get_user/put_user macro expand pointer problem

6 years, 11 months

1
1
0 0

Linux 4.14.75

by Greg KH

I'm announcing the release of the 4.14.75 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 arch/hexagon/include/asm/bitops.h | 4 arch/hexagon/kernel/dma.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/x86/events/intel/lbr.c | 4 drivers/crypto/caam/caamalg.c | 8 - drivers/crypto/mxs-dcp.c | 53 +++++----- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 - drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 - drivers/crypto/qat/qat_c62x/adf_drv.c | 6 - drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 - drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpiolib-acpi.c | 86 +++++++++-------- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c | 2 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 - drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/hid/hid-apple.c | 9 + drivers/hid/hid-ids.h | 3 drivers/hid/hid-saitek.c | 2 drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hv/connection.c | 8 - drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/iio/temperature/maxim_thermocouple.c | 1 drivers/infiniband/core/ucma.c | 6 + drivers/iommu/amd_iommu.c | 2 drivers/md/dm-raid.c | 5 drivers/md/dm-thin-metadata.c | 34 ++++++ drivers/md/dm-thin.c | 73 ++++++++++++-- drivers/md/raid10.c | 5 drivers/md/raid5-log.h | 5 drivers/md/raid5.c | 6 - drivers/net/ethernet/amazon/ena/ena_com.c | 8 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 - drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 2 drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 +++++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 +++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 - drivers/net/ethernet/realtek/r8169.c | 9 + drivers/net/wireless/mac80211_hwsim.c | 8 - drivers/nvme/target/rdma.c | 27 ++++- drivers/s390/net/qeth_core_main.c | 5 drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/csiostor/csio_hw.c | 16 +-- drivers/scsi/qedi/qedi.h | 7 + drivers/scsi/qedi/qedi_main.c | 28 ++--- drivers/target/iscsi/iscsi_target_login.c | 8 - drivers/tty/serial/mvebu-uart.c | 4 drivers/usb/gadget/udc/fotg210-udc.c | 15 +- drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 +- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 - fs/btrfs/volumes.c | 7 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 + fs/cifs/smb2ops.c | 2 fs/ocfs2/dlm/dlmmaster.c | 4 fs/overlayfs/namei.c | 2 fs/overlayfs/overlayfs.h | 4 fs/overlayfs/util.c | 3 fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- kernel/bpf/verifier.c | 10 + mm/madvise.c | 2 net/mac80211/ibss.c | 22 ++-- net/mac80211/main.c | 28 ++++- net/mac80211/mesh_hwmp.c | 4 net/mac80211/mlme.c | 70 +++++++++++++ net/mac80211/tx.c | 54 +++++----- net/netfilter/nf_tables_api.c | 1 net/netfilter/xt_cluster.c | 14 ++ net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/hv/hv_fcopy_daemon.c | 1 tools/kvm/kvm_stat/kvm_stat | 14 ++ tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/evsel.c | 5 tools/perf/util/trace-event-info.c | 2 tools/power/x86/turbostat/turbostat.c | 2 tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 110 files changed, 974 insertions(+), 306 deletions(-) Alex Deucher (1): drm/amdgpu: add another ATPX quirk for TOPAZ Amir Goldstein (2): ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file Anand Jain (1): btrfs: btrfs_shrink_device should call commit transaction at the end Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Andy Shevchenko (1): gpiolib: acpi: Switch to cansleep version of GPIO library call Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Colin Ian King (1): drm/amd/pp: initialize result to before or'ing in data Dan Carpenter (2): cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Dexuan Cui (1): Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Greg Kroah-Hartman (1): Linux 4.14.75 Hans de Goede (2): gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Horia Geantă (1): crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jann Horn (3): bpf: 32-bit RSH verification must truncate input before the ALU op RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johannes Berg (2): mac80211_hwsim: require at least one channel mac80211: always account for A-MSDU header changes Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Len Brown (1): tools/power turbostat: fix possible sprintf buffer overflow Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Lorenzo Bianconi (2): mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Miklos Szeredi (1): ovl: fix format of setxattr debug Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (2): net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sara Sharon (1): mac80211: avoid kernel panic when building AMSDU from non-linear SKB Sean O'Brien (1): HID: add support for Apple Magic Keyboards Shaohua Li (1): md/raid5-cache: disable reshape completely Singh, Brijesh (1): iommu/amd: Clear memory encryption mask from physical address Song Liu (1): ixgbe: check return value of napi_complete_done() Stefan Raspl (2): tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Varun Prakash (1): scsi: csiostor: add a check for NULL pointer after kmalloc() Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (2): xen/manage: don't complain about an empty value in control/sysrq node tools: hv: fcopy: set 'error' in case an unknown operation was requested Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard

6 years, 11 months

1
1
0 0

Linux 4.9.132

by Greg KH

I'm announcing the release of the 4.9.132 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/include/asm/atomic.h | 2 arch/arm64/include/asm/jump_label.h | 4 - arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/x86/events/intel/lbr.c | 4 + drivers/crypto/mxs-dcp.c | 53 ++++++++------ drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 - drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 - drivers/crypto/qat/qat_c62x/adf_drv.c | 6 - drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 - drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 - drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpio/gpiolib-of.c | 1 drivers/gpio/gpiolib.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 drivers/hid/hid-apple.c | 9 ++ drivers/hid/hid-ids.h | 3 drivers/hid/hid-saitek.c | 2 drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-raid.c | 5 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 +++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 +++ drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 + drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/mac80211_hwsim.c | 3 drivers/nvme/target/rdma.c | 27 ++++++- drivers/s390/net/qeth_core_main.c | 5 - drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/tty/serial/mvebu-uart.c | 4 - drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 +++ fs/xattr.c | 24 +++--- include/linux/jiffies.h | 2 kernel/time/time.c | 10 ++ kernel/time/timeconst.bc | 6 + mm/madvise.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 28 ++++++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 ++++++++++++++++++- net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/pci/hda/patch_realtek.c | 1 tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/perf/util/evsel.c | 5 - tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 67 files changed, 483 insertions(+), 165 deletions(-) Andreas Gruenbacher (1): sysfs: Do not return POSIX ACL xattrs via listxattr Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (2): cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Emmanuel Grumbach (3): mac80211: fix a race between restart and CSA flows mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages Frederic Weisbecker (1): time: Introduce jiffies64_to_nsecs() Greg Kroah-Hartman (1): Linux 4.9.132 Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jan Kiszka (1): serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Peng Li (1): net: hns: add netif_carrier_off before change speed and duplex Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Ricardo Ribalda Delgado (1): gpiolib: Free the last requested descriptor Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Toke Høiland-Jørgensen (1): mac80211: Run TXQ teardown code before de-registering interfaces Vincent Whitchurch (1): gpio: Fix crash due to registration race Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Waiman Long (1): crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer Will Deacon (1): ARC: atomics: unbork atomic_fetch_##op() Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard

6 years, 11 months

1
1
0 0

Linux 4.4.160

by Greg KH

I'm announcing the release of the 4.4.160 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/hwmon/ina2xx | 2 Makefile | 2 arch/arm/boot/dts/dra7.dtsi | 4 - arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/cpufeature.h | 8 +- arch/arm64/include/asm/jump_label.h | 4 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/include/asm/sysreg.h | 1 arch/arm64/kernel/cpufeature.c | 8 ++ arch/arm64/kvm/guest.c | 55 ++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 + arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/entry/entry_64.S | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/block/floppy.c | 3 drivers/bluetooth/btusb.c | 1 drivers/crypto/mxs-dcp.c | 53 ++++++++------ drivers/edac/i7core_edac.c | 22 ++++-- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 drivers/hid/hid-ntrig.c | 2 drivers/hwmon/adt7475.c | 14 ++- drivers/hwmon/ina2xx.c | 13 +++ drivers/i2c/busses/i2c-i801.c | 9 ++ drivers/i2c/busses/i2c-uniphier-f.c | 7 - drivers/i2c/busses/i2c-uniphier.c | 7 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/ulp/srp/ib_srp.c | 6 - drivers/input/mouse/elantech.c | 2 drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 +++++++++++++++++--- drivers/md/md-cluster.c | 19 ++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/fsl-viu.c | 38 ++++++---- drivers/media/platform/omap3isp/isp.c | 2 drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 ++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 - drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hisilicon/hns/hnae.h | 6 - drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 + drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 + drivers/net/wireless/mac80211_hwsim.c | 3 drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/power/reset/vexpress-poweroff.c | 12 ++- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 34 ++++++++- drivers/spi/spi-sh-msiof.c | 28 +++++++ drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/rts5208/sd.c | 2 drivers/target/iscsi/iscsi_target_auth.c | 15 ---- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 + drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/imx.c | 8 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 +++++- drivers/usb/core/driver.c | 28 +++---- drivers/usb/core/usb.c | 2 drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/xattr.c | 5 + fs/nfsd/nfs4proc.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 +++ include/linux/platform_data/ina2xx.h | 2 include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 lib/klist.c | 10 +- mm/madvise.c | 2 mm/slub.c | 6 - net/6lowpan/iphc.c | 1 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 +++++-- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 53 ++++++++++++++ net/wireless/nl80211.c | 1 net/wireless/util.c | 2 sound/aoa/core/gpio-feature.c | 4 - sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/soc-dapm.c | 7 + tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 117 files changed, 815 insertions(+), 286 deletions(-) Aaron Ma (1): Input: elantech - enable middle button of touchpad on ThinkPad P72 Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alexey Khoroshilov (1): media: fsl-viu: fix error handling in viu_of_probe() Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (2): uwb: hwa-rc: fix memory leak at probe usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (3): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size scsi: klist: Make it safe to use klists in atomic context IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Ben Greear (1): ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): staging: rts5208: fix missing error check on call to rtsx_write_register Dan Carpenter (5): vmci: type promotion bug in qp_host_get_user_memory() rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (2): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Gaku Inami (1): spi: sh-msiof: Fix invalid SPI use during system suspend Geert Uytterhoeven (2): spi: rspi: Fix invalid SPI use during system suspend spi: rspi: Fix interrupted DMA transfers Greg Kroah-Hartman (1): Linux 4.4.160 Guoqing Jiang (1): md-cluster: clear another node's suspend_area after the copy is finished Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Huazhong Tan (1): net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jan Beulich (1): x86/entry/64: Add two more instruction suffixes Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Javier Martinez Canillas (1): media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Jian-Hong Pan (1): Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling EDAC, i7core: Fix memleaks and use-after-free on probe and remove Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (3): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Kevin Hilman (1): ARM: dts: dra7: fix DCAN node addresses Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Lothar Felten (1): hwmon: (ina2xx) fix sysfs shunt resistor read access Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Masahiro Yamada (2): i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Michael Scott (1): 6lowpan: iphc: reset mac_header after decompress to fix panic Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mika Westerberg (1): i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sudeep Holla (1): power: vexpress: fix corruption in notifier registration Suzuki K Poulose (1): arm64: cpufeature: Track 32bit EL0 support Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Theodore Ts'o (1): ext4: never move the system.data xattr out of the inode body Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Uwe Kleine-König (1): serial: imx: restore handshaking irq for imx1 Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vincent Pelletier (1): scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Yuan-Chi Pang (1): mac80211: mesh: fix HWMP sequence numbering to follow standard Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

1
1
0 0

[PATCH] xen/balloon: Support xend-based toolstack

by Boris Ostrovsky

Xend-based toolstacks don't have static-max entry in xenstore. The equivalent node for those toolstacks is memory_static_max. Fixes: 5266b8e4445c (xen: fix booting ballooned down hvm guest) Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: <stable(a)vger.kernel.org> # 4.13 --- drivers/xen/xen-balloon.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c index 63c1494a8d73..2acbfe104e46 100644 --- a/drivers/xen/xen-balloon.c +++ b/drivers/xen/xen-balloon.c @@ -76,12 +76,15 @@ static void watch_target(struct xenbus_watch *watch, if (!watch_fired) { watch_fired = true; - err = xenbus_scanf(XBT_NIL, "memory", "static-max", "%llu", - &static_max); - if (err != 1) - static_max = new_target; - else + + if ((xenbus_scanf(XBT_NIL, "memory", "static-max", + "%llu", &static_max) == 1) || + (xenbus_scanf(XBT_NIL, "memory", "memory_static_max", + "%llu", &static_max) == 1)) static_max >>= PAGE_SHIFT - 10; + else + static_max = new_target; + target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0 : static_max - balloon_stats.target_pages; } -- 2.17.1

6 years, 11 months

2
2
0 0

[PATCH] mm: Preserve _PAGE_DEVMAP across mprotect() calls

by Jan Kara

Currently _PAGE_DEVMAP bit is not preserved in mprotect(2) calls. As a result we will see warnings such as: BUG: Bad page map in process JobWrk0013 pte:800001803875ea25 pmd:7624381067 addr:00007f0930720000 vm_flags:280000f9 anon_vma: (null) mapping:ffff97f2384056f0 index:0 file:457-000000fe00000030-00000009-000000ca-00000001_2001.fileblock fault:xfs_filemap_fault [xfs] mmap:xfs_file_mmap [xfs] readpage: (null) CPU: 3 PID: 15848 Comm: JobWrk0013 Tainted: G W 4.12.14-2.g7573215-default #1 SLE12-SP4 (unreleased) Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.01.00.0833.051120182255 05/11/2018 Call Trace: dump_stack+0x5a/0x75 print_bad_pte+0x217/0x2c0 ? enqueue_task_fair+0x76/0x9f0 _vm_normal_page+0xe5/0x100 zap_pte_range+0x148/0x740 unmap_page_range+0x39a/0x4b0 unmap_vmas+0x42/0x90 unmap_region+0x99/0xf0 ? vma_gap_callbacks_rotate+0x1a/0x20 do_munmap+0x255/0x3a0 vm_munmap+0x54/0x80 SyS_munmap+0x1d/0x30 do_syscall_64+0x74/0x150 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 ... when mprotect(2) gets used on DAX mappings. Also there is a wide variety of other failures that can result from the missing _PAGE_DEVMAP flag when the area gets used by get_user_pages() later. Fix the problem by including _PAGE_DEVMAP in a set of flags that get preserved by mprotect(2). Fixes: 69660fd797c3 ("x86, mm: introduce _PAGE_DEVMAP") Fixes: ebd31197931d ("powerpc/mm: Add devmap support for ppc64") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 ++-- arch/x86/include/asm/pgtable_types.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h index 2fdc865ca374..2a2486526d1f 100644 --- a/arch/powerpc/include/asm/book3s/64/pgtable.h +++ b/arch/powerpc/include/asm/book3s/64/pgtable.h @@ -114,7 +114,7 @@ */ #define _HPAGE_CHG_MASK (PTE_RPN_MASK | _PAGE_HPTEFLAGS | _PAGE_DIRTY | \ _PAGE_ACCESSED | H_PAGE_THP_HUGE | _PAGE_PTE | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) /* * user access blocked by key */ @@ -132,7 +132,7 @@ */ #define _PAGE_CHG_MASK (PTE_RPN_MASK | _PAGE_HPTEFLAGS | _PAGE_DIRTY | \ _PAGE_ACCESSED | _PAGE_SPECIAL | _PAGE_PTE | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define H_PTE_PKEY (H_PTE_PKEY_BIT0 | H_PTE_PKEY_BIT1 | H_PTE_PKEY_BIT2 | \ H_PTE_PKEY_BIT3 | H_PTE_PKEY_BIT4) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index b64acb08a62b..106b7d0e2dae 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -124,7 +124,7 @@ */ #define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \ - _PAGE_SOFT_DIRTY) + _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE) /* -- 2.16.4

6 years, 11 months

4
4
0 0

[PATCH 4.14 00/94] 4.14.75-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.75 release. There are 94 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:37 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.75-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.75-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Len Brown <len.brown(a)intel.com> tools/power turbostat: fix possible sprintf buffer overflow Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add another ATPX quirk for TOPAZ Colin Ian King <colin.king(a)canonical.com> drm/amd/pp: initialize result to before or'ing in data ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 + drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/mxs-dcp.c | 53 +++++++------ drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/gpio/gpiolib-acpi.c | 86 +++++++++++++--------- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++-- .../gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++++ drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 ++ drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 +++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 +++++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 +++++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 8 +- drivers/nvme/target/rdma.c | 27 ++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/csiostor/csio_hw.c | 16 ++-- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 +++---- drivers/target/iscsi/iscsi_target_login.c | 8 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++-- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/btrfs/volumes.c | 7 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++++ fs/xattr.c | 24 +++--- kernel/bpf/verifier.c | 10 ++- mm/madvise.c | 2 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 28 +++++-- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++++++++++- net/mac80211/tx.c | 54 ++++++++------ net/netfilter/nf_conntrack_proto_dccp.c | 12 +-- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++-- net/netfilter/nf_conntrack_proto_tcp.c | 12 +-- net/netfilter/nf_conntrack_proto_udp.c | 20 ++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 +++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 14 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/power/x86/turbostat/turbostat.c | 2 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 119 files changed, 1046 insertions(+), 352 deletions(-)

6 years, 11 months

6
102
0 0

[PATCH] ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715

by Hui Wang

The front MIC on the Lenovo M715 can't record sound, after applying the ALC294_FIXUP_LENOVO_MIC_LOCATION, the problem is fixed. So add the pin configuration of this machine to the pin quirk table. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 6f3c8e888c2a..2871c54f62ab 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6840,6 +6840,12 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1a, 0x02a11040}, {0x1b, 0x01014020}, {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, + {0x14, 0x90170110}, + {0x19, 0x02a11030}, + {0x1a, 0x02a11040}, + {0x1b, 0x01011020}, + {0x21, 0x0221101f}), SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, {0x14, 0x90170110}, {0x19, 0x02a11020}, -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH v5 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

6 years, 11 months

1
0
0 0

[PATCH 4.18 000/168] 4.18.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.13 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.13-rc1 Song Liu <songliubraving(a)fb.com> ixgbe: check return value of napi_complete_done() Anisse Astier <anisse(a)astier.eu> HID: i2c-hid: disable runtime PM operations on hantick touchpad Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Vitaly Kuznetsov <vkuznets(a)redhat.com> tools: hv: fcopy: set 'error' in case an unknown operation was requested Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Horia Geantă <horia.geanta(a)nxp.com> crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Harsh Jain <harsh(a)chelsio.com> crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Singh, Brijesh <brijesh.singh(a)amd.com> iommu/amd: Clear memory encryption mask from physical address Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Nathan Chancellor <natechancellor(a)gmail.com> cpufreq: qcom-kryo: Fix section annotations Bjorn Andersson <bjorn.andersson(a)linaro.org> firmware: Always initialize the fw_priv list object Rishabh Bhatnagar <rishabhb(a)codeaurora.org> firmware: Fix security issue with request_firmware_into_buf() Larry Finger <Larry.Finger(a)lwfinger.net> b43: fix DMA error related regression with proprietary firmware Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix format of setxattr debug Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak on unlink of indexed file Amir Goldstein <amir73il(a)gmail.com> ovl: fix access beyond unterminated strings Miklos Szeredi <miklos(a)szeredi.hu> ovl: set I_CREATING on inode being created Miklos Szeredi <mszeredi(a)redhat.com> vfs: don't evict uninitialized inode Al Viro <viro(a)zeniv.linux.org.uk> new primitive: discard_new_inode() Randy Dunlap <rdunlap(a)infradead.org> x86/APM: Fix build warning when PROC_FS is not enabled Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Andrew Murray <andrew.murray(a)arm.com> asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: Fix SDMA hang in prt mode v2 Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Cong Wang <xiyou.wangcong(a)gmail.com> netfilter: xt_hashlimit: use s->file instead of s->private Michal 'vorner' Vaner <michal.vaner(a)avast.com> netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> sched/topology: Set correct NUMA topology type Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing calls to READ_ONCE Netanel Belgazal <netanel(a)amazon.com> net: ena: fix missing lock during device destruction Netanel Belgazal <netanel(a)amazon.com> net: ena: fix potential double ena_destroy_device() Netanel Belgazal <netanel(a)amazon.com> net: ena: fix device destruction to gracefully free resources Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Netanel Belgazal <netanel(a)amazon.com> net: ena: fix surprise unplug NULL dereference kernel crash Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix RAID leg rebuild errors Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix stripe adding reshape deadlock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/disp: fix DP disable race Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau: fix oops in client init failure path Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix reshape race on small devices Kai-Heng Feng <kai.heng.feng(a)canonical.com> HID: i2c-hid: Don't reset device upon system resume Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Anurag Kumar Vulisha <anurag.kumar.vulisha(a)xilinx.com> usb: host: xhci-plat: Iterate over parent nodes for finding quirks Hans de Goede <hdegoede(a)redhat.com> HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Guenter Roeck <linux(a)roeck-us.net> riscv: Do not overwrite initrd_start and initrd_end Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Matt Ranostay <matt.ranostay(a)konsulko.com> Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: release chain in flushing set Florian Westphal <fw(a)strlen.de> netfilter: kconfig: nat related expression depend on nftables core Kim Phillips <kim.phillips(a)arm.com> perf annotate: Fix parsing aarch64 branch instructions after objdump update Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Chris Phlipot <cphlipot0(a)gmail.com> perf util: Fix bad memory access in trace info. Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Martin Liška <mliska(a)suse.cz> perf annotate: Properly interpret indirect call Nilesh Javali <nilesh.javali(a)cavium.com> scsi: qedi: Add the CRC size within iSCSI NVM image Mike Christie <mchristi(a)redhat.com> scsi: iscsi: target: Fix conn_ops double free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Andreas Bosch <linux(a)progandy.de> HID: intel-ish-hid: Enable Sunrise Point-H ish driver Florian Westphal <fw(a)strlen.de> netfilter: xt_checksum: ignore gso skbs Martin Willi <martin(a)strongswan.org> netfilter: xt_cluster: add dependency on conntrack module Jann Horn <jannh(a)google.com> bpf: 32-bit RSH verification must truncate input before the ALU op Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages David Howells <dhowells(a)redhat.com> afs: Fix cell specification to permit an empty address list Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero Ilya Dryomov <idryomov(a)gmail.com> ceph: avoid a use-after-free in ceph_destroy_options() Greentime Hu <greentime(a)andestech.com> nds32: linker script: GCOV kernel may refers data in __exit Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Greentime Hu <greentime(a)andestech.com> nds32: fix build error because of wrong semicolon Zong Li <zong(a)andestech.com> nds32: Fix get_user/put_user macro expand pointer problem Zong Li <zong(a)andestech.com> nds32: Fix empty call trace YueHaibing <yuehaibing(a)huawei.com> nds32: add NULL entry to the end of_device_id array Greentime Hu <greentime(a)andestech.com> nds32: fix logic for module Ivan Mikhaylov <ivan(a)de.ibm.com> net/ibm/emac: wrong emac_calc_base call was used by typo Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix ignore mask logic in fsnotify() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dreyfuss, Haim <haim.dreyfuss(a)intel.com> mac80211: fix WMM TXOP calculation Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: fix an off-by-one issue in A-MSDU max_subframe computation Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP John Fastabend <john.fastabend(a)gmail.com> bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP Tushar Dave <tushar.n.dave(a)oracle.com> bpf: Fix bpf_msg_pull_data() Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Include missing return code checks in reset function Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: detect correct binary to ping ipv6 addresses Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: maximum MTU for vti4 is 2^16-1-20 Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Shaohua Li <shli(a)fb.com> md/raid5-cache: disable reshape completely Dennis Zhou (Facebook) <dennisszhou(a)gmail.com> Revert "blk-throttle: fix race between blkcg_bio_issue_check() and cgroup_rmdir()" Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix updates for dead guests Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix handling of invalid paths in debugfs provider Stefan Raspl <stefan.raspl(a)de.ibm.com> tools/kvm_stat: fix python3 issues Johannes Berg <johannes.berg(a)intel.com> mac80211: always account for A-MSDU header changes Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mac80211: do not convert to A-MSDU if frag/subframe limited Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Paolo Abeni <pabeni(a)redhat.com> tc-testing: add test-cases for numeric and invalid control action Baruch Siach <baruch(a)tkos.co.il> net: mvpp2: initialize port of_node pointer Chris Brandt <chris.brandt(a)renesas.com> sh_eth: Add R7S9210 support Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Peng Li <lipeng321(a)huawei.com> net: hns: add the code for cleaning pkt in chip Cong Wang <xiyou.wangcong(a)gmail.com> tipc: switch to rhashtable iterator Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sg shift repair start offset in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data Alexey Khoroshilov <khoroshilov(a)ispras.ru> gpio: dwapb: Fix error handling in dwapb_gpio_probe() Hans de Goede <hdegoede(a)redhat.com> gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: acpi: Switch to cansleep version of GPIO library call Sara Sharon <sara.sharon(a)intel.com> mac80211: avoid kernel panic when building AMSDU from non-linear SKB Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix several offset tests in bpf_msg_pull_data Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Pass center frequency in kHz instead of MHz Haim Dreyfuss <haim.dreyfuss(a)intel.com> nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP Jinbum Park <jinb.park7(a)gmail.com> mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom Stanislaw Gruszka <sgruszka(a)redhat.com> cfg80211: make wmm_rule part of the reg_rule structure Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, decrement copied count correctly in redirect error case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix potential use after free in bpf_tcp_close Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aacraid: fix a signedness bug Geert Uytterhoeven <geert(a)linux-m68k.org> scsi: libata: Add missing newline at end of file Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix incorrect port capabilities Varun Prakash <varun(a)chelsio.com> scsi: csiostor: add a check for NULL pointer after kmalloc() Anand Jain <anand.jain(a)oracle.com> btrfs: btrfs_shrink_device should call commit transaction at the end Johannes Berg <johannes.berg(a)intel.com> cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule) Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Robbie Ko <robbieko(a)synology.com> Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: require at least one channel Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> rseq/selftests: fix parametrized test with -fpie ------------- Diffstat: Documentation/devicetree/bindings/net/sh_eth.txt | 1 + Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/nds32/include/asm/elf.h | 4 +- arch/nds32/include/asm/uaccess.h | 26 ++-- arch/nds32/kernel/atl2c.c | 3 +- arch/nds32/kernel/module.c | 4 +- arch/nds32/kernel/traps.c | 2 +- arch/nds32/kernel/vmlinux.lds.S | 12 ++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + block/blk-cgroup.c | 78 +++-------- drivers/ata/libata-core.c | 2 +- drivers/base/firmware_loader/main.c | 35 +++-- drivers/cpufreq/qcom-cpufreq-kryo.c | 4 +- drivers/crypto/caam/caamalg.c | 8 +- drivers/crypto/chelsio/chcr_algo.c | 32 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 + drivers/crypto/mxs-dcp.c | 53 ++++---- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/firmware/arm_scmi/perf.c | 8 +- drivers/gpio/gpio-adp5588.c | 24 +++- drivers/gpio/gpio-dwapb.c | 1 + drivers/gpio/gpiolib-acpi.c | 86 +++++++----- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 24 ++-- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/hv/connection.c | 8 +- drivers/i2c/busses/i2c-uniphier-f.c | 7 +- drivers/i2c/busses/i2c-uniphier.c | 7 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/iommu/amd_iommu.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/md/raid10.c | 5 +- drivers/md/raid5-log.h | 5 + drivers/md/raid5.c | 6 +- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/cadence/macb_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 67 ++++++++- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 36 +++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 44 ++++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 8 ++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 29 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 3 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 23 ++++ drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 1 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 21 ++- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/ibm/emac/core.c | 6 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/net/ethernet/renesas/sh_eth.c | 36 +++++ drivers/net/wireless/broadcom/b43/dma.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 50 +------ drivers/net/wireless/mac80211_hwsim.c | 12 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/csiostor/csio_hw.c | 71 +++++++--- drivers/scsi/csiostor/csio_hw.h | 1 + drivers/scsi/csiostor/csio_mb.c | 6 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/afs/proc.c | 15 +-- fs/btrfs/ctree.h | 1 + fs/btrfs/disk-io.c | 1 + fs/btrfs/inode.c | 25 +--- fs/btrfs/ioctl.c | 16 +++ fs/btrfs/volumes.c | 7 +- fs/ceph/super.c | 16 ++- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 +- fs/dcache.c | 2 +- fs/inode.c | 53 +++++++- fs/notify/fsnotify.c | 13 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/overlayfs/dir.c | 4 + fs/overlayfs/namei.c | 2 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/util.c | 3 +- fs/proc/base.c | 14 ++ fs/xattr.c | 24 ++-- include/asm-generic/io.h | 3 +- include/linux/blk-cgroup.h | 1 - include/linux/fs.h | 6 +- include/net/cfg80211.h | 4 +- include/net/regulatory.h | 4 +- kernel/bpf/sockmap.c | 64 +++++---- kernel/bpf/verifier.c | 10 +- kernel/sched/topology.c | 5 +- mm/madvise.c | 2 +- net/core/filter.c | 57 ++++---- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/mac80211/ibss.c | 22 +-- net/mac80211/main.c | 28 +++- net/mac80211/mesh_hwmp.c | 4 + net/mac80211/mlme.c | 70 +++++++++- net/mac80211/tx.c | 54 ++++---- net/mac80211/util.c | 11 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- net/tipc/diag.c | 2 + net/tipc/netlink.c | 2 + net/tipc/socket.c | 76 +++++++---- net/tipc/socket.h | 2 + net/wireless/nl80211.c | 15 ++- net/wireless/reg.c | 91 ++----------- net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/hv/hv_fcopy_daemon.c | 1 + tools/kvm/kvm_stat/kvm_stat | 25 +++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- tools/testing/selftests/net/pmtu.sh | 7 +- tools/testing/selftests/rseq/param_test.c | 19 +-- .../tc-testing/tc-tests/actions/police.json | 48 +++++++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 +- 189 files changed, 1892 insertions(+), 1029 deletions(-)

6 years, 11 months

6
180
0 0

[PATCH 4.9 00/59] 4.9.132-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.132 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Oct 10 17:55:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.132-rc1 Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> gpiolib: Free the last requested descriptor Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Waiman Long <longman(a)redhat.com> crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Andreas Gruenbacher <agruenba(a)redhat.com> sysfs: Do not return POSIX ACL xattrs via listxattr Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Olaf Hering <olaf(a)aepfle.de> xen: avoid crash in disable_hotplug_cpu Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Wenjia Zhang <wenjia(a)linux.ibm.com> s390/qeth: use vzalloc for QUERY OAT buffer Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda <miguel.ojeda.sandonis(a)gmail.com> arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Jacek Tomaka <jacek.tomaka(a)poczta.fm> perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Netanel Belgazal <netanel(a)amazon.com> net: ena: fix driver when PAGE_SIZE == 64kB Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix rebuild of specific devices by updating superblock Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Consider PCI domain in search for next dev Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bogus dereference under heavy load Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Ignore SyS symbols irrespective of endianness Hisao Tanabe <xtanabe(a)gmail.com> perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Harry Mallon <hjmallon(a)gmail.com> HID: hid-saitek: Add device ID for RAT 7 Contagion Stephen Boyd <swboyd(a)chromium.org> pinctrl: msm: Really mask level interrupts to prevent latching Anton Vasilyev <vasilyev(a)ispras.ru> usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Sean O'Brien <seobrien(a)chromium.org> HID: add support for Apple Magic Keyboards Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't Tx a deauth frame if the AP forbade Tx Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Dan Carpenter <dan.carpenter(a)oracle.com> cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP Masahiro Yamada <yamada.masahiro(a)socionext.com> i2c: uniphier: issue STOP only for last message or I2C_M_STOP Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Will Deacon <will.deacon(a)arm.com> ARC: atomics: unbork atomic_fetch_##op() Vincent Whitchurch <vincent.whitchurch(a)axis.com> gpio: Fix crash due to registration race Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Peng Li <lipeng321(a)huawei.com> net: hns: add netif_carrier_off before change speed and duplex Yuan-Chi Pang <fu3mo6goo(a)gmail.com> mac80211: mesh: fix HWMP sequence numbering to follow standard Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Toke Høiland-Jørgensen <toke(a)toke.dk> mac80211: Run TXQ teardown code before de-registering interfaces Frederic Weisbecker <fweisbec(a)gmail.com> time: Introduce jiffies64_to_nsecs() Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/atomic.h | 2 +- arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 6 +- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62x/adf_drv.c | 6 +- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 6 +- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 6 +- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/gpio/gpiolib-of.c | 1 + drivers/gpio/gpiolib.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/i2c/busses/i2c-uniphier-f.c | 7 +-- drivers/i2c/busses/i2c-uniphier.c | 7 +-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/mac80211_hwsim.c | 3 - drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/tty/serial/mvebu-uart.c | 4 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/xattr.c | 24 +++---- include/linux/jiffies.h | 2 + kernel/time/time.c | 10 +++ kernel/time/timeconst.bc | 6 ++ mm/madvise.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 28 +++++++-- net/mac80211/mesh_hwmp.c | 4 ++ net/mac80211/mlme.c | 70 ++++++++++++++++++++- net/wireless/nl80211.c | 1 + net/wireless/util.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 68 files changed, 510 insertions(+), 166 deletions(-)

6 years, 11 months

5
64
0 0

[PATCH] drm/vc4: Set ->is_yuv to false when num_planes == 1

by Boris Brezillon

When vc4_plane_state is duplicated ->is_yuv is left assigned to its previous value, and we never set it back to false when switching to a non-YUV format. Fix that by setting ->is_yuv to false in the 'num_planes == 1' branch of the vc4_plane_setup_clipping_and_scaling() function. Fixes: fc04023fafecf ("drm/vc4: Add support for YUV planes.") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/vc4/vc4_plane.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index d04b3c3246ba..60d5ad19cedd 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -321,6 +321,7 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) if (vc4_state->is_unity) vc4_state->x_scaling[0] = VC4_SCALING_PPF; } else { + vc4_state->is_yuv = false; vc4_state->x_scaling[1] = VC4_SCALING_NONE; vc4_state->y_scaling[1] = VC4_SCALING_NONE; } -- 2.14.1

6 years, 11 months

2
1
0 0

[PATCH] usb: dwc3: gadget: Properly check last unaligned/zero chain TRB

by Thinh Nguyen

Current check for the last extra TRB for zero and unaligned transfers does not account for isoc OUT. The last TRB of the Buffer Descriptor for isoc OUT transfers will be retired with HWO=0. As a result, we won't return early. The req->remaining will be updated to include the BUFSIZ count of the extra TRB, and the actual number of transferred bytes calculation will be wrong. To fix this, check whether it's a short or zero packet and the last TRB chain bit to return early. Cc: stable(a)vger.kernel.org Fixes: c6267a51639b ("usb: dwc3: gadget: align transfers to wMaxPacketSize") Signed-off-by: Thinh Nguyen <thinhn(a)synopsys.com> --- drivers/usb/dwc3/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 032ea7d709ba..c09e4f784810 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -2251,7 +2251,7 @@ static int dwc3_gadget_ep_reclaim_completed_trb(struct dwc3_ep *dep, * with one TRB pending in the ring. We need to manually clear HWO bit * from that TRB. */ - if ((req->zero || req->unaligned) && (trb->ctrl & DWC3_TRB_CTRL_HWO)) { + if ((req->zero || req->unaligned) && !(trb->ctrl & DWC3_TRB_CTRL_CHN)) { trb->ctrl &= ~DWC3_TRB_CTRL_HWO; return 1; } -- 2.11.0

6 years, 11 months

2
1
0 0

[PATCH 4.18 000/235] 4.18.10-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.10 release. There are 235 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 26 11:30:01 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.10-rc1 Brijesh Singh <brijesh.singh(a)amd.com> crypto: ccp - add timeout support in the SEV command Dan Carpenter <dan.carpenter(a)oracle.com> mei: bus: type promotion bug in mei_nfc_if_version() Mikko Perttunen <mperttunen(a)nvidia.com> clk: tegra: bpmp: Don't crash when a clock fails to register Douglas Anderson <dianders(a)chromium.org> pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant Douglas Anderson <dianders(a)chromium.org> pinctrl: msm: Fix msm_config_group_get() to be compliant Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Respect error code of ->get_direction() Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() Ming Lei <ming.lei(a)redhat.com> blk-mq: only attempt to merge bio if there is rq in sw queue Jann Horn <jannh(a)google.com> IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers Randy Dunlap <rdunlap(a)infradead.org> block/DAC960.c: fix defined but not used build warnings Bart Van Assche <bart.vanassche(a)wdc.com> IB/nes: Fix a compiler warning Ioana Radulescu <ruxandra.radulescu(a)nxp.com> staging: fsl-dpaa2/eth: Fix DMA mapping direction Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0 Harry Wentland <harry.wentland(a)amd.com> drm/amd/pp: Send khz clock values to DC for smu7/8 Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: perf: Disable PMU while processing counter overflows Dan Carpenter <dan.carpenter(a)oracle.com> drm/panel: type promotion bug in s6e8aa0_read_mtp_id() Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5651: Fix workqueue cancel vs irq free race on remove John Stultz <john.stultz(a)linaro.org> selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress Sibi Sankar <sibis(a)codeaurora.org> remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix panic if driver unloaded when port is offline James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix NVME Target crash in defer rcv logic Hannes Reinecke <hare(a)suse.de> scsi: libfc: fixup 'sleeping function called from invalid context' Timo Wischer <twischer(a)de.adit-jv.com> ALSA: pcm: Fix snd_interval_refine first/last with open min/max Li Zhijian <lizhijian(a)cn.fujitsu.com> selftests/android: initialize heap_type to avoid compiling warning Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run Zhouyang Jia <jiazhouyang09(a)gmail.com> rtc: bq4802: add error handling for devm_ioremap Wei Lu <wei.lu2(a)amd.com> drm/amdkfd: Fix error codes in kfd_get_process Shaoyun Liu <Shaoyun.Liu(a)amd.com> drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> rcu: Fix grace-period hangs due to race with CPU offline Peter Rosin <peda(a)axentia.se> input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Peter Rosin <peda(a)axentia.se> mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Arnd Bergmann <arnd(a)arndb.de> rcutorture: Use monotonic timestamp for stall detection Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: make sure we use single queue mode on PPv2.1 Linus Walleij <linus.walleij(a)linaro.org> net: gemini: Allow multiple ports to instantiate Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Mark gpio_suffixes array with __maybe_unused Wei Yongjun <weiyongjun1(a)huawei.com> gpio: pxa: Fix potential NULL dereference Tuomas Tynkkynen <tuomas(a)tuxera.com> staging: bcm2835-audio: Don't leak workqueue if open fails Matias Bjørling <mb(a)lightnvm.io> lightnvm: pblk: enable line minor version detection Hans Holmberg <hans.holmberg(a)cnexlabs.com> lightnvm: pblk: assume that chunks are closed on 1.2 devices Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data() Eric Yang <Eric.Yang2(a)amd.com> drm/amd/display: support access ddc for mst branch Dan Williams <dan.j.williams(a)intel.com> tools/testing/nvdimm: Fix support for emulating controller temperature Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do checkpoint in kill_sb Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 Robin Murphy <robin.murphy(a)arm.com> coresight: tpiu: Fix disabling timeouts Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: Handle errors in finding input/output ports Quentin Perret <quentin.perret(a)arm.com> sched/fair: Fix util_avg of new tasks for asymmetric systems Julia Lawall <Julia.Lawall(a)lip6.fr> parport: sunbpp: fix error return code Boris Pismenny <borisp(a)mellanox.com> tls: Fix zerocopy_from_iter iov handling Thierry Reding <treding(a)nvidia.com> drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping Karol Herbst <karolherbst(a)gmail.com> drm/nouveau/debugfs: Wake up GPU before doing any reclocking Lyude Paul <lyude(a)redhat.com> drm/nouveau: Fix runtime PM leak in drm_open() Stefan Agner <stefan(a)agner.ch> mmc: sdhci: do not try to use 3.3V signaling if not supported Stefan Agner <stefan(a)agner.ch> mmc: tegra: prevent HS200 on Tegra 3 Laurentiu Tudor <laurentiu.tudor(a)nxp.com> mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding Johan Hovold <johan(a)kernel.org> tty: fix termios input-speed encoding when using BOTHER Alexander Sverdlin <alexander.sverdlin(a)nokia.com> serial: 8250: of: Correct of_platform_serial_setup() error handling Bartosz Golaszewski <brgl(a)bgdev.pl> gpiolib: don't allow userspace to set values of input lines Russell King <rmk+kernel(a)armlinux.org.uk> ASoC: hdmi-codec: fix routing Enrico Scholz <enrico.scholz(a)sigma-chemnitz.de> gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes Rick Farrington <ricardo.farrington(a)cavium.com> liquidio: fix hang when re-binding VF host drv after running DPDK VF driver Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: check of_iomap and fix missing of_node_put Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Fix return value error in hns3_reset_notify_down_enet Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: fix error handling and missing of_node_put Nicholas Mc Guire <hofrat(a)osadl.org> ARM: hisi: handle of_iomap and fix missing of_node_put Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for reset_level default assignment probelm Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Reset net device with rtnl_lock Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/esrt: Only call efi_mem_reserve() for boot services memory Andrea Parri <andrea.parri(a)amarulasolutions.com> sched/core: Use smp_mb() in wake_woken_function() Ryder Lee <ryder.lee(a)mediatek.com> arm64: dts: mt7622: update a clock property for UART0 Tony Lindgren <tony(a)atomide.com> pinctrl: pinmux: Return selector to the pinctrl driver Tony Lindgren <tony(a)atomide.com> pinctrl: rza1: Fix selector use for groups and functions Sean Wang <sean.wang(a)mediatek.com> pinctrl: mt7622: Fix probe fail by misuse the selector Mike Christie <mchristi(a)redhat.com> configfs: fix registered group removal Paul Burton <paul.burton(a)mips.com> MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables Arvind Yadav <arvind.yadav.cs(a)gmail.com> PM / devfreq: use put_device() instead of kfree() Eric Biggers <ebiggers(a)google.com> security: check for kstrdup() failure in lsm_append() Nicholas Mc Guire <hofrat(a)osadl.org> KVM: PPC: Book3S HV: Add of_node_put() in success path Matthew Garrett <mjg59(a)google.com> evm: Don't deadlock if a crypto algorithm is unavailable Philipp Puschmann <pp(a)emlix.com> Bluetooth: Use lock_sock_nested in bt_accept_enqueue Alexandre Belloni <alexandre.belloni(a)bootlin.com> spi: dw: fix possible race condition Roman Gushchin <guro(a)fb.com> bpf: fix rcu annotations in compute_effective_progs() Miklos Szeredi <mszeredi(a)redhat.com> vfs: fix freeze protection in mnt_want_write_file() for overlayfs Jann Horn <jannh(a)google.com> mtdchar: fix overflows in adjustment of `count` Ronny Chevalier <ronny.chevalier(a)hp.com> audit: fix use-after-free in audit_add_watch Viresh Kumar <viresh.kumar(a)linaro.org> arm64: dts: uniphier: Add missing cooling device properties for CPUs Noa Osherovich <noaos(a)mellanox.com> net/mlx5: Add missing SET_DRIVER_VERSION command translation Maciej W. Rozycki <macro(a)mips.com> binfmt_elf: Respect error return from `regset->active' Johan Hovold <johan(a)kernel.org> mmc: meson-mx-sdio: fix OF child-node lookup Johan Hovold <johan(a)kernel.org> of: add helper to lookup compatible child node Trond Myklebust <trondmy(a)gmail.com> NFSv4.1 fix infinite loop on I/O. Trond Myklebust <trondmy(a)gmail.com> NFSv4: Fix a tracepoint Oops in initiate_file_draining() Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/EISA: Don't probe EISA bus for Xen PV guests Rob Herring <robh(a)kernel.org> of: fix phandle cache creation for DTs with no phandles Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix maps__find_symbol_by_name() Yabin Cui <yabinc(a)google.com> perf/core: Force USER_DS when recording user stack data Max Filippov <jcmvbkbc(a)gmail.com> xtensa: ISS: don't allocate memory in platform_setup Dan Carpenter <dan.carpenter(a)oracle.com> cifs: integer overflow in in SMB2_ioctl() Dan Carpenter <dan.carpenter(a)oracle.com> CIFS: fix wrapping bugs in num_entries() Dan Carpenter <dan.carpenter(a)oracle.com> cifs: prevent integer overflow in nxt_dir_entry() Oliver Neukum <oneukum(a)suse.com> Revert "cdc-acm: implement put_char() and flush_chars()" Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Fix buffer over-read in yurex_write() Johan Hovold <johan(a)kernel.org> USB: serial: ti_usb_3410_5052: fix array underflow in completion handler Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: misc: uss720: Fix two sleep-in-atomic-context bugs Johan Hovold <johan(a)kernel.org> USB: serial: io_ti: fix array underflow in completion handler Alan Stern <stern(a)rowland.harvard.edu> USB: net2280: Fix erroneous synchronization change Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 Maxence Duprès <xpros64(a)hotmail.fr> USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() Oliver Neukum <oneukum(a)suse.com> usb: uas: add support for more quirk flags Tim Anderson <tsa(a)biglakesoftware.com> USB: Add quirk to support DJI CineSSD Mikulas Patocka <mpatocka(a)redhat.com> dm verity: fix crash on bufio buffer that was allocated with vmalloc Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: need to unlink client before freeing Tomas Winkler <tomas.winkler(a)intel.com> mei: bus: fix hw module get/put balance Alexander Usyskin <alexander.usyskin(a)intel.com> mei: ignore not found client in the enumeration Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: mtu3: fix error of xhci port id when enable U3 dual role Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci: fix interrupt transfer error happened on MTK platforms Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Don't die twice if PCI xhci host is not responding in resume Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use after free for URB cancellation on a reallocated endpoint Gustavo A. R. Silva <gustavo(a)embeddedor.com> misc: hmc6352: fix potential Spectre v1 Bryant G. Ly <bryantly(a)linux.ibm.com> misc: ibmvsm: Fix wrong assignment of return code K. Y. Srinivasan <kys(a)microsoft.com> Tools: hv: Fix a bug in the key delete code Stephen Hemminger <stephen(a)networkplumber.org> vmbus: don't return values for uninitalized channels Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix oopses in ovl_fill_super() failure paths Corey Minyard <cminyard(a)mvista.com> ipmi: Fix I2C client removal in the SSIF driver Corey Minyard <cminyard(a)mvista.com> ipmi: Move BT capabilities detection to the detect call Corey Minyard <cminyard(a)mvista.com> ipmi: Rework SMI registration failure Andreas Kemnade <andreas(a)kemnade.info> mmc: omap_hsmmc: fix wakeirq handling on removal Ingo Franzki <ifranzki(a)linux.ibm.com> s390/crypto: Fix return code checking in cbc_paes_crypt() Aaron Knister <aaron.s.knister(a)nasa.gov> IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler Juergen Gross <jgross(a)suse.com> xen/netfront: fix waiting for xenbus state change Bin Yang <bin.yang(a)intel.com> pstore: Fix incorrect persistent ram buffer mapping Parav Pandit <parav(a)mellanox.com> RDMA/cma: Protect cma dev list with lock Xiao Liang <xiliang(a)redhat.com> xen-netfront: fix warn message as irq device name has '/' Alexandru Gagniuc <mr.nuke.me(a)gmail.com> PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST Joerg Roedel <jroedel(a)suse.de> x86/mm/pti: Add an overflow check to pti_clone_pmds() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiang Biao <jiang.biao2(a)zte.com.cn> x86/pti: Check the return value of pti_user_pagetable_walk_p4d() Michael Müller <michael(a)fds-team.de> crypto: sharah - Unregister correct algorithms for SAHARA 3 Hanna Hawa <hannah(a)marvell.com> dmaengine: mv_xor_v2: kill the tasklets upon exit Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Fix warning Bad of_node_put() Niklas Cassel <niklas.cassel(a)linaro.org> regulator: qcom_spmi: Use correct regmap when checking for error Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp: Set Max clock level to display by default Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> i2c: aspeed: Fix initial values of master and slave state Pingfan Liu <kernelfans(a)gmail.com> drivers/base: stop new probing during shutdown Christoffer Dall <christoffer.dall(a)arm.com> KVM: arm/arm64: Fix vgic init race Randy Dunlap <rdunlap(a)infradead.org> platform/x86: toshiba_acpi: Fix defined but not used build warnings Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: reset layer2 attribute on layer switch Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix race in used-buffer accounting Bjorn Andersson <bjorn.andersson(a)linaro.org> soc: qcom: smem: Correct check for global partition Bhushan Shah <bshah(a)kde.org> ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Loic Poulain <loic.poulain(a)linaro.org> arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Vitaly Kuznetsov <vkuznets(a)redhat.com> xen-netfront: fix queue name setting Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid buffer leak when FW communication fails Yue Wang <yuleopen(a)gmail.com> ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi/arm: preserve early mapping of UEFI memory map longer for BGRT Leonard Crestez <leonard.crestez(a)nxp.com> reset: imx7: Fix always writing bits as 0 Mark Rutland <mark.rutland(a)arm.com> arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() YueHaibing <yuehaibing(a)huawei.com> wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Piotr Sawicki <p.sawicki2(a)partner.samsung.com> Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Manikanta Pubbisetty <mpubbise(a)codeaurora.org> mac80211: restrict delayed tailroom needed decrement Paul Cercueil <paul(a)crapouillou.net> MIPS: jz4740: Bump zload address Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Mc Guire <hofrat(a)osadl.org> staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout Sandipan Das <sandipan(a)linux.ibm.com> perf script: Show correct offsets for DWARF-based unwinding Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: opal_put_chars partial write fix Mark Rutland <mark.rutland(a)arm.com> KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: unquiesce queues when deleting the controller Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix file discard return status Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering Krzysztof Kozlowski <krzk(a)kernel.org> ARM: exynos: Clear global variable on init error path Arnd Bergmann <arnd(a)arndb.de> omapfb: rename omap2 module to omap2fb.ko Fredrik Noring <noring(a)nocrew.org> fbdev: Distinguish between interlaced and progressive modes Daniel Mack <daniel(a)zonque.org> video: fbdev: pxafb: clear allocated memory for video modes Sandipan Das <sandipan(a)linux.ibm.com> perf powerpc: Fix callchain ip filtering when return address is in a register Randy Dunlap <rdunlap(a)infradead.org> fbdev/via: fix defined but not used warning Anton Vasilyev <vasilyev(a)ispras.ru> video: goldfishfb: fix memory leak on driver remove Jiri Olsa <jolsa(a)redhat.com> perf tools: Fix struct comm_str removal crash Dan Carpenter <dan.carpenter(a)oracle.com> fbdev: omapfb: off by one in omapfb_register_client() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh when event exists Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 Jiri Olsa <jolsa(a)kernel.org> perf tools: Synthesize GROUP_DESC feature in pipe mode Bob Peterson <rpeterso(a)redhat.com> gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Thomas Richter <tmricht(a)linux.ibm.com> perf test: Fix subtest number when showing results Todor Tomov <todor.tomov(a)linaro.org> media: ov5645: Supported external clock is 24MHz Randy Dunlap <rdunlap(a)infradead.org> mtd/maps: fix solutionengine.c printk format warnings Wei Yongjun <weiyongjun1(a)huawei.com> IB/ipoib: Fix error return code in ipoib_dev_init() Mike Snitzer <snitzer(a)redhat.com> block: allow max_discard_segments to be stacked Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: Drop QP0 silently Hans Verkuil <hverkuil(a)xs4all.nl> media: videobuf2-core: check for q->error in vb2_core_qbuf() Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix system restart John Keeping <john(a)metanate.com> dmaengine: pl330: fix irq race with terminate_all Krzysztof Ha?asa <khalasa(a)piap.pl> media: tw686x: Fix oops on buffer alloc failure Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: do not update config when running install targets Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: add .DELETE_ON_ERROR special target Rajan Vaja <rajan.vaja(a)xilinx.com> clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Mikko Perttunen <mperttunen(a)nvidia.com> clk: core: Potentially free connection id Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: pxrc - fix freeing URB on device teardown Gregory CLEMENT <gregory.clement(a)bootlin.com> clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6sll: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> clk: imx6ul: fix missing of_node_put() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Special-case rindex for gfs2_grow Golan Ben Ami <golan.ben.ami(a)intel.com> iwlwifi: cancel the injective function between hw pointers to tfd entry index Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: don't fail probe on pci_sriov_set_totalvfs() errors YueHaibing <yuehaibing(a)huawei.com> amd-xgbe: use dma_mapping_error to check map errors YueHaibing <yuehaibing(a)huawei.com> xfrm: fix 'passing zero to ERR_PTR()' warning Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Jeff Crukley <jcrukley(a)gmail.com> ALSA: usb-audio: Add support for Encore mDSD USB DAC Takashi Iwai <tiwai(a)suse.de> ALSA: msnd: Fix the default sample sizes Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm: Fix pgtable allocation in selftest Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Miao Zhong <zhongmiao(a)hisilicon.com> iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Erich E. Hoover <ehoover(a)sweptlaser.com> usb: dwc3: change stream event enable bit back to 13 Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Use u16 for Work Queue buffer fragment size Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix possible deadlock from lockdep when adding fte to fg Roi Dayan <roid(a)mellanox.com> net/mlx5: Fix not releasing read lock when adding flow rules Vincent Whitchurch <vincent.whitchurch(a)axis.com> tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: return PACKET_REJECT when the appropriate tunnel is not found Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> erspan: fix error handling for erspan tunnel Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix debugfs cleanup in the device init/remove flow Huy Nguyen <huyn(a)mellanox.com> net/mlx5: Check for error in mlx5_attach_interface Vakul Garg <vakul.garg(a)nxp.com> net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC Raed Salem <raeds(a)mellanox.com> net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables Cong Wang <xiyou.wangcong(a)gmail.com> tipc: orphan sock in tipc_release() Cong Wang <xiyou.wangcong(a)gmail.com> rds: fix two RCU related problems Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix race condition in spi transfers Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx5: Fix use-after-free in self-healing flow Petr Oros <poros(a)redhat.com> be2net: Fix memory leak in be_cmd_get_profile_config() ------------- Diffstat: Makefile | 31 ++++-- .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 + arch/arm/mach-exynos/suspend.c | 1 + arch/arm/mach-hisi/hotplug.c | 41 +++++--- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 2 +- arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 + arch/arm64/kernel/perf_event.c | 50 +++++----- arch/arm64/kernel/ptrace.c | 19 ++-- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/mips/loongson64/common/cs5536/cs5536_ohci.c | 2 +- arch/powerpc/kvm/book3s_64_vio.c | 5 +- arch/powerpc/kvm/book3s_hv.c | 2 + arch/powerpc/platforms/powernv/opal.c | 2 +- arch/s390/crypto/paes_s390.c | 2 +- arch/x86/kernel/eisa.c | 10 +- arch/x86/mm/pti.c | 25 ++++- arch/xtensa/platforms/iss/setup.c | 25 +++-- block/blk-core.c | 8 +- block/blk-mq-sched.c | 3 +- block/blk-settings.c | 2 +- crypto/api.c | 2 +- drivers/base/core.c | 3 + drivers/block/DAC960.c | 9 +- drivers/char/ipmi/ipmi_bt_sm.c | 92 ++++++++--------- drivers/char/ipmi/ipmi_msghandler.c | 53 +++++----- drivers/char/ipmi/ipmi_si_intf.c | 17 +--- drivers/char/ipmi/ipmi_ssif.c | 30 ++---- drivers/clk/clk-fixed-factor.c | 9 +- drivers/clk/clk.c | 3 + drivers/clk/imx/clk-imx6sll.c | 1 + drivers/clk/imx/clk-imx6ul.c | 1 + drivers/clk/mvebu/armada-37xx-periph.c | 3 - drivers/clk/tegra/clk-bpmp.c | 12 ++- drivers/crypto/ccp/psp-dev.c | 46 ++++++++- drivers/crypto/sahara.c | 4 +- drivers/devfreq/devfreq.c | 4 +- drivers/dma/mv_xor_v2.c | 2 + drivers/dma/pl330.c | 5 +- drivers/dma/sh/rcar-dmac.c | 5 +- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 +- drivers/firmware/efi/esrt.c | 3 +- drivers/gpio/gpio-pxa.c | 2 + drivers/gpio/gpiolib.c | 14 ++- drivers/gpio/gpiolib.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_doorbell.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 4 + drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 9 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 8 +- drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 6 +- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 4 + drivers/gpu/drm/nouveau/nouveau_drm.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/device/tegra.c | 13 +++ drivers/gpu/drm/panel/panel-samsung-s6e8aa0.c | 2 +- drivers/gpu/ipu-v3/ipu-csi.c | 20 +++- drivers/hv/vmbus_drv.c | 3 + drivers/hwtracing/coresight/coresight-etm4x.c | 31 +++--- drivers/hwtracing/coresight/coresight-tpiu.c | 7 +- drivers/hwtracing/coresight/coresight.c | 7 +- drivers/i2c/busses/i2c-aspeed.c | 4 +- drivers/infiniband/core/cma.c | 12 ++- drivers/infiniband/hw/mlx5/cong.c | 9 +- drivers/infiniband/hw/mlx5/mr.c | 32 ++---- drivers/infiniband/hw/nes/nes.h | 2 +- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 + drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/input/joystick/pxrc.c | 66 ++++++------- drivers/input/touchscreen/rohm_bu21023.c | 4 +- drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/ipmmu-vmsa.c | 8 ++ drivers/lightnvm/pblk-init.c | 5 +- drivers/lightnvm/pblk-recovery.c | 5 +- drivers/md/dm-verity-target.c | 24 ++++- drivers/media/common/videobuf2/videobuf2-core.c | 5 + drivers/media/i2c/ov5645.c | 13 +-- drivers/media/pci/tw686x/tw686x-video.c | 11 ++- drivers/mfd/88pm860x-i2c.c | 8 +- drivers/misc/hmc6352.c | 2 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/mei/bus-fixup.c | 2 +- drivers/misc/mei/bus.c | 12 +-- drivers/misc/mei/hbm.c | 9 +- drivers/mmc/host/meson-mx-sdio.c | 8 +- drivers/mmc/host/omap_hsmmc.c | 1 + drivers/mmc/host/sdhci-of-esdhc.c | 6 ++ drivers/mmc/host/sdhci-tegra.c | 3 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mtd/maps/solutionengine.c | 6 +- drivers/mtd/mtdchar.c | 10 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 +- .../ethernet/cavium/liquidio/cn23xx_pf_device.c | 3 + .../ethernet/cavium/liquidio/cn23xx_vf_device.c | 3 + drivers/net/ethernet/cortina/gemini.c | 5 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 8 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 5 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 6 ++ drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/dev.c | 15 ++- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 76 +++++++------- drivers/net/ethernet/mellanox/mlx5/core/health.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/wq.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/wq.h | 2 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 20 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++- drivers/net/ethernet/qualcomm/qca_7k.c | 76 +++++++------- drivers/net/ethernet/qualcomm/qca_spi.c | 110 +++++++++++---------- drivers/net/ethernet/qualcomm/qca_spi.h | 5 - drivers/net/wan/fsl_ucc_hdlc.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 12 ++- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 11 ++- drivers/net/xen-netfront.c | 30 +++--- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/io-cmd-file.c | 18 ++-- drivers/of/base.c | 28 ++++++ drivers/parport/parport_sunbpp.c | 8 +- drivers/pci/pcie/aer.c | 6 ++ drivers/pinctrl/mediatek/pinctrl-mt7622.c | 4 +- drivers/pinctrl/pinctrl-rza1.c | 24 ++--- drivers/pinctrl/pinmux.c | 16 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 14 ++- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 32 ++++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/regulator/qcom_spmi-regulator.c | 34 ++++--- drivers/remoteproc/qcom_q6v5_pil.c | 1 - drivers/reset/reset-imx7.c | 2 +- drivers/rtc/rtc-bq4802.c | 4 + drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/scsi/libfc/fc_disc.c | 7 +- drivers/scsi/lpfc/lpfc_nvme.c | 5 +- drivers/scsi/lpfc/lpfc_nvmet.c | 12 ++- drivers/soc/qcom/smem.c | 10 +- drivers/spi/spi-dw.c | 3 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 2 +- .../vc04_services/bcm2835-audio/bcm2835-vchiq.c | 16 +-- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 +- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 ++- drivers/tty/serial/8250/8250_of.c | 2 +- drivers/tty/tty_baudrate.c | 13 ++- drivers/usb/class/cdc-acm.c | 73 -------------- drivers/usb/class/cdc-acm.h | 1 - drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/hcd-pci.c | 2 - drivers/usb/core/message.c | 11 +++ drivers/usb/core/quirks.c | 7 ++ drivers/usb/dwc3/gadget.h | 2 +- drivers/usb/gadget/udc/net2280.c | 16 ++- drivers/usb/gadget/udc/renesas_usb3.c | 5 +- drivers/usb/host/u132-hcd.c | 2 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci.c | 30 ++++++ drivers/usb/misc/uss720.c | 4 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/mtu3/mtu3_core.c | 6 +- drivers/usb/mtu3/mtu3_hw_regs.h | 1 + drivers/usb/serial/io_ti.h | 2 +- drivers/usb/serial/ti_usb_3410_5052.c | 2 +- drivers/usb/storage/scsiglue.c | 9 ++ drivers/usb/storage/uas.c | 21 ++++ drivers/usb/storage/unusual_devs.h | 7 ++ drivers/video/fbdev/core/modedb.c | 41 +++++--- drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/omap2/omapfb/Makefile | 4 +- drivers/video/fbdev/pxafb.c | 4 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/binfmt_elf.c | 2 +- fs/cifs/readdir.c | 11 ++- fs/cifs/smb2pdu.c | 29 +++--- fs/configfs/dir.c | 11 +++ fs/f2fs/super.c | 16 ++- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- fs/namespace.c | 7 +- fs/nfs/nfs4proc.c | 10 +- fs/nfs/nfs4state.c | 2 + fs/nfs/nfs4trace.h | 2 +- fs/overlayfs/super.c | 26 ++--- fs/pstore/ram_core.c | 17 +++- include/linux/crypto.h | 5 + include/linux/mlx5/driver.h | 4 +- include/linux/of.h | 8 ++ kernel/audit_watch.c | 12 ++- kernel/bpf/cgroup.c | 7 +- kernel/events/core.c | 4 + kernel/rcu/rcutorture.c | 5 +- kernel/rcu/tree.c | 6 ++ kernel/rcu/tree.h | 4 + kernel/sched/fair.c | 10 +- kernel/sched/wait.c | 47 ++++----- net/bluetooth/af_bluetooth.c | 2 +- net/core/skbuff.c | 3 - net/ipv4/ip_gre.c | 5 + net/ipv4/tcp.c | 2 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 +++-- net/rds/bind.c | 5 +- net/tipc/socket.c | 1 + net/tls/tls_sw.c | 14 ++- net/xfrm/xfrm_policy.c | 5 +- scripts/Kbuild.include | 3 + security/integrity/evm/evm_crypto.c | 3 +- security/security.c | 2 + security/smack/smack_lsm.c | 14 ++- sound/core/pcm_lib.c | 14 ++- sound/isa/msnd/msnd_pinnacle.c | 4 +- sound/soc/codecs/hdmi-codec.c | 21 ++-- sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/rt5651.c | 22 +++-- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/usb/quirks-table.h | 3 +- sound/usb/quirks.c | 2 + tools/hv/hv_kvp_daemon.c | 2 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 +- tools/perf/tests/builtin-test.c | 2 +- .../tests/shell/record+probe_libc_inet_pton.sh | 36 ++++++- tools/perf/util/comm.c | 16 ++- tools/perf/util/header.c | 2 +- tools/perf/util/machine.c | 9 +- tools/perf/util/map.c | 11 +++ tools/perf/util/unwind-libdw.c | 2 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/testing/nvdimm/test/nfit.c | 3 +- .../testing/selftests/android/ion/ionapp_export.c | 1 + tools/testing/selftests/timers/raw_skew.c | 5 + tools/testing/selftests/vDSO/vdso_test.c | 7 +- virt/kvm/arm/vgic/vgic-init.c | 4 + virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 + 238 files changed, 1599 insertions(+), 926 deletions(-)

6 years, 11 months

10
260
0 0

[git:media_tree/master] media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 8 15:08:27 2018 -0400 When the OSD is on (i.e. vivid displays text on top of the test pattern), and you enable hflip, then the driver crashes. The cause turned out to be a division of a negative number by an unsigned value. You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-( Fixes: 3e14e7a82c1ef ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Reported-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Cc: <stable(a)vger.kernel.org> # for v4.1 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c index 76b125ebee6d..fa483b95bc5a 100644 --- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c +++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c @@ -1801,7 +1801,7 @@ typedef struct { u16 __; u8 _; } __packed x24; pos[7] = (chr & (0x01 << 0) ? fg : bg); \ } \ \ - pos += (tpg->hflip ? -8 : 8) / hdiv; \ + pos += (tpg->hflip ? -8 : 8) / (int)hdiv; \ } \ } \ } while (0)

6 years, 11 months

1
0
0 0

[PATCH v4 1/3] x86/xen: fix boot loader version reported for pvh guests

by Juergen Gross

The boot loader version reported via sysfs is wrong in case of the kernel being booted via the Xen PVH boot entry. it should be 2.12 (0x020c), but it is reported to be 2.18 (0x0212). As the current way to set the version is error prone use the more readable variant (2 << 8) | 12. Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross(a)suse.com> --- arch/x86/xen/enlighten_pvh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c index c85d1a88f476..f7f77023288a 100644 --- a/arch/x86/xen/enlighten_pvh.c +++ b/arch/x86/xen/enlighten_pvh.c @@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(void) * Version 2.12 supports Xen entry point but we will use default x86/PC * environment (i.e. hardware_subarch 0). */ - pvh_bootparams.hdr.version = 0x212; + pvh_bootparams.hdr.version = (2 << 8) | 12; pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */ x86_init.acpi.get_root_pointer = pvh_get_root_pointer; -- 2.16.4

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

6 years, 11 months

3
2
0 0

[PATCH net-next] net/ipv6: stop leaking percpu memory in fib6 info

by Mike Rapoport

The fib6_info_alloc() function allocates percpu memory to hold per CPU pointers to rt6_info, but this memory is never freed. Fix it. Fixes: a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- net/ipv6/ip6_fib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index cf709eadc932..cc7de7eb8b9c 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -194,6 +194,8 @@ void fib6_info_destroy_rcu(struct rcu_head *head) *ppcpu_rt = NULL; } } + + free_percpu(f6i->rt6i_pcpu); } lwtstate_put(f6i->fib6_nh.nh_lwtstate); -- 2.7.4

6 years, 11 months

3
3
0 0

[merged] ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list has been removed from the -mm tree. Its filename was ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _ Patches currently in -mm which might be from ashish.samant(a)oracle.com are

6 years, 11 months

1
0
0 0

[merged] mm-vmstat-skip-nr_tlb_remote_flush-properly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly has been removed from the -mm tree. Its filename was mm-vmstat-skip-nr_tlb_remote_flush-properly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

6 years, 11 months

1
0
0 0

[merged] proc-restrict-kernel-stack-dumps-to-root.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: proc: restrict kernel stack dumps to root has been removed from the -mm tree. Its filename was proc-restrict-kernel-stack-dumps-to-root.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _ Patches currently in -mm which might be from jannh(a)google.com are mm-vmstat-assert-that-vmstat_text-is-in-sync-with-stat_items_size.patch reiserfs-propagate-errors-from-fill_with_dentries-properly.patch

6 years, 11 months

1
0
0 0

[merged] mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been removed from the -mm tree. Its filename was mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are

6 years, 11 months

1
0
0 0

[merged] mm-migration-fix-migration-of-huge-pmd-shared-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been removed from the -mm tree. Its filename was mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are

6 years, 11 months

1
0
0 0

[PATCH v7 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v7 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v7 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v7 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] powerpc: Avoid code patching freed init sections" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 14 Sep 2018 11:14:11 +1000 Subject: [PATCH] powerpc: Avoid code patching freed init sections This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init() -> kvm_use_magic_page() -> fault_in_pages_readable() -> __get_user() -> __get_user_nocheck() -> barrier_nospec(); We have a code patching location at barrier_nospec() and kvm_guest_init() is an init function. This whole chain gets inlined, so when we free the init section (hence kvm_guest_init()), this code goes away and hence should no longer be patched. We seen this as userspace memory corruption when using a memory checker while doing partition migration testing on powervm (this starts the code patching post migration via /sys/kernel/mobility/migration). In theory, it could also happen when using /sys/kernel/debug/powerpc/barrier_nospec. Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Michael Neuling <mikey(a)neuling.org> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h index 1a951b00465d..1fffbba8d6a5 100644 --- a/arch/powerpc/include/asm/setup.h +++ b/arch/powerpc/include/asm/setup.h @@ -9,6 +9,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); extern unsigned int rtas_data; extern unsigned long long memory_limit; +extern bool init_mem_is_free; extern unsigned long klimit; extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 850f3b8f4da5..6ae2777c220d 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,6 +28,12 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(exec_addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); + return 0; + } + __put_user_size(instr, patch_addr, 4, err); if (err) return err; diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c index 5c8530d0c611..04ccb274a620 100644 --- a/arch/powerpc/mm/mem.c +++ b/arch/powerpc/mm/mem.c @@ -63,6 +63,7 @@ #endif unsigned long long memory_limit; +bool init_mem_is_free; #ifdef CONFIG_HIGHMEM pte_t *kmap_pte; @@ -396,6 +397,7 @@ void free_initmem(void) { ppc_md.progress = ppc_printk_progress; mark_initmem_nx(); + init_mem_is_free = true; free_initmem_default(POISON_FREE_INITMEM); }

6 years, 11 months

2
1
0 0

[PATCH v6 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v6 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 5/5] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Changes since v1: - Remove mst atomic helper, since this got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 0f14c0d1669c..7f155b4f1a7d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -404,8 +404,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!READ_ONCE(connector->registered)) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 4/5] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org Changes since V4: - Don't use mst_port_gone at all, just check whether or not the drm connector is registered - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/i915/intel_dp_mst.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index aa21742d8634..0f14c0d1669c 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -38,11 +38,11 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, struct intel_dp_mst_encoder *intel_mst = enc_to_mst(&encoder->base); struct intel_digital_port *intel_dig_port = intel_mst->primary; struct intel_dp *intel_dp = &intel_dig_port->dp; - struct intel_connector *connector = - to_intel_connector(conn_state->connector); + struct drm_connector *connector = conn_state->connector; + void *port = to_intel_connector(connector)->port; struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool constant_n = drm_dp_has_quirk(&intel_dp->desc, @@ -70,17 +70,23 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->port_clock = intel_dp_max_link_rate(intel_dp); - if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, connector->port)) + if (drm_dp_mst_port_has_audio(&intel_dp->mst_mgr, port)) pipe_config->has_audio = true; mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + /* Zombie connectors can't have VCPI slots */ + if (READ_ONCE(connector->registered)) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 3/5] drm/i915: Don't unset intel_connector->mst_port

by Lyude Paul

Currently we set intel_connector->mst_port to NULL to signify that the MST port has been removed from the system so that we can prevent further action on the port such as connector probes, mode probing, etc. However, we're going to need access to intel_connector->mst_port in order to fixup ->best_encoder() so that it can always return the correct encoder for an MST port to prevent legacy DPMS prop changes from failing. This should be safe, so instead keep intel_connector->mst_port always set and instead just check the status of drm_connector->regustered to signify whether or not the connector has disappeared from the system. Changes since v2: - Add a comment to mst_port_gone (Jani Nikula) - Change mst_port_gone to a u8 instead of a bool, per the kernel bot. Apparently bool is discouraged in structs these days Changes since v4: - Don't use mst_port_gone at all! Just check if the connector is registered or not - Daniel Vetter Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index 43db2e9ac575..aa21742d8634 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -307,9 +307,8 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!intel_dp) { + if (!READ_ONCE(connector->registered)) return intel_connector_update_modes(connector, NULL); - } edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); ret = intel_connector_update_modes(connector, edid); @@ -324,9 +323,10 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); + return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, + intel_connector->port); } static void @@ -366,7 +366,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) @@ -398,7 +398,7 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (!intel_dp) + if (!READ_ONCE(connector->registered)) return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } @@ -499,7 +499,6 @@ static void intel_dp_register_mst_connector(struct drm_connector *connector) static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, struct drm_connector *connector) { - struct intel_connector *intel_connector = to_intel_connector(connector); struct drm_i915_private *dev_priv = to_i915(connector->dev); DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", connector->base.id, connector->name); @@ -508,10 +507,6 @@ static void intel_dp_destroy_mst_connector(struct drm_dp_mst_topology_mgr *mgr, if (dev_priv->fbdev) drm_fb_helper_remove_one_connector(&dev_priv->fbdev->helper, connector); - /* prevent race with the check in ->detect */ - drm_modeset_lock(&connector->dev->mode_config.connection_mutex, NULL); - intel_connector->mst_port = NULL; - drm_modeset_unlock(&connector->dev->mode_config.connection_mutex); drm_connector_put(connector); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 2/5] drm/nouveau: Fix nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead by just always returning a valid encoder. Changes since v2: - Remove usage of atomic MST helper for now, since that got replaced with a much simpler solution Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9f32b10c7c29..31b94bc9ec90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -843,22 +843,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH v5 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..788749021ac9 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after it's been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH] usbip: vhci_hcd: check port number before using

by Sudip Mukherjee

From: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> The port number is checked and it just prints an error message but it still continues to use the invalid port. And as a result it accesses memory which is not its resulting in BUG report from KASAN. Reported-by: syzbot+600b03e0cf1b73bb23c4(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> --- drivers/usb/usbip/vhci_hcd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..71883aa788ac 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -334,8 +334,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) + if (wIndex > VHCI_HC_PORTS) { pr_err("invalid port number %d\n", wIndex); + return -ENODEV; + } rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); -- 2.11.0

6 years, 11 months

2
3
0 0

[PATCH 4.18 000/228] 4.18.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.12 release. There are 228 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 4 13:24:08 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.12-rc1 Michael Bringmann <mwb(a)linux.vnet.ibm.com> powerpc/pseries: Fix unitialized timer reset on migration Thiago Jung Bauermann <bauerman(a)linux.ibm.com> powerpc/pkeys: Fix reading of ibm, processor-storage-keys property Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: fix csum_ipv6_magic() on little endian platforms Michael Neuling <mikey(a)neuling.org> KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds Randy Dunlap <rdunlap(a)infradead.org> x86/pti: Fix section mismatch warning/error Akshu Agrawal <akshu.agrawal(a)amd.com> clk: x86: Set default parent to 48Mhz Mika Westerberg <mika.westerberg(a)linux.intel.com> i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Handle function result as parameters Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: smccc-1.1: Make return values unsigned long Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Need to set moved to true when evict bo Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix emmc errors seen on some devices James Smart <jsmart2021(a)gmail.com> nvme-fcloop: Fix dropped LS's to removed target port Linus Walleij <linus.walleij(a)linaro.org> ata: ftide010: Add a quirk for SQ201 Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Update power state at the end of smu hw_init. Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode Leonard Crestez <leonard.crestez(a)nxp.com> Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping" Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Lothar Felten <lothar.felten(a)gmail.com> hwmon: (ina2xx) fix sysfs shunt resistor read access Srikanth Jampala <Jampala.Srikanth(a)cavium.com> crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions. Ganesh Goudar <ganeshgr(a)chelsio.com> crypto: chtls - fix null dereference chtls_free_uld() Jacob Keller <jacob.e.keller(a)intel.com> i40e: fix condition of WARN_ONCE for stat strings Martyna Szapar <martyna.szapar(a)intel.com> i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled Sebastian Basierski <sebastianx.basierski(a)intel.com> ixgbe: fix driver behaviour after issuing VFLR Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: Fix potential return of uninitialized value Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix a few null pointer dereference issues Quentin Monnet <quentin.monnet(a)netronome.com> tools: bpftool: return from do_event_pipe() on bad arguments Brett Creeley <brett.creeley(a)intel.com> ice: Set VLAN flags correctly Jacob Keller <jacob.e.keller(a)intel.com> ice: Use order_base_2 to calculate higher power of 2 Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix bugs in control queue processing Preethi Banala <preethi.banala(a)intel.com> ice: Clean control queues only when they are initialized Jacob Keller <jacob.e.keller(a)intel.com> ice: Report stats for allocated queues via ethtool stats Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Fix multiple static analyser warnings Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix skb->truesize underestimation Huazhong Tan <tanhuazhong(a)huawei.com> net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES Kevin Yang <yyd(a)google.com> tcp_bbr: in restart from idle, see if we should exit PROBE_RTT Kevin Yang <yyd(a)google.com> tcp_bbr: add bbr_check_probe_rtt_done() helper Samuel Mendoza-Jonas <sam(a)mendozajonas.com> net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler Emily Deng <Emily.Deng(a)amd.com> amdgpu: fix multi-process hang issue Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix preamble handling Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix VM clearing for the root PD John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap: write_space events need to be passed to TCP handler John Fastabend <john.fastabend(a)gmail.com> tls: possible hang when do_tcp_sendpages hits sndbuf is full case Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock hash count in alloc_sock_hash_elem Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix vibrations on Droid 4 Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix no_console_suspend handling Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion Ludovic Desroches <ludovic.desroches(a)microchip.com> mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion Eric Sandeen <sandeen(a)redhat.com> isofs: reject hardware sector size > 2048 bytes Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Avoid sending mailbox commands when MFW is not responsive Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Prevent a possible deadlock during driver load and unload Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for MCP halt and resume commands to take place Tomer Tayar <Tomer.Tayar(a)cavium.com> qed: Wait for ready indication before rereading the shmem Tony Lindgren <tony(a)atomide.com> bus: ti-sysc: Fix module register ioremap for larger offsets Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix module address for modules using mpu_rt_idx Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix null hwmod for ti-sysc debug Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Steve Wise <swise(a)opengridcomputing.com> RDMA/uverbs: Atomically flush and mark closed the comp event queue Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix destroy_qp hang after a link down Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix context recovery when PBC has an UnsupportedVL Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid user input can result in crash Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Fix SL array bounds check Bart Van Assche <bvanassche(a)acm.org> IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpad on ThinkPad P72 Matthew Wilcox <willy(a)infradead.org> filesystem-dax: Fix use of zero page Toshi Kani <toshi.kani(a)hpe.com> ext2, dax: set ext2_dax_aops for dax files Dave Jiang <dave.jiang(a)intel.com> uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe() Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more Bin Liu <b-liu(a)ti.com> usb: musb: dsps: do not disable CPPI41 irq in driver teardown Harry Pan <harry.pan(a)intel.com> usb: core: safely deal with the dynamic quirk lists Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: roles: Take care of driver module reference counting Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Marek Szyprowski <m.szyprowski(a)samsung.com> regulator: Fix 'do-nothing' value for regulators without suspend state Yu Zhao <yuzhao(a)google.com> regulator: fix crash caused by null driver data Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix invalid SPI use during system suspend Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Gaku Inami <gaku.inami.xw(a)bp.renesas.com> spi: sh-msiof: Fix invalid SPI use during system suspend Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix resource handling for ACPI glue layer Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix device removal logic Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Jan Kiszka <jan.kiszka(a)siemens.com> serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: restore handshaking irq for imx1 Stefan Agner <stefan(a)agner.ch> tty: serial: lpuart: avoid leaking struct tty_struct Feng Tang <feng.tang(a)intel.com> x86/mm: Expand static page table for fixmap space Damien Le Moal <damien.lemoal(a)wdc.com> block: fix deadline elevator drain for zoned block devices Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Fix tegra_gpio_irq_set_type() Sandipan Das <sandipan(a)linux.ibm.com> perf tests: Fix indexing when invoking subtests Maxime Ripard <maxime.ripard(a)bootlin.com> drm/vc4: plane: Expand the lower bits by repeating the higher bits Kevin Hilman <khilman(a)baylibre.com> ARM: dts: dra7: fix DCAN node addresses Eric Anholt <eric(a)anholt.net> drm/vc4: Add missing formats to vc4_format_mod_supported(). William Breathitt Gray <vilhelm.gray(a)gmail.com> iio: 104-quad-8: Fix off-by-one error in register selection Oleksandr Andrushchenko <oleksandr_andrushchenko(a)epam.com> Input: xen-kbdfront - fix multi-touch XenStore node's locations Colin Ian King <colin.king(a)canonical.com> ath10k: fix memory leak of tpc_stats Konstantin Khorenko <khorenko(a)virtuozzo.com> fs/lock: skip lock owner pid translation in case we are in init_pid_ns Brian Norris <briannorris(a)chromium.org> ath10k: snoc: use correct bus-specific pointer in RX retry YueHaibing <yuehaibing(a)huawei.com> ath10k: fix incorrect size of dma_free_coherent in ath10k_ce_alloc_src_ring_64 Hugo Lefeuvre <hle(a)owl.eu.com> staging: pi433: fix race condition in pi433_ioctl Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, altera: Fix an error handling path in altr_s10_sdram_probe() Johan Hovold <johan(a)kernel.org> EDAC: Fix memleak in module init error path J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Nadav Amit <namit(a)vmware.com> gpio: Fix wrong rounding in gpio-menz127 Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Johan Hovold <johan(a)kernel.org> EDAC, i7core: Fix memleaks and use-after-free on probe and remove Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: SSI parent cares SWSP bit Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: rt1305: Use ULL suffixes for 64-bit constants Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Update controller info during resume Jan Kundrát <jan.kundrat(a)cesnet.cz> spi: orion: fix CS GPIO handling again Xiaofei Tan <tanxiaofei(a)huawei.com> scsi: hisi_sas: Fix the conflict between dev gone and host reset Andreas Gruenbacher <agruenba(a)redhat.com> iomap: complete partial direct I/O writes synchronously Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/lbr: Fix incomplete LBR call stack Eric Anholt <eric(a)anholt.net> drm/v3d: Take a lock across GPU scheduler job creation and queuing. Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> arm64: dts: renesas: Fix VSPD registers range Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: boot: fix build rule of vmlinux.its.S Stephen Boyd <swboyd(a)chromium.org> HID: i2c-hid: Use devm to allocate i2c_hid struct Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: mediatek: Add missing cooling device properties for CPUs Frederic Weisbecker <frederic(a)kernel.org> perf/hw_breakpoint: Split attribute parse and commit Randy Dunlap <rdunlap(a)infradead.org> Documentation/process: fix reST table border error Leon Romanovsky <leon(a)kernel.org> RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/omap: gem: Fix mm_list locking Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Johannes Berg <johannes(a)sipsolutions.net> bitfield: fix *_encode_bits() Stefan Agner <stefan(a)agner.ch> brcmsmac: fix wrap around in conversion from constant to s16 Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() Niklas Cassel <niklas.cassel(a)linaro.org> ath10k: transmit queued frames after processing rx packets Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Fix releasing node when enumerating enpoints Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check phy_driver ready before accessing Jernej Skrabec <jernej.skrabec(a)siol.net> drm/sun4i: Enable DW HDMI PHY clock Ben Greear <greearb(a)candelatech.com> ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock Brandon Maier <brandon.maier(a)rockwellcollins.com> net: phy: xgmiitorgmii: Check read_status results Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: qdsp6: qdafe: fix some off by one bugs Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Rosen Penev <rosenp(a)gmail.com> staging: mt7621-dts: Fix remaining pcie warnings Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> serial: pxa: Fix an error handling path in 'serial_pxa_probe()' Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Kamal Heib <kamalheib1(a)gmail.com> staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: ov772x: add checks for register read errors Javier Martinez Canillas <javierm(a)redhat.com> media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Bob Copeland <me(a)bobcopeland.com> ath10k: use locked skb_dequeue for rx completions Petr Machata <petrm(a)mellanox.com> selftests: forwarding: Tweak tc filters for mirror-to-gretap tests Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Sanitize overrun handling Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Make forward callback return s64 Akinobu Mita <akinobu.mita(a)gmail.com> iio: accel: adxl345: convert address field usage in iio_chan_spec Peter Rosin <peda(a)axentia.se> mtd: rawnand: atmel: add module param to avoid using dma Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Vasily Gorbik <gor(a)linux.ibm.com> s390/scm_blk: correct numa_node in scm_blk_dev_setup Vasily Gorbik <gor(a)linux.ibm.com> s390/dasd: correct numa_node in dasd_alloc_queue Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/sysinfo: add missing #ifdef CONFIG_PROC_FS Ravi Chandra Sadineni <ravisadineni(a)chromium.org> ACPI / button: increment wakeup count only when notified João Paulo Rechi Vita <jprvita(a)endlessm.com> platform/x86: asus-wireless: Fix uninitialized symbol usage Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Reduce upper limit for DMA window size Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: set skb len for all rx packets Alagu Sankar <alagusankar(a)silex-india.com> ath10k: sdio: use same endpoint id for all packets in a bundle Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: klist: Make it safe to use klists in atomic context Jean-Christophe Dubois <jcd(a)tribudubois.net> thermal: i.MX: Allow thermal probe to fail gracefully in case of bad calibration. Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Viresh Kumar <viresh.kumar(a)linaro.org> ARM: dts: ls1021a: Add missing cooling device properties for CPUs Jan Beulich <JBeulich(a)suse.com> x86/entry/64: Add two more instruction suffixes Dave Gerlach <d-gerlach(a)ti.com> ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Bart Van Assche <bart.vanassche(a)wdc.com> include/rdma/opa_addr.h: Fix an endianness issue Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Fix GRE flow specification Peter Seiderer <ps.report(a)gmx.net> media: staging/imx: fill vb2_v4l2_buffer field entry Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> vhost_net: Avoid tx vring kicks during busyloop Alexey Khoroshilov <khoroshilov(a)ispras.ru> media: fsl-viu: fix error handling in viu_of_probe() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Tarick Bedeir <tarick(a)google.com> IB/mlx4: Test port number before querying type. Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Dan Carpenter <dan.carpenter(a)oracle.com> IB/core: type promotion bug in rdma_rw_init_one_mr() Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c Leon Romanovsky <leon(a)kernel.org> RDMA/i40w: Hold read semaphore while looking after VMA Dan Carpenter <dan.carpenter(a)oracle.com> RDMA/bnxt_re: Fix a couple off by one bugs Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: Fix the condition to check if the card is T5 Guoqing Jiang <gqjiang(a)suse.com> md-cluster: clear another node's suspend_area after the copy is finished Wesley Chalmers <Wesley.Chalmers(a)amd.com> drm/amd/display: fix use of uninitialized memory Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amd/display/dc/dce: Fix multiple potential integer overflows Benjamin Tissoires <benjamin.tissoires(a)redhat.com> power: remove possible deadlock when unregistering power_supply Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: correct allocate_pgste proc_handler callback Niklas Cassel <niklas.cassel(a)linaro.org> iommu/msm: Don't call iommu_device_{,un}link from atomic context Michael Scott <michael(a)opensourcefoundries.com> 6lowpan: iphc: reset mac_header after decompress to fix panic Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Zhen Lei <thunder.leizhen(a)huawei.com> iommu/amd: make sure TLB to be flushed before IOVA freed Sudeep Holla <sudeep.holla(a)arm.com> power: vexpress: fix corruption in notifier registration Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Stop RX FIFO timer during port shutdown Johan Hovold <johan(a)kernel.org> misc: sram: enable clock before registering regions Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix initial constant_charge_current value Colin Ian King <colin.king(a)canonical.com> staging: rts5208: fix missing error check on call to rtsx_write_register Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix get_vector ops in hclgevf_main module Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix warning bug when doing lp selftest Yunsheng Lin <linyunsheng(a)huawei.com> net: hns3: Fix for mac pause not disable in pfc mode Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Fix for mailbox message truncated problem Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> siox: don't create a thread without starting it Dan Carpenter <dan.carpenter(a)oracle.com> vmci: type promotion bug in qp_host_get_user_memory() Wei Yongjun <weiyongjun1(a)huawei.com> misc: ibmvmc: Use GFP_ATOMIC under spin lock Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Akinobu Mita <akinobu.mita(a)gmail.com> iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings ------------- Diffstat: Documentation/hwmon/ina2xx | 2 +- Documentation/process/2.Process.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/dra7.dtsi | 4 +- arch/arm/boot/dts/imx7d.dtsi | 12 +- arch/arm/boot/dts/ls1021a.dtsi | 1 + arch/arm/boot/dts/mt7623.dtsi | 3 + arch/arm/boot/dts/omap4-droid4-xt894.dts | 20 +-- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm/mach-omap2/omap_hwmod.c | 39 ++++- arch/arm/mach-omap2/omap_hwmod_reset.c | 12 +- arch/arm64/boot/dts/renesas/r8a7795-es1.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a7795.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a7796.dtsi | 6 +- arch/arm64/boot/dts/renesas/r8a77965.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a77970.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a77995.dtsi | 4 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 4 +- arch/arm64/kvm/guest.c | 45 +++++ arch/mips/boot/Makefile | 6 +- arch/powerpc/kernel/exceptions-64s.S | 4 +- arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/lib/checksum_64.S | 3 + arch/powerpc/mm/numa.c | 3 +- arch/powerpc/mm/pkeys.c | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/s390/kernel/sysinfo.c | 4 + arch/s390/mm/extmem.c | 4 +- arch/s390/mm/pgalloc.c | 2 +- arch/x86/entry/entry_64.S | 4 +- arch/x86/events/intel/lbr.c | 32 +++- arch/x86/events/perf_event.h | 1 + arch/x86/include/asm/fixmap.h | 10 ++ arch/x86/include/asm/pgtable_64.h | 3 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/head_64.S | 16 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/mm/pgtable.c | 9 + arch/x86/mm/pti.c | 2 +- arch/x86/xen/mmu_pv.c | 8 +- block/elevator.c | 2 +- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/acpi/button.c | 13 +- drivers/ata/pata_ftide010.c | 27 +-- drivers/block/floppy.c | 3 + drivers/bluetooth/btusb.c | 1 + drivers/bus/ti-sysc.c | 37 ++-- drivers/clk/x86/clk-st.c | 2 +- drivers/crypto/cavium/nitrox/nitrox_dev.h | 3 +- drivers/crypto/cavium/nitrox/nitrox_lib.c | 1 + drivers/crypto/cavium/nitrox/nitrox_reqmgr.c | 57 ++++--- drivers/crypto/chelsio/chtls/chtls.h | 5 + drivers/crypto/chelsio/chtls/chtls_main.c | 7 +- drivers/edac/altera_edac.c | 3 +- drivers/edac/edac_mc_sysfs.c | 6 +- drivers/edac/i7core_edac.c | 22 ++- drivers/gpio/gpio-menz127.c | 4 +- drivers/gpio/gpio-tegra.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 11 +- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 4 +- drivers/gpu/drm/amd/amdgpu/si_dpm.c | 3 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 10 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 + drivers/gpu/drm/omapdrm/omap_debugfs.c | 2 + drivers/gpu/drm/omapdrm/omap_drv.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.h | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 15 +- drivers/gpu/drm/sun4i/sun4i_drv.c | 3 +- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +- drivers/gpu/drm/v3d/v3d_drv.h | 5 + drivers/gpu/drm/v3d/v3d_gem.c | 4 + drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/i2c-hid/i2c-hid.c | 9 +- drivers/hwmon/adt7475.c | 14 +- drivers/hwmon/ina2xx.c | 13 +- drivers/hwtracing/intel_th/core.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/iio/accel/adxl345_core.c | 21 ++- drivers/iio/adc/ina2xx-adc.c | 17 +- drivers/iio/counter/104-quad-8.c | 2 +- drivers/infiniband/core/rw.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 5 +- drivers/infiniband/core/uverbs_main.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/hfi1/chip.c | 6 +- drivers/infiniband/hw/hfi1/pio.c | 51 ++++-- drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 8 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 6 +- drivers/input/misc/xen-kbdfront.c | 8 +- drivers/input/mouse/elantech.c | 2 + drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/msm_iommu.c | 16 +- drivers/md/md-cluster.c | 19 ++- drivers/media/i2c/ov772x.c | 40 +++-- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +- drivers/media/platform/fsl-viu.c | 38 +++-- drivers/media/platform/omap3isp/isp.c | 2 +- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/misc/ibmvmc.c | 2 +- drivers/misc/sram.c | 13 +- drivers/misc/tsl2550.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 4 +- drivers/mmc/host/android-goldfish.c | 4 +- drivers/mmc/host/atmel-mci.c | 12 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 7 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hnae.h | 6 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 6 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c | 3 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/ice/ice.h | 7 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 25 +-- drivers/net/ethernet/intel/ice/ice_common.c | 27 +-- drivers/net/ethernet/intel/ice/ice_controlq.c | 29 +++- drivers/net/ethernet/intel/ice/ice_ethtool.c | 52 ++++-- drivers/net/ethernet/intel/ice/ice_main.c | 98 ++++++----- drivers/net/ethernet/intel/ice/ice_switch.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 26 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 187 +++++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 27 ++- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/phy/xilinx_gmii2rgmii.c | 10 +- drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 13 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/sdio.c | 9 +- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_qmath.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2_mac.c | 6 +- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/nvme/target/fcloop.c | 3 +- drivers/pci/hotplug/acpiphp_glue.c | 11 +- drivers/platform/x86/asus-wireless.c | 23 +-- drivers/power/reset/vexpress-poweroff.c | 12 +- drivers/power/supply/axp288_charger.c | 2 +- drivers/power/supply/power_supply_core.c | 11 +- drivers/regulator/core.c | 4 +- drivers/regulator/of_regulator.c | 2 - drivers/s390/block/dasd.c | 1 + drivers/s390/block/scm_blk.c | 1 + drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/hisi_sas/hisi_sas.h | 1 + drivers/scsi/hisi_sas/hisi_sas_main.c | 6 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 3 + drivers/siox/siox-core.c | 10 +- drivers/spi/spi-orion.c | 77 +++++---- drivers/spi/spi-rspi.c | 34 +++- drivers/spi/spi-sh-msiof.c | 28 ++- drivers/spi/spi-tegra20-slink.c | 31 +++- drivers/staging/android/ashmem.c | 6 + drivers/staging/media/imx/imx-ic-prpencvf.c | 1 + drivers/staging/media/imx/imx-media-csi.c | 1 + drivers/staging/mt7621-dts/gbpc1.dts | 2 + drivers/staging/mt7621-dts/mt7621.dtsi | 21 +-- drivers/staging/mt7621-eth/mtk_eth_soc.c | 13 +- drivers/staging/pi433/pi433_if.c | 7 +- drivers/staging/rts5208/sd.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/target/target_core_device.c | 22 ++- drivers/thermal/imx_thermal.c | 5 +- drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +- drivers/tty/serial/fsl_lpuart.c | 3 +- drivers/tty/serial/imx.c | 8 + drivers/tty/serial/mvebu-uart.c | 1 + drivers/tty/serial/pxa.c | 3 +- drivers/tty/serial/sh-sci.c | 2 + drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/common/roles.c | 15 +- drivers/usb/core/devio.c | 24 ++- drivers/usb/core/driver.c | 28 +-- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 2 + drivers/usb/musb/musb_dsps.c | 12 +- drivers/usb/serial/kobil_sct.c | 12 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/vhost/net.c | 35 ++-- fs/dax.c | 13 +- fs/ext2/inode.c | 2 +- fs/iomap.c | 21 +-- fs/isofs/inode.c | 7 + fs/locks.c | 7 + fs/nfsd/nfs4proc.c | 1 + include/linux/arm-smccc.h | 38 +++-- include/linux/bitfield.h | 6 +- include/linux/platform_data/ina2xx.h | 2 +- include/linux/posix-timers.h | 4 +- include/linux/power_supply.h | 1 + include/linux/regulator/machine.h | 6 +- include/linux/uio.h | 2 +- include/rdma/opa_addr.h | 2 +- kernel/bpf/sockmap.c | 11 +- kernel/events/hw_breakpoint.c | 57 +++++-- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 7 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 33 ++-- kernel/time/posix-timers.h | 2 +- lib/klist.c | 10 +- net/6lowpan/iphc.c | 1 + net/ipv4/tcp_bbr.c | 38 +++-- net/ncsi/ncsi-netlink.c | 4 +- net/tls/tls_main.c | 9 +- sound/aoa/core/gpio-feature.c | 4 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/rt1305.c | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/qcom/qdsp6/q6afe.c | 6 +- sound/soc/sh/rcar/ssi.c | 32 ++-- sound/soc/soc-dapm.c | 7 + tools/bpf/bpftool/map_perf_ring.c | 5 +- tools/perf/tests/builtin-test.c | 2 +- .../net/forwarding/mirror_gre_bridge_1d_vlan.sh | 6 +- .../selftests/net/forwarding/mirror_gre_lib.sh | 2 +- .../net/forwarding/mirror_gre_vlan_bridge_1q.sh | 6 +- 241 files changed, 1730 insertions(+), 789 deletions(-)

6 years, 11 months

6
242
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From add92a817e60e308a419693413a38d9d1e663aff Mon Sep 17 00:00:00 2001 From: Harsh Jain <harsh(a)chelsio.com> Date: Wed, 19 Sep 2018 22:42:16 +0530 Subject: [PATCH] crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Herbert, It would be good if fix can be merge to stable tree. For 4.14 kernel, It requires some update to avoid mege conficts. Cc: <stable(a)vger.kernel.org> Signed-off-by: Harsh Jain <harsh(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 5c539af8ed60..010bbf607797 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -367,7 +367,8 @@ static inline void dsgl_walk_init(struct dsgl_walk *walk, walk->to = (struct phys_sge_pairs *)(dsgl + 1); } -static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) +static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid, + int pci_chan_id) { struct cpl_rx_phys_dsgl *phys_cpl; @@ -385,6 +386,7 @@ static inline void dsgl_walk_end(struct dsgl_walk *walk, unsigned short qid) phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; } static inline void dsgl_walk_add_page(struct dsgl_walk *walk, @@ -718,7 +720,7 @@ static inline void create_wreq(struct chcr_context *ctx, FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP(len16, 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -1339,16 +1341,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2503,6 +2512,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct dsgl_walk dsgl_walk; unsigned int authsize = crypto_aead_authsize(tfm); + struct chcr_context *ctx = a_ctx(tfm); u32 temp; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2512,7 +2522,7 @@ void chcr_add_aead_dst_ent(struct aead_request *req, dsgl_walk_add_page(&dsgl_walk, IV, &reqctx->iv_dma); temp = req->cryptlen + (reqctx->op ? -authsize : authsize); dsgl_walk_add_sg(&dsgl_walk, req->dst, temp, req->assoclen); - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_cipher_src_ent(struct ablkcipher_request *req, @@ -2544,6 +2554,8 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, unsigned short qid) { struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(wrparam->req); + struct chcr_context *ctx = c_ctx(tfm); struct dsgl_walk dsgl_walk; dsgl_walk_init(&dsgl_walk, phys_cpl); @@ -2552,7 +2564,7 @@ void chcr_add_cipher_dst_ent(struct ablkcipher_request *req, reqctx->dstsg = dsgl_walk.last_sg; reqctx->dst_ofst = dsgl_walk.last_sg_len; - dsgl_walk_end(&dsgl_walk, qid); + dsgl_walk_end(&dsgl_walk, qid, ctx->pci_chan_id); } void chcr_add_hash_src_ent(struct ahash_request *req, diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 54835cb109e5..0d2c70c344f3 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -255,6 +255,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; };

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Always initialize the fw_priv list object" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7012040576c6ae25a47035659ee48673612c2c27 Mon Sep 17 00:00:00 2001 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 19 Sep 2018 18:09:38 -0700 Subject: [PATCH] firmware: Always initialize the fw_priv list object When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable(a)vger.kernel.org Cc: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index b3c0498ee433..8e9213b36e31 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const char *fw_name, } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] firmware: Fix security issue with request_firmware_into_buf()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 422b3db2a5036add39a82425b1dd9fb6c96481e8 Mon Sep 17 00:00:00 2001 From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Date: Fri, 31 Aug 2018 08:43:31 -0700 Subject: [PATCH] firmware: Fix security issue with request_firmware_into_buf() When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out;

6 years, 11 months

1
0
0 0

[PATCH stable v2 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete and immediate problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. SPARC, and PowerPC. v2: the CBAUDEX masking-as-fallback code was wrong, but it could never be exercised on any architecture anyway (gcc would not even emit it) so just remove it. There are thus no object code changes from v1. --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 182 ++++++++++++--------------------- 7 files changed, 114 insertions(+), 117 deletions(-) Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org>

6 years, 11 months

2
7
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-08102018 for you to fetch changes up to 880c04da777b6fab0bb97d8fccf7aed9c223db5e: x86/APM: Fix build warning when PROC_FS is not enabled (2018-10-03 22:23:29 -0400) - ---------------------------------------------------------------- for-greg-4.18-08102018 - ---------------------------------------------------------------- Andreas Bosch (1): HID: intel-ish-hid: Enable Sunrise Point-H ish driver Andrew Murray (1): asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Anurag Kumar Vulisha (1): usb: host: xhci-plat: Iterate over parent nodes for finding quirks Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (5): drm/nouveau: fix oops in client init failure path drm/nouveau/mmu: don't attempt to dereference vmm without valid instance pointer drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP panels Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Cong Wang (1): netfilter: xt_hashlimit: use s->file instead of s->private Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Florian Westphal (2): netfilter: xt_checksum: ignore gso skbs netfilter: kconfig: nat related expression depend on nftables core Guenter Roeck (1): riscv: Do not overwrite initrd_start and initrd_end Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (4): dm raid: fix reshape race on small devices dm raid: fix stripe adding reshape deadlock dm raid: fix rebuild of specific devices by updating superblock dm raid: fix RAID leg rebuild errors Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (2): HID: i2c-hid: Don't reset device upon system resume r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Kim Phillips (1): perf annotate: Fix parsing aarch64 branch instructions after objdump update Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: take into account ts samples in wm configuration Maciej S. Szmigiero (1): r8169: set TxConfig register after TX / RX is enabled, just like RxConfig Martin Liška (1): perf annotate: Properly interpret indirect call Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Michal 'vorner' Vaner (1): netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Mike Christie (1): scsi: iscsi: target: Fix conn_ops double free Netanel Belgazal (6): net: ena: fix surprise unplug NULL dereference kernel crash net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix device destruction to gracefully free resources net: ena: fix potential double ena_destroy_device() net: ena: fix missing lock during device destruction net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (3): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int x86/APM: Fix build warning when PROC_FS is not enabled Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Somnath Kotur (1): bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces Srikar Dronamraju (1): sched/topology: Set correct NUMA topology type Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Tao Zhou (1): drm/amdgpu: Fix SDMA hang in prt mode v2 Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/riscv/kernel/setup.c | 7 - arch/x86/events/intel/lbr.c | 4 + arch/x86/kernel/apm_32.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 7 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/base.c | 14 ++ drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/ior.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 17 ++- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 4 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- drivers/hid/hid-apple.c | 9 +- drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 ++++ drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hid/intel-ish-hid/ipc/hw-ish.h | 1 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 1 + drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 13 +- drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 +- drivers/md/dm-raid.c | 144 ++++++++------------ drivers/md/dm-thin-metadata.c | 36 ++++- drivers/md/dm-thin.c | 73 ++++++++-- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 52 +++---- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 11 +- drivers/nvme/target/rdma.c | 27 +++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 +- drivers/scsi/qedi/qedi_main.c | 28 ++-- drivers/target/iscsi/iscsi_target.c | 9 +- drivers/target/iscsi/iscsi_target_login.c | 149 +++++++++++---------- drivers/target/iscsi/iscsi_target_login.h | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 ++- drivers/usb/host/xhci-plat.c | 27 ++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +- fs/cifs/misc.c | 8 ++ include/asm-generic/io.h | 3 +- kernel/sched/topology.c | 5 +- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +- net/netfilter/Kconfig | 12 +- net/netfilter/nf_conntrack_proto_dccp.c | 12 +- net/netfilter/nf_conntrack_proto_generic.c | 8 +- net/netfilter/nf_conntrack_proto_gre.c | 8 +- net/netfilter/nf_conntrack_proto_sctp.c | 14 +- net/netfilter/nf_conntrack_proto_tcp.c | 12 +- net/netfilter/nf_conntrack_proto_udp.c | 20 +-- net/netfilter/nf_tables_api.c | 1 + net/netfilter/nfnetlink_queue.c | 1 + net/netfilter/xt_CHECKSUM.c | 22 ++- net/netfilter/xt_cluster.c | 14 +- net/netfilter/xt_hashlimit.c | 18 +-- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/annotate.c | 32 ++++- tools/perf/util/annotate.h | 1 + tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 77 files changed, 709 insertions(+), 404 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cW8ACgkQ3qZv95d3 LNxYhQ/+IIWI+gqynHl33wBHO24BHgCzM0qUdEfofRfQe3sz4Fhs16b4mK8Yeaw0 Yag+8wh7fVccHI4VBIWkldzAyDm8+NQRuuqvE0JCofVNYm4C5lUmO+gf3inVwLmh FRdiWyk6EdcXFn3C540rfj9PXXkO8Kdn2iDHd0cQJx1+3rrBN1CwFzCv1pWozJVh 2bIoutp13EbiS3RxFoxEI0GLzVy6lyRV6v2Qrv+2bpHkfRBl3lZlLUpSZy9V+Kza kKDZTJC99F3jOj7Wy2kGzCdToDtk0Q4V9XTuB09Rdgj28rxoVSxSdx6qGvV73qxG 4PEV0tbpdJW2pUbGx2bvfx6LMkADxcFykujg4dYenErXbLTHnh2597Ryc6VXUdiL bZtbBbWNBx1OPx29vvghj1364O8rnpXRzU4aIT/P0fSofB2QTQsVEKjadNASDz0B OsMAKlsu4Z/6W5UGeG4Uoz7B6Qi3QKxxa/pt2OM8rdHMb8L6LY6g5j4RGUEbXspq 7vbzGWiibD1cPT+k/xtgRZ2mWwrRu0Ivx73vHp/Pm2TdKj2J7WwUXh6xaXnXWN5M TknNELY/rcZw35ThhKNCvpqgoYb+hoWTjL5amvY+JgduVcxxQG8fETlTZoYIoDOt HdV4RAKwlydKV9QUhiotaH6Gqir4VjY4cew8j8XTw6HjKJ+SOJc= =pn2C -----END PGP SIGNATURE-----

6 years, 11 months

2
1
0 0

[PATCH AUTOSEL 3.18 1/4] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 1896ab218b11..efc1545bf29e 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

6 years, 11 months

1
3
0 0

[PATCH AUTOSEL 4.4 1/9] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 6e02a15d39ce..abddb621d9e6 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -389,8 +389,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

6 years, 11 months

1
8
0 0

[PATCH AUTOSEL 4.9 01/23] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 8961dd732522..64be30d53847 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -406,8 +406,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, msg[0].addr == (state->af9033_i2c_addr[1] >> 1)) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

6 years, 11 months

1
22
0 0

[PATCH AUTOSEL 4.14 01/32] media: af9035: prevent buffer overflow on write

by Sasha Levin

From: Jozef Balga <jozef.balga(a)gmail.com> [ Upstream commit 312f73b648626a0526a3aceebb0a3192aaba05ce ] When less than 3 bytes are written to the device, memcpy is called with negative array size which leads to buffer overflow and kernel panic. This patch adds a condition and returns -EOPNOTSUPP instead. Fixes bugzilla issue 64871 [mchehab+samsung(a)kernel.org: fix a merge conflict and changed the condition to match the patch's comment, e. g. len == 3 could also be valid] Signed-off-by: Jozef Balga <jozef.balga(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/af9035.c b/drivers/media/usb/dvb-usb-v2/af9035.c index 666d319d3d1a..1f6c1eefe389 100644 --- a/drivers/media/usb/dvb-usb-v2/af9035.c +++ b/drivers/media/usb/dvb-usb-v2/af9035.c @@ -402,8 +402,10 @@ static int af9035_i2c_master_xfer(struct i2c_adapter *adap, if (msg[0].addr == state->af9033_i2c_addr[1]) reg |= 0x100000; - ret = af9035_wr_regs(d, reg, &msg[0].buf[3], - msg[0].len - 3); + ret = (msg[0].len >= 3) ? af9035_wr_regs(d, reg, + &msg[0].buf[3], + msg[0].len - 3) + : -EOPNOTSUPP; } else { /* I2C write */ u8 buf[MAX_XFER_SIZE]; -- 2.17.1

6 years, 11 months

1
31
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-08102018 for you to fetch changes up to 9ea48c2937d91b2c0d6ce1a7c047798298de6701: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-28 10:16:27 -0400) - ---------------------------------------------------------------- for-greg-3.18-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- drivers/infiniband/core/ucma.c | 6 +++ drivers/md/dm-thin-metadata.c | 36 +++++++++++++++++- drivers/md/dm-thin.c | 73 ++++++++++++++++++++++++++++++++---- drivers/net/ethernet/realtek/r8169.c | 9 +++-- drivers/pinctrl/qcom/pinctrl-msm.c | 24 ++++++++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++++--- drivers/usb/misc/yurex.c | 3 ++ drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 ++- fs/cifs/cifssmb.c | 11 ++++-- fs/cifs/misc.c | 8 ++++ 15 files changed, 175 insertions(+), 28 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7caEACgkQ3qZv95d3 LNwjIRAAg+Kz3Igp9uJpAc9uUri/IxF3qwXL00FZT92BJTi0FqUEyJIQqtCbu7mo hyTNwNjw0PBQfrXcnDGWHTFcl5vICdd4KiFm5NRZB3UNdhYy+ATaBPWFA56Y7dSK oFd/IBWt9XQT/OWLJslul1PXR+JsulaRhFHYJPWJ0K9oys8jbTyTVBSvos1Wshzk wMJ9X3tTtQ/NfoXega1xdxgHIIwV9L4gR2jfTSMz0t5DnypGddUDlAR8/800yJGH J23tXprXRI7AZ5sf9qM2ybhL6MGvgU/86nd4DsA3Igkspi9jQDjXiV9FMGFx+PiB BjQraiLfXVI0bPsswsWBYKWwuZwheTf0WxlofAjO/Ct5aAZ14zlwg/HVOvFOpU5O PpxLGrJ2e28lsinhVSd8aLbJu1Jc4GpkAwp+0OHuolWqZlUTrbLrfKHho+SMANNs Y6smRnSYpgzhYI1l/9W8xoFMyP7CNRqihPGAZY2PKbPRPy4CXgQcGMC0OM8hLA+e Mf/g+GglCwqUZw3l6V8wZY83+X6gB/qhoSryrPgi2n2u9onA/aXtUOWynjmzXOKY oU0lW2CW5yThgo73pBTKLDW8bc5Vy9QuMFmnuXoaUsMIXJ3FjR799pFsyRaZMd/1 AuRnQ16Uw2N+W9xZLRTE3F8l9eapA47N+DTbOKVgJRFmhNjv7xM= =dYwu -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-08102018 for you to fetch changes up to 78c9795a56513a101b1620f0e34d89c114a7a59a: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-09-29 13:03:41 -0400) - ---------------------------------------------------------------- for-greg-4.4-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm204.c | 3 +- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- 19 files changed, 190 insertions(+), 39 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZoACgkQ3qZv95d3 LNwdwQ//dsOKScH3qjTVEsX+fIwRTTnw9qTnQeCobQm2C2ibPnoVKST+oqaXoffQ 7QwdtrIXxNc/i4Ga4JuqV4AZUSuyrgsppueoHwoF+8v5Pa5hiwexlbSBJ0CmtTg9 mma8c6QGjyObaxtytWohX0AZ/1awLrmh2RYYngGTeMyTyfylRDwZoj9DA1lzT1Vv M9Qm+aDV7IApjiQW0Jb7UHZVGV8pyps0NRm0MUiwzNeoTTTOBW+s3uY1yu7pytpt +Gw1s39pmaAwmPfrxsjyzZMbFVogK9KFa/0nSVN56oo+qamq3IzvFYFIj78GJv1P hPhCH1T1OVprZPt3FAdYPnpuWvb/4maogGyrEu1LME09erC9NpLs9ovTiORTmc5h ucUJmgtHF7EXb53R//m8jLcWKWnlIRPezKxIGv/vUx5N86LOWixX/yFtZU3QanMj yKbQBz/eBYhe0Mj8G+roI3kIN0naplH5FuluissaMWRzdBXTDUMe+YKmEEYWVIHs V2KX2aiYbaAojv4/JLaKnPV0HMIG6+DUJq/h8yFDxMn8kUeiKyW7JVpNWrNgz38p oIYK5qf/JO9RqKbQK1qLOi8HkFNTq9VOFoEBz9SnEHwiJq39wLs3W3wZIAGcLnhd sfy1yJM5ihbGX51oSAbc4O/5bxzmnPzycq8AA84JnYfN65zYBjw= =+003 -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-08102018 for you to fetch changes up to 3c29b011970e1edb3d203e2e2517daad893c8ed4: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:44 -0400) - ---------------------------------------------------------------- for-greg-4.9-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (1): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (1): net: ena: fix driver when PAGE_SIZE == 64kB Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- 30 files changed, 263 insertions(+), 54 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cZMACgkQ3qZv95d3 LNyMbQ//fC/jcjVOdeQmwRDBUo13zt25Eb/MeXdLdAS2NleK44wY+/e804oq3CBV qACG1CIWtP0tV0V295NrblM6xWxroPnGU8X3GdXgfT97MIByGkGEv3kU+4Nsc4c6 Gv/QlBRHcZM5QFLAk6J6nOwzEk5BKNh/XyJuaniz9DNnQGTfDMLFpN4xpFJHIZlU 5NFlcTeycPnU8ljPFxfupGQ78XVQp1QCJKT3Zrc9iPnMUDlxMdW3ERHIi3uYkyva RXrYIZJ8KYSq2RqLT8nMMiNybKy3F+20/UdfTIl7uk71AkLUB75JjWFMu9MkOWCm k0KRJ89whIN9pH5imEt7pcqFKwkyjyVT0Zk+SJQJ4Xi6+Yc0Q8p2uBteopcerwJ9 tShMyUcOSgmEctg4ujchfUalOXB2CWewV+CKyblhiiURqSTBjPZFxKtwwQF8SF/r 28MlCx8gHL9zjNpGL6z0TEp9CSPlrCjggdKca07aYZj/XJz9rV0zXh7DHNa1gUTt s7mYPZDK9RryNHVaJMss/W5eIfdy2JE1vpsQlyFgVxWxkFKmWT4iZgZwO+NqTtjd 1x1nVtw1KRnGQP748d3iBtUApsH9jS1PDer9ZJXyjVEy2jfiK6exHRcC7HGkCtz4 UTLoqw65N+bTUfGvAnlOJ8EqD9hjqLFZyTKNQ1uiK19/UDzhdp0= =nX+I -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-08102018 for you to fetch changes up to 3ab4f07c10e5c704c2c46d772debf0b2fb7c3467: xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (2018-10-03 22:23:37 -0400) - ---------------------------------------------------------------- for-greg-4.14-08102018 - ---------------------------------------------------------------- Anton Vasilyev (1): usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Ben Skeggs (2): drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race Chris Phlipot (1): perf util: Fix bad memory access in trace info. Christian König (1): drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk Dan Carpenter (1): cifs: read overflow in is_valid_oplock_break() Daniel Jurgens (1): net/mlx5: Consider PCI domain in search for next dev Hans de Goede (1): HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report Harry Mallon (1): HID: hid-saitek: Add device ID for RAT 7 Contagion Heinz Mauelshagen (1): dm raid: fix rebuild of specific devices by updating superblock Hisao Tanabe (1): perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() Jacek Tomaka (1): perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs Jann Horn (1): RDMA/ucma: check fd type in ucma_migrate_id() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng (1): r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Martin Willi (1): netfilter: xt_cluster: add dependency on conntrack module Matt Ranostay (1): Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" Miguel Ojeda (1): arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" Netanel Belgazal (2): net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE Nilesh Javali (1): scsi: qedi: Add the CRC size within iSCSI NVM image Olaf Hering (1): xen: avoid crash in disable_hotplug_cpu Pablo Neira Ayuso (1): netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Sagi Grimberg (1): nvmet-rdma: fix possible bogus dereference under heavy load Sandipan Das (1): perf probe powerpc: Ignore SyS symbols irrespective of endianness Sean O'Brien (1): HID: add support for Apple Magic Keyboards Stephen Boyd (1): pinctrl: msm: Really mask level interrupts to prevent latching Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Taehee Yoo (1): netfilter: nf_tables: release chain in flushing set Vincent Pelletier (1): scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Wenjia Zhang (1): s390/qeth: use vzalloc for QUERY OAT buffer arch/arm64/include/asm/jump_label.h | 4 +- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/x86/events/intel/lbr.c | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 ++++--- drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 17 +++-- drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c | 2 + drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/devinit/gm200.c | 3 +- drivers/hid/hid-apple.c | 9 ++- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-saitek.c | 2 + drivers/hid/hid-sensor-hub.c | 23 +++++++ drivers/iio/temperature/maxim_thermocouple.c | 1 - drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-raid.c | 5 ++ drivers/md/dm-thin-metadata.c | 36 ++++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/net/ethernet/amazon/ena/ena_com.c | 8 +-- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/amazon/ena/ena_netdev.h | 11 ++++ drivers/net/ethernet/mellanox/mlx5/core/dev.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/nvme/target/rdma.c | 27 +++++++- drivers/pinctrl/qcom/pinctrl-msm.c | 24 +++++++ drivers/s390/net/qeth_core_main.c | 5 +- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/qedi/qedi.h | 7 ++- drivers/scsi/qedi/qedi_main.c | 28 +++++---- drivers/target/iscsi/iscsi_target_login.c | 8 +-- drivers/usb/gadget/udc/fotg210-udc.c | 15 +++-- drivers/usb/misc/yurex.c | 3 + drivers/xen/cpu_hotplug.c | 15 ++--- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 +-- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 +-- net/netfilter/nf_conntrack_proto_dccp.c | 12 ++-- net/netfilter/nf_conntrack_proto_generic.c | 8 +-- net/netfilter/nf_conntrack_proto_gre.c | 8 +-- net/netfilter/nf_conntrack_proto_sctp.c | 14 ++--- net/netfilter/nf_conntrack_proto_tcp.c | 12 ++-- net/netfilter/nf_conntrack_proto_udp.c | 20 +++--- net/netfilter/nf_tables_api.c | 1 + net/netfilter/xt_cluster.c | 14 ++++- tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/evsel.c | 5 +- tools/perf/util/trace-event-info.c | 2 +- 52 files changed, 408 insertions(+), 142 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlu7cYwACgkQ3qZv95d3 LNwxIg//XuOMBAUlGyM9sgqUgbHSoTCeq+NssR49ijpiK/Qa068KIBCcBFUHd9SX fBdxDbF80d56CVC34EbdltN7OjafPlVPbOnA2MAUel64pvrNNkBEEecXKXk7rOrq xnSX4wbQX/vJcdbPf1RgE4RQuSCLhRVpbCSL74W+MP9FZv9gHlF9Cfle6tVnWR6j nSVYw8Uyh4Hh3vAncf8tdBwrm2+eg7QEAalssD2mGiNdVnxWcuw30y8eUDyPI8p9 iBYhmLMrXKdrcupBHRMYv7bA/BA3fW9fBb2iOQYiuWCRe82dyFrcp6Zqu0MlzGQn TzgxnROGvujDMkRyMTcwPEISrirDWnMwUyyk4cCKl+K/sxsT+PTW/yMkLgluldLv KHmyeYNGyTXxOozTUSUmF3VcXanxM++xUGVsEP/zGn5UjO919iVjF71mqgZPUXpC bUfdcI0bdmpDnbayVQDoztidg+Ru9aRKA1DmMdBX2B/MSE6/xAZ8my3FPUJ+/Nkq YH8SypNLG4v45KGwLaVO4mPZqhMW6bFc8l/edrtNoaPuDtSwd/2YREvIY0W039Ux 6PkWPwrIa+L4eW8MjpCCmRstgma3CrMFfOwHNmvtvsvCgtxMMnSvrdqqm3PtE3Pv FylEUBHdkuU0XUJAV2kd5XwiczsokrN7G1WENuvylWYwJ+39io0= =jkO/ -----END PGP SIGNATURE-----

6 years, 11 months

1
0
0 0

[PATCH] kernel/bounds: Provide prototype for foo

by Kieran Bingham

kernel/bounds.c is recompiled on every build, and shows the following warning when compiling with W=1: CC kernel/bounds.s linux/kernel/bounds.c:16:6: warning: no previous prototype for ‘foo’ [-Wmissing-prototypes] void foo(void) ^~~ Provide a prototype to satisfy the compiler. Signed-off-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: stable(a)vger.kernel.org --- I compile all of my incremental builds with W=1, which allows me to know instantly if I add a new compiler warning in code I generate. This warning always comes up and seems trivial to clean up. --- kernel/bounds.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bounds.c b/kernel/bounds.c index c373e887c066..60136d937800 100644 --- a/kernel/bounds.c +++ b/kernel/bounds.c @@ -13,6 +13,8 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> +void foo(void); + void foo(void) { /* The enum constants to put into include/generated/bounds.h */ -- 2.17.1

6 years, 11 months

7
16
0 0

[PATCH v2] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Changes in v2: * Only update nr_pages if the last entry in the pagevec is multi-order. fs/dax.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..0fb270f0a0ef 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,15 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* + * Account for multi-order entries at + * the end of the pagevec. + */ + if (i + 1 >= pagevec_count(&pvec)) + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +705,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ out: } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 11 months

1
0
0 0

[PATCH stable 4.14, 4.18] bpf: 32-bit RSH verification must truncate input before the ALU op

by Daniel Borkmann

From: Jann Horn <jannh(a)google.com> [ upstream commit b799207e1e1816b09e7a5920fbb2d5fcf6edd681 ] When I wrote commit 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification"), I assumed that, in order to emulate 64-bit arithmetic with 32-bit logic, it is sufficient to just truncate the output to 32 bits; and so I just moved the register size coercion that used to be at the start of the function to the end of the function. That assumption is true for almost every op, but not for 32-bit right shifts, because those can propagate information towards the least significant bit. Fix it by always truncating inputs for 32-bit ops to 32 bits. Also get rid of the coerce_reg_to_size() after the ALU op, since that has no effect. Fixes: 468f6eafa6c4 ("bpf: fix 32-bit ALU op verification") Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- kernel/bpf/verifier.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index adbe21c..82e8ede 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2865,6 +2865,15 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, u64 umin_val, umax_val; u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32; + if (insn_bitness == 32) { + /* Relevant for 32-bit RSH: Information can propagate towards + * LSB, so it isn't sufficient to only truncate the output to + * 32 bits. + */ + coerce_reg_to_size(dst_reg, 4); + coerce_reg_to_size(&src_reg, 4); + } + smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; @@ -3100,7 +3109,6 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, if (BPF_CLASS(insn->code) != BPF_ALU64) { /* 32-bit ALU ops are (32,32)->32 */ coerce_reg_to_size(dst_reg, 4); - coerce_reg_to_size(&src_reg, 4); } __reg_deduce_bounds(dst_reg); -- 2.9.5

6 years, 11 months

2
1
0 0

Re: [PATCH 03/16] vfs: don't evict uninitialized inode

by Amir Goldstein

> Miklos, > > Seeing that it wasn't fixed in 4.18.. > > > I've nothing against applying "new primitive: discard_new_inode() now > > + this patch, but if it is deemed too risky at this point, we could > > just revert the buggy commit 80ea09a002bf ("vfs: factor out > > inode_insert5()") and its dependencies. > > > > Should we propose for stable the upstream commits: > e950564b97fd vfs: don't evict uninitialized inode > c2b6d621c4ff new primitive: discard_new_inode() > > Or should we go with the independent v1 patch: > https://patchwork.kernel.org/patch/10511969/ > Greg, To fix a 4.18 overlayfs regression please apply the following 3 upstream commits (in apply order): c2b6d621c4ff new primitive: discard_new_inode() e950564b97fd vfs: don't evict uninitialized inode 6faf05c2b2b4 ovl: set I_CREATING on inode being created Thanks, Amir.

6 years, 11 months

3
2
0 0

[PATCH 08/15] bcache: fix miss key refill->end in writeback

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> refill->end record the last key of writeback, for example, at the first time, keys (1,128K) to (1,1024K) are flush to the backend device, but the end key (1,1024K) is not included, since the bellow code: if (bkey_cmp(k, refill->end) >= 0) { ret = MAP_DONE; goto out; } And in the next time when we refill writeback keybuf again, we searched key start from (1,1024K), and got a key bigger than it, so the key (1,1024K) missed. This patch modify the above code, and let the end key to be included to the writeback key buffer. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index e7d4817681f2..3f4211b5cd33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -2434,7 +2434,7 @@ static int refill_keybuf_fn(struct btree_op *op, struct btree *b, struct keybuf *buf = refill->buf; int ret = MAP_CONTINUE; - if (bkey_cmp(k, refill->end) >= 0) { + if (bkey_cmp(k, refill->end) > 0) { ret = MAP_DONE; goto out; } -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH 06/15] bcache: correct dirty data statistics

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When bcache device is clean, dirty keys may still exist after journal replay, so we need to count these dirty keys even device in clean status, otherwise after writeback, the amount of dirty data would be incorrect. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/super.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index a99af19d2f91..4989c7d4d4d0 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1152,11 +1152,12 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, } if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) { - bch_sectors_dirty_init(&dc->disk); atomic_set(&dc->has_dirty, 1); bch_writeback_queue(dc); } + bch_sectors_dirty_init(&dc->disk); + bch_cached_dev_run(dc); bcache_device_link(&dc->disk, c, "bdev"); atomic_inc(&c->attached_dev_nr); -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH 04/15] bcache: fix ioctl in flash device

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> When doing ioctl in flash device, it will call ioctl_dev() in super.c, then we should not to get cached device since flash only device has no backend device. This patch just move the jugement dc->io_disable to cached_dev_ioctl() to make ioctl in flash device correctly. Fixes: 0f0709e6bfc3c ("bcache: stop bcache device when backing device is offline") Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 3 +++ drivers/md/bcache/super.c | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index ee15fb039fd0..3bf35914bb57 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -1218,6 +1218,9 @@ static int cached_dev_ioctl(struct bcache_device *d, fmode_t mode, { struct cached_dev *dc = container_of(d, struct cached_dev, disk); + if (dc->io_disable) + return -EIO; + return __blkdev_driver_ioctl(dc->bdev, mode, cmd, arg); } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 448e531e8c2d..a99af19d2f91 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -647,10 +647,6 @@ static int ioctl_dev(struct block_device *b, fmode_t mode, unsigned int cmd, unsigned long arg) { struct bcache_device *d = b->bd_disk->private_data; - struct cached_dev *dc = container_of(d, struct cached_dev, disk); - - if (dc->io_disable) - return -EIO; return d->ioctl(d, mode, cmd, arg); } -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH 02/15] bcache: trace missed reading by cache_missed

by Coly Li

From: Tang Junhui <tang.junhui.linux(a)gmail.com> Missed reading IOs are identified by s->cache_missed, not the s->cache_miss, so in trace_bcache_read() using trace_bcache_read to identify whether the IO is missed or not. Signed-off-by: Tang Junhui <tang.junhui.linux(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 51be355a3309..4946d486f734 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -850,7 +850,7 @@ static void cached_dev_read_done_bh(struct closure *cl) bch_mark_cache_accounting(s->iop.c, s->d, !s->cache_missed, s->iop.bypass); - trace_bcache_read(s->orig_bio, !s->cache_miss, s->iop.bypass); + trace_bcache_read(s->orig_bio, !s->cache_missed, s->iop.bypass); if (s->iop.status) continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq); -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH AUTOSEL 4.18 01/48] ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs

by Sasha Levin

From: Charles Keepax <ckeepax(a)opensource.cirrus.com> [ Upstream commit 249dc49576fc953a7378b916c6a6d47ea81e4da2 ] Commit a655de808cbde ("ASoC: core: Allow topology to override machine driver FE DAI link config.") caused soc_dai_hw_params to be come dependent on the substream private_data being set with a pointer to the snd_soc_pcm_runtime. Currently, CODEC to CODEC links don't set this, which causes a NULL pointer dereference: [<4069de54>] (soc_dai_hw_params) from [<40694b68>] (snd_soc_dai_link_event+0x1a0/0x380) Since the ASoC core in general assumes that the substream private_data will be set to a pointer to the snd_soc_pcm_runtime, update the CODEC to CODEC links to respect this. Signed-off-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- include/sound/soc-dapm.h | 1 + sound/soc/soc-core.c | 4 ++-- sound/soc/soc-dapm.c | 4 ++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/sound/soc-dapm.h b/include/sound/soc-dapm.h index a6ce2de4e20a..be3bee1cf91f 100644 --- a/include/sound/soc-dapm.h +++ b/include/sound/soc-dapm.h @@ -410,6 +410,7 @@ int snd_soc_dapm_new_dai_widgets(struct snd_soc_dapm_context *dapm, int snd_soc_dapm_link_dai_widgets(struct snd_soc_card *card); void snd_soc_dapm_connect_dai_link_widgets(struct snd_soc_card *card); int snd_soc_dapm_new_pcm(struct snd_soc_card *card, + struct snd_soc_pcm_runtime *rtd, const struct snd_soc_pcm_stream *params, unsigned int num_params, struct snd_soc_dapm_widget *source, diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index 4663de3cf495..0b4896d411f9 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -1430,7 +1430,7 @@ static int soc_link_dai_widgets(struct snd_soc_card *card, sink = codec_dai->playback_widget; source = cpu_dai->capture_widget; if (sink && source) { - ret = snd_soc_dapm_new_pcm(card, dai_link->params, + ret = snd_soc_dapm_new_pcm(card, rtd, dai_link->params, dai_link->num_params, source, sink); if (ret != 0) { @@ -1443,7 +1443,7 @@ static int soc_link_dai_widgets(struct snd_soc_card *card, sink = cpu_dai->playback_widget; source = codec_dai->capture_widget; if (sink && source) { - ret = snd_soc_dapm_new_pcm(card, dai_link->params, + ret = snd_soc_dapm_new_pcm(card, rtd, dai_link->params, dai_link->num_params, source, sink); if (ret != 0) { diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index a099c3e45504..577f6178af57 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -3658,6 +3658,7 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, { struct snd_soc_dapm_path *source_p, *sink_p; struct snd_soc_dai *source, *sink; + struct snd_soc_pcm_runtime *rtd = w->priv; const struct snd_soc_pcm_stream *config = w->params + w->params_select; struct snd_pcm_substream substream; struct snd_pcm_hw_params *params = NULL; @@ -3717,6 +3718,7 @@ static int snd_soc_dai_link_event(struct snd_soc_dapm_widget *w, goto out; } substream.runtime = runtime; + substream.private_data = rtd; switch (event) { case SND_SOC_DAPM_PRE_PMU: @@ -3901,6 +3903,7 @@ snd_soc_dapm_alloc_kcontrol(struct snd_soc_card *card, } int snd_soc_dapm_new_pcm(struct snd_soc_card *card, + struct snd_soc_pcm_runtime *rtd, const struct snd_soc_pcm_stream *params, unsigned int num_params, struct snd_soc_dapm_widget *source, @@ -3969,6 +3972,7 @@ int snd_soc_dapm_new_pcm(struct snd_soc_card *card, w->params = params; w->num_params = num_params; + w->priv = rtd; ret = snd_soc_dapm_add_path(&card->dapm, source, w, NULL, NULL); if (ret) -- 2.17.1

6 years, 11 months

3
51
0 0

[PATCH] percpu: stop leaking bitmap metadata blocks

by Mike Rapoport

The commit ca460b3c9627 ("percpu: introduce bitmap metadata blocks") introduced bitmap metadata blocks. These metadata blocks are allocated whenever a new chunk is created, but they are never freed. Fix it. Fixes: ca460b3c9627 ("percpu: introduce bitmap metadata blocks") Signed-off-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org --- mm/percpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/percpu.c b/mm/percpu.c index d21cb13..25104cd 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -1212,6 +1212,7 @@ static void pcpu_free_chunk(struct pcpu_chunk *chunk) { if (!chunk) return; + pcpu_mem_free(chunk->md_blocks); pcpu_mem_free(chunk->bound_map); pcpu_mem_free(chunk->alloc_map); pcpu_mem_free(chunk); -- 2.7.4

6 years, 11 months

2
1
0 0

[PATCH v2 03/29] clk: sunxi-ng: Use u64 for calculation of NM rate

by Jernej Skrabec

Allwinner H6 SoC has multiplier N range between 1 and 254. Since parent rate is 24MHz, intermediate result when calculating final rate easily overflows 32 bit variable. Because of that, introduce function for calculating clock rate which uses 64 bit variable for intermediate result. Fixes: 6174a1e24b0d ("clk: sunxi-ng: Add N-M-factor clock support") Fixes: ee28648cb2b4 ("clk: sunxi-ng: Remove the use of rational computations") CC: <stable(a)vger.kernel.org> Signed-off-by: Jernej Skrabec <jernej.skrabec(a)siol.net> --- drivers/clk/sunxi-ng/ccu_nm.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/clk/sunxi-ng/ccu_nm.c b/drivers/clk/sunxi-ng/ccu_nm.c index 6fe3c14f7b2d..424d8635b053 100644 --- a/drivers/clk/sunxi-ng/ccu_nm.c +++ b/drivers/clk/sunxi-ng/ccu_nm.c @@ -19,6 +19,17 @@ struct _ccu_nm { unsigned long m, min_m, max_m; }; +static unsigned long ccu_nm_calc_rate(unsigned long parent, + unsigned long n, unsigned long m) +{ + u64 rate = parent; + + rate *= n; + do_div(rate, m); + + return rate; +} + static void ccu_nm_find_best(unsigned long parent, unsigned long rate, struct _ccu_nm *nm) { @@ -28,7 +39,8 @@ static void ccu_nm_find_best(unsigned long parent, unsigned long rate, for (_n = nm->min_n; _n <= nm->max_n; _n++) { for (_m = nm->min_m; _m <= nm->max_m; _m++) { - unsigned long tmp_rate = parent * _n / _m; + unsigned long tmp_rate = ccu_nm_calc_rate(parent, + _n, _m); if (tmp_rate > rate) continue; @@ -100,7 +112,7 @@ static unsigned long ccu_nm_recalc_rate(struct clk_hw *hw, if (ccu_sdm_helper_is_enabled(&nm->common, &nm->sdm)) rate = ccu_sdm_helper_read_rate(&nm->common, &nm->sdm, m, n); else - rate = parent_rate * n / m; + rate = ccu_nm_calc_rate(parent_rate, n, m); if (nm->common.features & CCU_FEATURE_FIXED_POSTDIV) rate /= nm->fixed_post_div; @@ -149,7 +161,7 @@ static long ccu_nm_round_rate(struct clk_hw *hw, unsigned long rate, _nm.max_m = nm->m.max ?: 1 << nm->m.width; ccu_nm_find_best(*parent_rate, rate, &_nm); - rate = *parent_rate * _nm.n / _nm.m; + rate = ccu_nm_calc_rate(*parent_rate, _nm.n, _nm.m); if (nm->common.features & CCU_FEATURE_FIXED_POSTDIV) rate /= nm->fixed_post_div; -- 2.19.0

6 years, 11 months

1
0
0 0

[PATCH] filesystem-dax: Fix dax_layout_busy_page() livelock

by Dan Williams

In the presence of multi-order entries the typical pagevec_lookup_entries() pattern may loop forever: while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { ... for (i = 0; i < pagevec_count(&pvec); i++) { index = indices[i]; ... } index++; /* BUG */ } The loop updates 'index' for each index found and then increments to the next possible page to continue the lookup. However, if the last entry in the pagevec is multi-order then the next possible page index is more than 1 page away. Fix this locally for the filesystem-dax case by checking for dax-multi-order entries. Going forward new users of multi-order entries need to be similarly careful, or we need a generic way to report the page increment in the radix iterator. Fixes: 5fac7408d828 ("mm, fs, dax: handle layout changes to pinned dax...") Cc: <stable(a)vger.kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Ross Zwisler <zwisler(a)kernel.org> Cc: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- fs/dax.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index 4becbf168b7f..c1472eede1f7 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -666,6 +666,8 @@ struct page *dax_layout_busy_page(struct address_space *mapping) while (index < end && pagevec_lookup_entries(&pvec, mapping, index, min(end - index, (pgoff_t)PAGEVEC_SIZE), indices)) { + pgoff_t nr_pages = 1; + for (i = 0; i < pagevec_count(&pvec); i++) { struct page *pvec_ent = pvec.pages[i]; void *entry; @@ -680,8 +682,11 @@ struct page *dax_layout_busy_page(struct address_space *mapping) xa_lock_irq(&mapping->i_pages); entry = get_unlocked_mapping_entry(mapping, index, NULL); - if (entry) + if (entry) { page = dax_busy_page(entry); + /* account for multi-order entries */ + nr_pages = 1UL << dax_radix_order(entry); + } put_unlocked_mapping_entry(mapping, index, entry); xa_unlock_irq(&mapping->i_pages); if (page) @@ -696,7 +701,7 @@ struct page *dax_layout_busy_page(struct address_space *mapping) */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); - index++; + index += nr_pages; if (page) break;

6 years, 11 months

1
1
0 0

please apply d41aa5252394 ("mm: madvise(MADV_DODUMP): allow hugetlbfs pages")

by Daniel Black

This is a bugfix on 0103bd16fb90 which exists in 3.16+ stable trees Mike Kravetz confirmed this as a regression: https://marc.info/?l=linux-mm&m=153843190414206&w=2 Thanks -- Daniel Black

6 years, 11 months

2
1
0 0

[PATCH stable 0/2] termios: Alpha BOTHER/IBSHIFT, tty_baudrate fix

by H. Peter Anvin

From: "H. Peter Anvin (Intel)" <hpa(a)zytor.com> It turns out that Alpha is the only architecture that never implemented BOTHER and IBSHIFT, which is otherwise ages old. This is one thing that has held up glibc support for this feature (all other architectures have supported these for about a decade, at least before the current 3.2 glibc cutoff.) Furthermore, in the process of dealing with this, I discovered that the current code in tty_baudrate.c can read past the end of the baud_table[] on Alpha and PowerPC. The second patch in this series fixes that, but it also cleans up the code substantially by auto-generating the table and, since all architectures now have them, removing all conditionals for BOTHER and IBSHIFT existing. Tagging for stable because these are concrete problems. I have a much bigger update in process, nearly done, which will clean up a lot of duplicated code and make the uapi headers usable for libc, but that is not critical on the same level. Tested on x86, compile-tested on Alpha. Signed-off-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jslaby(a)suse.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Matt Turner <mattst88(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kate Stewart <kstewart(a)linuxfoundation.org> Cc: Philippe Ombredanne <pombredanne(a)nexb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Eugene Syromiatnikov <esyr(a)redhat.com> Cc: <linux-alpha(a)vger.kernel.org> Cc: <linux-serial(a)vger.kernel.org> Cc: Johan Hovold <johan(a)kernel.org> Cc: Alan Cox <alan(a)lxorguk.ukuu.org.uk> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org> --- arch/alpha/include/asm/termios.h | 8 +- arch/alpha/include/uapi/asm/ioctls.h | 5 + arch/alpha/include/uapi/asm/termbits.h | 17 +++ drivers/tty/.gitignore | 1 + drivers/tty/Makefile | 16 +++ drivers/tty/bmacros.c | 2 + drivers/tty/tty_baudrate.c | 190 +++++++++++++-------------------- 7 files changed, 122 insertions(+), 117 deletions(-)

6 years, 11 months

1
2
0 0

[PATCH] remoteproc: qcom: q6v5: Propagate EPROBE_DEFER

by Bjorn Andersson

In the case that the interrupts fail to result because of the interrupt-controller not yet being registered the platform_get_irq_byname() call will fail with -EPROBE_DEFER, but passing this into devm_request_threaded_irq() will result in -EINVAL being returned, the driver is therefor not reprobed later. Fixes: 3b415c8fb263 ("remoteproc: q6v5: Extract common resource handling") Cc: stable(a)vger.kernel.org Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/remoteproc/qcom_q6v5.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/remoteproc/qcom_q6v5.c b/drivers/remoteproc/qcom_q6v5.c index 61a760ee4aac..e9ab90c19304 100644 --- a/drivers/remoteproc/qcom_q6v5.c +++ b/drivers/remoteproc/qcom_q6v5.c @@ -198,6 +198,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->fatal_irq = platform_get_irq_byname(pdev, "fatal"); + if (q6v5->fatal_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->fatal_irq, NULL, q6v5_fatal_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -208,6 +211,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->ready_irq = platform_get_irq_byname(pdev, "ready"); + if (q6v5->ready_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->ready_irq, NULL, q6v5_ready_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -218,6 +224,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, } q6v5->handover_irq = platform_get_irq_byname(pdev, "handover"); + if (q6v5->handover_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->handover_irq, NULL, q6v5_handover_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, @@ -229,6 +238,9 @@ int qcom_q6v5_init(struct qcom_q6v5 *q6v5, struct platform_device *pdev, disable_irq(q6v5->handover_irq); q6v5->stop_irq = platform_get_irq_byname(pdev, "stop-ack"); + if (q6v5->stop_irq == -EPROBE_DEFER) + return -EPROBE_DEFER; + ret = devm_request_threaded_irq(&pdev->dev, q6v5->stop_irq, NULL, q6v5_stop_interrupt, IRQF_TRIGGER_RISING | IRQF_ONESHOT, -- 2.18.0

6 years, 11 months

2
2
0 0

[PATCH] jbd2: Fix use after free in jbd2_log_do_checkpoint()

by Jan Kara

The code cleaning transaction's lists of checkpoint buffers has a bug where it increases bh refcount only after releasing journal->j_list_lock. Thus the following race is possible: CPU0 CPU1 jbd2_log_do_checkpoint() jbd2_journal_try_to_free_buffers() __journal_try_to_free_buffer(bh) ... while (transaction->t_checkpoint_io_list) ... if (buffer_locked(bh)) { <-- IO completes now, buffer gets unlocked --> spin_unlock(&journal->j_list_lock); spin_lock(&journal->j_list_lock); __jbd2_journal_remove_checkpoint(jh); spin_unlock(&journal->j_list_lock); try_to_free_buffers(page); get_bh(bh) <-- accesses freed bh Fix the problem by grabbing bh reference before unlocking journal->j_list_lock. Fixes: dc6e8d669cf5cb3ff84707c372c0a2a8a5e80845 Fixes: be1158cc615fd723552f0d9912087423c7cadda5 Reported-by: syzbot+7f4a27091759e2fe7453(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/jbd2/checkpoint.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c index c125d662777c..26f8d7e46462 100644 --- a/fs/jbd2/checkpoint.c +++ b/fs/jbd2/checkpoint.c @@ -251,8 +251,8 @@ int jbd2_log_do_checkpoint(journal_t *journal) bh = jh2bh(jh); if (buffer_locked(bh)) { - spin_unlock(&journal->j_list_lock); get_bh(bh); + spin_unlock(&journal->j_list_lock); wait_on_buffer(bh); /* the journal_head may have gone by now */ BUFFER_TRACE(bh, "brelse"); @@ -333,8 +333,8 @@ int jbd2_log_do_checkpoint(journal_t *journal) jh = transaction->t_checkpoint_io_list; bh = jh2bh(jh); if (buffer_locked(bh)) { - spin_unlock(&journal->j_list_lock); get_bh(bh); + spin_unlock(&journal->j_list_lock); wait_on_buffer(bh); /* the journal_head may have gone by now */ BUFFER_TRACE(bh, "brelse"); -- 2.16.4

6 years, 11 months

4
8
0 0

[patch 13/14] ocfs2: fix locking for res->tracking and dlm->tracking_list

by akpm＠linux-foundation.org

From: Ashish Samant <ashish.samant(a)oracle.com> Subject: ocfs2: fix locking for res->tracking and dlm->tracking_list In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/fs/ocfs2/dlm/dlmmaster.c~ocfs2-fix-locking-for-res-tracking-and-dlm-tracking_list +++ a/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); _

6 years, 11 months

1
0
0 0

[patch 11/14] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/vmstat.c~mm-vmstat-skip-nr_tlb_remote_flush-properly +++ a/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", _

6 years, 11 months

1
0
0 0

[patch 09/14] proc: restrict kernel stack dumps to root

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: proc: restrict kernel stack dumps to root Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Ken Chen <kenchen(a)google.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/proc/base.c~proc-restrict-kernel-stack-dumps-to-root +++ a/fs/proc/base.c @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_fil unsigned long *entries; int err; + /* + * The ability to racily run the kernel stack unwinder on a running task + * and then observe the unwinder output is scary; while it is useful for + * debugging kernel issues, it can also allow an attacker to leak kernel + * stack contents. + * Doing this in a manner that is at least safe from races would require + * some work to ensure that the remote task can not be scheduled; and + * even then, this would still expose the unwinder as local attack + * surface. + * Therefore, this interface is restricted to root. + */ + if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) + return -EACCES; + entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), GFP_KERNEL); if (!entries) _

6 years, 11 months

1
0
0 0

[patch 04/14] mm, thp: fix mlocking THP page with migration enabled

by akpm＠linux-foundation.org

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _

6 years, 11 months

1
0
0 0

[patch 01/14] mm: migration: fix migration of huge PMD shared pages

by akpm＠linux-foundation.org

From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com [mike.kravetz(a)oracle.com: make _range_in_vma() a static inline] Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ include/linux/mm.h | 6 +++++ mm/hugetlb.c | 37 +++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 4 files changed, 94 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/include/linux/mm.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/mm.h @@ -2455,6 +2455,12 @@ static inline struct vm_area_struct *fin return vma; } +static inline bool range_in_vma(struct vm_area_struct *vma, + unsigned long start, unsigned long end) +{ + return (vma && vma->vm_start <= start && end <= vma->vm_end); +} + #ifdef CONFIG_MMU pgprot_t vm_get_page_prot(unsigned long vm_flags); void vma_set_page_prot(struct vm_area_struct *vma); --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4545,13 +4545,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4648,6 +4676,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _

6 years, 11 months

1
0
0 0

[PATCH] ARC: clone syscall to setp r25 as thread pointer

by Vineet Gupta

Per ARC TLS ABI, r25 is designated TP (thread pointer register). However so far kernel didn't do any special treatment, like setting up usermode r25, even for CLONE_SETTLS. We instead relied on libc runtime to do this, in say clone libc wrapper [1]. This was deliberate to keep kernel ABI agnostic (userspace could potentially change TP, specially for different ARC ISA say ARCompact vs. ARCv2 with different spare registers etc) However userspace setting up r25, after clone syscall opens a race, if child is not scheduled and gets a signal instead. It starts off in userspace not in clone but in a signal handler and anything TP sepcific there such as pthread_self() fails which showed up with uClibc testsuite nptl/tst-kill6 [2] Fix this by having kernel populate r25 to TP value. So this locks in ABI, but it was not going to change anyways, and fwiw is same for both ARCompact (arc700 core) and ARCvs (HS3x cores) [1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/sysdeps/linux/a… [2] https://github.com/wbx-github/uclibc-ng-test/blob/master/test/nptl/tst-kill… Fixes: ARC STAR 9001378481 Cc: stable(a)vger.kernel.org Reported-by: Nikita Sobolev <sobolev(a)synopsys.com> Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> --- arch/arc/kernel/process.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arc/kernel/process.c b/arch/arc/kernel/process.c index 4674541eba3f..c29fa8ceb2d6 100644 --- a/arch/arc/kernel/process.c +++ b/arch/arc/kernel/process.c @@ -241,6 +241,26 @@ int copy_thread(unsigned long clone_flags, task_thread_info(current)->thr_ptr; } + + /* + * setup usermode thread pointer #1: + * when child is picked by scheduler, __switch_to() uses @c_callee to + * populate usermode callee regs: this is fine even despite being in a + * kernel function since special return path for child @ret_from_fork() + * ensures those regs are not clobbered all the way to RTIE to usermode + */ + c_callee->r25 = task_thread_info(p)->thr_ptr; + +#ifdef CONFIG_ARC_CURR_IN_REG + /* + * setup usermode thread pointer #2: + * however for this special use of r25 in kernel, __switch_to() sets + * r25 for kernel needs and only in the final return path is usermode + * r25 setup, from pt_regs->user_r25. So set that up as well + */ + c_regs->user_r25 = c_callee->r25; +#endif + return 0; } -- 2.7.4

6 years, 11 months

1
0
0 0

+ kbuild-fix-kernel-boundsc-w=1-warning.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kbuild: fix kernel/bounds.c 'W=1' warning has been added to the -mm tree. Its filename is kbuild-fix-kernel-boundsc-w=1-warning.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/kbuild-fix-kernel-boundsc-w%3D1-wa… and later at http://ozlabs.org/~akpm/mmotm/broken-out/kbuild-fix-kernel-boundsc-w%3D1-wa… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kbuild: fix kernel/bounds.c 'W=1' warning Building any configuration with 'make W=1' produces a warning: kernel/bounds.c:16:6: warning: no previous prototype for 'foo' [-Wmissing-prototypes] When also passing -Werror, this prevents us from building any other files. Nobody ever calls the function, but we can't make it 'static' either since we want the compiler output. Calling it 'main' instead however avoids the warning, because gcc does not insist on having a declaration for main. Link: http://lkml.kernel.org/r/20181005083313.2088252-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reported-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/bounds.c~kbuild-fix-kernel-boundsc-w=1-warning +++ a/kernel/bounds.c @@ -13,7 +13,7 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> -void foo(void) +int main(void) { /* The enum constants to put into include/generated/bounds.h */ DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); @@ -23,4 +23,6 @@ void foo(void) #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); /* End of constants */ + + return 0; } _ Patches currently in -mm which might be from arnd(a)arndb.de are ocfs2-dlmglue-clean-up-timestamp-handling.patch hugetlb-introduce-generic-version-of-huge_ptep_get-fix.patch kbuild-fix-kernel-boundsc-w=1-warning.patch vfs-replace-current_kernel_time64-with-ktime-equivalent.patch

6 years, 11 months

1
0
0 0

[PATCH] lib/bch: fix possible stack overrun

by Arnd Bergmann

The previous patch introduced very large kernel stack usage and a Makefile change to hide the warning about it. >From what I can tell, a number of things went wrong here: - The BCH_MAX_T constant was set to the maximum value for 'n', not the maximum for 't', which is much smaller. - The stack usage is actually larger than the entire kernel stack on some architectures that can use 4KB stacks (m68k, sh, c6x), which leads to an immediate overrun. - The justification in the patch description claimed that nothing changed, however that is not the case even without the two points above: the configuration is machine specific, and most boards never use the maximum BCH_ECC_WORDS() length but instead have something much smaller. That maximum would only apply to machines that use both the maximum block size and the maximum ECC strength. The largest value for 't' that I could find is '32', which in turn leads to a 60 byte array instead of 2048 bytes. With that changed, the warning can be enabled again. Fixes: 02361bc77888 ("lib/bch: Remove VLA usage") Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- Please review carefully to ensure my logic is correct. I spent a long time trying to understand what is going on here, but I'm not too familiar with this algorithm, and it's possible I still got it wrong as well. In particular, I'm not 100% sure if '32' is the maximum ECC strength we can support, or if a larger one (which?) might be possible. --- lib/Makefile | 1 - lib/bch.c | 10 ++++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 8c9647fa271a..12c479dd46e0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -122,7 +122,6 @@ obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/ obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/ obj-$(CONFIG_REED_SOLOMON) += reed_solomon/ obj-$(CONFIG_BCH) += bch.o -CFLAGS_bch.o := $(call cc-option,-Wframe-larger-than=4500) obj-$(CONFIG_LZO_COMPRESS) += lzo/ obj-$(CONFIG_LZO_DECOMPRESS) += lzo/ obj-$(CONFIG_LZ4_COMPRESS) += lz4/ diff --git a/lib/bch.c b/lib/bch.c index 7b0f2006698b..3ef1a3467e7b 100644 --- a/lib/bch.c +++ b/lib/bch.c @@ -79,20 +79,19 @@ #define GF_T(_p) (CONFIG_BCH_CONST_T) #define GF_N(_p) ((1 << (CONFIG_BCH_CONST_M))-1) #define BCH_MAX_M (CONFIG_BCH_CONST_M) +#define BCH_MAX_T (CONFIG_BCH_CONST_T) #else #define GF_M(_p) ((_p)->m) #define GF_T(_p) ((_p)->t) #define GF_N(_p) ((_p)->n) -#define BCH_MAX_M 15 +#define BCH_MAX_M 15 /* 2KB */ +#define BCH_MAX_T 32 /* 32 bit correction */ #endif -#define BCH_MAX_T (((1 << BCH_MAX_M) - 1) / BCH_MAX_M) - #define BCH_ECC_WORDS(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 32) #define BCH_ECC_BYTES(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 8) #define BCH_ECC_MAX_WORDS DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 32) -#define BCH_ECC_MAX_BYTES DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 8) #ifndef dbg #define dbg(_fmt, args...) do {} while (0) @@ -202,6 +201,9 @@ void encode_bch(struct bch_control *bch, const uint8_t *data, const uint32_t * const tab3 = tab2 + 256*(l+1); const uint32_t *pdata, *p0, *p1, *p2, *p3; + if (WARN_ON(r_bytes > sizeof(r))) + return; + if (ecc) { /* load ecc parity bytes into internal 32-bit buffer */ load_ecc8(bch, bch->ecc_buf, ecc); -- 2.18.0

6 years, 11 months

2
1
0 0

[PATCH AUTOSEL 4.4 01/11] ASoC: wm8804: Add ACPI support

by Sasha Levin

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> [ Upstream commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm8804-i2c.c b/sound/soc/codecs/wm8804-i2c.c index f27464c2c5ba..79541960f45d 100644 --- a/sound/soc/codecs/wm8804-i2c.c +++ b/sound/soc/codecs/wm8804-i2c.c @@ -13,6 +13,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/i2c.h> +#include <linux/acpi.h> #include "wm8804.h" @@ -40,17 +41,29 @@ static const struct i2c_device_id wm8804_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, wm8804_i2c_id); +#if defined(CONFIG_OF) static const struct of_device_id wm8804_of_match[] = { { .compatible = "wlf,wm8804", }, { } }; MODULE_DEVICE_TABLE(of, wm8804_of_match); +#endif + +#ifdef CONFIG_ACPI +static const struct acpi_device_id wm8804_acpi_match[] = { + { "1AEC8804", 0 }, /* Wolfson PCI ID + part ID */ + { "10138804", 0 }, /* Cirrus Logic PCI ID + part ID */ + { }, +}; +MODULE_DEVICE_TABLE(acpi, wm8804_acpi_match); +#endif static struct i2c_driver wm8804_i2c_driver = { .driver = { .name = "wm8804", .pm = &wm8804_pm, - .of_match_table = wm8804_of_match, + .of_match_table = of_match_ptr(wm8804_of_match), + .acpi_match_table = ACPI_PTR(wm8804_acpi_match), }, .probe = wm8804_i2c_probe, .remove = wm8804_i2c_remove, -- 2.17.1

6 years, 11 months

1
10
0 0

[PATCH AUTOSEL 4.9 01/14] ASoC: wm8804: Add ACPI support

by Sasha Levin

From: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> [ Upstream commit 960cdd50ca9fdfeb82c2757107bcb7f93c8d7d41 ] HID made of either Wolfson/CirrusLogic PCI ID + 8804 identifier. This helps enumerate the HifiBerry Digi+ HAT boards on the Up2 platform. The scripts at https://github.com/thesofproject/acpi-scripts can be used to add the ACPI initrd overlays. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm8804-i2c.c b/sound/soc/codecs/wm8804-i2c.c index f27464c2c5ba..79541960f45d 100644 --- a/sound/soc/codecs/wm8804-i2c.c +++ b/sound/soc/codecs/wm8804-i2c.c @@ -13,6 +13,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/i2c.h> +#include <linux/acpi.h> #include "wm8804.h" @@ -40,17 +41,29 @@ static const struct i2c_device_id wm8804_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, wm8804_i2c_id); +#if defined(CONFIG_OF) static const struct of_device_id wm8804_of_match[] = { { .compatible = "wlf,wm8804", }, { } }; MODULE_DEVICE_TABLE(of, wm8804_of_match); +#endif + +#ifdef CONFIG_ACPI +static const struct acpi_device_id wm8804_acpi_match[] = { + { "1AEC8804", 0 }, /* Wolfson PCI ID + part ID */ + { "10138804", 0 }, /* Cirrus Logic PCI ID + part ID */ + { }, +}; +MODULE_DEVICE_TABLE(acpi, wm8804_acpi_match); +#endif static struct i2c_driver wm8804_i2c_driver = { .driver = { .name = "wm8804", .pm = &wm8804_pm, - .of_match_table = wm8804_of_match, + .of_match_table = of_match_ptr(wm8804_of_match), + .acpi_match_table = ACPI_PTR(wm8804_acpi_match), }, .probe = wm8804_i2c_probe, .remove = wm8804_i2c_remove, -- 2.17.1

6 years, 11 months

1
13
0 0

[PATCH AUTOSEL 4.14 01/23] ASoC: rt5514: Fix the issue of the delay volume applied again

by Sasha Levin

From: Oder Chiou <oder_chiou(a)realtek.com> [ Upstream commit 6f0a256253f48095ba2e5bcdfbed41f21643c105 ] After our evaluation, we need to modify the default values to make sure the volume applied immediately. Signed-off-by: Oder Chiou <oder_chiou(a)realtek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- sound/soc/codecs/rt5514.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/codecs/rt5514.c b/sound/soc/codecs/rt5514.c index 1bfc8db1826a..56ddab43da7e 100644 --- a/sound/soc/codecs/rt5514.c +++ b/sound/soc/codecs/rt5514.c @@ -64,8 +64,8 @@ static const struct reg_sequence rt5514_patch[] = { {RT5514_ANA_CTRL_LDO10, 0x00028604}, {RT5514_ANA_CTRL_ADCFED, 0x00000800}, {RT5514_ASRC_IN_CTRL1, 0x00000003}, - {RT5514_DOWNFILTER0_CTRL3, 0x10000352}, - {RT5514_DOWNFILTER1_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER0_CTRL3, 0x10000342}, + {RT5514_DOWNFILTER1_CTRL3, 0x10000342}, }; static const struct reg_default rt5514_reg[] = { @@ -92,10 +92,10 @@ static const struct reg_default rt5514_reg[] = { {RT5514_ASRC_IN_CTRL1, 0x00000003}, {RT5514_DOWNFILTER0_CTRL1, 0x00020c2f}, {RT5514_DOWNFILTER0_CTRL2, 0x00020c2f}, - {RT5514_DOWNFILTER0_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER0_CTRL3, 0x10000342}, {RT5514_DOWNFILTER1_CTRL1, 0x00020c2f}, {RT5514_DOWNFILTER1_CTRL2, 0x00020c2f}, - {RT5514_DOWNFILTER1_CTRL3, 0x10000352}, + {RT5514_DOWNFILTER1_CTRL3, 0x10000342}, {RT5514_ANA_CTRL_LDO10, 0x00028604}, {RT5514_ANA_CTRL_LDO18_16, 0x02000345}, {RT5514_ANA_CTRL_ADC12, 0x0000a2a8}, -- 2.17.1

6 years, 11 months

1
22
0 0

[GIT PULL 0/5] perf/urgent fixes

by Arnaldo Carvalho de Melo

Hi Ingo, Please consider pulling, - Arnaldo Test results at the end of this message, as usual. The following changes since commit 5d05dfd13f20b01a3cd5d293058baa7d5c1583b6: Merge tag 'perf-urgent-for-mingo-4.19-20180918' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent (2018-09-19 13:25:35 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux.git tags/perf-urgent-for-mingo-4.19-20181005 for you to fetch changes up to 7a8a8fcf7b860e4b2d4edc787c844d41cad9dfcf: perf record: Use unmapped IP for inline callchain cursors (2018-10-05 11:18:09 -0300) ---------------------------------------------------------------- perf/urgent fixes: - Fix the build on Clear Linux, coping with redundant declarations of function prototypes in python3 header files by adding -Wno-redundant-decls to build with PYTHON=python3 (Arnaldo Carvalho de Melo) - Fixes for processing inline frames in backtraces using DWARF based unwinding (Milian Wolff) - Cope with bad DWARF info for function names for inline frames,not trying to demangle this symbol. Problem reported with rust but reproduced as well with C++. Problem reported to the libbpf maintainers (Milian Wolff) - Fix python export to postgresql and sqlite code (Adrian Hunter) Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> ---------------------------------------------------------------- Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Arnaldo Carvalho de Melo (1): perf python: Use -Wno-redundant-decls to build with PYTHON=python3 Milian Wolff (2): perf report: Don't try to map ip to invalid map perf record: Use unmapped IP for inline callchain cursors tools/perf/scripts/python/export-to-postgresql.py | 9 +++++++++ tools/perf/scripts/python/export-to-sqlite.py | 6 +++++- tools/perf/util/machine.c | 8 +++++--- tools/perf/util/setup.py | 2 +- 4 files changed, 20 insertions(+), 5 deletions(-) Test results: The first ones are container (docker) based builds of tools/perf with and without libelf support. Where clang is available, it is also used to build perf with/without libelf, and building with LIBCLANGLLVM=1 (built-in clang) with gcc and clang when clang and its devel libraries are installed. The objtool and samples/bpf/ builds are disabled now that I'm switching from using the sources in a local volume to fetching them from a http server to build it inside the container, to make it easier to build in a container cluster. Those will come back later. Several are cross builds, the ones with -x-ARCH and the android one, and those may not have all the features built, due to lack of multi-arch devel packages, available and being used so far on just a few, like debian:experimental-x-{arm64,mipsel}. The 'perf test' one will perform a variety of tests exercising tools/perf/util/, tools/lib/{bpf,traceevent,etc}, as well as run perf commands with a variety of command line event specifications to then intercept the sys_perf_event syscall to check that the perf_event_attr fields are set up as expected, among a variety of other unit tests. Then there is the 'make -C tools/perf build-test' ones, that build tools/perf/ with a variety of feature sets, exercising the build with an incomplete set of features as well as with a complete one. It is planned to have it run on each of the containers mentioned above, using some container orchestration infrastructure. Get in contact if interested in helping having this in place. The Clear Linux container is building with NO_CLANG=1, the problem preventing its use when building for python3 has been identified and the next builds will build in ClearLinux with both gcc and clang. This time around only gcc was used. # dm 1 alpine:3.4 : Ok gcc (Alpine 5.3.0) 5.3.0 2 alpine:3.5 : Ok gcc (Alpine 6.2.1) 6.2.1 20160822 3 alpine:3.6 : Ok gcc (Alpine 6.3.0) 6.3.0 4 alpine:3.7 : Ok gcc (Alpine 6.4.0) 6.4.0 5 alpine:3.8 : Ok gcc (Alpine 6.4.0) 6.4.0 6 alpine:edge : Ok gcc (Alpine 6.4.0) 6.4.0 7 amazonlinux:1 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) 8 amazonlinux:2 : Ok gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5) 9 android-ndk:r12b-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease) 10 android-ndk:r15c-arm : Ok arm-linux-androideabi-gcc (GCC) 4.9.x 20150123 (prerelease) 11 centos:5 : Ok gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55) 12 centos:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23) 13 centos:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28) 14 clearlinux:latest : Ok gcc (Clear Linux OS for Intel Architecture) 8.2.1 20180502 15 debian:7 : Ok gcc (Debian 4.7.2-5) 4.7.2 16 debian:8 : Ok gcc (Debian 4.9.2-10+deb8u1) 4.9.2 17 debian:9 : Ok gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516 18 debian:experimental : Ok gcc (Debian 8.2.0-7) 8.2.0 19 debian:experimental-x-arm64 : Ok aarch64-linux-gnu-gcc (Debian 8.2.0-4) 8.2.0 20 debian:experimental-x-mips : Ok mips-linux-gnu-gcc (Debian 8.1.0-12) 8.1.0 21 debian:experimental-x-mips64 : Ok mips64-linux-gnuabi64-gcc (Debian 8.1.0-12) 8.1.0 22 debian:experimental-x-mipsel : Ok mipsel-linux-gnu-gcc (Debian 8.1.0-12) 8.1.0 23 fedora:20 : Ok gcc (GCC) 4.8.3 20140911 (Red Hat 4.8.3-7) 24 fedora:21 : Ok gcc (GCC) 4.9.2 20150212 (Red Hat 4.9.2-6) 25 fedora:22 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) 26 fedora:23 : Ok gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6) 27 fedora:24 : Ok gcc (GCC) 6.3.1 20161221 (Red Hat 6.3.1-1) 28 fedora:24-x-ARC-uClibc : Ok arc-linux-gcc (ARCompact ISA Linux uClibc toolchain 2017.09-rc2) 7.1.1 20170710 29 fedora:25 : Ok gcc (GCC) 6.4.1 20170727 (Red Hat 6.4.1-1) 30 fedora:26 : Ok gcc (GCC) 7.3.1 20180130 (Red Hat 7.3.1-2) 31 fedora:27 : Ok gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-6) 32 fedora:28 : Ok gcc (GCC) 8.1.1 20180712 (Red Hat 8.1.1-5) 33 fedora:rawhide : Ok gcc (GCC) 8.2.1 20180905 (Red Hat 8.2.1-3) 34 gentoo-stage3-amd64:latest : Ok gcc (Gentoo 7.3.0-r3 p1.4) 7.3.0 35 mageia:5 : Ok gcc (GCC) 4.9.2 36 mageia:6 : Ok gcc (Mageia 5.5.0-1.mga6) 5.5.0 37 opensuse:13.2 : Ok gcc (SUSE Linux) 4.8.3 20140627 [gcc-4_8-branch revision 212064] 38 opensuse:42.1 : Ok gcc (SUSE Linux) 4.8.5 39 opensuse:42.2 : Ok gcc (SUSE Linux) 4.8.5 40 opensuse:42.3 : Ok gcc (SUSE Linux) 4.8.5 41 opensuse:tumbleweed : Ok gcc (SUSE Linux) 7.3.1 20180323 [gcc-7-branch revision 258812] 42 oraclelinux:6 : Ok gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-23.0.1) 43 oraclelinux:7 : Ok gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-28.0.1) 44 ubuntu:12.04.5 : Ok gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3 45 ubuntu:14.04.4 : Ok gcc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4 46 ubuntu:14.04.4-x-linaro-arm64 : Ok aarch64-linux-gnu-gcc (Linaro GCC 5.5-2017.10) 5.5.0 47 ubuntu:16.04 : Ok gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609 48 ubuntu:16.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 49 ubuntu:16.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 50 ubuntu:16.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 51 ubuntu:16.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 52 ubuntu:16.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 53 ubuntu:16.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 54 ubuntu:16.10 : Ok gcc (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005 55 ubuntu:17.10 : Ok gcc (Ubuntu 7.2.0-8ubuntu3.2) 7.2.0 56 ubuntu:18.04 : Ok gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 57 ubuntu:18.04-x-arm : Ok arm-linux-gnueabihf-gcc (Ubuntu/Linaro 7.3.0-16ubuntu3) 7.3.0 58 ubuntu:18.04-x-arm64 : Ok aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.3.0-16ubuntu3) 7.3.0 59 ubuntu:18.04-x-m68k : Ok m68k-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 60 ubuntu:18.04-x-powerpc : Ok powerpc-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 61 ubuntu:18.04-x-powerpc64 : Ok powerpc64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 62 ubuntu:18.04-x-powerpc64el : Ok powerpc64le-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 63 ubuntu:18.04-x-riscv64 : Ok riscv64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 64 ubuntu:18.04-x-s390 : Ok s390x-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 65 ubuntu:18.04-x-sh4 : Ok sh4-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 66 ubuntu:18.04-x-sparc64 : Ok sparc64-linux-gnu-gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 67 ubuntu:18.10 : Ok gcc (Ubuntu 8.2.0-4ubuntu1) 8.2.0 # uname -a Linux jouet 4.19.0-rc4-00022-gad3273d5f1b9 #1 SMP Mon Sep 17 17:18:22 -03 2018 x86_64 x86_64 x86_64 GNU/Linux # git log --oneline -1 7a8a8fcf7b86 perf record: Use unmapped IP for inline callchain cursors # perf version --build-options perf version 4.19.rc4.g7a8a8f dwarf: [ on ] # HAVE_DWARF_SUPPORT dwarf_getlocations: [ on ] # HAVE_DWARF_GETLOCATIONS_SUPPORT glibc: [ on ] # HAVE_GLIBC_SUPPORT gtk2: [ on ] # HAVE_GTK2_SUPPORT syscall_table: [ on ] # HAVE_SYSCALL_TABLE_SUPPORT libbfd: [ on ] # HAVE_LIBBFD_SUPPORT libelf: [ on ] # HAVE_LIBELF_SUPPORT libnuma: [ on ] # HAVE_LIBNUMA_SUPPORT numa_num_possible_cpus: [ on ] # HAVE_LIBNUMA_SUPPORT libperl: [ on ] # HAVE_LIBPERL_SUPPORT libpython: [ on ] # HAVE_LIBPYTHON_SUPPORT libslang: [ on ] # HAVE_SLANG_SUPPORT libcrypto: [ on ] # HAVE_LIBCRYPTO_SUPPORT libunwind: [ on ] # HAVE_LIBUNWIND_SUPPORT libdw-dwarf-unwind: [ on ] # HAVE_DWARF_SUPPORT zlib: [ on ] # HAVE_ZLIB_SUPPORT lzma: [ on ] # HAVE_LZMA_SUPPORT get_cpuid: [ on ] # HAVE_AUXTRACE_SUPPORT bpf: [ on ] # HAVE_LIBBPF_SUPPORT # perf test 1: vmlinux symtab matches kallsyms : Ok 2: Detect openat syscall event : Ok 3: Detect openat syscall event on all cpus : Ok 4: Read samples using the mmap interface : Ok 5: Test data source output : Ok 6: Parse event definition strings : Ok 7: Simple expression parser : Ok 8: PERF_RECORD_* events & perf_sample fields : Ok 9: Parse perf pmu format : Ok 10: DSO data read : Ok 11: DSO data cache : Ok 12: DSO data reopen : Ok 13: Roundtrip evsel->name : Ok 14: Parse sched tracepoints fields : Ok 15: syscalls:sys_enter_openat event fields : Ok 16: Setup struct perf_event_attr : Ok 17: Match and link multiple hists : Ok 18: 'import perf' in python : Ok 19: Breakpoint overflow signal handler : Ok 20: Breakpoint overflow sampling : Ok 21: Breakpoint accounting : Ok 22: Number of exit events of a simple workload : Ok 23: Software clock events period values : Ok 24: Object code reading : Ok 25: Sample parsing : Ok 26: Use a dummy software event to keep tracking : Ok 27: Parse with no sample_id_all bit set : Ok 28: Filter hist entries : Ok 29: Lookup mmap thread : Ok 30: Share thread mg : Ok 31: Sort output of hist entries : Ok 32: Cumulate child hist entries : Ok 33: Track with sched_switch : Ok 34: Filter fds with revents mask in a fdarray : Ok 35: Add fd to a fdarray, making it autogrow : Ok 36: kmod_path__parse : Ok 37: Thread map : Ok 38: LLVM search and compile : 38.1: Basic BPF llvm compile : Ok 38.2: kbuild searching : Ok 38.3: Compile source for BPF prologue generation : Ok 38.4: Compile source for BPF relocation : Ok 39: Session topology : Ok 40: BPF filter : 40.1: Basic BPF filtering : Ok 40.2: BPF pinning : Ok 40.3: BPF prologue generation : Ok 40.4: BPF relocation checker : Ok 41: Synthesize thread map : Ok 42: Remove thread map : Ok 43: Synthesize cpu map : Ok 44: Synthesize stat config : Ok 45: Synthesize stat : Ok 46: Synthesize stat round : Ok 47: Synthesize attr update : Ok 48: Event times : Ok 49: Read backward ring buffer : Ok 50: Print cpu map : Ok 51: Probe SDT events : Ok 52: is_printable_array : Ok 53: Print bitmap : Ok 54: perf hooks : Ok 55: builtin clang support : Skip (not compiled in) 56: unit_number__scnprintf : Ok 57: mem2node : Ok 58: x86 rdpmc : Ok 59: Convert perf time to TSC : Ok 60: DWARF unwind : Ok 61: x86 instruction decoder - new instructions : Ok 62: x86 bp modify : Ok 63: Use vfs_getname probe to get syscall args filenames : Ok 64: Check open filename arg using perf trace + vfs_getname: Ok 65: probe libc's inet_pton & backtrace it with ping : Ok 66: Add vfs_getname probe to get syscall args filenames : Ok $ make -C tools/perf build-test make: Entering directory '/home/acme/git/perf/tools/perf' - tarpkg: ./tests/perf-targz-src-pkg . make_with_clangllvm_O: make LIBCLANGLLVM=1 make_install_prefix_slash_O: make install prefix=/tmp/krava/ make_minimal_O: make NO_LIBPERL=1 NO_LIBPYTHON=1 NO_NEWT=1 NO_GTK2=1 NO_DEMANGLE=1 NO_LIBELF=1 NO_LIBUNWIND=1 NO_BACKTRACE=1 NO_LIBNUMA=1 NO_LIBAUDIT=1 NO_LIBBIONIC=1 NO_LIBDW_DWARF_UNWIND=1 NO_AUXTRACE=1 NO_LIBBPF=1 NO_LIBCRYPTO=1 NO_SDT=1 NO_JVMTI=1 make_no_ui_O: make NO_NEWT=1 NO_SLANG=1 NO_GTK2=1 make_pure_O: make - /home/acme/git/perf/tools/perf/BUILD_TEST_FEATURE_DUMP_STATIC: make FEATURE_DUMP_COPY=/home/acme/git/perf/tools/perf/BUILD_TEST_FEATURE_DUMP_STATIC LDFLAGS='-static' feature-dump make_static_O: make LDFLAGS=-static make_perf_o_O: make perf.o make_no_scripts_O: make NO_LIBPYTHON=1 NO_LIBPERL=1 make_clean_all_O: make clean all make_no_libbpf_O: make NO_LIBBPF=1 make_install_prefix_O: make install prefix=/tmp/krava make_no_newt_O: make NO_NEWT=1 make_no_backtrace_O: make NO_BACKTRACE=1 make_no_auxtrace_O: make NO_AUXTRACE=1 make_with_babeltrace_O: make LIBBABELTRACE=1 make_no_libnuma_O: make NO_LIBNUMA=1 make_debug_O: make DEBUG=1 make_no_libaudit_O: make NO_LIBAUDIT=1 make_util_map_o_O: make util/map.o make_tags_O: make tags make_no_libbionic_O: make NO_LIBBIONIC=1 make_no_libelf_O: make NO_LIBELF=1 make_no_libpython_O: make NO_LIBPYTHON=1 make_no_libperl_O: make NO_LIBPERL=1 make_no_demangle_O: make NO_DEMANGLE=1 make_no_slang_O: make NO_SLANG=1 make_no_libunwind_O: make NO_LIBUNWIND=1 make_install_O: make install make_util_pmu_bison_o_O: make util/pmu-bison.o make_install_bin_O: make install-bin make_no_gtk2_O: make NO_GTK2=1 make_doc_O: make doc make_help_O: make help make_no_libdw_dwarf_unwind_O: make NO_LIBDW_DWARF_UNWIND=1 OK make: Leaving directory '/home/acme/git/perf/tools/perf' $

6 years, 11 months

2
3
0 0

[git:media_tree/master] media: cec: fix the Signal Free Time calculation

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: fix the Signal Free Time calculation Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Fri Oct 5 08:00:21 2018 -0400 The calculation of the Signal Free Time in the framework was not correct. If a message was received, then the next transmit should be considered a New Initiator and use a shorter SFT value. This was not done with the result that if both sides where continually sending messages, they both could use the same SFT value and one side could deny the other side access to the bus. Note that this fix does not take the corner case into account where a receive is in progress when you call adap_transmit. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/cec/cec-adap.c | 26 +++++++------------------- include/media/cec.h | 2 +- 2 files changed, 8 insertions(+), 20 deletions(-) --- diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index e6e82b504e56..0c0d9107383e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -526,9 +526,11 @@ int cec_thread_func(void *_adap) if (data->attempts) { /* should be >= 3 data bit periods for a retry */ signal_free_time = CEC_SIGNAL_FREE_TIME_RETRY; - } else if (data->new_initiator) { + } else if (adap->last_initiator != + cec_msg_initiator(&data->msg)) { /* should be >= 5 data bit periods for new initiator */ signal_free_time = CEC_SIGNAL_FREE_TIME_NEW_INITIATOR; + adap->last_initiator = cec_msg_initiator(&data->msg); } else { /* * should be >= 7 data bit periods for sending another @@ -713,7 +715,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, struct cec_fh *fh, bool block) { struct cec_data *data; - u8 last_initiator = 0xff; msg->rx_ts = 0; msg->tx_ts = 0; @@ -823,23 +824,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, data->adap = adap; data->blocking = block; - /* - * Determine if this message follows a message from the same - * initiator. Needed to determine the free signal time later on. - */ - if (msg->len > 1) { - if (!(list_empty(&adap->transmit_queue))) { - const struct cec_data *last; - - last = list_last_entry(&adap->transmit_queue, - const struct cec_data, list); - last_initiator = cec_msg_initiator(&last->msg); - } else if (adap->transmitting) { - last_initiator = - cec_msg_initiator(&adap->transmitting->msg); - } - } - data->new_initiator = last_initiator != cec_msg_initiator(msg); init_completion(&data->c); INIT_DELAYED_WORK(&data->work, cec_wait_timeout); @@ -1027,6 +1011,8 @@ void cec_received_msg_ts(struct cec_adapter *adap, mutex_lock(&adap->lock); dprintk(2, "%s: %*ph\n", __func__, msg->len, msg->msg); + adap->last_initiator = 0xff; + /* Check if this message was for us (directed or broadcast). */ if (!cec_msg_is_broadcast(msg)) valid_la = cec_has_log_addr(adap, msg_dest); @@ -1489,6 +1475,8 @@ void __cec_s_phys_addr(struct cec_adapter *adap, u16 phys_addr, bool block) } mutex_lock(&adap->devnode.lock); + adap->last_initiator = 0xff; + if ((adap->needs_hpd || list_empty(&adap->devnode.fhs)) && adap->ops->adap_enable(adap, true)) { mutex_unlock(&adap->devnode.lock); diff --git a/include/media/cec.h b/include/media/cec.h index 9f382f0c2970..254a610b9aa5 100644 --- a/include/media/cec.h +++ b/include/media/cec.h @@ -63,7 +63,6 @@ struct cec_data { struct delayed_work work; struct completion c; u8 attempts; - bool new_initiator; bool blocking; bool completed; }; @@ -174,6 +173,7 @@ struct cec_adapter { bool is_configuring; bool is_configured; bool cec_pin_is_high; + u8 last_initiator; u32 monitor_all_cnt; u32 monitor_pin_cnt; u32 follower_cnt;

6 years, 11 months

1
0
0 0

[git:media_tree/master] media: adv7842: when the EDID is cleared, unconfigure CEC as well

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: adv7842: when the EDID is cleared, unconfigure CEC as well Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:58:34 2018 -0400 When there is no EDID the CEC adapter should be unconfigured as well. So call cec_phys_addr_invalidate() when this happens. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/adv7842.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c index cd63cc6564e9..4721d49dcf0f 100644 --- a/drivers/media/i2c/adv7842.c +++ b/drivers/media/i2c/adv7842.c @@ -786,8 +786,10 @@ static int edid_write_hdmi_segment(struct v4l2_subdev *sd, u8 port) /* Disable I2C access to internal EDID ram from HDMI DDC ports */ rep_write_and_or(sd, 0x77, 0xf3, 0x00); - if (!state->hdmi_edid.present) + if (!state->hdmi_edid.present) { + cec_phys_addr_invalidate(state->cec_adap); return 0; + } pa = v4l2_get_edid_phys_addr(edid, 256, &spa_loc); err = v4l2_phys_addr_validate(pa, &pa, NULL);

6 years, 11 months

1
0
0 0

[git:media_tree/master] media: adv7604: when the EDID is cleared, unconfigure CEC as well

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: adv7604: when the EDID is cleared, unconfigure CEC as well Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:57:06 2018 -0400 When there is no EDID the CEC adapter should be unconfigured as well. So call cec_phys_addr_invalidate() when this happens. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/adv7604.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c index 1c89959b1509..9eb7c70a7712 100644 --- a/drivers/media/i2c/adv7604.c +++ b/drivers/media/i2c/adv7604.c @@ -2284,8 +2284,10 @@ static int adv76xx_set_edid(struct v4l2_subdev *sd, struct v4l2_edid *edid) state->aspect_ratio.numerator = 16; state->aspect_ratio.denominator = 9; - if (!state->edid.present) + if (!state->edid.present) { state->edid.blocks = 0; + cec_phys_addr_invalidate(state->cec_adap); + } v4l2_dbg(2, debug, sd, "%s: clear EDID pad %d, edid.present = 0x%x\n", __func__, edid->pad, state->edid.present);

6 years, 11 months

1
0
0 0

[git:media_tree/master] media: cec: add new tx/rx status bits to detect aborts/timeouts

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: add new tx/rx status bits to detect aborts/timeouts Author: Hans Verkuil <hans.verkuil(a)cisco.com> Date: Thu Oct 4 03:28:21 2018 -0400 If the HDMI cable is disconnected or the CEC adapter is manually unconfigured, then all pending transmits and wait-for-replies are aborted. Signal this with new status bits (CEC_RX/TX_STATUS_ABORTED). If due to (usually) a driver bug a transmit never ends (i.e. the transmit_done was never called by the driver), then when this times out the message is marked with CEC_TX_STATUS_TIMEOUT. This should not happen and is an indication of a driver bug. Without a separate status bit for this it was impossible to detect this from userspace. The 'transmit timed out' kernel message is now a warning, so this should be more prominent in the kernel log as well. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Documentation/media/uapi/cec/cec-ioc-receive.rst | 25 ++++++++- drivers/media/cec/cec-adap.c | 66 +++++++----------------- include/uapi/linux/cec.h | 3 ++ 3 files changed, 44 insertions(+), 50 deletions(-) --- diff --git a/Documentation/media/uapi/cec/cec-ioc-receive.rst b/Documentation/media/uapi/cec/cec-ioc-receive.rst index e964074cd15b..b25e48afaa08 100644 --- a/Documentation/media/uapi/cec/cec-ioc-receive.rst +++ b/Documentation/media/uapi/cec/cec-ioc-receive.rst @@ -16,10 +16,10 @@ CEC_RECEIVE, CEC_TRANSMIT - Receive or transmit a CEC message Synopsis ======== -.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg *argp ) +.. c:function:: int ioctl( int fd, CEC_RECEIVE, struct cec_msg \*argp ) :name: CEC_RECEIVE -.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg *argp ) +.. c:function:: int ioctl( int fd, CEC_TRANSMIT, struct cec_msg \*argp ) :name: CEC_TRANSMIT Arguments @@ -272,6 +272,19 @@ View On' messages from initiator 0xf ('Unregistered') to destination 0 ('TV'). - The transmit failed after one or more retries. This status bit is mutually exclusive with :ref:`CEC_TX_STATUS_OK <CEC-TX-STATUS-OK>`. Other bits can still be set to explain which failures were seen. + * .. _`CEC-TX-STATUS-ABORTED`: + + - ``CEC_TX_STATUS_ABORTED`` + - 0x40 + - The transmit was aborted due to an HDMI disconnect, or the adapter + was unconfigured, or a transmit was interrupted, or the driver + returned an error when attempting to start a transmit. + * .. _`CEC-TX-STATUS-TIMEOUT`: + + - ``CEC_TX_STATUS_TIMEOUT`` + - 0x80 + - The transmit timed out. This should not normally happen and this + indicates a driver problem. .. tabularcolumns:: |p{5.6cm}|p{0.9cm}|p{11.0cm}| @@ -300,6 +313,14 @@ View On' messages from initiator 0xf ('Unregistered') to destination 0 ('TV'). - The message was received successfully but the reply was ``CEC_MSG_FEATURE_ABORT``. This status is only set if this message was the reply to an earlier transmitted message. + * .. _`CEC-RX-STATUS-ABORTED`: + + - ``CEC_RX_STATUS_ABORTED`` + - 0x08 + - The wait for a reply to an earlier transmitted message was aborted + because the HDMI cable was disconnected, the adapter was unconfigured + or the :ref:`CEC_TRANSMIT <CEC_RECEIVE>` that waited for a + reply was interrupted. diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 829878356e1e..e6e82b504e56 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -354,7 +354,7 @@ static void cec_data_completed(struct cec_data *data) * * This function is called with adap->lock held. */ -static void cec_data_cancel(struct cec_data *data) +static void cec_data_cancel(struct cec_data *data, u8 tx_status) { /* * It's either the current transmit, or it is a pending @@ -369,13 +369,11 @@ static void cec_data_cancel(struct cec_data *data) } if (data->msg.tx_status & CEC_TX_STATUS_OK) { - /* Mark the canceled RX as a timeout */ data->msg.rx_ts = ktime_get_ns(); - data->msg.rx_status = CEC_RX_STATUS_TIMEOUT; + data->msg.rx_status = CEC_RX_STATUS_ABORTED; } else { - /* Mark the canceled TX as an error */ data->msg.tx_ts = ktime_get_ns(); - data->msg.tx_status |= CEC_TX_STATUS_ERROR | + data->msg.tx_status |= tx_status | CEC_TX_STATUS_MAX_RETRIES; data->msg.tx_error_cnt++; data->attempts = 0; @@ -403,15 +401,15 @@ static void cec_flush(struct cec_adapter *adap) while (!list_empty(&adap->transmit_queue)) { data = list_first_entry(&adap->transmit_queue, struct cec_data, list); - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); } if (adap->transmitting) - cec_data_cancel(adap->transmitting); + cec_data_cancel(adap->transmitting, CEC_TX_STATUS_ABORTED); /* Cancel the pending timeout work. */ list_for_each_entry_safe(data, n, &adap->wait_queue, list) { if (cancel_delayed_work(&data->work)) - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_OK); /* * If cancel_delayed_work returned false, then * the cec_wait_timeout function is running, @@ -487,12 +485,13 @@ int cec_thread_func(void *_adap) * so much traffic on the bus that the adapter was * unable to transmit for CEC_XFER_TIMEOUT_MS (2.1s). */ - dprintk(1, "%s: message %*ph timed out\n", __func__, + pr_warn("cec-%s: message %*ph timed out\n", adap->name, adap->transmitting->msg.len, adap->transmitting->msg.msg); adap->tx_timeouts++; /* Just give up on this. */ - cec_data_cancel(adap->transmitting); + cec_data_cancel(adap->transmitting, + CEC_TX_STATUS_TIMEOUT); goto unlock; } @@ -543,7 +542,7 @@ int cec_thread_func(void *_adap) /* Tell the adapter to transmit, cancel on error */ if (adap->ops->adap_transmit(adap, data->attempts, signal_free_time, &data->msg)) - cec_data_cancel(data); + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); unlock: mutex_unlock(&adap->lock); @@ -715,8 +714,6 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, { struct cec_data *data; u8 last_initiator = 0xff; - unsigned int timeout; - int res = 0; msg->rx_ts = 0; msg->tx_ts = 0; @@ -859,47 +856,20 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, return 0; /* - * If we don't get a completion before this time something is really - * wrong and we time out. - */ - timeout = CEC_XFER_TIMEOUT_MS; - /* Add the requested timeout if we have to wait for a reply as well */ - if (msg->timeout) - timeout += msg->timeout; - - /* * Release the lock and wait, retake the lock afterwards. */ mutex_unlock(&adap->lock); - res = wait_for_completion_killable_timeout(&data->c, - msecs_to_jiffies(timeout)); + wait_for_completion_killable(&data->c); mutex_lock(&adap->lock); - if (data->completed) { - /* The transmit completed (possibly with an error) */ - *msg = data->msg; - kfree(data); - return 0; - } - /* - * The wait for completion timed out or was interrupted, so mark this - * as non-blocking and disconnect from the filehandle since it is - * still 'in flight'. When it finally completes it will just drop the - * result silently. - */ - data->blocking = false; - if (data->fh) - list_del(&data->xfer_list); - data->fh = NULL; + /* Cancel the transmit if it was interrupted */ + if (!data->completed) + cec_data_cancel(data, CEC_TX_STATUS_ABORTED); - if (res == 0) { /* timed out */ - /* Check if the reply or the transmit failed */ - if (msg->timeout && (msg->tx_status & CEC_TX_STATUS_OK)) - msg->rx_status = CEC_RX_STATUS_TIMEOUT; - else - msg->tx_status = CEC_TX_STATUS_MAX_RETRIES; - } - return res > 0 ? 0 : res; + /* The transmit completed (possibly with an error) */ + *msg = data->msg; + kfree(data); + return 0; } /* Helper function to be used by drivers and this framework. */ diff --git a/include/uapi/linux/cec.h b/include/uapi/linux/cec.h index 097fcd812471..3094af68b6e7 100644 --- a/include/uapi/linux/cec.h +++ b/include/uapi/linux/cec.h @@ -152,10 +152,13 @@ static inline void cec_msg_set_reply_to(struct cec_msg *msg, #define CEC_TX_STATUS_LOW_DRIVE (1 << 3) #define CEC_TX_STATUS_ERROR (1 << 4) #define CEC_TX_STATUS_MAX_RETRIES (1 << 5) +#define CEC_TX_STATUS_ABORTED (1 << 6) +#define CEC_TX_STATUS_TIMEOUT (1 << 7) #define CEC_RX_STATUS_OK (1 << 0) #define CEC_RX_STATUS_TIMEOUT (1 << 1) #define CEC_RX_STATUS_FEATURE_ABORT (1 << 2) +#define CEC_RX_STATUS_ABORTED (1 << 3) static inline int cec_msg_status_is_ok(const struct cec_msg *msg) {

6 years, 11 months

1
0
0 0

[git:media_tree/master] media: ov7670: make "xclk" clock optional

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov7670: make "xclk" clock optional Author: Lubomir Rintel <lkundrak(a)v3.sk> Date: Thu Oct 4 17:29:03 2018 -0400 When the "xclk" clock was added, it was made mandatory. This broke the driver on an OLPC plaform which doesn't know such clock. Make it optional. Tested on a OLPC XO-1 laptop. Fixes: 0a024d634cee ("[media] ov7670: get xclk") Cc: stable(a)vger.kernel.org # 4.11+ Signed-off-by: Lubomir Rintel <lkundrak(a)v3.sk> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/ov7670.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) --- diff --git a/drivers/media/i2c/ov7670.c b/drivers/media/i2c/ov7670.c index 92f59ae1b624..bc68a3a5b4ec 100644 --- a/drivers/media/i2c/ov7670.c +++ b/drivers/media/i2c/ov7670.c @@ -1808,17 +1808,24 @@ static int ov7670_probe(struct i2c_client *client, info->pclk_hb_disable = true; } - info->clk = devm_clk_get(&client->dev, "xclk"); - if (IS_ERR(info->clk)) - return PTR_ERR(info->clk); - ret = clk_prepare_enable(info->clk); - if (ret) - return ret; + info->clk = devm_clk_get(&client->dev, "xclk"); /* optional */ + if (IS_ERR(info->clk)) { + ret = PTR_ERR(info->clk); + if (ret == -ENOENT) + info->clk = NULL; + else + return ret; + } + if (info->clk) { + ret = clk_prepare_enable(info->clk); + if (ret) + return ret; - info->clock_speed = clk_get_rate(info->clk) / 1000000; - if (info->clock_speed < 10 || info->clock_speed > 48) { - ret = -EINVAL; - goto clk_disable; + info->clock_speed = clk_get_rate(info->clk) / 1000000; + if (info->clock_speed < 10 || info->clock_speed > 48) { + ret = -EINVAL; + goto clk_disable; + } } ret = ov7670_init_gpio(client, info);

6 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror