- Linux-stable-mirror - lists.linaro.org

[merged] mm-shmem-correctly-annotate-new-inodes-for-lockdep.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: shmem.c: Correctly annotate new inodes for lockdep has been removed from the -mm tree. Its filename was mm-shmem-correctly-annotate-new-inodes-for-lockdep.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Subject: mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep mm/shmem.c --- a/mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep +++ a/mm/shmem.c @@ -2227,6 +2227,8 @@ static struct inode *shmem_get_inode(str mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; _ Patches currently in -mm which might be from joel(a)joelfernandes.org are

7 years

1
0
0 0

[merged] mm-disable-deferred-struct-page-for-32-bit-arches.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: disable deferred struct page for 32-bit arches has been removed from the -mm tree. Its filename was mm-disable-deferred-struct-page-for-32-bit-arches.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Pasha Tatashin <Pavel.Tatashin(a)microsoft.com> Subject: mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches mm/Kconfig --- a/mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches +++ a/mm/Kconfig @@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT depends on NO_BOOTMEM depends on SPARSEMEM depends on !NEED_PER_CPU_KM + depends on 64BIT help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _ Patches currently in -mm which might be from Pavel.Tatashin(a)microsoft.com are

7 years

1
0
0 0

[merged] fork-report-pid-exhaustion-correctly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fork: report pid exhaustion correctly has been removed from the -mm tree. Its filename was fork-report-pid-exhaustion-correctly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _ Patches currently in -mm which might be from ktsanaktsidis(a)zendesk.com are

7 years

1
0
0 0

[PATCH] drm/nouveau: Grab runtime PM ref in nv50_mstc_detect()

by Lyude Paul

While we currently grab a runtime PM ref in nouveau's normal connector detection code, we apparently don't do this for MST. This means if we're in a scenario where the GPU is suspended and userspace attempts to do a connector probe on an MSTC connector, the probe will fail entirely due to the DP aux channel and GPU not being woken up: [ 316.633489] nouveau 0000:01:00.0: i2c: aux 000a: begin idle timeout ffffffff [ 316.635713] nouveau 0000:01:00.0: i2c: aux 000a: begin idle timeout ffffffff [ 316.637785] nouveau 0000:01:00.0: i2c: aux 000a: begin idle timeout ffffffff ... So, grab a runtime PM ref here. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index c94b7f42d62d..9da0bdfe1e1c 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -938,9 +938,22 @@ static enum drm_connector_status nv50_mstc_detect(struct drm_connector *connector, bool force) { struct nv50_mstc *mstc = nv50_mstc(connector); + enum drm_connector_status conn_status; + int ret; + if (!mstc->port) return connector_status_disconnected; - return drm_dp_mst_detect_port(connector, mstc->port->mgr, mstc->port); + + ret = pm_runtime_get_sync(connector->dev->dev); + if (ret < 0 && ret != -EACCES) + return connector_status_disconnected; + + conn_status = drm_dp_mst_detect_port(connector, mstc->port->mgr, + mstc->port); + + pm_runtime_mark_last_busy(connector->dev->dev); + pm_runtime_put_autosuspend(connector->dev->dev); + return conn_status; } static void -- 2.17.1

7 years

2
1
0 0

[PATCH net] ixgbe: check return value of napi_complete_done()

by Song Liu

The NIC driver should only enable interrupts when napi_complete_done() returns true. This patch adds the check for ixgbe. Cc: stable(a)vger.kernel.org # 4.10+ Cc: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> Suggested-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Song Liu <songliubraving(a)fb.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c index 9a23d33a47ed..1497df6a8dff 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c @@ -3196,11 +3196,13 @@ int ixgbe_poll(struct napi_struct *napi, int budget) return budget; /* all work done, exit the polling mode */ - napi_complete_done(napi, work_done); - if (adapter->rx_itr_setting & 1) - ixgbe_set_itr(q_vector); - if (!test_bit(__IXGBE_DOWN, &adapter->state)) - ixgbe_irq_enable_queues(adapter, BIT_ULL(q_vector->v_idx)); + if (likely(napi_complete_done(napi, work_done))) { + if (adapter->rx_itr_setting & 1) + ixgbe_set_itr(q_vector); + if (!test_bit(__IXGBE_DOWN, &adapter->state)) + ixgbe_irq_enable_queues(adapter, + BIT_ULL(q_vector->v_idx)); + } return min(work_done, budget - 1); } -- 2.17.1

7 years

4
12
0 0

[PATCH AUTOSEL 4.18 001/136] crypto: skcipher - Fix -Wstringop-truncation warnings

by Sasha Levin

From: Stafford Horne <shorne(a)gmail.com> [ Upstream commit cefd769fd0192c84d638f66da202459ed8ad63ba ] As of GCC 9.0.0 the build is reporting warnings like: crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(rblkcipher.geniv)); ~~~~~~~~~~~~~~~~~~~~~~~~~ This means the strnycpy might create a non null terminated string. Fix this by explicitly performing '\0' termination. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Max Filippov <jcmvbkbc(a)gmail.com> Cc: Eric Biggers <ebiggers3(a)gmail.com> Cc: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Stafford Horne <shorne(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- crypto/ablkcipher.c | 2 ++ crypto/blkcipher.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index 4ee7c041bb82..8882e90e868e 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -368,6 +368,7 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; @@ -442,6 +443,7 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 77b5fa293f66..f93abf13b5d4 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -510,6 +510,7 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; -- 2.17.1

7 years

3
138
0 0

Re: [PATCH v6 1/2] iio: proximity: Add driver support for ST's VL53L0X ToF ranging sensor.

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") v4.9.127: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") 78f839029e1d ("iio: distance: srf08: add IIO driver for us ranger") v4.4.156: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") 78f839029e1d ("iio: distance: srf08: add IIO driver for us ranger") v3.18.122: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") 4193c0f1d863 ("iio: driver for Semtech SX9500 proximity solution") 78f839029e1d ("iio: distance: srf08: add IIO driver for us ranger") Please let us know how to resolve this. -- Thanks, Sasha

7 years

2
2
0 0

[PATCH] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The counters on M3UPI Link 0 and Link 3 don't count. Writing 0 to these counters may causes system crash on some machines. The PCI BDF addresses of M3UPI in current code are incorrect. The correct addresses should be D18:F1 0x204D D18:F2 0x204E D18:F5 0x204D Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> --- arch/x86/events/intel/uncore_snbep.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index 51d7c11..3b3fc92 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -3931,16 +3931,16 @@ static const struct pci_device_id skx_uncore_pci_ids[] = { .driver_data = UNCORE_PCI_DEV_FULL_DATA(21, 5, SKX_PCI_UNCORE_M2PCIE, 3), }, { /* M3UPI0 Link 0 */ - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204C), - .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 0, SKX_PCI_UNCORE_M3UPI, 0), + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204D), + .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 1, SKX_PCI_UNCORE_M3UPI, 0), }, { /* M3UPI0 Link 1 */ - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204D), - .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 1, SKX_PCI_UNCORE_M3UPI, 1), + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204E), + .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 2, SKX_PCI_UNCORE_M3UPI, 1), }, { /* M3UPI1 Link 2 */ - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204C), - .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 4, SKX_PCI_UNCORE_M3UPI, 2), + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204D), + .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 5, SKX_PCI_UNCORE_M3UPI, 2), }, { /* end: all zeroes */ } }; -- 2.7.4

7 years

3
2
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit dfba61ec760efc578a3f3702e752b51ca1dfed52: Linux 4.18.8 (2018-09-15 09:47:02 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-17092018 for you to fetch changes up to 77d141736c922f90410b6acf877fe335335d9571: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:22:00 -0400) - ---------------------------------------------------------------- for-greg-4.18-17092018 - ---------------------------------------------------------------- Alexandru Gagniuc (1): PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Ard Biesheuvel (1): efi/arm: preserve early mapping of UEFI memory map longer for BGRT Arnd Bergmann (1): omapfb: rename omap2 module to omap2fb.ko Bhushan Shah (1): ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Bjorn Andersson (1): soc: qcom: smem: Correct check for global partition Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Christoffer Dall (1): KVM: arm/arm64: Fix vgic init race Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Daniel Mack (1): video: fbdev: pxafb: clear allocated memory for video modes Dmitry Torokhov (1): Input: pxrc - fix freeing URB on device teardown Erich E. Hoover (1): usb: dwc3: change stream event enable bit back to 13 Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Golan Ben Ami (1): iwlwifi: cancel the injective function between hw pointers to tfd entry index Gregory CLEMENT (1): clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent Hanna Hawa (1): dmaengine: mv_xor_v2: kill the tasklets upon exit Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() Jae Hyun Yoo (1): i2c: aspeed: Fix initial values of master and slave state Jakub Kicinski (2): nfp: don't fail probe on pci_sriov_set_totalvfs() errors nfp: avoid buffer leak when FW communication fails Jean-Philippe Brucker (2): iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE iommu/io-pgtable-arm: Fix pgtable allocation in selftest Jeff Crukley (1): ALSA: usb-audio: Add support for Encore mDSD USB DAC Jiang Biao (2): x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiri Olsa (2): perf tools: Synthesize GROUP_DESC feature in pipe mode perf tools: Fix struct comm_str removal crash Joerg Roedel (1): x86/mm/pti: Add an overflow check to pti_clone_pmds() John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Ha?asa (1): media: tw686x: Fix oops on buffer alloc failure Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Leonard Crestez (1): reset: imx7: Fix always writing bits as 0 Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Mark Rutland (2): KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() Masahiro Yamada (2): kbuild: add .DELETE_ON_ERROR special target kbuild: do not update config when running install targets Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Mike Snitzer (1): block: allow max_discard_segments to be stacked Mikko Perttunen (1): clk: core: Potentially free connection id Nicholas Mc Guire (4): clk: imx6ul: fix missing of_node_put() clk: imx6sll: fix missing of_node_put() staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Niklas Cassel (2): regulator: qcom_spmi: Use correct regmap when checking for error regulator: qcom_spmi: Fix warning Bad of_node_put() Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied Paul Cercueil (1): MIPS: jz4740: Bump zload address Pingfan Liu (1): drivers/base: stop new probing during shutdown Piotr Sawicki (1): Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Rajan Vaja (1): clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Rex Zhu (1): drm/amd/pp: Set Max clock level to display by default Sagi Grimberg (2): nvmet: fix file discard return status nvme-rdma: unquiesce queues when deleting the controller Sandipan Das (6): perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 perf tests: Fix record+probe_libc_inet_pton.sh when event exists perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering perf script: Show correct offsets for DWARF-based unwinding Takashi Iwai (3): ALSA: pcm: Add __force to cast in snd_pcm_lib_read/write() ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Thomas Richter (1): perf test: Fix subtest number when showing results Todor Tomov (1): media: ov5645: Supported external clock is 24MHz Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Wei Yongjun (1): IB/ipoib: Fix error return code in ipoib_dev_init() Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' Yoshihiro Shimoda (1): iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 Yue Wang (1): ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations YueHaibing (3): xfrm: fix 'passing zero to ERR_PTR()' warning amd-xgbe: use dma_mapping_error to check map errors wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Zhu Yanjun (1): IB/rxe: Drop QP0 silently Makefile | 27 ++++++--- .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 + arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/kernel/ptrace.c | 19 ++++--- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- arch/x86/mm/pti.c | 25 ++++++-- block/blk-settings.c | 2 +- drivers/base/core.c | 3 + drivers/clk/clk-fixed-factor.c | 9 ++- drivers/clk/clk.c | 3 + drivers/clk/imx/clk-imx6sll.c | 1 + drivers/clk/imx/clk-imx6ul.c | 1 + drivers/clk/mvebu/armada-37xx-periph.c | 3 - drivers/crypto/sahara.c | 4 +- drivers/dma/mv_xor_v2.c | 2 + drivers/dma/pl330.c | 5 +- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 +- drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 9 ++- drivers/i2c/busses/i2c-aspeed.c | 4 +- drivers/infiniband/sw/rxe/rxe_recv.c | 9 ++- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/input/joystick/pxrc.c | 66 ++++++++++------------ drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 ++- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/ipmmu-vmsa.c | 8 +++ drivers/media/common/videobuf2/videobuf2-core.c | 5 ++ drivers/media/i2c/ov5645.c | 13 +++-- drivers/media/pci/tw686x/tw686x-video.c | 11 +++- drivers/mtd/maps/solutionengine.c | 6 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 +-- drivers/net/ethernet/netronome/nfp/nfp_main.c | 20 ++++--- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++++- drivers/net/wan/fsl_ucc_hdlc.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 12 ++-- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 11 +++- drivers/net/xen-netfront.c | 6 +- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/io-cmd-file.c | 18 +++--- drivers/pci/pcie/aer.c | 6 ++ drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/regulator/qcom_spmi-regulator.c | 34 ++++++----- drivers/reset/reset-imx7.c | 2 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/soc/qcom/smem.c | 10 ++-- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 ++- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 ++-- drivers/usb/dwc3/gadget.h | 2 +- drivers/video/fbdev/core/modedb.c | 41 ++++++++++---- drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/omap2/omapfb/Makefile | 4 +- drivers/video/fbdev/pxafb.c | 4 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- include/sound/pcm.h | 4 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 +++++--- net/xfrm/xfrm_policy.c | 5 +- scripts/Kbuild.include | 3 + security/smack/smack_lsm.c | 14 +++-- sound/isa/msnd/msnd_pinnacle.c | 4 +- sound/soc/codecs/rt5514.c | 8 +-- sound/usb/quirks-table.h | 3 +- sound/usb/quirks.c | 2 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 +++- tools/perf/tests/builtin-test.c | 2 +- .../tests/shell/record+probe_libc_inet_pton.sh | 36 ++++++++++-- tools/perf/util/comm.c | 16 ++++-- tools/perf/util/header.c | 2 +- tools/perf/util/machine.c | 9 ++- tools/perf/util/unwind-libdw.c | 2 +- tools/perf/util/unwind-libunwind-local.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 4 ++ virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 + 82 files changed, 436 insertions(+), 218 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPMwACgkQ3qZv95d3 LNyyIw//fOsB+VO3qSfxAB+nCIH6xaO7jWW8EIAaFYGIFjhgm8dDvXmTR2zv4OsW MoDPTfQXCmsWnwnymTEvlopu3tEMKK0R8uHXMpkSByCP6ie5WE6DJ2zjex+yqEDM W5gUBQVK9Qj3OzQxA4YbHtUKRXNVE/EtMqOrgjuRw08brdCXxbqt48iOm3EC+lFq nrKquXCvRggBguPV1xKoFP9bwTafClQ0owuPS6OWdTBWNu2B7X2dua3jBW64yX1V wru3/MznYgcC/yKsauimLeS99x2Y3I+He0udEyCII4ylsgWzZJg6O9uvNi9HnuP+ qFg+ew4ecb+MFH31RjEkipHg3thAFdMdMC1pNzZLdaof03wMWV2DsioA4newv+Px jzW8vikqQC51MeVIbEIiCAkoFf4yZjIOehvi70s4TsaCOwxKusntP0jvUGDxWS6A GmU6wpoeqBAUZoWFspLbhrkOZanOCncdBUFSBgS0xX4som9j+jnHYAf3cyz7Iuj0 jeenjgM5vqL2jyOh18gz2BYTQT+kHsuJ/bD6OS5AEcgNlnTLC5SRlVYrFHopzt8Z 8yp1kko8LhTAXDaTwXuhi30DrStJzM1Cnm0pbi/XnRSLEpXRLWx3f5ODTQvID4d9 IksJxN7G+Mm7Bc/obEVytvnslSVvFFWzmJKhYRYbpAmfHT4Byo8= =A0j/ -----END PGP SIGNATURE-----

7 years

2
1
0 0

[PATCH] powerpc: fix csum_ipv6_magic() on little endian platforms

by Christophe Leroy

On little endian platforms, csum_ipv6_magic() keeps len and proto in CPU byte order. This generates a bad results leading to ICMPv6 packets from other hosts being dropped by powerpc64le platforms. In order to fix this, len and proto should be converted to network byte order ie bigendian byte order. However checksumming 0x12345678 and 0x56341278 provide the exact same result so it is enough to rotate the sum of len and proto by 1 byte. PPC32 only support bigendian so the fix is needed for PPC64 only Fixes: e9c4943a107b ("powerpc: Implement csum_ipv6_magic in assembly") Reported-by: Jianlin Shi <jishi(a)redhat.com> Reported-by: Xin Long <lucien.xin(a)gmail.com> Cc: <stable(a)vger.kernel.org> # 4.18+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- arch/powerpc/lib/checksum_64.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/lib/checksum_64.S b/arch/powerpc/lib/checksum_64.S index 886ed94b9c13..2a68c43e13f5 100644 --- a/arch/powerpc/lib/checksum_64.S +++ b/arch/powerpc/lib/checksum_64.S @@ -443,6 +443,9 @@ _GLOBAL(csum_ipv6_magic) addc r0, r8, r9 ld r10, 0(r4) ld r11, 8(r4) +#ifndef CONFIG_CPU_BIG_ENDIAN + rotldi r5, r5, 8 +#endif adde r0, r0, r10 add r5, r5, r7 adde r0, r0, r11 -- 2.13.3

7 years

4
3
0 0

[PATCH] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Reviewed-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> --- drivers/spi/spi-mem.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770dfa5cf..ec0c24e873cd 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,25 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.17.1

7 years

1
1
0 0

[PATCH] apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling

by Loic

Hello, Tested without any problem so please picked up this for 4.4 to fix the problem. The patch below is slightly modified to adapt to this version. [ Upstream commit 7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 ] The newly added Kconfig option could never work and just causes a build error when disabled: security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function) bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT; The problem is that the macro undefined in this case, and we need to use the IS_ENABLED() helper to turn it into a boolean constant. Another minor problem with the original patch is that the option is even offered in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option in that case. Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> --- diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version); + if (!aa_g_hash_policy) + return 0; + if (!apparmor_tfm) return 0; diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +692,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR); +#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif + /* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR); ---

7 years

4
10
0 0

[PATCH for-rc 0/4] IB/hfi1: Couple more for the RC cycle

by Dennis Dalessandro

Hi Doug and Jason, Mike and Ira have identified some fixes that they would like to see land in the RC, these are serious problems and are marked as stable. Changes since v1: Update Lukasz' email address and fix subject tag. --- Ira Weiny (1): IB/hfi1: Fix SL array bounds check Michael J. Ruhl (3): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Fix destroy_qp hang after a link down drivers/infiniband/hw/hfi1/chip.c | 6 +++- drivers/infiniband/hw/hfi1/pio.c | 51 ++++++++++++++++++++++++++------ drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 + drivers/infiniband/hw/hfi1/verbs.c | 8 ++++- 5 files changed, 56 insertions(+), 13 deletions(-) -- -Denny

7 years

2
5
0 0

[PATCH v2 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check()

by Lyude Paul

Currently the way that we prevent userspace from performing new modesets on MST connectors that have just been destroyed is rather broken. There's nothing in the actual DRM DP MST topology helpers that checks whether or not a connector still exists, instead each DRM driver does this on it's own, usually by returning NULL from the best_encoder callback which in turn, causes the atomic commit to fail. However, this is wrong in a rather subtle way. If ->best_encoder() returns NULL, this makes ALL modesets involving the connector fail. This includes modesets from userspace that would shut off the CRTCs being used by the connector. Since this results in blocking any changes to a connector's DPMS prop, it has the sideaffect of preventing legacy modesetting users from ever disabling a CRTC that was previously enabled for use in an MST topology. An example of this, where X tries to change the DPMS property of an MST connector that was just detached from the system: [ 2908.320131] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] [ 2908.320148] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] status updated from connected to disconnected [ 2908.320166] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] disconnected [ 2908.320193] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 111 (1) [ 2908.320230] [drm:drm_sysfs_hotplug_event [drm]] generating hotplug event ... [ 2908.638539] [drm:drm_ioctl [drm]] pid=12928, dev=0xe201, auth=1, DRM_IOCTL_MODE_SETPROPERTY [ 2908.638546] [drm:drm_atomic_state_init [drm]] Allocated atomic state 000000007155ba49 [ 2908.638553] [drm:drm_mode_object_get [drm]] OBJ ID: 114 (1) [ 2908.638560] [drm:drm_mode_object_get [drm]] OBJ ID: 108 (1) [ 2908.638568] [drm:drm_atomic_get_crtc_state [drm]] Added [CRTC:41:head-0] 0000000097a6396e state to 000000007155ba49 [ 2908.638575] [drm:drm_atomic_add_affected_connectors [drm]] Adding all current connectors for [CRTC:41:head-0] to 000000007155ba49 [ 2908.638582] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (3) [ 2908.638589] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (4) [ 2908.638596] [drm:drm_atomic_get_connector_state [drm]] Added [CONNECTOR:82:DP-6] 0000000087427144 state to 000000007155ba49 [ 2908.638603] [drm:drm_atomic_check_only [drm]] checking 000000007155ba49 [ 2908.638609] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CRTC:41:head-0] active changed [ 2908.638613] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:82:DP-6] [ 2908.638616] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] No suitable encoder found for [CONNECTOR:82:DP-6] [ 2908.638623] [drm:drm_atomic_check_only [drm]] atomic driver check for 000000007155ba49 failed: -22 [ 2908.638630] [drm:drm_atomic_state_default_clear [drm]] Clearing atomic state 000000007155ba49 [ 2908.638637] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (4) [ 2908.638643] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (3) [ 2908.638650] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 114 (2) [ 2908.638656] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 108 (2) [ 2908.638663] [drm:__drm_atomic_state_free [drm]] Freeing atomic state 000000007155ba49 [ 2908.638669] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (2) [ 2908.638676] [drm:drm_ioctl [drm]] pid=12928, ret = -22 While this doesn't usually result in any errors that would be obvious to the user, it does result in us leaving display resources on. This in turn leads to unwanted sideaffects like inactive GPUs being left on (usually from the resulting leaked runtime PM ref). So, provide an easier way of doing this that doesn't require breaking ->best_encoder(): add a common drm_dp_mst_connector_atomic_check() function that DRM drivers can call in order to have CRTC enabling commits fail automatically if the MST port driving the connector no longer exists. We'll also be able to expand upon this later as well once we add MST fallback retraining support. Changes since v1: - Use list_for_each_entry_safe in drm_dp_mst_connector_still_exists() - Julia Lawall Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Julia Lawall <julia.lawall(a)lip6.fr> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_dp_mst_topology.c | 76 +++++++++++++++++++++++++++ include/drm/drm_dp_mst_helper.h | 3 ++ 2 files changed, 79 insertions(+) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 7780567aa669..58b9554711c7 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -3129,6 +3129,82 @@ static const struct drm_private_state_funcs mst_state_funcs = { .atomic_destroy_state = drm_dp_mst_destroy_state, }; +static bool +drm_dp_mst_connector_still_exists(struct drm_connector *connector, + struct drm_dp_mst_topology_mgr *mgr, + struct drm_dp_mst_branch *mstb) +{ + struct drm_dp_mst_port *port, *tmp; + bool exists = false; + + mstb = drm_dp_get_validated_mstb_ref(mgr, mstb); + if (!mstb) + return false; + + list_for_each_entry_safe(port, tmp, &mstb->ports, next) { + port = drm_dp_get_validated_port_ref(mgr, port); + if (!port) + continue; + + exists = (port->connector == connector || + (port->mstb && + drm_dp_mst_connector_still_exists(connector, mgr, + port->mstb))); + + drm_dp_put_port(port); + if (exists) + break; + } + + drm_dp_put_mst_branch_device(mstb); + return exists; +} + +/** + * drm_dp_mst_connector_atomic_check - Helper for validating a new atomic + * state on an MST connector + * @connector: drm connector + * @connector_state: the new atomic state of @connector + * @mgr: the MST topology mgr for @connector + * + * This function performs various atomic checks that apply to all drivers + * using the DRM DP MST helpers. This should be called by all drivers at the + * start of the atomic_check function for their MST connectors. + * + * Return 0 for success, or negative error code on failure. + */ +int +drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr) +{ + struct drm_atomic_state *state = connector_state->state; + struct drm_crtc *crtc = connector_state->crtc; + struct drm_crtc_state *new_crtc_state; + + if (!crtc) + return 0; + + new_crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!new_crtc_state) + return 0; + + if (!drm_atomic_crtc_needs_modeset(new_crtc_state) || + !new_crtc_state->active) + return 0; + + /* Make sure that the port for this MST connector still exists */ + if (!drm_dp_mst_connector_still_exists(connector, mgr, + mgr->mst_primary)) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] has disappeared from the MST topology\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(drm_dp_mst_connector_atomic_check); + /** * drm_atomic_get_mst_topology_state: get MST topology state * diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h index 7f78d26a0766..8e33c2c85d1e 100644 --- a/include/drm/drm_dp_mst_helper.h +++ b/include/drm/drm_dp_mst_helper.h @@ -625,6 +625,9 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr); int drm_dp_mst_topology_mgr_resume(struct drm_dp_mst_topology_mgr *mgr); struct drm_dp_mst_topology_state *drm_atomic_get_mst_topology_state(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr); +int drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr); int drm_dp_atomic_find_vcpi_slots(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_port *port, int pbn); -- 2.17.1

7 years

2
1
0 0

[PATCH 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check()

by Lyude Paul

Currently the way that we prevent userspace from performing new modesets on MST connectors that have just been destroyed is rather broken. There's nothing in the actual DRM DP MST topology helpers that checks whether or not a connector still exists, instead each DRM driver does this on it's own, usually by returning NULL from the best_encoder callback which in turn, causes the atomic commit to fail. However, this is wrong in a rather subtle way. If ->best_encoder() returns NULL, this makes ALL modesets involving the connector fail. This includes modesets from userspace that would shut off the CRTCs being used by the connector. Since this results in blocking any changes to a connector's DPMS prop, it has the sideaffect of preventing legacy modesetting users from ever disabling a CRTC that was previously enabled for use in an MST topology. An example of this, where X tries to change the DPMS property of an MST connector that was just detached from the system: [ 2908.320131] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] [ 2908.320148] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] status updated from connected to disconnected [ 2908.320166] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] disconnected [ 2908.320193] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 111 (1) [ 2908.320230] [drm:drm_sysfs_hotplug_event [drm]] generating hotplug event ... [ 2908.638539] [drm:drm_ioctl [drm]] pid=12928, dev=0xe201, auth=1, DRM_IOCTL_MODE_SETPROPERTY [ 2908.638546] [drm:drm_atomic_state_init [drm]] Allocated atomic state 000000007155ba49 [ 2908.638553] [drm:drm_mode_object_get [drm]] OBJ ID: 114 (1) [ 2908.638560] [drm:drm_mode_object_get [drm]] OBJ ID: 108 (1) [ 2908.638568] [drm:drm_atomic_get_crtc_state [drm]] Added [CRTC:41:head-0] 0000000097a6396e state to 000000007155ba49 [ 2908.638575] [drm:drm_atomic_add_affected_connectors [drm]] Adding all current connectors for [CRTC:41:head-0] to 000000007155ba49 [ 2908.638582] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (3) [ 2908.638589] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (4) [ 2908.638596] [drm:drm_atomic_get_connector_state [drm]] Added [CONNECTOR:82:DP-6] 0000000087427144 state to 000000007155ba49 [ 2908.638603] [drm:drm_atomic_check_only [drm]] checking 000000007155ba49 [ 2908.638609] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CRTC:41:head-0] active changed [ 2908.638613] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:82:DP-6] [ 2908.638616] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] No suitable encoder found for [CONNECTOR:82:DP-6] [ 2908.638623] [drm:drm_atomic_check_only [drm]] atomic driver check for 000000007155ba49 failed: -22 [ 2908.638630] [drm:drm_atomic_state_default_clear [drm]] Clearing atomic state 000000007155ba49 [ 2908.638637] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (4) [ 2908.638643] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (3) [ 2908.638650] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 114 (2) [ 2908.638656] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 108 (2) [ 2908.638663] [drm:__drm_atomic_state_free [drm]] Freeing atomic state 000000007155ba49 [ 2908.638669] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (2) [ 2908.638676] [drm:drm_ioctl [drm]] pid=12928, ret = -22 While this doesn't usually result in any errors that would be obvious to the user, it does result in us leaving display resources on. This in turn leads to unwanted sideaffects like inactive GPUs being left on (usually from the resulting leaked runtime PM ref). So, provide an easier way of doing this that doesn't require breaking ->best_encoder(): add a common drm_dp_mst_connector_atomic_check() function that DRM drivers can call in order to have CRTC enabling commits fail automatically if the MST port driving the connector no longer exists. We'll also be able to expand upon this later as well once we add MST fallback retraining support. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_dp_mst_topology.c | 76 +++++++++++++++++++++++++++ include/drm/drm_dp_mst_helper.h | 3 ++ 2 files changed, 79 insertions(+) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 7780567aa669..0162d4bf2549 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -3129,6 +3129,82 @@ static const struct drm_private_state_funcs mst_state_funcs = { .atomic_destroy_state = drm_dp_mst_destroy_state, }; +static bool +drm_dp_mst_connector_still_exists(struct drm_connector *connector, + struct drm_dp_mst_topology_mgr *mgr, + struct drm_dp_mst_branch *mstb) +{ + struct drm_dp_mst_port *port; + bool exists = false; + + mstb = drm_dp_get_validated_mstb_ref(mgr, mstb); + if (!mstb) + return false; + + list_for_each_entry(port, &mstb->ports, next) { + port = drm_dp_get_validated_port_ref(mgr, port); + if (!port) + continue; + + exists = (port->connector == connector || + (port->mstb && + drm_dp_mst_connector_still_exists(connector, mgr, + port->mstb))); + + drm_dp_put_port(port); + if (exists) + break; + } + + drm_dp_put_mst_branch_device(mstb); + return exists; +} + +/** + * drm_dp_mst_connector_atomic_check - Helper for validating a new atomic + * state on an MST connector + * @connector: drm connector + * @connector_state: the new atomic state of @connector + * @mgr: the MST topology mgr for @connector + * + * This function performs various atomic checks that apply to all drivers + * using the DRM DP MST helpers. This should be called by all drivers at the + * start of the atomic_check function for their MST connectors. + * + * Return 0 for success, or negative error code on failure. + */ +int +drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr) +{ + struct drm_atomic_state *state = connector_state->state; + struct drm_crtc *crtc = connector_state->crtc; + struct drm_crtc_state *new_crtc_state; + + if (!crtc) + return 0; + + new_crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!new_crtc_state) + return 0; + + if (!drm_atomic_crtc_needs_modeset(new_crtc_state) || + !new_crtc_state->active) + return 0; + + /* Make sure that the port for this MST connector still exists */ + if (!drm_dp_mst_connector_still_exists(connector, mgr, + mgr->mst_primary)) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] has disappeared from the MST topology\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(drm_dp_mst_connector_atomic_check); + /** * drm_atomic_get_mst_topology_state: get MST topology state * diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h index 7f78d26a0766..8e33c2c85d1e 100644 --- a/include/drm/drm_dp_mst_helper.h +++ b/include/drm/drm_dp_mst_helper.h @@ -625,6 +625,9 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr); int drm_dp_mst_topology_mgr_resume(struct drm_dp_mst_topology_mgr *mgr); struct drm_dp_mst_topology_state *drm_atomic_get_mst_topology_state(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr); +int drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr); int drm_dp_atomic_find_vcpi_slots(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_port *port, int pbn); -- 2.17.1

7 years

4
4
0 0

Re: [PATCH] nohz: Fix missing tick reprog while interrupting inline timer softirq

by Thomas Gleixner

On Thu, 20 Sep 2018, Evan Green wrote: > On Thu, Aug 30, 2018 at 7:29 AM Thomas Gleixner <tglx(a)linutronix.de> wrote: > > > > On Thu, 30 Aug 2018, John Crispin wrote: > > > > > > Sry, that disturbing you all, but what are the conclusion here for 4.14.y? > > > > - take Thomas's patch https://lore.kernel.org/patchwork/patch/969521/#1162900 > > > > - revert commit 2d898915ccf4838c04531c51a598469e921a5eb5 > > > > > > Hi Frederic, > > > > > > I reported this very issue to tglx last night and he asked me to verify his > > > proposed patch which i just did. I can confirm the the patch fixes the issue > > > on 4.14.67 and Greg should add it to the stable queue please. > > > > > > Tested-by: John Crispin <john(a)phrozen.org> > > > > Let me whip up a proper patch with changelog. > > > Hi Thomas, > Did this patch ever go anywhere? I believe it fixes the prints I'm > seeing in our kernel, and I wondered if the official patch was > somewhere. It's out there: https://lore.kernel.org/patchwork/patch/979451/ I assume that it has fallen through the stable cracks. Thanks, tglx

7 years

2
1
0 0

[PATCH for-next 0/4] IB/hfi1: Couple more for the RC cycle

by Dennis Dalessandro

Hi Doug and Jason, Mike and Ira have identified some fixes that they would like to see land in the RC, these are serious problems and are marked as stable. --- Ira Weiny (1): IB/hfi1: Fix SL array bounds check Michael J. Ruhl (3): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Fix destroy_qp hang after a link down drivers/infiniband/hw/hfi1/chip.c | 6 +++- drivers/infiniband/hw/hfi1/pio.c | 51 ++++++++++++++++++++++++++------ drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 + drivers/infiniband/hw/hfi1/verbs.c | 8 ++++- 5 files changed, 56 insertions(+), 13 deletions(-) -- -Denny

7 years

1
5
0 0

[patch 7/7] ocfs2: fix ocfs2 read block panic

by akpm＠linux-foundation.org

From: Junxiao Bi <junxiao.bi(a)oracle.com> Subject: ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[<ffffffffa05e9f09>] [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [<ffffffffa0609f52>] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [<ffffffffa05eca00>] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [<ffffffffa05ec0cb>] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [<ffffffffa05f0fbf>] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [<ffffffffa065660f>] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [<ffffffffa05f4f3a>] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [<ffffffffa05f442e>] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [<ffffffffa061b2f2>] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [<ffffffffa061c385>] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [<ffffffff8121714b>] vfs_create+0xdb/0x150 [203748.713518] [<ffffffff8121b225>] do_last+0x815/0x1210 [203748.713772] [<ffffffff812192e9>] ? path_init+0xb9/0x450 [203748.714123] [<ffffffff8121bca0>] path_openat+0x80/0x600 [203748.714378] [<ffffffff811bcd45>] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [<ffffffff8121d7ba>] do_filp_open+0x3a/0xb0 [203748.714888] [<ffffffff8122a767>] ? __alloc_fd+0xa7/0x130 [203748.715143] [<ffffffff81209ffc>] do_sys_open+0x12c/0x220 [203748.715403] [<ffffffff81026ddb>] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [<ffffffff816f0c9f>] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [<ffffffff8120a10e>] SyS_open+0x1e/0x20 [203748.716184] [<ffffffff816f0d5e>] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP <ffff88006ff4b818> Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic fs/ocfs2/buffer_head_io.c --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic +++ a/fs/ocfs2/buffer_head_io.c @@ -342,6 +342,7 @@ int ocfs2_read_blocks(struct ocfs2_cachi * for this bh as it's not marked locally * uptodate. */ status = -EIO; + clear_buffer_needs_validate(bh); put_bh(bh); bhs[i] = NULL; continue; _

7 years

1
0
0 0

[patch 4/7] mm: shmem.c: Correctly annotate new inodes for lockdep

by akpm＠linux-foundation.org

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Subject: mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep mm/shmem.c --- a/mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep +++ a/mm/shmem.c @@ -2227,6 +2227,8 @@ static struct inode *shmem_get_inode(str mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; _

7 years

1
0
0 0

[patch 2/7] mm: disable deferred struct page for 32-bit arches

by akpm＠linux-foundation.org

From: Pasha Tatashin <Pavel.Tatashin(a)microsoft.com> Subject: mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches mm/Kconfig --- a/mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches +++ a/mm/Kconfig @@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT depends on NO_BOOTMEM depends on SPARSEMEM depends on !NEED_PER_CPU_KM + depends on 64BIT help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _

7 years

1
0
0 0

[patch 1/7] fork: report pid exhaustion correctly

by akpm＠linux-foundation.org

From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _

7 years

1
0
0 0

[patch 1/7] fork: report pid exhaustion correctly

by akpm＠linux-foundation.org

From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _

7 years

1
0
0 0

[patch 7/7] ocfs2: fix ocfs2 read block panic

by akpm＠linux-foundation.org

From: Junxiao Bi <junxiao.bi(a)oracle.com> Subject: ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[<ffffffffa05e9f09>] [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [<ffffffffa0609f52>] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [<ffffffffa05eca00>] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [<ffffffffa05ec0cb>] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [<ffffffffa05f0fbf>] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [<ffffffffa065660f>] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [<ffffffffa05f4f3a>] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [<ffffffffa05f442e>] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [<ffffffffa061b2f2>] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [<ffffffffa061c385>] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [<ffffffff8121714b>] vfs_create+0xdb/0x150 [203748.713518] [<ffffffff8121b225>] do_last+0x815/0x1210 [203748.713772] [<ffffffff812192e9>] ? path_init+0xb9/0x450 [203748.714123] [<ffffffff8121bca0>] path_openat+0x80/0x600 [203748.714378] [<ffffffff811bcd45>] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [<ffffffff8121d7ba>] do_filp_open+0x3a/0xb0 [203748.714888] [<ffffffff8122a767>] ? __alloc_fd+0xa7/0x130 [203748.715143] [<ffffffff81209ffc>] do_sys_open+0x12c/0x220 [203748.715403] [<ffffffff81026ddb>] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [<ffffffff816f0c9f>] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [<ffffffff8120a10e>] SyS_open+0x1e/0x20 [203748.716184] [<ffffffff816f0d5e>] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP <ffff88006ff4b818> Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic fs/ocfs2/buffer_head_io.c --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic +++ a/fs/ocfs2/buffer_head_io.c @@ -342,6 +342,7 @@ int ocfs2_read_blocks(struct ocfs2_cachi * for this bh as it's not marked locally * uptodate. */ status = -EIO; + clear_buffer_needs_validate(bh); put_bh(bh); bhs[i] = NULL; continue; _

7 years

1
0
0 0

[patch 4/7] mm: shmem.c: Correctly annotate new inodes for lockdep

by akpm＠linux-foundation.org

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Subject: mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep mm/shmem.c --- a/mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep +++ a/mm/shmem.c @@ -2227,6 +2227,8 @@ static struct inode *shmem_get_inode(str mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; _

7 years

1
0
0 0

[patch 2/7] mm: disable deferred struct page for 32-bit arches

by akpm＠linux-foundation.org

From: Pasha Tatashin <Pavel.Tatashin(a)microsoft.com> Subject: mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches mm/Kconfig --- a/mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches +++ a/mm/Kconfig @@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT depends on NO_BOOTMEM depends on SPARSEMEM depends on !NEED_PER_CPU_KM + depends on 64BIT help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _

7 years

1
0
0 0

[patch 1/7] fork: report pid exhaustion correctly

by akpm＠linux-foundation.org

From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _

7 years

1
0
0 0

Applied "regulator: fix crash caused by null driver data" to the regulator tree

by Mark Brown

The patch regulator: fix crash caused by null driver data has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From fb6de923ca3358a91525552b4907d4cb38730bdd Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Wed, 19 Sep 2018 15:30:51 -0600 Subject: [PATCH] regulator: fix crash caused by null driver data dev_set_drvdata() needs to be called before device_register() exposes device to userspace. Otherwise kernel crashes after it gets null pointer from dev_get_drvdata() when userspace tries to access sysfs entries. [Removed backtrace for length -- broonie] Signed-off-by: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/regulator/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 90215f57270f..9577d8941846 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -4395,13 +4395,13 @@ regulator_register(const struct regulator_desc *regulator_desc, !rdev->desc->fixed_uV) rdev->is_switch = true; + dev_set_drvdata(&rdev->dev, rdev); ret = device_register(&rdev->dev); if (ret != 0) { put_device(&rdev->dev); goto unset_supplies; } - dev_set_drvdata(&rdev->dev, rdev); rdev_init_debugfs(rdev); /* try to resolve regulators supply since a new one was registered */ -- 2.19.0

7 years

1
0
0 0

[PATCH] xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code

by Boris Ostrovsky

Otherwise we may leak kernel stack for events that sample user registers. Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/pmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c index 7d00d4a..95997e6 100644 --- a/arch/x86/xen/pmu.c +++ b/arch/x86/xen/pmu.c @@ -478,7 +478,7 @@ static void xen_convert_regs(const struct xen_pmu_regs *xen_regs, irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id) { int err, ret = IRQ_NONE; - struct pt_regs regs; + struct pt_regs regs = {0}; const struct xen_pmu_data *xenpmu_data = get_xenpmu_data(); uint8_t xenpmu_flags = get_xenpmu_flags(); -- 1.8.3.1

7 years

2
2
0 0

[PATCH v2 3/3] usb: typec: pci: Enable Intel USB role mux on Apollo Lake platforms

by Mathias Nyman

From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 722860e..51dd8e0 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -179,10 +179,12 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_PME_STUCK_QUIRK; } if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) xhci->quirks |= XHCI_SSIC_PORT_UNUSED; + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; - } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || -- 2.7.4

7 years

1
0
0 0

[PATCH v2 2/3] usb: xhci-mtk: resume USB3 roothub first

by Mathias Nyman

From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Give USB3 devices a better chance to enumerate at USB3 speeds if they are connected to a suspended host. Porting from "671ffdff5b13 xhci: resume USB 3 roothub first" Cc: <stable(a)vger.kernel.org> Signed-off-by: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mtk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c index 7334da9..71d0d33 100644 --- a/drivers/usb/host/xhci-mtk.c +++ b/drivers/usb/host/xhci-mtk.c @@ -642,10 +642,10 @@ static int __maybe_unused xhci_mtk_resume(struct device *dev) xhci_mtk_host_enable(mtk); xhci_dbg(xhci, "%s: restart port polling\n", __func__); - set_bit(HCD_FLAG_POLL_RH, &hcd->flags); - usb_hcd_poll_rh_status(hcd); set_bit(HCD_FLAG_POLL_RH, &xhci->shared_hcd->flags); usb_hcd_poll_rh_status(xhci->shared_hcd); + set_bit(HCD_FLAG_POLL_RH, &hcd->flags); + usb_hcd_poll_rh_status(hcd); return 0; } -- 2.7.4

7 years

1
0
0 0

[PATCH v2 1/3] xhci: Add missing CAS workaround for Intel Sunrise Point xHCI

by Mathias Nyman

The workaround for missing CAS bit is also needed for xHC on Intel sunrisepoint PCH. For more details see: Intel 100/c230 series PCH specification update Doc #332692-006 Errata #8 Cc: <stable(a)vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 6372edf..722860e 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -185,6 +185,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_DNV_XHCI)) xhci->quirks |= XHCI_MISSING_CAS; -- 2.7.4

7 years

1
0
0 0

v4.4.157 build: 0 failures 31 warnings (v4.4.157)

by Build bot for Mark Brown

Tree/Branch: v4.4.157 Git describe: v4.4.157 Commit: d956091968 Linux 4.4.157 Build Time: 68 min 54 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 31 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 19 warnings 0 mismatches : arm64-allmodconfig 17 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 31 3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) 2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches Warnings: warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

7 years

1
0
0 0

patch "serial: imx: restore handshaking irq for imx1" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: imx: restore handshaking irq for imx1 to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7e620984b62532783912312e334f3c48cdacbd5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)pengutronix.de> Date: Thu, 20 Sep 2018 14:11:17 +0200 Subject: serial: imx: restore handshaking irq for imx1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Back in 2015 when irda was dropped from the driver imx1 was broken. This change reintroduces the support for the third interrupt of the UART. Fixes: afe9cbb1a6ad ("serial: imx: drop support for IRDA") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Leonard Crestez <leonard.crestez(a)nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/imx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 239c0fa2e981..0f67197a3783 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -2351,6 +2351,14 @@ static int imx_uart_probe(struct platform_device *pdev) ret); return ret; } + + ret = devm_request_irq(&pdev->dev, rtsirq, imx_uart_rtsint, 0, + dev_name(&pdev->dev), sport); + if (ret) { + dev_err(&pdev->dev, "failed to request rts irq: %d\n", + ret); + return ret; + } } else { ret = devm_request_irq(&pdev->dev, rxirq, imx_uart_int, 0, dev_name(&pdev->dev), sport); -- 2.19.0

7 years

1
0
0 0

[PATCH] b43: Fix regression in kernel 4.18

by Larry Finger

In commit 66cffd6daab7 ("b43: fix transmit failure when VT is switched"), a condition is noted where the network controller needs to be reset. Note that this situation happens when running the open-source firmware (http://netweb.ing.unibs.it/~openfwwf/), plus a number of other special conditions. for a different card model, it is reported that this change breaks operation running the proprietary firmware (https://marc.info/?l=linux-wireless&m=153504546924558&w=2). Rather than reverting the previous patch, the code is tweaked to avoid the reset unless the open-source firmware is being used. Fixes: 66cffd6daab7 ("b43: fix transmit failure when VT is switched") Cc: Stable <stable(a)vger.kernel.org> # 4.18+ Cc: Taketo Kabe <kabe(a)sra-tohoku.co.jp> Reported-and-tested-by: D. Prabhu <d.praabhu(a)gmail.com> Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> --- drivers/net/wireless/broadcom/b43/dma.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/broadcom/b43/dma.c b/drivers/net/wireless/broadcom/b43/dma.c index 6b0e1ec346cb..d46d57b989ae 100644 --- a/drivers/net/wireless/broadcom/b43/dma.c +++ b/drivers/net/wireless/broadcom/b43/dma.c @@ -1518,13 +1518,15 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, } } else { /* More than a single header/data pair were missed. - * Report this error, and reset the controller to + * Report this error. If running with open-source + * firmware, then reset the controller to * revive operation. */ b43dbg(dev->wl, "Out of order TX status report on DMA ring %d. Expected %d, but got %d\n", ring->index, firstused, slot); - b43_controller_restart(dev, "Out of order TX"); + if (dev->fw.opensource) + b43_controller_restart(dev, "Out of order TX"); return; } } -- 2.18.0

7 years

2
2
0 0

[PATCH 1/2] usb: typec: mux: Take care of driver module reference counting

by Heikki Krogerus

Functions typec_mux_get() and typec_switch_get() already make sure that the mux device reference count is incremented, but the same must be done to the driver module as well to prevent the drivers from being unloaded in the middle of operation. This fixes a potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: 93dd2112c7b2 ("usb: typec: mux: Get the mux identifier from function parameter") Cc: <stable(a)vger.kernel.org> Acked-by: Hans de Goede <hdegoede(a)redhat.com> Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/mux.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/mux.c b/drivers/usb/typec/mux.c index ddaac63ecf12..d990aa510fab 100644 --- a/drivers/usb/typec/mux.c +++ b/drivers/usb/typec/mux.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/list.h> +#include <linux/module.h> #include <linux/mutex.h> #include <linux/usb/typec_mux.h> @@ -49,8 +50,10 @@ struct typec_switch *typec_switch_get(struct device *dev) mutex_lock(&switch_lock); sw = device_connection_find_match(dev, "typec-switch", NULL, typec_switch_match); - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + WARN_ON(!try_module_get(sw->dev->driver->owner)); get_device(sw->dev); + } mutex_unlock(&switch_lock); return sw; @@ -65,8 +68,10 @@ EXPORT_SYMBOL_GPL(typec_switch_get); */ void typec_switch_put(struct typec_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + module_put(sw->dev->driver->owner); put_device(sw->dev); + } } EXPORT_SYMBOL_GPL(typec_switch_put); @@ -136,8 +141,10 @@ struct typec_mux *typec_mux_get(struct device *dev, const char *name) mutex_lock(&mux_lock); mux = device_connection_find_match(dev, name, NULL, typec_mux_match); - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + WARN_ON(!try_module_get(mux->dev->driver->owner)); get_device(mux->dev); + } mutex_unlock(&mux_lock); return mux; @@ -152,8 +159,10 @@ EXPORT_SYMBOL_GPL(typec_mux_get); */ void typec_mux_put(struct typec_mux *mux) { - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + module_put(mux->dev->driver->owner); put_device(mux->dev); + } } EXPORT_SYMBOL_GPL(typec_mux_put); -- 2.18.0

7 years

3
4
0 0

patch "usb: core: safely deal with the dynamic quirk lists" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: core: safely deal with the dynamic quirk lists to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 16c4cb19fa85c648a803752eb63cac0ef69231c2 Mon Sep 17 00:00:00 2001 From: Harry Pan <harry.pan(a)intel.com> Date: Fri, 14 Sep 2018 16:58:16 +0800 Subject: usb: core: safely deal with the dynamic quirk lists Applying dynamic usbcore quirks in early booting when the slab is not yet ready would cause kernel panic of null pointer dereference because the quirk_count has been counted as 1 while the quirk_list was failed to allocate. i.e., [ 1.044970] BUG: unable to handle kernel NULL pointer dereference at (null) [ 1.044995] IP: [<ffffffffb0953ec7>] usb_detect_quirks+0x88/0xd1 [ 1.045016] PGD 0 [ 1.045026] Oops: 0000 [#1] PREEMPT SMP [ 1.046986] gsmi: Log Shutdown Reason 0x03 [ 1.046995] Modules linked in: [ 1.047008] CPU: 0 PID: 81 Comm: kworker/0:3 Not tainted 4.4.154 #28 [ 1.047016] Hardware name: Google Coral/Coral, BIOS Google_Coral.10068.27.0 12/04/2017 [ 1.047028] Workqueue: usb_hub_wq hub_event [ 1.047037] task: ffff88017a321c80 task.stack: ffff88017a384000 [ 1.047044] RIP: 0010:[<ffffffffb0953ec7>] [<ffffffffb0953ec7>] usb_detect_quirks+0x88/0xd1 To tackle this odd, let's balance the quirk_count to 0 when the kcalloc call fails, and defer the quirk setting into a lower level callback which ensures that the kernel memory management has been initialized. Fixes: 027bd6cafd9a ("usb: core: Add "quirks" parameter for usbcore") Signed-off-by: Harry Pan <harry.pan(a)intel.com> Acked-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index e77dfe5ed5ec..178d6c6063c0 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -58,6 +58,7 @@ static int quirks_param_set(const char *val, const struct kernel_param *kp) quirk_list = kcalloc(quirk_count, sizeof(struct quirk_entry), GFP_KERNEL); if (!quirk_list) { + quirk_count = 0; mutex_unlock(&quirk_mutex); return -ENOMEM; } @@ -154,7 +155,7 @@ static struct kparam_string quirks_param_string = { .string = quirks_param, }; -module_param_cb(quirks, &quirks_param_ops, &quirks_param_string, 0644); +device_param_cb(quirks, &quirks_param_ops, &quirks_param_string, 0644); MODULE_PARM_DESC(quirks, "Add/modify USB quirks by specifying quirks=vendorID:productID:quirks"); /* Lists of quirky USB devices, split in device quirks and interface quirks. -- 2.19.0

7 years

1
0
0 0

patch "usb: roles: Take care of driver module reference counting" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: roles: Take care of driver module reference counting to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Wed, 19 Sep 2018 10:58:05 +0300 Subject: usb: roles: Take care of driver module reference counting This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: <stable(a)vger.kernel.org> Acked-by: Hans de Goede <hdegoede(a)redhat.com> Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/common/roles.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/roles.c b/drivers/usb/common/roles.c index 15cc76e22123..99116af07f1d 100644 --- a/drivers/usb/common/roles.c +++ b/drivers/usb/common/roles.c @@ -109,8 +109,15 @@ static void *usb_role_switch_match(struct device_connection *con, int ep, */ struct usb_role_switch *usb_role_switch_get(struct device *dev) { - return device_connection_find_match(dev, "usb-role-switch", NULL, - usb_role_switch_match); + struct usb_role_switch *sw; + + sw = device_connection_find_match(dev, "usb-role-switch", NULL, + usb_role_switch_match); + + if (!IS_ERR_OR_NULL(sw)) + WARN_ON(!try_module_get(sw->dev.parent->driver->owner)); + + return sw; } EXPORT_SYMBOL_GPL(usb_role_switch_get); @@ -122,8 +129,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_get); */ void usb_role_switch_put(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { put_device(&sw->dev); + module_put(sw->dev.parent->driver->owner); + } } EXPORT_SYMBOL_GPL(usb_role_switch_put); -- 2.19.0

7 years

1
0
0 0

patch "USB: handle NULL config in usb_find_alt_setting()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: handle NULL config in usb_find_alt_setting() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c9a4cb204e9eb7fa7dfbe3f7d3a674fa530aa193 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 10 Sep 2018 14:00:53 -0400 Subject: USB: handle NULL config in usb_find_alt_setting() usb_find_alt_setting() takes a pointer to a struct usb_host_config as an argument; it searches for an interface with specified interface and alternate setting numbers in that config. However, it crashes if the usb_host_config pointer argument is NULL. Since this is a general-purpose routine, available for use in many places, we want to to be more robust. This patch makes it return NULL whenever the config argument is NULL. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+19c3aaef85a89d451eac(a)syzkaller.appspotmail.com CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c index 623be3174fb3..79d8bd7a612e 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -228,6 +228,8 @@ struct usb_host_interface *usb_find_alt_setting( struct usb_interface_cache *intf_cache = NULL; int i; + if (!config) + return NULL; for (i = 0; i < config->desc.bNumInterfaces; i++) { if (config->intf_cache[i]->altsetting[0].desc.bInterfaceNumber == iface_num) { -- 2.19.0

7 years

1
0
0 0

patch "USB: fix error handling in usb_driver_claim_interface()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: fix error handling in usb_driver_claim_interface() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From bd729f9d67aa9a303d8925bb8c4f06af25f407d1 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 10 Sep 2018 13:59:59 -0400 Subject: USB: fix error handling in usb_driver_claim_interface() The syzbot fuzzing project found a use-after-free bug in the USB core. The bug was caused by usbfs not unbinding from an interface when the USB device file was closed, which led another process to attempt the unbind later on, after the private data structure had been deallocated. The reason usbfs did not unbind the interface at the appropriate time was because it thought the interface had never been claimed in the first place. This was caused by the fact that usb_driver_claim_interface() does not clean up properly when device_bind_driver() returns an error. Although the error code gets passed back to the caller, the iface->dev.driver pointer remains set and iface->condition remains equal to USB_INTERFACE_BOUND. This patch adds proper error handling to usb_driver_claim_interface(). Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+f84aa7209ccec829536f(a)syzkaller.appspotmail.com CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/driver.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index 7652dcb57998..a1f225f077cd 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -550,6 +550,21 @@ int usb_driver_claim_interface(struct usb_driver *driver, if (device_is_registered(dev)) retval = device_bind_driver(dev); + if (retval) { + dev->driver = NULL; + usb_set_intfdata(iface, NULL); + iface->needs_remote_wakeup = 0; + iface->condition = USB_INTERFACE_UNBOUND; + + /* + * Unbound interfaces are always runtime-PM-disabled + * and runtime-PM-suspended + */ + if (driver->supports_autosuspend) + pm_runtime_disable(dev); + pm_runtime_set_suspended(dev); + } + return retval; } EXPORT_SYMBOL_GPL(usb_driver_claim_interface); -- 2.19.0

7 years

1
0
0 0

patch "USB: remove LPM management from usb_driver_claim_interface()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: remove LPM management from usb_driver_claim_interface() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c183813fcee44a249339b7c46e1ad271ca1870aa Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 10 Sep 2018 13:58:51 -0400 Subject: USB: remove LPM management from usb_driver_claim_interface() usb_driver_claim_interface() disables and re-enables Link Power Management, but it shouldn't do either one, for the reasons listed below. This patch removes the two LPM-related function calls from the routine. The reason for disabling LPM in the analogous function usb_probe_interface() is so that drivers won't have to deal with unwanted LPM transitions in their probe routine. But usb_driver_claim_interface() doesn't call the driver's probe routine (or any other callbacks), so that reason doesn't apply here. Furthermore, no driver other than usbfs will ever call usb_driver_claim_interface() unless it is already bound to another interface in the same device, which means disabling LPM here would be redundant. usbfs doesn't interact with LPM at all. Lastly, the error return from usb_unlocked_disable_lpm() isn't handled properly; the code doesn't clean up its earlier actions before returning. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Fixes: 8306095fd2c1 ("USB: Disable USB 3.0 LPM in critical sections.") CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/driver.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index e76e95f62f76..7652dcb57998 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -512,7 +512,6 @@ int usb_driver_claim_interface(struct usb_driver *driver, struct device *dev; struct usb_device *udev; int retval = 0; - int lpm_disable_error = -ENODEV; if (!iface) return -ENODEV; @@ -533,16 +532,6 @@ int usb_driver_claim_interface(struct usb_driver *driver, iface->condition = USB_INTERFACE_BOUND; - /* See the comment about disabling LPM in usb_probe_interface(). */ - if (driver->disable_hub_initiated_lpm) { - lpm_disable_error = usb_unlocked_disable_lpm(udev); - if (lpm_disable_error) { - dev_err(&iface->dev, "%s Failed to disable LPM for driver %s\n", - __func__, driver->name); - return -ENOMEM; - } - } - /* Claimed interfaces are initially inactive (suspended) and * runtime-PM-enabled, but only if the driver has autosuspend * support. Otherwise they are marked active, to prevent the @@ -561,10 +550,6 @@ int usb_driver_claim_interface(struct usb_driver *driver, if (device_is_registered(dev)) retval = device_bind_driver(dev); - /* Attempt to re-enable USB3 LPM, if the disable was successful. */ - if (!lpm_disable_error) - usb_unlocked_enable_lpm(udev); - return retval; } EXPORT_SYMBOL_GPL(usb_driver_claim_interface); -- 2.19.0

7 years

1
0
0 0

patch "USB: usbdevfs: sanitize flags more" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbdevfs: sanitize flags more to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7a68d9fb851012829c29e770621905529bd9490b Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Wed, 5 Sep 2018 12:07:02 +0200 Subject: USB: usbdevfs: sanitize flags more Requesting a ZERO_PACKET or not is sensible only for output. In the input direction the device decides. Likewise accepting short packets makes sense only for input. This allows operation with panic_on_warn without opening up a local DOS. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Reported-by: syzbot+843efa30c8821bd69f53(a)syzkaller.appspotmail.com Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 6ce77b33da61..263dd2f309fb 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1434,10 +1434,13 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb struct async *as = NULL; struct usb_ctrlrequest *dr = NULL; unsigned int u, totlen, isofrmlen; - int i, ret, is_in, num_sgs = 0, ifnum = -1; + int i, ret, num_sgs = 0, ifnum = -1; int number_of_packets = 0; unsigned int stream_id = 0; void *buf; + bool is_in; + bool allow_short = false; + bool allow_zero = false; unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK | USBDEVFS_URB_BULK_CONTINUATION | USBDEVFS_URB_NO_FSBR | @@ -1471,6 +1474,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = 0; switch (uurb->type) { case USBDEVFS_URB_TYPE_CONTROL: + if (is_in) + allow_short = true; if (!usb_endpoint_xfer_control(&ep->desc)) return -EINVAL; /* min 8 byte setup packet */ @@ -1511,6 +1516,10 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb break; case USBDEVFS_URB_TYPE_BULK: + if (!is_in) + allow_zero = true; + else + allow_short = true; switch (usb_endpoint_type(&ep->desc)) { case USB_ENDPOINT_XFER_CONTROL: case USB_ENDPOINT_XFER_ISOC: @@ -1531,6 +1540,10 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb if (!usb_endpoint_xfer_int(&ep->desc)) return -EINVAL; interrupt_urb: + if (!is_in) + allow_zero = true; + else + allow_short = true; break; case USBDEVFS_URB_TYPE_ISO: @@ -1676,9 +1689,9 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = (is_in ? URB_DIR_IN : URB_DIR_OUT); if (uurb->flags & USBDEVFS_URB_ISO_ASAP) u |= URB_ISO_ASAP; - if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK && is_in) + if (allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) u |= URB_SHORT_NOT_OK; - if (uurb->flags & USBDEVFS_URB_ZERO_PACKET) + if (allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET) u |= URB_ZERO_PACKET; if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT) u |= URB_NO_INTERRUPT; -- 2.19.0

7 years

1
0
0 0

patch "USB: usbdevfs: restore warning for nonsensical flags" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbdevfs: restore warning for nonsensical flags to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 81e0403b26d94360abd1f6a57311337973bc82cd Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Wed, 5 Sep 2018 12:07:03 +0200 Subject: USB: usbdevfs: restore warning for nonsensical flags If we filter flags before they reach the core we need to generate our own warnings. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 263dd2f309fb..244417d0dfd1 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1697,6 +1697,11 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u |= URB_NO_INTERRUPT; as->urb->transfer_flags = u; + if (!allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) + dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.\n"); + if (!allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET) + dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_ZERO_PACKET.\n"); + as->urb->transfer_buffer_length = uurb->buffer_length; as->urb->setup_packet = (unsigned char *)dr; dr = NULL; -- 2.19.0

7 years

1
0
0 0

patch "Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e871db8d78df1c411032cbb3acfdf8930509360e Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Date: Tue, 11 Sep 2018 10:00:44 +0200 Subject: Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" This reverts commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427. The bug the patch describes to, has been already fixed in commit 2df6948428542 ("USB: cdc-wdm: don't enable interrupts in USB-giveback") so need to this, revert it. Fixes: 6e22e3af7bb3 ("usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-wdm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c index 656d247819c9..bec581fb7c63 100644 --- a/drivers/usb/class/cdc-wdm.c +++ b/drivers/usb/class/cdc-wdm.c @@ -460,7 +460,7 @@ static int service_outstanding_interrupt(struct wdm_device *desc) set_bit(WDM_RESPONDING, &desc->flags); spin_unlock_irq(&desc->iuspin); - rv = usb_submit_urb(desc->response, GFP_ATOMIC); + rv = usb_submit_urb(desc->response, GFP_KERNEL); spin_lock_irq(&desc->iuspin); if (rv) { dev_err(&desc->intf->dev, -- 2.19.0

7 years

1
0
0 0

v4.18.9 build: 0 failures 3 warnings (v4.18.9)

by Build bot for Mark Brown

Tree/Branch: v4.18.9 Git describe: v4.18.9 Commit: 86e014f514 Linux 4.18.9 Build Time: 123 min 24 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 3 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allnoconfig 3 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 2 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm-multi_v4t_defconfig 2 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 3 8 <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] 5 <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] 1 ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig x86_64-allmodconfig x86_64-defconfig

7 years

1
0
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.14.x and v4.18.x -stable, respectively. Thank you!

7 years

2
1
0 0

Request for inclusion on linux-4.14.y

by Alakesh Haloi

Hello Greg, Can you please consider including the following patch in the stable linux-4.14.y branch? This is to fix a defect in the Hyper-V network driver (hv_netsvc) that triggers kernel null pointer dereference bug, while loading the driver. b19b46346f48("hv/netvsc: Fix NULL dereference at single queue mode fallback") Thanks Alakesh Haloi

7 years

2
1
0 0

[PATCH] drm/amdgpu: add new polaris pci id

by Alex Deucher

Add new pci id. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 14 ++++++++------ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 + 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c index 693ec5ea4950..8816c697b205 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c @@ -367,12 +367,14 @@ static int amdgpu_cgs_get_firmware_info(struct cgs_device *cgs_device, break; case CHIP_POLARIS10: if (type == CGS_UCODE_ID_SMU) { - if ((adev->pdev->device == 0x67df) && - ((adev->pdev->revision == 0xe0) || - (adev->pdev->revision == 0xe3) || - (adev->pdev->revision == 0xe4) || - (adev->pdev->revision == 0xe5) || - (adev->pdev->revision == 0xe7) || + if (((adev->pdev->device == 0x67df) && + ((adev->pdev->revision == 0xe0) || + (adev->pdev->revision == 0xe3) || + (adev->pdev->revision == 0xe4) || + (adev->pdev->revision == 0xe5) || + (adev->pdev->revision == 0xe7) || + (adev->pdev->revision == 0xef))) || + ((adev->pdev->device == 0x6fdf) && (adev->pdev->revision == 0xef))) { info->is_kicker = true; strcpy(fw_name, "amdgpu/polaris10_k_smc.bin"); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index ff10df4f50d3..b536808f62ec 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -837,6 +837,7 @@ static const struct pci_device_id pciidlist[] = { {0x1002, 0x67CA, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, {0x1002, 0x67CC, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, {0x1002, 0x67CF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, + {0x1002, 0x6FDF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, /* Polaris12 */ {0x1002, 0x6980, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12}, {0x1002, 0x6981, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12}, -- 2.13.6

7 years

1
0
0 0

[PATCH AUTOSEL 3.18 1/4] thermal: of-thermal: disable passive polling when thermal zone is disabled

by Sasha Levin

From: Anson Huang <Anson.Huang(a)nxp.com> [ Upstream commit 152395fd03d4ce1e535a75cdbf58105e50587611 ] When thermal zone is in passive mode, disabling its mode from sysfs is NOT taking effect at all, it is still polling the temperature of the disabled thermal zone and handling all thermal trips, it makes user confused. The disabling operation should disable the thermal zone behavior completely, for both active and passive mode, this patch clears the passive_delay when thermal zone is disabled and restores it when it is enabled. Signed-off-by: Anson Huang <Anson.Huang(a)nxp.com> Signed-off-by: Eduardo Valentin <edubezval(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/thermal/of-thermal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c index 62143ba31001..3aeb476c2894 100644 --- a/drivers/thermal/of-thermal.c +++ b/drivers/thermal/of-thermal.c @@ -209,10 +209,13 @@ static int of_thermal_set_mode(struct thermal_zone_device *tz, mutex_lock(&tz->lock); - if (mode == THERMAL_DEVICE_ENABLED) + if (mode == THERMAL_DEVICE_ENABLED) { tz->polling_delay = data->polling_delay; - else + tz->passive_delay = data->passive_delay; + } else { tz->polling_delay = 0; + tz->passive_delay = 0; + } mutex_unlock(&tz->lock); -- 2.17.1

7 years

1
3
0 0

[PATCH AUTOSEL 4.4 1/7] thermal: of-thermal: disable passive polling when thermal zone is disabled

by Sasha Levin

From: Anson Huang <Anson.Huang(a)nxp.com> [ Upstream commit 152395fd03d4ce1e535a75cdbf58105e50587611 ] When thermal zone is in passive mode, disabling its mode from sysfs is NOT taking effect at all, it is still polling the temperature of the disabled thermal zone and handling all thermal trips, it makes user confused. The disabling operation should disable the thermal zone behavior completely, for both active and passive mode, this patch clears the passive_delay when thermal zone is disabled and restores it when it is enabled. Signed-off-by: Anson Huang <Anson.Huang(a)nxp.com> Signed-off-by: Eduardo Valentin <edubezval(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/thermal/of-thermal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c index be4eedcb839a..236c4eb5cf78 100644 --- a/drivers/thermal/of-thermal.c +++ b/drivers/thermal/of-thermal.c @@ -284,10 +284,13 @@ static int of_thermal_set_mode(struct thermal_zone_device *tz, mutex_lock(&tz->lock); - if (mode == THERMAL_DEVICE_ENABLED) + if (mode == THERMAL_DEVICE_ENABLED) { tz->polling_delay = data->polling_delay; - else + tz->passive_delay = data->passive_delay; + } else { tz->polling_delay = 0; + tz->passive_delay = 0; + } mutex_unlock(&tz->lock); -- 2.17.1

7 years

1
6
0 0

[PATCH AUTOSEL 4.9 01/14] qed: Wait for ready indication before rereading the shmem

by Sasha Levin

From: Tomer Tayar <Tomer.Tayar(a)cavium.com> [ Upstream commit f00d25f3154b676fcea4502a25b94bd7f142ca74 ] The MFW might be reset and re-update its shared memory. Upon the detection of such a reset the driver rereads this memory, but it has to wait till the data is valid. This patch adds the missing wait for a data ready indication. Signed-off-by: Tomer Tayar <Tomer.Tayar(a)cavium.com> Signed-off-by: Ariel Elior <Ariel.Elior(a)cavium.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 50 +++++++++++++++++++---- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c index eaa242df4131..a89385ba6b63 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c +++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c @@ -97,18 +97,57 @@ int qed_mcp_free(struct qed_hwfn *p_hwfn) return 0; } +/* Maximum of 1 sec to wait for the SHMEM ready indication */ +#define QED_MCP_SHMEM_RDY_MAX_RETRIES 20 +#define QED_MCP_SHMEM_RDY_ITER_MS 50 + static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) { struct qed_mcp_info *p_info = p_hwfn->mcp_info; + u8 cnt = QED_MCP_SHMEM_RDY_MAX_RETRIES; + u8 msec = QED_MCP_SHMEM_RDY_ITER_MS; u32 drv_mb_offsize, mfw_mb_offsize; u32 mcp_pf_id = MCP_PF_ID(p_hwfn); p_info->public_base = qed_rd(p_hwfn, p_ptt, MISC_REG_SHARED_MEM_ADDR); - if (!p_info->public_base) - return 0; + if (!p_info->public_base) { + DP_NOTICE(p_hwfn, + "The address of the MCP scratch-pad is not configured\n"); + return -EINVAL; + } p_info->public_base |= GRCBASE_MCP; + /* Get the MFW MB address and number of supported messages */ + mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, + SECTION_OFFSIZE_ADDR(p_info->public_base, + PUBLIC_MFW_MB)); + p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); + p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, + sup_msgs)); + + /* The driver can notify that there was an MCP reset, and might read the + * SHMEM values before the MFW has completed initializing them. + * To avoid this, the "sup_msgs" field in the MFW mailbox is used as a + * data ready indication. + */ + while (!p_info->mfw_mb_length && --cnt) { + msleep(msec); + p_info->mfw_mb_length = + (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, sup_msgs)); + } + + if (!cnt) { + DP_NOTICE(p_hwfn, + "Failed to get the SHMEM ready notification after %d msec\n", + QED_MCP_SHMEM_RDY_MAX_RETRIES * msec); + return -EBUSY; + } + /* Calculate the driver and MFW mailbox address */ drv_mb_offsize = qed_rd(p_hwfn, p_ptt, SECTION_OFFSIZE_ADDR(p_info->public_base, @@ -118,13 +157,6 @@ static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) "drv_mb_offsiz = 0x%x, drv_mb_addr = 0x%x mcp_pf_id = 0x%x\n", drv_mb_offsize, p_info->drv_mb_addr, mcp_pf_id); - /* Set the MFW MB address */ - mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, - SECTION_OFFSIZE_ADDR(p_info->public_base, - PUBLIC_MFW_MB)); - p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); - p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, p_info->mfw_mb_addr); - /* Get the current driver mailbox sequence before sending * the first command */ -- 2.17.1

7 years

1
13
0 0

[PATCH AUTOSEL 4.14 01/25] qed: Wait for ready indication before rereading the shmem

by Sasha Levin

From: Tomer Tayar <Tomer.Tayar(a)cavium.com> [ Upstream commit f00d25f3154b676fcea4502a25b94bd7f142ca74 ] The MFW might be reset and re-update its shared memory. Upon the detection of such a reset the driver rereads this memory, but it has to wait till the data is valid. This patch adds the missing wait for a data ready indication. Signed-off-by: Tomer Tayar <Tomer.Tayar(a)cavium.com> Signed-off-by: Ariel Elior <Ariel.Elior(a)cavium.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 50 +++++++++++++++++++---- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c index 3c469355f5a4..9348d367cfdf 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c +++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c @@ -182,18 +182,57 @@ int qed_mcp_free(struct qed_hwfn *p_hwfn) return 0; } +/* Maximum of 1 sec to wait for the SHMEM ready indication */ +#define QED_MCP_SHMEM_RDY_MAX_RETRIES 20 +#define QED_MCP_SHMEM_RDY_ITER_MS 50 + static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) { struct qed_mcp_info *p_info = p_hwfn->mcp_info; + u8 cnt = QED_MCP_SHMEM_RDY_MAX_RETRIES; + u8 msec = QED_MCP_SHMEM_RDY_ITER_MS; u32 drv_mb_offsize, mfw_mb_offsize; u32 mcp_pf_id = MCP_PF_ID(p_hwfn); p_info->public_base = qed_rd(p_hwfn, p_ptt, MISC_REG_SHARED_MEM_ADDR); - if (!p_info->public_base) - return 0; + if (!p_info->public_base) { + DP_NOTICE(p_hwfn, + "The address of the MCP scratch-pad is not configured\n"); + return -EINVAL; + } p_info->public_base |= GRCBASE_MCP; + /* Get the MFW MB address and number of supported messages */ + mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, + SECTION_OFFSIZE_ADDR(p_info->public_base, + PUBLIC_MFW_MB)); + p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); + p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, + sup_msgs)); + + /* The driver can notify that there was an MCP reset, and might read the + * SHMEM values before the MFW has completed initializing them. + * To avoid this, the "sup_msgs" field in the MFW mailbox is used as a + * data ready indication. + */ + while (!p_info->mfw_mb_length && --cnt) { + msleep(msec); + p_info->mfw_mb_length = + (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, sup_msgs)); + } + + if (!cnt) { + DP_NOTICE(p_hwfn, + "Failed to get the SHMEM ready notification after %d msec\n", + QED_MCP_SHMEM_RDY_MAX_RETRIES * msec); + return -EBUSY; + } + /* Calculate the driver and MFW mailbox address */ drv_mb_offsize = qed_rd(p_hwfn, p_ptt, SECTION_OFFSIZE_ADDR(p_info->public_base, @@ -203,13 +242,6 @@ static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) "drv_mb_offsiz = 0x%x, drv_mb_addr = 0x%x mcp_pf_id = 0x%x\n", drv_mb_offsize, p_info->drv_mb_addr, mcp_pf_id); - /* Set the MFW MB address */ - mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, - SECTION_OFFSIZE_ADDR(p_info->public_base, - PUBLIC_MFW_MB)); - p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); - p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, p_info->mfw_mb_addr); - /* Get the current driver mailbox sequence before sending * the first command */ -- 2.17.1

7 years

1
24
0 0

[PATCH AUTOSEL 4.18 01/56] ARM: OMAP2+: Fix null hwmod for ti-sysc debug

by Sasha Levin

From: Tony Lindgren <tony(a)atomide.com> [ Upstream commit 4769c003e0fcff0ee001a9102e2605bdaa5880f0 ] We may call omap_hwmod_parse_module_range() with no hwmod allocated yet and may have debug enabled. Let's fix this by checking for hwmod before trying to use it's name. Fixes: 6c72b3550672 ("ARM: OMAP2+: Parse module IO range from dts for legacy Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- arch/arm/mach-omap2/omap_hwmod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c index 2ceffd85dd3d..7f759abcf49c 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -2220,7 +2220,7 @@ int omap_hwmod_parse_module_range(struct omap_hwmod *oh, size = be32_to_cpup(ranges); pr_debug("omap_hwmod: %s %s at 0x%llx size 0x%llx\n", - oh->name, np->name, base, size); + oh ? oh->name : "", np->name, base, size); res->start = base; res->end = base + size - 1; -- 2.17.1

7 years

1
55
0 0

[PATCH AUTOSEL 4.18 01/92] binfmt_elf: Respect error return from `regset->active'

by Sasha Levin

From: "Maciej W. Rozycki" <macro(a)mips.com> [ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ] The regset API documented in <linux/regset.h> defines -ENODEV as the result of the `->active' handler to be used where the feature requested is not available on the hardware found. However code handling core file note generation in `fill_thread_core_info' interpretes any non-zero result from the `->active' handler as the regset requested being active. Consequently processing continues (and hopefully gracefully fails later on) rather than being abandoned right away for the regset requested. Fix the problem then by making the code proceed only if a positive result is returned from the `->active' handler. Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 4206d3aa1978 ("elf core dump: notes user_regset") Patchwork: https://patchwork.linux-mips.org/patch/19332/ Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-fsdevel(a)vger.kernel.org Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 816cc921cf36..efae2fb0930a 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1751,7 +1751,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && regset->get && - (!regset->active || regset->active(t->task, regset))) { + (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset_size(t->task, regset); void *data = kmalloc(size, GFP_KERNEL); -- 2.17.1

7 years

3
95
0 0

[PATCH v2 5/6] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Additionally, make intel_dp_mst_atomic_check() simply rely on drm_dp_mst_connector_atomic_check() to prevent new modesets on no-longer-present MSTB ports. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..2b798d4592f0 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -106,14 +106,21 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, } static int intel_dp_mst_atomic_check(struct drm_connector *connector, - struct drm_connector_state *new_conn_state) + struct drm_connector_state *new_conn_state) { struct drm_atomic_state *state = new_conn_state->state; struct drm_connector_state *old_conn_state; struct drm_crtc *old_crtc; struct drm_crtc_state *crtc_state; + struct drm_dp_mst_topology_mgr *mgr = + &to_intel_connector(connector)->mst_port->mst_mgr; int slots, ret = 0; + ret = drm_dp_mst_connector_atomic_check(connector, new_conn_state, + mgr); + if (ret) + return ret; + old_conn_state = drm_atomic_get_old_connector_state(state, connector); old_crtc = old_conn_state->crtc; if (!old_crtc) @@ -122,12 +129,6 @@ static int intel_dp_mst_atomic_check(struct drm_connector *connector, crtc_state = drm_atomic_get_new_crtc_state(state, old_crtc); slots = to_intel_crtc_state(crtc_state)->dp_m_n.tu; if (drm_atomic_crtc_needs_modeset(crtc_state) && slots > 0) { - struct drm_dp_mst_topology_mgr *mgr; - struct drm_encoder *old_encoder; - - old_encoder = old_conn_state->best_encoder; - mgr = &enc_to_mst(old_encoder)->primary->dp.mst_mgr; - ret = drm_dp_atomic_release_vcpi_slots(state, mgr, slots); if (ret) DRM_DEBUG_KMS("failed releasing %d vcpi slots:%d\n", slots, ret); @@ -407,8 +408,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years

1
0
0 0

[PATCH v2 4/6] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years

1
0
0 0

[PATCH v2 2/6] drm/nouveau: Unbreak nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead using the new drm_dp_mst_connector_atomic_check() helper instead while always returning a valid encoder from ->best_encoder(). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9da0bdfe1e1c..8d6f6ee9bc75 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -881,22 +881,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status @@ -926,10 +920,21 @@ nv50_mstc_get_modes(struct drm_connector *connector) return ret; } +static int +nv50_mstc_atomic_check(struct drm_connector *connector, + struct drm_connector_state *state) +{ + struct nv50_mstc *mstc = nv50_mstc(connector); + + return drm_dp_mst_connector_atomic_check(connector, state, + &mstc->mstm->mgr); +} + static const struct drm_connector_helper_funcs nv50_mstc_help = { .get_modes = nv50_mstc_get_modes, .mode_valid = nv50_mstc_mode_valid, + .atomic_check = nv50_mstc_atomic_check, .best_encoder = nv50_mstc_best_encoder, .atomic_best_encoder = nv50_mstc_atomic_best_encoder, }; -- 2.17.1

7 years

1
0
0 0

[PATCH V2 00/12] OPP: Don't create multiple OPP tables for devices sharing OPP table

by Viresh Kumar

Hello, Niklas Cassle recently reported some regressions with his Qcom cpufreq driver where he was getting some errors while creating the OPPs tables. After looking into it I realized that the OPP core incorrectly creates multiple OPP tables for the devices even if they are sharing the OPP table in DT. This happens when the request comes using different CPU devices. For example, dev_pm_opp_set_supported_hw() getting called using CPU0 and dev_pm_opp_of_add_table() getting called using CPU1. This series redesigns the internals of the OPP core to fix that. The redesign has simplified the core itself though. The first three patches are fixes really for the current code and the rest of them are making necessary changes to fix the issue defined in $subject here. Nikklas already tested this series and his Tested-by is already applied to series here. I would like to get this merged during the 4.20 merge window and will push the series to linux-next soon to get more test coverage. Please provide comments as soon as possible, else will send it as part of the pull request to Rafael for 4.20. -- viresh V1->V2: - Nikklas reported another regressions which is fixed by the 2nd commit in this series. Viresh Kumar (12): OPP: Free OPP table properly on performance state irregularities OPP: Don't try to remove all OPP tables on failure OPP: Protect dev_list with opp_table lock OPP: Pass index to _of_init_opp_table() OPP: Parse OPP table's DT properties from _of_init_opp_table() OPP: Don't take OPP table's kref for static OPPs OPP: Create separate kref for static OPPs list cpufreq: mvebu: Remove OPPs using dev_pm_opp_remove() OPP: Don't remove dynamic OPPs from _dev_pm_opp_remove_table() OPP: Use a single mechanism to free the OPP table OPP: Prevent creating multiple OPP tables for devices sharing OPP nodes OPP: Pass OPP table to _of_add_opp_table_v{1|2}() drivers/cpufreq/mvebu-cpufreq.c | 9 +- drivers/opp/core.c | 147 ++++++++++++++++++++----------- drivers/opp/cpu.c | 15 ++-- drivers/opp/of.c | 188 +++++++++++++++++++++------------------- drivers/opp/opp.h | 19 ++-- include/linux/pm_opp.h | 6 ++ 6 files changed, 226 insertions(+), 158 deletions(-) -- 2.14.1

7 years

1
1
0 0

Re: [PATCH 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check() (fwd)

by Julia Lawall

Hello, I don't think you can update the loop index variable in list_for_each_entry, because the mcro uses th index variable to get to the next element. Perhaps list_for_each_entry_safe would be more suitable? julia ---------- Forwarded message ---------- Date: Thu, 20 Sep 2018 04:30:13 +0800 From: kbuild test robot <lkp(a)intel.com> To: kbuild(a)01.org Cc: Julia Lawall <julia.lawall(a)lip6.fr> Subject: Re: [PATCH 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check() CC: kbuild-all(a)01.org In-Reply-To: <20180918230637.20700-2-lyude(a)redhat.com> References: <20180918230637.20700-2-lyude(a)redhat.com> TO: Lyude Paul <lyude(a)redhat.com> CC: dri-devel(a)lists.freedesktop.org, nouveau(a)lists.freedesktop.org, intel-gfx(a)lists.freedesktop.org, amd-gfx(a)lists.freedesktop.org CC: David Airlie <airlied(a)linux.ie>, linux-kernel(a)vger.kernel.org, stable(a)vger.kernel.org, Sean Paul <sean(a)poorly.run> Hi Lyude, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on drm-intel/for-linux-next] [also build test WARNING on v4.19-rc4 next-20180919] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Lyude-Paul/Fix-legacy-DPMS-changes… base: git://anongit.freedesktop.org/drm-intel for-linux-next :::::: branch date: 8 hours ago :::::: commit date: 8 hours ago >> drivers/gpu/drm/drm_dp_mst_topology.c:3144:1-20: iterator with update on line 3145 # https://github.com/0day-ci/linux/commit/f8df31d5221b9a6da6698d4a37e622253bb… git remote add linux-review https://github.com/0day-ci/linux git remote update linux-review git checkout f8df31d5221b9a6da6698d4a37e622253bb17cdc vim +3144 drivers/gpu/drm/drm_dp_mst_topology.c 3f3353b7 Pandiyan, Dhinakaran 2017-04-20 3131 f8df31d5 Lyude Paul 2018-09-18 3132 static bool f8df31d5 Lyude Paul 2018-09-18 3133 drm_dp_mst_connector_still_exists(struct drm_connector *connector, f8df31d5 Lyude Paul 2018-09-18 3134 struct drm_dp_mst_topology_mgr *mgr, f8df31d5 Lyude Paul 2018-09-18 3135 struct drm_dp_mst_branch *mstb) f8df31d5 Lyude Paul 2018-09-18 3136 { f8df31d5 Lyude Paul 2018-09-18 3137 struct drm_dp_mst_port *port; f8df31d5 Lyude Paul 2018-09-18 3138 bool exists = false; f8df31d5 Lyude Paul 2018-09-18 3139 f8df31d5 Lyude Paul 2018-09-18 3140 mstb = drm_dp_get_validated_mstb_ref(mgr, mstb); f8df31d5 Lyude Paul 2018-09-18 3141 if (!mstb) f8df31d5 Lyude Paul 2018-09-18 3142 return false; f8df31d5 Lyude Paul 2018-09-18 3143 f8df31d5 Lyude Paul 2018-09-18 @3144 list_for_each_entry(port, &mstb->ports, next) { f8df31d5 Lyude Paul 2018-09-18 @3145 port = drm_dp_get_validated_port_ref(mgr, port); f8df31d5 Lyude Paul 2018-09-18 3146 if (!port) f8df31d5 Lyude Paul 2018-09-18 3147 continue; f8df31d5 Lyude Paul 2018-09-18 3148 f8df31d5 Lyude Paul 2018-09-18 3149 exists = (port->connector == connector || f8df31d5 Lyude Paul 2018-09-18 3150 (port->mstb && f8df31d5 Lyude Paul 2018-09-18 3151 drm_dp_mst_connector_still_exists(connector, mgr, f8df31d5 Lyude Paul 2018-09-18 3152 port->mstb))); f8df31d5 Lyude Paul 2018-09-18 3153 f8df31d5 Lyude Paul 2018-09-18 3154 drm_dp_put_port(port); f8df31d5 Lyude Paul 2018-09-18 3155 if (exists) f8df31d5 Lyude Paul 2018-09-18 3156 break; f8df31d5 Lyude Paul 2018-09-18 3157 } f8df31d5 Lyude Paul 2018-09-18 3158 f8df31d5 Lyude Paul 2018-09-18 3159 drm_dp_put_mst_branch_device(mstb); f8df31d5 Lyude Paul 2018-09-18 3160 return exists; f8df31d5 Lyude Paul 2018-09-18 3161 } f8df31d5 Lyude Paul 2018-09-18 3162 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation

7 years

2
1
0 0

[PATCH 00/11] OPP: Don't create multiple OPP tables for devices sharing OPP table

by Viresh Kumar

Hello, Niklas Cassle recently reported some regressions with his Qcom cpufreq driver where he was getting some errors while creating the OPPs tables. After looking into it I realized that the OPP core incorrectly creates multiple OPP tables for the devices even if they are sharing the OPP table in DT. This happens when the request comes using different CPU devices. For example, dev_pm_opp_set_supported_hw() getting called using CPU0 and dev_pm_opp_of_add_table() getting called using CPU1. This series redesigns the internals of the OPP core to fix that. The redesign has simplified the core itself though. @Niklas: Can you please confirm that this series fixes the issues you have reported ? I have already tested it on Hikey960. -- viresh Viresh Kumar (11): OPP: Free OPP table properly on performance state irregularities OPP: Protect dev_list with opp_table lock OPP: Pass index to _of_init_opp_table() OPP: Parse OPP table's DT properties from _of_init_opp_table() OPP: Don't take OPP table's kref for static OPPs OPP: Create separate kref for static OPPs list cpufreq: mvebu: Remove OPPs using dev_pm_opp_remove() OPP: Don't remove dynamic OPPs from _dev_pm_opp_remove_table() OPP: Use a single mechanism to free the OPP table OPP: Prevent creating multiple OPP tables for devices sharing OPP nodes OPP: Pass OPP table to _of_add_opp_table_v{1|2}() drivers/cpufreq/mvebu-cpufreq.c | 9 +- drivers/opp/core.c | 147 ++++++++++++++++--------- drivers/opp/cpu.c | 11 +- drivers/opp/of.c | 186 +++++++++++++++++--------------- drivers/opp/opp.h | 19 ++-- include/linux/pm_opp.h | 6 ++ 6 files changed, 221 insertions(+), 157 deletions(-) -- 2.18.0.rc1.242.g61856ae69a2c

7 years

2
5
0 0

[PATCH] IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop

by Bart Van Assche

Use different loop variables for the inner and outer loop. This avoids that an infinite loop occurs if there are more RDMA channels than target->req_ring_size. Fixes: d92c0da71a35 ("IB/srp: Add multichannel support") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: Laurence Oberman <loberman(a)redhat.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srp/ib_srp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 444d16520506..0b34e909505f 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -2951,7 +2951,7 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) { struct srp_target_port *target = host_to_target(scmnd->device->host); struct srp_rdma_ch *ch; - int i; + int i, j; u8 status; shost_printk(KERN_ERR, target->scsi_host, "SRP reset_device called\n"); @@ -2965,8 +2965,8 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) for (i = 0; i < target->ch_count; i++) { ch = &target->ch[i]; - for (i = 0; i < target->req_ring_size; ++i) { - struct srp_request *req = &ch->req_ring[i]; + for (j = 0; j < target->req_ring_size; ++j) { + struct srp_request *req = &ch->req_ring[j]; srp_finish_req(ch, req, scmnd->device, DID_RESET << 16); } -- 2.18.0

7 years

2
1
0 0

Linux 4.4.157

by Greg KH

I'm announcing the release of the 4.4.157 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/include/asm/io.h | 8 ++--- arch/mips/kernel/process.c | 1 arch/mips/mm/c-r4k.c | 6 ++- arch/openrisc/kernel/process.c | 2 - arch/x86/include/asm/processor.h | 4 +- arch/x86/kernel/cpu/bugs.c | 47 ++++++++++++++++++++++++++---- arch/x86/kernel/cpu/common.c | 2 + arch/x86/mm/fault.c | 2 - block/blk-cgroup.c | 9 +++-- block/cfq-iosched.c | 6 ++- block/partitions/aix.c | 13 +++++--- drivers/ata/libahci.c | 2 + drivers/bluetooth/Kconfig | 1 drivers/crypto/vmx/aes_cbc.c | 30 ++++++++----------- drivers/gpio/gpio-ml-ioh.c | 3 + drivers/gpio/gpio-tegra.c | 2 - drivers/i2c/busses/i2c-i801.c | 7 +++- drivers/i2c/busses/i2c-xiic.c | 4 ++ drivers/infiniband/core/cma.c | 13 ++++++-- drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++-- drivers/iommu/ipmmu-vmsa.c | 9 ++--- drivers/macintosh/via-pmu.c | 9 +++-- drivers/md/raid5.c | 6 +++ drivers/mfd/ti_am335x_tscadc.c | 3 - drivers/misc/mic/scif/scif_api.c | 20 +++++------- drivers/misc/ti-st/st_kim.c | 4 +- drivers/misc/vmw_balloon.c | 1 drivers/mtd/ubi/wl.c | 8 +++-- drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/ethernet/ti/cpsw.c | 14 ++++---- drivers/net/ethernet/ti/cpsw.h | 1 drivers/net/ethernet/ti/davinci_emac.c | 1 drivers/net/wireless/ath/ath10k/mac.c | 7 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 +++ drivers/scsi/3w-9xxx.c | 6 +++ drivers/scsi/3w-sas.c | 3 + drivers/scsi/3w-xxxx.c | 2 + drivers/staging/rts5208/rtsx_scsi.c | 2 - drivers/staging/rts5208/xd.c | 2 - drivers/target/target_core_transport.c | 5 +-- drivers/tty/rocket.c | 2 - drivers/uio/uio.c | 3 - drivers/usb/host/xhci.c | 3 + fs/autofs4/autofs_i.h | 4 +- fs/autofs4/inode.c | 1 fs/f2fs/segment.h | 3 + fs/f2fs/super.c | 21 ++++++++++++- fs/nfs/callback_xdr.c | 11 +++++-- include/linux/mm_types.h | 2 - include/linux/sched.h | 2 - include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 --- include/uapi/linux/ethtool.h | 4 +- kernel/fork.c | 17 +++++++--- kernel/locking/osq_lock.c | 13 ++++++++ kernel/locking/rwsem-xadd.c | 27 +++++++++++++++++ mm/debug.c | 4 +- mm/vmacache.c | 38 ------------------------ net/bluetooth/hidp/core.c | 2 - net/dcb/dcbnl.c | 11 ++++--- net/netfilter/x_tables.c | 4 +- security/selinux/avc.c | 14 +++----- sound/pci/hda/hda_codec.c | 3 + tools/perf/perf.h | 2 + 70 files changed, 311 insertions(+), 176 deletions(-) Alexey Brodkin (1): ARC: [plat-axs*]: Enable SWAP Andi Kleen (1): x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Anton Vasilyev (4): misc: ti-st: Fix memory leak in the error path of probe() tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (1): f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (2): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails Daniel Micay (1): staging/rts5208: Fix read overflow in memcpy David Rivshin (1): drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Eric Dumazet (1): netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.4.157 Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jia-Ju Bai (1): staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Johan Hovold (1): net: ethernet: ti: cpsw: fix mdio device reference leak Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michal Hocko (1): selinux: use GFP_NOWAIT in the AVC kmem_caches Mike Christie (1): scsi: target: fix __transport_register_session locking Nadav Amit (1): vmw_balloon: include asm/io.h Nicholas Mc Guire (1): MIPS: Octeon: add missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Ondrej Mosnacek (1): crypto: vmx - Fix sleep-in-atomic bugs Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Chen (1): ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Prateek Sood (2): locking/rwsem-xadd: Fix missed wakeup due to reordering of load locking/osq_lock: Fix osq_lock queue corruption Ritesh Harjani (1): cfq: Give a chance for arming slice idle timer in case of group_idle Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Tejun Heo (1): block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Vegard Nossum (2): kthread: Fix use-after-free if kthread fork fails kthread: fix boot hang (regression) on MIPS/OpenRISC Wei Yongjun (1): mtd: ubi: wl: Fix error return code in ubi_wl_init() Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

7 years

1
1
0 0

Linux 4.9.128

by Greg KH

I'm announcing the release of the 4.9.128 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/generic/init.c | 1 arch/mips/include/asm/io.h | 8 +++--- arch/mips/kernel/process.c | 1 arch/mips/mm/c-r4k.c | 6 +++- arch/openrisc/kernel/process.c | 2 - arch/s390/kvm/vsie.c | 3 +- arch/x86/mm/fault.c | 2 - block/blk-cgroup.c | 9 +++---- block/cfq-iosched.c | 6 +++- block/partitions/aix.c | 13 +++++++--- drivers/ata/libahci.c | 2 + drivers/bluetooth/Kconfig | 1 drivers/char/tpm/tpm_i2c_infineon.c | 8 +++--- drivers/char/tpm/tpm_tis_spi.c | 9 ++++++- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-tegra.c | 2 - drivers/i2c/busses/i2c-i801.c | 7 ++++- drivers/i2c/busses/i2c-xiic.c | 4 +++ drivers/infiniband/core/cma.c | 13 +++++++--- drivers/infiniband/sw/rxe/rxe_resp.c | 4 ++- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++-- drivers/iommu/ipmmu-vmsa.c | 9 +++---- drivers/macintosh/via-pmu.c | 9 +++---- drivers/md/raid5.c | 6 ++++ drivers/media/dvb-frontends/helene.c | 5 +++ drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +++++++++--------- drivers/mfd/ti_am335x_tscadc.c | 3 -- drivers/misc/mic/scif/scif_api.c | 20 +++++++-------- drivers/misc/ti-st/st_kim.c | 4 +-- drivers/mtd/ubi/wl.c | 8 ++++-- drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/phy/mdio-mux-bcm-iproc.c | 20 +++++++++++---- drivers/net/wireless/ath/ath10k/mac.c | 7 +++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 +++ drivers/net/wireless/ath/ath9k/hw.c | 7 +++-- drivers/net/wireless/ath/ath9k/xmit.c | 3 +- drivers/net/wireless/ti/wlcore/rx.c | 8 ++++-- drivers/scsi/3w-9xxx.c | 6 +++- drivers/scsi/3w-sas.c | 3 ++ drivers/scsi/3w-xxxx.c | 2 + drivers/staging/rts5208/rtsx_scsi.c | 2 - drivers/staging/rts5208/xd.c | 2 - drivers/target/target_core_transport.c | 5 ++- drivers/tty/rocket.c | 2 - drivers/uio/uio.c | 3 -- drivers/usb/host/xhci.c | 3 ++ fs/autofs4/autofs_i.h | 4 ++- fs/autofs4/inode.c | 1 fs/f2fs/file.c | 2 - fs/f2fs/gc.c | 8 +++++- fs/f2fs/inline.c | 21 ++++++++++++++++ fs/f2fs/node.c | 4 ++- fs/f2fs/segment.h | 3 ++ fs/f2fs/super.c | 21 +++++++++++++++- fs/nfs/callback_proc.c | 4 +-- fs/nfs/callback_xdr.c | 11 ++++++-- include/linux/mm_types.h | 2 - include/linux/sched.h | 2 - include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 --- include/uapi/linux/ethtool.h | 4 +-- kernel/fork.c | 17 +++++++++---- kernel/locking/osq_lock.c | 13 ++++++++++ kernel/locking/rwsem-xadd.c | 27 +++++++++++++++++++++ kernel/time/timer.c | 29 ++++++++++++---------- mm/debug.c | 4 +-- mm/vmacache.c | 38 ------------------------------ mm/vmscan.c | 3 +- net/bluetooth/hidp/core.c | 2 - net/dcb/dcbnl.c | 11 +++++--- net/netfilter/x_tables.c | 4 +-- net/wireless/nl80211.c | 3 ++ security/selinux/avc.c | 14 ++++------- sound/pci/hda/hda_codec.c | 3 +- tools/perf/perf.h | 2 + 81 files changed, 357 insertions(+), 195 deletions(-) Alexey Brodkin (1): ARC: [plat-axs*]: Enable SWAP Anton Vasilyev (4): misc: ti-st: Fix memory leak in the error path of probe() tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (4): f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (3): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Daniel Micay (1): staging/rts5208: Fix read overflow in memcpy Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Eric Dumazet (1): netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.9.128 Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jia-Ju Bai (1): staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Johannes Berg (1): nl80211: fix null-ptr dereference on invalid mesh configuration Johannes Weiner (1): mm: remove seemingly spurious reclaimability check from laptop_mode gating Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Kees Cook (1): IB/rxe: do not copy extra stack memory to skb Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Mel Gorman (1): mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced Michal Hocko (1): selinux: use GFP_NOWAIT in the AVC kmem_caches Mike Christie (1): scsi: target: fix __transport_register_session locking Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Pierre Morel (1): KVM: s390: vsie: copy wrapping keys to right place Prateek Sood (2): locking/rwsem-xadd: Fix missed wakeup due to reordering of load locking/osq_lock: Fix osq_lock queue corruption Ritesh Harjani (1): cfq: Give a chance for arming slice idle timer in case of group_idle Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Tejun Heo (1): block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Vegard Nossum (2): kthread: Fix use-after-free if kthread fork fails kthread: fix boot hang (regression) on MIPS/OpenRISC Wei Yongjun (1): mtd: ubi: wl: Fix error return code in ubi_wl_init() Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

7 years

1
1
0 0

Linux 4.14.71

by Greg KH

I'm announcing the release of the 4.14.71 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/ip-sysctl.txt | 13 Makefile | 2 arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/mips/cavium-octeon/octeon-platform.c | 2 arch/mips/generic/init.c | 1 arch/mips/include/asm/io.h | 8 arch/mips/kernel/vdso.c | 20 arch/mips/mm/c-r4k.c | 6 arch/powerpc/platforms/powernv/npu-dma.c | 5 arch/s390/kvm/vsie.c | 3 arch/x86/kernel/cpu/microcode/amd.c | 24 arch/x86/kernel/cpu/microcode/intel.c | 17 arch/x86/kvm/vmx.c | 4 arch/x86/mm/fault.c | 2 block/bfq-cgroup.c | 4 block/blk-mq-tag.c | 8 block/partitions/aix.c | 13 crypto/Makefile | 2 drivers/android/binder_alloc.c | 42 + drivers/ata/libahci.c | 20 drivers/block/nbd.c | 3 drivers/block/pktcdvd.c | 4 drivers/bluetooth/Kconfig | 1 drivers/char/tpm/tpm-interface.c | 50 + drivers/char/tpm/tpm.h | 12 drivers/char/tpm/tpm2-space.c | 16 drivers/char/tpm/tpm_crb.c | 101 --- drivers/char/tpm/tpm_i2c_infineon.c | 8 drivers/char/tpm/tpm_tis_spi.c | 9 drivers/firmware/google/vpd.c | 5 drivers/gpio/gpio-ml-ioh.c | 3 drivers/gpio/gpio-tegra.c | 2 drivers/gpu/drm/i915/i915_reg.h | 1 drivers/gpu/drm/i915/intel_ddi.c | 4 drivers/gpu/ipu-v3/ipu-common.c | 2 drivers/hv/hv.c | 14 drivers/i2c/busses/i2c-aspeed.c | 2 drivers/i2c/busses/i2c-i801.c | 7 drivers/i2c/busses/i2c-xiic.c | 4 drivers/infiniband/core/cma.c | 13 drivers/input/touchscreen/atmel_mxt_ts.c | 7 drivers/iommu/ipmmu-vmsa.c | 9 drivers/macintosh/via-pmu.c | 9 drivers/md/dm-cache-target.c | 19 drivers/md/raid5.c | 6 drivers/media/dvb-frontends/helene.c | 5 drivers/media/platform/davinci/vpif_display.c | 24 drivers/media/platform/qcom/camss-8x16/camss-csid.c | 16 drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 drivers/media/usb/dvb-usb/dw2102.c | 19 drivers/mfd/ti_am335x_tscadc.c | 3 drivers/misc/mic/scif/scif_api.c | 20 drivers/misc/ti-st/st_kim.c | 4 drivers/mtd/ubi/wl.c | 8 drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/phy/mdio-mux-bcm-iproc.c | 20 drivers/net/tun.c | 21 drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 drivers/net/wireless/ath/ath9k/hw.c | 7 drivers/net/wireless/ath/ath9k/xmit.c | 3 drivers/net/wireless/ti/wlcore/rx.c | 8 drivers/pci/switch/switchtec.c | 4 drivers/pinctrl/freescale/pinctrl-imx.c | 2 drivers/pinctrl/pinctrl-amd.c | 3 drivers/rpmsg/rpmsg_core.c | 7 drivers/scsi/3w-9xxx.c | 6 drivers/scsi/3w-sas.c | 3 drivers/scsi/3w-xxxx.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/target/target_core_transport.c | 5 drivers/tty/rocket.c | 2 drivers/uio/uio.c | 3 fs/autofs4/autofs_i.h | 4 fs/autofs4/inode.c | 1 fs/btrfs/ioctl.c | 19 fs/cifs/inode.c | 2 fs/cifs/smb2ops.c | 35 - fs/cifs/smb2pdu.c | 3 fs/f2fs/f2fs.h | 7 fs/f2fs/file.c | 2 fs/f2fs/gc.c | 8 fs/f2fs/inline.c | 22 fs/f2fs/node.c | 4 fs/f2fs/segment.h | 3 fs/f2fs/super.c | 21 fs/f2fs/sysfs.c | 10 fs/nfs/callback_proc.c | 4 fs/nfs/callback_xdr.c | 11 include/linux/mm_types.h | 2 include/linux/mm_types_task.h | 2 include/linux/rhashtable.h | 8 include/linux/skbuff.h | 50 + include/linux/tpm.h | 2 include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 include/net/inet_frag.h | 135 ++-- include/net/ip.h | 1 include/net/ipv6.h | 26 include/uapi/linux/ethtool.h | 4 include/uapi/linux/snmp.h | 1 kernel/cpu.c | 11 kernel/time/timer.c | 29 - lib/rhashtable.c | 2 mm/debug.c | 4 mm/vmacache.c | 38 - net/bluetooth/hidp/core.c | 2 net/core/skbuff.c | 31 - net/dcb/dcbnl.c | 11 net/ieee802154/6lowpan/6lowpan_i.h | 26 net/ieee802154/6lowpan/reassembly.c | 153 ++--- net/ipv4/inet_fragment.c | 378 ++----------- net/ipv4/ip_fragment.c | 578 +++++++++++--------- net/ipv4/proc.c | 7 net/ipv4/tcp_fastopen.c | 8 net/ipv4/tcp_input.c | 33 - net/ipv6/netfilter/nf_conntrack_reasm.c | 105 +-- net/ipv6/proc.c | 5 net/ipv6/reassembly.c | 217 +++---- net/sched/sch_netem.c | 14 sound/pci/hda/hda_codec.c | 3 tools/perf/builtin-c2c.c | 3 tools/perf/perf.h | 2 tools/perf/util/evsel.c | 14 tools/testing/nvdimm/pmem-dax.c | 12 tools/testing/selftests/bpf/test_verifier.c | 6 129 files changed, 1472 insertions(+), 1361 deletions(-) Alexey Brodkin (1): ARC: [plat-axs*]: Enable SWAP Anton Vasilyev (7): media: davinci: vpif_display: Mix memory leak on probe error path media: dw2102: Fix memleak on sequence of probes misc: ti-st: Fix memory leak in the error path of probe() firmware: vpd: Fix section enabled flag on vpd_section_destroy tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arnd Bergmann (1): crypto: aes-generic - fix aes-generic regression on powerpc Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (6): f2fs: fix to active page in lru list for read path f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to wait on page writeback before updating page f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (5): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails pinctrl: imx: off by one in imx_pinconf_group_dbg_show() f2fs: Fix uninitialized return in f2fs_ioc_shutdown() ipv4: frags: precedence bug in ip_expire() Daniel Kurtz (1): pinctrl/amd: only handle irq if it is pending and unmasked Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Eric Dumazet (22): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers net: sk_buff rbnode reorg Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Filipe Manana (1): Btrfs: fix data corruption when deduplicating between different files Filippo Sironi (1): x86/microcode: Update the new microcode revision unconditionally Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.14.71 Gustavo A. R. Silva (1): switchtec: Fix Spectre v1 vulnerability Huaisheng Ye (1): tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jae Hyun Yoo (1): i2c: aspeed: Add an explicit type casting for *get_clk_reg_val James Smart (1): scsi: lpfc: Correct MDS diag and nvmet configuration Jani Nikula (1): drm/i915: set DP Main Stream Attribute for color range on DDI platforms Jason Wang (2): tun: fix use after free for ptr_ring tuntap: fix use after free during release Jens Axboe (1): nbd: don't allow invalid blocksize settings Jinbum Park (1): pktcdvd: Fix possible Spectre-v1 for pkt_devs Jiri Olsa (1): perf c2c report: Fix crash for empty browser Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV John Pittman (1): dm cache: only allow a single io_mode cache feature to be requested Kan Liang (1): perf evlist: Fix error out while applying initial delay and LBR Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Kees Cook (1): inet: frags: Convert timers to use timer_setup() Konstantin Khlebnikov (1): block: bfq: swap puts in bfqg_and_blkg_put Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michael Kelley (1): Drivers: hv: vmbus: Cleanup synic memory free path Mike Christie (1): scsi: target: fix __transport_register_session locking Minchan Kim (1): android: binder: fix the race mmap and alloc_new_buf_locked Ming Lei (1): blk-mq: fix updating tags depth Neeraj Upadhyay (1): cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (3): MIPS: VDSO: Match data page cache colouring when D$ aliases MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Oskolkov (4): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Philipp Zabel (1): gpu: ipu-v3: default to id 0 on missing OF alias Pierre Morel (1): KVM: s390: vsie: copy wrapping keys to right place Prarit Bhargava (1): x86/microcode: Make sure boot_cpu_data.microcode is up-to-date Randy Dunlap (1): f2fs: fix defined but not used build warnings Reza Arbab (1): powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Roman Gushchin (1): selftests/bpf: fix a typo in map in map test Sean Christopherson (1): KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Srinivas Kandagatla (1): rpmsg: core: add support to power domains for devices Srinivas Pandruvada (2): ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register Steve French (2): SMB3: Backup intent flag missing for directory opens with backupuid mounts smb3: check for and properly advertise directory lease support Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Thomas Gleixner (1): cpu/hotplug: Prevent state corruption on error rollback Todor Tomov (1): media: camss: csid: Configure data type and decode format properly Tomas Winkler (1): tpm: separate cmd_ready/go_idle from runtime_pm Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Wei Yongjun (1): mtd: ubi: wl: Fix error return code in ubi_wl_init() Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

7 years

1
1
0 0

[PATCH 4.9] MIPS: VDSO: Match data page cache colouring when D$ aliases

by Paul Burton

[ Upstream commit 0f02cfbc3d9e413d450d8d0fd660077c23f67eff ] When a system suffers from dcache aliasing a user program may observe stale VDSO data from an aliased cache line. Notably this can break the expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name suggests, monotonic. In order to ensure that users observe updates to the VDSO data page as intended, align the user mappings of the VDSO data page such that their cache colouring matches that of the virtual address range which the kernel will use to update the data page - typically its unmapped address within kseg0. This ensures that we don't introduce aliasing cache lines for the VDSO data page, and therefore that userland will observe updates without requiring cache invalidation. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Hauke Mehrtens <hauke(a)hauke-m.de> Reported-by: Rene Nielsen <rene.nielsen(a)microsemi.com> Reported-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Patchwork: https://patchwork.linux-mips.org/patch/20344/ Tested-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Tested-by: Hauke Mehrtens <hauke(a)hauke-m.de> Cc: James Hogan <jhogan(a)kernel.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ --- arch/mips/kernel/vdso.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index f9dbfb14af33..e88344e3d508 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -14,12 +14,14 @@ #include <linux/init.h> #include <linux/ioport.h> #include <linux/irqchip/mips-gic.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/timekeeper_internal.h> #include <asm/abi.h> +#include <asm/page.h> #include <asm/vdso.h> /* Kernel-provided data used by the VDSO. */ @@ -129,12 +131,30 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vvar_size = gic_size + PAGE_SIZE; size = vvar_size + image->size; + /* + * Find a region that's large enough for us to perform the + * colour-matching alignment below. + */ + if (cpu_has_dc_aliases) + size += shm_align_mask + 1; + base = get_unmapped_area(NULL, 0, size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out; } + /* + * If we suffer from dcache aliasing, ensure that the VDSO data page + * mapping is coloured the same as the kernel's mapping of that memory. + * This ensures that when the kernel updates the VDSO data userland + * will observe it without requiring cache invalidations. + */ + if (cpu_has_dc_aliases) { + base = __ALIGN_MASK(base, shm_align_mask); + base += ((unsigned long)&vdso_data - gic_size) & shm_align_mask; + } + data_addr = base + gic_size; vdso_addr = data_addr + PAGE_SIZE; -- 2.18.0

7 years

1
0
0 0

Linux 4.18.9

by Greg KH

I'm announcing the release of the 4.18.9 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/boot/dts/axs10x_mb.dtsi | 7 arch/arc/boot/dts/hsdk.dts | 7 arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/arm64/kvm/hyp/switch.c | 9 - arch/mips/boot/dts/mscc/ocelot.dtsi | 2 arch/mips/cavium-octeon/octeon-platform.c | 2 arch/mips/generic/init.c | 1 arch/mips/include/asm/io.h | 8 - arch/mips/kernel/vdso.c | 20 ++ arch/mips/mm/c-r4k.c | 6 arch/powerpc/include/asm/book3s/64/pgalloc.h | 23 ++- arch/powerpc/kvm/book3s_64_mmu_radix.c | 6 arch/powerpc/platforms/4xx/msi.c | 51 ++++-- arch/powerpc/platforms/powernv/npu-dma.c | 5 arch/powerpc/platforms/pseries/setup.c | 25 ++- arch/s390/kvm/vsie.c | 3 arch/x86/include/asm/kdebug.h | 12 + arch/x86/include/asm/kvm_host.h | 16 +- arch/x86/kernel/apic/vector.c | 2 arch/x86/kernel/cpu/microcode/amd.c | 24 ++- arch/x86/kernel/cpu/microcode/intel.c | 17 +- arch/x86/kernel/dumpstack.c | 11 - arch/x86/kernel/process_32.c | 4 arch/x86/kernel/process_64.c | 12 + arch/x86/kvm/mmu.c | 21 ++ arch/x86/kvm/svm.c | 4 arch/x86/kvm/vmx.c | 4 arch/x86/kvm/x86.c | 10 + arch/x86/mm/fault.c | 2 block/bfq-cgroup.c | 4 block/blk-core.c | 5 block/blk-mq-tag.c | 8 - block/partitions/aix.c | 13 + drivers/acpi/acpi_lpss.c | 2 drivers/android/binder_alloc.c | 43 ++++- drivers/ata/libahci.c | 20 +- drivers/base/memory.c | 20 +- drivers/block/nbd.c | 3 drivers/block/pktcdvd.c | 4 drivers/bluetooth/Kconfig | 1 drivers/char/tpm/tpm_i2c_infineon.c | 8 - drivers/char/tpm/tpm_tis_spi.c | 9 + drivers/clk/clk-scmi.c | 5 drivers/dax/pmem.c | 12 + drivers/firmware/google/vpd.c | 5 drivers/gpio/gpio-ml-ioh.c | 3 drivers/gpio/gpio-pxa.c | 35 +++- drivers/gpio/gpio-tegra.c | 2 drivers/gpu/drm/amd/display/dc/dce/dce_dmcu.c | 38 +++-- drivers/gpu/drm/amd/display/dc/inc/hw/dmcu.h | 2 drivers/gpu/ipu-v3/ipu-common.c | 2 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 19 ++ drivers/hid/i2c-hid/i2c-hid.c | 2 drivers/hv/hv.c | 14 + drivers/i2c/busses/i2c-aspeed.c | 2 drivers/i2c/busses/i2c-i801.c | 7 drivers/i2c/busses/i2c-xiic.c | 4 drivers/infiniband/core/cma.c | 13 + drivers/infiniband/hw/hns/hns_roce_hem.c | 3 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 12 + drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 1 drivers/input/touchscreen/atmel_mxt_ts.c | 7 drivers/iommu/arm-smmu-v3.c | 22 ++- drivers/iommu/ipmmu-vmsa.c | 9 - drivers/macintosh/via-pmu.c | 9 - drivers/md/dm-cache-target.c | 19 ++ drivers/md/raid5.c | 6 drivers/media/dvb-frontends/helene.c | 5 drivers/media/platform/davinci/vpif_display.c | 24 ++- drivers/media/platform/qcom/camss-8x16/camss-csid.c | 16 +- drivers/media/platform/rcar-vin/rcar-csi2.c | 20 +- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +-- drivers/media/usb/dvb-usb/dw2102.c | 19 +- drivers/media/usb/em28xx/em28xx-cards.c | 4 drivers/media/usb/em28xx/em28xx-core.c | 4 drivers/media/usb/em28xx/em28xx-dvb.c | 4 drivers/memory/ti-aemif.c | 2 drivers/mfd/rave-sp.c | 7 drivers/mfd/ti_am335x_tscadc.c | 3 drivers/misc/mic/scif/scif_api.c | 20 +- drivers/misc/ti-st/st_kim.c | 4 drivers/mtd/nand/raw/nand_base.c | 44 +++--- drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++ drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 drivers/net/wireless/ath/ath9k/hw.c | 7 drivers/net/wireless/ath/ath9k/xmit.c | 3 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 24 +-- drivers/net/wireless/ti/wlcore/rx.c | 8 - drivers/pci/controller/pcie-mobiveil.c | 4 drivers/pci/switch/switchtec.c | 4 drivers/pinctrl/berlin/berlin.c | 14 + drivers/pinctrl/freescale/pinctrl-imx.c | 2 drivers/pinctrl/pinctrl-amd.c | 3 drivers/regulator/tps65217-regulator.c | 2 drivers/rpmsg/rpmsg_core.c | 7 drivers/scsi/3w-9xxx.c | 6 drivers/scsi/3w-sas.c | 3 drivers/scsi/3w-xxxx.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/scsi/lpfc/lpfc_nvme.c | 22 +-- drivers/scsi/qla2xxx/qla_init.c | 9 - drivers/scsi/qla2xxx/qla_target.c | 3 drivers/scsi/qla2xxx/qla_tmpl.c | 9 + drivers/target/target_core_transport.c | 5 drivers/target/target_core_user.c | 73 +++++----- drivers/thermal/rcar_thermal.c | 2 drivers/thermal/thermal_hwmon.c | 1 drivers/tty/rocket.c | 2 drivers/uio/uio.c | 19 -- fs/autofs/autofs_i.h | 4 fs/autofs/inode.c | 1 fs/btrfs/extent-tree.c | 17 +- fs/btrfs/ioctl.c | 19 ++ fs/cifs/connect.c | 2 fs/cifs/inode.c | 2 fs/cifs/smb2ops.c | 35 +++- fs/cifs/smb2pdu.c | 3 fs/f2fs/f2fs.h | 15 +- fs/f2fs/file.c | 2 fs/f2fs/gc.c | 8 - fs/f2fs/inline.c | 22 +++ fs/f2fs/inode.c | 19 ++ fs/f2fs/node.c | 46 ++++-- fs/f2fs/recovery.c | 4 fs/f2fs/segment.c | 20 ++ fs/f2fs/segment.h | 3 fs/f2fs/super.c | 25 ++- fs/f2fs/sysfs.c | 16 +- fs/nfs/callback_proc.c | 4 fs/nfs/callback_xdr.c | 11 + fs/nfs/nfs4client.c | 6 include/linux/hid.h | 1 include/linux/mm_types.h | 2 include/linux/mm_types_task.h | 2 include/linux/mtd/rawnand.h | 16 +- include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 include/uapi/linux/ethtool.h | 4 kernel/cpu.c | 11 - kernel/time/clocksource.c | 40 ++++- kernel/time/timer.c | 29 ++- mm/debug.c | 4 mm/memory_hotplug.c | 3 mm/page_alloc.c | 4 mm/vmacache.c | 38 ----- net/bluetooth/hidp/core.c | 2 net/dcb/dcbnl.c | 11 - net/mac80211/rx.c | 1 sound/pci/hda/hda_codec.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/soc-pcm.c | 5 tools/perf/Makefile.config | 4 tools/perf/builtin-c2c.c | 3 tools/perf/perf.h | 2 tools/perf/util/evsel.c | 14 + tools/testing/nvdimm/pmem-dax.c | 12 + tools/testing/selftests/bpf/test_verifier.c | 6 tools/testing/selftests/tc-testing/tc-tests/actions/connmark.json | 24 +-- tools/testing/selftests/tc-testing/tc-tests/actions/mirred.json | 3 virt/kvm/arm/mmu.c | 9 + 170 files changed, 1166 insertions(+), 579 deletions(-) AceLan Kao (1): HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen Akshu Agrawal (1): ASoC: soc-pcm: Use delay set in component pointer function Alexandru Gagniuc (1): ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360 Alexey Brodkin (2): ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel ARC: [plat-axs*]: Enable SWAP Amit Daniel Kachhap (1): clk: scmi: Fix the rounding of clock rate Andrey Smirnov (1): mfd: rave-sp: Initialize flow control and parity of the port Aneesh Kumar K.V (1): mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. Anthony Koo (1): drm/amd/display: Prevent PSR from being enabled if initialization fails Anton Vasilyev (8): media: davinci: vpif_display: Mix memory leak on probe error path media: dw2102: Fix memleak on sequence of probes misc: ti-st: Fix memory leak in the error path of probe() firmware: vpd: Fix section enabled flag on vpd_section_destroy tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe regulator: tps65217: Fix NULL pointer dereference on probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Bartosz Golaszewski (1): memory: ti-aemif: fix a potential NULL-pointer dereference Benjamin Tissoires (2): HID: multitouch: fix Elan panels with 2 input modes declaration HID: core: fix grouping by application BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Brad Love (2): media: em28xx: Fix dual transport stream operation media: em28xx: Fix DualHD disconnect oops Calum Mackay (1): nfs: Referrals not inheriting proto setting from parent Chao Yu (10): f2fs: fix to active page in lru list for read path f2fs: fix to detect looped node chain correctly f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to wait on page writeback before updating page f2fs: fix to do sanity check with secs_per_zone f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize f2fs: fix to propagate return value of scan_nat_page() f2fs: fix to do sanity check with extra_attr feature Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (4): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails pinctrl: imx: off by one in imx_pinconf_group_dbg_show() f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Daniel Kurtz (1): pinctrl/amd: only handle irq if it is pending and unmasked Daniel Mack (1): gpio: pxa: disable pinctrl calls for PXA3xx Daniel Rosenberg (1): f2fs: Keep alloc_valid_block_count in sync Denis Drozdov (1): IB/IPoIB: Set ah valid flag in multicast send flow Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Emmanuel Grumbach (2): mac80211: don't update the PM state of a peer upon a multicast frame iwlwifi: pcie: don't access periphery registers when not available Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Filipe Manana (1): Btrfs: fix data corruption when deduplicating between different files Filippo Sironi (1): x86/microcode: Update the new microcode revision unconditionally Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.18.9 Guenter Roeck (1): powerpc/4xx: Fix error return path in ppc4xx_msi_probe() Gustavo A. R. Silva (1): switchtec: Fix Spectre v1 vulnerability Huaisheng Ye (1): tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jae Hyun Yoo (1): i2c: aspeed: Add an explicit type casting for *get_clk_reg_val Jaegeuk Kim (1): f2fs: avoid potential deadlock in f2fs_sbi_store James Smart (2): scsi: lpfc: Correct MDS diag and nvmet configuration scsi: lpfc: Fix driver crash when re-registering NVME rports. Jann Horn (1): x86/process: Don't mix user/kernel regs in 64bit __show_regs() Jens Axboe (1): nbd: don't allow invalid blocksize settings Jinbum Park (1): pktcdvd: Fix possible Spectre-v1 for pkt_devs Jiri Olsa (1): perf c2c report: Fix crash for empty browser Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV John Pittman (1): dm cache: only allow a single io_mode cache feature to be requested Kan Liang (1): perf evlist: Fix error out while applying initial delay and LBR Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Konstantin Khlebnikov (1): block: bfq: swap puts in bfqg_and_blkg_put Lijun Ou (2): RDMA/hns: Add illegal hop_num judgement RDMA/hns: Update the data type of immediate data Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Lorenzo Pieralisi (2): PCI: mobiveil: Add missing ../pci.h include PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type Lu Fengqi (1): btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata Marc Zyngier (3): arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW thermal_hwmon: Sanitize attribute name passed to hwmon Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michael Ellerman (1): powerpc/mm: Don't report PUDs as memory leaks when using kmemleak Michael Kelley (1): Drivers: hv: vmbus: Cleanup synic memory free path Mike Christie (2): scsi: target: fix __transport_register_session locking scsi: tcmu: do not set max_blocks if data_bitmap has been setup Mikhail Zaslonko (1): memory_hotplug: fix kernel_panic on offline page processing Mikulas Patocka (1): block: don't warn when doing fsync on read-only devices Minchan Kim (1): android: binder: fix the race mmap and alloc_new_buf_locked Ming Lei (1): blk-mq: fix updating tags depth Miquel Raynal (1): mtd: rawnand: make subop helpers return unsigned values Neeraj Upadhyay (1): cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Niklas Söderlund (1): media: rcar-csi2: update stream start for V3M Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (3): MIPS: VDSO: Match data page cache colouring when D$ aliases MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Paul Mackerras (1): KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Peter Zijlstra (1): clocksource: Revert "Remove kthread" Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Philipp Zabel (1): gpu: ipu-v3: default to id 0 on missing OF alias Pierre Morel (1): KVM: s390: vsie: copy wrapping keys to right place Prarit Bhargava (1): x86/microcode: Make sure boot_cpu_data.microcode is up-to-date Quentin Schulz (1): MIPS: mscc: ocelot: fix length of memory address space for MIIM Quinn Tran (3): scsi: qla2xxx: Fix unintended Logout scsi: qla2xxx: Fix session state stuck in Get Port DB scsi: qla2xxx: Silent erroneous message Randy Dunlap (1): f2fs: fix defined but not used build warnings Reza Arbab (1): powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Robert Schlabbach (1): media: em28xx: explicitly disable TS packet filter Roman Gushchin (1): selftests/bpf: fix a typo in map in map test Sam Bobroff (1): powerpc/pseries: fix EEH recovery of some IOV devices Sean Christopherson (6): KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr KVM: x86: Invert emulation re-execute behavior to make it opt-in KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault KVM: x86: Do not re-{try,execute} after failed emulation in L2 Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Simon Horman (1): thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources Srinivas Kandagatla (1): rpmsg: core: add support to power domains for devices Srinivas Pandruvada (2): ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register Stefan Agner (1): HID: input: fix leaking custom input node name Stefan Hajnoczi (1): device-dax: avoid hang on error before devm_memremap_pages() Steve French (2): SMB3: Backup intent flag missing for directory opens with backupuid mounts smb3: check for and properly advertise directory lease support Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Thomas Gleixner (2): cpu/hotplug: Prevent state corruption on error rollback x86/apic/vector: Make error return value negative Thomas Richter (1): perf build: Fix installation directory for eBPF Thomas Werschlein (1): cifs: connect to servername instead of IP for IPC$ share Todor Tomov (1): media: camss: csid: Configure data type and decode format properly Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Vlad Buslov (2): tc-testing: flush gact actions on test teardown tc-testing: remove duplicate spaces in connmark match patterns Will Deacon (1): iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel Xiubo Li (1): uio: fix possible circular locking dependency Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link YueHaibing (1): pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state Yunlong Song (2): f2fs: do not set free of current section f2fs: issue discard align to section in LFS mode Zhang Rui (1): ACPI / LPSS: Force LPSS quirks on boot Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

7 years

1
1
0 0

[PATCH 05/40] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 2835cacd0d08..9789f4ff8c32 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.19.0

7 years

1
0
0 0

FAILED: patch "[PATCH] mei: bus: type promotion bug in mei_nfc_if_version()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err;

7 years

2
1
0 0

[PATCH 2/2] usb: roles: Take care of driver module reference counting

by Heikki Krogerus

This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: <stable(a)vger.kernel.org> Acked-by: Hans de Goede <hdegoede(a)redhat.com> Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/common/roles.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/roles.c b/drivers/usb/common/roles.c index 15cc76e22123..99116af07f1d 100644 --- a/drivers/usb/common/roles.c +++ b/drivers/usb/common/roles.c @@ -109,8 +109,15 @@ static void *usb_role_switch_match(struct device_connection *con, int ep, */ struct usb_role_switch *usb_role_switch_get(struct device *dev) { - return device_connection_find_match(dev, "usb-role-switch", NULL, - usb_role_switch_match); + struct usb_role_switch *sw; + + sw = device_connection_find_match(dev, "usb-role-switch", NULL, + usb_role_switch_match); + + if (!IS_ERR_OR_NULL(sw)) + WARN_ON(!try_module_get(sw->dev.parent->driver->owner)); + + return sw; } EXPORT_SYMBOL_GPL(usb_role_switch_get); @@ -122,8 +129,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_get); */ void usb_role_switch_put(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { put_device(&sw->dev); + module_put(sw->dev.parent->driver->owner); + } } EXPORT_SYMBOL_GPL(usb_role_switch_put); -- 2.18.0

7 years

2
1
0 0

Re: [PATCH] printk: Fix panic caused by passing log_buf_len to command line

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Build OK! v4.9.127: Build OK! v4.4.156: Build OK! v3.18.122: Build failed! Errors: Please let us know how to resolve this. -- Thanks, Sasha

7 years

1
0
0 0

[GIT PULL] ring-buffer: Allow for rescheduling when removing pages

by Steven Rostedt

Linus (aka Greg), Vaibhav Nagarnaik found that modifying the ring buffer size could cause a huge latency in the system because it does a while loop to free pages without releasing the CPU (on non preempt kernels). In a case where there are hundreds of thousands of pages to free it could actually cause a system stall. A properly place cond_resched() solves this issue. Please pull the latest trace-v4.19-rc4 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v4.19-rc4 Tag SHA1: 977e4fb3741e24151a255ee13bd4a1224545ae4e Head SHA1: 83f365554e47997ec68dc4eca3f5dce525cd15c3 Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages ---- kernel/trace/ring_buffer.c | 2 ++ 1 file changed, 2 insertions(+) --------------------------- commit 83f365554e47997ec68dc4eca3f5dce525cd15c3 Author: Vaibhav Nagarnaik <vnagarnaik(a)google.com> Date: Fri Sep 7 15:31:29 2018 -0700 ring-buffer: Allow for rescheduling when removing pages When reducing ring buffer size, pages are removed by scheduling a work item on each CPU for the corresponding CPU ring buffer. After the pages are removed from ring buffer linked list, the pages are free()d in a tight loop. The loop does not give up CPU until all pages are removed. In a worst case behavior, when lot of pages are to be freed, it can cause system stall. After the pages are removed from the list, the free() can happen while the work is rescheduled. Call cond_resched() in the loop to prevent the system hangup. Link: http://lkml.kernel.org/r/20180907223129.71994-1-vnagarnaik@google.com Cc: stable(a)vger.kernel.org Fixes: 83f40318dab00 ("ring-buffer: Make removal of ring buffer pages atomic") Reported-by: Jason Behmer <jbehmer(a)google.com> Signed-off-by: Vaibhav Nagarnaik <vnagarnaik(a)google.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 1d92d4a982fd..65bd4616220d 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1546,6 +1546,8 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages) tmp_iter_page = first_page; do { + cond_resched(); + to_remove_page = tmp_iter_page; rb_inc_page(cpu_buffer, &tmp_iter_page);

7 years

2
3
0 0

Interested in purchasing posts on your site

by Andy Macia

Hi There, Im reaching out to you because Im interested in purchasing a backlink from your site. The link will go to a high quality drug and alcohol rehabilitation information page. Ive made a short video explaining exactly what Im looking for: http://mtrack.me/tracking/raWzMz50paMkCGD1BQRlZGV5AwLzMKWjqzA2pzSaqaR9AGV4A… Ideally, the link will be placed in a relevant, existing post/page on your website. Please let me know your rates as soon as possible. Thank you for your time and consideration, Andy Macia (949) 467-1404 [Unsubscribe ] <http://mtrack.me/unsub/eng/raWzMz50paMkCGD1BQRlZGV5AwLzMKWjqzA2pzSaqaR9AGV4…>

7 years

1
0
0 0

[PATCH 13/19] mtd: nand: pxa3xx: Fix READOOB implementation

by kostap＠marvell.com

From: Boris Brezillon <boris.brezillon(a)free-electrons.com> In the current driver, OOB bytes are accessed in raw mode, and when a page access is done with NDCR_SPARE_EN set and NDCR_ECC_EN cleared, the driver must read the whole spare area (64 bytes in case of a 2k page, 16 bytes for a 512 page). The driver was only reading the free OOB bytes, which was leaving some unread data in the FIFO and was somehow leading to a timeout. We could patch the driver to read ->spare_size + ->ecc_size instead of just ->spare_size when READOOB is requested, but we'd better make in-band and OOB accesses consistent. Since the driver is always accessing in-band data in non-raw mode (with the ECC engine enabled), we should also access OOB data in this mode. That's particularly useful when using the BCH engine because in this mode the free OOB bytes are also ECC protected. Fixes: 43bcfd2bb24a ("mtd: nand: pxa3xx: Add driver-specific ECC BCH support") Cc: stable(a)vger.kernel.org Reported-by: Sean Nyekjær <sean.nyekjaer(a)prevas.dk> Tested-by: Willy Tarreau <w(a)1wt.eu> Signed-off-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Acked-by: Ezequiel Garcia <ezequiel(a)vanguardiasur.com.ar> Tested-by: Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> Acked-by: Robert Jarzmik <robert.jarzmik(a)free.fr> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Ofer Heifetz <oferh(a)marvell.com> Reviewed-by: Igal Liberman <igall(a)marvell.com> Cc: Stefan Roese <sr(a)denx.de> Cc: Simon Glass <sjg(a)chromium.org> --- drivers/mtd/nand/pxa3xx_nand.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c index b64dd0d..c1f7d61 100644 --- a/drivers/mtd/nand/pxa3xx_nand.c +++ b/drivers/mtd/nand/pxa3xx_nand.c @@ -750,6 +750,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command) switch (command) { case NAND_CMD_READ0: + case NAND_CMD_READOOB: case NAND_CMD_PAGEPROG: info->use_ecc = 1; break; -- 2.7.4

7 years

2
1
0 0

[PATCH 5/6] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Additionally, make intel_dp_mst_atomic_check() simply rely on drm_dp_mst_connector_atomic_check() to prevent new modesets on no-longer-present MSTB ports. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..2b798d4592f0 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -106,14 +106,21 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, } static int intel_dp_mst_atomic_check(struct drm_connector *connector, - struct drm_connector_state *new_conn_state) + struct drm_connector_state *new_conn_state) { struct drm_atomic_state *state = new_conn_state->state; struct drm_connector_state *old_conn_state; struct drm_crtc *old_crtc; struct drm_crtc_state *crtc_state; + struct drm_dp_mst_topology_mgr *mgr = + &to_intel_connector(connector)->mst_port->mst_mgr; int slots, ret = 0; + ret = drm_dp_mst_connector_atomic_check(connector, new_conn_state, + mgr); + if (ret) + return ret; + old_conn_state = drm_atomic_get_old_connector_state(state, connector); old_crtc = old_conn_state->crtc; if (!old_crtc) @@ -122,12 +129,6 @@ static int intel_dp_mst_atomic_check(struct drm_connector *connector, crtc_state = drm_atomic_get_new_crtc_state(state, old_crtc); slots = to_intel_crtc_state(crtc_state)->dp_m_n.tu; if (drm_atomic_crtc_needs_modeset(crtc_state) && slots > 0) { - struct drm_dp_mst_topology_mgr *mgr; - struct drm_encoder *old_encoder; - - old_encoder = old_conn_state->best_encoder; - mgr = &enc_to_mst(old_encoder)->primary->dp.mst_mgr; - ret = drm_dp_atomic_release_vcpi_slots(state, mgr, slots); if (ret) DRM_DEBUG_KMS("failed releasing %d vcpi slots:%d\n", slots, ret); @@ -407,8 +408,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

7 years

1
0
0 0

[PATCH 4/6] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

7 years

1
0
0 0

[PATCH 2/6] drm/nouveau: Unbreak nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead using the new drm_dp_mst_connector_atomic_check() helper instead while always returning a valid encoder from ->best_encoder(). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9da0bdfe1e1c..8d6f6ee9bc75 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -881,22 +881,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status @@ -926,10 +920,21 @@ nv50_mstc_get_modes(struct drm_connector *connector) return ret; } +static int +nv50_mstc_atomic_check(struct drm_connector *connector, + struct drm_connector_state *state) +{ + struct nv50_mstc *mstc = nv50_mstc(connector); + + return drm_dp_mst_connector_atomic_check(connector, state, + &mstc->mstm->mgr); +} + static const struct drm_connector_helper_funcs nv50_mstc_help = { .get_modes = nv50_mstc_get_modes, .mode_valid = nv50_mstc_mode_valid, + .atomic_check = nv50_mstc_atomic_check, .best_encoder = nv50_mstc_best_encoder, .atomic_best_encoder = nv50_mstc_atomic_best_encoder, }; -- 2.17.1

7 years

1
0
0 0

[PATCH v5 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

Changes since v4 [1]: * Rebase on v4.19-rc3 * Update changelogs and cover letter [1]: https://lkml.org/lkml/2018/7/11/14 --- Hi Andrew, Back from vacation and this series is still top of mind. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is an EXPORT_SYMBOL_GPL() interface. I see that commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 182 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 138 insertions(+), 328 deletions(-). Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 --- Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 15 -- drivers/nvdimm/pmem.c | 18 +- include/linux/hmm.h | 4 include/linux/memremap.h | 7 + kernel/memremap.c | 98 ++++++++---- mm/hmm.c | 303 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 21 ++- 7 files changed, 138 insertions(+), 328 deletions(-)

7 years

3
4
0 0

[PATCH v3] tpm: Restore functionality to xen vtpm driver.

by Boris Ostrovsky

From: "Dr. Greg Wettstein" <greg(a)wind.enjellic.com> Functionality of the xen-tpmfront driver was lost secondary to the introduction of xenbus multi-page support in commit ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring"). In this commit pointer to location of where the shared page address is stored was being passed to the xenbus_grant_ring() function rather then the address of the shared page itself. This resulted in a situation where the driver would attach to the vtpm-stubdom but any attempt to send a command to the stub domain would timeout. A diagnostic finding for this regression is the following error message being generated when the xen-tpmfront driver probes for a device: <3>vtpm vtpm-0: tpm_transmit: tpm_send: error -62 <3>vtpm vtpm-0: A TPM error (-62) occurred attempting to determine the timeouts This fix is relevant to all kernels from 4.1 forward which is the release in which multi-page xenbus support was introduced. Daniel De Graaf formulated the fix by code inspection after the regression point was located. Fixes: ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring") Signed-off-by: Dr. Greg Wettstein <greg(a)enjellic.com> [boris: Updated commit message, added Fixes tag] Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org # v4.1+ --- drivers/char/tpm/xen-tpmfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c index 911475d36800..b150f87f38f5 100644 --- a/drivers/char/tpm/xen-tpmfront.c +++ b/drivers/char/tpm/xen-tpmfront.c @@ -264,7 +264,7 @@ static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv) return -ENOMEM; } - rv = xenbus_grant_ring(dev, &priv->shr, 1, &gref); + rv = xenbus_grant_ring(dev, priv->shr, 1, &gref); if (rv < 0) return rv; -- 2.17.1

7 years

2
1
0 0

[PATCH 4.18 000/158] 4.18.9-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.9 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 19 21:16:14 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.9-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> mm: get rid of vmacache_flush_all() entirely Ian Kent <raven(a)themaw.net> autofs: fix autofs_sbi() does not check super block type Peter Zijlstra <peterz(a)infradead.org> clocksource: Revert "Remove kthread" Parav Pandit <parav(a)mellanox.com> RDMA/cma: Do not ignore net namespace for unbound cm_id Quentin Schulz <quentin.schulz(a)bootlin.com> MIPS: mscc: ocelot: fix length of memory address space for MIIM Paul Burton <paul.burton(a)mips.com> MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Lijun Ou <oulijun(a)huawei.com> RDMA/hns: Update the data type of immediate data Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Lijun Ou <oulijun(a)huawei.com> RDMA/hns: Add illegal hop_num judgement Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with extra_attr feature Chao Yu <yuchao0(a)huawei.com> f2fs: fix to propagate return value of scan_nat_page() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Zumeng Chen <zumeng.chen(a)gmail.com> mfd: ti_am335x_tscadc: Fix struct clk memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> iommu/ipmmu-vmsa: Fix allocation in atomic context Andrey Smirnov <andrew.smirnov(a)gmail.com> mfd: rave-sp: Initialize flow control and parity of the port Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with secs_per_zone Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: avoid potential deadlock in f2fs_sbi_store Brad Love <brad(a)nextdimension.cc> media: em28xx: Fix DualHD disconnect oops Dan Carpenter <dan.carpenter(a)oracle.com> f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to wait on page writeback before updating page Will Deacon <will.deacon(a)arm.com> iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel Brad Love <brad(a)nextdimension.cc> media: em28xx: Fix dual transport stream operation Anthony Koo <Anthony.Koo(a)amd.com> drm/amd/display: Prevent PSR from being enabled if initialization fails Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> media: helene: fix xtal frequency setting at power on Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: rcar-csi2: update stream start for V3M Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: fix usage of uninitialized lv_info and lvname structures Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: append null character to print data from disk Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Nick Dyer <nick.dyer(a)itdev.co.uk> Input: atmel_mxt_ts - only use first T9 instance John Pittman <jpittman(a)redhat.com> dm cache: only allow a single io_mode cache feature to be requested Petr Machata <petrm(a)mellanox.com> net: dcb: For wild-card lookups, use priority -1, not 0 Marc Zyngier <marc.zyngier(a)arm.com> thermal_hwmon: Sanitize attribute name passed to hwmon Simon Horman <horms+renesas(a)verge.net.au> thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: generic: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: Octeon: add missing of_node_put() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with reserved blkaddr of inline inode Peter Rosin <peda(a)axentia.se> tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Linus Walleij <linus.walleij(a)linaro.org> tpm_tis_spi: Pass the SPI IRQ down to the driver Chao Yu <yuchao0(a)huawei.com> f2fs: fix to skip GC if type in SSA and SIT is inconsistent Jinbum Park <jinb.park7(a)gmail.com> pktcdvd: Fix possible Spectre-v1 for pkt_devs Chao Yu <yuchao0(a)huawei.com> f2fs: try grabbing node page lock aggressively in sync scenario Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix mtu change on port without link Daniel Kurtz <djkurtz(a)chromium.org> pinctrl/amd: only handle irq if it is pending and unmasked Anton Vasilyev <vasilyev(a)ispras.ru> gpio: ml-ioh: Fix buffer underwrite on probe error path Daniel Mack <daniel(a)zonque.org> gpio: pxa: disable pinctrl calls for PXA3xx Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: imx: off by one in imx_pinconf_group_dbg_show() Anton Vasilyev <vasilyev(a)ispras.ru> regulator: tps65217: Fix NULL pointer dereference on probe Joerg Roedel <jroedel(a)suse.de> x86/mm: Remove in_nmi() warning from vmalloc_fault() Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: hidp: Fix handling of strncpy for hid->name information Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Don't report PUDs as memory leaks when using kmemleak Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> PCI: mobiveil: Add missing ../pci.h include Robert Schlabbach <Robert.Schlabbach(a)gmx.net> media: em28xx: explicitly disable TS packet filter Surabhi Vishnoi <svishnoi(a)codeaurora.org> ath10k: disable bundle mgmt tx completion event support Huaisheng Ye <yehs1(a)lenovo.com> tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Anton Vasilyev <vasilyev(a)ispras.ru> scsi: 3ware: fix return 0 on the error path of probe Calum Mackay <calum.mackay(a)oracle.com> nfs: Referrals not inheriting proto setting from parent Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Correct setting of DEVSLP register Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Allow reconfigure of DEVSLP register Paul Burton <paul.burton(a)mips.com> MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Mike Christie <mchristi(a)redhat.com> scsi: tcmu: do not set max_blocks if data_bitmap has been setup Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: make subop helpers return unsigned values Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> rpmsg: core: add support to power domains for devices Loic Poulain <loic.poulain(a)linaro.org> wlcore: Set rx_status boottime_ns field on rx Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath10k: prevent active scans on potential unusable channels Felix Fietkau <nbd(a)nbd.name> ath9k_hw: fix channel maximum power level test Felix Fietkau <nbd(a)nbd.name> ath9k: report tx status on EOSP Thomas Richter <tmricht(a)linux.ibm.com> perf build: Fix installation directory for eBPF Finn Thain <fthain(a)telegraphics.com.au> macintosh/via-pmu: Add missing mmio accessors Sam Bobroff <sbobroff(a)linux.ibm.com> powerpc/pseries: fix EEH recovery of some IOV devices Kan Liang <kan.liang(a)linux.intel.com> perf evlist: Fix error out while applying initial delay and LBR Jiri Olsa <jolsa(a)kernel.org> perf c2c report: Fix crash for empty browser Olga Kornievskaia <kolga(a)netapp.com> NFSv4.0 fix client reference leak in callback Stefan Hajnoczi <stefanha(a)redhat.com> device-dax: avoid hang on error before devm_memremap_pages() Christophe Leroy <christophe.leroy(a)c-s.fr> perf tools: Allow overriding MAX_NR_CPUS at compile time Akshu Agrawal <akshu.agrawal(a)amd.com> ASoC: soc-pcm: Use delay set in component pointer function Chao Yu <yuchao0(a)huawei.com> f2fs: fix to detect looped node chain correctly Randy Dunlap <rdunlap(a)infradead.org> f2fs: fix defined but not used build warnings Yunlong Song <yunlong.song(a)huawei.com> f2fs: issue discard align to section in LFS mode Daniel Rosenberg <drosen(a)google.com> f2fs: Keep alloc_valid_block_count in sync Yunlong Song <yunlong.song(a)huawei.com> f2fs: do not set free of current section Chao Yu <yuchao0(a)huawei.com> f2fs: fix to active page in lru list for read path Denis Drozdov <denisd(a)mellanox.com> IB/IPoIB: Set ah valid flag in multicast send flow Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: pcie: don't access periphery registers when not available Xiubo Li <xiubli(a)redhat.com> uio: fix possible circular locking dependency Anton Vasilyev <vasilyev(a)ispras.ru> tty: rocket: Fix possible buffer overwrite on register_PCI Michael Kelley <mikelley(a)microsoft.com> Drivers: hv: vmbus: Cleanup synic memory free path Anton Vasilyev <vasilyev(a)ispras.ru> firmware: vpd: Fix section enabled flag on vpd_section_destroy Dan Carpenter <dan.carpenter(a)oracle.com> uio: potential double frees if __uio_register_device() fails Anton Vasilyev <vasilyev(a)ispras.ru> misc: ti-st: Fix memory leak in the error path of probe() Philipp Zabel <p.zabel(a)pengutronix.de> gpu: ipu-v3: default to id 0 on missing OF alias Todor Tomov <todor.tomov(a)linaro.org> media: camss: csid: Configure data type and decode format properly Gaurav Kohli <gkohli(a)codeaurora.org> timers: Clear timer_base::must_forward_clk with timer_base::lock held BingJing Chang <bingjingc(a)synology.com> md/raid5: fix data corruption of replacements after originals dropped Mike Christie <mchristi(a)redhat.com> scsi: target: fix __transport_register_session locking James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix driver crash when re-registering NVME rports. Ming Lei <ming.lei(a)redhat.com> blk-mq: fix updating tags depth Amit Daniel Kachhap <amit.kachhap(a)arm.com> clk: scmi: Fix the rounding of clock rate Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Silent erroneous message Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix session state stuck in Get Port DB Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix unintended Logout Arun Parameswaran <arun.parameswaran(a)broadcom.com> net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Anton Vasilyev <vasilyev(a)ispras.ru> media: dw2102: Fix memleak on sequence of probes Anton Vasilyev <vasilyev(a)ispras.ru> media: davinci: vpif_display: Mix memory leak on probe error path Roman Gushchin <guro(a)fb.com> selftests/bpf: fix a typo in map in map test Guenter Roeck <linux(a)roeck-us.net> powerpc/4xx: Fix error return path in ppc4xx_msi_probe() Reza Arbab <arbab(a)linux.ibm.com> powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Move driver registration to subsys_init level YueHaibing <yuehaibing(a)huawei.com> pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> i2c: aspeed: Add an explicit type casting for *get_clk_reg_val Florian Fainelli <f.fainelli(a)gmail.com> ethtool: Remove trailing semicolon for static inline Alexandru Gagniuc <mr.nuke.me(a)gmail.com> ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360 Dan Carpenter <dan.carpenter(a)oracle.com> misc: mic: SCIF Fix scif_get_new_port() error handling Vlad Buslov <vladbu(a)mellanox.com> tc-testing: remove duplicate spaces in connmark match patterns Vlad Buslov <vladbu(a)mellanox.com> tc-testing: flush gact actions on test teardown Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*]: Enable SWAP Gustavo A. R. Silva <gustavo(a)embeddedor.com> switchtec: Fix Spectre v1 vulnerability Thomas Gleixner <tglx(a)linutronix.de> x86/apic/vector: Make error return value negative Jann Horn <jannh(a)google.com> x86/process: Don't mix user/kernel regs in 64bit __show_regs() Filippo Sironi <sironi(a)amazon.de> x86/microcode: Update the new microcode revision unconditionally Prarit Bhargava <prarit(a)redhat.com> x86/microcode: Make sure boot_cpu_data.microcode is up-to-date Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Prevent state corruption on error rollback Neeraj Upadhyay <neeraju(a)codeaurora.org> cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Bartosz Golaszewski <bgolaszewski(a)baylibre.com> memory: ti-aemif: fix a potential NULL-pointer dereference Zhang Rui <rui.zhang(a)intel.com> ACPI / LPSS: Force LPSS quirks on boot Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Do not re-{try,execute} after failed emulation in L2 Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Invert emulation re-execute behavior to make it opt-in Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation Pierre Morel <pmorel(a)linux.ibm.com> KVM: s390: vsie: copy wrapping keys to right place Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD Filipe Manana <fdmanana(a)suse.com> Btrfs: fix data corruption when deduplicating between different files Lu Fengqi <lufq.fnst(a)cn.fujitsu.com> btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata Thomas Werschlein <thomas.werschlein(a)geo.uzh.ch> cifs: connect to servername instead of IP for IPC$ share Steve French <stfrench(a)microsoft.com> smb3: check for and properly advertise directory lease support Steve French <stfrench(a)microsoft.com> SMB3: Backup intent flag missing for directory opens with backupuid mounts Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Match data page cache colouring when D$ aliases Minchan Kim <minchan(a)kernel.org> android: binder: fix the race mmap and alloc_new_buf_locked Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> block: bfq: swap puts in bfqg_and_blkg_put Mikulas Patocka <mpatocka(a)redhat.com> block: don't warn when doing fsync on read-only devices Jens Axboe <axboe(a)kernel.dk> nbd: don't allow invalid blocksize settings James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Correct MDS diag and nvmet configuration Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't update the PM state of a peer upon a multicast frame Mikhail Zaslonko <zaslonko(a)linux.ibm.com> memory_hotplug: fix kernel_panic on offline page processing Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. Stefan Agner <stefan(a)agner.ch> HID: input: fix leaking custom input node name AceLan Kao <acelan.kao(a)canonical.com> HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen Benjamin Tissoires <benjamin.tissoires(a)redhat.com> HID: core: fix grouping by application Benjamin Tissoires <benjamin.tissoires(a)redhat.com> HID: multitouch: fix Elan panels with 2 input modes declaration Felipe Balbi <felipe.balbi(a)linux.intel.com> i2c: i801: fix DNV's SMBCTRL register offset Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> i2c: xiic: Make the start and the byte count write atomic ------------- Diffstat: Makefile | 4 +- arch/arc/boot/dts/axs10x_mb.dtsi | 7 ++- arch/arc/boot/dts/hsdk.dts | 7 ++- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - arch/arm64/kvm/hyp/switch.c | 9 ++- arch/mips/boot/dts/mscc/ocelot.dtsi | 2 +- arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 +-- arch/mips/kernel/vdso.c | 20 ++++++ arch/mips/mm/c-r4k.c | 6 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 23 ++++++- arch/powerpc/kvm/book3s_64_mmu_radix.c | 6 +- arch/powerpc/platforms/4xx/msi.c | 51 ++++++++------- arch/powerpc/platforms/powernv/npu-dma.c | 5 +- arch/powerpc/platforms/pseries/setup.c | 25 +++++--- arch/s390/kvm/vsie.c | 3 +- arch/x86/include/asm/kdebug.h | 12 +++- arch/x86/include/asm/kvm_host.h | 16 +++-- arch/x86/kernel/apic/vector.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 24 ++++--- arch/x86/kernel/cpu/microcode/intel.c | 17 +++-- arch/x86/kernel/dumpstack.c | 11 +--- arch/x86/kernel/process_32.c | 4 +- arch/x86/kernel/process_64.c | 12 +++- arch/x86/kvm/mmu.c | 21 +++++-- arch/x86/kvm/svm.c | 4 +- arch/x86/kvm/vmx.c | 4 +- arch/x86/kvm/x86.c | 10 ++- arch/x86/mm/fault.c | 2 - block/bfq-cgroup.c | 4 +- block/blk-core.c | 5 +- block/blk-mq-tag.c | 8 +-- block/partitions/aix.c | 13 ++-- drivers/acpi/acpi_lpss.c | 2 +- drivers/android/binder_alloc.c | 43 ++++++++++--- drivers/ata/libahci.c | 20 +++--- drivers/base/memory.c | 20 +++--- drivers/block/nbd.c | 3 + drivers/block/pktcdvd.c | 4 +- drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 +-- drivers/char/tpm/tpm_tis_spi.c | 9 ++- drivers/clk/clk-scmi.c | 5 +- drivers/dax/pmem.c | 12 ++-- drivers/firmware/google/vpd.c | 5 +- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-pxa.c | 35 ++++++++--- drivers/gpio/gpio-tegra.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dce_dmcu.c | 38 ++++++----- drivers/gpu/drm/amd/display/dc/inc/hw/dmcu.h | 2 +- drivers/gpu/ipu-v3/ipu-common.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 19 +++++- drivers/hid/i2c-hid/i2c-hid.c | 2 + drivers/hv/hv.c | 14 +++-- drivers/i2c/busses/i2c-aspeed.c | 2 +- drivers/i2c/busses/i2c-i801.c | 7 ++- drivers/i2c/busses/i2c-xiic.c | 4 ++ drivers/infiniband/core/cma.c | 13 +++- drivers/infiniband/hw/hns/hns_roce_hem.c | 3 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 12 ++-- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++- drivers/iommu/arm-smmu-v3.c | 22 +++++-- drivers/iommu/ipmmu-vmsa.c | 9 ++- drivers/macintosh/via-pmu.c | 9 +-- drivers/md/dm-cache-target.c | 19 ++++-- drivers/md/raid5.c | 6 ++ drivers/media/dvb-frontends/helene.c | 5 +- drivers/media/platform/davinci/vpif_display.c | 24 ++++--- .../media/platform/qcom/camss-8x16/camss-csid.c | 16 +++-- drivers/media/platform/rcar-vin/rcar-csi2.c | 20 ++++-- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +++---- drivers/media/usb/dvb-usb/dw2102.c | 19 ++++-- drivers/media/usb/em28xx/em28xx-cards.c | 4 +- drivers/media/usb/em28xx/em28xx-core.c | 4 +- drivers/media/usb/em28xx/em28xx-dvb.c | 4 +- drivers/memory/ti-aemif.c | 2 +- drivers/mfd/rave-sp.c | 7 +++ drivers/mfd/ti_am335x_tscadc.c | 3 +- drivers/misc/mic/scif/scif_api.c | 20 +++--- drivers/misc/ti-st/st_kim.c | 4 +- drivers/mtd/nand/raw/nand_base.c | 44 ++++++------- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++++-- drivers/net/wireless/ath/ath10k/mac.c | 7 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++ drivers/net/wireless/ath/ath9k/hw.c | 7 ++- drivers/net/wireless/ath/ath9k/xmit.c | 3 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 ++ drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 24 +++---- drivers/net/wireless/ti/wlcore/rx.c | 8 ++- drivers/pci/controller/pcie-mobiveil.c | 4 +- drivers/pci/switch/switchtec.c | 4 ++ drivers/pinctrl/berlin/berlin.c | 14 +++-- drivers/pinctrl/freescale/pinctrl-imx.c | 2 +- drivers/pinctrl/pinctrl-amd.c | 3 +- drivers/regulator/tps65217-regulator.c | 2 + drivers/rpmsg/rpmsg_core.c | 7 +++ drivers/scsi/3w-9xxx.c | 6 +- drivers/scsi/3w-sas.c | 3 + drivers/scsi/3w-xxxx.c | 2 + drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_nvme.c | 22 ++++--- drivers/scsi/qla2xxx/qla_init.c | 9 ++- drivers/scsi/qla2xxx/qla_target.c | 3 +- drivers/scsi/qla2xxx/qla_tmpl.c | 9 +++ drivers/target/target_core_transport.c | 5 +- drivers/target/target_core_user.c | 73 ++++++++++++---------- drivers/thermal/rcar_thermal.c | 2 +- drivers/thermal/thermal_hwmon.c | 1 + drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 19 +++--- fs/autofs/autofs_i.h | 4 +- fs/autofs/inode.c | 1 - fs/btrfs/extent-tree.c | 17 +++-- fs/btrfs/ioctl.c | 19 ++++++ fs/cifs/connect.c | 2 +- fs/cifs/inode.c | 2 + fs/cifs/smb2ops.c | 35 ++++++++--- fs/cifs/smb2pdu.c | 3 + fs/f2fs/f2fs.h | 15 +++-- fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 ++- fs/f2fs/inline.c | 22 +++++++ fs/f2fs/inode.c | 19 ++++-- fs/f2fs/node.c | 46 ++++++++++---- fs/f2fs/recovery.c | 4 +- fs/f2fs/segment.c | 20 +++++- fs/f2fs/segment.h | 3 + fs/f2fs/super.c | 25 ++++++-- fs/f2fs/sysfs.c | 16 +++-- fs/nfs/callback_proc.c | 4 +- fs/nfs/callback_xdr.c | 11 +++- fs/nfs/nfs4client.c | 6 +- include/linux/hid.h | 1 + include/linux/mm_types.h | 2 +- include/linux/mm_types_task.h | 2 +- include/linux/mtd/rawnand.h | 16 ++--- include/linux/vm_event_item.h | 1 - include/linux/vmacache.h | 5 -- include/uapi/linux/ethtool.h | 4 +- kernel/cpu.c | 11 ++-- kernel/time/clocksource.c | 40 +++++++++--- kernel/time/timer.c | 29 +++++---- mm/debug.c | 4 +- mm/memory_hotplug.c | 3 +- mm/page_alloc.c | 4 ++ mm/vmacache.c | 38 ----------- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 ++-- net/mac80211/rx.c | 1 + sound/pci/hda/hda_codec.c | 3 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/soc-pcm.c | 5 ++ tools/perf/Makefile.config | 4 +- tools/perf/builtin-c2c.c | 3 + tools/perf/perf.h | 2 + tools/perf/util/evsel.c | 14 +++++ tools/testing/nvdimm/pmem-dax.c | 12 ++-- tools/testing/selftests/bpf/test_verifier.c | 6 +- .../tc-testing/tc-tests/actions/connmark.json | 24 +++---- .../tc-testing/tc-tests/actions/mirred.json | 3 +- virt/kvm/arm/mmu.c | 9 ++- 170 files changed, 1167 insertions(+), 580 deletions(-)

7 years

3
162
0 0

patch "serial: 8250: Fix clearing FIFOs in RS485 mode again" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: Fix clearing FIFOs in RS485 mode again to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From f6aa5beb45be27968a4df90176ca36dfc4363d37 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marex(a)denx.de> Date: Mon, 3 Sep 2018 02:44:52 +0200 Subject: serial: 8250: Fix clearing FIFOs in RS485 mode again The 8250 FIFOs indeed need to be cleared after stopping transmission in RS485 mode without SER_RS485_RX_DURING_TX flag set. But there are two problems with the approach taken by the previous patch from Fixes tag. First, serial8250_clear_fifos() should clear fifos, but what it really does is it enables the FIFOs unconditionally if present, clears them and then sets the FCR register to zero, which effectively disables the FIFOs. In case the FIFO is disabled, enabling it and clearing it makes no sense and in fact can trigger misbehavior of the 8250 core. Moreover, the FCR register may contain other FIFO configuration bits which may not be writable unconditionally and writing them incorrectly can trigger misbehavior of the 8250 core too. (ie. AM335x UART swallows the first byte and retransmits the last byte twice because of this FCR write). Second, serial8250_clear_and_reinit_fifos() completely reloads the FCR, but what really has to happen at the end of the RS485 transmission is clearing of the FIFOs and nothing else. This patch repairs serial8250_clear_fifos() so that it really only clears the FIFOs by operating on FCR[2:1] bits and leaves all the other bits alone. It also undoes serial8250_clear_and_reinit_fifos() from __do_stop_tx_rs485() as serial8250_clear_fifos() is sufficient. Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 2bed8a8e7072 ("Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break") Cc: Daniel Jedrychowski <avistel(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable <stable(a)vger.kernel.org> # let it bake a bit before merging Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 3f779d25ec0c..f776b3eafb96 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -552,11 +552,30 @@ static unsigned int serial_icr_read(struct uart_8250_port *up, int offset) */ static void serial8250_clear_fifos(struct uart_8250_port *p) { + unsigned char fcr; + unsigned char clr_mask = UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT; + if (p->capabilities & UART_CAP_FIFO) { - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO); - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO | - UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT); - serial_out(p, UART_FCR, 0); + /* + * Make sure to avoid changing FCR[7:3] and ENABLE_FIFO bits. + * In case ENABLE_FIFO is not set, there is nothing to flush + * so just return. Furthermore, on certain implementations of + * the 8250 core, the FCR[7:3] bits may only be changed under + * specific conditions and changing them if those conditions + * are not met can have nasty side effects. One such core is + * the 8250-omap present in TI AM335x. + */ + fcr = serial_in(p, UART_FCR); + + /* FIFO is not enabled, there's nothing to clear. */ + if (!(fcr & UART_FCR_ENABLE_FIFO)) + return; + + fcr |= clr_mask; + serial_out(p, UART_FCR, fcr); + + fcr &= ~clr_mask; + serial_out(p, UART_FCR, fcr); } } @@ -1448,7 +1467,7 @@ static void __do_stop_tx_rs485(struct uart_8250_port *p) * Enable previously disabled RX interrupts. */ if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) { - serial8250_clear_and_reinit_fifos(p); + serial8250_clear_fifos(p); p->ier |= UART_IER_RLSI | UART_IER_RDI; serial_port_out(&p->port, UART_IER, p->ier); -- 2.19.0

7 years

1
0
0 0

[PATCH 4.4 00/56] 4.4.157-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.157 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 19 21:38:11 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.157-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.157-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> mm: get rid of vmacache_flush_all() entirely Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Ian Kent <raven(a)themaw.net> autofs: fix autofs_sbi() does not check super block type Wei Yongjun <weiyongjun1(a)huawei.com> mtd: ubi: wl: Fix error return code in ubi_wl_init() Ondrej Mosnacek <omosnace(a)redhat.com> crypto: vmx - Fix sleep-in-atomic bugs Peter Chen <peter.chen(a)nxp.com> ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle Johan Hovold <johan(a)kernel.org> net: ethernet: ti: cpsw: fix mdio device reference leak David Rivshin <drivshin(a)allworx.com> drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config Eric Dumazet <edumazet(a)google.com> netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Nadav Amit <namit(a)vmware.com> vmw_balloon: include asm/io.h Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Parav Pandit <parav(a)mellanox.com> RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton <paul.burton(a)imgtec.com> MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Zumeng Chen <zumeng.chen(a)gmail.com> mfd: ti_am335x_tscadc: Fix struct clk memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> iommu/ipmmu-vmsa: Fix allocation in atomic context Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: fix usage of uninitialized lv_info and lvname structures Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: append null character to print data from disk Nick Dyer <nick.dyer(a)itdev.co.uk> Input: atmel_mxt_ts - only use first T9 instance Petr Machata <petrm(a)mellanox.com> net: dcb: For wild-card lookups, use priority -1, not 0 Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: Octeon: add missing of_node_put() Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix mtu change on port without link Anton Vasilyev <vasilyev(a)ispras.ru> gpio: ml-ioh: Fix buffer underwrite on probe error path Joerg Roedel <jroedel(a)suse.de> x86/mm: Remove in_nmi() warning from vmalloc_fault() Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: hidp: Fix handling of strncpy for hid->name information Surabhi Vishnoi <svishnoi(a)codeaurora.org> ath10k: disable bundle mgmt tx completion event support Anton Vasilyev <vasilyev(a)ispras.ru> scsi: 3ware: fix return 0 on the error path of probe Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Correct setting of DEVSLP register Paul Burton <paul.burton(a)mips.com> MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath10k: prevent active scans on potential unusable channels Finn Thain <fthain(a)telegraphics.com.au> macintosh/via-pmu: Add missing mmio accessors Olga Kornievskaia <kolga(a)netapp.com> NFSv4.0 fix client reference leak in callback Christophe Leroy <christophe.leroy(a)c-s.fr> perf tools: Allow overriding MAX_NR_CPUS at compile time Yunlong Song <yunlong.song(a)huawei.com> f2fs: do not set free of current section Anton Vasilyev <vasilyev(a)ispras.ru> tty: rocket: Fix possible buffer overwrite on register_PCI Dan Carpenter <dan.carpenter(a)oracle.com> uio: potential double frees if __uio_register_device() fails Anton Vasilyev <vasilyev(a)ispras.ru> misc: ti-st: Fix memory leak in the error path of probe() BingJing Chang <bingjingc(a)synology.com> md/raid5: fix data corruption of replacements after originals dropped Mike Christie <mchristi(a)redhat.com> scsi: target: fix __transport_register_session locking Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Move driver registration to subsys_init level Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Florian Fainelli <f.fainelli(a)gmail.com> ethtool: Remove trailing semicolon for static inline Dan Carpenter <dan.carpenter(a)oracle.com> misc: mic: SCIF Fix scif_get_new_port() error handling Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*]: Enable SWAP Prateek Sood <prsood(a)codeaurora.org> locking/osq_lock: Fix osq_lock queue corruption Michal Hocko <mhocko(a)kernel.org> selinux: use GFP_NOWAIT in the AVC kmem_caches Prateek Sood <prsood(a)codeaurora.org> locking/rwsem-xadd: Fix missed wakeup due to reordering of load Tejun Heo <tj(a)kernel.org> block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Daniel Micay <danielmicay(a)gmail.com> staging/rts5208: Fix read overflow in memcpy Jia-Ju Bai <baijiaju1990(a)163.com> staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Vegard Nossum <vegard.nossum(a)oracle.com> kthread: fix boot hang (regression) on MIPS/OpenRISC Vegard Nossum <vegard.nossum(a)oracle.com> kthread: Fix use-after-free if kthread fork fails Ritesh Harjani <riteshh(a)codeaurora.org> cfq: Give a chance for arming slice idle timer in case of group_idle Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Felipe Balbi <felipe.balbi(a)linux.intel.com> i2c: i801: fix DNV's SMBCTRL register offset Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> i2c: xiic: Make the start and the byte count write atomic ------------- Diffstat: Makefile | 4 +-- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/include/asm/io.h | 8 +++--- arch/mips/kernel/process.c | 1 - arch/mips/mm/c-r4k.c | 6 ++-- arch/openrisc/kernel/process.c | 2 -- arch/x86/include/asm/processor.h | 4 ++- arch/x86/kernel/cpu/bugs.c | 47 +++++++++++++++++++++++++++---- arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/mm/fault.c | 2 -- block/blk-cgroup.c | 9 +++--- block/cfq-iosched.c | 6 ++-- block/partitions/aix.c | 13 ++++++--- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/crypto/vmx/aes_cbc.c | 30 +++++++++----------- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-tegra.c | 2 +- drivers/i2c/busses/i2c-i801.c | 7 ++++- drivers/i2c/busses/i2c-xiic.c | 4 +++ drivers/infiniband/core/cma.c | 13 +++++++-- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++-- drivers/iommu/ipmmu-vmsa.c | 9 +++--- drivers/macintosh/via-pmu.c | 9 +++--- drivers/md/raid5.c | 6 ++++ drivers/mfd/ti_am335x_tscadc.c | 3 +- drivers/misc/mic/scif/scif_api.c | 20 ++++++------- drivers/misc/ti-st/st_kim.c | 4 +-- drivers/misc/vmw_balloon.c | 1 + drivers/mtd/ubi/wl.c | 8 ++++-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/ethernet/ti/cpsw.c | 14 ++++----- drivers/net/ethernet/ti/cpsw.h | 1 + drivers/net/ethernet/ti/davinci_emac.c | 1 + drivers/net/wireless/ath/ath10k/mac.c | 7 +++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++++ drivers/scsi/3w-9xxx.c | 6 +++- drivers/scsi/3w-sas.c | 3 ++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/staging/rts5208/rtsx_scsi.c | 2 +- drivers/staging/rts5208/xd.c | 2 +- drivers/target/target_core_transport.c | 5 ++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +- drivers/usb/host/xhci.c | 3 ++ fs/autofs4/autofs_i.h | 4 ++- fs/autofs4/inode.c | 1 - fs/f2fs/segment.h | 3 ++ fs/f2fs/super.c | 21 ++++++++++++-- fs/nfs/callback_xdr.c | 11 ++++++-- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/vm_event_item.h | 1 - include/linux/vmacache.h | 5 ---- include/uapi/linux/ethtool.h | 4 +-- kernel/fork.c | 17 +++++++---- kernel/locking/osq_lock.c | 13 +++++++++ kernel/locking/rwsem-xadd.c | 27 ++++++++++++++++++ mm/debug.c | 4 +-- mm/vmacache.c | 38 ------------------------- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++--- net/netfilter/x_tables.c | 4 +-- security/selinux/avc.c | 14 ++++----- sound/pci/hda/hda_codec.c | 3 +- tools/perf/perf.h | 2 ++ 70 files changed, 312 insertions(+), 177 deletions(-)

7 years

4
59
0 0

[PATCH 4.9 00/70] 4.9.128-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.128 release. There are 70 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 19 21:16:09 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.128-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.128-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> mm: get rid of vmacache_flush_all() entirely Ian Kent <raven(a)themaw.net> autofs: fix autofs_sbi() does not check super block type Wei Yongjun <weiyongjun1(a)huawei.com> mtd: ubi: wl: Fix error return code in ubi_wl_init() Eric Dumazet <edumazet(a)google.com> netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Parav Pandit <parav(a)mellanox.com> RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton <paul.burton(a)imgtec.com> MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Zumeng Chen <zumeng.chen(a)gmail.com> mfd: ti_am335x_tscadc: Fix struct clk memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> iommu/ipmmu-vmsa: Fix allocation in atomic context Dan Carpenter <dan.carpenter(a)oracle.com> f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> media: helene: fix xtal frequency setting at power on Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: fix usage of uninitialized lv_info and lvname structures Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: append null character to print data from disk Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Nick Dyer <nick.dyer(a)itdev.co.uk> Input: atmel_mxt_ts - only use first T9 instance Petr Machata <petrm(a)mellanox.com> net: dcb: For wild-card lookups, use priority -1, not 0 Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: generic: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: Octeon: add missing of_node_put() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with reserved blkaddr of inline inode Peter Rosin <peda(a)axentia.se> tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Linus Walleij <linus.walleij(a)linaro.org> tpm_tis_spi: Pass the SPI IRQ down to the driver Chao Yu <yuchao0(a)huawei.com> f2fs: fix to skip GC if type in SSA and SIT is inconsistent Chao Yu <yuchao0(a)huawei.com> f2fs: try grabbing node page lock aggressively in sync scenario Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix mtu change on port without link Anton Vasilyev <vasilyev(a)ispras.ru> gpio: ml-ioh: Fix buffer underwrite on probe error path Joerg Roedel <jroedel(a)suse.de> x86/mm: Remove in_nmi() warning from vmalloc_fault() Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: hidp: Fix handling of strncpy for hid->name information Surabhi Vishnoi <svishnoi(a)codeaurora.org> ath10k: disable bundle mgmt tx completion event support Anton Vasilyev <vasilyev(a)ispras.ru> scsi: 3ware: fix return 0 on the error path of probe Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Correct setting of DEVSLP register Paul Burton <paul.burton(a)mips.com> MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Loic Poulain <loic.poulain(a)linaro.org> wlcore: Set rx_status boottime_ns field on rx Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath10k: prevent active scans on potential unusable channels Felix Fietkau <nbd(a)nbd.name> ath9k_hw: fix channel maximum power level test Felix Fietkau <nbd(a)nbd.name> ath9k: report tx status on EOSP Finn Thain <fthain(a)telegraphics.com.au> macintosh/via-pmu: Add missing mmio accessors Olga Kornievskaia <kolga(a)netapp.com> NFSv4.0 fix client reference leak in callback Christophe Leroy <christophe.leroy(a)c-s.fr> perf tools: Allow overriding MAX_NR_CPUS at compile time Yunlong Song <yunlong.song(a)huawei.com> f2fs: do not set free of current section Anton Vasilyev <vasilyev(a)ispras.ru> tty: rocket: Fix possible buffer overwrite on register_PCI Dan Carpenter <dan.carpenter(a)oracle.com> uio: potential double frees if __uio_register_device() fails Anton Vasilyev <vasilyev(a)ispras.ru> misc: ti-st: Fix memory leak in the error path of probe() Gaurav Kohli <gkohli(a)codeaurora.org> timers: Clear timer_base::must_forward_clk with timer_base::lock held BingJing Chang <bingjingc(a)synology.com> md/raid5: fix data corruption of replacements after originals dropped Mike Christie <mchristi(a)redhat.com> scsi: target: fix __transport_register_session locking Arun Parameswaran <arun.parameswaran(a)broadcom.com> net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Move driver registration to subsys_init level Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Florian Fainelli <f.fainelli(a)gmail.com> ethtool: Remove trailing semicolon for static inline Dan Carpenter <dan.carpenter(a)oracle.com> misc: mic: SCIF Fix scif_get_new_port() error handling Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*]: Enable SWAP Johannes Weiner <hannes(a)cmpxchg.org> mm: remove seemingly spurious reclaimability check from laptop_mode gating Mel Gorman <mgorman(a)suse.de> mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced Prateek Sood <prsood(a)codeaurora.org> locking/osq_lock: Fix osq_lock queue corruption Michal Hocko <mhocko(a)kernel.org> selinux: use GFP_NOWAIT in the AVC kmem_caches Prateek Sood <prsood(a)codeaurora.org> locking/rwsem-xadd: Fix missed wakeup due to reordering of load Johannes Berg <johannes.berg(a)intel.com> nl80211: fix null-ptr dereference on invalid mesh configuration Tejun Heo <tj(a)kernel.org> block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Kees Cook <keescook(a)chromium.org> IB/rxe: do not copy extra stack memory to skb Daniel Micay <danielmicay(a)gmail.com> staging/rts5208: Fix read overflow in memcpy Jia-Ju Bai <baijiaju1990(a)163.com> staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Vegard Nossum <vegard.nossum(a)oracle.com> kthread: fix boot hang (regression) on MIPS/OpenRISC Vegard Nossum <vegard.nossum(a)oracle.com> kthread: Fix use-after-free if kthread fork fails Ritesh Harjani <riteshh(a)codeaurora.org> cfq: Give a chance for arming slice idle timer in case of group_idle Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Pierre Morel <pmorel(a)linux.ibm.com> KVM: s390: vsie: copy wrapping keys to right place Felipe Balbi <felipe.balbi(a)linux.intel.com> i2c: i801: fix DNV's SMBCTRL register offset Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> i2c: xiic: Make the start and the byte count write atomic ------------- Diffstat: Makefile | 4 ++-- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 +++---- arch/mips/kernel/process.c | 1 - arch/mips/mm/c-r4k.c | 6 +++-- arch/openrisc/kernel/process.c | 2 -- arch/s390/kvm/vsie.c | 3 ++- arch/x86/mm/fault.c | 2 -- block/blk-cgroup.c | 9 ++++---- block/cfq-iosched.c | 6 +++-- block/partitions/aix.c | 13 +++++++---- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 +++---- drivers/char/tpm/tpm_tis_spi.c | 9 +++++++- drivers/gpio/gpio-ml-ioh.c | 3 ++- drivers/gpio/gpio-tegra.c | 2 +- drivers/i2c/busses/i2c-i801.c | 7 +++++- drivers/i2c/busses/i2c-xiic.c | 4 ++++ drivers/infiniband/core/cma.c | 13 ++++++++--- drivers/infiniband/sw/rxe/rxe_resp.c | 4 +++- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++--- drivers/iommu/ipmmu-vmsa.c | 9 ++++---- drivers/macintosh/via-pmu.c | 9 ++++---- drivers/md/raid5.c | 6 +++++ drivers/media/dvb-frontends/helene.c | 5 +++- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 ++++++++++--------- drivers/mfd/ti_am335x_tscadc.c | 3 +-- drivers/misc/mic/scif/scif_api.c | 20 ++++++++-------- drivers/misc/ti-st/st_kim.c | 4 ++-- drivers/mtd/ubi/wl.c | 8 +++++-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++++++++++++---- drivers/net/wireless/ath/ath10k/mac.c | 7 ++++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++++ drivers/net/wireless/ath/ath9k/hw.c | 7 ++++-- drivers/net/wireless/ath/ath9k/xmit.c | 3 ++- drivers/net/wireless/ti/wlcore/rx.c | 8 +++++-- drivers/scsi/3w-9xxx.c | 6 ++++- drivers/scsi/3w-sas.c | 3 +++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/staging/rts5208/rtsx_scsi.c | 2 +- drivers/staging/rts5208/xd.c | 2 +- drivers/target/target_core_transport.c | 5 ++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +-- drivers/usb/host/xhci.c | 3 +++ fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 ++++++- fs/f2fs/inline.c | 21 +++++++++++++++++ fs/f2fs/node.c | 4 +++- fs/f2fs/segment.h | 3 +++ fs/f2fs/super.c | 21 +++++++++++++++-- fs/nfs/callback_proc.c | 4 ++-- fs/nfs/callback_xdr.c | 11 ++++++--- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/vm_event_item.h | 1 - include/linux/vmacache.h | 5 ---- include/uapi/linux/ethtool.h | 4 ++-- kernel/fork.c | 17 ++++++++++---- kernel/locking/osq_lock.c | 13 +++++++++++ kernel/locking/rwsem-xadd.c | 27 ++++++++++++++++++++++ kernel/time/timer.c | 29 ++++++++++++----------- mm/debug.c | 4 ++-- mm/vmacache.c | 38 ------------------------------- mm/vmscan.c | 3 ++- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++---- net/netfilter/x_tables.c | 4 ++-- net/wireless/nl80211.c | 3 +++ security/selinux/avc.c | 14 +++++------- sound/pci/hda/hda_codec.c | 3 ++- tools/perf/perf.h | 2 ++ 81 files changed, 358 insertions(+), 196 deletions(-)

7 years

4
73
0 0

[PATCH 1/4] ovl: fix memory leak on unlink of indexed file

by Amir Goldstein

Fixes: caf70cb2ba5d ("ovl: cleanup orphan index entries") Cc: <stable(a)vger.kernel.org> # v4.13 Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- fs/overlayfs/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 8cfb62cc8672..ace4fe4c39a9 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -683,7 +683,7 @@ static void ovl_cleanup_index(struct dentry *dentry) struct dentry *upperdentry = ovl_dentry_upper(dentry); struct dentry *index = NULL; struct inode *inode; - struct qstr name; + struct qstr name = { }; int err; err = ovl_get_index_name(lowerdentry, &name); @@ -726,6 +726,7 @@ static void ovl_cleanup_index(struct dentry *dentry) goto fail; out: + kfree(name.name); dput(index); return; -- 2.17.1

7 years

2
2
0 0

patch "serial: cpm_uart: return immediately from console poll" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: cpm_uart: return immediately from console poll to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From be28c1e3ca29887e207f0cbcd294cefe5074bab6 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Fri, 14 Sep 2018 10:32:50 +0000 Subject: serial: cpm_uart: return immediately from console poll kgdb expects poll function to return immediately and returning NO_POLL_CHAR when no character is available. Fixes: f5316b4aea024 ("kgdb,8250,pl011: Return immediately from console poll") Cc: Jason Wessel <jason.wessel(a)windriver.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/cpm_uart/cpm_uart_core.c b/drivers/tty/serial/cpm_uart/cpm_uart_core.c index 24a5f05e769b..e5389591bb4f 100644 --- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c +++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c @@ -1054,8 +1054,8 @@ static int poll_wait_key(char *obuf, struct uart_cpm_port *pinfo) /* Get the address of the host memory buffer. */ bdp = pinfo->rx_cur; - while (bdp->cbd_sc & BD_SC_EMPTY) - ; + if (bdp->cbd_sc & BD_SC_EMPTY) + return NO_POLL_CHAR; /* If the buffer address is in the CPM DPRAM, don't * convert it. @@ -1090,7 +1090,11 @@ static int cpm_get_poll_char(struct uart_port *port) poll_chars = 0; } if (poll_chars <= 0) { - poll_chars = poll_wait_key(poll_buf, pinfo); + int ret = poll_wait_key(poll_buf, pinfo); + + if (ret == NO_POLL_CHAR) + return ret; + poll_chars = ret; pollp = poll_buf; } poll_chars--; -- 2.19.0

7 years

1
0
0 0

patch "serial: mvebu-uart: Fix reporting of effective CSIZE to userspace" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: mvebu-uart: Fix reporting of effective CSIZE to userspace to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e0bf2d4982fe7d9ddaf550dd023803ea286f47fc Mon Sep 17 00:00:00 2001 From: Jan Kiszka <jan.kiszka(a)siemens.com> Date: Sun, 26 Aug 2018 19:49:32 +0200 Subject: serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Apparently, this driver (or the hardware) does not support character length settings. It's apparently running in 8-bit mode, but it makes userspace believe it's in 5-bit mode. That makes tcsetattr with CS8 incorrectly fail, breaking e.g. getty from busybox, thus the login shell on ttyMVx. Fix by hard-wiring CS8 into c_cflag. Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> Fixes: 30530791a7a0 ("serial: mvebu-uart: initial support for Armada-3700 serial port") Cc: stable <stable(a)vger.kernel.org> # 4.6+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/mvebu-uart.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c index d04b5eeea3c6..170e446a2f62 100644 --- a/drivers/tty/serial/mvebu-uart.c +++ b/drivers/tty/serial/mvebu-uart.c @@ -511,6 +511,7 @@ static void mvebu_uart_set_termios(struct uart_port *port, termios->c_iflag |= old->c_iflag & ~(INPCK | IGNPAR); termios->c_cflag &= CREAD | CBAUD; termios->c_cflag |= old->c_cflag & ~(CREAD | CBAUD); + termios->c_cflag |= CS8; } spin_unlock_irqrestore(&port->lock, flags); -- 2.19.0

7 years

1
0
0 0

patch "serial: 8250: Fix clearing FIFOs in RS485 mode again" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: Fix clearing FIFOs in RS485 mode again to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From b268203fc327a8f480ef70b70acace7f4a80f525 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marex(a)denx.de> Date: Mon, 3 Sep 2018 02:44:52 +0200 Subject: serial: 8250: Fix clearing FIFOs in RS485 mode again The 8250 FIFOs indeed need to be cleared after stopping transmission in RS485 mode without SER_RS485_RX_DURING_TX flag set. But there are two problems with the approach taken by the previous patch from Fixes tag. First, serial8250_clear_fifos() should clear fifos, but what it really does is it enables the FIFOs unconditionally if present, clears them and then sets the FCR register to zero, which effectively disables the FIFOs. In case the FIFO is disabled, enabling it and clearing it makes no sense and in fact can trigger misbehavior of the 8250 core. Moreover, the FCR register may contain other FIFO configuration bits which may not be writable unconditionally and writing them incorrectly can trigger misbehavior of the 8250 core too. (ie. AM335x UART swallows the first byte and retransmits the last byte twice because of this FCR write). Second, serial8250_clear_and_reinit_fifos() completely reloads the FCR, but what really has to happen at the end of the RS485 transmission is clearing of the FIFOs and nothing else. This patch repairs serial8250_clear_fifos() so that it really only clears the FIFOs by operating on FCR[2:1] bits and leaves all the other bits alone. It also undoes serial8250_clear_and_reinit_fifos() from __do_stop_tx_rs485() as serial8250_clear_fifos() is sufficient. Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 2bed8a8e7072 ("Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break") Cc: Daniel Jedrychowski <avistel(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable <stable(a)vger.kernel.org> # let it bake a bit before merging Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 3f779d25ec0c..f776b3eafb96 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -552,11 +552,30 @@ static unsigned int serial_icr_read(struct uart_8250_port *up, int offset) */ static void serial8250_clear_fifos(struct uart_8250_port *p) { + unsigned char fcr; + unsigned char clr_mask = UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT; + if (p->capabilities & UART_CAP_FIFO) { - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO); - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO | - UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT); - serial_out(p, UART_FCR, 0); + /* + * Make sure to avoid changing FCR[7:3] and ENABLE_FIFO bits. + * In case ENABLE_FIFO is not set, there is nothing to flush + * so just return. Furthermore, on certain implementations of + * the 8250 core, the FCR[7:3] bits may only be changed under + * specific conditions and changing them if those conditions + * are not met can have nasty side effects. One such core is + * the 8250-omap present in TI AM335x. + */ + fcr = serial_in(p, UART_FCR); + + /* FIFO is not enabled, there's nothing to clear. */ + if (!(fcr & UART_FCR_ENABLE_FIFO)) + return; + + fcr |= clr_mask; + serial_out(p, UART_FCR, fcr); + + fcr &= ~clr_mask; + serial_out(p, UART_FCR, fcr); } } @@ -1448,7 +1467,7 @@ static void __do_stop_tx_rs485(struct uart_8250_port *p) * Enable previously disabled RX interrupts. */ if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) { - serial8250_clear_and_reinit_fifos(p); + serial8250_clear_fifos(p); p->ier |= UART_IER_RLSI | UART_IER_RDI; serial_port_out(&p->port, UART_IER, p->ier); -- 2.19.0

7 years

1
0
0 0

[GIT PULL 2/3] intel_th: Fix resource handling for ACPI glue layer

by Alexander Shishkin

The core of the driver expects the resource array from the glue layer to be indexed by even numbers, as is the case for 64-bit PCI resources. This doesn't hold true for others, ACPI in this instance, which leads to an out-of-bounds access and an ioremap() on whatever address that access fetches. This patch fixes the problem by reading resource array differently based on whether the 64-bit flag is set, which would indicate PCI glue layer. Signed-off-by: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Fixes: ebc57e399b8e ("intel_th: Add ACPI glue layer") CC: stable(a)vger.kernel.org # v4.17+ --- drivers/hwtracing/intel_th/core.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/hwtracing/intel_th/core.c b/drivers/hwtracing/intel_th/core.c index 4e70ecee2103..fc6b7f8b62fb 100644 --- a/drivers/hwtracing/intel_th/core.c +++ b/drivers/hwtracing/intel_th/core.c @@ -488,7 +488,7 @@ static const struct intel_th_subdevice { .flags = IORESOURCE_MEM, }, { - .start = TH_MMIO_SW, + .start = 1, /* use resource[1] */ .end = 0, .flags = IORESOURCE_MEM, }, @@ -581,6 +581,7 @@ intel_th_subdevice_alloc(struct intel_th *th, struct intel_th_device *thdev; struct resource res[3]; unsigned int req = 0; + bool is64bit = false; int r, err; thdev = intel_th_device_alloc(th, subdev->type, subdev->name, @@ -590,12 +591,18 @@ intel_th_subdevice_alloc(struct intel_th *th, thdev->drvdata = th->drvdata; + for (r = 0; r < th->num_resources; r++) + if (th->resource[r].flags & IORESOURCE_MEM_64) { + is64bit = true; + break; + } + memcpy(res, subdev->res, sizeof(struct resource) * subdev->nres); for (r = 0; r < subdev->nres; r++) { struct resource *devres = th->resource; - int bar = TH_MMIO_CONFIG; + int bar = 0; /* cut subdevices' MMIO from resource[0] */ /* * Take .end == 0 to mean 'take the whole bar', @@ -604,6 +611,8 @@ intel_th_subdevice_alloc(struct intel_th *th, */ if (!res[r].end && res[r].flags == IORESOURCE_MEM) { bar = res[r].start; + if (is64bit) + bar *= 2; res[r].start = 0; res[r].end = resource_size(&devres[bar]) - 1; } -- 2.18.0

7 years

1
0
0 0

[GIT PULL 1/3] intel_th: Fix device removal logic

by Alexander Shishkin

Commit a753bfcfdb1f ("intel_th: Make the switch allocate its subdevices") brings in new subdevice addition/removal logic that's broken for "host mode": the SWITCH device has no children to begin with, which is not handled in the code. This results in a null dereference bug later down the path. This patch fixes the subdevice removal code to handle host mode correctly. Signed-off-by: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Fixes: a753bfcfdb1f ("intel_th: Make the switch allocate its subdevices") CC: stable(a)vger.kernel.org # v4.14+ --- drivers/hwtracing/intel_th/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/hwtracing/intel_th/core.c b/drivers/hwtracing/intel_th/core.c index da962aa2cef5..4e70ecee2103 100644 --- a/drivers/hwtracing/intel_th/core.c +++ b/drivers/hwtracing/intel_th/core.c @@ -139,7 +139,8 @@ static int intel_th_remove(struct device *dev) th->thdev[i] = NULL; } - th->num_thdevs = lowest; + if (lowest >= 0) + th->num_thdevs = lowest; } if (thdrv->attr_group) -- 2.18.0

7 years

1
0
0 0

[PATCH v2] mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able

by Boris Brezillon

As documented in spi-mem.h, spi_mem_op->data.buf.{in,out} must be DMA-able, and commit 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") failed to follow this rule as buffers passed to ->{read,write}_reg() are usually placed on the stack. Fix that by allocating a scratch buffer and copying the data around. Fixes: 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") Reported-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Note that the ->{read,write}() path is still buggy since nothing guarantees that buffers passed by the MTD layer to the SPI NOR layer are DMA-able, but this is a long-standing issue which we'll have to address at the spi-nor level (this layer can choose the bounce buffer size based on nor->page_size). Changes in v2: - Copy the data from scratchbuf in the ->read_reg() path --- drivers/mtd/devices/m25p80.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c index cbfafc453274..270d3c9580c5 100644 --- a/drivers/mtd/devices/m25p80.c +++ b/drivers/mtd/devices/m25p80.c @@ -39,13 +39,23 @@ static int m25p80_read_reg(struct spi_nor *nor, u8 code, u8 *val, int len) struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(code, 1), SPI_MEM_OP_NO_ADDR, SPI_MEM_OP_NO_DUMMY, - SPI_MEM_OP_DATA_IN(len, val, 1)); + SPI_MEM_OP_DATA_IN(len, NULL, 1)); + void *scratchbuf; int ret; + scratchbuf = kmalloc(len, GFP_KERNEL); + if (!scratchbuf) + return -ENOMEM; + + op.data.buf.in = scratchbuf; ret = spi_mem_exec_op(flash->spimem, &op); if (ret < 0) dev_err(&flash->spimem->spi->dev, "error %d reading %x\n", ret, code); + else + memcpy(val, scratchbuf, len); + + kfree(scratchbuf); return ret; } @@ -56,9 +66,19 @@ static int m25p80_write_reg(struct spi_nor *nor, u8 opcode, u8 *buf, int len) struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(opcode, 1), SPI_MEM_OP_NO_ADDR, SPI_MEM_OP_NO_DUMMY, - SPI_MEM_OP_DATA_OUT(len, buf, 1)); + SPI_MEM_OP_DATA_OUT(len, NULL, 1)); + void *scratchbuf; + int ret; - return spi_mem_exec_op(flash->spimem, &op); + scratchbuf = kmemdup(buf, len, GFP_KERNEL); + if (!scratchbuf) + return -ENOMEM; + + op.data.buf.out = scratchbuf; + ret = spi_mem_exec_op(flash->spimem, &op); + kfree(scratchbuf); + + return ret; } static ssize_t m25p80_write(struct spi_nor *nor, loff_t to, size_t len, -- 2.14.1

7 years

2
2
0 0

[PATCH v2] tpm: Restore functionality to xen vtpm driver.

by Boris Ostrovsky

From: "Dr. Greg Wettstein" <greg(a)wind.enjellic.com> Functionality of the xen-tpmfront driver was lost secondary to the introduction of xenbus multi-page support in commit ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring"). In this commit a pointer to the shared page address was being passed to the xenbus_grant_ring() function rather then the address of the shared page itself. This resulted in a situation where the driver would attach to the vtpm-stubdom but any attempt to send a command to the stub domain would timeout. A diagnostic finding for this regression is the following error message being generated when the xen-tpmfront driver probes for a device: <3>vtpm vtpm-0: tpm_transmit: tpm_send: error -62 <3>vtpm vtpm-0: A TPM error (-62) occurred attempting to determine the timeouts This fix is relevant to all kernels from 4.1 forward which is the release in which multi-page xenbus support was introduced. Daniel De Graaf formulated the fix by code inspection after the regression point was located. Fixes: ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring") Signed-off-by: Dr. Greg Wettstein <greg(a)enjellic.com> [boris: fixed commit message formatting, added Fixes tag] Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org # v4.1+ --- drivers/char/tpm/xen-tpmfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c index 911475d36800..b150f87f38f5 100644 --- a/drivers/char/tpm/xen-tpmfront.c +++ b/drivers/char/tpm/xen-tpmfront.c @@ -264,7 +264,7 @@ static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv) return -ENOMEM; } - rv = xenbus_grant_ring(dev, &priv->shr, 1, &gref); + rv = xenbus_grant_ring(dev, priv->shr, 1, &gref); if (rv < 0) return rv; -- 2.17.1

7 years

3
5
0 0

[PATCH] drm/atomic: Use drm_drv_uses_atomic_modeset() for debugfs creation

by Lyude Paul

As pointed out by Daniel Vetter, we should be usinng drm_drv_uses_atomic_modeset() for determining whether or not we want to make the debugfs nodes for atomic instead of checking DRIVER_ATOMIC, as the former isn't an accurate representation of whether or not the driver is actually using atomic modesetting internally (even though it might not be exposing atomic capabilities). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic.c | 2 +- drivers/gpu/drm/drm_debugfs.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c index 3eb061e11e2e..018fcdb353d2 100644 --- a/drivers/gpu/drm/drm_atomic.c +++ b/drivers/gpu/drm/drm_atomic.c @@ -2067,7 +2067,7 @@ static void __drm_state_dump(struct drm_device *dev, struct drm_printer *p, struct drm_connector *connector; struct drm_connector_list_iter conn_iter; - if (!drm_core_check_feature(dev, DRIVER_ATOMIC)) + if (!drm_drv_uses_atomic_modeset(dev)) return; list_for_each_entry(plane, &config->plane_list, head) { diff --git a/drivers/gpu/drm/drm_debugfs.c b/drivers/gpu/drm/drm_debugfs.c index 6f28fe58f169..373bd4c2b698 100644 --- a/drivers/gpu/drm/drm_debugfs.c +++ b/drivers/gpu/drm/drm_debugfs.c @@ -151,7 +151,7 @@ int drm_debugfs_init(struct drm_minor *minor, int minor_id, return ret; } - if (drm_core_check_feature(dev, DRIVER_ATOMIC)) { + if (drm_drv_uses_atomic_modeset(dev)) { ret = drm_atomic_debugfs_init(minor); if (ret) { DRM_ERROR("Failed to create atomic debugfs files\n"); -- 2.17.1

7 years

3
2
0 0

[PATCH net] net/ipv4: defensive cipso option parsing

by Stefan Nuernberger

commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop") fixed a possible infinite loop in the IP option parsing of CIPSO. The fix assumes that ip_options_compile filtered out all zero length options and that no other one-byte options beside IPOPT_END and IPOPT_NOOP exist. While this assumption currently holds true, add explicit checks for zero length and invalid length options to be safe for the future. Even though ip_options_compile should have validated the options, the introduction of new one-byte options can still confuse this code without the additional checks. Signed-off-by: Stefan Nuernberger <snu(a)amazon.com> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Reviewed-by: Simon Veith <sveith(a)amazon.de> Cc: stable(a)vger.kernel.org --- net/ipv4/cipso_ipv4.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 82178cc69c96..f291b57b8474 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -1512,7 +1512,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, * * Description: * Parse the packet's IP header looking for a CIPSO option. Returns a pointer - * to the start of the CIPSO option on success, NULL if one if not found. + * to the start of the CIPSO option on success, NULL if one is not found. * */ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) @@ -1522,9 +1522,11 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) int optlen; int taglen; - for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { + for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 1; ) { switch (optptr[0]) { case IPOPT_CIPSO: + if (!optptr[1] || optptr[1] > optlen) + return NULL; return optptr; case IPOPT_END: return NULL; @@ -1534,6 +1536,10 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) default: taglen = optptr[1]; } + + if (!taglen || taglen > optlen) + break; + optlen -= taglen; optptr += taglen; } -- 2.19.0

7 years

4
5
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit a5f9be3576c3f9dd871f68eaf482278c0b3a6df2: Linux 3.18.120 (2018-08-28 07:21:37 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-17092018 for you to fetch changes up to 7058136ea11e4f5b2d0d65f6f6dbb714d2beec42: platform/x86: toshiba_acpi: Fix defined but not used build warnings (2018-09-04 13:44:36 -0400) - ---------------------------------------------------------------- for-greg-3.18-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Lars-Peter Clausen (1): iio: ad9523: Fix displayed phase Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (2): ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro YueHaibing (1): xfrm: fix 'passing zero to ERR_PTR()' warning arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/powerpc/platforms/powernv/opal.c | 2 +- drivers/iio/frequency/ad9523.c | 2 +- drivers/mtd/maps/solutionengine.c | 6 ++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/video/fbdev/core/modedb.c | 41 +++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- 20 files changed, 80 insertions(+), 39 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPO8ACgkQ3qZv95d3 LNygexAAvz2wzEaH/mDTnQ0085ODaIA6wmr/U7dlzXjoE1vPko4EOg0y8GJPmRD0 DsFkX7fqCLoLT/LQcCMK+KKq5IsPNPDs35tOvCc1T0WofnIE1KVifz4zalmW3upc gT1HjZaza+agnw5QDs9RI0Y/y5vfR9Pwpmfi1e9V8vsNX8iR7i3YMI3HwS8g2Ggq gjVOlH2UyiyJpqruV1B6tRwZA+KE3RNmj7xIXwvRVd29MLI0CMs/mSOo57TvGvxp Wcn0IA0TK6T0LvNqgXNv+vjJhohfIN1TzhGiH0oEMiZVkRoHs1wqmkVQdkRPBApV GXMGvb1suh1NE8IRl4OP/z27zZoUBr+ksoLgFD+o6tzgiBp0zR+gPV87PVzPLN32 PKyru9V0LOrF3nnCS9k6iMboFUS/vWrctrxRIdd2oUPkljPwkzxx8jz6HUNJ606B 6vPeNMBdxH1Vqiptt29Qn6c9Lg35OkOi+6JMS0WWkTPCArvHBPKOodf/4DIslm4O 2ewBiq8ewmhfUTAxxQfk+xR0+YR6d4g82Q3PvZ4jyDsSosQWnThAwLjketoTRBmc BRcZKrqFvIMpVky0I2sl9U3ZFzlWWr2Z4PEKxu98o0AhUDCctzBHvXwL45c+7K0k CQEs5a76ecC99mAf5AjtrbAcnTjKx9R6Y1RJ8XS9gCjT5/CMA7M= =gANE -----END PGP SIGNATURE-----

7 years

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c40a7b3592b3b7519eadc130c5583db2aaf70f68: Linux 4.4.156 (2018-09-15 09:40:42 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-17092018 for you to fetch changes up to 86d8d800d31c13b8c14a5a18da2ec8715da5fe0a: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:24:32 -0400) - ---------------------------------------------------------------- for-greg-4.4-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Masahiro Yamada (1): kbuild: add .DELETE_ON_ERROR special target Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Nicholas Mc Guire (1): clk: imx6ul: fix missing of_node_put() Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Paul Cercueil (1): MIPS: jz4740: Bump zload address Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (2): ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' YueHaibing (1): xfrm: fix 'passing zero to ERR_PTR()' warning arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- drivers/clk/imx/clk-imx6ul.c | 1 + drivers/crypto/sahara.c | 4 +-- drivers/dma/pl330.c | 5 +-- drivers/iommu/arm-smmu-v3.c | 1 + drivers/media/v4l2-core/videobuf2-core.c | 5 +++ drivers/mtd/maps/solutionengine.c | 6 ++-- drivers/net/xen-netfront.c | 6 ++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/video/fbdev/core/modedb.c | 41 +++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- scripts/Kbuild.include | 3 ++ sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- 29 files changed, 101 insertions(+), 46 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPOcACgkQ3qZv95d3 LNxQzhAAl454mfpZ6ZQIy0kRvfw9BZrlBF0yIZYS/QQ1cBJ7+j8sOdS1s/dtJkRK zpEvSImx6aUgKiuXrJUt6EJbWTUkLeZnfqoRkWe543T6oMgPJGXObmafkF3GlT1A d0AY17gdH2CB5IlovnrgyuUkMCNaB3Kv2yimo9fWVaIU4wuAfFt7HKHHWE/SQX2L SUiajdhGvWwBLcry7FefV/fU8Ug2sBSHoucxEkkb64SYl2jwC3lNB5U0upJkiCOe jtT7o0JQ3v3SzJLN2fRsYb64aVqLjp3OpQg4RODOO7f5NAzbyOATqtjQTxDUJ6wa wGiD+BjIWrd99oiWC/nIAgZS8adAtiRJ/NOgH/kR8OR3BgP7Wk4M6Zqej6YxXEw3 pid6/ZMiYIymj+YVqwQt0W0p8L2RwMK4R0eoDeZD1aeJTvkEJPmWov80B2nBdu2I XyB2A/Jay7+M3jnDZPVMjGVAh1ukGNglpsYgi7tkzxmSCS9oz10lgt1i5N9DXPBG WLlbCyPwof9JJLpiT1mlqx6PZYPy3XfUyq+bAFOpAEzdqv69lT3gtY5krz1iydIJ C+y1n8vFwmsVbrBACMIYFAbwxsH2kdwComA/nQKf9g1urMZGNrMgKO4qoZR5o9zX dZG26OrKCwbHAfV1aAvcQrH27Jc9VFEXYG31iShh+tdbymIWzgU= =/dVc -----END PGP SIGNATURE-----

7 years

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 927556eb3a72306db1ba5ab8b9bb9914433302ba: Linux 4.9.127 (2018-09-15 09:43:07 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-17092018 for you to fetch changes up to bb180cbca65d450c5bd1b0e10995ef5eb56ff1e1: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:24:21 -0400) - ---------------------------------------------------------------- for-greg-4.9-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Ard Biesheuvel (1): efi/arm: preserve early mapping of UEFI memory map longer for BGRT Bhushan Shah (1): ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Christoffer Dall (1): KVM: arm/arm64: Fix vgic init race Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Daniel Mack (1): video: fbdev: pxafb: clear allocated memory for video modes Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Hanna Hawa (1): dmaengine: mv_xor_v2: kill the tasklets upon exit Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() Jakub Kicinski (1): nfp: avoid buffer leak when FW communication fails John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Ha?asa (1): media: tw686x: Fix oops on buffer alloc failure Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Masahiro Yamada (1): kbuild: add .DELETE_ON_ERROR special target Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Nicholas Mc Guire (1): clk: imx6ul: fix missing of_node_put() Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Paul Cercueil (1): MIPS: jz4740: Bump zload address Pingfan Liu (1): drivers/base: stop new probing during shutdown Piotr Sawicki (1): Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Rajan Vaja (1): clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (2): ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Thomas Richter (1): perf test: Fix subtest number when showing results Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' YueHaibing (2): xfrm: fix 'passing zero to ERR_PTR()' warning wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Zhu Yanjun (1): IB/rxe: Drop QP0 silently .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 ++ arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- drivers/base/core.c | 3 ++ drivers/clk/clk-fixed-factor.c | 9 ++++- drivers/clk/imx/clk-imx6ul.c | 1 + drivers/crypto/sahara.c | 4 +-- drivers/dma/mv_xor_v2.c | 2 ++ drivers/dma/pl330.c | 5 +-- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 ++- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +++-- drivers/iommu/arm-smmu-v3.c | 1 + drivers/media/pci/tw686x/tw686x-video.c | 11 ++++-- drivers/media/v4l2-core/videobuf2-core.c | 5 +++ drivers/mtd/maps/solutionengine.c | 6 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 +++++-- drivers/net/wan/fsl_ucc_hdlc.c | 6 ++-- drivers/net/xen-netfront.c | 6 ++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/video/fbdev/core/modedb.c | 41 ++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/pxafb.c | 4 +-- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- scripts/Kbuild.include | 3 ++ security/smack/smack_lsm.c | 14 +++++--- sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- tools/perf/tests/builtin-test.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 4 +++ 43 files changed, 163 insertions(+), 68 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPOAACgkQ3qZv95d3 LNyTIxAAicYE/fiFKVcZc37qZPFV4MPSVH5J4aXbObvIy85IzJUSJ/hnwoymvYX+ 8fS+a3ctAC/lpMlSjxz+TtcIyMscEWEQcOZSFQPST+RycohywsADCZhweYFlw04m D88nGiffYRBU151TyORd0mXaklN1rMqx/5wWgRBAi9c5p9h9gx+DpJaXQGTD2/6C qL4q8UM92rNs8UnIEG3A2z6M5PlVgEaPkQzHrjfUUNLlHIwXYAtSJ7AT5WQdzO7+ l2V+9/EyGlLWQY9Rm3/QIVxWJv2b106K8uA/q8olt1pqlwsGZX8yMWwHWzwQMK9v lU9ri5ZbgEYjNvUbE8y7nhRtajSa/AJuY8P+Ytk/iFtryo809Y/JUss03eu6KU75 hgTB7cBeB7Fb4ircFQ9MVmeccmLmXemvuH87YFUNNlaZBwOJWf/0MqGLFtJ5s4c3 ie9aW9jw96xbWB9SJDKT6dpnCBibus43TYF4bniRsMWpSnNbRYCDruRzQCzj5qnW 2ew1noQpr2st0fJtJEcQgjd/gMbVmQEkUOxdnTGL3y3dSDppHWBGDVzbkudTkwCg Y1hfFJTpf9dYeTN4vrNPm2GYAIBINjW0m38b5PpM/NH9cOnC8jq9ogG+8OGTvqAz V01J8xPOPXWX/kunc5rFYxRN+MhF1k64iT7W4DhUW3999BHJ410= =csQ/ -----END PGP SIGNATURE-----

7 years

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 5dfe87ac34e2326ae2957fc68b63212d84f78701: Linux 4.14.70 (2018-09-15 09:45:37 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-17092018 for you to fetch changes up to 64190d73856692f63af6becf8787c94a2df34432: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:22:53 -0400) - ---------------------------------------------------------------- for-greg-4.14-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Ard Biesheuvel (1): efi/arm: preserve early mapping of UEFI memory map longer for BGRT Bhushan Shah (1): ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Christoffer Dall (1): KVM: arm/arm64: Fix vgic init race Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Daniel Mack (1): video: fbdev: pxafb: clear allocated memory for video modes Erich E. Hoover (1): usb: dwc3: change stream event enable bit back to 13 Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Hanna Hawa (1): dmaengine: mv_xor_v2: kill the tasklets upon exit Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() Jae Hyun Yoo (1): i2c: aspeed: Fix initial values of master and slave state Jakub Kicinski (1): nfp: avoid buffer leak when FW communication fails Jean-Philippe Brucker (1): iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Jiang Biao (2): x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiri Olsa (2): perf tools: Synthesize GROUP_DESC feature in pipe mode perf tools: Fix struct comm_str removal crash Joerg Roedel (1): x86/mm/pti: Add an overflow check to pti_clone_pmds() John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Ha?asa (1): media: tw686x: Fix oops on buffer alloc failure Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Leonard Crestez (1): reset: imx7: Fix always writing bits as 0 Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Mark Rutland (2): KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() Masahiro Yamada (1): kbuild: add .DELETE_ON_ERROR special target Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Mike Snitzer (1): block: allow max_discard_segments to be stacked Mikko Perttunen (1): clk: core: Potentially free connection id Nicholas Mc Guire (3): clk: imx6ul: fix missing of_node_put() staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied Paul Cercueil (1): MIPS: jz4740: Bump zload address Pingfan Liu (1): drivers/base: stop new probing during shutdown Piotr Sawicki (1): Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Rajan Vaja (1): clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sagi Grimberg (1): nvme-rdma: unquiesce queues when deleting the controller Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (3): ALSA: pcm: Add __force to cast in snd_pcm_lib_read/write() ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Thomas Richter (1): perf test: Fix subtest number when showing results Todor Tomov (1): media: ov5645: Supported external clock is 24MHz Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Wei Yongjun (1): IB/ipoib: Fix error return code in ipoib_dev_init() Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' YueHaibing (3): xfrm: fix 'passing zero to ERR_PTR()' warning amd-xgbe: use dma_mapping_error to check map errors wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Zhu Yanjun (1): IB/rxe: Drop QP0 silently .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 ++ arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/kernel/ptrace.c | 19 +++++----- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- arch/x86/mm/pti.c | 25 ++++++++++--- block/blk-settings.c | 2 +- drivers/base/core.c | 3 ++ drivers/clk/clk-fixed-factor.c | 9 ++++- drivers/clk/clk.c | 3 ++ drivers/clk/imx/clk-imx6ul.c | 1 + drivers/crypto/sahara.c | 4 +-- drivers/dma/mv_xor_v2.c | 2 ++ drivers/dma/pl330.c | 5 +-- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 ++- drivers/i2c/busses/i2c-aspeed.c | 4 +-- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +++-- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 +++- drivers/media/i2c/ov5645.c | 13 +++---- drivers/media/pci/tw686x/tw686x-video.c | 11 ++++-- drivers/media/v4l2-core/videobuf2-core.c | 5 +++ drivers/mtd/maps/solutionengine.c | 6 ++-- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 +++++-- drivers/net/wan/fsl_ucc_hdlc.c | 6 ++-- drivers/net/xen-netfront.c | 6 ++-- drivers/nvme/host/rdma.c | 2 ++ drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/reset/reset-imx7.c | 2 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 ++-- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 +++--- drivers/usb/dwc3/gadget.h | 2 +- drivers/video/fbdev/core/modedb.c | 41 ++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/pxafb.c | 4 +-- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- include/sound/pcm.h | 4 +-- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- scripts/Kbuild.include | 3 ++ security/smack/smack_lsm.c | 14 +++++--- sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/soc/codecs/rt5514.c | 8 ++--- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- tools/perf/tests/builtin-test.c | 2 +- tools/perf/util/comm.c | 16 ++++++--- tools/perf/util/header.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 4 +++ virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 ++ 62 files changed, 253 insertions(+), 118 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPNMACgkQ3qZv95d3 LNzARxAAvjj18hSYWqS/PbHjOFUtAuZmEwNQPvj0oVaLLfLAFKs362ZYILvN5oV+ 4MfDuDoWhGQ8qF4yXlLg2yqTtUX9geKf92m6rr11tily7VA1BbYBtk+j4gk7IKP6 1EMZ/hOm7jAn2AyCgWsQPgSmUR544peOCdHaUg/Qmi2JjAzMGEG9iclaWcgq79Y9 qjZjNdJGQh7OtSqQfsA3nfnG2zNLjU6u2q5BXxtVDB4bPkk8exU+oUNBw5Izb7ww hWsNSQFjas/ulzh8prM0gNyqPn5iGWqzmdyW5VAoxsDy0KSfw8CT9KUzk81Gz/DO OZBIGjodzkfqsQ8UgBZPd9DDJfnyGIPuNUHsk5kNaEZiSBdt+iZKVbY6BkuVU5Qa E0Af4x6vBkOEO9ofpIwQSbpjm3IwpHuM0sBnzU8TDa7vpYoaxqUSXx0C8nm/0nZ4 EzFw+BTUn3T1Zo8zsnBBXDlnHa+fx/RpUeMCuPrHrAL/ZrJltkrVRzmPbpfnBWqT elX23+RZTG3BDTcbgXuB5na2BnppXZyG6L3aoY+68kk9fyACe5CD+6a320N9dueM kxWgQ9n2byKiiofS7quip7hMcRKVnqvFdiBXTd+zZEcpE2uPue8NQ04BAzrp+DKH p3/R5SDjCFTiqJCtB/W6RdkYFZGZK9yTsDKNdjEHq1DlyzyV+t4= =KTqg -----END PGP SIGNATURE-----

7 years

1
0
0 0

+ mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been added to the -mm tree. Its filename is mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-mlocking-thp-page-with-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-mlocking-thp-page-with-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch

7 years

1
0
0 0

+ mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been added to the -mm tree. Its filename is mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-mlocking-thp-page-with-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-mlocking-thp-page-with-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch

7 years

1
0
0 0

[PATCH 13/17] target/core: Avoid that LUN reset sporadically triggers data corruption

by Bart Van Assche

If on an initiator system a LUN reset is issued while I/O is in progress with queue depth > 1, avoid that data corruption occurs as follows: - The initiator submits a READ (a). - The initiator submits a LUN reset before READ (a) completes. - The target responds that the LUN reset succeeded after READ (a) has been marked as CMD_T_COMPLETE and before .queue_status() has been called. - The initiator receives the LUN reset response and frees the tag used by READ (a). - The initiator submits READ (b) and reuses the tag of READ (a). - The initiator receives the response for READ (a) and interprets this as a completion for READ (b). - The initiator receives the completion for READ (b) and discards it. With the SRP initiator and target drivers and when running fio concurrently with sg_reset -d it only takes a few minutes to reproduce this. Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Fixes: commit febe562c20df ("target: Fix LUN_RESET active I/O handling for ACK_KREF") Cc: Nicholas Bellinger <nab(a)linux-iscsi.org> Cc: Mike Christie <mchristi(a)redhat.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Hannes Reinecke <hare(a)suse.de> Cc: <stable(a)vger.kernel.org> --- drivers/target/target_core_tmr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c index 2750a2c7b563..6e419396c1e4 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c @@ -90,7 +90,7 @@ static int target_check_cdb_and_preempt(struct list_head *list, return 1; } -static bool __target_check_io_state(struct se_cmd *se_cmd, +static bool __target_check_io_state(struct se_cmd *se_cmd, u32 skip_flags, struct se_session *tmr_sess, int tas) { struct se_session *sess = se_cmd->se_sess; @@ -108,7 +108,7 @@ static bool __target_check_io_state(struct se_cmd *se_cmd, * long as se_cmd->cmd_kref is still active unless zero. */ spin_lock(&se_cmd->t_state_lock); - if (se_cmd->transport_state & (CMD_T_COMPLETE | CMD_T_FABRIC_STOP)) { + if (se_cmd->transport_state & (skip_flags | CMD_T_FABRIC_STOP)) { pr_debug("Attempted to abort io tag: %llu already complete or" " fabric stop, skipping\n", se_cmd->tag); spin_unlock(&se_cmd->t_state_lock); @@ -165,7 +165,8 @@ void core_tmr_abort_task( printk("ABORT_TASK: Found referenced %s task_tag: %llu\n", se_cmd->se_tfo->get_fabric_name(), ref_tag); - if (!__target_check_io_state(se_cmd, se_sess, 0)) + if (!__target_check_io_state(se_cmd, CMD_T_COMPLETE, se_sess, + 0)) continue; spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags); @@ -349,7 +350,7 @@ static void core_tmr_drain_state_list( continue; spin_lock(&sess->sess_cmd_lock); - rc = __target_check_io_state(cmd, tmr_sess, tas); + rc = __target_check_io_state(cmd, 0, tmr_sess, tas); spin_unlock(&sess->sess_cmd_lock); if (!rc) continue; -- 2.18.0

7 years

1
0
0 0

[PATCH] tpm: separate cmd_ready/go_idle from runtime_pm

by Jarkko Sakkinen

From: Tomas Winkler <tomas.winkler(a)intel.com> commit 627448e85c766587f6fdde1ea3886d6615081c77 upstream Fix tpm ptt initialization error: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation. We cannot use go_idle cmd_ready commands via runtime_pm handles as with the introduction of localities this is no longer an optional feature, while runtime pm can be not enabled. Though cmd_ready/go_idle provides a power saving, it's also a part of TPM2 protocol and should be called explicitly. This patch exposes cmd_read/go_idle via tpm class ops and removes runtime pm support as it is not used by any driver. When calling from nested context always use both flags: TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW. Both are needed to resolve tpm spaces and locality request recursive calls to tpm_transmit(). TPM_TRANSMIT_RAW should never be used standalone as it will fail on double locking. While TPM_TRANSMIT_UNLOCKED standalone should be called from non-recursive locked contexts. New wrappers are added tpm_cmd_ready() and tpm_go_idle() to streamline tpm_try_transmit code. tpm_crb no longer needs own power saving functions and can drop using tpm_pm_suspend/resume. This patch cannot be really separated from the locality fix. Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Cc: stable(a)vger.kernel.org Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- drivers/char/tpm/tpm-interface.c | 50 ++++++++++++--- drivers/char/tpm/tpm.h | 12 +++- drivers/char/tpm/tpm2-space.c | 16 +++-- drivers/char/tpm/tpm_crb.c | 101 +++++++++---------------------- include/linux/tpm.h | 2 + 5 files changed, 90 insertions(+), 91 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 86b526b7d990..a2070ab86c82 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -369,10 +369,13 @@ static int tpm_validate_command(struct tpm_chip *chip, return -EINVAL; } -static int tpm_request_locality(struct tpm_chip *chip) +static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return 0; + if (!chip->ops->request_locality) return 0; @@ -385,10 +388,13 @@ static int tpm_request_locality(struct tpm_chip *chip) return 0; } -static void tpm_relinquish_locality(struct tpm_chip *chip) +static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return; + if (!chip->ops->relinquish_locality) return; @@ -399,6 +405,28 @@ static void tpm_relinquish_locality(struct tpm_chip *chip) chip->locality = -1; } +static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->cmd_ready) + return 0; + + return chip->ops->cmd_ready(chip); +} + +static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->go_idle) + return 0; + + return chip->ops->go_idle(chip); +} + static ssize_t tpm_try_transmit(struct tpm_chip *chip, struct tpm_space *space, u8 *buf, size_t bufsiz, @@ -449,14 +477,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, /* Store the decision as chip->locality will be changed. */ need_locality = chip->locality == -1; - if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { - rc = tpm_request_locality(chip); + if (need_locality) { + rc = tpm_request_locality(chip, flags); if (rc < 0) goto out_no_locality; } - if (chip->dev.parent) - pm_runtime_get_sync(chip->dev.parent); + rc = tpm_cmd_ready(chip, flags); + if (rc) + goto out; rc = tpm2_prepare_space(chip, space, ordinal, buf); if (rc) @@ -516,13 +545,16 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, } rc = tpm2_commit_space(chip, space, ordinal, buf, &len); + if (rc) + dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); out: - if (chip->dev.parent) - pm_runtime_put_sync(chip->dev.parent); + rc = tpm_go_idle(chip, flags); + if (rc) + goto out; if (need_locality) - tpm_relinquish_locality(chip); + tpm_relinquish_locality(chip, flags); out_no_locality: if (chip->ops->clk_enable != NULL) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index b83b30a3eea5..4bb9b4aa9b49 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -511,9 +511,17 @@ extern const struct file_operations tpm_fops; extern const struct file_operations tpmrm_fops; extern struct idr dev_nums_idr; +/** + * enum tpm_transmit_flags + * + * @TPM_TRANSMIT_UNLOCKED: used to lock sequence of tpm_transmit calls. + * @TPM_TRANSMIT_RAW: prevent recursive calls into setup steps + * (go idle, locality,..). Always use with UNLOCKED + * as it will fail on double locking. + */ enum tpm_transmit_flags { - TPM_TRANSMIT_UNLOCKED = BIT(0), - TPM_TRANSMIT_RAW = BIT(1), + TPM_TRANSMIT_UNLOCKED = BIT(0), + TPM_TRANSMIT_RAW = BIT(1), }; ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index d26ea7513226..dabb2ae4e779 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -39,7 +39,8 @@ static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) for (i = 0; i < ARRAY_SIZE(space->session_tbl); i++) { if (space->session_tbl[i]) tpm2_flush_context_cmd(chip, space->session_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); } } @@ -84,7 +85,7 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, tpm_buf_append(&tbuf, &buf[*offset], body_size); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -133,7 +134,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, tpm_buf_append_u32(&tbuf, handle); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -170,7 +171,8 @@ static void tpm2_flush_space(struct tpm_chip *chip) for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) if (space->context_tbl[i] && ~space->context_tbl[i]) tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); tpm2_flush_sessions(chip, space); } @@ -377,7 +379,8 @@ static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, return 0; out_no_slots: - tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); + tpm2_flush_context_cmd(chip, phandle, + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW); dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, phandle); return -ENOMEM; @@ -465,7 +468,8 @@ static int tpm2_save_space(struct tpm_chip *chip) return rc; tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); space->context_tbl[i] = ~0; } diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index bb756ad7897e..5c7ce5aaaf6f 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -137,7 +137,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, } /** - * crb_go_idle - request tpm crb device to go the idle state + * __crb_go_idle - request tpm crb device to go the idle state * * @dev: crb device * @priv: crb private data @@ -151,7 +151,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, * * Return: 0 always */ -static int crb_go_idle(struct device *dev, struct crb_priv *priv) +static int __crb_go_idle(struct device *dev, struct crb_priv *priv) { if ((priv->flags & CRB_FL_ACPI_START) || (priv->flags & CRB_FL_CRB_SMC_START)) @@ -166,11 +166,20 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) dev_warn(dev, "goIdle timed out\n"); return -ETIME; } + return 0; } +static int crb_go_idle(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_go_idle(dev, priv); +} + /** - * crb_cmd_ready - request tpm crb device to enter ready state + * __crb_cmd_ready - request tpm crb device to enter ready state * * @dev: crb device * @priv: crb private data @@ -183,7 +192,7 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) * * Return: 0 on success -ETIME on timeout; */ -static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) +static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) { if ((priv->flags & CRB_FL_ACPI_START) || (priv->flags & CRB_FL_CRB_SMC_START)) @@ -201,6 +210,14 @@ static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) return 0; } +static int crb_cmd_ready(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_cmd_ready(dev, priv); +} + static int __crb_request_locality(struct device *dev, struct crb_priv *priv, int loc) { @@ -393,6 +410,8 @@ static const struct tpm_class_ops tpm_crb = { .send = crb_send, .cancel = crb_cancel, .req_canceled = crb_req_canceled, + .go_idle = crb_go_idle, + .cmd_ready = crb_cmd_ready, .request_locality = crb_request_locality, .relinquish_locality = crb_relinquish_locality, .req_complete_mask = CRB_DRV_STS_COMPLETE, @@ -508,7 +527,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, * PTT HW bug w/a: wake up the device to access * possibly not retained registers. */ - ret = crb_cmd_ready(dev, priv); + ret = __crb_cmd_ready(dev, priv); if (ret) return ret; @@ -553,7 +572,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, if (!ret) priv->cmd_size = cmd_size; - crb_go_idle(dev, priv); + __crb_go_idle(dev, priv); __crb_relinquish_locality(dev, priv, 0); @@ -624,32 +643,7 @@ static int crb_acpi_add(struct acpi_device *device) chip->acpi_dev_handle = device->handle; chip->flags = TPM_CHIP_FLAG_TPM2; - rc = __crb_request_locality(dev, priv, 0); - if (rc) - return rc; - - rc = crb_cmd_ready(dev, priv); - if (rc) - goto out; - - pm_runtime_get_noresume(dev); - pm_runtime_set_active(dev); - pm_runtime_enable(dev); - - rc = tpm_chip_register(chip); - if (rc) { - crb_go_idle(dev, priv); - pm_runtime_put_noidle(dev); - pm_runtime_disable(dev); - goto out; - } - - pm_runtime_put_sync(dev); - -out: - __crb_relinquish_locality(dev, priv, 0); - - return rc; + return tpm_chip_register(chip); } static int crb_acpi_remove(struct acpi_device *device) @@ -659,52 +653,11 @@ static int crb_acpi_remove(struct acpi_device *device) tpm_chip_unregister(chip); - pm_runtime_disable(dev); - return 0; } -static int __maybe_unused crb_pm_runtime_suspend(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_go_idle(dev, priv); -} - -static int __maybe_unused crb_pm_runtime_resume(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_cmd_ready(dev, priv); -} - -static int __maybe_unused crb_pm_suspend(struct device *dev) -{ - int ret; - - ret = tpm_pm_suspend(dev); - if (ret) - return ret; - - return crb_pm_runtime_suspend(dev); -} - -static int __maybe_unused crb_pm_resume(struct device *dev) -{ - int ret; - - ret = crb_pm_runtime_resume(dev); - if (ret) - return ret; - - return tpm_pm_resume(dev); -} - static const struct dev_pm_ops crb_pm = { - SET_SYSTEM_SLEEP_PM_OPS(crb_pm_suspend, crb_pm_resume) - SET_RUNTIME_PM_OPS(crb_pm_runtime_suspend, crb_pm_runtime_resume, NULL) + SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) }; static const struct acpi_device_id crb_device_ids[] = { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 2a6c3d96b31f..7f7b29f86c59 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -48,6 +48,8 @@ struct tpm_class_ops { u8 (*status) (struct tpm_chip *chip); bool (*update_timeouts)(struct tpm_chip *chip, unsigned long *timeout_cap); + int (*go_idle)(struct tpm_chip *chip); + int (*cmd_ready)(struct tpm_chip *chip); int (*request_locality)(struct tpm_chip *chip, int loc); int (*relinquish_locality)(struct tpm_chip *chip, int loc); void (*clk_enable)(struct tpm_chip *chip, bool value); -- 2.17.1

7 years

5
6
0 0

Re: Patch "x86/kexec: Allocate 8k PGDs for PTI" has been added to the 3.18-stable tree

by Hugh Dickins

On Mon, 17 Sep 2018, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > x86/kexec: Allocate 8k PGDs for PTI > > to the 3.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-kexec-allocate-8k-pgds-for-pti.patch > and it can be found in the queue-3.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I believe this commit is an example of the auto-selector being too eager, and this should not be in *any* of the stable trees. As the commit message indicates, it's a fix by Joerg for his PTI-x86-32 implementation - which has not been backported to any of the stable trees (yet), has it? In several of the recent stable trees, I think this will not do any actual harm; but it looks as if it will prevent relevant x86-32 configs from building on 3.18 (I see no definition of PGD_ALLOCATION_ORDER in linux-3.18.y - you preferred not to have any PTI in that tree), and I haven't checked whether its definition in older backports will build correctly here or not. Hugh > > > From foo@baz Mon Sep 17 11:45:57 CEST 2018 > From: Joerg Roedel <jroedel(a)suse.de> > Date: Wed, 25 Jul 2018 17:48:03 +0200 > Subject: x86/kexec: Allocate 8k PGDs for PTI > > From: Joerg Roedel <jroedel(a)suse.de> > > [ Upstream commit ca38dc8f2724d101038b1205122c93a1c7f38f11 ] > > Fuzzing the PTI-x86-32 code with trinity showed unhandled > kernel paging request oops-messages that looked a lot like > silent data corruption. > > Lot's of debugging and testing lead to the kexec-32bit code, > which is still allocating 4k PGDs when PTI is enabled. But > since it uses native_set_pud() to build the page-table, it > will unevitably call into __pti_set_user_pgtbl(), which > writes beyond the allocated 4k page. > > Use PGD_ALLOCATION_ORDER to allocate PGDs in the kexec code > to fix the issue. > > Signed-off-by: Joerg Roedel <jroedel(a)suse.de> > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Tested-by: David H. Gutteridge <dhgutteridge(a)sympatico.ca> > Cc: "H . Peter Anvin" <hpa(a)zytor.com> > Cc: linux-mm(a)kvack.org > Cc: Linus Torvalds <torvalds(a)linux-foundation.org> > Cc: Andy Lutomirski <luto(a)kernel.org> > Cc: Dave Hansen <dave.hansen(a)intel.com> > Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> > Cc: Juergen Gross <jgross(a)suse.com> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Borislav Petkov <bp(a)alien8.de> > Cc: Jiri Kosina <jkosina(a)suse.cz> > Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> > Cc: Brian Gerst <brgerst(a)gmail.com> > Cc: David Laight <David.Laight(a)aculab.com> > Cc: Denys Vlasenko <dvlasenk(a)redhat.com> > Cc: Eduardo Valentin <eduval(a)amazon.com> > Cc: Greg KH <gregkh(a)linuxfoundation.org> > Cc: Will Deacon <will.deacon(a)arm.com> > Cc: aliguori(a)amazon.com > Cc: daniel.gruss(a)iaik.tugraz.at > Cc: hughd(a)google.com > Cc: keescook(a)google.com > Cc: Andrea Arcangeli <aarcange(a)redhat.com> > Cc: Waiman Long <llong(a)redhat.com> > Cc: Pavel Machek <pavel(a)ucw.cz> > Cc: Arnaldo Carvalho de Melo <acme(a)kernel.org> > Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> > Cc: Jiri Olsa <jolsa(a)redhat.com> > Cc: Namhyung Kim <namhyung(a)kernel.org> > Cc: joro(a)8bytes.org > Link: https://lkml.kernel.org/r/1532533683-5988-4-git-send-email-joro@8bytes.org > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > arch/x86/kernel/machine_kexec_32.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > --- a/arch/x86/kernel/machine_kexec_32.c > +++ b/arch/x86/kernel/machine_kexec_32.c > @@ -69,7 +69,7 @@ static void load_segments(void) > > static void machine_kexec_free_page_tables(struct kimage *image) > { > - free_page((unsigned long)image->arch.pgd); > + free_pages((unsigned long)image->arch.pgd, PGD_ALLOCATION_ORDER); > image->arch.pgd = NULL; > #ifdef CONFIG_X86_PAE > free_page((unsigned long)image->arch.pmd0); > @@ -85,7 +85,8 @@ static void machine_kexec_free_page_tabl > > static int machine_kexec_alloc_page_tables(struct kimage *image) > { > - image->arch.pgd = (pgd_t *)get_zeroed_page(GFP_KERNEL); > + image->arch.pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, > + PGD_ALLOCATION_ORDER); > #ifdef CONFIG_X86_PAE > image->arch.pmd0 = (pmd_t *)get_zeroed_page(GFP_KERNEL); > image->arch.pmd1 = (pmd_t *)get_zeroed_page(GFP_KERNEL); > > > Patches currently in stable-queue which might be from jroedel(a)suse.de are > > queue-3.18/x86-kexec-allocate-8k-pgds-for-pti.patch > queue-3.18/x86-mm-remove-in_nmi-warning-from-vmalloc_fault.patch >

7 years

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror