- Linux-stable-mirror - lists.linaro.org

[PATCH 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <balbi(a)ti.com> Cc: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/power/supply/twl4030_charger.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER) -- 2.18.0

7 years, 1 month

2
2
0 0

qemu test failures (crashes) in v4.{14,17}.y-stable queues

by Guenter Roeck

Various mips64 and ppc64 qemu tests crash as follows in v4.14.y and v4.17.y (the log is from ppc64). ------------[ cut here ]------------ kernel BUG at kernel/time/hrtimer.c:1673! Oops: Exception in kernel mode, sig: 5 [#1] BE NUMA CoreNet Generic Modules linked in: CPU: 0 PID: 1 Comm: init Not tainted 4.17.19-rc1-00309-g8fe1830 #1 NIP: c000000000085d6c LR: c00000000089d840 CTR: c00000000000cd00 REGS: c00000003e1e7990 TRAP: 0700 Not tainted (4.17.19-rc1-00309-g8fe1830) MSR: 000000008002b000 <CE,EE,FP,ME> CR: 48000284 XER: 00000000 SOFTE: 0 GPR00: c00000000089d7ec c00000003e1e7c10 c000000000cb9c00 c00000003e1e8238 GPR04: c00000003e1e7c80 ffffffffffffffff 000000003b9aca00 0000000000000000 GPR08: 0000000031012c01 0000000031012c01 0000000000000002 0000000031012c01 GPR12: 0000000028000482 c000000000d35000 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR24: 0000000000000000 0000000000000000 0000000000000016 00000000ffff9008 GPR28: c00000003e1e7e10 c00000003e1e8000 0000000000000000 000000009336eabb NIP [c000000000085d6c] .nanosleep_copyout+0x4c/0x50 LR [c00000000089d840] .do_nanosleep+0x160/0x190 Call Trace: [c00000003e1e7c10] [c00000000089d7ec] .do_nanosleep+0x10c/0x190 (unreliable) [c00000003e1e7cc0] [c000000000085e78] .hrtimer_nanosleep+0x108/0x1d0 [c00000003e1e7da0] [c000000000086068] .__se_compat_sys_nanosleep+0x78/0xb0 [c00000003e1e7e30] [c000000000000618] system_call+0x58/0x64 Instruction dump: 7c832378 e8890010 4bffbadd 60000000 38210070 e8010010 2fa30000 3940fff2 3860fdfc 7c63579e 7c0803a6 4e800020 <0fe00000> 7c0802a6 fb81ffe0 fbc1fff0 ---[ end trace 15c7fbc119007c42 ]--- I started to bisect, but abandoned it after finding commit 62d7ce7f40a9 ("posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME") in both branches. Since there is no "config COMPAT_32BIT_TIME" in v4.14.y or v4.17.y, some relevant code is commented out by the commit, which in turn results in the crash. Guenter

7 years, 1 month

2
4
0 0

[GIT PULL] commits for Linux 4.17

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.17 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 128642b28a7de3171541132cf300e33a7a8e5f21: Linux 4.17.13 (2018-08-06 16:18:22 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.17-09082018 for you to fetch changes up to 3ad72f3a541e258f32da620840b8d4d62cecf18b: mm: make vm_area_alloc() initialize core fields (2018-08-07 02:31:10 -0400) - ---------------------------------------------------------------- for-greg-4.17-09082018 - ---------------------------------------------------------------- Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (2): octeon_mgmt: Fix MIX registers configuration on MTU setup net: cavium: Add fine-granular dependencies on PCI Alexandre Belloni (1): rtc: fix alarm read and set offset Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Anders Roxell (1): selftests: net: add config fragments Andreas Schwab (1): RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnaldo Carvalho de Melo (1): tools include uapi: Update if_link.h to pick IFLA_{BRPORT_ISOLATED,VXLAN_TTL_INHERIT} Arnd Bergmann (3): posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME ieee802154: mcr20a: add missing includes drm/sun4i: link in front-end code if needed Artur Petrosyan (1): usb: dwc2: Fix host exit from hibernation flow. Arun Kumar Neelakantam (2): net: qrtr: Broadcast messages only from control port net: qrtr: Reset the node and port ID of broadcast messages Ayan Kumar Halder (3): drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format drm/mali-dp: Rectify the width and height passed to rotmem_required() Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible Bert Kenward (2): sfc: avoid hang from nested use of the filter_sem sfc: hold filter_sem consistently during reset BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Leedom (1): cxgb4: assume flash part size to be 4MB, if it can't be determined Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Damien ThÃ©bault (1): platform/x86: dell-laptop: Fix backlight detection Dan Carpenter (10): blk-mq-debugfs: Off by one in blk_mq_rq_state_name() block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug clk: davinci: cfgchip: testing the wrong variable dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qed: off by one in qed_parse_mcp_trace_buf() ixgbe: Off by one in ixgbe_ipsec_tx() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Francis (1): amd/dc/dce100: On dce100, set clocks to 0 on suspend David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (2): net/sched: act_csum: fix NULL dereference when 'goto chain' is used net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Denis Kenzior (1): mac80211: disable BHs/preemption in ieee80211_tx_control_port() Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (2): gpu: host1x: Skip IOMMU initialization if firewall is enabled gpu: host1x: Check whether size of unpin isn't 0 Don Brace (1): scsi: hpsa: correct enclosure sas address Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (2): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. tls: fix skb_to_sgvec returning unhandled error. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Biggers (1): crypto: arm/speck - fix building in Thumb2 mode Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Evan Quan (1): drm/amd/powerplay: correct vega12 thermal support as true Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (4): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: HR2: Fix interrupt types for i2c and PCIe ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target Frank Rowand (1): of: overlay: update phandle cache on overlay apply and remove Frederic Weisbecker (1): sched/nohz: Skip remote tick on idle task entirely Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greentime Hu (1): nds32: Fix the dts pointer is not passed correctly issue. Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo Pimentel (1): ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Haiyue Wang (1): ipmi: kcs_bmc: fix IRQ exception if the channel is not open Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Harini Katakam (1): net: macb: Free RX ring for all queues Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Heiner Kallweit (1): r8169: fix mac address change Helge Eichelberg (1): hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Israel Rukshin (1): nvme-rdma: Fix command completion race at error recovery Jakub Kicinski (2): selftests/bpf: test offloads even with BPF programs present nfp: bpf: don't stop offload if replace failed Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Janne Huttunen (1): perf script python: Fix dict reference counting Janusz Krzysztofik (1): dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jens Axboe (1): blk-mq: don't queue more if we get a busy return Jeremy Cline (1): perf tools: Use python-config --includes rather than --cflags Jerome Brunet (1): ARM64: dts: meson-axg: fix ethernet stability issue Jianchao Wang (1): nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Jim Mattson (1): kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading Jim Wilson (1): RISC-V: Fix PTRACE_SETREGSET bug. Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John Fastabend (1): bpf: fix sk_skb programs without skb->dev assigned John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Jon Maloy (4): tipc: fix wrong return value from function tipc_node_try_addr() tipc: correct discovery message handling during address trial period tipc: fix correct setting of message type in second discoverer tipc: make function tipc_net_finalize() thread safe Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Julia Lawall (1): clocksource/drivers/stm32: Fix error return code Julian Wiedmann (1): s390/qeth: consistently re-enable device features Juri Lelli (1): sched/deadline: Fix switched_from_dl() warning Kai-Heng Feng (1): usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Kalderon, Michal (1): RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Karsten Graul (1): net/smc: reset recv timeout after clc handshake Katsuhiro Suzuki (1): arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (2): perf llvm-utils: Remove bashism from kernel include fetch script perf test shell: Prevent temporary editor files from being considered test scripts Laura Abbott (2): tools: build: Fixup host c flags tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus LÃ¼ssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (4): Mark HI and TASKLET softirq synchronous mm: use helper functions for allocating and freeing vm_area structs mm: make vm_area_dup() actually copy the old vma data mm: make vm_area_alloc() initialize core fields Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Maciej Purski (4): drm/bridge/sii8620: fix display modes validation drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marc Zyngier (2): irqchip/gic-v2m: Fix SPI release on error path irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (2): clk: sunxi-ng: replace lib-y with obj-y kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (3): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Hennerich (2): net: ieee802154: adf7242: Fix erroneous RX enable net: ieee802154: adf7242: Fix OCL calibration runs Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nicholas Piggin (1): powerpc: smp_send_stop do not offline stopped CPUs Nicolas Boichat (1): HID: google: Add support for whiskers Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Palmer Dabbelt (1): RISC-V: Don't include irq-riscv-intc.h Paolo Abeni (1): ipfrag: really prevent allocation on netns exit Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Pavel Machek (1): ARM: dts: omap4-droid4: fix dts w.r.t. pwm Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Chen (1): usb: chipidea: host: fix disconnection detect issue Peter Zijlstra (2): kthread, sched/core: Fix kthread_parkme() (again...) ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ravi Bangoria (2): perf script: Fix crash because of missing evsel->priv perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (4): drm/armada: fix colorkey mode property drm/armada: fix irq handling sfp: ensure we clean up properly on bus registration failure sfp: fix module initialisation with netdev already up Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sagi Grimberg (1): nvme-rdma: fix possible double free condition when failing to create a controller Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Bauer (1): nvme: ensure forward progress during Admin passthru Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (8): PCI: OF: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: v3-semi: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Sowmini Varadhan (1): rds: clean up loopback rds_connections on netns deletion Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steve French (1): smb3: increase initial number of credits requested to allow write Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (4): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif Taeung Song (4): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Falcon (1): ibmvnic: Revise RX/TX queue error messages Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Uwe Kleine-KÃ¶nig (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Venkat Duvvuru (1): bnxt_en: Fix the vlan_tci exact match check. Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Guittot (1): sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vishal Verma (1): tools/testing/nvdimm: advertise a write cache for nfit_test Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wang Dongsheng (1): net: phy: marvell: change default m88e1510 LED configuration Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Will Deacon (1): arm64: Avoid flush_icache_range() in alternatives patching code Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Xunlei Pang (1): sched/fair: Fix bandwidth timer clock drift condition Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Zhu Yanjun (1): IB/rxe: avoid double kfree skb piaojun (1): net/9p/client.c: put refcount of trans_mod in error case in parse_opts() Makefile | 6 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 ++++++-- arch/arc/plat-hsdk/platform.c | 62 +++++++++++ arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 ++-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/crypto/speck-neon-core.S | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 +++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 ++- arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- .../boot/dts/socionext/uniphier-ld11-global.dts | 2 +- .../boot/dts/socionext/uniphier-ld20-global.dts | 2 +- arch/arm64/include/asm/alternative.h | 7 +- arch/arm64/kernel/alternative.c | 51 +++++++-- arch/arm64/kernel/module.c | 5 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/ia64/kernel/perfmon.c | 6 +- arch/ia64/mm/init.c | 12 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/nds32/kernel/setup.c | 3 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/powerpc/kernel/smp.c | 6 - arch/riscv/kernel/irq.c | 4 - arch/riscv/kernel/module.c | 4 +- arch/riscv/kernel/ptrace.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/vmx.c | 9 +- block/blk-mq-debugfs.c | 2 +- block/blk-mq.c | 12 ++ block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 +++++-- drivers/char/ipmi/kcs_bmc.c | 31 ++---- drivers/clk/Makefile | 2 +- drivers/clk/davinci/da8xx-cfgchip.c | 2 +- drivers/clk/sunxi-ng/Makefile | 39 +++---- drivers/clocksource/timer-stm32.c | 4 +- drivers/dax/device.c | 12 +- drivers/dma/k3dma.c | 2 +- drivers/dma/omap-dma.c | 6 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 19 +++- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 + drivers/gpu/drm/arm/malidp_drv.c | 3 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 9 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 +++-- drivers/gpu/drm/bridge/sil-sii8620.c | 121 +++++++++++---------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/sun4i/Makefile | 5 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/dev.c | 3 + drivers/gpu/host1x/job.c | 3 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/hwmon/nct6775.c | 2 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++- drivers/infiniband/hw/qedr/verbs.c | 3 + drivers/infiniband/sw/rxe/rxe_req.c | 5 +- drivers/input/rmi4/rmi_2d_sensor.c | 34 +++--- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 10 ++ drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 - drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/cavium/Kconfig | 12 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +++--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 43 +++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 +- .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/ethernet/renesas/ravb_main.c | 56 +++------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++------- drivers/net/ethernet/sfc/ef10.c | 30 +++-- drivers/net/ethernet/sfc/efx.c | 17 ++- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/adf7242.c | 34 +++++- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ieee802154/mcr20a.c | 3 +- drivers/net/ipvlan/ipvlan_main.c | 36 ++++-- drivers/net/phy/marvell.c | 54 ++++++--- drivers/net/phy/sfp-bus.c | 35 ++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 +++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 52 ++++----- drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/rdma.c | 28 +++-- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/of/base.c | 6 +- drivers/of/of_private.h | 2 + drivers/of/overlay.c | 11 ++ drivers/pci/dwc/pcie-designware-host.c | 3 +- drivers/pci/host/pci-aardvark.c | 2 +- drivers/pci/host/pci-ftpci100.c | 4 +- drivers/pci/host/pci-v3-semi.c | 2 +- drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pci-xgene.c | 2 +- drivers/pci/host/pcie-mediatek.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/of.c | 2 +- drivers/pci/pci.c | 38 +++++++ drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/platform/x86/dell-laptop.c | 2 +- drivers/rtc/interface.c | 8 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/s390/net/qeth_core.h | 2 +- drivers/s390/net/qeth_core_main.c | 23 ++-- drivers/s390/net/qeth_l2_main.c | 5 +- drivers/s390/net/qeth_l3_main.c | 3 +- drivers/scsi/hpsa.c | 25 ++++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qedf/qedf_main.c | 12 ++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/usb/chipidea/host.c | 5 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 93 +++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-dbgcap.c | 12 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/usb/typec/tcpm.c | 3 +- drivers/xen/manage.c | 18 ++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 +-- fs/ceph/inode.c | 1 + fs/cifs/smb2pdu.c | 5 +- fs/exec.c | 6 +- fs/jfs/xattr.c | 10 +- fs/nfs/nfs4proc.c | 17 +-- include/linux/fsl/guts.h | 1 + include/linux/kthread.h | 1 - include/linux/marvell_phy.h | 2 + include/linux/mm.h | 4 +- include/linux/pci.h | 2 + include/linux/sched.h | 2 +- include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_csum.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/fork.c | 35 +++++- kernel/kthread.c | 30 ++++- kernel/locking/lockdep.c | 12 +- kernel/sched/core.c | 67 ++++++------ kernel/sched/deadline.c | 11 +- kernel/sched/fair.c | 30 ++--- kernel/sched/sched.h | 6 +- kernel/softirq.c | 12 +- kernel/time/hrtimer.c | 2 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- mm/mmap.c | 35 ++---- mm/nommu.c | 10 +- net/9p/client.c | 3 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/debugfs.c | 40 +++++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/hard-interface.c | 37 ++++++- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/core/filter.c | 3 +- net/ieee802154/6lowpan/core.c | 6 + net/ipv4/inet_fragment.c | 2 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 +++++-------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/mac80211/tx.c | 2 + net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 13 ++- net/rds/connection.c | 11 +- net/rds/loop.c | 56 ++++++++++ net/rds/loop.h | 2 + net/sched/act_csum.c | 6 +- net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/smc_clc.c | 3 +- net/tipc/discover.c | 18 +-- net/tipc/net.c | 17 ++- net/tipc/node.c | 7 +- net/tls/tls_sw.c | 5 + net/wireless/nl80211.c | 35 +++--- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- samples/bpf/xdp2skb_meta.sh | 6 +- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Build.include | 2 +- tools/build/Makefile | 2 +- tools/include/uapi/linux/if_link.h | 2 + tools/objtool/elf.c | 41 ++++--- tools/perf/Makefile.config | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/builtin-annotate.c | 11 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-script.c | 25 ++++- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/pmu-events/Build | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 12 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/nvdimm/test/nfit.c | 3 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ tools/testing/selftests/bpf/test_offload.py | 12 +- tools/testing/selftests/net/config | 2 + .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 +- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++---- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 327 files changed, 2487 insertions(+), 1222 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2tYACgkQ3qZv95d3 LNybgg/+NZl+NRx12OH9XIZuNL2xVNUHOuPUs7z9NRLE/GiU4fwLV1B1wfnBhTOZ Im+kL3byVvrwdGrlFrbGsnk9vSElNS2IVSX4ORbKco9+9M/4xZgp070RU0WJHac6 sLUJh0zmnnU5JLtAIxKIZ7d67LsjuOoVa6KPM0mEZm3OBf3ilepIypihm+99vSuZ 6cLu4Cii/qKOSGenZ14IqiavNEc8IIXscTotAZcR/GXZr++dOLHyeGtsfjiXcDKf VL4FjTQusHZNoWspKZj6gZp2iyPeC1bulaBEPq6GGefWHK3FCjDoifZzlZ0y1XKA IgEN3xCDG/lxrIC1uj1VScUEOk9LXygE+6IPhT1tQ/f1ywkr+7tOY+uGvKHUpWQ4 qejpJFiltwPqM7SG78MrTKks7W5bi7FgrEHWchsYVylUY9STGhrj7WrEM/5SMs83 JtDbEbZhX4sSV0i0UDZVUebKajomjdmyJTFPrKh9LU25p6/jdFSdCC/Z6qGz+1Tp YDgcCTWm11rzWr14aRLEM3RRmLv1yeFsoLVx4J2eA8LpXZhKh0GMTBSo4QKQrDg9 JfvYAL70XZ5AUFYKW2Zs+/ftzibwFRWT4LG1Vu9xM1cQaxrE3toLaLnxpFbJNNlY P01Rp1qvKxvL55eII9AS9+kYdcT8vPOffHCpXMZrEQYfUDbBhdA= =w5qK -----END PGP SIGNATURE-----

7 years, 1 month

3
8
0 0

[GIT] Networking

by David Miller

Please queue up the following networking bug fixes for v4.17 and v4.18 -stable, respectively. Thank you!

7 years, 1 month

2
2
0 0

FAILED: patch "[PATCH] PCI: pciehp: Fix unprotected list iteration in IRQ handler" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1204e35bedf4e5015cda559ed8c84789a6dae24e Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Thu, 19 Jul 2018 17:27:34 -0500 Subject: [PATCH] PCI: pciehp: Fix unprotected list iteration in IRQ handler Commit b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") iterates over the devices on a hotplug port's subordinate bus in pciehp's IRQ handler without acquiring pci_bus_sem. It is thus possible for a user to cause a crash by concurrently manipulating the device list, e.g. by disabling slot power via sysfs on a different CPU or by initiating a remove/rescan via sysfs. This can't be fixed by acquiring pci_bus_sem because it may sleep. The simplest fix is to avoid the list iteration altogether and just check the ignore_hotplug flag on the port itself. This works because pci_ignore_hotplug() sets the flag both on the device as well as on its parent bridge. We do lose the ability to print the name of the device blocking hotplug in the debug message, but that's probably bearable. Fixes: b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c index 84b3d421c083..aff191b4552c 100644 --- a/drivers/pci/hotplug/pciehp_hpc.c +++ b/drivers/pci/hotplug/pciehp_hpc.c @@ -539,8 +539,6 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id) { struct controller *ctrl = (struct controller *)dev_id; struct pci_dev *pdev = ctrl_dev(ctrl); - struct pci_bus *subordinate = pdev->subordinate; - struct pci_dev *dev; struct slot *slot = ctrl->slot; u16 status, events; u8 present; @@ -588,14 +586,9 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id) wake_up(&ctrl->queue); } - if (subordinate) { - list_for_each_entry(dev, &subordinate->devices, bus_list) { - if (dev->ignore_hotplug) { - ctrl_dbg(ctrl, "ignoring hotplug event %#06x (%s requested no hotplug)\n", - events, pci_name(dev)); - return IRQ_HANDLED; - } - } + if (pdev->ignore_hotplug) { + ctrl_dbg(ctrl, "ignoring hotplug event %#06x\n", events); + return IRQ_HANDLED; } /* Check Attention Button Pressed */

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] PCI: aardvark: Size bridges before resources allocation" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 91a2968e245d6ba616db37001fa1a043078b1a65 Mon Sep 17 00:00:00 2001 From: Zachary Zhang <zhangzg(a)marvell.com> Date: Fri, 29 Jun 2018 11:16:19 +0200 Subject: [PATCH] PCI: aardvark: Size bridges before resources allocation The PCIE I/O and MEM resource allocation mechanism is that root bus goes through the following steps: 1. Check PCI bridges' range and computes I/O and Mem base/limits. 2. Sort all subordinate devices I/O and MEM resource requirements and allocate the resources and writes/updates subordinate devices' requirements to PCI bridges I/O and Mem MEM/limits registers. Currently, PCI Aardvark driver only handles the second step and lacks the first step, so there is an I/O and MEM resource allocation failure when using a PCI switch. This commit fixes that by sizing bridges before doing the resource allocation. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Signed-off-by: Zachary Zhang <zhangzg(a)marvell.com> [Thomas: edit commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c index c9c72595bd20..10543ed7b500 100644 --- a/drivers/pci/controller/pci-aardvark.c +++ b/drivers/pci/controller/pci-aardvark.c @@ -906,6 +906,7 @@ static int advk_pcie_probe(struct platform_device *pdev) bus = bridge->bus; + pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); list_for_each_entry(child, &bus->children, node)

7 years, 1 month

1
0
0 0

[PATCH v2 for-4.4.y 0/5] net/sched: init failure fixes

by Amit Pundir

Hi Greg, Kindly consider/review following net/sched fixes for stable 4.4.y. This patchset is a follow-up of upstream fix 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") cherry-picked on stable 4.4.y. It fix null pointer dereferences due to uninitialized timer (qdisc watchdog) or double frees due to ->destroy cleaning up a second time. Here is the original submission https://www.mail-archive.com/netdev@vger.kernel.org/msg186003.html Cherry-picked and build tested on Linux 4.4.151 for ARCH=x86_64. Regards, Amit Pundir Change since v1: Rebased "sch_multiq: fix double free on init failure" patch and fixed "unused variable" build warning. Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure net/sched/sch_hhf.c | 3 +++ net/sched/sch_htb.c | 5 +++-- net/sched/sch_multiq.c | 9 ++------- net/sched/sch_netem.c | 4 ++-- net/sched/sch_tbf.c | 5 +++-- 5 files changed, 13 insertions(+), 13 deletions(-) -- 2.7.4

7 years, 1 month

1
5
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

1
0
0 0

[PATCH 4.4 00/43] 4.4.141-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.141 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jul 18 07:34:50 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.141-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.141-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> loop: remember whether sysfs_create_group() was done Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucm: Mark UCM interface as BROKEN Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> PM / hibernate: Fix oops at snapshot_write() Theodore Ts'o <tytso(a)mit.edu> loop: add recursion validation to LOOP_CHANGE_FD Florian Westphal <fw(a)strlen.de> netfilter: x_tables: initialise match/target check parameter struct Eric Dumazet <edumazet(a)google.com> netfilter: nf_queue: augment nfqa_cfg_policy Oleg Nesterov <oleg(a)redhat.com> uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Add helper macro for mask check macros Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature: Update cpufeaure macros Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys Yazen Ghannam <Yazen.Ghannam(a)amd.com> x86/cpu: Add detection of AMD RAS Capabilities Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/pkeys: Fix mismerge of protection keys CPUID bits Dave Hansen <dave.hansen(a)linux.intel.com> x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions Borislav Petkov <bp(a)suse.de> x86/cpufeature: Speed up cpu_feature_enabled() Alexander Kuleshov <kuleshovmail(a)gmail.com> x86/boot: Simplify kernel load address alignment check Borislav Petkov <bp(a)suse.de> x86/vdso: Use static_cpu_has() Brian Gerst <brgerst(a)gmail.com> x86/alternatives: Discard dynamic check after init Borislav Petkov <bp(a)suse.de> x86/alternatives: Add an auxilary section Borislav Petkov <bp(a)alien8.de> x86/cpufeature: Get rid of the non-asm goto variant Borislav Petkov <bp(a)suse.de> x86/cpufeature: Replace the old static_cpu_has() with safe variant Borislav Petkov <bp(a)suse.de> x86/cpufeature: Carve out X86_FEATURE_* Andi Kleen <ak(a)linux.intel.com> x86/headers: Don't include asm/processor.h in asm/atomic.h Borislav Petkov <bp(a)suse.de> x86/fpu: Get rid of xstate_fault() Borislav Petkov <bp(a)suse.de> x86/fpu: Add an XSTATE_OP() macro Borislav Petkov <bp(a)suse.de> x86/cpu: Provide a config option to disable static_cpu_has Borislav Petkov <bp(a)suse.de> x86/cpufeature: Cleanup get_cpu_cap() Borislav Petkov <bp(a)suse.de> x86/cpufeature: Move some of the scattered feature bits to x86_capability Steve Wise <swise(a)opengridcomputing.com> iw_cxgb4: correctly enforce the max reg_mr depth Paul Menzel <pmenzel(a)molgen.mpg.de> tools build: fix # escaping in .cmd files for future Make Linus Torvalds <torvalds(a)linux-foundation.org> Fix up non-directory creation in SGID directories Tomasz Kramkowski <tk(a)the-tk.com> HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter Dan Carpenter <dan.carpenter(a)oracle.com> xhci: xhci-mem: off by one in xhci_stream_id_to_ring() Nico Sneck <snecknico(a)gmail.com> usb: quirks: add delay quirks for Corsair Strafe Johan Hovold <johan(a)kernel.org> USB: serial: mos7840: fix status-register error handling Jann Horn <jannh(a)google.com> USB: yurex: fix out-of-bounds uaccess in read handler Johan Hovold <johan(a)kernel.org> USB: serial: keyspan_pda: fix modem-status error handling Olli Salonen <olli.salonen(a)iki.fi> USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick Dan Carpenter <dan.carpenter(a)oracle.com> USB: serial: ch341: fix type promotion bug in ch341_control_in() Hans de Goede <hdegoede(a)redhat.com> ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS Nadav Amit <namit(a)vmware.com> vmw_balloon: fix inflation with batching Jann Horn <jannh(a)google.com> ibmasm: don't write out of bounds in read handler Paul Burton <paul.burton(a)mips.com> MIPS: Fix ioremap() RAM check ------------- Diffstat: Documentation/kernel-parameters.txt | 2 +- Makefile | 4 +- arch/mips/mm/ioremap.c | 37 ++- arch/x86/Kconfig | 11 + arch/x86/Kconfig.debug | 10 - arch/x86/boot/cpuflags.h | 2 +- arch/x86/boot/mkcpustr.c | 2 +- arch/x86/crypto/crc32-pclmul_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 2 +- arch/x86/crypto/crct10dif-pclmul_glue.c | 2 +- arch/x86/entry/common.c | 1 + arch/x86/entry/entry_32.S | 2 +- arch/x86/entry/vdso/vdso32-setup.c | 1 - arch/x86/entry/vdso/vdso32/system_call.S | 2 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 6 - arch/x86/include/asm/apic.h | 1 - arch/x86/include/asm/arch_hweight.h | 2 + arch/x86/include/asm/atomic.h | 1 - arch/x86/include/asm/atomic64_32.h | 1 - arch/x86/include/asm/cmpxchg.h | 1 + arch/x86/include/asm/cpufeature.h | 546 ++++++------------------------- arch/x86/include/asm/cpufeatures.h | 306 +++++++++++++++++ arch/x86/include/asm/disabled-features.h | 17 + arch/x86/include/asm/fpu/internal.h | 182 +++++------ arch/x86/include/asm/irq_work.h | 2 +- arch/x86/include/asm/mwait.h | 2 + arch/x86/include/asm/nospec-branch.h | 2 +- arch/x86/include/asm/processor.h | 3 +- arch/x86/include/asm/required-features.h | 9 + arch/x86/include/asm/smap.h | 2 +- arch/x86/include/asm/smp.h | 1 - arch/x86/include/asm/thread_info.h | 2 +- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/include/asm/uaccess_64.h | 2 +- arch/x86/kernel/apic/apic_numachip.c | 4 +- arch/x86/kernel/cpu/Makefile | 2 +- arch/x86/kernel/cpu/centaur.c | 4 +- arch/x86/kernel/cpu/common.c | 71 ++-- arch/x86/kernel/cpu/cyrix.c | 1 + arch/x86/kernel/cpu/intel.c | 2 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 2 +- arch/x86/kernel/cpu/match.c | 2 +- arch/x86/kernel/cpu/mkcapflags.sh | 6 +- arch/x86/kernel/cpu/mtrr/main.c | 2 +- arch/x86/kernel/cpu/scattered.c | 20 -- arch/x86/kernel/cpu/transmeta.c | 6 +- arch/x86/kernel/e820.c | 1 + arch/x86/kernel/head_32.S | 2 +- arch/x86/kernel/head_64.S | 4 +- arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/msr.c | 2 +- arch/x86/kernel/uprobes.c | 2 +- arch/x86/kernel/verify_cpu.S | 2 +- arch/x86/kernel/vm86_32.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 11 + arch/x86/lib/clear_page_64.S | 2 +- arch/x86/lib/copy_page_64.S | 2 +- arch/x86/lib/copy_user_64.S | 2 +- arch/x86/lib/memcpy_64.S | 2 +- arch/x86/lib/memmove_64.S | 2 +- arch/x86/lib/memset_64.S | 2 +- arch/x86/lib/retpoline.S | 2 +- arch/x86/mm/setup_nx.c | 1 + arch/x86/oprofile/op_model_amd.c | 1 - arch/x86/um/asm/barrier.h | 2 +- drivers/ata/ahci.c | 59 ++++ drivers/ata/libata-core.c | 3 + drivers/block/loop.c | 79 +++-- drivers/block/loop.h | 1 + drivers/hid/hid-ids.h | 3 + drivers/hid/usbhid/hid-quirks.c | 1 + drivers/infiniband/Kconfig | 12 + drivers/infiniband/core/Makefile | 4 +- drivers/infiniband/hw/cxgb4/mem.c | 2 +- drivers/misc/ibmasm/ibmasmfs.c | 27 +- drivers/misc/vmw_balloon.c | 4 +- drivers/usb/core/quirks.c | 4 + drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/misc/yurex.c | 23 +- drivers/usb/serial/ch341.c | 2 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/keyspan_pda.c | 4 +- drivers/usb/serial/mos7840.c | 3 + fs/btrfs/disk-io.c | 2 +- fs/inode.c | 6 + include/linux/libata.h | 1 + kernel/power/user.c | 5 + lib/atomic64_test.c | 4 + net/bridge/netfilter/ebtables.c | 2 + net/ipv4/netfilter/ip_tables.c | 1 + net/ipv6/netfilter/ip6_tables.c | 1 + net/netfilter/nfnetlink_queue.c | 3 + tools/build/Build.include | 4 +- 94 files changed, 831 insertions(+), 771 deletions(-)

7 years, 1 month

6
52
0 0

v4.17.18 build: 0 failures 1 warnings (v4.17.18)

by Build bot for Mark Brown

Tree/Branch: v4.17.18 Git describe: v4.17.18 Commit: 97f21471e8 Linux 4.17.18 Build Time: 0 min 13 sec Passed: 8 / 8 (100.00 %) Failed: 0 / 8 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : arm-multi_v5_defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 3 ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/net/ip6_route.h:71:12: warning: 'rt' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm-allnoconfig x86_64-defconfig

7 years, 1 month

1
0
0 0

[PATCH v2] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Fixes: fadd94e05c02 (bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set) Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- Changelog: v2: add Fixes tag by Coly Li. v1: initial patch from Shan Hai. drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 1 month

2
2
0 0

[PATCH] KVM: VMX: fixes for vmentry_l1d_flush module parameter

by Paolo Bonzini

Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach the missing entry. Future-proof the get function against any overflows as well. However, the two entries VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must not be accepted by the parse function, so disable them there. 2) invalid values must be rejected even if the CPU does not have the bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF) ... and a small refactoring, since the .cmd field is redundant with the index in the array. Reported-by: Bandan Das <bsd(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- arch/x86/kvm/vmx.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c76ca8c4befa..8dae47e7267a 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -198,12 +198,14 @@ static const struct { const char *option; - enum vmx_l1d_flush_state cmd; + bool for_parse; } vmentry_l1d_param[] = { - {"auto", VMENTER_L1D_FLUSH_AUTO}, - {"never", VMENTER_L1D_FLUSH_NEVER}, - {"cond", VMENTER_L1D_FLUSH_COND}, - {"always", VMENTER_L1D_FLUSH_ALWAYS}, + [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, + [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, + [VMENTER_L1D_FLUSH_COND] = {"cond", true}, + [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, + [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, + [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, }; #define L1D_CACHE_ORDER 4 @@ -287,8 +289,9 @@ static int vmentry_l1d_flush_parse(const char *s) if (s) { for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { - if (sysfs_streq(s, vmentry_l1d_param[i].option)) - return vmentry_l1d_param[i].cmd; + if (vmentry_l1d_param[i].for_parse && + sysfs_streq(s, vmentry_l1d_param[i].option)) + return i; } } return -EINVAL; @@ -298,13 +301,13 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) { int l1tf, ret; - if (!boot_cpu_has(X86_BUG_L1TF)) - return 0; - l1tf = vmentry_l1d_flush_parse(s); if (l1tf < 0) return l1tf; + if (!boot_cpu_has(X86_BUG_L1TF)) + return 0; + /* * Has vmx_init() run already? If not then this is the pre init * parameter parsing. In that case just store the value and let @@ -324,6 +327,9 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) { + if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) + return sprintf(s, "???\n"); + return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); } -- 1.8.3.1

7 years, 1 month

3
3
0 0

Build failures in -stable queues

by Guenter Roeck

v4.4.y, v4.9.y: Building mips:cavium_octeon_defconfig ... failed -------------- Error log: /opt/buildbot/slave/stable-queue-4.4/build/drivers/net/ethernet/octeon/octeon_mgmt.c: In function 'octeon_mgmt_change_mtu': /opt/buildbot/slave/stable-queue-4.4/build/drivers/net/ethernet/octeon/octeon_mgmt.c:652:6: error: 'size_without_fcs' undeclared v4.9.y, v4.14.y: Building i386:tools/perf ... failed Building x86_64:tools/perf ... failed -------------- Error log: PERF_VERSION = 4.9.123.g5175d5 tests/parse-events.c: In function ‘test_event’: tests/parse-events.c:1681:3: error: implicit declaration of function ‘parse_events_print_error’ [-Werror=implicit-function-declaration] parse_events_print_error(&err, e->name); ^ tests/parse-events.c:1681:3: error: nested extern declaration of ‘parse_events_print_error’ This is just a snapshot; builds are still ongoing. I'll send another e-mail later if more errors are reported after the build is complete. Guenter

7 years, 1 month

3
6
0 0

[PATCH] bcache: release dc->writeback_lock properly in bch_writeback_thread()

by Coly Li

From: Shan Hai <shan.hai(a)oracle.com> The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing the held lock before exiting the while-loop. Signed-off-by: Shan Hai <shan.hai(a)oracle.com> Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Shenghui Wang <shhuiw(a)foxmail.com> Cc: stable(a)vger.kernel.org #4.17+ --- drivers/md/bcache/writeback.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 6be05bd7ca67..08c3a9f9676c 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -685,8 +685,10 @@ static int bch_writeback_thread(void *arg) * data on cache. BCACHE_DEV_DETACHING flag is set in * bch_cached_dev_detach(). */ - if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) + if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)) { + up_write(&dc->writeback_lock); break; + } } up_write(&dc->writeback_lock); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 2/2] fs/quota: Fix spectre gadget in do_quotactl

by Jeremy Cline

'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers the following potential gadgets detected with the help of smatch: * fs/ext4/super.c:5741 ext4_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/ext4/super.c:5778 ext4_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1552 f2fs_quota_read() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/f2fs/super.c:1608 f2fs_quota_write() warn: potential spectre issue 'sb_dqopt(sb)->files' [r] * fs/quota/dquot.c:412 mark_info_dirty() warn: potential spectre issue 'sb_dqopt(sb)->info' [w] * fs/quota/dquot.c:933 dqinit_needed() warn: potential spectre issue 'dquots' [r] * fs/quota/dquot.c:2112 dquot_commit_info() warn: potential spectre issue 'dqopt->ops' [r] * fs/quota/dquot.c:2362 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->files' [w] (local cap) * fs/quota/dquot.c:2369 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->ops' [w] (local cap) * fs/quota/dquot.c:2370 vfs_load_quota_inode() warn: potential spectre issue 'dqopt->info' [w] (local cap) * fs/quota/quota.c:110 quota_getfmt() warn: potential spectre issue 'sb_dqopt(sb)->info' [r] * fs/quota/quota_v2.c:84 v2_check_quota_file() warn: potential spectre issue 'quota_magics' [w] * fs/quota/quota_v2.c:85 v2_check_quota_file() warn: potential spectre issue 'quota_versions' [w] * fs/quota/quota_v2.c:96 v2_read_file_info() warn: potential spectre issue 'dqopt->info' [r] * fs/quota/quota_v2.c:172 v2_write_file_info() warn: potential spectre issue 'dqopt->info' [r] Additionally, a quick inspection indicates there are array accesses with 'type' in quota_on() and quota_off() functions which are also addressed by this. Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- This patch isn't going to cleanly apply to stable without the "fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS" patch, but I'm not sure that patch is really stable material and XQM_MAXQUOTAS has been 3 since pre-v4.4 so the end result will be the same even if that patch isn't backported. fs/quota/quota.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/quota/quota.c b/fs/quota/quota.c index d403392d8a0f..f0cbf58ad4da 100644 --- a/fs/quota/quota.c +++ b/fs/quota/quota.c @@ -18,6 +18,7 @@ #include <linux/quotaops.h> #include <linux/types.h> #include <linux/writeback.h> +#include <linux/nospec.h> static int check_quotactl_permission(struct super_block *sb, int type, int cmd, qid_t id) @@ -701,6 +702,7 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, if (type >= MAXQUOTAS) return -EINVAL; + type = array_index_nospec(type, MAXQUOTAS); /* * Quota not supported on this fs? Check this before s_quota_types * since they needn't be set if quota is not supported at all. -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 1 month

3
2
0 0

request for 4.4-stable: 08474cc1e6ea7 ("bridge: Propagate vlan add failure to user")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed the kernel oops issue when executing bridge tool, please see reproducible steps with kernel 4.4 in below. # brctl addbr br0 # brctl addif br0 eth0 [ 1073.390028] device eth0 entered promiscuous mode [ 1073.395022] cpsw 4a100000.ethernet eth0: failed to initialize vlan filtering on this port # brctl addif br0 eth1 [ 1092.205685] net eth1: promiscuity not disabled as the other interface is still in promiscuity mode [ 1092.217541] device eth1 entered promiscuous mode [ 1092.222460] cpsw 4a100000.ethernet eth1: failed to initialize vlan filtering on this port # ifconfig br0 192.168.127.253 netmask 255.255.254.0 [ 1112.412740] br0: port 1(eth0) entered forwarding state [ 1112.417975] br0: port 1(eth0) entered forwarding state # brctl delif br0 eth0 [ 1137.645792] device eth0 left promiscuous mode [ 1137.650429] net eth0: promiscuity not disabled as the other interface is still in promiscuity mode [ 1137.663592] br0: port 1(eth0) entered disabled state [ 1137.668815] Unable to handle kernel NULL pointer dereference at virtual address 0000007a [ 1137.677026] pgd = dc58c000 [ 1137.679745] [0000007a] *pgd=00000000 [ 1137.683377] Internal error: Oops: 805 [#1] SMP ARM [ 1137.688189] Modules linked in: cryptodev omap_sham omap_aes omap_wdt sunrpc ip_tables x_tables autofs4 [ 1137.697598] CPU: 0 PID: 851 Comm: brctl Not tainted 4.4.0-cip-uc8100+ #1 [ 1137.704325] Hardware name: Generic AM33XX (Flattened Device Tree) [ 1137.710442] task: de580dc0 ti: dc574000 task.ti: dc574000 [ 1137.715883] PC is at __vlan_flush+0x18/0x54 [ 1137.720084] LR is at nbp_vlan_flush+0x28/0x60 [ 1137.724457] pc : [<c051ab3c>] lr : [<c051c2f4>] psr: 20080013 [ 1137.724457] sp : dc575dc8 ip : dc575de0 fp : dc575ddc [ 1137.735981] r10: 00000000 r9 : 00000000 r8 : 00000000 [ 1137.741226] r7 : dc5236d4 r6 : de239800 r5 : 00000000 r4 : 00000000 [ 1137.747779] r3 : 00000000 r2 : dc49e4c4 r1 : 00000200 r0 : 00000000 [ 1137.754333] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 1137.761497] Control: 10c5387d Table: 9c58c019 DAC: 00000051 [ 1137.767264] Process brctl (pid: 851, stack limit = 0xdc574218) [ 1137.773119] Stack: (0xdc575dc8 to 0xdc576000) [ 1137.777496] 5dc0: 00000000 dc523600 dc575df4 dc575de0 c051c2f4 c051ab30 [ 1137.785711] 5de0: dc523600 dc49e4c0 dc575e14 dc575df8 c050e450 c051c2d8 dc49e4c0 dc49e4c0 [ 1137.793925] 5e00: 00000002 00000000 dc575e2c dc575e18 c050ebd8 c050e3d0 c0748380 dc49e4c0 [ 1137.802139] 5e20: dc575e4c dc575e30 c050f69c c050ebac dc575ea8 dc49e000 dc575ea8 c0596714 [ 1137.810353] 5e40: dc575e64 dc575e50 c05100f4 c050f650 000089a3 dc49e000 dc575e9c dc575e68 [ 1137.818567] 5e60: c04293d0 c05100a0 c0409b84 c0265738 dc575ea8 c0748380 000089a3 000089a3 [ 1137.826781] 5e80: c0748380 bee56bf4 dc575ea8 00000000 dc575ef4 dc575ea0 c0429828 c0429118 [ 1137.834995] 5ea0: 00000001 d543b3b8 00307262 00000000 00000000 00000000 00000002 00000003 [ 1137.843210] 5ec0: 7f5b0e34 bee56ebf c0147120 000089a3 fffffdfd bee56bf4 c0748380 bee56bf4 [ 1137.851424] 5ee0: 00000003 00000000 dc575f14 dc575ef8 c03f3230 c0429494 bee56bf4 ddb840a0 [ 1137.859638] 5f00: dc4ca340 00000003 dc575f7c dc575f18 c0142c08 c03f30b0 dc575f5c dc575f28 [ 1137.867852] 5f20: c0131f08 c01509ac 00000020 00000000 dc575f54 de581244 00000000 c0754108 [ 1137.876067] 5f40: de580dc0 c000fa64 dc574000 00000000 dc575f6c 00000000 dc4ca340 dc4ca340 [ 1137.884281] 5f60: 000089a3 bee56bf4 00000003 00000000 dc575fa4 dc575f80 c0142e98 c0142724 [ 1137.892495] 5f80: 7f5b10f0 b6f7ace8 00000002 00000036 c000fa64 dc574000 00000000 dc575fa8 [ 1137.900708] 5fa0: c000f8a0 c0142e30 7f5b10f0 b6f7ace8 00000003 000089a3 bee56bf4 000000cc [ 1137.908922] 5fc0: 7f5b10f0 b6f7ace8 00000002 00000036 bee56bf4 00000000 7f5b1000 00000000 [ 1137.917136] 5fe0: b6ef4711 bee56bdc 7f59f1ff b6ef4716 00080030 00000003 00000000 00000000 [ 1137.925343] Backtrace: [ 1137.927810] [<c051ab24>] (__vlan_flush) from [<c051c2f4>] (nbp_vlan_flush+0x28/0x60) [ 1137.935582] r5:dc523600 r4:00000000 [ 1137.939194] [<c051c2cc>] (nbp_vlan_flush) from [<c050e450>] (del_nbp+0x8c/0x110) [ 1137.946618] r5:dc49e4c0 r4:dc523600 [ 1137.950224] [<c050e3c4>] (del_nbp) from [<c050ebd8>] (br_del_if+0x38/0x9c) [ 1137.957125] r7:00000000 r6:00000002 r5:dc49e4c0 r4:dc49e4c0 [ 1137.962833] [<c050eba0>] (br_del_if) from [<c050f69c>] (add_del_if+0x58/0x74) [ 1137.969995] r5:dc49e4c0 r4:c0748380 [ 1137.973600] [<c050f644>] (add_del_if) from [<c05100f4>] (br_dev_ioctl+0x60/0x64) [ 1137.981023] r7:c0596714 r6:dc575ea8 r5:dc49e000 r4:dc575ea8 [ 1137.986731] [<c0510094>] (br_dev_ioctl) from [<c04293d0>] (dev_ifsioc+0x2c4/0x308) [ 1137.994330] r5:dc49e000 r4:000089a3 [ 1137.997930] [<c042910c>] (dev_ifsioc) from [<c0429828>] (dev_ioctl+0x3a0/0x8bc) [ 1138.005266] r8:00000000 r7:dc575ea8 r6:bee56bf4 r5:c0748380 r4:000089a3 [ 1138.012032] [<c0429488>] (dev_ioctl) from [<c03f3230>] (sock_ioctl+0x18c/0x2dc) [ 1138.019368] r10:00000000 r9:00000003 r8:bee56bf4 r7:c0748380 r6:bee56bf4 r5:fffffdfd [ 1138.027260] r4:000089a3 [ 1138.029817] [<c03f30a4>] (sock_ioctl) from [<c0142c08>] (do_vfs_ioctl+0x4f0/0x70c) [ 1138.037416] r7:00000003 r6:dc4ca340 r5:ddb840a0 r4:bee56bf4 [ 1138.043124] [<c0142718>] (do_vfs_ioctl) from [<c0142e98>] (SyS_ioctl+0x74/0x84) [ 1138.050460] r10:00000000 r9:00000003 r8:bee56bf4 r7:000089a3 r6:dc4ca340 r5:dc4ca340 [ 1138.058347] r4:00000000 [ 1138.060907] [<c0142e24>] (SyS_ioctl) from [<c000f8a0>] (ret_fast_syscall+0x0/0x44) [ 1138.068505] r9:dc574000 r8:c000fa64 r7:00000036 r6:00000002 r5:b6f7ace8 r4:7f5b10f0 [ 1138.076311] Code: e24cb004 f57ff05a e1a05000 e3a03000 (e1c037ba) [ 1138.082666] ---[ end trace d055796b6cd31311 ]--- Segmentation fault -- SZ Lin (林上智)

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] parisc: Remove unnecessary barriers from spinlock.h" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3b885ac1dc35b87a39ee176a6c7e2af9c789d8b8 Mon Sep 17 00:00:00 2001 From: John David Anglin <dave.anglin(a)bell.net> Date: Sun, 12 Aug 2018 16:31:17 -0400 Subject: [PATCH] parisc: Remove unnecessary barriers from spinlock.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mb() is an instruction barrier, it will slow performance if we issue unnecessary barriers. The spinlock defines have a number of unnecessary barriers. The __ldcw() define is both a hardware and compiler barrier. The mb() barriers in the routines using __ldcw() serve no purpose. The only barrier needed is the one in arch_spin_unlock(). We need to ensure all accesses are complete prior to releasing the lock. Signed-off-by: John David Anglin <dave.anglin(a)bell.net> Cc: stable(a)vger.kernel.org # 4.0+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h index 6f84b6acc86e..8a63515f03bf 100644 --- a/arch/parisc/include/asm/spinlock.h +++ b/arch/parisc/include/asm/spinlock.h @@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, { volatile unsigned int *a; - mb(); a = __ldcw_align(x); while (__ldcw(a) == 0) while (*a == 0) @@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x, local_irq_disable(); } else cpu_relax(); - mb(); } #define arch_spin_lock_flags arch_spin_lock_flags static inline void arch_spin_unlock(arch_spinlock_t *x) { volatile unsigned int *a; - mb(); + a = __ldcw_align(x); - *a = 1; mb(); + *a = 1; } static inline int arch_spin_trylock(arch_spinlock_t *x) @@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x) volatile unsigned int *a; int ret; - mb(); a = __ldcw_align(x); ret = __ldcw(a) != 0; - mb(); return ret; }

7 years, 1 month

1
0
0 0

[PATCH 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 6/9] net: bcmgenet: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the mdio child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines") Cc: stable <stable(a)vger.kernel.org> # 3.15 Cc: Florian Fainelli <f.fainelli(a)gmail.com> Cc: David S. Miller <davem(a)davemloft.net> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 5333274a283c..87fc65560ceb 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -333,7 +333,7 @@ static struct device_node *bcmgenet_mii_of_find_mdio(struct bcmgenet_priv *priv) if (!compat) return NULL; - priv->mdio_dn = of_find_compatible_node(dn, NULL, compat); + priv->mdio_dn = of_get_compatible_child(dn, compat); kfree(compat); if (!priv->mdio_dn) { dev_err(kdev, "unable to find MDIO bus node\n"); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 5/9] mtd: nand: atmel: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix a related nfc-node reference leak. Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Cc: stable <stable(a)vger.kernel.org> # 4.11 Cc: Nicolas Ferre <nicolas.ferre(a)microchip.com> Cc: Josh Wu <rainyfeeling(a)outlook.com> Cc: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mtd/nand/raw/atmel/nand-controller.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c index a068b214ebaa..d3dfe63956ac 100644 --- a/drivers/mtd/nand/raw/atmel/nand-controller.c +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c @@ -2061,8 +2061,7 @@ atmel_hsmc_nand_controller_legacy_init(struct atmel_hsmc_nand_controller *nc) int ret; nand_np = dev->of_node; - nfc_np = of_find_compatible_node(dev->of_node, NULL, - "atmel,sama5d3-nfc"); + nfc_np = of_get_compatible_child(dev->of_node, "atmel,sama5d3-nfc"); nc->clk = of_clk_get(nfc_np, 0); if (IS_ERR(nc->clk)) { @@ -2472,15 +2471,19 @@ static int atmel_nand_controller_probe(struct platform_device *pdev) } if (caps->legacy_of_bindings) { + struct device_node *nfc_node; u32 ale_offs = 21; /* * If we are parsing legacy DT props and the DT contains a * valid NFC node, forward the request to the sama5 logic. */ - if (of_find_compatible_node(pdev->dev.of_node, NULL, - "atmel,sama5d3-nfc")) + nfc_node = of_get_compatible_child(pdev->dev.of_node, + "atmel,sama5d3-nfc"); + if (nfc_node) { caps = &atmel_sama5_nand_caps; + of_node_put(nfc_node); + } /* * Even if the compatible says we are dealing with an -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 2/9] drm/mediatek: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the sibling instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related cec-node reference leak. Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support") Cc: stable <stable(a)vger.kernel.org> # 4.8 Cc: Jie Qiu <jie.qiu(a)mediatek.com> Cc: Junzhi Zhao <junzhi.zhao(a)mediatek.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: CK Hu <ck.hu(a)mediatek.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c index 2d45d1dd9554..643f5edd68fe 100644 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c @@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, } /* The CEC module handles HDMI hotplug detection */ - cec_np = of_find_compatible_node(np->parent, NULL, - "mediatek,mt8173-cec"); + cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec"); if (!cec_np) { dev_err(dev, "Failed to find CEC node\n"); return -EINVAL; @@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, if (!cec_pdev) { dev_err(hdmi->dev, "Waiting for CEC device %pOF\n", cec_np); + of_node_put(cec_np); return -EPROBE_DEFER; } + of_node_put(cec_np); hdmi->cec_dev = &cec_pdev->dev; /* -- 2.18.0

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d44acae1937b81cf8115ada8958e04f601f3f2e Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 9 Jul 2018 16:25:21 +1000 Subject: [PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 When I added the spectre_v2 information in sysfs, I included the availability of the ori31 speculation barrier. Although the ori31 barrier can be used to mitigate v2, it's primarily intended as a spectre v1 mitigation. Spectre v2 is mitigated by hardware changes. So rework the sysfs files to show the ori31 information in the spectre_v1 file, rather than v2. Currently we display eg: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled After: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled spectre_v2:Mitigation: Indirect branch cache disabled Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()") Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index a8b277362931..4cb8f1f7b593 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { - if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) - return sprintf(buf, "Not affected\n"); + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); - if (barrier_nospec_enabled) - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { + if (barrier_nospec_enabled) + seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); + else + seq_buf_printf(&s, "Vulnerable"); - return sprintf(buf, "Vulnerable\n"); + if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + } else + seq_buf_printf(&s, "Not affected\n"); + + return s.len; } ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - bool bcs, ccd, ori; struct seq_buf s; + bool bcs, ccd; seq_buf_init(&s, buf, PAGE_SIZE - 1); bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); - ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); if (bcs || ccd) { seq_buf_printf(&s, "Mitigation: "); @@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c } else seq_buf_printf(&s, "Vulnerable"); - if (ori) - seq_buf_printf(&s, ", ori31 speculation barrier enabled"); - seq_buf_printf(&s, "\n"); return s.len;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d44acae1937b81cf8115ada8958e04f601f3f2e Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 9 Jul 2018 16:25:21 +1000 Subject: [PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 When I added the spectre_v2 information in sysfs, I included the availability of the ori31 speculation barrier. Although the ori31 barrier can be used to mitigate v2, it's primarily intended as a spectre v1 mitigation. Spectre v2 is mitigated by hardware changes. So rework the sysfs files to show the ori31 information in the spectre_v1 file, rather than v2. Currently we display eg: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled After: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled spectre_v2:Mitigation: Indirect branch cache disabled Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()") Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index a8b277362931..4cb8f1f7b593 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { - if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) - return sprintf(buf, "Not affected\n"); + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); - if (barrier_nospec_enabled) - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { + if (barrier_nospec_enabled) + seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); + else + seq_buf_printf(&s, "Vulnerable"); - return sprintf(buf, "Vulnerable\n"); + if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + } else + seq_buf_printf(&s, "Not affected\n"); + + return s.len; } ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - bool bcs, ccd, ori; struct seq_buf s; + bool bcs, ccd; seq_buf_init(&s, buf, PAGE_SIZE - 1); bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); - ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); if (bcs || ccd) { seq_buf_printf(&s, "Mitigation: "); @@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c } else seq_buf_printf(&s, "Vulnerable"); - if (ori) - seq_buf_printf(&s, ", ori31 speculation barrier enabled"); - seq_buf_printf(&s, "\n"); return s.len;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d44acae1937b81cf8115ada8958e04f601f3f2e Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 9 Jul 2018 16:25:21 +1000 Subject: [PATCH] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 When I added the spectre_v2 information in sysfs, I included the availability of the ori31 speculation barrier. Although the ori31 barrier can be used to mitigate v2, it's primarily intended as a spectre v1 mitigation. Spectre v2 is mitigated by hardware changes. So rework the sysfs files to show the ori31 information in the spectre_v1 file, rather than v2. Currently we display eg: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization spectre_v2:Mitigation: Indirect branch cache disabled, ori31 speculation barrier enabled After: $ grep . spectre_v* spectre_v1:Mitigation: __user pointer sanitization, ori31 speculation barrier enabled spectre_v2:Mitigation: Indirect branch cache disabled Fixes: d6fbe1c55c55 ("powerpc/64s: Wire up cpu_show_spectre_v2()") Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c index a8b277362931..4cb8f1f7b593 100644 --- a/arch/powerpc/kernel/security.c +++ b/arch/powerpc/kernel/security.c @@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { - if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) - return sprintf(buf, "Not affected\n"); + struct seq_buf s; + + seq_buf_init(&s, buf, PAGE_SIZE - 1); - if (barrier_nospec_enabled) - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); + if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { + if (barrier_nospec_enabled) + seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); + else + seq_buf_printf(&s, "Vulnerable"); - return sprintf(buf, "Vulnerable\n"); + if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) + seq_buf_printf(&s, ", ori31 speculation barrier enabled"); + + seq_buf_printf(&s, "\n"); + } else + seq_buf_printf(&s, "Not affected\n"); + + return s.len; } ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { - bool bcs, ccd, ori; struct seq_buf s; + bool bcs, ccd; seq_buf_init(&s, buf, PAGE_SIZE - 1); bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); - ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); if (bcs || ccd) { seq_buf_printf(&s, "Mitigation: "); @@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c } else seq_buf_printf(&s, "Vulnerable"); - if (ori) - seq_buf_printf(&s, ", ori31 speculation barrier enabled"); - seq_buf_printf(&s, "\n"); return s.len;

7 years, 1 month

1
0
0 0

We design apps

by Ray

Do you have needs for mobile apps design? We are the one who can help you. We are an India based software company. What we focus is mobile apps development. We have 125 staffs in office and have created over 350 apps so far. We work on many different platforms, such as iOS, Android and others. Please reply if interested, we will send you our portfolios. Thanks, Ray Charles

7 years, 1 month

1
0
0 0

Team for mobile apps

by Ray

Do you have needs for mobile apps design? We are the one who can help you. We are an India based software company. What we focus is mobile apps development. We have 125 staffs in office and have created over 350 apps so far. We work on many different platforms, such as iOS, Android and others. Please reply if interested, we will send you our portfolios. Thanks, Ray Charles

7 years, 1 month

1
0
0 0

Mobile apps for your company

by Ray

Do you have needs for mobile apps design? We are the one who can help you. We are an India based software company. What we focus is mobile apps development. We have 125 staffs in office and have created over 350 apps so far. We work on many different platforms, such as iOS, Android and others. Please reply if interested, we will send you our portfolios. Thanks, Ray Charles

7 years, 1 month

1
0
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] f2fs: sanity check for total valid node blocks" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8a29c1260e24e7c9c6ab138aa0017558d8b28208 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim <jaegeuk(a)kernel.org> Date: Tue, 24 Apr 2018 21:34:05 -0600 Subject: [PATCH] f2fs: sanity check for total valid node blocks This patch enhances sanity check for SIT entries. syzbot hit the following crash on upstream commit 83beed7b2b26f232d782127792dd0cd4362fdc41 (Fri Apr 20 17:56:32 2018 +0000) Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=bf9253040425feb155ad syzkaller reproducer: https://syzkaller.appspot.com/x/repro.syz?id=5692130282438656 Raw console output: https://syzkaller.appspot.com/x/log.txt?id=5095924598571008 Kernel config: https://syzkaller.appspot.com/x/.config?id=1808800213120130118 compiler: gcc (GCC) 8.0.1 20180413 (experimental) IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+bf9253040425feb155ad(a)syzkaller.appspotmail.com It will help syzbot understand when the bug is fixed. See footer for details. If you forward the report, please keep this part and the footer. F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 F2FS-fs (loop0): Mounted with checkpoint version = d F2FS-fs (loop0): Bitmap was wrongly cleared, blk:9740 ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:1884! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4508 Comm: syz-executor0 Not tainted 4.17.0-rc1+ #10 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:update_sit_entry+0x1215/0x1590 fs/f2fs/segment.c:1882 RSP: 0018:ffff8801af526708 EFLAGS: 00010282 RAX: ffffed0035ea4cc0 RBX: ffff8801ad454f90 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff82eeb87e RDI: ffffed0035ea4cb6 RBP: ffff8801af526760 R08: ffff8801ad4a2480 R09: ffffed003b5e4f90 R10: ffffed003b5e4f90 R11: ffff8801daf27c87 R12: ffff8801adb8d380 R13: 0000000000000001 R14: 0000000000000008 R15: 00000000ffffffff FS: 00000000014af940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f06bc223000 CR3: 00000001adb02000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: allocate_data_block+0x66f/0x2050 fs/f2fs/segment.c:2663 do_write_page+0x105/0x1b0 fs/f2fs/segment.c:2727 write_node_page+0x129/0x350 fs/f2fs/segment.c:2770 __write_node_page+0x7da/0x1370 fs/f2fs/node.c:1398 sync_node_pages+0x18cf/0x1eb0 fs/f2fs/node.c:1652 block_operations+0x429/0xa60 fs/f2fs/checkpoint.c:1088 write_checkpoint+0x3ba/0x5380 fs/f2fs/checkpoint.c:1405 f2fs_sync_fs+0x2fb/0x6a0 fs/f2fs/super.c:1077 __sync_filesystem fs/sync.c:39 [inline] sync_filesystem+0x265/0x310 fs/sync.c:67 generic_shutdown_super+0xd7/0x520 fs/super.c:429 kill_block_super+0xa4/0x100 fs/super.c:1191 kill_f2fs_super+0x9f/0xd0 fs/f2fs/super.c:3030 deactivate_locked_super+0x97/0x100 fs/super.c:316 deactivate_super+0x188/0x1b0 fs/super.c:347 cleanup_mnt+0xbf/0x160 fs/namespace.c:1174 __cleanup_mnt+0x16/0x20 fs/namespace.c:1181 task_work_run+0x1e4/0x290 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x2bd/0x310 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:265 [inline] do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457d97 RSP: 002b:00007ffd46f9c8e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000457d97 RDX: 00000000014b09a3 RSI: 0000000000000002 RDI: 00007ffd46f9da50 RBP: 00007ffd46f9da50 R08: 0000000000000000 R09: 0000000000000009 R10: 0000000000000005 R11: 0000000000000246 R12: 00000000014b0940 R13: 0000000000000000 R14: 0000000000000002 R15: 000000000000658e RIP: update_sit_entry+0x1215/0x1590 fs/f2fs/segment.c:1882 RSP: ffff8801af526708 ---[ end trace f498328bb02610a2 ]--- Reported-and-tested-by: syzbot+bf9253040425feb155ad(a)syzkaller.appspotmail.com Reported-and-tested-by: syzbot+7d6d31d3bc702f566ce3(a)syzkaller.appspotmail.com Reported-and-tested-by: syzbot+0a725420475916460f12(a)syzkaller.appspotmail.com Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 3ba8a4a768c9..1576b9d9a172 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3631,6 +3631,7 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) unsigned int i, start, end; unsigned int readed, start_blk = 0; int err = 0; + block_t total_node_blocks = 0; do { readed = ra_meta_pages(sbi, start_blk, BIO_MAX_PAGES, @@ -3653,6 +3654,8 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) if (err) return err; seg_info_from_raw_sit(se, &sit); + if (IS_NODESEG(se->type)) + total_node_blocks += se->valid_blocks; /* build discard map only one time */ if (f2fs_discard_en(sbi)) { @@ -3694,11 +3697,15 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) sit = sit_in_journal(journal, i); old_valid_blocks = se->valid_blocks; + if (IS_NODESEG(se->type)) + total_node_blocks -= old_valid_blocks; err = check_block_count(sbi, start, &sit); if (err) break; seg_info_from_raw_sit(se, &sit); + if (IS_NODESEG(se->type)) + total_node_blocks += se->valid_blocks; if (f2fs_discard_en(sbi)) { if (is_set_ckpt_flags(sbi, CP_TRIMMED_FLAG)) { @@ -3717,6 +3724,15 @@ static int build_sit_entries(struct f2fs_sb_info *sbi) se->valid_blocks - old_valid_blocks; } up_read(&curseg->journal_rwsem); + + if (!err && total_node_blocks != valid_node_count(sbi)) { + f2fs_msg(sbi->sb, KERN_ERR, + "SIT is corrupted node# %u vs %u", + total_node_blocks, valid_node_count(sbi)); + set_sbi_flag(sbi, SBI_NEED_FSCK); + err = -EINVAL; + } + return err; }

7 years, 1 month

3
2
0 0

request for 4.14-stable: 9432a3175770 ("KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] x86/mm/init: Remove freed kernel image areas from alias" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c40a56a7818cfe735fc93a69e1875f8bba834483 Mon Sep 17 00:00:00 2001 From: Dave Hansen <dave.hansen(a)linux.intel.com> Date: Thu, 2 Aug 2018 15:58:31 -0700 Subject: [PATCH] x86/mm/init: Remove freed kernel image areas from alias mapping The kernel image is mapped into two places in the virtual address space (addresses without KASLR, of course): 1. The kernel direct map (0xffff880000000000) 2. The "high kernel map" (0xffffffff81000000) We actually execute out of #2. If we get the address of a kernel symbol, it points to #2, but almost all physical-to-virtual translations point to Parts of the "high kernel map" alias are mapped in the userspace page tables with the Global bit for performance reasons. The parts that we map to userspace do not (er, should not) have secrets. When PTI is enabled then the global bit is usually not set in the high mapping and just used to compensate for poor performance on systems which lack PCID. This is fine, except that some areas in the kernel image that are adjacent to the non-secret-containing areas are unused holes. We free these holes back into the normal page allocator and reuse them as normal kernel memory. The memory will, of course, get *used* via the normal map, but the alias mapping is kept. This otherwise unused alias mapping of the holes will, by default keep the Global bit, be mapped out to userspace, and be vulnerable to Meltdown. Remove the alias mapping of these pages entirely. This is likely to fracture the 2M page mapping the kernel image near these areas, but this should affect a minority of the area. The pageattr code changes *all* aliases mapping the physical pages that it operates on (by default). We only want to modify a single alias, so we need to tweak its behavior. This unmapping behavior is currently dependent on PTI being in place. Going forward, we should at least consider doing this for all configurations. Having an extra read-write alias for memory is not exactly ideal for debugging things like random memory corruption and this does undercut features like DEBUG_PAGEALLOC or future work like eXclusive Page Frame Ownership (XPFO). Before this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_kernel-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82e00000 2M RW NX pte current_kernel-0xffffffff82e00000-0xffffffff83200000 4M RW PSE NX pmd current_kernel-0xffffffff83200000-0xffffffffa0000000 462M pmd current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_user-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd After this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K pte current_kernel-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_kernel-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_kernel-0xffffffff82488000-0xffffffff82600000 1504K pte current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82c0d000 52K RW NX pte current_kernel-0xffffffff82c0d000-0xffffffff82dc0000 1740K pte current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K pte current_user-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_user-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_user-0xffffffff82488000-0xffffffff82600000 1504K pte current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd [ tglx: Do not unmap on 32bit as there is only one mapping ] Fixes: 0f561fce4d69 ("x86/pti: Enable global pages for shared areas") Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kees Cook <keescook(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Joerg Roedel <jroedel(a)suse.de> Link: https://lkml.kernel.org/r/20180802225831.5F6A2BFC@viggo.jf.intel.com diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h index bd090367236c..34cffcef7375 100644 --- a/arch/x86/include/asm/set_memory.h +++ b/arch/x86/include/asm/set_memory.h @@ -46,6 +46,7 @@ int set_memory_np(unsigned long addr, int numpages); int set_memory_4k(unsigned long addr, int numpages); int set_memory_encrypted(unsigned long addr, int numpages); int set_memory_decrypted(unsigned long addr, int numpages); +int set_memory_np_noalias(unsigned long addr, int numpages); int set_memory_array_uc(unsigned long *addr, int addrinarray); int set_memory_array_wc(unsigned long *addr, int addrinarray); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index bc11dedffc45..74b157ac078d 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -780,8 +780,30 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) */ void free_kernel_image_pages(void *begin, void *end) { - free_init_pages("unused kernel image", - (unsigned long)begin, (unsigned long)end); + unsigned long begin_ul = (unsigned long)begin; + unsigned long end_ul = (unsigned long)end; + unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT; + + + free_init_pages("unused kernel image", begin_ul, end_ul); + + /* + * PTI maps some of the kernel into userspace. For performance, + * this includes some kernel areas that do not contain secrets. + * Those areas might be adjacent to the parts of the kernel image + * being freed, which may contain secrets. Remove the "high kernel + * image mapping" for these freed areas, ensuring they are not even + * potentially vulnerable to Meltdown regardless of the specific + * optimizations PTI is currently using. + * + * The "noalias" prevents unmapping the direct map alias which is + * needed to access the freed pages. + * + * This is only valid for 64bit kernels. 32bit has only one mapping + * which can't be treated in this way for obvious reasons. + */ + if (IS_ENABLED(CONFIG_X86_64) && cpu_feature_enabled(X86_FEATURE_PTI)) + set_memory_np_noalias(begin_ul, len_pages); } void __ref free_initmem(void) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index c04153796f61..0a74996a1149 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(cpa_lock); #define CPA_FLUSHTLB 1 #define CPA_ARRAY 2 #define CPA_PAGES_ARRAY 4 +#define CPA_NO_CHECK_ALIAS 8 /* Do not search for aliases */ #ifdef CONFIG_PROC_FS static unsigned long direct_pages_count[PG_LEVEL_NUM]; @@ -1486,6 +1487,9 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages, /* No alias checking for _NX bit modifications */ checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX; + /* Has caller explicitly disabled alias checking? */ + if (in_flag & CPA_NO_CHECK_ALIAS) + checkalias = 0; ret = __change_page_attr_set_clr(&cpa, checkalias); @@ -1772,6 +1776,15 @@ int set_memory_np(unsigned long addr, int numpages) return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0); } +int set_memory_np_noalias(unsigned long addr, int numpages) +{ + int cpa_flags = CPA_NO_CHECK_ALIAS; + + return change_page_attr_set_clr(&addr, numpages, __pgprot(0), + __pgprot(_PAGE_PRESENT), 0, + cpa_flags, NULL); +} + int set_memory_4k(unsigned long addr, int numpages) { return change_page_attr_set_clr(&addr, numpages, __pgprot(0),

7 years, 1 month

3
2
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit dbba166b0e442d4d38ae0f244d32338c3e92d16f: Linux 3.18.117 (2018-07-28 07:43:19 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-09082018 for you to fetch changes up to 3ee02fbcdda812011ebb1f48caf7a0f90430dec3: tcp: identify cryptic messages as TCP seq # bugs (2018-08-09 13:05:31 -0400) - ---------------------------------------------------------------- for-greg-3.18-09082018 - ---------------------------------------------------------------- Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (2): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (1): ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (1): netfilter: x_tables: set module owner for icmp(6) matches Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Li RongQing (1): net: propagate dev_get_valid_name return code Marek Szyprowski (1): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (1): tcp: identify cryptic messages as TCP seq # bugs Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Wahren (2): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered Steven Rostedt (VMware) (1): locking/lockdep: Do not record IRQ state within lockdep code Sudarsana Reddy Kalluru (1): bnx2x: Fix receiving tx-timeout in error or recovery state. William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/octeon/octeon_mgmt.c | 14 +++-- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 5 +- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 +++ drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ fs/jfs/xattr.c | 10 ++-- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ net/core/dev.c | 4 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- security/smack/smack_lsm.c | 1 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/testing/selftests/sync/config | 4 ++ 44 files changed, 232 insertions(+), 67 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2vsACgkQ3qZv95d3 LNwozhAAum/AUmq1jxFO2aqJdaQcnwLwyGw69kAZy+YRRR79s/+8MMVtrq/oE9Ux Iir2IAwdHKeHAl2mXy8NPbn0V7t4ne+bqnWKTZXoKQofFgFHE0VGhQ2Q3KWlK9Vl rKkjM4dioRr8nzEV0x6GH8GN2uTIB85SGQVHXnb6AcKsqWAL5tG96bhAU8i3Potg he80X6UtGDttYQNo6hBfKO9leT8iGg48PaqAZinjgupUvQNZSYIrxK+eJ9J2NFv2 FtkZAiK7z1hrnDeX5TLmLXxR0vTvubgvjv0+4a0yxn98N+7nbXhySSJONpeTFMqg Xg5dbn0Ey2bmVHJXvWVT5IetAKryzOkWvjzgtUsPFJNAtv38QrhB1gmHyOv+VnMr If5cJS5GmTVQRefWCdJjsMjyxqskONHNsHtSn6DTqXbE5O1cARaqXDHRyS6mQ7Iz oSBeONID3rgeepGOjkTRIvZ58wb2qwHdqPv6wCGif3DLDOaUznzWkFuIwB7YG014 wsqDGsdBe+Qo7vHyMn7kf1oprOaUZL8npLjUraZybBjBqg6kVbkpqsaA/EvsSl7M 1UFKKR1e72535DBYWE/dNO7l9ZvTYNzozg680wBRfDqdiX2TQgZcUK/kk0RisAMe IXKw9BRFLfMx1ULsER9oRA7Ffdg5rj9qdAn8sxYq4fUUSm0ZzJs= =VJfO -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit bffa1e42b3713aa7911cc3f9a6e5a2dbbf1dc789: Linux 4.4.146 (2018-08-06 16:24:42 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-09082018 for you to fetch changes up to 2c2c878f0354bfe8d62b6e26d98fd5876ec7819a: tcp: identify cryptic messages as TCP seq # bugs (2018-08-09 11:02:47 -0400) - ---------------------------------------------------------------- for-greg-4.4-09082018 - ---------------------------------------------------------------- Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Andy Lutomirski (1): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (3): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (1): netfilter: x_tables: set module owner for icmp(6) matches Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jiri Olsa (1): perf tests: Add event parsing error handling to parse events test Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Li RongQing (1): net: propagate dev_get_valid_name return code Marek Szyprowski (3): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (1): ARM: dts: Cygnus: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Thomas Richter (1): perf test session topology: Fix test on s390 Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (1): scsi: xen-scsifront: add error handling for xenbus_printf arch/arc/Makefile | 15 +----- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 4 +- arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++++ arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +-- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +++- drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/octeon/octeon_mgmt.c | 14 +++-- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++++---- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/ieee802154/at86rf230.c | 15 ++---- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/sdio.c | 7 +++ drivers/scsi/xen-scsifront.c | 33 +++++++++--- drivers/usb/dwc2/gadget.c | 7 ++- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ drivers/usb/host/xhci.c | 7 ++- fs/jfs/xattr.c | 10 ++-- include/linux/fsl/guts.h | 1 + include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ mm/kasan/kasan.c | 5 +- net/core/dev.c | 4 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 --------- net/ipv4/tcp_output.c | 4 -- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- net/packet/af_packet.c | 2 + security/smack/smack_lsm.c | 1 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/tests/parse-events.c | 8 +-- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +-- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++++ tools/testing/selftests/sync/config | 4 ++ tools/testing/selftests/user/test_user_copy.sh | 7 +++ tools/testing/selftests/x86/sigreturn.c | 46 ++++++++++------ tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- 75 files changed, 400 insertions(+), 184 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2vIACgkQ3qZv95d3 LNx9Xg//TdPvFIiQ7oaj5YvGCRZPBv+vfAPCZ693m0fpIEmbFnNWc3t74FmeQwZC 66vMGt5L+1cuUGOxyydV+WQ8iOk8hh7PECZv5fgLX2S9eG9dCeIK64wQwB/olkk6 ea/JL6PlqtOxPr/w55R6KOw254/R6heEPVuDFxEjLD87TCkMEWGB1zdIVjwuiUM0 b/3M+8T+FQnd+z8hFet9P5RvOlPUnJvdR626Vo2zlCh441/paYrDKXY4AnA43Aqx E9iWvdVvNG9DpLjf7Vj+SrIM5JYbk1+0L6MjlbMlNQSOcbzmz6ViIWDpOx5PIQBg urqk2lOhSLJSmWWpHuP31b6bAODg0ZSB00bvJAyWEzAEGpCuTNaSBdFX0B8v2ojo 5agl87BBFTxp8PFRMjUnRfQmIdMnAtOdMdQrhTVnVK9wOsvo+IAW3z+ycOr30Wwa 4ZHK9vu+1maIcqqk+L0b05n5OGhCD+Z/GKxCCg0a1BpVSadX70Jh0OikOdzuzMsf gNZbvPkGYEo5P3zAsUDkPr03pdWIgp2qwOW9t1n0BIt+b0D0wE68QG0wRkiDeaeb aDflv16anTBmIiOB8MOdU33tDD7z7dHY5wTjKxg4sn6qBNxsLWRD0xTH5CxW1Rfx 504fmFXSybPf0dcsmy5Y7MWjDX3G+S5ywVVzVHTAe1rknP6IPb4= =O8w8 -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it -Remove the brackets on both sides of "opt-> data.nbytes" Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

1
0
0 0

Re: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush

by Jinpu Wang

> From: MINOURA Makoto / 箕浦真 <minoura(a)valinux.co.jp> > Date: 2018年8月22日周三上午9:50 > Subject: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush > To: <kvm(a)vger.kernel.org> > Cc: <linux-kernel(a)vger.kernel.org> > > > > When EPT is not enabled, reading > /sys/module/kvm_intel/parameters/vmentry_l1d_flush causes > general protection fault in vmentry_l1d_flush_get() due to > access beyond the end of the array vmentry_l1d_param[]. > > Signed-off-by: Minoura Makoto <minoura(a)valinux.co.jp> > --- > arch/x86/include/asm/vmx.h | 1 + > arch/x86/kvm/vmx.c | 4 +++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > index 95f9107449bf..c4b834b05178 100644 > --- a/arch/x86/include/asm/vmx.h > +++ b/arch/x86/include/asm/vmx.h > @@ -581,6 +581,7 @@ enum vmx_l1d_flush_state { > VMENTER_L1D_FLUSH_NEVER, > VMENTER_L1D_FLUSH_COND, > VMENTER_L1D_FLUSH_ALWAYS, > + VMENTER_L1D_FLUSH_PARAM_MAX = VMENTER_L1D_FLUSH_ALWAYS, > VMENTER_L1D_FLUSH_EPT_DISABLED, > VMENTER_L1D_FLUSH_NOT_REQUIRED, > }; > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 1519f030fd73..155ba2a9139f 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -204,6 +204,8 @@ static const struct { > {"never", VMENTER_L1D_FLUSH_NEVER}, > {"cond", VMENTER_L1D_FLUSH_COND}, > {"always", VMENTER_L1D_FLUSH_ALWAYS}, > + {"ept-disabled", VMENTER_L1D_FLUSH_EPT_DISABLED}, > + {"not-required", VMENTER_L1D_FLUSH_NOT_REQUIRED}, > }; > > #define L1D_CACHE_ORDER 4 > @@ -286,7 +288,7 @@ static int vmentry_l1d_flush_parse(const char *s) > unsigned int i; > > if (s) { > - for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { > + for (i = 0; i <= VMENTER_L1D_FLUSH_PARAM_MAX; i++) { > if (sysfs_streq(s, vmentry_l1d_param[i].option)) > return vmentry_l1d_param[i].cmd; > } Easy to reproduce. Thanks. Tested-by: Jack Wang <jinpu.wang(a)profitbricks.com> -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email: jinpu.wang(a)profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2ae6c0413b4768f9d8fc6f718a732f9dae014b67: Linux 4.14.61 (2018-08-06 16:20:52 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-09082018 for you to fetch changes up to c0ea3dd048ecaa6156345a25031b5737e4f88a55: nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (2018-08-08 09:32:40 -0400) - ---------------------------------------------------------------- for-greg-4.14-09082018 - ---------------------------------------------------------------- Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnd Bergmann (1): posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Ayan Kumar Halder (1): drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (6): block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (1): gpu: host1x: Check whether size of unpin isn't 0 Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (1): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (3): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Janne Huttunen (1): perf script python: Fix dict reference counting Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus LÃ¼ssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (1): Mark HI and TASKLET softirq synchronous Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Maciej Purski (3): drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (1): kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (2): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (2): drm/armada: fix colorkey mode property drm/armada: fix irq handling Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (1): PCI: versatile: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (3): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Uwe Kleine-KÃ¶nig (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Makefile | 6 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 ++++++-- drivers/dax/device.c | 12 ++- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 5 +- drivers/gpu/drm/armada/armada_crtc.c | 12 ++- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/job.c | 3 +- drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/nct6775.c | 2 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/input/rmi4/rmi_2d_sensor.c | 34 +++---- drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/pci/host/pci-ftpci100.c | 2 + drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/scsi/qedf/qedf_main.c | 12 +++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/staging/typec/tcpm.c | 3 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 89 ++++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 ++-- fs/ceph/inode.c | 1 + fs/jfs/xattr.c | 10 +- fs/nfs/nfs4proc.c | 17 ++-- include/linux/fsl/guts.h | 1 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/locking/lockdep.c | 12 +-- kernel/softirq.c | 12 ++- kernel/time/hrtimer.c | 2 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/wireless/nl80211.c | 35 +++---- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 10 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 ++- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 207 files changed, 1406 insertions(+), 720 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2uIACgkQ3qZv95d3 LNxfhA/8Ca2g1Ce2k19mjQuGJFSKBhGinRaheyjIzxHnUUFIvzzx795kX7aViAPZ MA0gamCYrPzXXKdx/sf6ZmMy9H8IRIS4rrHXE1XdHWUVqdYO6teMGSYg4BqX+pZW sCZccaXGFYme+CHqawK3q9xPWuSvKp3YSD/rjzyocQdhxUHLN0KM1NgZ55BrMQ57 +rJ6PH4GykQsOIsAQtYgW288ZsPDDWz1EYzRQwqfRcGFJ+Ut2W5RQHTUD18jUvMN qi2JQPGvLY+a/2IWxAg3cFTwAf/+UE7vyIzTeTl81/g/fWkhclebqKasBYQTU2br Yv0fB5U6GTXaWlsnChl4xtuMhfGR33qFB00XbHCLCvpiI3RXZQjdJgkdmfBmF84L EWnuZzZ0ZPwkBO+JOhC1faZdduFQ82juonqKko00DMa20qDcCiI7nuBf0b++hzeY 7zW7KlkxKSFole6F+7P0DnAWXNpnaWW3xU1fiZcrjK88QAhpe0ad5IuZSbjWyn9i itzIn+7VQxbqrCsIZ/AnOtcJpZKHiOhnnuZQ1t6Nu0QhUWiPx8WfhEqHZbp5tUj1 kGADJ+/QbZeV1mC95F2pEF3qzhnrgVtAC45ktBXXbqxmfYEwGBN0wjGB5zowGkJN 6K6xr8gvO67DSHo44xvAEWg3iUIc9DyBe1I40yFjTrQzby0iTEY= =rcQm -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e01202b36f03f9284ffb51e911f6710d0a62c815: Linux 4.9.118 (2018-08-06 16:23:04 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-09082018 for you to fetch changes up to 6cdd0e8d2c6e85ce4e69ba830da2bf27f0a5dff4: tcp: identify cryptic messages as TCP seq # bugs (2018-08-09 09:17:10 -0400) - ---------------------------------------------------------------- for-greg-4.9-09082018 - ---------------------------------------------------------------- Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (4): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dongjiu Geng (1): usb: xhci: remove the code build warning Eric Dumazet (1): netfilter: ipv6: nf_defrag: reduce struct net memory waste Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (2): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Westphal (1): netfilter: x_tables: set module owner for icmp(6) matches Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Jann Horn (1): netfilter: nf_log: fix uninit read in nf_log_proc_dostring Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jiri Olsa (2): perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Torvalds (1): Mark HI and TASKLET softirq synchronous Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Marek Szyprowski (4): dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (1): bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Nicholas Mc Guire (2): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (3): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Sergei Shtylyov (1): PCI: versatile: Fix I/O space page leak Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (2): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (1): perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (1): packet: reset network header if packet shorter than ll reserved space William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/s390/net/bpf_jit_comp.c | 1 + drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/target/core.c | 8 ++ drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/usb/dwc2/gadget.c | 7 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/gadget/composite.c | 3 + drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/ceph/inode.c | 1 + fs/jfs/xattr.c | 10 +- include/linux/fsl/guts.h | 1 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 +-- kernel/softirq.c | 12 ++- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_log.c | 4 + net/packet/af_packet.c | 2 + net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/wireless/nl80211.c | 19 +--- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 124 files changed, 806 insertions(+), 515 deletions(-) create mode 100644 tools/testing/selftests/sync/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlts2usACgkQ3qZv95d3 LNxV7xAAlEmyDj0Q1HQltbYnQ8/Cqgoi01FPohvxpugyeaZwELoP6W/vHAxSTw6M 51RaNEliEN27CY175G5+xLBgnVzm79/Z5NGm64Ve2OCfPYTeuSlvkJgy7IYJG7s4 nOkBP/rJSyOvtoV8vIBXm0nzwOW5/O4LamV82BRZIIeMoY1qf8KCpzsEp8ErEc/s Wx9T98dFzC0DVkVmccXByq/gTe57aLpAHtRmvMmC3FLSS4sohKRJN/6jHQbWfEcG W41zY7RYD4gOAy16wUZ87ycRDmxDBIDGgcIeVr0Drf+9hubErSUZecoFJ8lwWguC +U/WjSWzPJQSL+yL8oX9ErGzCxdU51BUVEJSVTVsQYGsrUyac2sVjDdq7vM8ltdE Jd7NROubsCPRevWcoJDJ98LSYpEbE7ibucUzg9nk39Mb0pREC3UGLEo2ULugaPRQ Zds3vdF7wSRWAY/zO4cL77uQxDEQrgqS2oEdAXOXJym26KWLDjnyGy9IrSy9WhGX nX3pGz0Cswl8qa2fSHX4LJTXG9Y3yteC/FIrpZh+FciWqWez0IV0IJDFVOpBf+8l AdabU2GBJXF7AptkaP7UDhYzGMLZTTLcPEkslM01kd7gIgDQOdZVIp+884dGR6Uh WbpwjrGX+gyAKbtrFiNqpV3xAy9ZI7zSEskiby02320dQjZ6bZQ= =XJ7Y -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[PATCH for-4.9.y 0/5] net/sched: init failure fixes

by Amit Pundir

Hi Greg, Kindly consider/review following net/sched fixes for stable 4.9.y. This patchset is a follow-up of upstream fix 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") cherry-picked on stable 4.9.y. It fix null pointer dereferences due to uninitialized timer (qdisc watchdog) or double frees due to ->destroy cleaning up a second time. Here is the original submission https://www.mail-archive.com/netdev@vger.kernel.org/msg186003.html Cherry-picked and build tested on Linux 4.9.116 for ARCH=arm/arm64. These fixes are applicable for stable 4.4.y kernel as well, but one of the patches needed a minor rebasing, so I'm resending this series for 4.4.y in a separate thread to avoid any confusion. Regards, Amit Pundir Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure net/sched/sch_hhf.c | 3 +++ net/sched/sch_htb.c | 5 +++-- net/sched/sch_multiq.c | 7 +------ net/sched/sch_netem.c | 4 ++-- net/sched/sch_tbf.c | 5 +++-- 5 files changed, 12 insertions(+), 12 deletions(-) -- 2.7.4

7 years, 1 month

3
10
0 0

[PATCH v2] x86/entry/64: Remove %ebx handling from error_entry/exit

by Sarah Newman

commit b3681dd548d06deb2e1573890829dff4b15abf46 upstream. This version applies to v4.9. >From Andy Lutomirski, original author: error_entry and error_exit communicate the user vs kernel status of the frame using %ebx. This is unnecessary -- the information is in regs->cs. Just use regs->cs. This makes error_entry simpler and makes error_exit more robust. It also fixes a nasty bug. Before all the Spectre nonsense, The xen_failsafe_callback entry point returned like this: ALLOC_PT_GPREGS_ON_STACK SAVE_C_REGS SAVE_EXTRA_REGS ENCODE_FRAME_POINTER jmp error_exit And it did not go through error_entry. This was bogus: RBX contained garbage, and error_exit expected a flag in RBX. Fortunately, it generally contained *nonzero* garbage, so the correct code path was used. As part of the Spectre fixes, code was added to clear RBX to mitigate certain speculation attacks. Now, depending on kernel configuration, RBX got zeroed and, when running some Wine workloads, the kernel crashes. This was introduced by: commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") With this patch applied, RBX is no longer needed as a flag, and the problem goes away. I suspect that malicious userspace could use this bug to crash the kernel even without the offending patch applied, though. [Historical note: I wrote this patch as a cleanup before I was aware of the bug it fixed.] [Note to stable maintainers: this should probably get applied to all kernels.] Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dominik Brodowski <linux(a)dominikbrodowski.net> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: xen-devel(a)lists.xenproject.org Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org Cc: Andy Lutomirski <luto(a)kernel.org> Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") Reported-and-tested-by: "M. Vefa Bicakci" <m.v.b(a)runbox.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Sarah Newman <srn(a)prgmr.com> --- arch/x86/entry/entry_64.S | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index d58d8dc..76c1d85e 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -774,7 +774,7 @@ ENTRY(\sym) call \do_sym - jmp error_exit /* %ebx: no swapgs flag */ + jmp error_exit .endif END(\sym) .endm @@ -1043,7 +1043,6 @@ END(paranoid_exit) /* * Save all registers in pt_regs, and switch gs if needed. - * Return: EBX=0: came from user mode; EBX=1: otherwise */ ENTRY(error_entry) cld @@ -1056,7 +1055,6 @@ ENTRY(error_entry) * the kernel CR3 here. */ SWITCH_KERNEL_CR3 - xorl %ebx, %ebx testb $3, CS+8(%rsp) jz .Lerror_kernelspace @@ -1087,7 +1085,6 @@ ENTRY(error_entry) * for these here too. */ .Lerror_kernelspace: - incl %ebx leaq native_irq_return_iret(%rip), %rcx cmpq %rcx, RIP+8(%rsp) je .Lerror_bad_iret @@ -1119,28 +1116,19 @@ ENTRY(error_entry) /* * Pretend that the exception came from user mode: set up pt_regs - * as if we faulted immediately after IRET and clear EBX so that - * error_exit knows that we will be returning to user mode. + * as if we faulted immediately after IRET. */ mov %rsp, %rdi call fixup_bad_iret mov %rax, %rsp - decl %ebx jmp .Lerror_entry_from_usermode_after_swapgs END(error_entry) - -/* - * On entry, EBX is a "return to kernel mode" flag: - * 1: already in kernel mode, don't need SWAPGS - * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode - */ ENTRY(error_exit) - movl %ebx, %eax DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF - testl %eax, %eax - jnz retint_kernel + testb $3, CS(%rsp) + jz retint_kernel jmp retint_user END(error_exit) -- 1.9.1

7 years, 1 month

3
2
0 0

Linux 4.4.151

by Greg KH

I'm announcing the release of the 4.4.151 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 27 +++++++++++++++++++++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 24 files changed, 102 insertions(+), 60 deletions(-) Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Greg Kroah-Hartman (1): Linux 4.4.151 Hangbin Liu (2): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Tom Lendacky (1): x86/mm: Simplify p[g4um]d_page() macros Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Zhang Rui (1): ACPI: save NVS memory for Lenovo G50-45

7 years, 1 month

1
1
0 0

Linux 4.9.123

by Greg KH

I'm announcing the release of the 4.9.123 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 8 ++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 3 ++- drivers/tty/serial/8250/8250_port.c | 3 +-- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/ipv6/ip6_tunnel.c | 8 ++------ net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 27 files changed, 89 insertions(+), 68 deletions(-) Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Greg Kroah-Hartman (1): Linux 4.9.123 Hangbin Liu (3): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Tom Lendacky (1): x86/mm: Simplify p[g4um]d_page() macros Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit

7 years, 1 month

1
1
0 0

Linux 4.14.66

by Greg KH

I'm announcing the release of the 4.14.66 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/acpi/sleep.c | 8 +++++++ drivers/isdn/i4l/isdn_common.c | 8 ------- drivers/misc/sram.c | 9 +++++++- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 - drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_exar.c | 6 ++++- drivers/tty/serial/8250/8250_port.c | 3 -- drivers/usb/serial/option.c | 4 +++ drivers/usb/serial/pl2303.c | 2 + drivers/usb/serial/pl2303.h | 1 drivers/usb/serial/sierra.c | 4 +-- drivers/vhost/vhost.c | 9 +++++--- include/net/af_vsock.h | 4 +-- include/net/llc.h | 5 ++++ net/bluetooth/sco.c | 3 +- net/dccp/ccids/ccid2.c | 6 +++-- net/ipv6/ip6_tunnel.c | 8 +------ net/l2tp/l2tp_core.c | 2 - net/llc/llc_core.c | 4 +-- net/sched/cls_matchall.c | 2 + net/sched/cls_tcindex.c | 8 ++----- net/vmw_vsock/af_vsock.c | 15 +++++++------- net/vmw_vsock/vmci_transport.c | 3 -- sound/core/memalloc.c | 8 +------ sound/core/seq/seq_virmidi.c | 10 +++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 ++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +-- sound/pci/hda/hda_intel.c | 2 - sound/pci/hda/patch_conexant.c | 4 ++- sound/pci/vx222/vx222_ops.c | 8 +++---- sound/pcmcia/vx/vxp_ops.c | 10 ++++----- 32 files changed, 104 insertions(+), 69 deletions(-) Aaron Sierra (1): serial: 8250_exar: Read INT0 from slave device, too Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Dmitry Bogdanov (1): net: aquantia: Fix IFF_ALLMULTI flag functionality Greg Kroah-Hartman (1): Linux 4.14.66 Hangbin Liu (3): net_sched: fix NULL pointer dereference when delete tcindex filter net_sched: Fix missing res info when create new tc_index filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Johan Hovold (1): misc: sram: fix resource leaks in probe error path John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Movie Song (1): USB: serial: pl2303: add a new device id for ATEN Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit

7 years, 1 month

1
1
0 0

Linux 4.17.18

by Greg KH

I'm announcing the release of the 4.17.18 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/acpi/sleep.c | 8 drivers/isdn/i4l/isdn_common.c | 8 drivers/misc/sram.c | 9 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 drivers/net/ethernet/marvell/mvneta.c | 53 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 8 drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 51 ++- drivers/net/ethernet/realtek/r8169.c | 12 drivers/tty/serial/8250/8250_dw.c | 3 drivers/tty/serial/8250/8250_exar.c | 6 drivers/tty/serial/8250/8250_port.c | 3 drivers/usb/serial/option.c | 4 drivers/usb/serial/pl2303.c | 2 drivers/usb/serial/pl2303.h | 1 drivers/usb/serial/sierra.c | 4 drivers/vhost/vhost.c | 9 include/net/af_vsock.h | 4 include/net/llc.h | 5 net/bluetooth/sco.c | 3 net/core/sock_diag.c | 2 net/dccp/ccids/ccid2.c | 6 net/ipv4/ip_vti.c | 3 net/ipv6/ip6_tunnel.c | 8 net/l2tp/l2tp_core.c | 2 net/llc/llc_core.c | 4 net/rxrpc/ar-internal.h | 8 net/rxrpc/conn_event.c | 4 net/rxrpc/net_ns.c | 6 net/rxrpc/output.c | 12 net/rxrpc/peer_event.c | 156 ++++++------ net/rxrpc/peer_object.c | 8 net/rxrpc/rxkad.c | 4 net/sched/cls_matchall.c | 2 net/sched/cls_tcindex.c | 8 net/socket.c | 3 net/vmw_vsock/af_vsock.c | 15 - net/vmw_vsock/vmci_transport.c | 3 sound/core/memalloc.c | 8 sound/core/seq/oss/seq_oss.c | 2 sound/core/seq/seq_clientmgr.c | 2 sound/core/seq/seq_virmidi.c | 10 sound/pci/cs5535audio/cs5535audio.h | 6 sound/pci/cs5535audio/cs5535audio_pcm.c | 4 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 4 sound/pci/vx222/vx222_ops.c | 8 sound/pcmcia/vx/vxp_ops.c | 10 48 files changed, 295 insertions(+), 212 deletions(-) Aaron Sierra (1): serial: 8250_exar: Read INT0 from slave device, too Aleksander Morgado (1): USB: option: add support for DW5821e Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Andrew Lunn (1): net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations David Howells (1): rxrpc: Fix the keepalive generator [ver #2] Dmitry Bogdanov (1): net: aquantia: Fix IFF_ALLMULTI flag functionality Greg Kroah-Hartman (1): Linux 4.17.18 Haishuang Yan (1): ip_vti: fix a null pointer deferrence when create vti fallback tunnel Hangbin Liu (3): net_sched: fix NULL pointer dereference when delete tcindex filter net_sched: Fix missing res info when create new tc_index filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Heiner Kallweit (1): r8169: don't use MSI-X on RTL8168g Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Jeremy Cline (1): net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Jian-Hong Pan (1): r8169: don't use MSI-X on RTL8106e Jisheng Zhang (1): net: mvneta: fix mvneta_config_rss on armada 3700 Johan Hovold (1): misc: sram: fix resource leaks in probe error path John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Movie Song (1): USB: serial: pl2303: add a new device id for ATEN Nir Dotan (4): mlxsw: core_acl_flex_actions: Return error for conflicting actions mlxsw: core_acl_flex_actions: Remove redundant resource destruction mlxsw: core_acl_flex_actions: Remove redundant counter destruction mlxsw: core_acl_flex_actions: Remove redundant mirror resource destruction Or Gerlitz (1): net/mlx5e: Properly check if hairpin is possible between two functions Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (6): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions ALSA: seq: Fix poll() error return Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit

7 years, 1 month

1
1
0 0

Linux 4.18.4

by Greg KH

I'm announcing the release of the 4.18.4 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/acpi/sleep.c | 8 ++++ drivers/isdn/i4l/isdn_common.c | 8 ---- drivers/media/usb/dvb-usb-v2/gl861.c | 21 ++++++------ drivers/misc/sram.c | 9 ++++- drivers/net/ethernet/marvell/mvneta.c | 53 +++++++++++++++++++------------- drivers/net/ethernet/realtek/r8169.c | 12 ++++++- drivers/net/hyperv/rndis_filter.c | 2 - drivers/tty/serial/8250/8250_dw.c | 3 + drivers/tty/serial/8250/8250_exar.c | 6 +++ drivers/tty/serial/8250/8250_port.c | 3 - drivers/uio/uio.c | 10 +----- drivers/usb/serial/option.c | 4 ++ drivers/usb/serial/pl2303.c | 2 + drivers/usb/serial/pl2303.h | 1 drivers/usb/serial/sierra.c | 4 +- net/bluetooth/sco.c | 3 + net/core/sock_diag.c | 2 + net/ipv4/ip_vti.c | 3 + net/l2tp/l2tp_core.c | 2 - net/sched/cls_matchall.c | 2 + net/sched/cls_tcindex.c | 8 +--- net/socket.c | 3 - sound/core/memalloc.c | 8 +--- sound/core/seq/oss/seq_oss.c | 2 - sound/core/seq/seq_clientmgr.c | 2 - sound/core/seq/seq_virmidi.c | 10 ++++++ sound/firewire/dice/dice-alesis.c | 2 - sound/pci/cs5535audio/cs5535audio.h | 6 +-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/hda/hda_intel.c | 2 - sound/pci/hda/patch_conexant.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 ++-- sound/pcmcia/vx/vxp_ops.c | 10 +++--- 34 files changed, 137 insertions(+), 92 deletions(-) Aaron Sierra (1): serial: 8250_exar: Read INT0 from slave device, too Aleksander Morgado (1): USB: option: add support for DW5821e Andrew Lunn (1): net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Greg Kroah-Hartman (1): Linux 4.18.4 Hailong Liu (1): uio: fix wrong return value from uio_mmap() Haishuang Yan (1): ip_vti: fix a null pointer deferrence when create vti fallback tunnel Hangbin Liu (3): net_sched: fix NULL pointer dereference when delete tcindex filter net_sched: Fix missing res info when create new tc_index filter cls_matchall: fix tcf_unbind_filter missing Hans de Goede (1): ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Heiner Kallweit (1): r8169: don't use MSI-X on RTL8168g Jeremy Cline (1): net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Jian-Hong Pan (1): r8169: don't use MSI-X on RTL8106e Jisheng Zhang (1): net: mvneta: fix mvneta_config_rss on armada 3700 Johan Hovold (1): misc: sram: fix resource leaks in probe error path John Ogness (1): USB: serial: sierra: fix potential deadlock at close Kees Cook (1): isdn: Disable IIOCDBGVAR Mark (1): tty: serial: 8250: Revert NXP SC16C2552 workaround Mika Båtsman (1): media: gl861: fix probe of dvb_usb_gl861 Movie Song (1): USB: serial: pl2303: add a new device id for ATEN Park Ju Hyung (2): ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs ALSA: hda - Turn CX8200 into D3 as well upon reboot Srinath Mannam (1): serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (7): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions ALSA: seq: Fix poll() error return hv/netvsc: Fix NULL dereference at single queue mode fallback Takashi Sakamoto (1): ALSA: dice: fix wrong copy to rx parameters for Alesis iO26 Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willy Tarreau (1): ACPI / PM: save NVS memory for ASUS 1025C laptop Xiubo Li (1): Revert "uio: use request_threaded_irq instead"

7 years, 1 month

1
1
0 0

Re: [PATCH] crypto: vmx - Fix sleep-in-atomic bugs

by Marcelo Henrique Cerri

On Tue, Aug 21, 2018 at 05:24:45PM +0200, Ondrej Mosnáček wrote: > CC: Paulo Flabiano Smorigo <pfsmorigo(a)linux.vnet.ibm.com>, > linuxppc-dev(a)lists.ozlabs.org > > (Sorry, sent this before reading new e-mails in the thread...) > > ut 21. 8. 2018 o 17:18 Ondrej Mosnacek <omosnace(a)redhat.com> napísal(a): > > > > This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX > > implementations. The problem is that the blkcipher_* functions should > > not be called in atomic context. > > > > The bugs can be reproduced via the AF_ALG interface by trying to > > encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the > > VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then > > trigger BUG in crypto_yield(): > > > > [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 > > [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc > > [ 891.864739] 1 lock held by kcapi-enc/12347: > > [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 > > [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 > > [ 891.865251] Call Trace: > > [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) > > [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 > > [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 > > [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] > > [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 > > [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 > > [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 > > [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 > > [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 > > [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 > > > > Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") > > Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") > > Cc: stable(a)vger.kernel.org > > Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> > > --- > > This patch should fix the issue, but I didn't test it. (I'll see if I > > can find some time tomorrow to try and recompile the kernel on a PPC > > machine... in the meantime please review :) > > > > drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- > > drivers/crypto/vmx/aes_xts.c | 19 ++++++++++++------- > > 2 files changed, 26 insertions(+), 23 deletions(-) > > > > diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c > > index 5285ece4f33a..b71895871be3 100644 > > --- a/drivers/crypto/vmx/aes_cbc.c > > +++ b/drivers/crypto/vmx/aes_cbc.c > > @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, > > ret = crypto_skcipher_encrypt(req); > > skcipher_request_zero(req); > > } else { > > - preempt_disable(); > > - pagefault_disable(); > > - enable_kernel_vsx(); > > - > > blkcipher_walk_init(&walk, dst, src, nbytes); > > ret = blkcipher_walk_virt(desc, &walk); > > while ((nbytes = walk.nbytes)) { > > + preempt_disable(); > > + pagefault_disable(); > > + enable_kernel_vsx(); > > aes_p8_cbc_encrypt(walk.src.virt.addr, > > walk.dst.virt.addr, > > nbytes & AES_BLOCK_MASK, > > &ctx->enc_key, walk.iv, 1); > > + disable_kernel_vsx(); > > + pagefault_enable(); > > + preempt_enable(); > > + > > nbytes &= AES_BLOCK_SIZE - 1; > > ret = blkcipher_walk_done(desc, &walk, nbytes); > > } > > - > > - disable_kernel_vsx(); > > - pagefault_enable(); > > - preempt_enable(); > > } > > > > return ret; > > @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, > > ret = crypto_skcipher_decrypt(req); > > skcipher_request_zero(req); > > } else { > > - preempt_disable(); > > - pagefault_disable(); > > - enable_kernel_vsx(); > > - > > blkcipher_walk_init(&walk, dst, src, nbytes); > > ret = blkcipher_walk_virt(desc, &walk); > > while ((nbytes = walk.nbytes)) { > > + preempt_disable(); > > + pagefault_disable(); > > + enable_kernel_vsx(); > > aes_p8_cbc_encrypt(walk.src.virt.addr, > > walk.dst.virt.addr, > > nbytes & AES_BLOCK_MASK, > > &ctx->dec_key, walk.iv, 0); > > + disable_kernel_vsx(); > > + pagefault_enable(); > > + preempt_enable(); > > + > > nbytes &= AES_BLOCK_SIZE - 1; > > ret = blkcipher_walk_done(desc, &walk, nbytes); > > } > > - > > - disable_kernel_vsx(); > > - pagefault_enable(); > > - preempt_enable(); > > } > > > > return ret; > > diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c > > index 8bd9aff0f55f..016ef52390c9 100644 > > --- a/drivers/crypto/vmx/aes_xts.c > > +++ b/drivers/crypto/vmx/aes_xts.c > > @@ -116,13 +116,14 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, > > ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); > > skcipher_request_zero(req); > > } else { > > + blkcipher_walk_init(&walk, dst, src, nbytes); > > + > > + ret = blkcipher_walk_virt(desc, &walk); > > + > > preempt_disable(); > > pagefault_disable(); > > enable_kernel_vsx(); > > > > - blkcipher_walk_init(&walk, dst, src, nbytes); > > - > > - ret = blkcipher_walk_virt(desc, &walk); > > iv = walk.iv; > > memset(tweak, 0, AES_BLOCK_SIZE); > > aes_p8_encrypt(iv, tweak, &ctx->tweak_key); > > @@ -135,13 +136,17 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, > > aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, > > nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); > > > > + disable_kernel_vsx(); > > + pagefault_enable(); > > + preempt_enable(); > > + > > nbytes &= AES_BLOCK_SIZE - 1; > > ret = blkcipher_walk_done(desc, &walk, nbytes); > > - } > > > > - disable_kernel_vsx(); > > - pagefault_enable(); > > - preempt_enable(); > > + preempt_disable(); > > + pagefault_disable(); > > + enable_kernel_vsx(); > > + } That doesn't seem right. It would leave preemption disabled when leaving the function. > > } > > return ret; > > } > > -- > > 2.17.1 > > -- Regards, Marcelo

7 years, 1 month

2
1
0 0

[patch 129/167] reiserfs: fix broken xattr handling (heap corruption, bad retval)

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Jeff Mahoney <jeffm(a)suse.com> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/reiserfs/xattr.c~reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval +++ a/fs/reiserfs/xattr.c @@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_c return 0; size = namelen + 1; if (b->buf) { - if (size > b->size) + if (b->pos + size > b->size) { + b->pos = -ERANGE; return -ERANGE; + } memcpy(b->buf + b->pos, name, namelen); b->buf[b->pos + namelen] = 0; } _

7 years, 1 month

1
0
0 0

[patch 037/167] drivers/block/zram/zram_drv.c: fix bug storing backing_dev

by akpm＠linux-foundation.org

From: Peter Kalauskas <peskal(a)google.com> Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of the size of the source buffer. Additionally, ignore the newline character (\n) when reading the new file_name buffer. This makes it possible to set the backing_dev as follows: echo /dev/sdX > /sys/block/zram0/backing_dev The reason it worked before was the fact that strlcpy() copies 'len - 1' bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't copy the trailing new line symbol. Which also means that "echo -n /dev/sdX" most likely was broken. Signed-off-by: Peter Kalauskas <peskal(a)google.com> Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.… Acked-by: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-bug-storing-backing_dev +++ a/drivers/block/zram/zram_drv.c @@ -337,6 +337,7 @@ static ssize_t backing_dev_store(struct struct device_attribute *attr, const char *buf, size_t len) { char *file_name; + size_t sz; struct file *backing_dev = NULL; struct inode *inode; struct address_space *mapping; @@ -357,7 +358,11 @@ static ssize_t backing_dev_store(struct goto out; } - strlcpy(file_name, buf, len); + strlcpy(file_name, buf, PATH_MAX); + /* ignore trailing newline */ + sz = strlen(file_name); + if (sz > 0 && file_name[sz - 1] == '\n') + file_name[sz - 1] = 0x00; backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(backing_dev)) { _

7 years, 1 month

1
0
0 0

[PATCH v5] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Suggested-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v5: -Add the validation check after the op->data.nbytes assignment -Assign the "len" variable after defining it Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len" -Changing the "unsigned long" type in the code to "size_t" Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file) drivers/spi/spi-mem.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..6184fa1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,26 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

1
0
0 0

[PATCH v2] mm: shmem: Correctly annotate new inodes for lockdep

by Joel Fernandes

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: willy(a)infradead.org Cc: stable(a)vger.kernel.org Cc: peterz(a)infradead.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- v1->v2: Added Reviewed-by of NeilBrown and CC Andrew. mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/shmem.c b/mm/shmem.c index 41b9bbf24e16..8264bbdbb6a5 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2226,6 +2226,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; -- 2.18.0.1017.ga543ac7ca45-goog

7 years, 1 month

1
0
0 0

[PATCH] mm: shmem: Correctly annotate new inodes

by Joel Fernandes (Google)

Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: willy(a)infradead.org Cc: stable(a)vger.kernel.org Cc: peterz(a)infradead.org Suggested-by: Neil Brown <neilb(a)suse.com> Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/shmem.c b/mm/shmem.c index 2cab84403055..4429a8fd932d 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2225,6 +2225,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; -- 2.18.0.597.ga71716f1ad-goog

7 years, 1 month

2
1
0 0

[PATCH 4.4 00/22] 4.4.151-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.151 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:51:31 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.151-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.151-rc1 Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Tom Lendacky <thomas.lendacky(a)amd.com> x86/mm: Simplify p[g4um]d_page() macros Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Zhang Rui <rui.zhang(a)intel.com> ACPI: save NVS memory for Lenovo G50-45 Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 27 +++++++++++++++++++++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 24 files changed, 103 insertions(+), 61 deletions(-)

7 years, 1 month

4
24
0 0

[PATCH 4.9 00/25] 4.9.123-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.123 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:51:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.123-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.123-rc1 Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Tom Lendacky <thomas.lendacky(a)amd.com> x86/mm: Simplify p[g4um]d_page() macros Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Xin Long <lucien.xin(a)gmail.com> ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/pgtable.h | 13 ++++++++----- drivers/acpi/sleep.c | 8 ++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/tty/serial/8250/8250_dw.c | 3 ++- drivers/tty/serial/8250/8250_port.c | 3 +-- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/sierra.c | 4 ++-- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/ipv6/ip6_tunnel.c | 8 ++------ net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 27 files changed, 90 insertions(+), 69 deletions(-)

7 years, 1 month

5
29
0 0

[BUG] madvise05 leads kernel panic on 4.9.122

by Yang Shi

Hi folks, I just ran some regression test on stable 4.9.122 with LTP. madvise05 triggers the below kernel panic: [ 6785.089994] BUG: unable to handle kernel paging request at ffffeaff44488020 [ 6785.097952] IP: [] page_remove_rmap+0x27/0x580 [ 6785.104810] PGD 0 [ 6785.106859] [ 6785.108526] Oops: 0000 [#1] SMP [ 6785.112029] Modules linked in: mptctl(E) mptbase(E) tun(E) fuse(E) vfat(E) fat(E) btrfs(E) xor(E) raid6_pq(E) xfs(E) [ 6785.123905] CPU: 14 PID: 77983 Comm: madvise05 Tainted: G E 4.9.122-001.ali3000_nightly_cov_20180820_193.test.alios7.x86_64 #1 [ 6785.137880] Hardware name: Dell Inc. PowerEdge R720xd/0X6FFV, BIOS 1.3.6 09/11/2012 [ 6785.146425] task: ffff882daeb78000 task.stack: ffffc9001b438000 [ 6785.153031] RIP: 0010:[] [] page_remove_rmap+0x27/0x580 [ 6785.162461] RSP: 0018:ffffc9001b43bc50 EFLAGS: 00010246 [ 6785.168388] RAX: 0000000000000000 RBX: ffffeaff44488000 RCX: 0000000000000080 [ 6785.176351] RDX: ffffeaff44488000 RSI: 0000000000000001 RDI: ffffeaff44488000 [ 6785.184315] RBP: ffffc9001b43bc80 R08: ffff882f9d4a6540 R09: ffffffff84bcdf60 [ 6785.192277] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 6785.200241] R13: ffff882db6996910 R14: ffffea00b6da65b0 R15: 00003fffffe00000 [ 6785.208205] FS: 00002ae5a3dfbb80(0000) GS:ffff882fbf180000(0000) knlGS:0000000000000000 [ 6785.217234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6785.223646] CR2: ffffeaff44488020 CR3: 0000002f9d51c000 CR4: 00000000000606f0 [ 6785.231610] Stack: [ 6785.233851] 0000000000000000 00003ffffd6b3320 0434f9415ac47f2c ffffeaff44488000 [ 6785.242143] ffffc9001b43bdd8 ffff882db6996910 ffffc9001b43bcc0 ffffffff81355aaa [ 6785.250438] ffff882f9d4a6540 00002ae5a4400000 00002ae5a4600000 ffffffff84bcd7a0 [ 6785.258728] Call Trace: [ 6785.261460] [] zap_huge_pmd+0x28a/0x640 [ 6785.267585] [] unmap_page_range+0x532/0x630 [ 6785.274087] [] unmap_single_vma+0xa9/0x160 [ 6785.280501] [] unmap_vmas+0x5f/0xe0 [ 6785.286236] [] unmap_region+0xe4/0x1e0 [ 6785.292263] [] ? blk_finish_plug+0x3c/0x60 [ 6785.298669] [] ? SYSC_madvise+0x69b/0xed0 [ 6785.304985] [] do_munmap+0x39b/0x5b0 [ 6785.310818] [] SyS_munmap+0x78/0xb0 [ 6785.316552] [] do_syscall_64+0xf4/0x350 [ 6785.322676] [] entry_SYSCALL_64_after_swapgs+0x58/0xca [ 6785.330244] Code: 00 00 00 00 66 66 66 66 90 55 <48> 8b 57 20 48 89 f8 f6 c2 01 0f [ 6785.339011] RIP [] page_remove_rmap+0x27/0x580 [ 6785.345825] RSP [ 6785.349715] CR2: ffffeaff44488020 The same test case works well on both 4.9.119 and the latest Linus's tree. So, it looks it is caused by the L1TF patches on the stable tree. And, the madvise05 test case can be simplified to the below test program: #include <sys/mman.h> #include <stdio.h> void main() { void *addr; int err; addr = mmap(NULL, 32 * 1024 * 1024, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE, -1, 0); if (addr == MAP_FAILED) { printf("mmap failed\n"); return; } err = mprotect(addr, 32 * 1024 * 1024, PROT_NONE); if (err < 0) { printf("mprotect failed\n"); return; } munmap(addr, 32 * 1024 * 1024); } You may be already aware of this problem or any hint is appreciated. Thanks, Yang

7 years, 1 month

3
4
0 0

[PATCH v2] staging: android: ion: check for kref overflow

by Daniel Rosenberg

Userspace can cause the kref to handles to increment arbitrarily high. Ensure it does not overflow. Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- v2: Fixed patch corruption :( This patch is against 4.4. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. 4c23cbff073f3b9b ("staging: android: ion: Remove import interface") It applies from 3.18 to 4.11, although with a trivial conflict resolution for the later branches. drivers/staging/android/ion/ion.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 374f840f31a48..47cb163da9a07 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -15,6 +15,7 @@ * */ +#include <linux/atomic.h> #include <linux/device.h> #include <linux/err.h> #include <linux/file.h> @@ -387,6 +388,16 @@ static void ion_handle_get(struct ion_handle *handle) kref_get(&handle->ref); } +/* Must hold the client lock */ +static struct ion_handle *ion_handle_get_check_overflow( + struct ion_handle *handle) +{ + if (atomic_read(&handle->ref.refcount) + 1 == 0) + return ERR_PTR(-EOVERFLOW); + ion_handle_get(handle); + return handle; +} + static int ion_handle_put_nolock(struct ion_handle *handle) { int ret; @@ -433,9 +444,9 @@ static struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, handle = idr_find(&client->idr, id); if (handle) - ion_handle_get(handle); + return ion_handle_get_check_overflow(handle); - return handle ? handle : ERR_PTR(-EINVAL); + return ERR_PTR(-EINVAL); } struct ion_handle *ion_handle_get_by_id(struct ion_client *client, @@ -1202,7 +1213,7 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd) /* if a handle exists for this buffer just take a reference to it */ handle = ion_handle_lookup(client, buffer); if (!IS_ERR(handle)) { - ion_handle_get(handle); + handle = ion_handle_get_check_overflow(handle); mutex_unlock(&client->lock); goto end; } -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 1 month

1
0
0 0

[PATCH 4.18 00/35] 4.18.4-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.4 release. There are 35 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:50:07 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.4-rc1 Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: mvneta: fix mvneta_config_rss on armada 3700 Andrew Lunn <andrew(a)lunn.ch> net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_vti: fix a null pointer deferrence when create vti fallback tunnel Jian-Hong Pan <jian-hong(a)endlessm.com> r8169: don't use MSI-X on RTL8106e Takashi Iwai <tiwai(a)suse.de> hv/netvsc: Fix NULL dereference at single queue mode fallback Jeremy Cline <jcline(a)redhat.com> net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Xiubo Li <xiubli(a)redhat.com> Revert "uio: use request_threaded_irq instead" Johan Hovold <johan(a)kernel.org> misc: sram: fix resource leaks in probe error path Hailong Liu <liu.hailong6(a)zte.com.cn> uio: fix wrong return value from uio_mmap() Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Aaron Sierra <asierra(a)xes-inc.com> serial: 8250_exar: Read INT0 from slave device, too Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e Movie Song <MovieSong(a)aten-itlab.cn> USB: serial: pl2303: add a new device id for ATEN John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Mika Båtsman <mika.batsman(a)gmail.com> media: gl861: fix probe of dvb_usb_gl861 Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix poll() error return Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: dice: fix wrong copy to rx parameters for Alesis iO26 Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't use MSI-X on RTL8168g Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache ------------- Diffstat: Makefile | 4 +-- drivers/acpi/sleep.c | 8 +++++ drivers/isdn/i4l/isdn_common.c | 8 +---- drivers/media/usb/dvb-usb-v2/gl861.c | 21 +++++++------ drivers/misc/sram.c | 9 +++++- drivers/net/ethernet/marvell/mvneta.c | 53 ++++++++++++++++++++------------- drivers/net/ethernet/realtek/r8169.c | 12 ++++++-- drivers/net/hyperv/rndis_filter.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_exar.c | 6 +++- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/uio/uio.c | 10 ++----- drivers/usb/serial/option.c | 4 +++ drivers/usb/serial/pl2303.c | 2 ++ drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/sierra.c | 4 +-- net/bluetooth/sco.c | 3 +- net/core/sock_diag.c | 2 ++ net/ipv4/ip_vti.c | 3 +- net/l2tp/l2tp_core.c | 2 +- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 ++--- net/socket.c | 3 +- sound/core/memalloc.c | 8 ++--- sound/core/seq/oss/seq_oss.c | 2 +- sound/core/seq/seq_clientmgr.c | 2 +- sound/core/seq/seq_virmidi.c | 10 +++++++ sound/firewire/dice/dice-alesis.c | 2 +- sound/pci/cs5535audio/cs5535audio.h | 6 ++-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 ++- sound/pci/vx222/vx222_ops.c | 8 ++--- sound/pcmcia/vx/vxp_ops.c | 10 +++---- 34 files changed, 138 insertions(+), 93 deletions(-)

7 years, 1 month

4
40
0 0

[PATCH 4.14 00/29] 4.14.66-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.66 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:50:58 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.66-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.66-rc1 Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Johan Hovold <johan(a)kernel.org> misc: sram: fix resource leaks in probe error path Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Aaron Sierra <asierra(a)xes-inc.com> serial: 8250_exar: Read INT0 from slave device, too Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e Movie Song <MovieSong(a)aten-itlab.cn> USB: serial: pl2303: add a new device id for ATEN John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Dmitry Bogdanov <dmitry.bogdanov(a)aquantia.com> net: aquantia: Fix IFF_ALLMULTI flag functionality Xin Long <lucien.xin(a)gmail.com> ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit Jason Wang <jasowang(a)redhat.com> vhost: reset metadata cache when initializing new IOTLB Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 ++-- drivers/acpi/sleep.c | 8 ++++++++ drivers/isdn/i4l/isdn_common.c | 8 +------- drivers/misc/sram.c | 9 ++++++++- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 3 ++- drivers/tty/serial/8250/8250_exar.c | 6 +++++- drivers/tty/serial/8250/8250_port.c | 3 +-- drivers/usb/serial/option.c | 4 ++++ drivers/usb/serial/pl2303.c | 2 ++ drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/sierra.c | 4 ++-- drivers/vhost/vhost.c | 9 ++++++--- include/net/af_vsock.h | 4 ++-- include/net/llc.h | 5 +++++ net/bluetooth/sco.c | 3 ++- net/dccp/ccids/ccid2.c | 6 ++++-- net/ipv6/ip6_tunnel.c | 8 ++------ net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 ++-- net/sched/cls_matchall.c | 2 ++ net/sched/cls_tcindex.c | 8 +++----- net/vmw_vsock/af_vsock.c | 15 ++++++++------- net/vmw_vsock/vmci_transport.c | 3 +-- sound/core/memalloc.c | 8 ++------ sound/core/seq/seq_virmidi.c | 10 ++++++++++ sound/pci/cs5535audio/cs5535audio.h | 6 +++--- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 ++-- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +++- sound/pci/vx222/vx222_ops.c | 8 ++++---- sound/pcmcia/vx/vxp_ops.c | 10 +++++----- 32 files changed, 105 insertions(+), 70 deletions(-)

7 years, 1 month

4
32
0 0

[PATCH 4.17 00/42] 4.17.18-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.18 release. There are 42 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 23 05:50:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.18-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.18-rc1 Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> net: mvneta: fix mvneta_config_rss on armada 3700 Andrew Lunn <andrew(a)lunn.ch> net: ethernet: mvneta: Fix napi structure mixup on armada 3700 Hangbin Liu <liuhangbin(a)gmail.com> cls_matchall: fix tcf_unbind_filter missing Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_vti: fix a null pointer deferrence when create vti fallback tunnel Jian-Hong Pan <jian-hong(a)endlessm.com> r8169: don't use MSI-X on RTL8106e Jeremy Cline <jcline(a)redhat.com> net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Johan Hovold <johan(a)kernel.org> misc: sram: fix resource leaks in probe error path Srinath Mannam <srinath.mannam(a)broadcom.com> serial: 8250_dw: Add ACPI support for uart on Broadcom SoC Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios Aaron Sierra <asierra(a)xes-inc.com> serial: 8250_exar: Read INT0 from slave device, too Mark <dmarkh(a)cfl.rr.com> tty: serial: 8250: Revert NXP SC16C2552 workaround Willy Tarreau <w(a)1wt.eu> ACPI / PM: save NVS memory for ASUS 1025C laptop Aleksander Morgado <aleksander(a)aleksander.es> USB: option: add support for DW5821e Movie Song <MovieSong(a)aten-itlab.cn> USB: serial: pl2303: add a new device id for ATEN John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix poll() error return Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Turn CX8200 into D3 as well upon reboot Park Ju Hyung <qkrwngud825(a)gmail.com> ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs David Howells <dhowells(a)redhat.com> rxrpc: Fix the keepalive generator [ver #2] Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't use MSI-X on RTL8168g Or Gerlitz <ogerlitz(a)mellanox.com> net/mlx5e: Properly check if hairpin is possible between two functions Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Remove redundant mirror resource destruction Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Remove redundant counter destruction Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Remove redundant resource destruction Xin Long <lucien.xin(a)gmail.com> ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit Dmitry Bogdanov <dmitry.bogdanov(a)aquantia.com> net: aquantia: Fix IFF_ALLMULTI flag functionality Nir Dotan <nird(a)mellanox.com> mlxsw: core_acl_flex_actions: Return error for conflicting actions Jason Wang <jasowang(a)redhat.com> vhost: reset metadata cache when initializing new IOTLB Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 +- drivers/acpi/sleep.c | 8 ++ drivers/isdn/i4l/isdn_common.c | 8 +- drivers/misc/sram.c | 9 +- .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 53 ++++--- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 8 +- .../mellanox/mlxsw/core_acl_flex_actions.c | 51 ++++--- drivers/net/ethernet/realtek/r8169.c | 12 +- drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_exar.c | 6 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/usb/serial/option.c | 4 + drivers/usb/serial/pl2303.c | 2 + drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/sierra.c | 4 +- drivers/vhost/vhost.c | 9 +- include/net/af_vsock.h | 4 +- include/net/llc.h | 5 + net/bluetooth/sco.c | 3 +- net/core/sock_diag.c | 2 + net/dccp/ccids/ccid2.c | 6 +- net/ipv4/ip_vti.c | 3 +- net/ipv6/ip6_tunnel.c | 8 +- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 +- net/rxrpc/ar-internal.h | 8 +- net/rxrpc/conn_event.c | 4 +- net/rxrpc/net_ns.c | 6 +- net/rxrpc/output.c | 12 +- net/rxrpc/peer_event.c | 156 ++++++++++++--------- net/rxrpc/peer_object.c | 8 +- net/rxrpc/rxkad.c | 4 +- net/sched/cls_matchall.c | 2 + net/sched/cls_tcindex.c | 8 +- net/socket.c | 3 +- net/vmw_vsock/af_vsock.c | 15 +- net/vmw_vsock/vmci_transport.c | 3 +- sound/core/memalloc.c | 8 +- sound/core/seq/oss/seq_oss.c | 2 +- sound/core/seq/seq_clientmgr.c | 2 +- sound/core/seq/seq_virmidi.c | 10 ++ sound/pci/cs5535audio/cs5535audio.h | 6 +- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_conexant.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 +- sound/pcmcia/vx/vxp_ops.c | 10 +- 48 files changed, 296 insertions(+), 213 deletions(-)

7 years, 1 month

4
45
0 0

[PATCH] MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7

by Paul Burton

Some versions of GCC suboptimally generate calls to the __multi3() intrinsic for MIPS64r6 builds, resulting in link failures due to the missing function: LD vmlinux.o MODPOST vmlinux.o kernel/bpf/verifier.o: In function `kmalloc_array': include/linux/slab.h:631: undefined reference to `__multi3' fs/select.o: In function `kmalloc_array': include/linux/slab.h:631: undefined reference to `__multi3' ... We already have a workaround for this in which we provide the instrinsic, but we do so selectively for GCC 7 only. Unfortunately the issue occurs with older GCC versions too - it has been observed with both GCC 5.4.0 & GCC 6.4.0. MIPSr6 support was introduced in GCC 5, so all major GCC versions prior to GCC 8 are affected and we extend our workaround accordingly to all MIPS64r6 builds using GCC versions older than GCC 8. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Vladimir Kondratiev <vladimir.kondratiev(a)intel.com> Fixes: ebabcf17bcd7 ("MIPS: Implement __multi3 for GCC7 MIPS64r6 builds") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # 4.15+ --- arch/mips/lib/multi3.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/mips/lib/multi3.c b/arch/mips/lib/multi3.c index 111ad475aa0c..4c2483f410c2 100644 --- a/arch/mips/lib/multi3.c +++ b/arch/mips/lib/multi3.c @@ -4,12 +4,12 @@ #include "libgcc.h" /* - * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that - * specific case only we'll implement it here. + * GCC 7 & older can suboptimally generate __multi3 calls for mips64r6, so for + * that specific case only we implement that intrinsic here. * * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981 */ -#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7) +#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ < 8) /* multiply 64-bit values, low 64-bits returned */ static inline long long notrace dmulu(long long a, long long b) -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 2/2] drm/nouveau: Fix GM107 disp dmac chan init on ThinkPad P50

by Lyude Paul

Just like how the P50 will occasionally leave the disp's core channel on before nouveau starts initializing, it will occasionally do the same thing with the rest of the dmac channel in addition to the core channel. Example: [ 1.604375] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: no heads (0 3 4) [ 1.604858] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: aux power -> always [ 1.605354] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: aux power -> demand [ 1.605815] nouveau 0000:01:00.0: disp: outp 05:0002:0f81: no heads (0 3 2) [ 1.607289] nouveau 0000:01:00.0: disp: chid 0 mthd 0000 data 00000400 00001000 00000002 [ 1.608818] nouveau 0000:01:00.0: disp: chid 1 mthd 0000 data 00000400 00001000 00000002 [ 1.609500] nouveau 0000:01:00.0: disp: chid 2 mthd 0000 data 00000400 00001000 00000002 Which of course, later causes other parts of the card to start timing out and failing. Closer inspection shows the same thing happening as with our core channel; 0x610490 + (ctrl * 0x10) always has the same unknown 0x000a0000 mask set when the phantom mthd failures start appearing. So, implement the same workaround we use for the core disp channel to the rest of the disp channels. This along with the previous patch fix random initialization failures observed with the Thinkpad P50. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Karol Herbst <karolherbst(a)gmail.com> Cc: stable(a)vger.kernel.org --- .../drm/nouveau/nvkm/engine/disp/dmacgf119.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c index edf7dd0d931d..7bc91f260e27 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dmacgf119.c @@ -35,8 +35,8 @@ gf119_disp_dmac_bind(struct nv50_disp_chan *chan, chan->chid.user << 27 | 0x00000001); } -void -gf119_disp_dmac_fini(struct nv50_disp_chan *chan) +static bool +gf119_disp_dmac_deactivate(struct nv50_disp_chan *chan) { struct nvkm_subdev *subdev = &chan->disp->base.engine.subdev; struct nvkm_device *device = subdev->device; @@ -52,7 +52,16 @@ gf119_disp_dmac_fini(struct nv50_disp_chan *chan) ) < 0) { nvkm_error(subdev, "ch %d fini: %08x\n", user, nvkm_rd32(device, 0x610490 + (ctrl * 0x10))); + return false; } + + return true; +} + +void +gf119_disp_dmac_fini(struct nv50_disp_chan *chan) +{ + gf119_disp_dmac_deactivate(chan); } static int @@ -63,6 +72,12 @@ gf119_disp_dmac_init(struct nv50_disp_chan *chan) int ctrl = chan->chid.ctrl; int user = chan->chid.user; + /* shut down the channel if it was left on, probably by the VBIOS */ + if ((nvkm_rd32(device, 0x610490 + (ctrl * 0x10)) & 0x000a0000) == 0x000a0000 && + WARN_ON(!gf119_disp_dmac_deactivate(chan))) { + return -EBUSY; + } + /* initialise channel for dma command submission */ nvkm_wr32(device, 0x610494 + (ctrl * 0x0010), chan->push); nvkm_wr32(device, 0x610498 + (ctrl * 0x0010), 0x00010000); -- 2.17.1

7 years, 1 month

1
1
0 0

[PATCH] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- This patch should fix the issue, but I didn't test it. (I'll see if I can find some time tomorrow to try and recompile the kernel on a PPC machine... in the meantime please review :) drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- drivers/crypto/vmx/aes_xts.c | 19 ++++++++++++------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 5285ece4f33a..b71895871be3 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_encrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8bd9aff0f55f..016ef52390c9 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -116,13 +116,14 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { + blkcipher_walk_init(&walk, dst, src, nbytes); + + ret = blkcipher_walk_virt(desc, &walk); + preempt_disable(); pagefault_disable(); enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); - - ret = blkcipher_walk_virt(desc, &walk); iv = walk.iv; memset(tweak, 0, AES_BLOCK_SIZE); aes_p8_encrypt(iv, tweak, &ctx->tweak_key); @@ -135,13 +136,17 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); - } - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); + } } return ret; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] arm64: fix for bad_mode() handler to always result in panic

by Hari Vyas

bad_mode() handler is called for invalid or undefined instruction in el1 level or when irq,fiq,sync or error situation happen in el1 or el0 level. As per latest code, above abnormal situation may not result in panic always due to die() call if user mode is determined at that moment. That will just result in kill of current process and panic will be avoided which it must not. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200637 Signed-off-by: Hari Vyas <hari.vyas(a)broadcom.com> --- arch/arm64/kernel/traps.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index d399d45..716ee73 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -621,7 +621,6 @@ asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr) handler[reason], smp_processor_id(), esr, esr_get_class_string(esr)); - die("Oops - bad mode", regs, 0); local_daif_mask(); panic("bad mode"); } -- 1.9.1

7 years, 1 month

3
5
0 0

[PATCH 2/2] udf: Fix mounting of Win7 created UDF filesystems

by Jan Kara

Win7 is creating UDF filesystems with single partition with number 8192. Current partition descriptor scanning code does not handle this well as it incorrectly assumes that partition numbers will form mostly contiguous space of small numbers. This results in unmountable media due to errors like: UDF-fs: error (device dm-1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 UDF-fs: warning (device dm-1): udf_fill_super: No fileset found Fix the problem by handling partition descriptors in a way that sparse partition numbering does not matter. Reported-by: jean-luc malet <jeanluc.malet(a)gmail.com> CC: stable(a)vger.kernel.org Fixes: 7b78fd02fb19530fd101ae137a1f46aa466d9bb6 Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/super.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/fs/udf/super.c b/fs/udf/super.c index 68d57b61f3af..6f515651a2c2 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -1510,10 +1510,16 @@ static void udf_load_logicalvolint(struct super_block *sb, struct kernel_extent_ */ #define PART_DESC_ALLOC_STEP 32 +struct part_desc_seq_scan_data { + struct udf_vds_record rec; + u32 partnum; +}; + struct desc_seq_scan_data { struct udf_vds_record vds[VDS_POS_LENGTH]; unsigned int size_part_descs; - struct udf_vds_record *part_descs_loc; + unsigned int num_part_descs; + struct part_desc_seq_scan_data *part_descs_loc; }; static struct udf_vds_record *handle_partition_descriptor( @@ -1522,10 +1528,14 @@ static struct udf_vds_record *handle_partition_descriptor( { struct partitionDesc *desc = (struct partitionDesc *)bh->b_data; int partnum; + int i; partnum = le16_to_cpu(desc->partitionNumber); - if (partnum >= data->size_part_descs) { - struct udf_vds_record *new_loc; + for (i = 0; i < data->num_part_descs; i++) + if (partnum == data->part_descs_loc[i].partnum) + return &(data->part_descs_loc[i].rec); + if (data->num_part_descs >= data->size_part_descs) { + struct part_desc_seq_scan_data *new_loc; unsigned int new_size = ALIGN(partnum, PART_DESC_ALLOC_STEP); new_loc = kcalloc(new_size, sizeof(*new_loc), GFP_KERNEL); @@ -1537,7 +1547,7 @@ static struct udf_vds_record *handle_partition_descriptor( data->part_descs_loc = new_loc; data->size_part_descs = new_size; } - return &(data->part_descs_loc[partnum]); + return &(data->part_descs_loc[data->num_part_descs++].rec); } @@ -1587,6 +1597,7 @@ static noinline int udf_process_sequence( memset(data.vds, 0, sizeof(struct udf_vds_record) * VDS_POS_LENGTH); data.size_part_descs = PART_DESC_ALLOC_STEP; + data.num_part_descs = 0; data.part_descs_loc = kcalloc(data.size_part_descs, sizeof(*data.part_descs_loc), GFP_KERNEL); @@ -1598,7 +1609,6 @@ static noinline int udf_process_sequence( * are in it. */ for (; (!done && block <= lastblock); block++) { - bh = udf_read_tagged(sb, block, block, &ident); if (!bh) break; @@ -1670,13 +1680,10 @@ static noinline int udf_process_sequence( } /* Now handle prevailing Partition Descriptors */ - for (i = 0; i < data.size_part_descs; i++) { - if (data.part_descs_loc[i].block) { - ret = udf_load_partdesc(sb, - data.part_descs_loc[i].block); - if (ret < 0) - return ret; - } + for (i = 0; i < data.num_part_descs; i++) { + ret = udf_load_partdesc(sb, data.part_descs_loc[i].rec.block); + if (ret < 0) + return ret; } return 0; -- 2.16.4

7 years, 1 month

1
0
0 0

[PATCH 1/2] USB: serial: io_ti: fix array underflow in completion handler

by Johan Hovold

As reported by Dan Carpenter, a malicious USB device could set port_number to -3 and we would underflow the port array in the interrupt completion handler. As these devices only have one or two ports, fix this by making sure we only consider the seventh bit when determining the port number (and ignore bits 0xb0 which are typically set to 0x30). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable <stable(a)vger.kernel.org> Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/io_ti.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/io_ti.h b/drivers/usb/serial/io_ti.h index e53c68261017..9bbcee37524e 100644 --- a/drivers/usb/serial/io_ti.h +++ b/drivers/usb/serial/io_ti.h @@ -173,7 +173,7 @@ struct ump_interrupt { } __attribute__((packed)); -#define TIUMP_GET_PORT_FROM_CODE(c) (((c) >> 4) - 3) +#define TIUMP_GET_PORT_FROM_CODE(c) (((c) >> 6) & 0x01) #define TIUMP_GET_FUNC_FROM_CODE(c) ((c) & 0x0f) #define TIUMP_INTERRUPT_CODE_LSR 0x03 #define TIUMP_INTERRUPT_CODE_MSR 0x04 -- 2.18.0

7 years, 1 month

1
1
0 0

[PATCH v4] mtd: spi-mem: Add the default transfer length adjustments

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len". -Changing the "unsigned long" type in the code to "size_t". Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file). drivers/spi/spi-mem.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5374606 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,23 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v4] mtd: spi-mem: Add the default transfer length adjustments

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len". -Changing the "unsigned long" type in the code to "size_t". Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file). drivers/spi/spi-mem.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5374606 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,23 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

1
0
0 0

[PATCH v4] mtd: spi-mem: Add the default transfer length adjustments

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v4: -Rename variable name "opcode_addr_dummy_sum" to "len". -The comparison of "spi_max_message_size(mem->spi)" and "len" was removed. -Adjust their order when comparing the sizes of "spi_max_message_size(mem->spi)" and "len". -Changing the "unsigned long" type in the code to "size_t". Changes in v3: -Rename variable name "val" to "opcode_addr_dummy_sum". -Place the legitimacy of the transfer size(i.e., "spi_max_message_size(mem->spi)" and -"opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". -Adjust the formatting alignment of the code. -"(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Changes in v2: -Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. -Change the code from fsl-espi controller to generic code(The adjustment of spi transmission length was originally modified in the "drivers/spi/spi-fsl-espi.c" file, and now the adjustment of transfer length is made in the "drivers/spi/spi-mem.c" file). drivers/spi/spi-mem.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5374606 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,23 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

1
0
0 0

4.14-stable-queue build failure

by Sudip Mukherjee

Hi Greg, My build is failing with v4.14.65 + stable queue patches. It fails with the error: sound/core/seq/seq_clientmgr.c: In function ‘snd_seq_poll’: sound/core/seq/seq_clientmgr.c:1100:10: error: ‘EPOLLERR’ undeclared (first use in this function) return EPOLLERR; ^~~~~~~~ -- Regards Sudip

7 years, 1 month

2
2
0 0

request for 4.14-stable: 4e1a720d0312 ("Bluetooth: avoid killing an already killed socket")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but should be in stable. Please apply to your queue of 4.14-stable. Actually this should be applied to all stable trees. -- Regards Sudip

7 years, 1 month

2
1
0 0

4.4 and 4.9 stable fixes for l1tf patches

by Andi Kleen

There was a report that syzkaller can causes crashes in 4.4 and 4.9 stable with the L1TF patches applied. In my tests this is fixed with applying the following backport from mainline too, as suggested by Michael Hocko.

7 years, 1 month

3
4
0 0

[PATCH] staging: android: ion: check for kref overflow

by Daniel Rosenberg

Userspace can cause the kref to handles to increment arbitrarily high. Ensure it does not overflow. Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- This patch is against 4.4. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. It applies from 3.18 to 4.11, although with a trivial conflict resolution for the later branches. 4c23cbff073f3b9b ("staging: android: ion: Remove import interface") drivers/staging/android/ion/ion.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 374f840f31a48..11f93a6314fdb 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -15,6 +15,7 @@ * */ +#include <linux/atomic.h> #include <linux/device.h> #include <linux/err.h> #include <linux/file.h> @@ -387,6 +388,15 @@ static void ion_handle_get(struct ion_handle *handle) kref_get(&handle->ref); } +/* Must hold the client lock */ +static struct ion_handle *ion_handle_get_check_overflow( + struct ion_handle *handle) +{ + if (atomic_read(&handle->ref.refcount) + 1 == 0) + return ERR_PTR(-EOVERFLOW); + ion_handle_get(handle); + return handle; +} + static int ion_handle_put_nolock(struct ion_handle *handle) { int ret; @@ -433,9 +443,9 @@ static struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, handle = idr_find(&client->idr, id); if (handle) - ion_handle_get(handle); + return ion_handle_get_check_overflow(handle); - return handle ? handle : ERR_PTR(-EINVAL); + return ERR_PTR(-EINVAL); } struct ion_handle *ion_handle_get_by_id(struct ion_client *client, @@ -1202,7 +1212,7 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd) /* if a handle exists for this buffer just take a reference to it */ handle = ion_handle_lookup(client, buffer); if (!IS_ERR(handle)) { - ion_handle_get(handle); + handle = ion_handle_get_check_overflow(handle); mutex_unlock(&client->lock); goto end; } -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 1 month

2
1
0 0

[PATCH v3] MIPS: Fix memory reservation in bootmem_init for certain non-usermem setups

by Tobias Wolf

Commit 67a3ba25aa95 ("MIPS: Fix incorrect mem=X@Y handling") introduced a new issue for rt288x where "PHYS_OFFSET" is 0x0 but the calculated "ramstart" is not. As the prerequisite of custom memory map has been removed, this results in the full memory range of 0x0 - 0x8000000 to be marked as reserved for this platform. This patch adds the originally intended prerequisite again. Signed-off-by: Tobias Wolf <dev-NTEO(a)vplace.de> --- arch/mips/kernel/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c index 563188ac6fa2..c3ca55128926 100644 v2: Correctly compare that usermem is not null. v3: Added/changed position of changelog and fixed sender address. --- a/arch/mips/kernel/setup.c +++ b/arch/mips/kernel/setup.c @@ -371,6 +371,8 @@ static unsigned long __init bootmap_bytes(unsigned long pages) return ALIGN(bytes, sizeof(long)); } +static int usermem __initdata; + static void __init bootmem_init(void) { unsigned long reserved_end; @@ -444,7 +446,7 @@ static void __init bootmem_init(void) /* * Reserve any memory between the start of RAM and PHYS_OFFSET */ - if (ramstart > PHYS_OFFSET) + if (usermem && ramstart > PHYS_OFFSET) add_memory_region(PHYS_OFFSET, ramstart - PHYS_OFFSET, BOOT_MEM_RESERVED); @@ -654,8 +656,6 @@ static void __init bootmem_init(void) * initialization hook for anything else was introduced. */ -static int usermem __initdata; - static int __init early_parse_mem(char *p) { phys_addr_t start, size;

7 years, 1 month

4
3
0 0

[PATCH] x86/mm: Simplify p[g4um]d_page() macros

by Andi Kleen

From: Tom Lendacky <thomas.lendacky(a)amd.com> [backport of fd7e315988b78 from mainline for stable to fix stable crashes suggested by Michael Hocko. Should be applied to 4.9 and 4.4.] Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of duplicating the code. Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brijesh Singh <brijesh.singh(a)amd.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Larry Woodman <lwoodman(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matt Fleming <matt(a)codeblueprint.co.uk> Cc: Michael S. Tsirkin <mst(a)redhat.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Toshimitsu Kani <toshi.kani(a)hpe.com> Cc: kasan-dev(a)googlegroups.com Cc: kvm(a)vger.kernel.org Cc: linux-arch(a)vger.kernel.org Cc: linux-doc(a)vger.kernel.org Cc: linux-efi(a)vger.kernel.org Cc: linux-mm(a)kvack.org Link: http://lkml.kernel.org/r/e61eb533a6d0aac941db2723d8aa63ef6b882dee.150031921… [Backported to 4.9 stable by AK, suggested by Michael Hocko] Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Andi Kleen <ak(a)linux.intel.com> --- arch/x86/include/asm/pgtable.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 4de6c282c02a..68a55273ce0f 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -173,6 +173,11 @@ static inline unsigned long pud_pfn(pud_t pud) return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT; } +static inline unsigned long pgd_pfn(pgd_t pgd) +{ + return (pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT; +} + #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) @@ -578,8 +583,7 @@ static inline unsigned long pmd_page_vaddr(pmd_t pmd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ -#define pmd_page(pmd) \ - pfn_to_page((pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT) +#define pmd_page(pmd) pfn_to_page(pmd_pfn(pmd)) /* * the pmd page can be thought of an array like this: pmd_t[PTRS_PER_PMD] @@ -647,8 +651,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ -#define pud_page(pud) \ - pfn_to_page((pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT) +#define pud_page(pud) pfn_to_page(pud_pfn(pud)) /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) @@ -688,7 +691,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ -#define pgd_page(pgd) pfn_to_page(pgd_val(pgd) >> PAGE_SHIFT) +#define pgd_page(pgd) pfn_to_page(pgd_pfn(pgd)) /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH 1/4] net: macb: Fix regression breaking non-MDIO fixed-link PHYs

by Ahmad Fatoum

The referenced commit broke initializing macb on the EVB-KSZ9477 eval board. There, of_mdiobus_register was called even for the fixed-link representing the SPI-connected switch PHY, with the result that the driver attempts to enumerate PHYs on a non-existent MDIO bus: libphy: MACB_mii_bus: probed mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 [snip] mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 macb f0028000.ethernet: broken fixed-link specification Cc: <stable(a)vger.kernel.org> Fixes: 739de9a1563a ("net: macb: Reorganize macb_mii bringup") Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/net/ethernet/cadence/macb_main.c | 27 +++++++++++++++--------- 1 file changed, 17 insertions(+), 10 deletions(-) Fixes since v1: Added one more error path for failing to register fixed-link Fixed a whitespace issue diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index dc09f9a8a49b..ef6ce8691443 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -482,11 +482,6 @@ static int macb_mii_probe(struct net_device *dev) if (np) { if (of_phy_is_fixed_link(np)) { - if (of_phy_register_fixed_link(np) < 0) { - dev_err(&bp->pdev->dev, - "broken fixed-link specification\n"); - return -ENODEV; - } bp->phy_node = of_node_get(np); } else { bp->phy_node = of_parse_phandle(np, "phy-handle", 0); @@ -569,7 +564,7 @@ static int macb_mii_init(struct macb *bp) { struct macb_platform_data *pdata; struct device_node *np; - int err; + int err = -ENXIO; /* Enable management port */ macb_writel(bp, NCR, MACB_BIT(MPE)); @@ -592,12 +587,23 @@ static int macb_mii_init(struct macb *bp) dev_set_drvdata(&bp->dev->dev, bp->mii_bus); np = bp->pdev->dev.of_node; - if (pdata) - bp->mii_bus->phy_mask = pdata->phy_mask; + if (np && of_phy_is_fixed_link(np)) { + if (of_phy_register_fixed_link(np) < 0) { + dev_err(&bp->pdev->dev, + "broken fixed-link specification\n"); + goto err_out_free_mdiobus; + } + + err = mdiobus_register(bp->mii_bus); + } else { + if (pdata) + bp->mii_bus->phy_mask = pdata->phy_mask; + + err = of_mdiobus_register(bp->mii_bus, np); + } - err = of_mdiobus_register(bp->mii_bus, np); if (err) - goto err_out_free_mdiobus; + goto err_out_free_fixed_link; err = macb_mii_probe(bp->dev); if (err) @@ -607,6 +613,7 @@ static int macb_mii_init(struct macb *bp) err_out_unregister_bus: mdiobus_unregister(bp->mii_bus); +err_out_free_fixed_link: if (np && of_phy_is_fixed_link(np)) of_phy_deregister_fixed_link(np); err_out_free_mdiobus: -- 2.18.0

7 years, 1 month

2
3
0 0

[PATCH 1/2] drm/nouveau: Fix GM107 disp core chan init on ThinkPad P50

by Lyude Paul

I've been experiencing a rather strange looking bug on the P50 I've got for work. After a number of reboots, nouveau will fail to initialize the dedicated GPU on the system at boot properly. Things start off with this disp mthd failure: ... [ 2.088505] nouveau 0000:01:00.0: disp: outp 04:0006:0f81: aux power -> demand [ 2.088516] nouveau 0000:01:00.0: disp: outp 05:0002:0f81: no heads (0 3 2) [ 2.088620] nouveau 0000:01:00.0: disp: init completed in 329us [ 2.088957] nouveau 0000:01:00.0: disp: chid 0 mthd 0000 data 00000400 00001000 00000002 the failure ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [ 2.151517] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 2.151517] [drm] Driver supports precise vblank timestamp query. [ 2.151521] 0088 1 core507d_init [ 2.151522] f0000000 After the error happens, parts of the card start timing out and eventually the GR fails to hold it's golden context and starts timing out: [ 10.163137] ------------[ cut here ]------------ [ 10.163169] nouveau 0000:01:00.0: timeout [ 10.163218] WARNING: CPU: 4 PID: 98 at drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c:181 gf119_disp_core_fini+0xe6/0x140 [nouveau] [ 10.163246] Modules linked in: joydev vfat fat intel_rapl iTCO_wdt x86_pkg_temp_thermal coretemp crc32_pclmul psmouse wmi_bmof i2c_i801 mei_me tpm_tis mei tpm_tis_core tpm thinkpad_acpi pcc_cpufreq ax88179_178a usbnet mii nouveau mxm_wmi i915 ttm i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops crc32c_intel serio_raw xhci_pci drm xhci_hcd i2c_core wmi video [ 10.163330] CPU: 4 PID: 98 Comm: kworker/4:1 Kdump: loaded Not tainted 4.18.0-rc8Lyude-Test+ #7 [ 10.163349] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 10.163370] Workqueue: pm pm_runtime_work [ 10.163404] RIP: 0010:gf119_disp_core_fini+0xe6/0x140 [nouveau] [ 10.163418] Code: 5e 41 5f 5d c3 49 8b 7c 24 10 48 8b 5f 50 48 85 db 74 5f e8 1c 5b 0f e1 48 89 da 48 c7 c7 b3 b2 4e a0 48 89 c6 e8 5c bf c8 e0 <0f> 0b 41 8b 47 50 85 c0 74 c6 49 8b 7c 24 78 48 81 c7 90 04 61 00 [ 10.163476] RSP: 0018:ffffc90000a83b00 EFLAGS: 00010286 [ 10.163489] RAX: 0000000000000000 RBX: ffff8808773c6bd0 RCX: 0000000000000006 [ 10.163506] RDX: 0000000000000007 RSI: 0000000000000096 RDI: ffff88089b515570 [ 10.163523] RBP: ffffc90000a83b28 R08: 0000000000000000 R09: 0000000000aaaaaa [ 10.163539] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8808715b2c00 [ 10.163556] R13: ffff88087779d780 R14: 00000001e68f0200 R15: ffff88086f91b000 [ 10.163573] FS: 0000000000000000(0000) GS:ffff88089b500000(0000) knlGS:0000000000000000 [ 10.163591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 10.163605] CR2: 00007f3d7953d180 CR3: 000000000200a003 CR4: 00000000003606e0 [ 10.163622] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 10.163639] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 10.163655] Call Trace: [ 10.163686] nv50_disp_chan_fini+0x23/0x40 [nouveau] [ 10.163711] nvkm_object_fini+0xbf/0x150 [nouveau] [ 10.163735] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163759] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163783] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163807] nvkm_object_fini+0x76/0x150 [nouveau] [ 10.163840] nvkm_client_suspend+0x13/0x20 [nouveau] [ 10.163864] nvif_client_suspend+0x1d/0x20 [nouveau] [ 10.163898] nouveau_do_suspend+0x113/0x310 [nouveau] [ 10.163931] nouveau_pmops_runtime_suspend+0x57/0xe0 [nouveau] [ 10.163947] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.163960] pci_pm_runtime_suspend+0x6b/0x180 [ 10.163972] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.163985] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.163997] __rpm_callback+0xcc/0x1e0 [ 10.164009] ? __switch_to_asm+0x40/0x70 [ 10.164020] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.164033] rpm_callback+0x24/0x80 [ 10.164043] ? pci_has_legacy_pm_support+0x70/0x70 [ 10.164055] rpm_suspend+0x142/0x600 [ 10.164066] ? __switch_to_asm+0x40/0x70 [ 10.164100] pm_runtime_work+0x79/0x90 [ 10.164112] process_one_work+0x1b2/0x370 [ 10.164140] worker_thread+0x37/0x3a0 [ 10.164150] kthread+0x120/0x140 [ 10.164160] ? wq_update_unbound_numa+0x10/0x10 [ 10.164172] ? kthread_create_worker_on_cpu+0x70/0x70 [ 10.164186] ret_from_fork+0x35/0x40 [ 10.164196] ---[ end trace d5c556c207f0c26b ]--- You'll notice from those traces that the very first evo kick happens /after/ the mthd failure on the display channel, not before. Additionally, there is no point at this part of the initialization process where we actually call mthd 0000 from nouveau. Upon closer inspection, I discovered that this mysterious phantom disp failure seems to be the result of someone else (probably the VBIOS or the BIOS of the P50) leaving the disp core channel enabled by the time nouveau begins to start initializing it. This was confirmed by observing that the 0x610490 register holds a value of 0x490a009b when the card is in this broken state, as opposed to the usual 0x48070088 or 0x48000088 observed on most cards pre-init. It appears we can fix this by checking for the unknown mask 0x000a0000, and simply shutting down the channel like we normally would on suspend or driver unload before we start trying to initialize it. This appears to be close to what nouveau does for older cards, as a similar workaround can be seen in nv50_disp_core_init(). Unfortunately, I'm still not entirely clear on what conditions actually cause this problem to be reproduced. Everyone else I've talked to so far with a P50 doesn't report ever having hit this issue. As well, I haven't managed to find a clear reproducer for this besides rebooting the machine until the bug happens, while alternating between booting while docked and while on battery every so often. This fixes most random initialization errors on my ThinkPad P50 with a GM107 GPU. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org --- .../drm/nouveau/nvkm/engine/disp/coregf119.c | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c index d162b9cf4eac..7534b5e9246f 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/coregf119.c @@ -166,8 +166,8 @@ gf119_disp_core_mthd = { } }; -void -gf119_disp_core_fini(struct nv50_disp_chan *chan) +static bool +gf119_disp_core_deactivate(struct nv50_disp_chan *chan) { struct nvkm_subdev *subdev = &chan->disp->base.engine.subdev; struct nvkm_device *device = subdev->device; @@ -181,7 +181,16 @@ gf119_disp_core_fini(struct nv50_disp_chan *chan) ) < 0) { nvkm_error(subdev, "core fini: %08x\n", nvkm_rd32(device, 0x610490)); + return false; } + + return true; +} + +void +gf119_disp_core_fini(struct nv50_disp_chan *chan) +{ + gf119_disp_core_deactivate(chan); } static int @@ -190,6 +199,14 @@ gf119_disp_core_init(struct nv50_disp_chan *chan) struct nvkm_subdev *subdev = &chan->disp->base.engine.subdev; struct nvkm_device *device = subdev->device; + /* attempt to unstick the channel from some unknown state */ + if ((nvkm_rd32(device, 0x610490) & 0x000a0000) == 0x000a0000 && + WARN_ON(!gf119_disp_core_deactivate(chan))) { + + nvkm_error(subdev, "core won't shut down, aborting\n"); + return -EBUSY; + } + /* initialise channel for dma command submission */ nvkm_wr32(device, 0x610494, chan->push); nvkm_wr32(device, 0x610498, 0x00010000); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] mtd: m25p80: consider max message size when use the spi_mem_xx() API

by Chuanhua Han

Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v2: - Place the adjusted transfer bytes code in spi_mem_adjust_op_size() and check spi_max_message_size(mem->spi) value before subtracting opcode, addr and dummy bytes. *fixes: spi: Extend the core to ease integration of SPI memory controllers --- drivers/spi/spi-mem.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..f5e75d1 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,21 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + unsigned long val = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (spi_max_message_size(mem->spi) < val) + return -EINVAL; + + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) + op->data.nbytes = min3((unsigned long)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - val); + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

4
3
0 0

[PATCH] x86/speculation/l1tf: fix overflow on l1tf_pfn_limit() on 32bit

by Vlastimil Babka

On 32bit PAE kernels on 64bit hardware with enough physical bits, l1tf_pfn_limit() will overflow unsigned long. This in turn affects max_swapfile_size() and can lead to swapon returning -EINVAL. This has been observed in a 32bit guest with 42 bits physical address size, where max_swapfile_size() overflows exactly to 1 << 32, thus zero, and produces the following warning to dmesg: [ 6.396845] Truncating oversized swap area, only using 0k out of 2047996k Fix this by using unsigned long long instead. Reported-by: Dominique Leuenberger <dimstar(a)suse.de> Reported-by: Adrian Schroeter <adrian(a)suse.de> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Cc: stable(a)vger.kernel.org Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- arch/x86/include/asm/processor.h | 4 ++-- arch/x86/mm/init.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 682286aca881..a0a52274cb4a 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -181,9 +181,9 @@ extern const struct seq_operations cpuinfo_op; extern void cpu_detect(struct cpuinfo_x86 *c); -static inline unsigned long l1tf_pfn_limit(void) +static inline unsigned long long l1tf_pfn_limit(void) { - return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; } extern void early_cpu_init(void); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index acfab322fbe0..02de3d6065c4 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void) if (boot_cpu_has_bug(X86_BUG_L1TF)) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ - unsigned long l1tf_limit = l1tf_pfn_limit() + 1; + unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; /* * We encode swap offsets also with 3 bits below those for pfn * which makes the usable limit higher. @@ -931,7 +931,7 @@ unsigned long max_swapfile_size(void) #if CONFIG_PGTABLE_LEVELS > 2 l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT; #endif - pages = min_t(unsigned long, l1tf_limit, pages); + pages = min_t(unsigned long long, l1tf_limit, pages); } return pages; } -- 2.18.0

7 years, 1 month

3
6
0 0

[BUG]smt sysfs dir missing on 4.4.148 and 4.14.63

by Jinpu Wang

Hi Greg, hi Thomas, I noticed /sys/devices/system/cpu/smt dir is missing on 4.4.148 and 4.14.63, default setting. Tried stable/master branch 31130a16d459 ("Merge tag 'for-linus-4.19-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip") It's the same there. When boot with 'nosmt' kernel paramter kernel 4.14.63 panic during boot, 4.4.148 boot fine. The call trace seem irq related, is it known bug? Thanks -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email: jinpu.wang(a)profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens

7 years, 1 month

3
12
0 0

[PATCH] mtd: m25p80: consider max message size when use the spi_mem_xx() API

by Chuanhua Han

Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> --- Changes in v3: Rename variable name "val" to "opcode_addr_dummy_sum". Place the legitimacy of the transfer size(i.e., "pi_max_message_size(mem->spi)" and "opcode_addr_dummy_sum") into "if (! ctlr - > mem_ops | |! ctlr-> mem_ops->exec_op) {" structure and add "spi_max_transfer_size(mem->spi) and opcode_addr_dummy_sum". Adjust the formatting alignment of your code. "(unsigned long)op->data.nbytes" was modified to "(unsigned long)(op->data.nbytes)". Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") --- drivers/spi/spi-mem.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770d..5ec2bc9 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,24 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + unsigned long opcode_addr_dummy_sum = sizeof(op->cmd.opcode) + + op->addr.nbytes + + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (spi_max_message_size(mem->spi) < opcode_addr_dummy_sum || + spi_max_transfer_size(mem->spi) < opcode_addr_dummy_sum) + return -EINVAL; + + op->data.nbytes = min3((unsigned long)(op->data.nbytes), + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + opcode_addr_dummy_sum); + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.7.4

7 years, 1 month

3
2
0 0

[PATCH] net: macb: Fix regression breaking non-MDIO fixed-link PHYs

by Ahmad Fatoum

The referenced commit broke initializing macb on the EVB-KSZ9477 eval board. There, of_mdiobus_register was called even for the fixed-link representing the SPI-connected switch PHY, with the result that the driver attempts to enumerate PHYs on a non-existent MDIO bus: libphy: MACB_mii_bus: probed mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 [snip] mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 macb f0028000.ethernet: broken fixed-link specification Cc: <stable(a)vger.kernel.org> Fixes: 739de9a1563a ("net: macb: Reorganize macb_mii bringup") Signed-off-by: Ahmad Fatoum <a.fatoum(a)pengutronix.de> --- drivers/net/ethernet/cadence/macb_main.c | 26 +++++++++++++++--------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index a6c911bb5ce2..d202a03c42ed 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -481,11 +481,6 @@ static int macb_mii_probe(struct net_device *dev) if (np) { if (of_phy_is_fixed_link(np)) { - if (of_phy_register_fixed_link(np) < 0) { - dev_err(&bp->pdev->dev, - "broken fixed-link specification\n"); - return -ENODEV; - } bp->phy_node = of_node_get(np); } else { bp->phy_node = of_parse_phandle(np, "phy-handle", 0); @@ -568,7 +563,7 @@ static int macb_mii_init(struct macb *bp) { struct macb_platform_data *pdata; struct device_node *np; - int err; + int err = -ENXIO; /* Enable management port */ macb_writel(bp, NCR, MACB_BIT(MPE)); @@ -591,10 +586,21 @@ static int macb_mii_init(struct macb *bp) dev_set_drvdata(&bp->dev->dev, bp->mii_bus); np = bp->pdev->dev.of_node; - if (pdata) - bp->mii_bus->phy_mask = pdata->phy_mask; + if (np && of_phy_is_fixed_link(np)) { + if (of_phy_register_fixed_link(np) < 0) { + dev_err(&bp->pdev->dev, + "broken fixed-link specification\n"); + goto err_out_free_mdiobus; + } + + err = mdiobus_register(bp->mii_bus); + } else { + if (pdata) + bp->mii_bus->phy_mask = pdata->phy_mask; + + err = of_mdiobus_register(bp->mii_bus, np); + } - err = of_mdiobus_register(bp->mii_bus, np); if (err) goto err_out_free_mdiobus; @@ -606,9 +612,9 @@ static int macb_mii_init(struct macb *bp) err_out_unregister_bus: mdiobus_unregister(bp->mii_bus); +err_out_free_mdiobus: if (np && of_phy_is_fixed_link(np)) of_phy_deregister_fixed_link(np); -err_out_free_mdiobus: of_node_put(bp->phy_node); mdiobus_free(bp->mii_bus); err_out: -- 2.18.0

7 years, 1 month

5
8
0 0

[PATCH v2 1/2] i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes

by Hans de Goede

acpi_gsb_i2c_write_bytes() returns i2c_transfer()'s return value, which is the number of transfers executed on success, so 1. The ACPI code expects us to store 0 in gsb->status for success, not 1. Specifically this breaks the following code in the Thinkpad 8 DSDT: ECWR = I2CW = ECWR /* \_SB_.I2C1.BAT0.ECWR */ If ((ECST == Zero)) { ECRD = I2CR /* \_SB_.I2C1.I2CR */ } Before this commit we set ECST to 1, causing the read to never happen breaking battery monitoring on the Thinkpad 8. This commit makes acpi_gsb_i2c_write_bytes() return 0 when i2c_transfer() returns 1, so the single write transfer completed successfully, and makes it return -EIO on for other (unexpected) return values >= 0. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- Changes in v2: -Modify the value which acpi_gsb_i2c_write_bytes() returns instead of checking + modifying the return value in its caller --- drivers/i2c/i2c-core-acpi.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index 7c3b4740b94b..b8f303dea305 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -482,11 +482,16 @@ static int acpi_gsb_i2c_write_bytes(struct i2c_client *client, msgs[0].buf = buffer; ret = i2c_transfer(client->adapter, msgs, ARRAY_SIZE(msgs)); - if (ret < 0) - dev_err(&client->adapter->dev, "i2c write failed\n"); kfree(buffer); - return ret; + + if (ret < 0) { + dev_err(&client->adapter->dev, "i2c write failed: %d\n", ret); + return ret; + } + + /* 1 transfer must have completed successfully */ + return (ret == 1) ? 0 : -EIO; } static acpi_status -- 2.18.0

7 years, 1 month

4
4
0 0

[PATCH] drm: sun4i: exclusively set HDMI-related clocks for dw-hdmi

by Icenowy Zheng

The glue in sun4i-drm of dw-hdmi currently doesn't set the clocks of dw-hdmi exclusively, which will lead the display fails to initialize in some situations. Add the exclusivity to sun8i-dw-hdmi and sun8i-hdmi-phy. Cc: stable(a)vger.kernel.org # v4.17+ Signed-off-by: Icenowy Zheng <icenowy(a)aosc.io> --- drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c | 11 ++++++++++- drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c | 7 +++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c index 31875b636434..a10220518548 100644 --- a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c +++ b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c @@ -137,10 +137,16 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master, goto err_assert_ctrl_reset; } + ret = clk_rate_exclusive_get(hdmi->clk_tmds); + if (ret) { + dev_err(dev, "Could not get exclusivity over the tmds clock\n"); + goto err_disable_clk_tmds; + } + phy_node = of_parse_phandle(dev->of_node, "phys", 0); if (!phy_node) { dev_err(dev, "Can't found PHY phandle\n"); - goto err_disable_clk_tmds; + goto err_put_clk_tmds_exclusivity; } ret = sun8i_hdmi_phy_probe(hdmi, phy_node); @@ -179,6 +185,8 @@ static int sun8i_dw_hdmi_bind(struct device *dev, struct device *master, cleanup_encoder: drm_encoder_cleanup(encoder); sun8i_hdmi_phy_remove(hdmi); +err_put_clk_tmds_exclusivity: + clk_rate_exclusive_put(hdmi->clk_tmds); err_disable_clk_tmds: clk_disable_unprepare(hdmi->clk_tmds); err_assert_ctrl_reset: @@ -194,6 +202,7 @@ static void sun8i_dw_hdmi_unbind(struct device *dev, struct device *master, dw_hdmi_unbind(hdmi->hdmi); sun8i_hdmi_phy_remove(hdmi); + clk_rate_exclusive_put(hdmi->clk_tmds); clk_disable_unprepare(hdmi->clk_tmds); reset_control_assert(hdmi->rst_ctrl); } diff --git a/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c b/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c index 82502b351aec..1e0b1d9bc0fb 100644 --- a/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c +++ b/drivers/gpu/drm/sun4i/sun8i_hdmi_phy.c @@ -511,13 +511,14 @@ int sun8i_hdmi_phy_probe(struct sun8i_dw_hdmi *hdmi, struct device_node *node) } clk_prepare_enable(phy->clk_phy); + clk_rate_exclusive_get(phy->clk_phy); } phy->rst_phy = of_reset_control_get_shared(node, "phy"); if (IS_ERR(phy->rst_phy)) { dev_err(dev, "Could not get phy reset control\n"); ret = PTR_ERR(phy->rst_phy); - goto err_disable_clk_phy; + goto err_put_clk_phy_exclusivity; } ret = reset_control_deassert(phy->rst_phy); @@ -548,7 +549,8 @@ int sun8i_hdmi_phy_probe(struct sun8i_dw_hdmi *hdmi, struct device_node *node) reset_control_assert(phy->rst_phy); err_put_rst_phy: reset_control_put(phy->rst_phy); -err_disable_clk_phy: +err_put_clk_phy_exclusivity: + clk_rate_exclusive_put(phy->clk_phy); clk_disable_unprepare(phy->clk_phy); err_put_clk_pll1: clk_put(phy->clk_pll1); @@ -568,6 +570,7 @@ void sun8i_hdmi_phy_remove(struct sun8i_dw_hdmi *hdmi) clk_disable_unprepare(phy->clk_mod); clk_disable_unprepare(phy->clk_bus); + clk_rate_exclusive_put(phy->clk_phy); clk_disable_unprepare(phy->clk_phy); reset_control_assert(phy->rst_phy); -- 2.18.0

7 years, 1 month

3
5
0 0

[PATCH v2] drm/i915: Increase LSPCON timeout

by Fredrik Schön

100 ms is not enough time for the LSPCON adapter on Intel NUC devices to settle. This causes dropped display modes at boot or screen reconfiguration. Empirical testing can reproduce the error up to a timeout of 190 ms. Basic boot and stress testing at 200 ms has not (yet) failed. Increase timeout to 400 ms to get some margin of error. Changes from v1: The initial suggestion of 1000 ms was lowered due to concerns about delaying valid timeout cases. Update patch metadata. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392 Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle") Cc: Shashank Sharma <shashank.sharma(a)intel.com> Cc: Imre Deak <imre.deak(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.11+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Fredrik Schön <fredrik.schon(a)gmail.com> --- drivers/gpu/drm/i915/intel_lspcon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_lspcon.c b/drivers/gpu/drm/i915/intel_lspcon.c index 8ae8f42f430a..6b6758419fb3 100644 --- a/drivers/gpu/drm/i915/intel_lspcon.c +++ b/drivers/gpu/drm/i915/intel_lspcon.c @@ -74,7 +74,7 @@ static enum drm_lspcon_mode lspcon_wait_mode(struct intel_lspcon *lspcon, DRM_DEBUG_KMS("Waiting for LSPCON mode %s to settle\n", lspcon_mode_name(mode)); - wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 100); + wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 400); if (current_mode != mode) DRM_ERROR("LSPCON mode hasn't settled\n"); -- 2.17.1

7 years, 1 month

3
2
0 0

[PATCH] mac80211: don't update the PM state of a peer upon a multicast frame

by Emmanuel Grumbach

I changed the way mac80211 updates the PM state of the peer. I forgot that we could also have multicast frames from the peer and that those frame should of course not change the PM state of the peer: A peer goes to power save when it needs to scan, but it won't send the broadcast Probe Request with the PM bit set. This made us mark the peer as awake when it wasn't and then Intel's firmware would fail to transmit because the peer is asleep according to its database. The driver warned about this and it looked like this: WARNING: CPU: 0 PID: 184 at /usr/src/linux-4.16.14/drivers/net/wireless/intel/iwlwifi/mvm/tx.c:1369 iwl_mvm_rx_tx_cmd+0x53b/0x860 CPU: 0 PID: 184 Comm: irq/124-iwlwifi Not tainted 4.16.14 #1 RIP: 0010:iwl_mvm_rx_tx_cmd+0x53b/0x860 Call Trace: iwl_pcie_rx_handle+0x220/0x880 iwl_pcie_irq_handler+0x6c9/0xa20 ? irq_forced_thread_fn+0x60/0x60 ? irq_thread_dtor+0x90/0x90 The relevant code that spits the WARNING is: case TX_STATUS_FAIL_DEST_PS: /* the FW should have stopped the queue and not * return this status */ WARN_ON(1); info->flags |= IEEE80211_TX_STAT_TX_FILTERED; This fixes https://bugzilla.kernel.org/show_bug.cgi?id=199967. Fixes: 9fef65443388 ("mac80211: always update the PM state of a peer on MGMT / DATA frames") Cc: <stable(a)vger.kernel.org> #4.16+ Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> --- net/mac80211/rx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index a16ba56..3cf6027 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1728,6 +1728,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) */ if (!ieee80211_hw_check(&sta->local->hw, AP_LINK_PS) && !ieee80211_has_morefrags(hdr->frame_control) && + !is_multicast_ether_addr(hdr->addr1) && (ieee80211_is_mgmt(hdr->frame_control) || ieee80211_is_data(hdr->frame_control)) && !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) && -- 2.7.4

7 years, 1 month

1
0
0 0

Add "regulator: arizona-ldo1: Use correct device to get enable GPIO" to 4.18 stable tree

by Matthias Reichl

It seems the arizona-ldo1 ldoena fix hasn't made it into 4.18. It was added to 4.19/mainline, though: commit a9191579ba1086d91842199263e6fe6bb5eec1ba Author: Charles Keepax <ckeepax(a)opensource.cirrus.com> Date: Tue Jun 19 16:10:00 2018 +0100 regulator: arizona-ldo1: Use correct device to get enable GPIO Could you please add this commit to the 4.18 stable queue? Without this fix LDO control via GPIO is broken and Arizona devices can't be used as no power is applied. I tested locally with a WM5102 (Cirrus Logic Audio Card on RPi), with stock 4.18 tree device detection fails: [ 6.075981] arizona spi0.1: Unknown device ID: 0 with this commit added to 4.18 the WM5102 is detected fine: [ 6.060887] arizona spi0.1: WM5102 revision C so long & thanks, Hias

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] media: gl861: fix probe of dvb_usb_gl861" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 48db0089bff6f9154f6bd98ce7a6ae3786fa8ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20B=C3=A5tsman?= <mika.batsman(a)gmail.com> Date: Wed, 16 May 2018 16:32:19 -0400 Subject: [PATCH] media: gl861: fix probe of dvb_usb_gl861 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] [mchehab+samsung(a)kernel.org: rebased on the top of upstream] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index 9d154fdae45b..fee4b30df778 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -26,10 +26,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + buf = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + buf = kmalloc(rlen, GFP_KERNEL); } + if (!buf) + return -ENOMEM; switch (wlen) { case 1: @@ -42,24 +46,19 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, default: dev_err(&d->udev->dev, "%s: wlen=%d, aborting\n", KBUILD_MODNAME, wlen); + kfree(buf); return -EINVAL; } - buf = NULL; - if (rlen > 0) { - buf = kmalloc(rlen, GFP_KERNEL); - if (!buf) - return -ENOMEM; - } + usleep_range(1000, 2000); /* avoid I2C errors */ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, value, index, buf, rlen, 2000); - if (rlen > 0) { - if (ret > 0) - memcpy(rbuf, buf, rlen); - kfree(buf); - } + if (!wo && ret > 0) + memcpy(rbuf, buf, rlen); + + kfree(buf); return ret; }

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] media: gl861: fix probe of dvb_usb_gl861" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 48db0089bff6f9154f6bd98ce7a6ae3786fa8ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20B=C3=A5tsman?= <mika.batsman(a)gmail.com> Date: Wed, 16 May 2018 16:32:19 -0400 Subject: [PATCH] media: gl861: fix probe of dvb_usb_gl861 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] [mchehab+samsung(a)kernel.org: rebased on the top of upstream] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index 9d154fdae45b..fee4b30df778 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -26,10 +26,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + buf = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + buf = kmalloc(rlen, GFP_KERNEL); } + if (!buf) + return -ENOMEM; switch (wlen) { case 1: @@ -42,24 +46,19 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, default: dev_err(&d->udev->dev, "%s: wlen=%d, aborting\n", KBUILD_MODNAME, wlen); + kfree(buf); return -EINVAL; } - buf = NULL; - if (rlen > 0) { - buf = kmalloc(rlen, GFP_KERNEL); - if (!buf) - return -ENOMEM; - } + usleep_range(1000, 2000); /* avoid I2C errors */ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, value, index, buf, rlen, 2000); - if (rlen > 0) { - if (ret > 0) - memcpy(rbuf, buf, rlen); - kfree(buf); - } + if (!wo && ret > 0) + memcpy(rbuf, buf, rlen); + + kfree(buf); return ret; }

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] media: gl861: fix probe of dvb_usb_gl861" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 48db0089bff6f9154f6bd98ce7a6ae3786fa8ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20B=C3=A5tsman?= <mika.batsman(a)gmail.com> Date: Wed, 16 May 2018 16:32:19 -0400 Subject: [PATCH] media: gl861: fix probe of dvb_usb_gl861 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] [mchehab+samsung(a)kernel.org: rebased on the top of upstream] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index 9d154fdae45b..fee4b30df778 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -26,10 +26,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + buf = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + buf = kmalloc(rlen, GFP_KERNEL); } + if (!buf) + return -ENOMEM; switch (wlen) { case 1: @@ -42,24 +46,19 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, default: dev_err(&d->udev->dev, "%s: wlen=%d, aborting\n", KBUILD_MODNAME, wlen); + kfree(buf); return -EINVAL; } - buf = NULL; - if (rlen > 0) { - buf = kmalloc(rlen, GFP_KERNEL); - if (!buf) - return -ENOMEM; - } + usleep_range(1000, 2000); /* avoid I2C errors */ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, value, index, buf, rlen, 2000); - if (rlen > 0) { - if (ret > 0) - memcpy(rbuf, buf, rlen); - kfree(buf); - } + if (!wo && ret > 0) + memcpy(rbuf, buf, rlen); + + kfree(buf); return ret; }

7 years, 1 month

1
0
0 0

Fwd: [PATCH 1/2] ALSA: hda - Turn CX8200 into D3 as well upon reboot

by Ju Hyung Park

Hi, It's commit d77a4b4a5b0b2ebcbc9840995d91311ef28302ab and f59cf9a0551dd954ad8b752461cf19d9789f4b1d, both which are already merged in Linus's tree. I can't think of a reason why you would have missed this other than the fact that I've used "Cc: <stable(a)vger.kernel.org>" instead of "Cc: stable(a)vger.kernel.org". I doubt it, but would this be the reason? Thanks, On Sat, Aug 18, 2018 at 11:38 PM Greg KH <gregkh(a)linuxfoundation.org> wrote: > > On Sat, Aug 18, 2018 at 11:29:11PM +0900, Ju Hyung Park wrote: > > Hi, Greg. > > > > I'd like to know if there's a reason on why these ALSA patches(2 in > > total) aren't brought to linux-stable yet. > > What specific patches are you referring to here? I do not see anything > in this email :( > > What is the git commit id in Linus's tree? What stable tree(s) do you > want them applied to? > > > I see a lot of patches merged to linux-stable and stable-queue that > > are much newer than those patches. > > > > I'd appreciate it if you can merge those ASAP. > > Have you read: > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > for how to do this properly? > > If not, please do so. > > thanks, > > greg k-h

7 years, 1 month

2
1
0 0

Fwd: [PATCH 1/2] ALSA: hda - Turn CX8200 into D3 as well upon reboot

by Ju Hyung Park

Oh, and I forgot to add: this would better be applied to every stable trees, if applicable (probably by checking if the commit f6b28e4ded45bb91bc4cd115d55e35badedfce5f is already merged). Thanks again. On Sat, Aug 18, 2018 at 11:38 PM Greg KH <gregkh(a)linuxfoundation.org> wrote: > > On Sat, Aug 18, 2018 at 11:29:11PM +0900, Ju Hyung Park wrote: > > Hi, Greg. > > > > I'd like to know if there's a reason on why these ALSA patches(2 in > > total) aren't brought to linux-stable yet. > > What specific patches are you referring to here? I do not see anything > in this email :( > > What is the git commit id in Linus's tree? What stable tree(s) do you > want them applied to? > > > I see a lot of patches merged to linux-stable and stable-queue that > > are much newer than those patches. > > > > I'd appreciate it if you can merge those ASAP. > > Have you read: > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html > for how to do this properly? > > If not, please do so. > > thanks, > > greg k-h

7 years, 1 month

1
0
0 0

[PATCH 4.4 00/13] 4.4.149-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.149 release. There are 13 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 18 17:16:16 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.149-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.149-rc1 Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Add TLB purge to free pmd/pte page interfaces Chintan Pandya <cpandya(a)codeaurora.org> ioremap: Update pgtable free interfaces with addr Mark Salyzyn <salyzyn(a)android.com> Bluetooth: hidp: buffer overflow in hidp_process_report Thierry Escande <thierry.escande(a)collabora.com> ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization Eric Biggers <ebiggers(a)google.com> crypto: ablkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: blkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: vmac - separate tfm and request context Eric Biggers <ebiggers(a)google.com> crypto: vmac - require a block cipher with 128-bit block size Randy Dunlap <rdunlap(a)infradead.org> kbuild: verify that $DEPMOD is installed Liwei Song <liwei.song(a)windriver.com> i2c: ismt: fix wrong device address when unmap the data buffer Andrey Konovalov <andreyknvl(a)google.com> kasan: don't emit builtin calls when sanitization is off Takashi Iwai <tiwai(a)suse.de> tcp: Fix missing range_truesize enlargement in the backport Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Disable ioremap free page handling on x86-PAE ------------- Diffstat: Documentation/Changes | 17 +- Makefile | 7 +- arch/arm64/mm/mmu.c | 4 +- arch/x86/mm/pgtable.c | 61 +++- crypto/ablkcipher.c | 57 ++-- crypto/blkcipher.c | 54 ++-- crypto/vmac.c | 412 ++++++++++++--------------- drivers/i2c/busses/i2c-ismt.c | 2 +- include/asm-generic/pgtable.h | 8 +- include/crypto/vmac.h | 63 ---- lib/ioremap.c | 4 +- net/bluetooth/hidp/core.c | 4 +- net/ipv4/tcp_input.c | 1 + scripts/Makefile.kasan | 3 + scripts/Makefile.lib | 2 +- scripts/depmod.sh | 8 +- sound/soc/intel/boards/cht_bsw_max98090_ti.c | 45 ++- 17 files changed, 354 insertions(+), 398 deletions(-)

7 years, 1 month

3
15
0 0

[PATCH 4.18 00/22] 4.18.2-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.2 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 18 17:15:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.2-rc1 Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Add TLB purge to free pmd/pte page interfaces Chintan Pandya <cpandya(a)codeaurora.org> ioremap: Update pgtable free interfaces with addr Mark Salyzyn <salyzyn(a)android.com> Bluetooth: hidp: buffer overflow in hidp_process_report Eric Biggers <ebiggers(a)google.com> crypto: skcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: skcipher - fix aligning block size in skcipher_copy_iv() Eric Biggers <ebiggers(a)google.com> crypto: ablkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: blkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: vmac - separate tfm and request context Eric Biggers <ebiggers(a)google.com> crypto: vmac - require a block cipher with 128-bit block size Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix command completion detection race Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Check for NULL PSP pointer at module unload Gilad Ben-Yossef <gilad(a)benyossef.com> crypto: ccree - fix iv handling Hadar Gat <hadar.gat(a)arm.com> crypto: ccree - fix finup Randy Dunlap <rdunlap(a)infradead.org> kbuild: verify that $DEPMOD is installed Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Disable ioremap free page handling on x86-PAE M. Vefa Bicakci <m.v.b(a)runbox.com> xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/pti: Clear Global bit more aggressively Dou Liyang <douly.fnst(a)cn.fujitsu.com> x86/platform/UV: Mark memblock related init code and data correctly Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() Guenter Roeck <linux(a)roeck-us.net> x86: i8259: Add missing include file Guenter Roeck <linux(a)roeck-us.net> x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled ------------- Diffstat: Documentation/process/changes.rst | 19 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 4 +- .../crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 2 +- arch/x86/hyperv/mmu.c | 5 + arch/x86/include/asm/i8259.h | 1 + arch/x86/kernel/apic/x2apic_uv_x.c | 4 +- arch/x86/kernel/cpu/bugs.c | 3 +- arch/x86/kernel/cpu/common.c | 2 +- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/mm/pageattr.c | 6 + arch/x86/mm/pgtable.c | 61 ++- arch/x86/mm/pti.c | 34 +- arch/x86/xen/enlighten_pv.c | 3 + crypto/ablkcipher.c | 57 ++- crypto/blkcipher.c | 54 ++- crypto/skcipher.c | 55 +-- crypto/vmac.c | 412 +++++++++------------ drivers/crypto/ccp/psp-dev.c | 7 +- drivers/crypto/ccree/cc_cipher.c | 111 ++++-- drivers/crypto/ccree/cc_hash.c | 81 +--- include/asm-generic/pgtable.h | 8 +- include/crypto/vmac.h | 63 ---- lib/ioremap.c | 4 +- net/bluetooth/hidp/core.c | 4 +- scripts/depmod.sh | 8 +- 26 files changed, 494 insertions(+), 519 deletions(-)

7 years, 1 month

3
26
0 0

[PATCH 4.9 00/15] 4.9.121-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.121 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 18 17:16:11 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.121-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.121-rc1 Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Add TLB purge to free pmd/pte page interfaces Chintan Pandya <cpandya(a)codeaurora.org> ioremap: Update pgtable free interfaces with addr Mark Salyzyn <salyzyn(a)android.com> Bluetooth: hidp: buffer overflow in hidp_process_report Thierry Escande <thierry.escande(a)collabora.com> ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization Eric Biggers <ebiggers(a)google.com> crypto: ablkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: blkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: vmac - separate tfm and request context Eric Biggers <ebiggers(a)google.com> crypto: vmac - require a block cipher with 128-bit block size Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() Randy Dunlap <rdunlap(a)infradead.org> kbuild: verify that $DEPMOD is installed Liwei Song <liwei.song(a)windriver.com> i2c: ismt: fix wrong device address when unmap the data buffer Andrey Konovalov <andreyknvl(a)google.com> kasan: don't emit builtin calls when sanitization is off Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Disable ioremap free page handling on x86-PAE Guenter Roeck <linux(a)roeck-us.net> x86: i8259: Add missing include file Guenter Roeck <linux(a)roeck-us.net> x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled ------------- Diffstat: Documentation/Changes | 19 +- Makefile | 7 +- arch/arm64/mm/mmu.c | 4 +- .../crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 2 +- arch/x86/include/asm/i8259.h | 1 + arch/x86/kernel/cpu/bugs.c | 3 +- arch/x86/mm/pgtable.c | 61 ++- crypto/ablkcipher.c | 57 ++- crypto/blkcipher.c | 54 ++- crypto/vmac.c | 412 +++++++++------------ drivers/i2c/busses/i2c-ismt.c | 2 +- include/asm-generic/pgtable.h | 8 +- include/crypto/vmac.h | 63 ---- lib/ioremap.c | 4 +- net/bluetooth/hidp/core.c | 4 +- scripts/Makefile.kasan | 3 + scripts/Makefile.lib | 2 +- scripts/depmod.sh | 8 +- sound/soc/intel/boards/cht_bsw_max98090_ti.c | 45 ++- 19 files changed, 357 insertions(+), 402 deletions(-)

7 years, 1 month

4
18
0 0

Re: [PATCH 1/2] ALSA: hda - Turn CX8200 into D3 as well upon reboot

by Ju Hyung Park

Hi, Greg. I'd like to know if there's a reason on why these ALSA patches(2 in total) aren't brought to linux-stable yet. I see a lot of patches merged to linux-stable and stable-queue that are much newer than those patches. I'd appreciate it if you can merge those ASAP. Thanks, On Sat, Aug 18, 2018 at 6:17 AM Takashi Iwai <tiwai(a)suse.de> wrote: > > On Fri, 17 Aug 2018 22:40:02 +0200, > Ju Hyung Park wrote: > > > > Hi, I'm still a bit confused. > > > > Can I ask why are these patches still yet to appear in linux-stable > > and stable-queue? > > I see those are already merged in Torvalds' tree. > > Greg has been also busy due to so many patches, give him some time. > If the patch is still missing in the next release, feel free to ping > him. > > > Takashi > > > > > Thanks, > > > > On Wed, Aug 1, 2018 at 10:14 PM Takashi Iwai <tiwai(a)suse.de> wrote: > > > > > > On Wed, 01 Aug 2018 15:13:21 +0200, > > > Ju Hyung Park wrote: > > > > > > > > On Wed, Aug 1, 2018 at 10:09 PM, Takashi Iwai <tiwai(a)suse.de> wrote: > > > > > > > > > > It's likely postponed to 4.19 unless any critical issue comes up. > > > > > If it were before rc5, I could push for 4.18, but it's already in a > > > > > too late stage. These are no new breakage in 4.18-rc, after all. > > > > > > > > Makes sense, but I'd like to see these being pushed to linux-stable ASAP. > > > > > > > > Would I have to wait for 4.19-rc1 before that happens? > > > > > > Yes. > > > > > > > > > Takashi > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > thanks, > > > > > > > > > > Takashi > > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > On Sun, Jul 29, 2018 at 1:58 AM, Takashi Iwai <tiwai(a)suse.de> wrote: > > > > > > > > > > > > > On Fri, 27 Jul 2018 20:16:21 +0200, > > > > > > > Park Ju Hyung wrote: > > > > > > > > > > > > > > > > As an equivalent codec with CX20724, > > > > > > > > CX8200 is also subject to the reboot bug. > > > > > > > > > > > > > > > > Late 2017 and 2018 LG Gram and some HP Spectre laptops are known victims > > > > > > > > to this issue, causing extremely loud noises upon reboot. > > > > > > > > > > > > > > > > Now that we know that this bug is subject to multiple codecs, > > > > > > > > fix the comment as well. > > > > > > > > > > > > > > > > Signed-off-by: Park Ju Hyung <qkrwngud825(a)gmail.com> > > > > > > > > Cc: <stable(a)vger.kernel.org> > > > > > > > > > > > > > > Applied, thanks. > > > > > > > > > > > > > > > > > > > > > Takashi > > > > > > > > > > > > > [2 <text/html; UTF-8 (quoted-printable)>] > > > > > > > > > > > >

7 years, 1 month

2
1
0 0

[PATCH 4.14 00/22] 4.14.64-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.64 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 18 17:16:07 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.64-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.64-rc1 Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Add TLB purge to free pmd/pte page interfaces Chintan Pandya <cpandya(a)codeaurora.org> ioremap: Update pgtable free interfaces with addr Mark Salyzyn <salyzyn(a)android.com> Bluetooth: hidp: buffer overflow in hidp_process_report Thierry Escande <thierry.escande(a)collabora.com> ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization Jean-François Têtu <jean-francois.tetu(a)savoirfairelinux.com> ASoC: msm8916-wcd-digital: fix RX2 MIX1 and RX3 MIX1 Paolo Valente <paolo.valente(a)linaro.org> block, bfq: fix wrong init of saved start time for weight raising Alexander Syring <alex(a)asyring.de> clk: sunxi-ng: Fix missing CLK_SET_RATE_PARENT in ccu-sun4i-a10.c Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: fix ADG flags Marc-André Lureau <marcandre.lureau(a)redhat.com> fw_cfg: fix driver remove Thomas Gleixner <tglx(a)linutronix.de> sched/debug: Fix task state recording/printout James Morse <james.morse(a)arm.com> ACPI / APEI: Remove ghes_ioremap_area Eric Biggers <ebiggers(a)google.com> crypto: skcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: skcipher - fix aligning block size in skcipher_copy_iv() Eric Biggers <ebiggers(a)google.com> crypto: ablkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: blkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: vmac - separate tfm and request context Eric Biggers <ebiggers(a)google.com> crypto: vmac - require a block cipher with 128-bit block size Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() Randy Dunlap <rdunlap(a)infradead.org> kbuild: verify that $DEPMOD is installed Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Disable ioremap free page handling on x86-PAE Guenter Roeck <linux(a)roeck-us.net> x86: i8259: Add missing include file Guenter Roeck <linux(a)roeck-us.net> x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled ------------- Diffstat: Documentation/process/changes.rst | 19 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 4 +- .../crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 2 +- arch/x86/include/asm/i8259.h | 1 + arch/x86/kernel/cpu/bugs.c | 3 +- arch/x86/mm/pgtable.c | 61 ++- block/bfq-iosched.c | 50 ++- crypto/ablkcipher.c | 57 ++- crypto/blkcipher.c | 54 ++- crypto/skcipher.c | 51 +-- crypto/vmac.c | 412 +++++++++------------ drivers/acpi/apei/ghes.c | 39 +- drivers/clk/sunxi-ng/ccu-sun4i-a10.c | 2 +- drivers/firmware/qemu_fw_cfg.c | 3 +- include/asm-generic/pgtable.h | 8 +- include/crypto/vmac.h | 63 ---- include/trace/events/sched.h | 6 +- lib/ioremap.c | 4 +- net/bluetooth/hidp/core.c | 4 +- scripts/depmod.sh | 8 +- sound/soc/codecs/msm8916-wcd-digital.c | 4 +- sound/soc/intel/boards/cht_bsw_max98090_ti.c | 45 ++- sound/soc/sh/rcar/adg.c | 4 +- 24 files changed, 419 insertions(+), 489 deletions(-)

7 years, 1 month

3
22
0 0

[PATCH 4.17 00/21] 4.17.16-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.16 release. There are 21 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 18 17:16:02 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.16-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.16-rc1 Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Add TLB purge to free pmd/pte page interfaces Chintan Pandya <cpandya(a)codeaurora.org> ioremap: Update pgtable free interfaces with addr Mark Salyzyn <salyzyn(a)android.com> Bluetooth: hidp: buffer overflow in hidp_process_report Eric Biggers <ebiggers(a)google.com> crypto: skcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: skcipher - fix aligning block size in skcipher_copy_iv() Eric Biggers <ebiggers(a)google.com> crypto: ablkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: blkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: vmac - separate tfm and request context Eric Biggers <ebiggers(a)google.com> crypto: vmac - require a block cipher with 128-bit block size Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix command completion detection race Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Check for NULL PSP pointer at module unload Gilad Ben-Yossef <gilad(a)benyossef.com> crypto: ccree - fix iv handling Hadar Gat <hadar.gat(a)arm.com> crypto: ccree - fix finup Randy Dunlap <rdunlap(a)infradead.org> kbuild: verify that $DEPMOD is installed Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Disable ioremap free page handling on x86-PAE M. Vefa Bicakci <m.v.b(a)runbox.com> xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/pti: Clear Global bit more aggressively Dou Liyang <douly.fnst(a)cn.fujitsu.com> x86/platform/UV: Mark memblock related init code and data correctly Guenter Roeck <linux(a)roeck-us.net> x86: i8259: Add missing include file Guenter Roeck <linux(a)roeck-us.net> x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled ------------- Diffstat: Documentation/process/changes.rst | 19 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 4 +- .../crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S | 2 +- arch/x86/include/asm/i8259.h | 1 + arch/x86/kernel/apic/x2apic_uv_x.c | 4 +- arch/x86/kernel/cpu/bugs.c | 3 +- arch/x86/kernel/cpu/common.c | 2 +- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/mm/pageattr.c | 6 + arch/x86/mm/pgtable.c | 61 ++- arch/x86/mm/pti.c | 34 +- arch/x86/xen/enlighten_pv.c | 3 + crypto/ablkcipher.c | 57 ++- crypto/blkcipher.c | 54 ++- crypto/skcipher.c | 55 +-- crypto/vmac.c | 412 +++++++++------------ drivers/crypto/ccp/psp-dev.c | 7 +- drivers/crypto/ccree/cc_cipher.c | 111 ++++-- drivers/crypto/ccree/cc_hash.c | 81 +--- include/asm-generic/pgtable.h | 8 +- include/crypto/vmac.h | 63 ---- lib/ioremap.c | 4 +- net/bluetooth/hidp/core.c | 4 +- scripts/depmod.sh | 8 +- 25 files changed, 489 insertions(+), 519 deletions(-)

7 years, 1 month

3
23
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror