- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: keys-fix-null-pointer-dereference-during-asn.1-parsing.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 624f5ab8720b3371367327a822c267699c1823b8 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 7 Nov 2017 22:29:02 +0000 Subject: KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] From: Eric Biggers <ebiggers(a)google.com> commit 624f5ab8720b3371367327a822c267699c1823b8 upstream. syzkaller reported a NULL pointer dereference in asn1_ber_decoder(). It can be reproduced by the following command, assuming CONFIG_PKCS7_TEST_KEY=y: keyctl add pkcs7_test desc '' @s The bug is that if the data buffer is empty, an integer underflow occurs in the following check: if (unlikely(dp >= datalen - 1)) goto data_overrun_error; This results in the NULL data pointer being dereferenced. Fix it by checking for 'datalen - dp < 2' instead. Also fix the similar check for 'dp >= datalen - n' later in the same function. That one possibly could result in a buffer overread. The NULL pointer dereference was reproducible using the "pkcs7_test" key type but not the "asymmetric" key type because the "asymmetric" key type checks for a 0-length payload before calling into the ASN.1 decoder but the "pkcs7_test" key type does not. The bug report was: BUG: unable to handle kernel NULL pointer dereference at (null) IP: asn1_ber_decoder+0x17f/0xe60 lib/asn1_decoder.c:233 PGD 7b708067 P4D 7b708067 PUD 7b6ee067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: CPU: 0 PID: 522 Comm: syz-executor1 Not tainted 4.14.0-rc8 #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.3-20171021_125229-anatol 04/01/2014 task: ffff9b6b3798c040 task.stack: ffff9b6b37970000 RIP: 0010:asn1_ber_decoder+0x17f/0xe60 lib/asn1_decoder.c:233 RSP: 0018:ffff9b6b37973c78 EFLAGS: 00010216 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000021c RDX: ffffffff814a04ed RSI: ffffb1524066e000 RDI: ffffffff910759e0 RBP: ffff9b6b37973d60 R08: 0000000000000001 R09: ffff9b6b3caa4180 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f10ed1f2700(0000) GS:ffff9b6b3ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000007b6f3000 CR4: 00000000000006f0 Call Trace: pkcs7_parse_message+0xee/0x240 crypto/asymmetric_keys/pkcs7_parser.c:139 verify_pkcs7_signature+0x33/0x180 certs/system_keyring.c:216 pkcs7_preparse+0x41/0x70 crypto/asymmetric_keys/pkcs7_key_type.c:63 key_create_or_update+0x180/0x530 security/keys/key.c:855 SYSC_add_key security/keys/keyctl.c:122 [inline] SyS_add_key+0xbf/0x250 security/keys/keyctl.c:62 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x4585c9 RSP: 002b:00007f10ed1f1bd8 EFLAGS: 00000216 ORIG_RAX: 00000000000000f8 RAX: ffffffffffffffda RBX: 00007f10ed1f2700 RCX: 00000000004585c9 RDX: 0000000020000000 RSI: 0000000020008ffb RDI: 0000000020008000 RBP: 0000000000000000 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000216 R12: 00007fff1b2260ae R13: 00007fff1b2260af R14: 00007f10ed1f2700 R15: 0000000000000000 Code: dd ca ff 48 8b 45 88 48 83 e8 01 4c 39 f0 0f 86 a8 07 00 00 e8 53 dd ca ff 49 8d 46 01 48 89 85 58 ff ff ff 48 8b 85 60 ff ff ff <42> 0f b6 0c 30 89 c8 88 8d 75 ff ff ff 83 e0 1f 89 8d 28 ff ff RIP: asn1_ber_decoder+0x17f/0xe60 lib/asn1_decoder.c:233 RSP: ffff9b6b37973c78 CR2: 0000000000000000 Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- lib/asn1_decoder.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/lib/asn1_decoder.c +++ b/lib/asn1_decoder.c @@ -220,7 +220,7 @@ next_op: hdr = 2; /* Extract a tag from the data */ - if (unlikely(dp >= datalen - 1)) + if (unlikely(datalen - dp < 2)) goto data_overrun_error; tag = data[dp++]; if (unlikely((tag & 0x1f) == ASN1_LONG_TAG)) @@ -266,7 +266,7 @@ next_op: int n = len - 0x80; if (unlikely(n > 2)) goto length_too_long; - if (unlikely(dp >= datalen - n)) + if (unlikely(n > datalen - dp)) goto data_overrun_error; hdr += n; for (len = 0; n > 0; n--) { Patches currently in stable-queue which might be from ebiggers(a)google.com are queue-3.18/keys-trusted-sanitize-all-key-material.patch queue-3.18/keys-fix-null-pointer-dereference-during-asn.1-parsing.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: x86/sha1-mb - fix panic due to unaligned access" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: x86/sha1-mb - fix panic due to unaligned access to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-x86-sha1-mb-fix-panic-due-to-unaligned-access.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d041b557792c85677f17e08eee535eafbd6b9aa2 Mon Sep 17 00:00:00 2001 From: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Date: Mon, 16 Oct 2017 18:51:31 +0300 Subject: crypto: x86/sha1-mb - fix panic due to unaligned access From: Andrey Ryabinin <aryabinin(a)virtuozzo.com> commit d041b557792c85677f17e08eee535eafbd6b9aa2 upstream. struct sha1_ctx_mgr allocated in sha1_mb_mod_init() via kzalloc() and later passed in sha1_mb_flusher_mgr_flush_avx2() function where instructions vmovdqa used to access the struct. vmovdqa requires 16-bytes aligned argument, but nothing guarantees that struct sha1_ctx_mgr will have that alignment. Unaligned vmovdqa will generate GP fault. Fix this by replacing vmovdqa with vmovdqu which doesn't have alignment requirements. Fixes: 2249cbb53ead ("crypto: sha-mb - SHA1 multibuffer submit and flush routines for AVX2") Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- a/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S +++ b/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S @@ -174,8 +174,8 @@ LABEL skip_ %I .endr # Find min length - vmovdqa _lens+0*16(state), %xmm0 - vmovdqa _lens+1*16(state), %xmm1 + vmovdqu _lens+0*16(state), %xmm0 + vmovdqu _lens+1*16(state), %xmm1 vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A} vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C} @@ -195,8 +195,8 @@ LABEL skip_ %I vpsubd %xmm2, %xmm0, %xmm0 vpsubd %xmm2, %xmm1, %xmm1 - vmovdqa %xmm0, _lens+0*16(state) - vmovdqa %xmm1, _lens+1*16(state) + vmovdqu %xmm0, _lens+0*16(state) + vmovdqu %xmm1, _lens+1*16(state) # "state" and "args" are the same address, arg1 # len is arg2 @@ -260,8 +260,8 @@ ENTRY(sha1_mb_mgr_get_comp_job_avx2) jc .return_null # Find min length - vmovdqa _lens(state), %xmm0 - vmovdqa _lens+1*16(state), %xmm1 + vmovdqu _lens(state), %xmm0 + vmovdqu _lens+1*16(state), %xmm1 vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A} vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C} Patches currently in stable-queue which might be from aryabinin(a)virtuozzo.com are queue-3.18/crypto-x86-sha1-mb-fix-panic-due-to-unaligned-access.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ARM: 8720/1: ensure dump_instr() checks addr_limit" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8720/1: ensure dump_instr() checks addr_limit to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8720-1-ensure-dump_instr-checks-addr_limit.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b9dd05c7002ee0ca8b676428b2268c26399b5e31 Mon Sep 17 00:00:00 2001 From: Mark Rutland <mark.rutland(a)arm.com> Date: Thu, 2 Nov 2017 18:44:28 +0100 Subject: ARM: 8720/1: ensure dump_instr() checks addr_limit From: Mark Rutland <mark.rutland(a)arm.com> commit b9dd05c7002ee0ca8b676428b2268c26399b5e31 upstream. When CONFIG_DEBUG_USER is enabled, it's possible for a user to deliberately trigger dump_instr() with a chosen kernel address. Let's avoid problems resulting from this by using get_user() rather than __get_user(), ensuring that we don't erroneously access kernel memory. So that we can use the same code to dump user instructions and kernel instructions, the common dumping code is factored out to __dump_instr(), with the fs manipulated appropriately in dump_instr() around calls to this. Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/kernel/traps.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -132,30 +132,26 @@ static void dump_mem(const char *lvl, co set_fs(fs); } -static void dump_instr(const char *lvl, struct pt_regs *regs) +static void __dump_instr(const char *lvl, struct pt_regs *regs) { unsigned long addr = instruction_pointer(regs); const int thumb = thumb_mode(regs); const int width = thumb ? 4 : 8; - mm_segment_t fs; char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str; int i; /* - * We need to switch to kernel mode so that we can use __get_user - * to safely read from kernel space. Note that we now dump the - * code first, just in case the backtrace kills us. + * Note that we now dump the code first, just in case the backtrace + * kills us. */ - fs = get_fs(); - set_fs(KERNEL_DS); for (i = -4; i < 1 + !!thumb; i++) { unsigned int val, bad; if (thumb) - bad = __get_user(val, &((u16 *)addr)[i]); + bad = get_user(val, &((u16 *)addr)[i]); else - bad = __get_user(val, &((u32 *)addr)[i]); + bad = get_user(val, &((u32 *)addr)[i]); if (!bad) p += sprintf(p, i == 0 ? "(%0*x) " : "%0*x ", @@ -166,8 +162,20 @@ static void dump_instr(const char *lvl, } } printk("%sCode: %s\n", lvl, str); +} - set_fs(fs); +static void dump_instr(const char *lvl, struct pt_regs *regs) +{ + mm_segment_t fs; + + if (!user_mode(regs)) { + fs = get_fs(); + set_fs(KERNEL_DS); + __dump_instr(lvl, regs); + set_fs(fs); + } else { + __dump_instr(lvl, regs); + } } #ifdef CONFIG_ARM_UNWIND Patches currently in stable-queue which might be from mark.rutland(a)arm.com are queue-3.18/arm-8720-1-ensure-dump_instr-checks-addr_limit.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ALSA: seq: Fix OSS sysex delivery in OSS emulation" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: seq: Fix OSS sysex delivery in OSS emulation to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-seq-fix-oss-sysex-delivery-in-oss-emulation.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 132d358b183ac6ad8b3fea32ad5e0663456d18d1 Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Tue, 7 Nov 2017 16:05:24 +0100 Subject: ALSA: seq: Fix OSS sysex delivery in OSS emulation From: Takashi Iwai <tiwai(a)suse.de> commit 132d358b183ac6ad8b3fea32ad5e0663456d18d1 upstream. The SYSEX event delivery in OSS sequencer emulation assumed that the event is encoded in the variable-length data with the straight buffering. This was the normal behavior in the past, but during the development, the chained buffers were introduced for carrying more data, while the OSS code was left intact. As a result, when a SYSEX event with the chained buffer data is passed to OSS sequencer port, it may end up with the wrong memory access, as if it were having a too large buffer. This patch addresses the bug, by applying the buffer data expansion by the generic snd_seq_dump_var_event() helper function. Reported-by: syzbot <syzkaller(a)googlegroups.com> Reported-by: Mark Salyzyn <salyzyn(a)android.com> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/seq/oss/seq_oss_midi.c | 4 +--- sound/core/seq/oss/seq_oss_readq.c | 29 +++++++++++++++++++++++++++++ sound/core/seq/oss/seq_oss_readq.h | 2 ++ 3 files changed, 32 insertions(+), 3 deletions(-) --- a/sound/core/seq/oss/seq_oss_midi.c +++ b/sound/core/seq/oss/seq_oss_midi.c @@ -615,9 +615,7 @@ send_midi_event(struct seq_oss_devinfo * if (!dp->timer->running) len = snd_seq_oss_timer_start(dp->timer); if (ev->type == SNDRV_SEQ_EVENT_SYSEX) { - if ((ev->flags & SNDRV_SEQ_EVENT_LENGTH_MASK) == SNDRV_SEQ_EVENT_LENGTH_VARIABLE) - snd_seq_oss_readq_puts(dp->readq, mdev->seq_device, - ev->data.ext.ptr, ev->data.ext.len); + snd_seq_oss_readq_sysex(dp->readq, mdev->seq_device, ev); } else { len = snd_midi_event_decode(mdev->coder, msg, sizeof(msg), ev); if (len > 0) --- a/sound/core/seq/oss/seq_oss_readq.c +++ b/sound/core/seq/oss/seq_oss_readq.c @@ -120,6 +120,35 @@ snd_seq_oss_readq_puts(struct seq_oss_re } /* + * put MIDI sysex bytes; the event buffer may be chained, thus it has + * to be expanded via snd_seq_dump_var_event(). + */ +struct readq_sysex_ctx { + struct seq_oss_readq *readq; + int dev; +}; + +static int readq_dump_sysex(void *ptr, void *buf, int count) +{ + struct readq_sysex_ctx *ctx = ptr; + + return snd_seq_oss_readq_puts(ctx->readq, ctx->dev, buf, count); +} + +int snd_seq_oss_readq_sysex(struct seq_oss_readq *q, int dev, + struct snd_seq_event *ev) +{ + struct readq_sysex_ctx ctx = { + .readq = q, + .dev = dev + }; + + if ((ev->flags & SNDRV_SEQ_EVENT_LENGTH_MASK) != SNDRV_SEQ_EVENT_LENGTH_VARIABLE) + return 0; + return snd_seq_dump_var_event(ev, readq_dump_sysex, &ctx); +} + +/* * copy an event to input queue: * return zero if enqueued */ --- a/sound/core/seq/oss/seq_oss_readq.h +++ b/sound/core/seq/oss/seq_oss_readq.h @@ -44,6 +44,8 @@ void snd_seq_oss_readq_delete(struct seq void snd_seq_oss_readq_clear(struct seq_oss_readq *readq); unsigned int snd_seq_oss_readq_poll(struct seq_oss_readq *readq, struct file *file, poll_table *wait); int snd_seq_oss_readq_puts(struct seq_oss_readq *readq, int dev, unsigned char *data, int len); +int snd_seq_oss_readq_sysex(struct seq_oss_readq *q, int dev, + struct snd_seq_event *ev); int snd_seq_oss_readq_put_event(struct seq_oss_readq *readq, union evrec *ev); int snd_seq_oss_readq_put_timestamp(struct seq_oss_readq *readq, unsigned long curt, int seq_mode); int snd_seq_oss_readq_pick(struct seq_oss_readq *q, union evrec *rec); Patches currently in stable-queue which might be from tiwai(a)suse.de are queue-3.18/alsa-seq-avoid-invalid-lockdep-class-warning.patch queue-3.18/alsa-seq-fix-oss-sysex-delivery-in-oss-emulation.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ALSA: seq: Avoid invalid lockdep class warning" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: seq: Avoid invalid lockdep class warning to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-seq-avoid-invalid-lockdep-class-warning.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3510c7aa069aa83a2de6dab2b41401a198317bdc Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Mon, 6 Nov 2017 20:16:50 +0100 Subject: ALSA: seq: Avoid invalid lockdep class warning From: Takashi Iwai <tiwai(a)suse.de> commit 3510c7aa069aa83a2de6dab2b41401a198317bdc upstream. The recent fix for adding rwsem nesting annotation was using the given "hop" argument as the lock subclass key. Although the idea itself works, it may trigger a kernel warning like: BUG: looking up invalid subclass: 8 .... since the lockdep has a smaller number of subclasses (8) than we currently allow for the hops there (10). The current definition is merely a sanity check for avoiding the too deep delivery paths, and the 8 hops are already enough. So, as a quick fix, just follow the max hops as same as the max lockdep subclasses. Fixes: 1f20f9ff57ca ("ALSA: seq: Fix nested rwsem annotation for lockdep splat") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/sound/seq_kernel.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/include/sound/seq_kernel.h +++ b/include/sound/seq_kernel.h @@ -55,7 +55,8 @@ typedef union snd_seq_timestamp snd_seq_ #define SNDRV_SEQ_DEFAULT_CLIENT_EVENTS 200 /* max delivery path length */ -#define SNDRV_SEQ_MAX_HOPS 10 +/* NOTE: this shouldn't be greater than MAX_LOCKDEP_SUBCLASSES */ +#define SNDRV_SEQ_MAX_HOPS 8 /* max size of event size */ #define SNDRV_SEQ_MAX_EVENT_LEN 0x3fffffff Patches currently in stable-queue which might be from tiwai(a)suse.de are queue-3.18/alsa-seq-avoid-invalid-lockdep-class-warning.patch queue-3.18/alsa-seq-fix-oss-sysex-delivery-in-oss-emulation.patch

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH BACKPORT 4.1..4.9] MIPS: SMP: Fix deadlock & online race

by Greg KH

On Mon, Nov 06, 2017 at 09:15:14PM +0000, James Hogan wrote: > From: Matt Redfearn <matt.redfearn(a)imgtec.com> > > commit 9e8c399a88f0b87e41a894911475ed2a8f8dff9e upstream. > > Commit 6f542ebeaee0 ("MIPS: Fix race on setting and getting > cpu_online_mask") effectively reverted commit 8f46cca1e6c06 ("MIPS: SMP: > Fix possibility of deadlock when bringing CPUs online") and thus has > reinstated the possibility of deadlock. > > The commit was based on testing of kernel v4.4, where the CPU hotplug > core code issued a BUG() if the starting CPU is not marked online when > the boot CPU returns from __cpu_up. The commit fixes this race (in > v4.4), but re-introduces the deadlock situation. > > As noted in the commit message, upstream differs in this area. Commit > 8df3e07e7f21f ("cpu/hotplug: Let upcoming cpu bring itself fully up") > adds a completion event in the CPU hotplug core code, making this race > impossible. However, people were unhappy with relying on the core code > to do the right thing. > > To address the issues both commits were trying to fix, add a second > completion event in the MIPS smp hotplug path. It removes the > possibility of a race, since the MIPS smp hotplug code now synchronises > both the boot and secondary CPUs before they return to the hotplug core > code. It also addresses the deadlock by ensuring that the secondary CPU > is not marked online before it's counters are synchronised. > > This fix should also be backported to fix the race condition introduced > by the backport of commit 8f46cca1e6c06 ("MIPS: SMP: Fix possibility of > deadlock when bringing CPUs online"), through really that race only > existed before commit 8df3e07e7f21f ("cpu/hotplug: Let upcoming cpu > bring itself fully up"). > > Signed-off-by: Matt Redfearn <matt.redfearn(a)imgtec.com> > Fixes: 6f542ebeaee0 ("MIPS: Fix race on setting and getting cpu_online_mask") > CC: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext(a)nokia.com> > Cc: <stable(a)vger.kernel.org> # v4.1+: 8f46cca1e6c0: "MIPS: SMP: Fix possibility of deadlock when bringing CPUs online" > Cc: <stable(a)vger.kernel.org> # v4.1+: a00eeede507c: "MIPS: SMP: Use a completion event to signal CPU up" > Cc: <stable(a)vger.kernel.org> # v4.1+: 6f542ebeaee0: "MIPS: Fix race on setting and getting cpu_online_mask" These did not apply to 3.18, so this patch overall did not apply there either. I don't know if you care about 3.18, but if so, can you provide backports of these for that tree, and then resend this patch so I can queue it up? thanks, greg k-h

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH] USB: fix buffer overflows with parsing CDC headers

by Oliver Neukum

In newer kernels this issue has been fixed at a central location with commit 2e1c42391ff2556387b3cb6308b24f6f65619feb Author: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Thu Sep 21 16:58:48 2017 +0200 USB: core: harden cdc_parse_cdc_header on anything older the parsing had not been centralised, so a separate fix for each driver is necessary. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> --- drivers/net/usb/cdc_ether.c | 9 ++++++++- drivers/usb/class/cdc-acm.c | 8 +++++++- drivers/usb/class/cdc-wdm.c | 2 ++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c index 3651f3cd474e..0f2fde0820dd 100644 --- a/drivers/net/usb/cdc_ether.c +++ b/drivers/net/usb/cdc_ether.c @@ -144,6 +144,8 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) dev_dbg(&intf->dev, "extra CDC header\n"); goto bad_desc; } + if (len < sizeof(struct usb_cdc_header_desc)) + break; info->header = (void *) buf; if (info->header->bLength != sizeof(*info->header)) { dev_dbg(&intf->dev, "CDC header len %u\n", @@ -157,6 +159,8 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) */ if (rndis) { struct usb_cdc_acm_descriptor *acm; + if (len < sizeof(struct usb_cdc_acm_descriptor)) + break; acm = (void *) buf; if (acm->bmCapabilities) { @@ -173,6 +177,8 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) dev_dbg(&intf->dev, "extra CDC union\n"); goto bad_desc; } + if (len < sizeof(struct usb_cdc_union_desc)) + break; info->u = (void *) buf; if (info->u->bLength != sizeof(*info->u)) { dev_dbg(&intf->dev, "CDC union len %u\n", @@ -231,6 +237,8 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) dev_dbg(&intf->dev, "extra CDC ether\n"); goto bad_desc; } + if (len < sizeof(struct usb_cdc_ether_desc)) + break; info->ether = (void *) buf; if (info->ether->bLength != sizeof(*info->ether)) { dev_dbg(&intf->dev, "CDC ether len %u\n", @@ -248,7 +256,6 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) dev_dbg(&intf->dev, "extra MDLM descriptor\n"); goto bad_desc; } - desc = (void *)buf; if (desc->bLength != sizeof(*desc)) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index ea93b35b1c6d..8957ee57f62d 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1019,7 +1019,7 @@ static int acm_probe(struct usb_interface *intf, } } - while (buflen > 0) { + while (buflen >= 3) { /* minimum length making sense */ if (buffer[1] != USB_DT_CS_INTERFACE) { dev_err(&intf->dev, "skipping garbage\n"); goto next_desc; @@ -1027,6 +1027,8 @@ static int acm_probe(struct usb_interface *intf, switch (buffer[2]) { case USB_CDC_UNION_TYPE: /* we've found it */ + if (buflen < sizeof(struct usb_cdc_union_desc)) + break; if (union_header) { dev_err(&intf->dev, "More than one " "union descriptor, skipping ...\n"); @@ -1035,6 +1037,8 @@ static int acm_probe(struct usb_interface *intf, union_header = (struct usb_cdc_union_desc *)buffer; break; case USB_CDC_COUNTRY_TYPE: /* export through sysfs*/ + if (buflen < sizeof(struct usb_cdc_country_functional_desc)) + break; cfd = (struct usb_cdc_country_functional_desc *)buffer; break; case USB_CDC_HEADER_TYPE: /* maybe check version */ @@ -1043,6 +1047,8 @@ static int acm_probe(struct usb_interface *intf, ac_management_function = buffer[3]; break; case USB_CDC_CALL_MANAGEMENT_TYPE: + if (buflen < 4) + break; call_management_function = buffer[3]; call_interface_num = buffer[4]; if ((quirks & NOT_A_MODEM) == 0 && (call_management_function & 3) != 3) diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c index 07133d0c971b..f61b5e138bc7 100644 --- a/drivers/usb/class/cdc-wdm.c +++ b/drivers/usb/class/cdc-wdm.c @@ -851,6 +851,8 @@ static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id) case USB_CDC_HEADER_TYPE: break; case USB_CDC_DMM_TYPE: + if (buflen < sizeof(struct usb_cdc_dmm_desc)) + break; dmhd = (struct usb_cdc_dmm_desc *)buffer; maxcom = le16_to_cpu(dmhd->wMaxCommand); dev_dbg(&intf->dev, -- 2.13.6

7 years, 10 months

2
1
0 0

[Linux-stable-mirror] FAILED: patch "[PATCH] ALSA: timer: Limit max instances per timer" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9b7d869ee5a77ed4a462372bb89af622e705bfb8 Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Sun, 5 Nov 2017 10:07:43 +0100 Subject: [PATCH] ALSA: timer: Limit max instances per timer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we allow unlimited number of timer instances, and it may bring the system hogging way too much CPU when too many timer instances are opened and processed concurrently. This may end up with a soft-lockup report as triggered by syzkaller, especially when hrtimer backend is deployed. Since such insane number of instances aren't demanded by the normal use case of ALSA sequencer and it merely opens a risk only for abuse, this patch introduces the upper limit for the number of instances per timer backend. As default, it's set to 1000, but for the fine-grained timer like hrtimer, it's set to 100. Reported-by: syzbot Tested-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/include/sound/timer.h b/include/sound/timer.h index c4d76ff056c6..7ae226ab6990 100644 --- a/include/sound/timer.h +++ b/include/sound/timer.h @@ -90,6 +90,8 @@ struct snd_timer { struct list_head ack_list_head; struct list_head sack_list_head; /* slow ack list head */ struct tasklet_struct task_queue; + int max_instances; /* upper limit of timer instances */ + int num_instances; /* current number of timer instances */ }; struct snd_timer_instance { diff --git a/sound/core/hrtimer.c b/sound/core/hrtimer.c index 1ac0c423903e..6e47b823bcaa 100644 --- a/sound/core/hrtimer.c +++ b/sound/core/hrtimer.c @@ -159,6 +159,7 @@ static int __init snd_hrtimer_init(void) timer->hw = hrtimer_hw; timer->hw.resolution = resolution; timer->hw.ticks = NANO_SEC / resolution; + timer->max_instances = 100; /* lower the limit */ err = snd_timer_global_register(timer); if (err < 0) { diff --git a/sound/core/timer.c b/sound/core/timer.c index 6cdd04a45962..15e82a656d96 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -180,7 +180,7 @@ static void snd_timer_request(struct snd_timer_id *tid) * * call this with register_mutex down. */ -static void snd_timer_check_slave(struct snd_timer_instance *slave) +static int snd_timer_check_slave(struct snd_timer_instance *slave) { struct snd_timer *timer; struct snd_timer_instance *master; @@ -190,16 +190,21 @@ static void snd_timer_check_slave(struct snd_timer_instance *slave) list_for_each_entry(master, &timer->open_list_head, open_list) { if (slave->slave_class == master->slave_class && slave->slave_id == master->slave_id) { + if (master->timer->num_instances >= + master->timer->max_instances) + return -EBUSY; list_move_tail(&slave->open_list, &master->slave_list_head); + master->timer->num_instances++; spin_lock_irq(&slave_active_lock); slave->master = master; slave->timer = master->timer; spin_unlock_irq(&slave_active_lock); - return; + return 0; } } } + return 0; } /* @@ -208,7 +213,7 @@ static void snd_timer_check_slave(struct snd_timer_instance *slave) * * call this with register_mutex down. */ -static void snd_timer_check_master(struct snd_timer_instance *master) +static int snd_timer_check_master(struct snd_timer_instance *master) { struct snd_timer_instance *slave, *tmp; @@ -216,7 +221,11 @@ static void snd_timer_check_master(struct snd_timer_instance *master) list_for_each_entry_safe(slave, tmp, &snd_timer_slave_list, open_list) { if (slave->slave_class == master->slave_class && slave->slave_id == master->slave_id) { + if (master->timer->num_instances >= + master->timer->max_instances) + return -EBUSY; list_move_tail(&slave->open_list, &master->slave_list_head); + master->timer->num_instances++; spin_lock_irq(&slave_active_lock); spin_lock(&master->timer->lock); slave->master = master; @@ -228,8 +237,11 @@ static void snd_timer_check_master(struct snd_timer_instance *master) spin_unlock_irq(&slave_active_lock); } } + return 0; } +static int snd_timer_close_locked(struct snd_timer_instance *timeri); + /* * open a timer instance * when opening a master, the slave id must be here given. @@ -240,6 +252,7 @@ int snd_timer_open(struct snd_timer_instance **ti, { struct snd_timer *timer; struct snd_timer_instance *timeri = NULL; + int err; if (tid->dev_class == SNDRV_TIMER_CLASS_SLAVE) { /* open a slave instance */ @@ -259,10 +272,14 @@ int snd_timer_open(struct snd_timer_instance **ti, timeri->slave_id = tid->device; timeri->flags |= SNDRV_TIMER_IFLG_SLAVE; list_add_tail(&timeri->open_list, &snd_timer_slave_list); - snd_timer_check_slave(timeri); + err = snd_timer_check_slave(timeri); + if (err < 0) { + snd_timer_close_locked(timeri); + timeri = NULL; + } mutex_unlock(&register_mutex); *ti = timeri; - return 0; + return err; } /* open a master instance */ @@ -288,6 +305,10 @@ int snd_timer_open(struct snd_timer_instance **ti, return -EBUSY; } } + if (timer->num_instances >= timer->max_instances) { + mutex_unlock(&register_mutex); + return -EBUSY; + } timeri = snd_timer_instance_new(owner, timer); if (!timeri) { mutex_unlock(&register_mutex); @@ -314,25 +335,27 @@ int snd_timer_open(struct snd_timer_instance **ti, } list_add_tail(&timeri->open_list, &timer->open_list_head); - snd_timer_check_master(timeri); + timer->num_instances++; + err = snd_timer_check_master(timeri); + if (err < 0) { + snd_timer_close_locked(timeri); + timeri = NULL; + } mutex_unlock(&register_mutex); *ti = timeri; - return 0; + return err; } EXPORT_SYMBOL(snd_timer_open); /* * close a timer instance + * call this with register_mutex down. */ -int snd_timer_close(struct snd_timer_instance *timeri) +static int snd_timer_close_locked(struct snd_timer_instance *timeri) { struct snd_timer *timer = NULL; struct snd_timer_instance *slave, *tmp; - if (snd_BUG_ON(!timeri)) - return -ENXIO; - - mutex_lock(&register_mutex); list_del(&timeri->open_list); /* force to stop the timer */ @@ -340,6 +363,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) timer = timeri->timer; if (timer) { + timer->num_instances--; /* wait, until the active callback is finished */ spin_lock_irq(&timer->lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { @@ -355,6 +379,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) list_for_each_entry_safe(slave, tmp, &timeri->slave_list_head, open_list) { list_move_tail(&slave->open_list, &snd_timer_slave_list); + timer->num_instances--; slave->master = NULL; slave->timer = NULL; list_del_init(&slave->ack_list); @@ -382,9 +407,24 @@ int snd_timer_close(struct snd_timer_instance *timeri) module_put(timer->module); } - mutex_unlock(&register_mutex); return 0; } + +/* + * close a timer instance + */ +int snd_timer_close(struct snd_timer_instance *timeri) +{ + int err; + + if (snd_BUG_ON(!timeri)) + return -ENXIO; + + mutex_lock(&register_mutex); + err = snd_timer_close_locked(timeri); + mutex_unlock(&register_mutex); + return err; +} EXPORT_SYMBOL(snd_timer_close); unsigned long snd_timer_resolution(struct snd_timer_instance *timeri) @@ -856,6 +896,7 @@ int snd_timer_new(struct snd_card *card, char *id, struct snd_timer_id *tid, spin_lock_init(&timer->lock); tasklet_init(&timer->task_queue, snd_timer_tasklet, (unsigned long)timer); + timer->max_instances = 1000; /* default limit per timer */ if (card != NULL) { timer->module = card->module; err = snd_device_new(card, SNDRV_DEV_TIMER, timer, &ops);

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] FAILED: patch "[PATCH] ALSA: timer: Limit max instances per timer" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9b7d869ee5a77ed4a462372bb89af622e705bfb8 Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Sun, 5 Nov 2017 10:07:43 +0100 Subject: [PATCH] ALSA: timer: Limit max instances per timer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we allow unlimited number of timer instances, and it may bring the system hogging way too much CPU when too many timer instances are opened and processed concurrently. This may end up with a soft-lockup report as triggered by syzkaller, especially when hrtimer backend is deployed. Since such insane number of instances aren't demanded by the normal use case of ALSA sequencer and it merely opens a risk only for abuse, this patch introduces the upper limit for the number of instances per timer backend. As default, it's set to 1000, but for the fine-grained timer like hrtimer, it's set to 100. Reported-by: syzbot Tested-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/include/sound/timer.h b/include/sound/timer.h index c4d76ff056c6..7ae226ab6990 100644 --- a/include/sound/timer.h +++ b/include/sound/timer.h @@ -90,6 +90,8 @@ struct snd_timer { struct list_head ack_list_head; struct list_head sack_list_head; /* slow ack list head */ struct tasklet_struct task_queue; + int max_instances; /* upper limit of timer instances */ + int num_instances; /* current number of timer instances */ }; struct snd_timer_instance { diff --git a/sound/core/hrtimer.c b/sound/core/hrtimer.c index 1ac0c423903e..6e47b823bcaa 100644 --- a/sound/core/hrtimer.c +++ b/sound/core/hrtimer.c @@ -159,6 +159,7 @@ static int __init snd_hrtimer_init(void) timer->hw = hrtimer_hw; timer->hw.resolution = resolution; timer->hw.ticks = NANO_SEC / resolution; + timer->max_instances = 100; /* lower the limit */ err = snd_timer_global_register(timer); if (err < 0) { diff --git a/sound/core/timer.c b/sound/core/timer.c index 6cdd04a45962..15e82a656d96 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -180,7 +180,7 @@ static void snd_timer_request(struct snd_timer_id *tid) * * call this with register_mutex down. */ -static void snd_timer_check_slave(struct snd_timer_instance *slave) +static int snd_timer_check_slave(struct snd_timer_instance *slave) { struct snd_timer *timer; struct snd_timer_instance *master; @@ -190,16 +190,21 @@ static void snd_timer_check_slave(struct snd_timer_instance *slave) list_for_each_entry(master, &timer->open_list_head, open_list) { if (slave->slave_class == master->slave_class && slave->slave_id == master->slave_id) { + if (master->timer->num_instances >= + master->timer->max_instances) + return -EBUSY; list_move_tail(&slave->open_list, &master->slave_list_head); + master->timer->num_instances++; spin_lock_irq(&slave_active_lock); slave->master = master; slave->timer = master->timer; spin_unlock_irq(&slave_active_lock); - return; + return 0; } } } + return 0; } /* @@ -208,7 +213,7 @@ static void snd_timer_check_slave(struct snd_timer_instance *slave) * * call this with register_mutex down. */ -static void snd_timer_check_master(struct snd_timer_instance *master) +static int snd_timer_check_master(struct snd_timer_instance *master) { struct snd_timer_instance *slave, *tmp; @@ -216,7 +221,11 @@ static void snd_timer_check_master(struct snd_timer_instance *master) list_for_each_entry_safe(slave, tmp, &snd_timer_slave_list, open_list) { if (slave->slave_class == master->slave_class && slave->slave_id == master->slave_id) { + if (master->timer->num_instances >= + master->timer->max_instances) + return -EBUSY; list_move_tail(&slave->open_list, &master->slave_list_head); + master->timer->num_instances++; spin_lock_irq(&slave_active_lock); spin_lock(&master->timer->lock); slave->master = master; @@ -228,8 +237,11 @@ static void snd_timer_check_master(struct snd_timer_instance *master) spin_unlock_irq(&slave_active_lock); } } + return 0; } +static int snd_timer_close_locked(struct snd_timer_instance *timeri); + /* * open a timer instance * when opening a master, the slave id must be here given. @@ -240,6 +252,7 @@ int snd_timer_open(struct snd_timer_instance **ti, { struct snd_timer *timer; struct snd_timer_instance *timeri = NULL; + int err; if (tid->dev_class == SNDRV_TIMER_CLASS_SLAVE) { /* open a slave instance */ @@ -259,10 +272,14 @@ int snd_timer_open(struct snd_timer_instance **ti, timeri->slave_id = tid->device; timeri->flags |= SNDRV_TIMER_IFLG_SLAVE; list_add_tail(&timeri->open_list, &snd_timer_slave_list); - snd_timer_check_slave(timeri); + err = snd_timer_check_slave(timeri); + if (err < 0) { + snd_timer_close_locked(timeri); + timeri = NULL; + } mutex_unlock(&register_mutex); *ti = timeri; - return 0; + return err; } /* open a master instance */ @@ -288,6 +305,10 @@ int snd_timer_open(struct snd_timer_instance **ti, return -EBUSY; } } + if (timer->num_instances >= timer->max_instances) { + mutex_unlock(&register_mutex); + return -EBUSY; + } timeri = snd_timer_instance_new(owner, timer); if (!timeri) { mutex_unlock(&register_mutex); @@ -314,25 +335,27 @@ int snd_timer_open(struct snd_timer_instance **ti, } list_add_tail(&timeri->open_list, &timer->open_list_head); - snd_timer_check_master(timeri); + timer->num_instances++; + err = snd_timer_check_master(timeri); + if (err < 0) { + snd_timer_close_locked(timeri); + timeri = NULL; + } mutex_unlock(&register_mutex); *ti = timeri; - return 0; + return err; } EXPORT_SYMBOL(snd_timer_open); /* * close a timer instance + * call this with register_mutex down. */ -int snd_timer_close(struct snd_timer_instance *timeri) +static int snd_timer_close_locked(struct snd_timer_instance *timeri) { struct snd_timer *timer = NULL; struct snd_timer_instance *slave, *tmp; - if (snd_BUG_ON(!timeri)) - return -ENXIO; - - mutex_lock(&register_mutex); list_del(&timeri->open_list); /* force to stop the timer */ @@ -340,6 +363,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) timer = timeri->timer; if (timer) { + timer->num_instances--; /* wait, until the active callback is finished */ spin_lock_irq(&timer->lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { @@ -355,6 +379,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) list_for_each_entry_safe(slave, tmp, &timeri->slave_list_head, open_list) { list_move_tail(&slave->open_list, &snd_timer_slave_list); + timer->num_instances--; slave->master = NULL; slave->timer = NULL; list_del_init(&slave->ack_list); @@ -382,9 +407,24 @@ int snd_timer_close(struct snd_timer_instance *timeri) module_put(timer->module); } - mutex_unlock(&register_mutex); return 0; } + +/* + * close a timer instance + */ +int snd_timer_close(struct snd_timer_instance *timeri) +{ + int err; + + if (snd_BUG_ON(!timeri)) + return -ENXIO; + + mutex_lock(&register_mutex); + err = snd_timer_close_locked(timeri); + mutex_unlock(&register_mutex); + return err; +} EXPORT_SYMBOL(snd_timer_close); unsigned long snd_timer_resolution(struct snd_timer_instance *timeri) @@ -856,6 +896,7 @@ int snd_timer_new(struct snd_card *card, char *id, struct snd_timer_id *tid, spin_lock_init(&timer->lock); tasklet_init(&timer->task_queue, snd_timer_tasklet, (unsigned long)timer); + timer->max_instances = 1000; /* default limit per timer */ if (card != NULL) { timer->module = card->module; err = snd_device_new(card, SNDRV_DEV_TIMER, timer, &ops);

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] FAILED: patch "[PATCH] ALSA: timer: Limit max instances per timer" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9b7d869ee5a77ed4a462372bb89af622e705bfb8 Mon Sep 17 00:00:00 2001 From: Takashi Iwai <tiwai(a)suse.de> Date: Sun, 5 Nov 2017 10:07:43 +0100 Subject: [PATCH] ALSA: timer: Limit max instances per timer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we allow unlimited number of timer instances, and it may bring the system hogging way too much CPU when too many timer instances are opened and processed concurrently. This may end up with a soft-lockup report as triggered by syzkaller, especially when hrtimer backend is deployed. Since such insane number of instances aren't demanded by the normal use case of ALSA sequencer and it merely opens a risk only for abuse, this patch introduces the upper limit for the number of instances per timer backend. As default, it's set to 1000, but for the fine-grained timer like hrtimer, it's set to 100. Reported-by: syzbot Tested-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/include/sound/timer.h b/include/sound/timer.h index c4d76ff056c6..7ae226ab6990 100644 --- a/include/sound/timer.h +++ b/include/sound/timer.h @@ -90,6 +90,8 @@ struct snd_timer { struct list_head ack_list_head; struct list_head sack_list_head; /* slow ack list head */ struct tasklet_struct task_queue; + int max_instances; /* upper limit of timer instances */ + int num_instances; /* current number of timer instances */ }; struct snd_timer_instance { diff --git a/sound/core/hrtimer.c b/sound/core/hrtimer.c index 1ac0c423903e..6e47b823bcaa 100644 --- a/sound/core/hrtimer.c +++ b/sound/core/hrtimer.c @@ -159,6 +159,7 @@ static int __init snd_hrtimer_init(void) timer->hw = hrtimer_hw; timer->hw.resolution = resolution; timer->hw.ticks = NANO_SEC / resolution; + timer->max_instances = 100; /* lower the limit */ err = snd_timer_global_register(timer); if (err < 0) { diff --git a/sound/core/timer.c b/sound/core/timer.c index 6cdd04a45962..15e82a656d96 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -180,7 +180,7 @@ static void snd_timer_request(struct snd_timer_id *tid) * * call this with register_mutex down. */ -static void snd_timer_check_slave(struct snd_timer_instance *slave) +static int snd_timer_check_slave(struct snd_timer_instance *slave) { struct snd_timer *timer; struct snd_timer_instance *master; @@ -190,16 +190,21 @@ static void snd_timer_check_slave(struct snd_timer_instance *slave) list_for_each_entry(master, &timer->open_list_head, open_list) { if (slave->slave_class == master->slave_class && slave->slave_id == master->slave_id) { + if (master->timer->num_instances >= + master->timer->max_instances) + return -EBUSY; list_move_tail(&slave->open_list, &master->slave_list_head); + master->timer->num_instances++; spin_lock_irq(&slave_active_lock); slave->master = master; slave->timer = master->timer; spin_unlock_irq(&slave_active_lock); - return; + return 0; } } } + return 0; } /* @@ -208,7 +213,7 @@ static void snd_timer_check_slave(struct snd_timer_instance *slave) * * call this with register_mutex down. */ -static void snd_timer_check_master(struct snd_timer_instance *master) +static int snd_timer_check_master(struct snd_timer_instance *master) { struct snd_timer_instance *slave, *tmp; @@ -216,7 +221,11 @@ static void snd_timer_check_master(struct snd_timer_instance *master) list_for_each_entry_safe(slave, tmp, &snd_timer_slave_list, open_list) { if (slave->slave_class == master->slave_class && slave->slave_id == master->slave_id) { + if (master->timer->num_instances >= + master->timer->max_instances) + return -EBUSY; list_move_tail(&slave->open_list, &master->slave_list_head); + master->timer->num_instances++; spin_lock_irq(&slave_active_lock); spin_lock(&master->timer->lock); slave->master = master; @@ -228,8 +237,11 @@ static void snd_timer_check_master(struct snd_timer_instance *master) spin_unlock_irq(&slave_active_lock); } } + return 0; } +static int snd_timer_close_locked(struct snd_timer_instance *timeri); + /* * open a timer instance * when opening a master, the slave id must be here given. @@ -240,6 +252,7 @@ int snd_timer_open(struct snd_timer_instance **ti, { struct snd_timer *timer; struct snd_timer_instance *timeri = NULL; + int err; if (tid->dev_class == SNDRV_TIMER_CLASS_SLAVE) { /* open a slave instance */ @@ -259,10 +272,14 @@ int snd_timer_open(struct snd_timer_instance **ti, timeri->slave_id = tid->device; timeri->flags |= SNDRV_TIMER_IFLG_SLAVE; list_add_tail(&timeri->open_list, &snd_timer_slave_list); - snd_timer_check_slave(timeri); + err = snd_timer_check_slave(timeri); + if (err < 0) { + snd_timer_close_locked(timeri); + timeri = NULL; + } mutex_unlock(&register_mutex); *ti = timeri; - return 0; + return err; } /* open a master instance */ @@ -288,6 +305,10 @@ int snd_timer_open(struct snd_timer_instance **ti, return -EBUSY; } } + if (timer->num_instances >= timer->max_instances) { + mutex_unlock(&register_mutex); + return -EBUSY; + } timeri = snd_timer_instance_new(owner, timer); if (!timeri) { mutex_unlock(&register_mutex); @@ -314,25 +335,27 @@ int snd_timer_open(struct snd_timer_instance **ti, } list_add_tail(&timeri->open_list, &timer->open_list_head); - snd_timer_check_master(timeri); + timer->num_instances++; + err = snd_timer_check_master(timeri); + if (err < 0) { + snd_timer_close_locked(timeri); + timeri = NULL; + } mutex_unlock(&register_mutex); *ti = timeri; - return 0; + return err; } EXPORT_SYMBOL(snd_timer_open); /* * close a timer instance + * call this with register_mutex down. */ -int snd_timer_close(struct snd_timer_instance *timeri) +static int snd_timer_close_locked(struct snd_timer_instance *timeri) { struct snd_timer *timer = NULL; struct snd_timer_instance *slave, *tmp; - if (snd_BUG_ON(!timeri)) - return -ENXIO; - - mutex_lock(&register_mutex); list_del(&timeri->open_list); /* force to stop the timer */ @@ -340,6 +363,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) timer = timeri->timer; if (timer) { + timer->num_instances--; /* wait, until the active callback is finished */ spin_lock_irq(&timer->lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { @@ -355,6 +379,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) list_for_each_entry_safe(slave, tmp, &timeri->slave_list_head, open_list) { list_move_tail(&slave->open_list, &snd_timer_slave_list); + timer->num_instances--; slave->master = NULL; slave->timer = NULL; list_del_init(&slave->ack_list); @@ -382,9 +407,24 @@ int snd_timer_close(struct snd_timer_instance *timeri) module_put(timer->module); } - mutex_unlock(&register_mutex); return 0; } + +/* + * close a timer instance + */ +int snd_timer_close(struct snd_timer_instance *timeri) +{ + int err; + + if (snd_BUG_ON(!timeri)) + return -ENXIO; + + mutex_lock(&register_mutex); + err = snd_timer_close_locked(timeri); + mutex_unlock(&register_mutex); + return err; +} EXPORT_SYMBOL(snd_timer_close); unsigned long snd_timer_resolution(struct snd_timer_instance *timeri) @@ -856,6 +896,7 @@ int snd_timer_new(struct snd_card *card, char *id, struct snd_timer_id *tid, spin_lock_init(&timer->lock); tasklet_init(&timer->task_queue, snd_timer_tasklet, (unsigned long)timer); + timer->max_instances = 1000; /* default limit per timer */ if (card != NULL) { timer->module = card->module; err = snd_device_new(card, SNDRV_DEV_TIMER, timer, &ops);

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] Backport of ACPI GPE fixes for v4.13

by Greg KH

On Mon, Nov 06, 2017 at 12:11:36PM +0200, Mika Westerberg wrote: > Hi, > > Currently there is an issue in v4.13 where booting system with > Thunderbolt device connected causes problems. Typically the device will > not be tunneled properly and will not function as expected. > > The issue has been root caused to the way Linux initializes and handles > ACPI GPEs (General Purpose Events). In summary we enable them too late > and that results the PCI core finds upstream PCIe port of the > Thunderbolt host controller too early (it is not fully configured by the > BIOS SMI handler yet). > > This has been fixed in mainline starting from v4.14-rc1 by the following > commits: > > ecc1165b8b74 ("ACPICA: Dispatch active GPEs at init time") > 1312b7e0caca ("ACPICA: Make it possible to enable runtime GPEs earlier") > eb7f43c4adb4 ("ACPI / scan: Enable GPEs before scanning the namespace") > > In order to get Thunderbolt working even when there is a device > connected during boot, can the above 3 commits be included in stable for > v4.13? Now all queued up, thanks. greg k-h

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4/4] can: ifi: Fix transmitter delay calculation

by Marc Kleine-Budde

From: Marek Vasut <marex(a)denx.de> The CANFD transmitter delay calculation formula was updated in the latest software drop from IFI and improves the behavior of the IFI CANFD core during bitrate switching. Use the new formula to improve stability of the CANFD operation. Signed-off-by: Marek Vasut <marex(a)denx.de> Cc: Markus Marb <markus(a)marb.org> Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/ifi_canfd/ifi_canfd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/can/ifi_canfd/ifi_canfd.c b/drivers/net/can/ifi_canfd/ifi_canfd.c index 4d1fe8d95042..2772d05ff11c 100644 --- a/drivers/net/can/ifi_canfd/ifi_canfd.c +++ b/drivers/net/can/ifi_canfd/ifi_canfd.c @@ -670,9 +670,9 @@ static void ifi_canfd_set_bittiming(struct net_device *ndev) priv->base + IFI_CANFD_FTIME); /* Configure transmitter delay */ - tdc = (dbt->brp * (dbt->phase_seg1 + 1)) & IFI_CANFD_TDELAY_MASK; - writel(IFI_CANFD_TDELAY_EN | IFI_CANFD_TDELAY_ABS | tdc, - priv->base + IFI_CANFD_TDELAY); + tdc = dbt->brp * (dbt->prop_seg + dbt->phase_seg1); + tdc &= IFI_CANFD_TDELAY_MASK; + writel(IFI_CANFD_TDELAY_EN | tdc, priv->base + IFI_CANFD_TDELAY); } static void ifi_canfd_set_filter(struct net_device *ndev, const u32 id, -- 2.15.0

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH 3/4] can: peak: Add support for new PCIe/M2 CAN FD interfaces

by Marc Kleine-Budde

From: Stephane Grosjean <s.grosjean(a)peak-system.com> This adds support for the following PEAK-System CAN FD interfaces: PCAN-cPCIe FD CAN FD Interface for cPCI Serial (2 or 4 channels) PCAN-PCIe/104-Express CAN FD Interface for PCIe/104-Express (1, 2 or 4 ch.) PCAN-miniPCIe FD CAN FD Interface for PCIe Mini (1, 2 or 4 channels) PCAN-PCIe FD OEM CAN FD Interface for PCIe OEM version (1, 2 or 4 ch.) PCAN-M.2 CAN FD Interface for M.2 (1 or 2 channels) Like the PCAN-PCIe FD interface, all of these boards run the same IP Core that is able to handle CAN FD (see also http://www.peak-system.com). Signed-off-by: Stephane Grosjean <s.grosjean(a)peak-system.com> Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/peak_canfd/peak_pciefd_main.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/peak_canfd/peak_pciefd_main.c b/drivers/net/can/peak_canfd/peak_pciefd_main.c index 51c2d182a33a..b4efd711f824 100644 --- a/drivers/net/can/peak_canfd/peak_pciefd_main.c +++ b/drivers/net/can/peak_canfd/peak_pciefd_main.c @@ -29,14 +29,19 @@ #include "peak_canfd_user.h" MODULE_AUTHOR("Stephane Grosjean <s.grosjean(a)peak-system.com>"); -MODULE_DESCRIPTION("Socket-CAN driver for PEAK PCAN PCIe FD family cards"); -MODULE_SUPPORTED_DEVICE("PEAK PCAN PCIe FD CAN cards"); +MODULE_DESCRIPTION("Socket-CAN driver for PEAK PCAN PCIe/M.2 FD family cards"); +MODULE_SUPPORTED_DEVICE("PEAK PCAN PCIe/M.2 FD CAN cards"); MODULE_LICENSE("GPL v2"); #define PCIEFD_DRV_NAME "peak_pciefd" #define PEAK_PCI_VENDOR_ID 0x001c /* The PCI device and vendor IDs */ #define PEAK_PCIEFD_ID 0x0013 /* for PCIe slot cards */ +#define PCAN_CPCIEFD_ID 0x0014 /* for Compact-PCI Serial slot cards */ +#define PCAN_PCIE104FD_ID 0x0017 /* for PCIe-104 Express slot cards */ +#define PCAN_MINIPCIEFD_ID 0x0018 /* for mini-PCIe slot cards */ +#define PCAN_PCIEFD_OEM_ID 0x0019 /* for PCIe slot OEM cards */ +#define PCAN_M2_ID 0x001a /* for M2 slot cards */ /* PEAK PCIe board access description */ #define PCIEFD_BAR0_SIZE (64 * 1024) @@ -203,6 +208,11 @@ struct pciefd_board { /* supported device ids. */ static const struct pci_device_id peak_pciefd_tbl[] = { {PEAK_PCI_VENDOR_ID, PEAK_PCIEFD_ID, PCI_ANY_ID, PCI_ANY_ID,}, + {PEAK_PCI_VENDOR_ID, PCAN_CPCIEFD_ID, PCI_ANY_ID, PCI_ANY_ID,}, + {PEAK_PCI_VENDOR_ID, PCAN_PCIE104FD_ID, PCI_ANY_ID, PCI_ANY_ID,}, + {PEAK_PCI_VENDOR_ID, PCAN_MINIPCIEFD_ID, PCI_ANY_ID, PCI_ANY_ID,}, + {PEAK_PCI_VENDOR_ID, PCAN_PCIEFD_OEM_ID, PCI_ANY_ID, PCI_ANY_ID,}, + {PEAK_PCI_VENDOR_ID, PCAN_M2_ID, PCI_ANY_ID, PCI_ANY_ID,}, {0,} }; -- 2.15.0

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH 2/4] can: sun4i: handle overrun in RX FIFO

by Marc Kleine-Budde

From: Gerhard Bertelsmann <info(a)gerhard-bertelsmann.de> SUN4Is CAN IP has a 64 byte deep FIFO buffer. If the buffer is not drained fast enough (overrun) it's getting mangled. Already received frames are dropped - the data can't be restored. Signed-off-by: Gerhard Bertelsmann <info(a)gerhard-bertelsmann.de> Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/sun4i_can.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/sun4i_can.c b/drivers/net/can/sun4i_can.c index b0c80859f746..1ac2090a1721 100644 --- a/drivers/net/can/sun4i_can.c +++ b/drivers/net/can/sun4i_can.c @@ -539,6 +539,13 @@ static int sun4i_can_err(struct net_device *dev, u8 isrc, u8 status) } stats->rx_over_errors++; stats->rx_errors++; + + /* reset the CAN IP by entering reset mode + * ignoring timeout error + */ + set_reset_mode(dev); + set_normal_mode(dev); + /* clear bit */ sun4i_can_write_cmdreg(priv, SUN4I_CMD_CLEAR_OR_FLAG); } @@ -653,8 +660,9 @@ static irqreturn_t sun4i_can_interrupt(int irq, void *dev_id) netif_wake_queue(dev); can_led_event(dev, CAN_LED_EVENT_TX); } - if (isrc & SUN4I_INT_RBUF_VLD) { - /* receive interrupt */ + if ((isrc & SUN4I_INT_RBUF_VLD) && + !(isrc & SUN4I_INT_DATA_OR)) { + /* receive interrupt - don't read if overrun occurred */ while (status & SUN4I_STA_RBUF_RDY) { /* RX buffer is not empty */ sun4i_can_rx(dev); -- 2.15.0

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH 1/4] can: c_can: don't indicate triple sampling support for D_CAN

by Marc Kleine-Budde

From: Richard Schütz <rschuetz(a)uni-koblenz.de> The D_CAN controller doesn't provide a triple sampling mode, so don't set the CAN_CTRLMODE_3_SAMPLES flag in ctrlmode_supported. Currently enabling triple sampling is a no-op. Signed-off-by: Richard Schütz <rschuetz(a)uni-koblenz.de> Cc: linux-stable <stable(a)vger.kernel.org> # >= v3.6 Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/c_can/c_can_pci.c | 1 - drivers/net/can/c_can/c_can_platform.c | 1 - 2 files changed, 2 deletions(-) diff --git a/drivers/net/can/c_can/c_can_pci.c b/drivers/net/can/c_can/c_can_pci.c index cf7c18947189..d065c0e2d18e 100644 --- a/drivers/net/can/c_can/c_can_pci.c +++ b/drivers/net/can/c_can/c_can_pci.c @@ -178,7 +178,6 @@ static int c_can_pci_probe(struct pci_dev *pdev, break; case BOSCH_D_CAN: priv->regs = reg_map_d_can; - priv->can.ctrlmode_supported |= CAN_CTRLMODE_3_SAMPLES; break; default: ret = -EINVAL; diff --git a/drivers/net/can/c_can/c_can_platform.c b/drivers/net/can/c_can/c_can_platform.c index 46a746ee80bb..b5145a7f874c 100644 --- a/drivers/net/can/c_can/c_can_platform.c +++ b/drivers/net/can/c_can/c_can_platform.c @@ -320,7 +320,6 @@ static int c_can_plat_probe(struct platform_device *pdev) break; case BOSCH_D_CAN: priv->regs = reg_map_d_can; - priv->can.ctrlmode_supported |= CAN_CTRLMODE_3_SAMPLES; priv->read_reg = c_can_plat_read_reg_aligned_to_16bit; priv->write_reg = c_can_plat_write_reg_aligned_to_16bit; priv->read_reg32 = d_can_plat_read_reg32; -- 2.15.0

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] Request for stable 4.13.x inclusion: netfilter: nft_set_hash: disable fast_ops for 2-len keys

by Greg KH

On Fri, Nov 10, 2017 at 12:56:46PM +0100, Thomas Deutschmann wrote: > Hi, > > please consider to add > > > From 0414c78f14861cb704d6e6888efd53dd36e3bdde Mon Sep 17 00:00:00 2001 Just added it 5 minutes ago :) thanks, greg k-h

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "platform/x86: hp-wmi: Fix detection for dock and tablet mode" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled platform/x86: hp-wmi: Fix detection for dock and tablet mode to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: platform-x86-hp-wmi-fix-detection-for-dock-and-tablet-mode.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 298747b7579f5bbbced793d997b333fd10a24921 Mon Sep 17 00:00:00 2001 From: Carlo Caione <carlo(a)endlessm.com> Date: Sun, 9 Apr 2017 15:56:08 +0200 Subject: platform/x86: hp-wmi: Fix detection for dock and tablet mode From: Carlo Caione <carlo(a)endlessm.com> commit 298747b7579f5bbbced793d997b333fd10a24921 upstream. The current driver code is not checking for the error values returned by 'hp_wmi_dock_state()' and 'hp_wmi_tablet_state()' before passing the returned values down to 'input_report_switch()'. This error code is being translated to '1' in the input subsystem, reporting the wrong status. The biggest problem caused by this issue is that several laptops are wrongly reported by the driver as docked, preventing them to be put to sleep using the LID (and in most cases they are not even dockable). With this patch we create the report switches only if we are able to read the dock and tablet mode status correctly from ACPI. Signed-off-by: Carlo Caione <carlo(a)endlessm.com> Signed-off-by: Darren Hart (VMware) <dvhart(a)infradead.org> Cc: Philip Müller <philm(a)manjaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/platform/x86/hp-wmi.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) --- a/drivers/platform/x86/hp-wmi.c +++ b/drivers/platform/x86/hp-wmi.c @@ -572,10 +572,12 @@ static void hp_wmi_notify(u32 value, voi switch (event_id) { case HPWMI_DOCK_EVENT: - input_report_switch(hp_wmi_input_dev, SW_DOCK, - hp_wmi_dock_state()); - input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, - hp_wmi_tablet_state()); + if (test_bit(SW_DOCK, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_DOCK, + hp_wmi_dock_state()); + if (test_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, + hp_wmi_tablet_state()); input_sync(hp_wmi_input_dev); break; case HPWMI_PARK_HDD: @@ -644,6 +646,7 @@ static int __init hp_wmi_input_setup(voi { acpi_status status; int err; + int val; hp_wmi_input_dev = input_allocate_device(); if (!hp_wmi_input_dev) @@ -654,17 +657,26 @@ static int __init hp_wmi_input_setup(voi hp_wmi_input_dev->id.bustype = BUS_HOST; __set_bit(EV_SW, hp_wmi_input_dev->evbit); - __set_bit(SW_DOCK, hp_wmi_input_dev->swbit); - __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); + + /* Dock */ + val = hp_wmi_dock_state(); + if (!(val < 0)) { + __set_bit(SW_DOCK, hp_wmi_input_dev->swbit); + input_report_switch(hp_wmi_input_dev, SW_DOCK, val); + } + + /* Tablet mode */ + val = hp_wmi_tablet_state(); + if (!(val < 0)) { + __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val); + } err = sparse_keymap_setup(hp_wmi_input_dev, hp_wmi_keymap, NULL); if (err) goto err_free_dev; /* Set initial hardware state */ - input_report_switch(hp_wmi_input_dev, SW_DOCK, hp_wmi_dock_state()); - input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, - hp_wmi_tablet_state()); input_sync(hp_wmi_input_dev); if (!hp_wmi_bios_2009_later() && hp_wmi_bios_2008_later()) @@ -950,10 +962,12 @@ static int hp_wmi_resume_handler(struct * changed. */ if (hp_wmi_input_dev) { - input_report_switch(hp_wmi_input_dev, SW_DOCK, - hp_wmi_dock_state()); - input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, - hp_wmi_tablet_state()); + if (test_bit(SW_DOCK, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_DOCK, + hp_wmi_dock_state()); + if (test_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, + hp_wmi_tablet_state()); input_sync(hp_wmi_input_dev); } Patches currently in stable-queue which might be from carlo(a)endlessm.com are queue-4.9/platform-x86-hp-wmi-fix-detection-for-dock-and-tablet-mode.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KEYS: trusted: fix writing past end of buffer in trusted_read()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KEYS: trusted: fix writing past end of buffer in trusted_read() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: keys-trusted-fix-writing-past-end-of-buffer-in-trusted_read.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 2 Nov 2017 00:47:12 +0000 Subject: KEYS: trusted: fix writing past end of buffer in trusted_read() From: Eric Biggers <ebiggers(a)google.com> commit a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 upstream. When calling keyctl_read() on a key of type "trusted", if the user-supplied buffer was too small, the kernel ignored the buffer length and just wrote past the end of the buffer, potentially corrupting userspace memory. Fix it by instead returning the size required, as per the documentation for keyctl_read(). We also don't even fill the buffer at all in this case, as this is slightly easier to implement than doing a short read, and either behavior appears to be permitted. It also makes it match the behavior of the "encrypted" key type. Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Reported-by: Ben Hutchings <ben(a)decadent.org.uk> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Reviewed-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/keys/trusted.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -1147,20 +1147,21 @@ static long trusted_read(const struct ke p = rcu_dereference_key(key); if (!p) return -EINVAL; - if (!buffer || buflen <= 0) - return 2 * p->blob_len; - ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); - if (!ascii_buf) - return -ENOMEM; - bufp = ascii_buf; - for (i = 0; i < p->blob_len; i++) - bufp = hex_byte_pack(bufp, p->blob[i]); - if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { + if (buffer && buflen >= 2 * p->blob_len) { + ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); + if (!ascii_buf) + return -ENOMEM; + + bufp = ascii_buf; + for (i = 0; i < p->blob_len; i++) + bufp = hex_byte_pack(bufp, p->blob[i]); + if (copy_to_user(buffer, ascii_buf, 2 * p->blob_len) != 0) { + kzfree(ascii_buf); + return -EFAULT; + } kzfree(ascii_buf); - return -EFAULT; } - kzfree(ascii_buf); return 2 * p->blob_len; } Patches currently in stable-queue which might be from ebiggers(a)google.com are queue-4.9/keys-trusted-sanitize-all-key-material.patch queue-4.9/keys-trusted-fix-writing-past-end-of-buffer-in-trusted_read.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KEYS: trusted: sanitize all key material" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KEYS: trusted: sanitize all key material to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: keys-trusted-sanitize-all-key-material.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ee618b4619b72527aaed765f0f0b74072b281159 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 8 Jun 2017 14:49:18 +0100 Subject: KEYS: trusted: sanitize all key material From: Eric Biggers <ebiggers(a)google.com> commit ee618b4619b72527aaed765f0f0b74072b281159 upstream. As the previous patch did for encrypted-keys, zero sensitive any potentially sensitive data related to the "trusted" key type before it is freed. Notably, we were not zeroing the tpm_buf structures in which the actual key is stored for TPM seal and unseal, nor were we zeroing the trusted_key_payload in certain error paths. Cc: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Cc: David Safford <safford(a)us.ibm.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/keys/trusted.c | 50 +++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -70,7 +70,7 @@ static int TSS_sha1(const unsigned char } ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -114,7 +114,7 @@ static int TSS_rawhmac(unsigned char *di if (!ret) ret = crypto_shash_final(&sdesc->shash, digest); out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -165,7 +165,7 @@ static int TSS_authhmac(unsigned char *d paramdigest, TPM_NONCE_SIZE, h1, TPM_NONCE_SIZE, h2, 1, &c, 0, 0); out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -246,7 +246,7 @@ static int TSS_checkhmac1(unsigned char if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -347,7 +347,7 @@ static int TSS_checkhmac2(unsigned char if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -564,7 +564,7 @@ static int tpm_seal(struct tpm_buf *tb, *bloblen = storedsize; } out: - kfree(td); + kzfree(td); return ret; } @@ -678,7 +678,7 @@ static int key_seal(struct trusted_key_p if (ret < 0) pr_info("trusted_key: srkseal failed (%d)\n", ret); - kfree(tb); + kzfree(tb); return ret; } @@ -703,7 +703,7 @@ static int key_unseal(struct trusted_key /* pull migratable flag out of sealed key */ p->migratable = p->key[--p->key_len]; - kfree(tb); + kzfree(tb); return ret; } @@ -1037,12 +1037,12 @@ static int trusted_instantiate(struct ke if (!ret && options->pcrlock) ret = pcrlock(options->pcrlock); out: - kfree(datablob); - kfree(options); + kzfree(datablob); + kzfree(options); if (!ret) rcu_assign_keypointer(key, payload); else - kfree(payload); + kzfree(payload); return ret; } @@ -1051,8 +1051,7 @@ static void trusted_rcu_free(struct rcu_ struct trusted_key_payload *p; p = container_of(rcu, struct trusted_key_payload, rcu); - memset(p->key, 0, p->key_len); - kfree(p); + kzfree(p); } /* @@ -1094,13 +1093,13 @@ static int trusted_update(struct key *ke ret = datablob_parse(datablob, new_p, new_o); if (ret != Opt_update) { ret = -EINVAL; - kfree(new_p); + kzfree(new_p); goto out; } if (!new_o->keyhandle) { ret = -EINVAL; - kfree(new_p); + kzfree(new_p); goto out; } @@ -1114,22 +1113,22 @@ static int trusted_update(struct key *ke ret = key_seal(new_p, new_o); if (ret < 0) { pr_info("trusted_key: key_seal failed (%d)\n", ret); - kfree(new_p); + kzfree(new_p); goto out; } if (new_o->pcrlock) { ret = pcrlock(new_o->pcrlock); if (ret < 0) { pr_info("trusted_key: pcrlock failed (%d)\n", ret); - kfree(new_p); + kzfree(new_p); goto out; } } rcu_assign_keypointer(key, new_p); call_rcu(&p->rcu, trusted_rcu_free); out: - kfree(datablob); - kfree(new_o); + kzfree(datablob); + kzfree(new_o); return ret; } @@ -1158,24 +1157,19 @@ static long trusted_read(const struct ke for (i = 0; i < p->blob_len; i++) bufp = hex_byte_pack(bufp, p->blob[i]); if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { - kfree(ascii_buf); + kzfree(ascii_buf); return -EFAULT; } - kfree(ascii_buf); + kzfree(ascii_buf); return 2 * p->blob_len; } /* - * trusted_destroy - before freeing the key, clear the decrypted data + * trusted_destroy - clear and free the key's payload */ static void trusted_destroy(struct key *key) { - struct trusted_key_payload *p = key->payload.data[0]; - - if (!p) - return; - memset(p->key, 0, p->key_len); - kfree(key->payload.data[0]); + kzfree(key->payload.data[0]); } struct key_type key_type_trusted = { Patches currently in stable-queue which might be from ebiggers(a)google.com are queue-4.9/keys-trusted-sanitize-all-key-material.patch queue-4.9/keys-trusted-fix-writing-past-end-of-buffer-in-trusted_read.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "cdc_ncm: Set NTB format again after altsetting switch for Huawei devices" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc_ncm: Set NTB format again after altsetting switch for Huawei devices to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cdc_ncm-set-ntb-format-again-after-altsetting-switch-for-huawei-devices.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 2b02c20ce0c28974b44e69a2e2f5ddc6a470ad6f Mon Sep 17 00:00:00 2001 From: Enrico Mioso <mrkiko.rs(a)gmail.com> Date: Tue, 11 Jul 2017 17:21:52 +0200 Subject: cdc_ncm: Set NTB format again after altsetting switch for Huawei devices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Enrico Mioso <mrkiko.rs(a)gmail.com> commit 2b02c20ce0c28974b44e69a2e2f5ddc6a470ad6f upstream. Some firmwares in Huawei E3372H devices have been observed to switch back to NTB 32-bit format after altsetting switch. This patch implements a driver flag to check for the device settings and set NTB format to 16-bit again if needed. The flag has been activated for devices controlled by the huawei_cdc_ncm.c driver. V1->V2: - fixed broken error checks - some corrections to the commit message V2->V3: - variable name changes, to clarify what's happening - check (and possibly set) the NTB format later in the common bind code path Signed-off-by: Enrico Mioso <mrkiko.rs(a)gmail.com> Reported-and-tested-by: Christian Panton <christian(a)panton.org> Reviewed-by: Bjørn Mork <bjorn(a)mork.no> CC: Bjørn Mork <bjorn(a)mork.no> CC: Christian Panton <christian(a)panton.org> CC: linux-usb(a)vger.kernel.org CC: netdev(a)vger.kernel.org CC: Oliver Neukum <oliver(a)neukum.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Cc: Porto Rio <porto.rio(a)gmx.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/usb/cdc_ncm.c | 28 ++++++++++++++++++++++++++++ drivers/net/usb/huawei_cdc_ncm.c | 6 ++++++ include/linux/usb/cdc_ncm.h | 1 + 3 files changed, 35 insertions(+) --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -769,8 +769,10 @@ int cdc_ncm_bind_common(struct usbnet *d u8 *buf; int len; int temp; + int err; u8 iface_no; struct usb_cdc_parsed_header hdr; + u16 curr_ntb_format; ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) @@ -875,6 +877,32 @@ int cdc_ncm_bind_common(struct usbnet *d goto error2; } + /* + * Some Huawei devices have been observed to come out of reset in NDP32 mode. + * Let's check if this is the case, and set the device to NDP16 mode again if + * needed. + */ + if (ctx->drvflags & CDC_NCM_FLAG_RESET_NTB16) { + err = usbnet_read_cmd(dev, USB_CDC_GET_NTB_FORMAT, + USB_TYPE_CLASS | USB_DIR_IN | USB_RECIP_INTERFACE, + 0, iface_no, &curr_ntb_format, 2); + if (err < 0) { + goto error2; + } + + if (curr_ntb_format == USB_CDC_NCM_NTB32_FORMAT) { + dev_info(&intf->dev, "resetting NTB format to 16-bit"); + err = usbnet_write_cmd(dev, USB_CDC_SET_NTB_FORMAT, + USB_TYPE_CLASS | USB_DIR_OUT + | USB_RECIP_INTERFACE, + USB_CDC_NCM_NTB16_FORMAT, + iface_no, NULL, 0); + + if (err < 0) + goto error2; + } + } + cdc_ncm_find_endpoints(dev, ctx->data); cdc_ncm_find_endpoints(dev, ctx->control); if (!dev->in || !dev->out || !dev->status) { --- a/drivers/net/usb/huawei_cdc_ncm.c +++ b/drivers/net/usb/huawei_cdc_ncm.c @@ -80,6 +80,12 @@ static int huawei_cdc_ncm_bind(struct us * be at the end of the frame. */ drvflags |= CDC_NCM_FLAG_NDP_TO_END; + + /* Additionally, it has been reported that some Huawei E3372H devices, with + * firmware version 21.318.01.00.541, come out of reset in NTB32 format mode, hence + * needing to be set to the NTB16 one again. + */ + drvflags |= CDC_NCM_FLAG_RESET_NTB16; ret = cdc_ncm_bind_common(usbnet_dev, intf, 1, drvflags); if (ret) goto err; --- a/include/linux/usb/cdc_ncm.h +++ b/include/linux/usb/cdc_ncm.h @@ -83,6 +83,7 @@ /* Driver flags */ #define CDC_NCM_FLAG_NDP_TO_END 0x02 /* NDP is placed at end of frame */ #define CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE 0x04 /* Avoid altsetting toggle during init */ +#define CDC_NCM_FLAG_RESET_NTB16 0x08 /* set NDP16 one more time after altsetting switch */ #define cdc_ncm_comm_intf_is_mbim(x) ((x)->desc.bInterfaceSubClass == USB_CDC_SUBCLASS_MBIM && \ (x)->desc.bInterfaceProtocol == USB_CDC_PROTO_NONE) Patches currently in stable-queue which might be from mrkiko.rs(a)gmail.com are queue-4.9/cdc_ncm-set-ntb-format-again-after-altsetting-switch-for-huawei-devices.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KEYS: trusted: sanitize all key material" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KEYS: trusted: sanitize all key material to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: keys-trusted-sanitize-all-key-material.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ee618b4619b72527aaed765f0f0b74072b281159 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 8 Jun 2017 14:49:18 +0100 Subject: KEYS: trusted: sanitize all key material From: Eric Biggers <ebiggers(a)google.com> commit ee618b4619b72527aaed765f0f0b74072b281159 upstream. As the previous patch did for encrypted-keys, zero sensitive any potentially sensitive data related to the "trusted" key type before it is freed. Notably, we were not zeroing the tpm_buf structures in which the actual key is stored for TPM seal and unseal, nor were we zeroing the trusted_key_payload in certain error paths. Cc: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Cc: David Safford <safford(a)us.ibm.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/keys/trusted.c | 50 +++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -69,7 +69,7 @@ static int TSS_sha1(const unsigned char } ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -113,7 +113,7 @@ static int TSS_rawhmac(unsigned char *di if (!ret) ret = crypto_shash_final(&sdesc->shash, digest); out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -164,7 +164,7 @@ static int TSS_authhmac(unsigned char *d paramdigest, TPM_NONCE_SIZE, h1, TPM_NONCE_SIZE, h2, 1, &c, 0, 0); out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -245,7 +245,7 @@ static int TSS_checkhmac1(unsigned char if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -346,7 +346,7 @@ static int TSS_checkhmac2(unsigned char if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -563,7 +563,7 @@ static int tpm_seal(struct tpm_buf *tb, *bloblen = storedsize; } out: - kfree(td); + kzfree(td); return ret; } @@ -677,7 +677,7 @@ static int key_seal(struct trusted_key_p if (ret < 0) pr_info("trusted_key: srkseal failed (%d)\n", ret); - kfree(tb); + kzfree(tb); return ret; } @@ -702,7 +702,7 @@ static int key_unseal(struct trusted_key /* pull migratable flag out of sealed key */ p->migratable = p->key[--p->key_len]; - kfree(tb); + kzfree(tb); return ret; } @@ -984,12 +984,12 @@ static int trusted_instantiate(struct ke if (!ret && options->pcrlock) ret = pcrlock(options->pcrlock); out: - kfree(datablob); - kfree(options); + kzfree(datablob); + kzfree(options); if (!ret) rcu_assign_keypointer(key, payload); else - kfree(payload); + kzfree(payload); return ret; } @@ -998,8 +998,7 @@ static void trusted_rcu_free(struct rcu_ struct trusted_key_payload *p; p = container_of(rcu, struct trusted_key_payload, rcu); - memset(p->key, 0, p->key_len); - kfree(p); + kzfree(p); } /* @@ -1041,13 +1040,13 @@ static int trusted_update(struct key *ke ret = datablob_parse(datablob, new_p, new_o); if (ret != Opt_update) { ret = -EINVAL; - kfree(new_p); + kzfree(new_p); goto out; } if (!new_o->keyhandle) { ret = -EINVAL; - kfree(new_p); + kzfree(new_p); goto out; } @@ -1061,22 +1060,22 @@ static int trusted_update(struct key *ke ret = key_seal(new_p, new_o); if (ret < 0) { pr_info("trusted_key: key_seal failed (%d)\n", ret); - kfree(new_p); + kzfree(new_p); goto out; } if (new_o->pcrlock) { ret = pcrlock(new_o->pcrlock); if (ret < 0) { pr_info("trusted_key: pcrlock failed (%d)\n", ret); - kfree(new_p); + kzfree(new_p); goto out; } } rcu_assign_keypointer(key, new_p); call_rcu(&p->rcu, trusted_rcu_free); out: - kfree(datablob); - kfree(new_o); + kzfree(datablob); + kzfree(new_o); return ret; } @@ -1105,24 +1104,19 @@ static long trusted_read(const struct ke for (i = 0; i < p->blob_len; i++) bufp = hex_byte_pack(bufp, p->blob[i]); if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { - kfree(ascii_buf); + kzfree(ascii_buf); return -EFAULT; } - kfree(ascii_buf); + kzfree(ascii_buf); return 2 * p->blob_len; } /* - * trusted_destroy - before freeing the key, clear the decrypted data + * trusted_destroy - clear and free the key's payload */ static void trusted_destroy(struct key *key) { - struct trusted_key_payload *p = key->payload.data[0]; - - if (!p) - return; - memset(p->key, 0, p->key_len); - kfree(key->payload.data[0]); + kzfree(key->payload.data[0]); } struct key_type key_type_trusted = { Patches currently in stable-queue which might be from ebiggers(a)google.com are queue-4.4/keys-trusted-sanitize-all-key-material.patch queue-4.4/keys-trusted-fix-writing-past-end-of-buffer-in-trusted_read.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "platform/x86: hp-wmi: Fix detection for dock and tablet mode" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled platform/x86: hp-wmi: Fix detection for dock and tablet mode to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: platform-x86-hp-wmi-fix-detection-for-dock-and-tablet-mode.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 298747b7579f5bbbced793d997b333fd10a24921 Mon Sep 17 00:00:00 2001 From: Carlo Caione <carlo(a)endlessm.com> Date: Sun, 9 Apr 2017 15:56:08 +0200 Subject: platform/x86: hp-wmi: Fix detection for dock and tablet mode From: Carlo Caione <carlo(a)endlessm.com> commit 298747b7579f5bbbced793d997b333fd10a24921 upstream. The current driver code is not checking for the error values returned by 'hp_wmi_dock_state()' and 'hp_wmi_tablet_state()' before passing the returned values down to 'input_report_switch()'. This error code is being translated to '1' in the input subsystem, reporting the wrong status. The biggest problem caused by this issue is that several laptops are wrongly reported by the driver as docked, preventing them to be put to sleep using the LID (and in most cases they are not even dockable). With this patch we create the report switches only if we are able to read the dock and tablet mode status correctly from ACPI. Signed-off-by: Carlo Caione <carlo(a)endlessm.com> Signed-off-by: Darren Hart (VMware) <dvhart(a)infradead.org> Cc: Philip Müller <philm(a)manjaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/platform/x86/hp-wmi.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) --- a/drivers/platform/x86/hp-wmi.c +++ b/drivers/platform/x86/hp-wmi.c @@ -573,10 +573,12 @@ static void hp_wmi_notify(u32 value, voi switch (event_id) { case HPWMI_DOCK_EVENT: - input_report_switch(hp_wmi_input_dev, SW_DOCK, - hp_wmi_dock_state()); - input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, - hp_wmi_tablet_state()); + if (test_bit(SW_DOCK, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_DOCK, + hp_wmi_dock_state()); + if (test_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, + hp_wmi_tablet_state()); input_sync(hp_wmi_input_dev); break; case HPWMI_PARK_HDD: @@ -649,6 +651,7 @@ static int __init hp_wmi_input_setup(voi { acpi_status status; int err; + int val; hp_wmi_input_dev = input_allocate_device(); if (!hp_wmi_input_dev) @@ -659,17 +662,26 @@ static int __init hp_wmi_input_setup(voi hp_wmi_input_dev->id.bustype = BUS_HOST; __set_bit(EV_SW, hp_wmi_input_dev->evbit); - __set_bit(SW_DOCK, hp_wmi_input_dev->swbit); - __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); + + /* Dock */ + val = hp_wmi_dock_state(); + if (!(val < 0)) { + __set_bit(SW_DOCK, hp_wmi_input_dev->swbit); + input_report_switch(hp_wmi_input_dev, SW_DOCK, val); + } + + /* Tablet mode */ + val = hp_wmi_tablet_state(); + if (!(val < 0)) { + __set_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit); + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, val); + } err = sparse_keymap_setup(hp_wmi_input_dev, hp_wmi_keymap, NULL); if (err) goto err_free_dev; /* Set initial hardware state */ - input_report_switch(hp_wmi_input_dev, SW_DOCK, hp_wmi_dock_state()); - input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, - hp_wmi_tablet_state()); input_sync(hp_wmi_input_dev); if (!hp_wmi_bios_2009_later() && hp_wmi_bios_2008_later()) @@ -982,10 +994,12 @@ static int hp_wmi_resume_handler(struct * changed. */ if (hp_wmi_input_dev) { - input_report_switch(hp_wmi_input_dev, SW_DOCK, - hp_wmi_dock_state()); - input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, - hp_wmi_tablet_state()); + if (test_bit(SW_DOCK, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_DOCK, + hp_wmi_dock_state()); + if (test_bit(SW_TABLET_MODE, hp_wmi_input_dev->swbit)) + input_report_switch(hp_wmi_input_dev, SW_TABLET_MODE, + hp_wmi_tablet_state()); input_sync(hp_wmi_input_dev); } Patches currently in stable-queue which might be from carlo(a)endlessm.com are queue-4.4/platform-x86-hp-wmi-fix-detection-for-dock-and-tablet-mode.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "cdc_ncm: Set NTB format again after altsetting switch for Huawei devices" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc_ncm: Set NTB format again after altsetting switch for Huawei devices to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cdc_ncm-set-ntb-format-again-after-altsetting-switch-for-huawei-devices.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 2b02c20ce0c28974b44e69a2e2f5ddc6a470ad6f Mon Sep 17 00:00:00 2001 From: Enrico Mioso <mrkiko.rs(a)gmail.com> Date: Tue, 11 Jul 2017 17:21:52 +0200 Subject: cdc_ncm: Set NTB format again after altsetting switch for Huawei devices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Enrico Mioso <mrkiko.rs(a)gmail.com> commit 2b02c20ce0c28974b44e69a2e2f5ddc6a470ad6f upstream. Some firmwares in Huawei E3372H devices have been observed to switch back to NTB 32-bit format after altsetting switch. This patch implements a driver flag to check for the device settings and set NTB format to 16-bit again if needed. The flag has been activated for devices controlled by the huawei_cdc_ncm.c driver. V1->V2: - fixed broken error checks - some corrections to the commit message V2->V3: - variable name changes, to clarify what's happening - check (and possibly set) the NTB format later in the common bind code path Signed-off-by: Enrico Mioso <mrkiko.rs(a)gmail.com> Reported-and-tested-by: Christian Panton <christian(a)panton.org> Reviewed-by: Bjørn Mork <bjorn(a)mork.no> CC: Bjørn Mork <bjorn(a)mork.no> CC: Christian Panton <christian(a)panton.org> CC: linux-usb(a)vger.kernel.org CC: netdev(a)vger.kernel.org CC: Oliver Neukum <oliver(a)neukum.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Cc: Porto Rio <porto.rio(a)gmx.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/usb/cdc_ncm.c | 28 ++++++++++++++++++++++++++++ drivers/net/usb/huawei_cdc_ncm.c | 6 ++++++ include/linux/usb/cdc_ncm.h | 1 + 3 files changed, 35 insertions(+) --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -724,8 +724,10 @@ int cdc_ncm_bind_common(struct usbnet *d u8 *buf; int len; int temp; + int err; u8 iface_no; struct usb_cdc_parsed_header hdr; + u16 curr_ntb_format; ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); if (!ctx) @@ -823,6 +825,32 @@ int cdc_ncm_bind_common(struct usbnet *d goto error2; } + /* + * Some Huawei devices have been observed to come out of reset in NDP32 mode. + * Let's check if this is the case, and set the device to NDP16 mode again if + * needed. + */ + if (ctx->drvflags & CDC_NCM_FLAG_RESET_NTB16) { + err = usbnet_read_cmd(dev, USB_CDC_GET_NTB_FORMAT, + USB_TYPE_CLASS | USB_DIR_IN | USB_RECIP_INTERFACE, + 0, iface_no, &curr_ntb_format, 2); + if (err < 0) { + goto error2; + } + + if (curr_ntb_format == USB_CDC_NCM_NTB32_FORMAT) { + dev_info(&intf->dev, "resetting NTB format to 16-bit"); + err = usbnet_write_cmd(dev, USB_CDC_SET_NTB_FORMAT, + USB_TYPE_CLASS | USB_DIR_OUT + | USB_RECIP_INTERFACE, + USB_CDC_NCM_NTB16_FORMAT, + iface_no, NULL, 0); + + if (err < 0) + goto error2; + } + } + cdc_ncm_find_endpoints(dev, ctx->data); cdc_ncm_find_endpoints(dev, ctx->control); if (!dev->in || !dev->out || !dev->status) { --- a/drivers/net/usb/huawei_cdc_ncm.c +++ b/drivers/net/usb/huawei_cdc_ncm.c @@ -80,6 +80,12 @@ static int huawei_cdc_ncm_bind(struct us * be at the end of the frame. */ drvflags |= CDC_NCM_FLAG_NDP_TO_END; + + /* Additionally, it has been reported that some Huawei E3372H devices, with + * firmware version 21.318.01.00.541, come out of reset in NTB32 format mode, hence + * needing to be set to the NTB16 one again. + */ + drvflags |= CDC_NCM_FLAG_RESET_NTB16; ret = cdc_ncm_bind_common(usbnet_dev, intf, 1, drvflags); if (ret) goto err; --- a/include/linux/usb/cdc_ncm.h +++ b/include/linux/usb/cdc_ncm.h @@ -82,6 +82,7 @@ /* Driver flags */ #define CDC_NCM_FLAG_NDP_TO_END 0x02 /* NDP is placed at end of frame */ +#define CDC_NCM_FLAG_RESET_NTB16 0x08 /* set NDP16 one more time after altsetting switch */ #define cdc_ncm_comm_intf_is_mbim(x) ((x)->desc.bInterfaceSubClass == USB_CDC_SUBCLASS_MBIM && \ (x)->desc.bInterfaceProtocol == USB_CDC_PROTO_NONE) Patches currently in stable-queue which might be from mrkiko.rs(a)gmail.com are queue-4.4/cdc_ncm-set-ntb-format-again-after-altsetting-switch-for-huawei-devices.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KEYS: trusted: fix writing past end of buffer in trusted_read()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KEYS: trusted: fix writing past end of buffer in trusted_read() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: keys-trusted-fix-writing-past-end-of-buffer-in-trusted_read.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 2 Nov 2017 00:47:12 +0000 Subject: KEYS: trusted: fix writing past end of buffer in trusted_read() From: Eric Biggers <ebiggers(a)google.com> commit a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 upstream. When calling keyctl_read() on a key of type "trusted", if the user-supplied buffer was too small, the kernel ignored the buffer length and just wrote past the end of the buffer, potentially corrupting userspace memory. Fix it by instead returning the size required, as per the documentation for keyctl_read(). We also don't even fill the buffer at all in this case, as this is slightly easier to implement than doing a short read, and either behavior appears to be permitted. It also makes it match the behavior of the "encrypted" key type. Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Reported-by: Ben Hutchings <ben(a)decadent.org.uk> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Reviewed-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/keys/trusted.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -1094,20 +1094,21 @@ static long trusted_read(const struct ke p = rcu_dereference_key(key); if (!p) return -EINVAL; - if (!buffer || buflen <= 0) - return 2 * p->blob_len; - ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); - if (!ascii_buf) - return -ENOMEM; - bufp = ascii_buf; - for (i = 0; i < p->blob_len; i++) - bufp = hex_byte_pack(bufp, p->blob[i]); - if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { + if (buffer && buflen >= 2 * p->blob_len) { + ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); + if (!ascii_buf) + return -ENOMEM; + + bufp = ascii_buf; + for (i = 0; i < p->blob_len; i++) + bufp = hex_byte_pack(bufp, p->blob[i]); + if (copy_to_user(buffer, ascii_buf, 2 * p->blob_len) != 0) { + kzfree(ascii_buf); + return -EFAULT; + } kzfree(ascii_buf); - return -EFAULT; } - kzfree(ascii_buf); return 2 * p->blob_len; } Patches currently in stable-queue which might be from ebiggers(a)google.com are queue-4.4/keys-trusted-sanitize-all-key-material.patch queue-4.4/keys-trusted-fix-writing-past-end-of-buffer-in-trusted_read.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "netfilter: nft_set_hash: disable fast_ops for 2-len keys" has been added to the 4.13-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nft_set_hash: disable fast_ops for 2-len keys to the 4.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nft_set_hash-disable-fast_ops-for-2-len-keys.patch and it can be found in the queue-4.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 0414c78f14861cb704d6e6888efd53dd36e3bdde Mon Sep 17 00:00:00 2001 From: Anatole Denis <anatole(a)rezel.net> Date: Wed, 4 Oct 2017 01:17:14 +0100 Subject: netfilter: nft_set_hash: disable fast_ops for 2-len keys From: Anatole Denis <anatole(a)rezel.net> commit 0414c78f14861cb704d6e6888efd53dd36e3bdde upstream. jhash_1word of a u16 is a different value from jhash of the same u16 with length 2. Since elements are always inserted in sets using jhash over the actual klen, this would lead to incorrect lookups on fixed-size sets with a key length of 2, as they would be inserted with hash value jhash(key, 2) and looked up with hash value jhash_1word(key), which is different. Example reproducer(v4.13+), using anonymous sets which always have a fixed size: table inet t { chain c { type filter hook output priority 0; policy accept; tcp dport { 10001, 10003, 10005, 10007, 10009 } counter packets 4 bytes 240 reject tcp dport 10001 counter packets 4 bytes 240 reject tcp dport 10003 counter packets 4 bytes 240 reject tcp dport 10005 counter packets 4 bytes 240 reject tcp dport 10007 counter packets 0 bytes 0 reject tcp dport 10009 counter packets 4 bytes 240 reject } } then use nc -z localhost <port> to probe; incorrectly hashed ports will pass through the set lookup and increment the counter of an individual rule. jhash being seeded with a random value, it is not deterministic which ports will incorrectly hash, but in testing with 5 ports in the set I always had 4 or 5 with an incorrect hash value. Signed-off-by: Anatole Denis <anatole(a)rezel.net> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/nft_set_hash.c | 1 - 1 file changed, 1 deletion(-) --- a/net/netfilter/nft_set_hash.c +++ b/net/netfilter/nft_set_hash.c @@ -643,7 +643,6 @@ nft_hash_select_ops(const struct nft_ctx { if (desc->size) { switch (desc->klen) { - case 2: case 4: return &nft_hash_fast_ops; default: Patches currently in stable-queue which might be from anatole(a)rezel.net are queue-4.13/netfilter-nft_set_hash-disable-fast_ops-for-2-len-keys.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable"" has been added to the 4.13-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" to the 4.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nat-revert-netfilter-nat-convert-nat-bysrc-hash-to-rhashtable.patch and it can be found in the queue-4.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e1bf1687740ce1a3598a1c5e452b852ff2190682 Mon Sep 17 00:00:00 2001 From: Florian Westphal <fw(a)strlen.de> Date: Wed, 6 Sep 2017 14:39:51 +0200 Subject: netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" From: Florian Westphal <fw(a)strlen.de> commit e1bf1687740ce1a3598a1c5e452b852ff2190682 upstream. This reverts commit 870190a9ec9075205c0fa795a09fa931694a3ff1. It was not a good idea. The custom hash table was a much better fit for this purpose. A fast lookup is not essential, in fact for most cases there is no lookup at all because original tuple is not taken and can be used as-is. What needs to be fast is insertion and deletion. rhlist removal however requires a rhlist walk. We can have thousands of entries in such a list if source port/addresses are reused for multiple flows, if this happens removal requests are so expensive that deletions of a few thousand flows can take several seconds(!). The advantages that we got from rhashtable are: 1) table auto-sizing 2) multiple locks 1) would be nice to have, but it is not essential as we have at most one lookup per new flow, so even a million flows in the bysource table are not a problem compared to current deletion cost. 2) is easy to add to custom hash table. I tried to add hlist_node to rhlist to speed up rhltable_remove but this isn't doable without changing semantics. rhltable_remove_fast will check that the to-be-deleted object is part of the table and that requires a list walk that we want to avoid. Furthermore, using hlist_node increases size of struct rhlist_head, which in turn increases nf_conn size. Link: https://bugzilla.kernel.org/show_bug.cgi?id=196821 Reported-by: Ivan Babrou <ibobrik(a)gmail.com> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/net/netfilter/nf_conntrack.h | 3 include/net/netfilter/nf_nat.h | 1 net/netfilter/nf_nat_core.c | 128 ++++++++++++++--------------------- 3 files changed, 53 insertions(+), 79 deletions(-) --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -17,7 +17,6 @@ #include <linux/bitops.h> #include <linux/compiler.h> #include <linux/atomic.h> -#include <linux/rhashtable.h> #include <linux/netfilter/nf_conntrack_tcp.h> #include <linux/netfilter/nf_conntrack_dccp.h> @@ -83,7 +82,7 @@ struct nf_conn { possible_net_t ct_net; #if IS_ENABLED(CONFIG_NF_NAT) - struct rhlist_head nat_bysource; + struct hlist_node nat_bysource; #endif /* all members below initialized via memset */ u8 __nfct_init_offset[0]; --- a/include/net/netfilter/nf_nat.h +++ b/include/net/netfilter/nf_nat.h @@ -1,6 +1,5 @@ #ifndef _NF_NAT_H #define _NF_NAT_H -#include <linux/rhashtable.h> #include <linux/netfilter_ipv4.h> #include <linux/netfilter/nf_nat.h> #include <net/netfilter/nf_conntrack_tuple.h> --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c @@ -30,19 +30,17 @@ #include <net/netfilter/nf_conntrack_zones.h> #include <linux/netfilter/nf_nat.h> +static DEFINE_SPINLOCK(nf_nat_lock); + static DEFINE_MUTEX(nf_nat_proto_mutex); static const struct nf_nat_l3proto __rcu *nf_nat_l3protos[NFPROTO_NUMPROTO] __read_mostly; static const struct nf_nat_l4proto __rcu **nf_nat_l4protos[NFPROTO_NUMPROTO] __read_mostly; -struct nf_nat_conn_key { - const struct net *net; - const struct nf_conntrack_tuple *tuple; - const struct nf_conntrack_zone *zone; -}; - -static struct rhltable nf_nat_bysource_table; +static struct hlist_head *nf_nat_bysource __read_mostly; +static unsigned int nf_nat_htable_size __read_mostly; +static unsigned int nf_nat_hash_rnd __read_mostly; inline const struct nf_nat_l3proto * __nf_nat_l3proto_find(u8 family) @@ -118,17 +116,19 @@ int nf_xfrm_me_harder(struct net *net, s EXPORT_SYMBOL(nf_xfrm_me_harder); #endif /* CONFIG_XFRM */ -static u32 nf_nat_bysource_hash(const void *data, u32 len, u32 seed) +/* We keep an extra hash for each conntrack, for fast searching. */ +static unsigned int +hash_by_src(const struct net *n, const struct nf_conntrack_tuple *tuple) { - const struct nf_conntrack_tuple *t; - const struct nf_conn *ct = data; + unsigned int hash; + + get_random_once(&nf_nat_hash_rnd, sizeof(nf_nat_hash_rnd)); - t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; /* Original src, to ensure we map it consistently if poss. */ + hash = jhash2((u32 *)&tuple->src, sizeof(tuple->src) / sizeof(u32), + tuple->dst.protonum ^ nf_nat_hash_rnd ^ net_hash_mix(n)); - seed ^= net_hash_mix(nf_ct_net(ct)); - return jhash2((const u32 *)&t->src, sizeof(t->src) / sizeof(u32), - t->dst.protonum ^ seed); + return reciprocal_scale(hash, nf_nat_htable_size); } /* Is this tuple already taken? (not by us) */ @@ -184,28 +184,6 @@ same_src(const struct nf_conn *ct, t->src.u.all == tuple->src.u.all); } -static int nf_nat_bysource_cmp(struct rhashtable_compare_arg *arg, - const void *obj) -{ - const struct nf_nat_conn_key *key = arg->key; - const struct nf_conn *ct = obj; - - if (!same_src(ct, key->tuple) || - !net_eq(nf_ct_net(ct), key->net) || - !nf_ct_zone_equal(ct, key->zone, IP_CT_DIR_ORIGINAL)) - return 1; - - return 0; -} - -static struct rhashtable_params nf_nat_bysource_params = { - .head_offset = offsetof(struct nf_conn, nat_bysource), - .obj_hashfn = nf_nat_bysource_hash, - .obj_cmpfn = nf_nat_bysource_cmp, - .nelem_hint = 256, - .min_size = 1024, -}; - /* Only called for SRC manip */ static int find_appropriate_src(struct net *net, @@ -216,26 +194,22 @@ find_appropriate_src(struct net *net, struct nf_conntrack_tuple *result, const struct nf_nat_range *range) { + unsigned int h = hash_by_src(net, tuple); const struct nf_conn *ct; - struct nf_nat_conn_key key = { - .net = net, - .tuple = tuple, - .zone = zone - }; - struct rhlist_head *hl, *h; - - hl = rhltable_lookup(&nf_nat_bysource_table, &key, - nf_nat_bysource_params); - rhl_for_each_entry_rcu(ct, h, hl, nat_bysource) { - nf_ct_invert_tuplepr(result, - &ct->tuplehash[IP_CT_DIR_REPLY].tuple); - result->dst = tuple->dst; + hlist_for_each_entry_rcu(ct, &nf_nat_bysource[h], nat_bysource) { + if (same_src(ct, tuple) && + net_eq(net, nf_ct_net(ct)) && + nf_ct_zone_equal(ct, zone, IP_CT_DIR_ORIGINAL)) { + /* Copy source part from reply tuple. */ + nf_ct_invert_tuplepr(result, + &ct->tuplehash[IP_CT_DIR_REPLY].tuple); + result->dst = tuple->dst; - if (in_range(l3proto, l4proto, result, range)) - return 1; + if (in_range(l3proto, l4proto, result, range)) + return 1; + } } - return 0; } @@ -408,6 +382,7 @@ nf_nat_setup_info(struct nf_conn *ct, const struct nf_nat_range *range, enum nf_nat_manip_type maniptype) { + struct net *net = nf_ct_net(ct); struct nf_conntrack_tuple curr_tuple, new_tuple; /* Can't setup nat info for confirmed ct. */ @@ -447,19 +422,14 @@ nf_nat_setup_info(struct nf_conn *ct, } if (maniptype == NF_NAT_MANIP_SRC) { - struct nf_nat_conn_key key = { - .net = nf_ct_net(ct), - .tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, - .zone = nf_ct_zone(ct), - }; - int err; - - err = rhltable_insert_key(&nf_nat_bysource_table, - &key, - &ct->nat_bysource, - nf_nat_bysource_params); - if (err) - return NF_DROP; + unsigned int srchash; + + srchash = hash_by_src(net, + &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); + spin_lock_bh(&nf_nat_lock); + hlist_add_head_rcu(&ct->nat_bysource, + &nf_nat_bysource[srchash]); + spin_unlock_bh(&nf_nat_lock); } /* It's done. */ @@ -568,8 +538,9 @@ static int nf_nat_proto_clean(struct nf_ * will delete entry from already-freed table. */ clear_bit(IPS_SRC_NAT_DONE_BIT, &ct->status); - rhltable_remove(&nf_nat_bysource_table, &ct->nat_bysource, - nf_nat_bysource_params); + spin_lock_bh(&nf_nat_lock); + hlist_del_rcu(&ct->nat_bysource); + spin_unlock_bh(&nf_nat_lock); /* don't delete conntrack. Although that would make things a lot * simpler, we'd end up flushing all conntracks on nat rmmod. @@ -697,9 +668,11 @@ EXPORT_SYMBOL_GPL(nf_nat_l3proto_unregis /* No one using conntrack by the time this called. */ static void nf_nat_cleanup_conntrack(struct nf_conn *ct) { - if (ct->status & IPS_SRC_NAT_DONE) - rhltable_remove(&nf_nat_bysource_table, &ct->nat_bysource, - nf_nat_bysource_params); + if (ct->status & IPS_SRC_NAT_DONE) { + spin_lock_bh(&nf_nat_lock); + hlist_del_rcu(&ct->nat_bysource); + spin_unlock_bh(&nf_nat_lock); + } } static struct nf_ct_ext_type nat_extend __read_mostly = { @@ -823,13 +796,16 @@ static int __init nf_nat_init(void) { int ret; - ret = rhltable_init(&nf_nat_bysource_table, &nf_nat_bysource_params); - if (ret) - return ret; + /* Leave them the same for the moment. */ + nf_nat_htable_size = nf_conntrack_htable_size; + + nf_nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, 0); + if (!nf_nat_bysource) + return -ENOMEM; ret = nf_ct_extend_register(&nat_extend); if (ret < 0) { - rhltable_destroy(&nf_nat_bysource_table); + nf_ct_free_hashtable(nf_nat_bysource, nf_nat_htable_size); printk(KERN_ERR "nf_nat_core: Unable to register extension\n"); return ret; } @@ -863,8 +839,8 @@ static void __exit nf_nat_cleanup(void) for (i = 0; i < NFPROTO_NUMPROTO; i++) kfree(nf_nat_l4protos[i]); - - rhltable_destroy(&nf_nat_bysource_table); + synchronize_net(); + nf_ct_free_hashtable(nf_nat_bysource, nf_nat_htable_size); } MODULE_LICENSE("GPL"); Patches currently in stable-queue which might be from fw(a)strlen.de are queue-4.13/netfilter-nat-revert-netfilter-nat-convert-nat-bysrc-hash-to-rhashtable.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KEYS: trusted: sanitize all key material" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KEYS: trusted: sanitize all key material to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: keys-trusted-sanitize-all-key-material.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ee618b4619b72527aaed765f0f0b74072b281159 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 8 Jun 2017 14:49:18 +0100 Subject: KEYS: trusted: sanitize all key material From: Eric Biggers <ebiggers(a)google.com> commit ee618b4619b72527aaed765f0f0b74072b281159 upstream. As the previous patch did for encrypted-keys, zero sensitive any potentially sensitive data related to the "trusted" key type before it is freed. Notably, we were not zeroing the tpm_buf structures in which the actual key is stored for TPM seal and unseal, nor were we zeroing the trusted_key_payload in certain error paths. Cc: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Cc: David Safford <safford(a)us.ibm.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/keys/trusted.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -69,7 +69,7 @@ static int TSS_sha1(const unsigned char } ret = crypto_shash_digest(&sdesc->shash, data, datalen, digest); - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -113,7 +113,7 @@ static int TSS_rawhmac(unsigned char *di if (!ret) ret = crypto_shash_final(&sdesc->shash, digest); out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -164,7 +164,7 @@ static int TSS_authhmac(unsigned char *d paramdigest, TPM_NONCE_SIZE, h1, TPM_NONCE_SIZE, h2, 1, &c, 0, 0); out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -245,7 +245,7 @@ static int TSS_checkhmac1(unsigned char if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -346,7 +346,7 @@ static int TSS_checkhmac2(unsigned char if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: - kfree(sdesc); + kzfree(sdesc); return ret; } @@ -563,7 +563,7 @@ static int tpm_seal(struct tpm_buf *tb, *bloblen = storedsize; } out: - kfree(td); + kzfree(td); return ret; } @@ -677,7 +677,7 @@ static int key_seal(struct trusted_key_p if (ret < 0) pr_info("trusted_key: srkseal failed (%d)\n", ret); - kfree(tb); + kzfree(tb); return ret; } @@ -702,7 +702,7 @@ static int key_unseal(struct trusted_key /* pull migratable flag out of sealed key */ p->migratable = p->key[--p->key_len]; - kfree(tb); + kzfree(tb); return ret; } @@ -961,12 +961,12 @@ static int trusted_instantiate(struct ke if (!ret && options->pcrlock) ret = pcrlock(options->pcrlock); out: - kfree(datablob); - kfree(options); + kzfree(datablob); + kzfree(options); if (!ret) rcu_assign_keypointer(key, payload); else - kfree(payload); + kzfree(payload); return ret; } @@ -975,8 +975,7 @@ static void trusted_rcu_free(struct rcu_ struct trusted_key_payload *p; p = container_of(rcu, struct trusted_key_payload, rcu); - memset(p->key, 0, p->key_len); - kfree(p); + kzfree(p); } /* @@ -1018,7 +1017,7 @@ static int trusted_update(struct key *ke ret = datablob_parse(datablob, new_p, new_o); if (ret != Opt_update) { ret = -EINVAL; - kfree(new_p); + kzfree(new_p); goto out; } /* copy old key values, and reseal with new pcrs */ @@ -1031,22 +1030,22 @@ static int trusted_update(struct key *ke ret = key_seal(new_p, new_o); if (ret < 0) { pr_info("trusted_key: key_seal failed (%d)\n", ret); - kfree(new_p); + kzfree(new_p); goto out; } if (new_o->pcrlock) { ret = pcrlock(new_o->pcrlock); if (ret < 0) { pr_info("trusted_key: pcrlock failed (%d)\n", ret); - kfree(new_p); + kzfree(new_p); goto out; } } rcu_assign_keypointer(key, new_p); call_rcu(&p->rcu, trusted_rcu_free); out: - kfree(datablob); - kfree(new_o); + kzfree(datablob); + kzfree(new_o); return ret; } Patches currently in stable-queue which might be from ebiggers(a)google.com are queue-3.18/keys-trusted-sanitize-all-key-material.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] FAILED: patch "[PATCH] KEYS: trusted: fix writing past end of buffer in" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 2 Nov 2017 00:47:12 +0000 Subject: [PATCH] KEYS: trusted: fix writing past end of buffer in trusted_read() When calling keyctl_read() on a key of type "trusted", if the user-supplied buffer was too small, the kernel ignored the buffer length and just wrote past the end of the buffer, potentially corrupting userspace memory. Fix it by instead returning the size required, as per the documentation for keyctl_read(). We also don't even fill the buffer at all in this case, as this is slightly easier to implement than doing a short read, and either behavior appears to be permitted. It also makes it match the behavior of the "encrypted" key type. Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Reported-by: Ben Hutchings <ben(a)decadent.org.uk> Cc: <stable(a)vger.kernel.org> # v2.6.38+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Reviewed-by: James Morris <james.l.morris(a)oracle.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> diff --git a/security/keys/trusted.c b/security/keys/trusted.c index bd85315cbfeb..98aa89ff7bfd 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -1147,20 +1147,21 @@ static long trusted_read(const struct key *key, char __user *buffer, p = dereference_key_locked(key); if (!p) return -EINVAL; - if (!buffer || buflen <= 0) - return 2 * p->blob_len; - ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); - if (!ascii_buf) - return -ENOMEM; - bufp = ascii_buf; - for (i = 0; i < p->blob_len; i++) - bufp = hex_byte_pack(bufp, p->blob[i]); - if ((copy_to_user(buffer, ascii_buf, 2 * p->blob_len)) != 0) { + if (buffer && buflen >= 2 * p->blob_len) { + ascii_buf = kmalloc(2 * p->blob_len, GFP_KERNEL); + if (!ascii_buf) + return -ENOMEM; + + bufp = ascii_buf; + for (i = 0; i < p->blob_len; i++) + bufp = hex_byte_pack(bufp, p->blob[i]); + if (copy_to_user(buffer, ascii_buf, 2 * p->blob_len) != 0) { + kzfree(ascii_buf); + return -EFAULT; + } kzfree(ascii_buf); - return -EFAULT; } - kzfree(ascii_buf); return 2 * p->blob_len; }

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Please integrate commit 2b02c20 (cdc_ncm) into 4.4

by Porto Rio

Hello, please integrate/backport the following commit into stable kernel release 4.4: Commit-ID: 2b02c20ce0c28974b44e69a2e2f5ddc6a470ad6f (see https://github.com/torvalds/linux/commit/2b02c20ce0c28974b44e69a2e2f5ddc6a4…) Subject: "cdc_ncm: Set NTB format again after altsetting switch for Huawei devices" (The patch has been submitted and merged into the mainline.) We regard this commit as a fix/workaround for a change in firmware behavior observed in some recent huawei devices (e.g.: Huawei MS2131 LTE stick). As these devices are unusable with the 4.4.x LTS kernel we suggest to include this workarround as there will be more and more LTE sticks to expect until EOS in 2022... See also the mail below of the originator of the commit. (It may also make sense to integrate it into the other stable kernel release) Thank you very much! Kind regards, Matthias ---- Sender: Enrico Mioso <mrkiko.rs(a)gmail.com> Date: 08.11.2017 23:21 Subject: Re: Question regarding commit: cdc_ncm: Set NTB format again after altsetting switch for Huawei devices Hello Mathias. First of all, thank you for your interest in huawei_cdc_ncm driver and contacting me. This commit could be backported to 4.4 kernel, I didn't send that to stable(a)vger.kernel.org . Let me know if there are any difficulties doing so. Or I might do the submission in some days. I think that commit could be related to a bug: even if it's arguable. That bug infact, is not related to the Linux kernel itself, but to the huawei firmware. So I don't think there will be a bug tracker entry. Thanks for all, Enrico

7 years, 10 months

2
1
0 0

Re: [Linux-stable-mirror] [PATCH 2/3] IB/core: disable memory registration of fileystem-dax vmas

by Christoph Hellwig

On Mon, Nov 06, 2017 at 04:57:21PM -0800, Dan Williams wrote: > Until there is a solution to the dma-to-dax vs truncate problem it is > not safe to allow RDMA to create long standing memory registrations > against filesytem-dax vmas. Looks good: Reviewed-by: Christoph Hellwig <hch(a)lst.de>

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 1/3] mm: introduce get_user_pages_longterm

by Christoph Hellwig

> +long get_user_pages_longterm(unsigned long start, unsigned long nr_pages, > + unsigned int gup_flags, struct page **pages, > + struct vm_area_struct **vmas) > +{ > + struct vm_area_struct **__vmas = vmas; How about calling the vma argument vma_arg, and the one used vma to make thigns a little more readable? > + struct vm_area_struct *vma_prev = NULL; > + long rc, i; > + > + if (!pages) > + return -EINVAL; > + > + if (!vmas && IS_ENABLED(CONFIG_FS_DAX)) { > + __vmas = kzalloc(sizeof(struct vm_area_struct *) * nr_pages, > + GFP_KERNEL); > + if (!__vmas) > + return -ENOMEM; > + } > + > + rc = get_user_pages(start, nr_pages, gup_flags, pages, __vmas); > + > + /* skip scan for fs-dax vmas if they are compile time disabled */ > + if (!IS_ENABLED(CONFIG_FS_DAX)) > + goto out; Instead of all this IS_ENABLED magic I'd recomment to just conditionally compile this function and define it to get_user_pages in the header if FS_DAX is disabled. Else this looks fine to me.

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [RFC PATCH] mm: fix device-dax pud write-faults triggered by get_user_pages()

by Dan Williams

Currently only get_user_pages_fast() can safely handle the writable gup case due to its use of pud_access_permitted() to check whether the pud entry is writable. In the gup slow path pud_write() is used instead of pud_access_permitted() and to date it has been unimplemented, just calls BUG_ON(). kernel BUG at ./include/linux/hugetlb.h:244! [..] RIP: 0010:follow_devmap_pud+0x482/0x490 [..] Call Trace: follow_page_mask+0x28c/0x6e0 __get_user_pages+0xe4/0x6c0 get_user_pages_unlocked+0x130/0x1b0 get_user_pages_fast+0x89/0xb0 iov_iter_get_pages_alloc+0x114/0x4a0 nfs_direct_read_schedule_iovec+0xd2/0x350 ? nfs_start_io_direct+0x63/0x70 nfs_file_direct_read+0x1e0/0x250 nfs_file_read+0x90/0xc0 Use pud_access_permitted() to implement pud_write(), a later cleanup can remove {pte,pmd,pud}_write and replace them with {pte,pmd,pud}_access_permitted() drectly so that we only have one set of helpers these kinds of checks. For now, implementing pud_write() simplifies -stable backports. Cc: <stable(a)vger.kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Fixes: a00cc7d9dd93 ("mm, x86: add support for PUD-sized transparent hugepages") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Sending this as RFC for opinion on whether this should just be a pud_flags() & _PAGE_RW check, like pmd_write, or pud_access_permitted() that also takes protection keys into account. include/linux/hugetlb.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index fbf5b31d47ee..6a142b240ef7 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -242,8 +242,7 @@ static inline int pgd_write(pgd_t pgd) #ifndef pud_write static inline int pud_write(pud_t pud) { - BUG(); - return 0; + return pud_access_permitted(pud, WRITE); } #endif

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] blk-mq: respect queue dead via blk_mq_quiesce_queue

by Ming Lei

On Sun, Nov 05, 2017 at 08:10:08PM +0800, Ming Lei wrote: > blk-mq never respects queue dead, and this may cause use-after-free on > any kind of queue resources. This patch respects the rule by calling > blk_mq_quiesce_queue() when queue is marked as DEAD. > > This patch fixes the following kernel crash: > > [ 42.170824] BUG: unable to handle kernel NULL pointer dereference at (null) > [ 42.172011] IP: blk_mq_flush_busy_ctxs+0x5a/0xe0 > [ 42.172011] PGD 25d8d1067 P4D 25d8d1067 PUD 25d458067 PMD 0 > [ 42.172011] Oops: 0000 [#1] PREEMPT SMP > [ 42.172011] Dumping ftrace buffer: > [ 42.172011] (ftrace buffer empty) > [ 42.172011] Modules linked in: scsi_debug ebtable_filter ebtables ip6table_filter ip6_tables xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c bridge stp llc fuse iptable_filter ip_tables sd_mod sg mptsas mptscsih mptbase crc32c_intel scsi_transport_sas nvme lpc_ich serio_raw ahci virtio_scsi libahci libata nvme_core binfmt_misc dm_mod iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi null_blk configs > [ 42.172011] CPU: 0 PID: 2750 Comm: fio Not tainted 4.14.0-rc7.blk_mq_io_hang+ #507 > [ 42.172011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.9.3-1.fc25 04/01/2014 > [ 42.172011] task: ffff88025dc18000 task.stack: ffffc900028c4000 > [ 42.172011] RIP: 0010:blk_mq_flush_busy_ctxs+0x5a/0xe0 > [ 42.172011] RSP: 0018:ffffc900028c7be0 EFLAGS: 00010246 > [ 42.172011] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8802775907c8 > [ 42.172011] RDX: 0000000000000000 RSI: ffffc900028c7c50 RDI: ffff88025de25c00 > [ 42.172011] RBP: ffffc900028c7c28 R08: 0000000000000000 R09: ffff8802595692c0 > [ 42.172011] R10: ffffc900028c7e50 R11: 0000000000000008 R12: ffffc900028c7c50 > [ 42.172011] R13: ffff88025de25cd8 R14: ffffc900028c7d78 R15: ffff88025de25c00 > [ 42.172011] FS: 00007faa8653f7c0(0000) GS:ffff88027fc00000(0000) knlGS:0000000000000000 > [ 42.172011] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 42.172011] CR2: 0000000000000000 CR3: 00000002593df006 CR4: 00000000003606f0 > [ 42.172011] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 42.172011] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 42.172011] Call Trace: > [ 42.172011] blk_mq_sched_dispatch_requests+0x1b4/0x1f0 > [ 42.172011] ? preempt_schedule+0x27/0x30 > [ 42.172011] __blk_mq_run_hw_queue+0x8b/0xa0 > [ 42.172011] __blk_mq_delay_run_hw_queue+0xb7/0x100 > [ 42.172011] blk_mq_run_hw_queue+0x14/0x20 > [ 42.172011] blk_mq_sched_insert_requests+0xda/0x120 > [ 42.172011] blk_mq_flush_plug_list+0x179/0x280 > [ 42.172011] blk_flush_plug_list+0x102/0x290 > [ 42.172011] blk_finish_plug+0x2c/0x40 > [ 42.172011] do_io_submit+0x3fa/0x780 > [ 42.172011] SyS_io_submit+0x10/0x20 > [ 42.172011] ? SyS_io_submit+0x10/0x20 > [ 42.172011] entry_SYSCALL_64_fastpath+0x1a/0xa5 > [ 42.172011] RIP: 0033:0x7faa80ff8697 > [ 42.172011] RSP: 002b:00007ffe08236de8 EFLAGS: 00000206 ORIG_RAX: 00000000000000d1 > [ 42.172011] RAX: ffffffffffffffda RBX: 0000000001f1e600 RCX: 00007faa80ff8697 > [ 42.172011] RDX: 000000000208e638 RSI: 0000000000000001 RDI: 00007faa6ecae000 > [ 42.172011] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000001f1e0e0 > [ 42.172011] R10: 0000000000000001 R11: 0000000000000206 R12: 00007faa614f19e0 > [ 42.172011] R13: 00007faa614ff0b0 R14: 00007faa614fef50 R15: 0000000100000000 > [ 42.172011] Code: e0 00 00 00 c7 45 bc 00 00 00 00 85 c0 74 76 4c 8d af d8 00 00 00 49 89 ff 44 8b 45 bc 4c 89 c0 49 c1 e0 06 4d 03 87 e8 00 00 00 <49> 83 38 00 4d 89 c6 74 41 41 8b 8f dc 00 00 00 41 89 c4 31 db > [ 42.172011] RIP: blk_mq_flush_busy_ctxs+0x5a/0xe0 RSP: ffffc900028c7be0 > [ 42.172011] CR2: 0000000000000000 > [ 42.172011] ---[ end trace 2432dfddf9b84061 ]--- > [ 42.172011] Kernel panic - not syncing: Fatal exception > [ 42.172011] Dumping ftrace buffer: > [ 42.172011] (ftrace buffer empty) > [ 42.172011] Kernel Offset: disabled > [ 42.172011] ---[ end Kernel panic - not syncing: Fatal exception > > Cc: stable(a)vger.kernel.org > Signed-off-by: Ming Lei <ming.lei(a)redhat.com> > --- > block/blk-core.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/block/blk-core.c b/block/blk-core.c > index 048be4aa6024..0b121f29e3b1 100644 > --- a/block/blk-core.c > +++ b/block/blk-core.c > @@ -658,6 +658,10 @@ void blk_cleanup_queue(struct request_queue *q) > queue_flag_set(QUEUE_FLAG_DEAD, q); > spin_unlock_irq(lock); > > + /* respect queue DEAD via quiesce for blk-mq */ > + if (q->mq_ops) > + blk_mq_quiesce_queue(q); > + > /* for synchronous bio-based driver finish in-flight integrity i/o */ > blk_flush_integrity(); Hi Jens, Could you consider this patch? This issue can be reproduced easily in heavy IO and device remove test on SCSI. -- Ming

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH v2 04/17] lpfc: Fix crash after bad bar setup on driver attachment

by James Smart

In test cases where an instance of the driver is detached and reattached, the driver will crash on reattachment. There is a compound if statement that will skip over the bar setup if the pci_resource_start call is not successful. The driver erroneously returns success to its bar setup in this scenario even though the bars aren't properly configured. Rework the offending code segment for proper initialization steps. If the pci_resource_start call fails, -ENOMEM is now returned. Sample stack: rport-5:0-10: blocked FC remote port time out: removing rport BUG: unable to handle kernel NULL pointer dereference at (null) ... lpfc_sli4_wait_bmbx_ready+0x32/0x70 [lpfc] ... ... RIP: 0010:... ... lpfc_sli4_wait_bmbx_ready+0x32/0x70 [lpfc] Call Trace: ... lpfc_sli4_post_sync_mbox+0x106/0x4d0 [lpfc] ... ? __alloc_pages_nodemask+0x176/0x420 ... ? __kmalloc+0x2e/0x230 ... lpfc_sli_issue_mbox_s4+0x533/0x720 [lpfc] ... ? mempool_alloc+0x69/0x170 ... ? dma_generic_alloc_coherent+0x8f/0x140 ... lpfc_sli_issue_mbox+0xf/0x20 [lpfc] ... lpfc_sli4_driver_resource_setup+0xa6f/0x1130 [lpfc] ... ? lpfc_pci_probe_one+0x23e/0x16f0 [lpfc] ... lpfc_pci_probe_one+0x445/0x16f0 [lpfc] ... local_pci_probe+0x45/0xa0 ... work_for_cpu_fn+0x14/0x20 ... process_one_work+0x17a/0x440 Cc: <stable(a)vger.kernel.org> # 4.12+ Signed-off-by: Dick Kennedy <dick.kennedy(a)broadcom.com> Signed-off-by: James Smart <james.smart(a)broadcom.com> Reviewed-by: Hannes Reinecke <hare(a)suse.com> --- drivers/scsi/lpfc/lpfc_init.c | 84 ++++++++++++++++++++++++++----------------- 1 file changed, 51 insertions(+), 33 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c index 745aff753396..fc9f91327724 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c @@ -9437,44 +9437,62 @@ lpfc_sli4_pci_mem_setup(struct lpfc_hba *phba) lpfc_sli4_bar0_register_memmap(phba, if_type); } - if ((if_type == LPFC_SLI_INTF_IF_TYPE_0) && - (pci_resource_start(pdev, PCI_64BIT_BAR2))) { - /* - * Map SLI4 if type 0 HBA Control Register base to a kernel - * virtual address and setup the registers. - */ - phba->pci_bar1_map = pci_resource_start(pdev, PCI_64BIT_BAR2); - bar1map_len = pci_resource_len(pdev, PCI_64BIT_BAR2); - phba->sli4_hba.ctrl_regs_memmap_p = - ioremap(phba->pci_bar1_map, bar1map_len); - if (!phba->sli4_hba.ctrl_regs_memmap_p) { - dev_printk(KERN_ERR, &pdev->dev, - "ioremap failed for SLI4 HBA control registers.\n"); + if (if_type == LPFC_SLI_INTF_IF_TYPE_0) { + if (pci_resource_start(pdev, PCI_64BIT_BAR2)) { + /* + * Map SLI4 if type 0 HBA Control Register base to a + * kernel virtual address and setup the registers. + */ + phba->pci_bar1_map = pci_resource_start(pdev, + PCI_64BIT_BAR2); + bar1map_len = pci_resource_len(pdev, PCI_64BIT_BAR2); + phba->sli4_hba.ctrl_regs_memmap_p = + ioremap(phba->pci_bar1_map, + bar1map_len); + if (!phba->sli4_hba.ctrl_regs_memmap_p) { + dev_err(&pdev->dev, + "ioremap failed for SLI4 HBA " + "control registers.\n"); + error = -ENOMEM; + goto out_iounmap_conf; + } + phba->pci_bar2_memmap_p = + phba->sli4_hba.ctrl_regs_memmap_p; + lpfc_sli4_bar1_register_memmap(phba); + } else { + error = -ENOMEM; goto out_iounmap_conf; } - phba->pci_bar2_memmap_p = phba->sli4_hba.ctrl_regs_memmap_p; - lpfc_sli4_bar1_register_memmap(phba); } - if ((if_type == LPFC_SLI_INTF_IF_TYPE_0) && - (pci_resource_start(pdev, PCI_64BIT_BAR4))) { - /* - * Map SLI4 if type 0 HBA Doorbell Register base to a kernel - * virtual address and setup the registers. - */ - phba->pci_bar2_map = pci_resource_start(pdev, PCI_64BIT_BAR4); - bar2map_len = pci_resource_len(pdev, PCI_64BIT_BAR4); - phba->sli4_hba.drbl_regs_memmap_p = - ioremap(phba->pci_bar2_map, bar2map_len); - if (!phba->sli4_hba.drbl_regs_memmap_p) { - dev_printk(KERN_ERR, &pdev->dev, - "ioremap failed for SLI4 HBA doorbell registers.\n"); - goto out_iounmap_ctrl; - } - phba->pci_bar4_memmap_p = phba->sli4_hba.drbl_regs_memmap_p; - error = lpfc_sli4_bar2_register_memmap(phba, LPFC_VF0); - if (error) + if (if_type == LPFC_SLI_INTF_IF_TYPE_0) { + if (pci_resource_start(pdev, PCI_64BIT_BAR4)) { + /* + * Map SLI4 if type 0 HBA Doorbell Register base to + * a kernel virtual address and setup the registers. + */ + phba->pci_bar2_map = pci_resource_start(pdev, + PCI_64BIT_BAR4); + bar2map_len = pci_resource_len(pdev, PCI_64BIT_BAR4); + phba->sli4_hba.drbl_regs_memmap_p = + ioremap(phba->pci_bar2_map, + bar2map_len); + if (!phba->sli4_hba.drbl_regs_memmap_p) { + dev_err(&pdev->dev, + "ioremap failed for SLI4 HBA" + " doorbell registers.\n"); + error = -ENOMEM; + goto out_iounmap_ctrl; + } + phba->pci_bar4_memmap_p = + phba->sli4_hba.drbl_regs_memmap_p; + error = lpfc_sli4_bar2_register_memmap(phba, LPFC_VF0); + if (error) + goto out_iounmap_all; + } else { + error = -ENOMEM; goto out_iounmap_all; + } } return 0; -- 2.13.1

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface

by ebiederm＠xmission.com

Aleksa Sarai <asarai(a)suse.de> writes: > On 11/05/2017 01:56 PM, Aleksa Sarai wrote: >> Previously, the only capability effectively required to operate on the >> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, >> having an fsuid of GLOBAL_ROOT_UID was enough). This means that >> semi-privileged processes could interfere with core components of a >> system (such as causing a DoS by removing the underlying SCSI device of >> the host's / mount). > > An alternative to this patch would be to make the open(2) call fail, if you try > to open it write-only or read-write. Not sure which would be preferred (should > it be possible to pass /proc/scsi/scsi to a semi-privileged process to write > to?). Making open fail is very much the preferred solution. Testing for permission on write can be avoided by finding a suid root application whose error output acts like a suid cat. The best current practice for adding this kind of permission check is to add the check in open. For some older use cases where we made this mistake we had to maintian a check during write to avoid breaking userspace. But as this check is new there is no reason to add a check anywhere except in open. Eric

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 3.16 000/294] 3.16.50-rc1 review

by Guenter Roeck

On Thu, Nov 09, 2017 at 04:59:58PM +0000, Ben Hutchings wrote: > On Thu, 2017-11-09 at 08:03 -0800, Guenter Roeck wrote: > > On Thu, Nov 09, 2017 at 12:40:36PM +0000, Ben Hutchings wrote: > > > On Thu, 2017-11-09 at 13:21 +0100, Arnd Bergmann wrote: > > > > On Thu, Nov 9, 2017 at 1:08 PM, Greg KH <greg(a)kroah.com> wrote: > > > > > On Thu, Nov 09, 2017 at 12:55:30PM +0100, Arnd Bergmann wrote: > > > > > > [...] > > > > > > I think if you upload the branch to the stable-rc git, that should produce > > > > > > the automated build and boot results via email or via the > > > > > > https://kernelci.org/job/ interface. Once there are some results > > > > > > there, I'll go through the list once more to see what warnings > > > > > > and failures remain. > > > > > > > > > > I don't know of a way to have others push to that tree/branch at the > > > > > moment :( > > > > > > > > > > I'll go update that branch now... > > > > > > > > Thanks! > > > > > > > > With the arm-soc tree, we simply have a shared group-id on > > > > gitolite.kernel.org and everyone in that group can push to it. > > > > > > > > If that is the only thing you need, it should be trivial to let Ben > > > > and Sasha push to /pub/scm/linux/kernel/git/stable/*.git as well, > > > > I'm sure helpdesk(a)kernel.org can arrange that. Of course if you are > > > > worried about having multiple accounts with write access to all the > > > > branches, then that wouldn't be enough. > > > > > > I think I'd rather send a pull request to Greg at the start of the > > > review period. > > > > > > > If you change the trees I am supposed to pull from for my builders, > > please let me know. > > If you're happy to keep supporting quilt-in-git then there's no change. > I check your builders page and try to fix up build failures before even > making a release candidate. > Ah yes, kernelci won't pick that up. No problem to keep kerneltests going as long as it adds value. Guenter

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] net: mvneta: fix handling of the Tx descriptor counter

by Andreas Tobler

Hi Simon, On 08.11.17 18:17, Simon Guinot wrote: > Hi Sven and Andreas, > > Please, can you try with this patch ? Today we, my son and I, repeated the failing scenario and we were able to show that our scenario behaves stable after you patch being applied. Thanks for taking care of this issue. If you need further testing let me know. Regards, Andreas > On Wed, Nov 08, 2017 at 05:58:35PM +0100, Simon Guinot wrote: >> The mvneta controller provides a 8-bit register to update the pending >> Tx descriptor counter. Then, a maximum of 255 Tx descriptors can be >> added at once. In the current code the mvneta_txq_pend_desc_add function >> assumes the caller takes care of this limit. But it is not the case. In >> some situations (xmit_more flag), more than 255 descriptors are added. >> When this happens, the Tx descriptor counter register is updated with a >> wrong value, which breaks the whole Tx queue management. >> >> This patch fixes the issue by allowing the mvneta_txq_pend_desc_add >> function to process more than 255 Tx descriptors. >> >> Fixes: 2a90f7e1d5d0 ("net: mvneta: add xmit_more support") >> Cc: stable(a)vger.kernel.org # 4.11+ >> Signed-off-by: Simon Guinot <simon.guinot(a)sequanux.org> >> --- >> drivers/net/ethernet/marvell/mvneta.c | 16 +++++++++------- >> 1 file changed, 9 insertions(+), 7 deletions(-) >> >> diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c >> index 64a04975bcf8..027c08ce4e5d 100644 >> --- a/drivers/net/ethernet/marvell/mvneta.c >> +++ b/drivers/net/ethernet/marvell/mvneta.c >> @@ -816,11 +816,14 @@ static void mvneta_txq_pend_desc_add(struct mvneta_port *pp, >> { >> u32 val; >> >> - /* Only 255 descriptors can be added at once ; Assume caller >> - * process TX desriptors in quanta less than 256 >> - */ >> - val = pend_desc + txq->pending; >> - mvreg_write(pp, MVNETA_TXQ_UPDATE_REG(txq->id), val); >> + pend_desc += txq->pending; >> + >> + /* Only 255 Tx descriptors can be added at once */ >> + while (pend_desc > 0) { >> + val = min(pend_desc, 255); >> + mvreg_write(pp, MVNETA_TXQ_UPDATE_REG(txq->id), val); >> + pend_desc -= val; >> + } >> txq->pending = 0; >> } >> >> @@ -2413,8 +2416,7 @@ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev) >> if (txq->count >= txq->tx_stop_threshold) >> netif_tx_stop_queue(nq); >> >> - if (!skb->xmit_more || netif_xmit_stopped(nq) || >> - txq->pending + frags > MVNETA_TXQ_DEC_SENT_MASK) >> + if (!skb->xmit_more || netif_xmit_stopped(nq)) >> mvneta_txq_pend_desc_add(pp, txq, frags); >> else >> txq->pending += frags; >> -- >> 2.9.3

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [4.4, 06/28] rcu: Allow for page faults in NMI handlers

by Ben Hutchings

On Mon, 2017-10-16 at 18:11 +0200, gregkh(a)linuxfoundation.org wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> > > commit 28585a832602747cbfa88ad8934013177a3aae38 upstream. > > A number of architecture invoke rcu_irq_enter() on exception entry in > order to allow RCU read-side critical sections in the exception handler > when the exception is from an idle or nohz_full CPU. This works, at > least unless the exception happens in an NMI handler. In that case, > rcu_nmi_enter() would already have exited the extended quiescent state, > which would mean that rcu_irq_enter() would (incorrectly) cause RCU > to think that it is again in an extended quiescent state. This will > in turn result in lockdep splats in response to later RCU read-side > critical sections. > > This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to > take no action if there is an rcu_nmi_enter() in effect, thus avoiding > the unscheduled return to RCU quiescent state. This in turn should > make the kernel safe for on-demand RCU voyeurism. > > Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com > > Cc: stable(a)vger.kernel.org > Fixes: 0be964be0 ("module: Sanitize RCU usage and locking") > > Reported-by: Steven Rostedt <rostedt(a)goodmis.org> > > Signed-off-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> > > Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > kernel/rcu/tree.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > --- a/kernel/rcu/tree.c > +++ b/kernel/rcu/tree.c > @@ -759,6 +759,12 @@ void rcu_irq_exit(void) > > local_irq_save(flags); > rdtp = this_cpu_ptr(&rcu_dynticks); > + > + /* Page faults can happen in NMI handlers, so check... */ > + if (READ_ONCE(rdtp->dynticks_nmi_nesting)) > + return; Shouldn't there be a local_irq_restore() on this return path? Or does this condition imply that IRQs were already disabled? > + RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!"); I don't see why you added RCU_LOCKDEP_WARN() here. Prior to 4.5 it's not an error to call this function with IRQs disabled. And after calling local_irq_save(), it's redundant to assert that IRQs are disabled. > oldval = rdtp->dynticks_nesting; > rdtp->dynticks_nesting--; > WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && > @@ -887,6 +893,12 @@ void rcu_irq_enter(void) > > local_irq_save(flags); > rdtp = this_cpu_ptr(&rcu_dynticks); > + > + /* Page faults can happen in NMI handlers, so check... */ > + if (READ_ONCE(rdtp->dynticks_nmi_nesting)) > + return; > + > + RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!"); Same problems here. Ben. > oldval = rdtp->dynticks_nesting; > rdtp->dynticks_nesting++; > WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && -- Ben Hutchings Software Developer, Codethink Ltd.

7 years, 10 months

3
2
0 0

[Linux-stable-mirror] [PATCH v2] ASoC: sun8i-codec: Set the BCLK divider

by Maxime Ripard

While the current code was reporting to be able to work in master mode, it failed to do so because the BCLK divider wasn't programmed, meaning that the BCLK would run at the PLL's frequency no matter the sample rate. It was obviously a bit too fast. Add support to retrieve the divider to use, and set it. Since our PLL is not always able to generate a perfect multiple of the sample rate, we'll have to choose the closest divider that matches our setup. Fixes: 36c684936fae ("ASoC: Add sun8i digital audio codec") Cc: <stable(a)vger.kernel.org> Reviewed-by: Chen-Yu Tsai <wens(a)csie.org> Signed-off-by: Maxime Ripard <maxime.ripard(a)free-electrons.com> --- Changes from v1: - Hardcoded the bit width to remain consistent with the rest of the driver --- sound/soc/sunxi/sun8i-codec.c | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/sound/soc/sunxi/sun8i-codec.c b/sound/soc/sunxi/sun8i-codec.c index c2ceca485d6a..7a312168f864 100644 --- a/sound/soc/sunxi/sun8i-codec.c +++ b/sound/soc/sunxi/sun8i-codec.c @@ -73,6 +73,7 @@ #define SUN8I_SYS_SR_CTRL_AIF2_FS_MASK GENMASK(11, 8) #define SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK GENMASK(5, 4) #define SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK GENMASK(8, 6) +#define SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK GENMASK(12, 9) struct sun8i_codec { struct device *dev; @@ -226,12 +227,57 @@ static int sun8i_set_fmt(struct snd_soc_dai *dai, unsigned int fmt) return 0; } +struct sun8i_codec_clk_div { + u8 div; + u8 val; +}; + +static const struct sun8i_codec_clk_div sun8i_codec_bclk_div[] = { + { .div = 1, .val = 0 }, + { .div = 2, .val = 1 }, + { .div = 4, .val = 2 }, + { .div = 6, .val = 3 }, + { .div = 8, .val = 4 }, + { .div = 12, .val = 5 }, + { .div = 16, .val = 6 }, + { .div = 24, .val = 7 }, + { .div = 32, .val = 8 }, + { .div = 48, .val = 9 }, + { .div = 64, .val = 10 }, + { .div = 96, .val = 11 }, + { .div = 128, .val = 12 }, + { .div = 192, .val = 13 }, +}; + +static u8 sun8i_codec_get_bclk_div(struct sun8i_codec *scodec, + unsigned int rate, + unsigned int word_size) +{ + unsigned long clk_rate = clk_get_rate(scodec->clk_module); + unsigned int div = clk_rate / rate / word_size / 2; + unsigned int best_val = 0, best_diff = ~0; + int i; + + for (i = 0; i < ARRAY_SIZE(sun8i_codec_bclk_div); i++) { + const struct sun8i_codec_clk_div *bdiv = &sun8i_codec_bclk_div[i]; + unsigned int diff = abs(bdiv->div - div); + + if (diff < best_diff) { + best_diff = diff; + best_val = bdiv->val; + } + } + + return best_val; +} + static int sun8i_codec_hw_params(struct snd_pcm_substream *substream, struct snd_pcm_hw_params *params, struct snd_soc_dai *dai) { struct sun8i_codec *scodec = snd_soc_codec_get_drvdata(dai->codec); int sample_rate; + u8 bclk_div; /* * The CPU DAI handles only a sample of 16 bits. Configure the @@ -241,6 +287,11 @@ static int sun8i_codec_hw_params(struct snd_pcm_substream *substream, SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK, SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_16); + bclk_div = sun8i_codec_get_bclk_div(scodec, params_rate(params), 16); + regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL, + SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK, + bclk_div << SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV); + regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL, SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK, SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_16); -- 2.14.3

7 years, 10 months

2
1
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.4

by Levin, Alexander (Sasha Levin)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c54d0707aa09a824413ebb4195c98bfb9b9e1fc0: Linux 4.4.97 (2017-11-08 10:06:31 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git for-greg-4.4-2 for you to fetch changes up to 2f948758f8adbf4e5f78506568f32ae6269a822d: net: dsa: select NET_SWITCHDEV (2017-11-08 15:35:51 -0500) - ---------------------------------------------------------------- Akinobu Mita (2): Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability Alison Schofield (1): iio: trigger: free trigger resource correctly David Lechner (2): dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO Feras Daoud (1): IB/ipoib: Change list_del to list_del_init in the tx object Gilad Ben-Yossef (1): IPsec: do not ignore crypto err in ah4 input Harninder Rai (1): dt-bindings: clockgen: Add compatible string for LS1012A Jason Gunthorpe (1): PCI: mvebu: Handle changes to the bridge windows while enabled Juergen Gross (1): xen/netback: set default upper limit of tx/rx queues to 8 Julian Wiedmann (1): s390/qeth: issue STARTLAN as first IPA command Lars-Peter Clausen (1): [media] adv7604: Initialize drive strength to default when using DT Laurent Pinchart (1): serial: sh-sci: Fix register offsets for the IRDA serial port Li Zhong (2): KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter crypto: vmx - disable preemption to enable vsx in aes_ctr.c Liping Zhang (1): netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family Maciej W. Rozycki (1): video: fbdev: pmag-ba-fb: Remove bad `__init' annotation Nate Watterson (1): iommu/arm-smmu-v3: Clear prior settings when updating STEs Noralf TrÃ¸nnes (1): drm: drm_minor_register(): Clean up debugfs on failure Patrick Bruenn (1): ARM: dts: imx53-qsb-common: fix FEC pinmux config Tony Lindgren (1): ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 Valentin Longchamp (1): powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 Vivien Didelot (1): net: dsa: select NET_SWITCHDEV Volodymyr Bendiuga (1): phy: increase size of MII_BUS_ID_SIZE and bus_id William wu (1): usb: hcd: initialize hcd->flags to 0 when rm hcd Documentation/devicetree/bindings/arm/davinci.txt | 4 + .../devicetree/bindings/clock/qoriq-clock.txt | 1 + .../devicetree/bindings/vendor-prefixes.txt | 1 + arch/arm/boot/dts/imx53-qsb-common.dtsi | 20 ++-- arch/arm/configs/omap2plus_defconfig | 1 + arch/powerpc/boot/dts/fsl/kmcoge4.dts | 4 + arch/powerpc/kvm/book3s_hv_rm_xics.c | 5 +- arch/sh/kernel/cpu/sh3/setup-sh770x.c | 1 - drivers/crypto/vmx/aes_ctr.c | 6 ++ drivers/gpu/drm/drm_drv.c | 2 +- drivers/iio/trigger/iio-trig-interrupt.c | 8 +- drivers/iio/trigger/iio-trig-sysfs.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +- drivers/input/keyboard/mpr121_touchkey.c | 24 +++-- drivers/iommu/arm-smmu-v3.c | 10 +- drivers/media/i2c/adv7604.c | 3 + drivers/net/xen-netback/netback.c | 6 +- drivers/pci/host/pci-mvebu.c | 101 ++++++++++++--------- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 21 ++++- drivers/s390/net/qeth_l2_main.c | 15 --- drivers/s390/net/qeth_l3_main.c | 15 --- drivers/staging/iio/trigger/iio-trig-bfin-timer.c | 4 +- drivers/tty/serial/sh-sci.c | 17 ++-- drivers/usb/core/hcd.c | 1 + drivers/video/fbdev/pmag-ba-fb.c | 2 +- include/linux/phy.h | 8 +- net/dsa/Kconfig | 5 +- net/ipv4/ah4.c | 3 + net/netfilter/nft_meta.c | 28 +++++- 30 files changed, 184 insertions(+), 137 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaA2zzAAoJEN6mb/eXdyzcFM0P/iZBjbrfPNDJYW73WHmz1fq0 s4WaAN0yOtt/rnLwBmzy6SohzIcwX8r/P5aJFh4Yyvw0U1X67KtQTZuzL/NM/gs8 iUpCJ5yFmK5+UUlA2aE8qwpBIobuzUvcS3Iy5ZT5j24hLOSPUQ0B7SvLycmZri78 RmvJzEn/f2fozaPDJkvf1YMJOMpf178gOk/XuIiIbaaLLKyfSjPdxm/OgTcmUrfy qYbJxfsI+VznY8bQF2UtBfcqtsS9aXoHQP//OmHXd3q6vvcQFDU/TpCLNP7XxIhM YIR1TGGGzX0uKYN7B93JpSuIBY+AZ4hECo3CTQ1FCszltcWyfaCQy8NrhWZbhwEr gO+v0s4pDCkuVP6sxHUUuQQ/O53cbmSCIZFwFSpB32zsskY6c1Y2ATvFV52Lpb2a M/ALRNJzNj5x/I/esxjgNX4DZ7F7Wql0iVTyAMjRy5SFrLE+/zAI7c/Ma1MVnQeZ PPXj2bdzdJE2UmGE5SwtewHSzVU0u/2UJ+a9FRpR+m36GiVUlmXckaCwCM0s1ein MAA/qWSvOgnWz6Eo8PGdG83nHSRmtiglflsv4/DO4uFKMB8ltcWzsFa8dknkEOag L4pwQZXxhDE62EnYW3gMJowjd6BNEj/ZrBXv9InObCEHsguhPJg5UK+sSL3gosMq +0jIGPSqGfnR7cWycde2 =PAvO -----END PGP SIGNATURE-----

7 years, 10 months

2
1
0 0

[Linux-stable-mirror] Patch "xen/netback: set default upper limit of tx/rx queues to 8" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/netback: set default upper limit of tx/rx queues to 8 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Juergen Gross <jgross(a)suse.com> Date: Tue, 10 Jan 2017 14:32:52 +0100 Subject: xen/netback: set default upper limit of tx/rx queues to 8 From: Juergen Gross <jgross(a)suse.com> [ Upstream commit 56dd5af9bc23d0d5d23bb207c477715b4c2216c5 ] The default for the maximum number of tx/rx queues of one interface is the number of cpus of the system today. As each queue pair reserves 512 grant pages this default consumes a ridiculous number of grants for large guests. Limit the queue number to 8 as default. This value can be modified via a module parameter if required. Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netback/netback.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c @@ -67,6 +67,7 @@ module_param(rx_drain_timeout_msecs, uin unsigned int rx_stall_timeout_msecs = 60000; module_param(rx_stall_timeout_msecs, uint, 0444); +#define MAX_QUEUES_DEFAULT 8 unsigned int xenvif_max_queues; module_param_named(max_queues, xenvif_max_queues, uint, 0644); MODULE_PARM_DESC(max_queues, @@ -2157,11 +2158,12 @@ static int __init netback_init(void) if (!xen_domain()) return -ENODEV; - /* Allow as many queues as there are CPUs if user has not + /* Allow as many queues as there are CPUs but max. 8 if user has not * specified a value. */ if (xenvif_max_queues == 0) - xenvif_max_queues = num_online_cpus(); + xenvif_max_queues = min_t(unsigned int, MAX_QUEUES_DEFAULT, + num_online_cpus()); if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", Patches currently in stable-queue which might be from jgross(a)suse.com are queue-4.4/xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "video: fbdev: pmag-ba-fb: Remove bad `__init' annotation" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled video: fbdev: pmag-ba-fb: Remove bad `__init' annotation to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: video-fbdev-pmag-ba-fb-remove-bad-__init-annotation.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Mon, 30 Jan 2017 17:39:48 +0100 Subject: video: fbdev: pmag-ba-fb: Remove bad `__init' annotation From: "Maciej W. Rozycki" <macro(a)linux-mips.org> [ Upstream commit 879e5a0df626f39cbb3c61bb90373e56d67012c4 ] Fix: WARNING: drivers/video/fbdev/pmag-ba-fb.o(.text+0x308): Section mismatch in reference from the function pmagbafb_probe() to the function .init.text:pmagbafb_erase_cursor() The function pmagbafb_probe() references the function __init pmagbafb_erase_cursor(). This is often because pmagbafb_probe lacks a __init annotation or the annotation of pmagbafb_erase_cursor is wrong. -- a fallout from a missed update from commit 9625b51350cc ("VIDEO: PMAG-BA: Fix section mismatch") and then commit 48c68c4f1b54 ("Drivers: video: remove __dev* attributes.") Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/video/fbdev/pmag-ba-fb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/video/fbdev/pmag-ba-fb.c +++ b/drivers/video/fbdev/pmag-ba-fb.c @@ -129,7 +129,7 @@ static struct fb_ops pmagbafb_ops = { /* * Turn the hardware cursor off. */ -static void __init pmagbafb_erase_cursor(struct fb_info *info) +static void pmagbafb_erase_cursor(struct fb_info *info) { struct pmagbafb_par *par = info->par; Patches currently in stable-queue which might be from macro(a)linux-mips.org are queue-4.4/video-fbdev-pmag-ba-fb-remove-bad-__init-annotation.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: hcd: initialize hcd->flags to 0 when rm hcd" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: hcd: initialize hcd->flags to 0 when rm hcd to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-hcd-initialize-hcd-flags-to-0-when-rm-hcd.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: William wu <wulf(a)rock-chips.com> Date: Fri, 13 Jan 2017 11:04:22 +0800 Subject: usb: hcd: initialize hcd->flags to 0 when rm hcd From: William wu <wulf(a)rock-chips.com> [ Upstream commit 76b8db0d480e8045e1a1902fc9ab143b3b9ef115 ] On some platforms(e.g. rk3399 board), we can call hcd_add/remove consecutively without calling usb_put_hcd/usb_create_hcd in between, so hcd->flags can be stale. If the HC dies due to whatever reason then without this patch we get the below error on next hcd_add. [173.296154] xhci-hcd xhci-hcd.2.auto: HC died; cleaning up [173.296209] xhci-hcd xhci-hcd.2.auto: xHCI Host Controller [173.296762] xhci-hcd xhci-hcd.2.auto: new USB bus registered, assigned bus number 6 [173.296931] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. [173.297179] usb usb6: New USB device found, idVendor=1d6b, idProduct=0003 [173.297203] usb usb6: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [173.297222] usb usb6: Product: xHCI Host Controller [173.297240] usb usb6: Manufacturer: Linux 4.4.21 xhci-hcd [173.297257] usb usb6: SerialNumber: xhci-hcd.2.auto [173.298680] hub 6-0:1.0: USB hub found [173.298749] hub 6-0:1.0: 1 port detected [173.299382] rockchip-dwc3 usb@fe800000: USB HOST connected [173.395418] hub 5-0:1.0: activate --> -19 [173.603447] irq 228: nobody cared (try booting with the "irqpoll" option) [173.603493] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.21 #9 [173.603513] Hardware name: Google Kevin (DT) [173.603531] Call trace: [173.603568] [<ffffffc0002087dc>] dump_backtrace+0x0/0x160 [173.603596] [<ffffffc00020895c>] show_stack+0x20/0x28 [173.603623] [<ffffffc0004b28a8>] dump_stack+0x90/0xb0 [173.603650] [<ffffffc00027347c>] __report_bad_irq+0x48/0xe8 [173.603674] [<ffffffc0002737cc>] note_interrupt+0x1e8/0x28c [173.603698] [<ffffffc000270a38>] handle_irq_event_percpu+0x1d4/0x25c [173.603722] [<ffffffc000270b0c>] handle_irq_event+0x4c/0x7c [173.603748] [<ffffffc00027456c>] handle_fasteoi_irq+0xb4/0x124 [173.603777] [<ffffffc00026fe3c>] generic_handle_irq+0x30/0x44 [173.603804] [<ffffffc0002701a8>] __handle_domain_irq+0x90/0xbc [173.603827] [<ffffffc0002006f4>] gic_handle_irq+0xcc/0x188 ... [173.604500] [<ffffffc000203700>] el1_irq+0x80/0xf8 [173.604530] [<ffffffc000261388>] cpu_startup_entry+0x38/0x3cc [173.604558] [<ffffffc00090f7d8>] rest_init+0x8c/0x94 [173.604585] [<ffffffc000e009ac>] start_kernel+0x3d0/0x3fc [173.604607] [<0000000000b16000>] 0xb16000 [173.604622] handlers: [173.604648] [<ffffffc000642084>] usb_hcd_irq [173.604673] Disabling IRQ #228 Signed-off-by: William wu <wulf(a)rock-chips.com> Acked-by: Roger Quadros <rogerq(a)ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hcd.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -2997,6 +2997,7 @@ void usb_remove_hcd(struct usb_hcd *hcd) } usb_put_invalidate_rhdev(hcd); + hcd->flags = 0; } EXPORT_SYMBOL_GPL(usb_remove_hcd); Patches currently in stable-queue which might be from wulf(a)rock-chips.com are queue-4.4/usb-hcd-initialize-hcd-flags-to-0-when-rm-hcd.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: sh-sci: Fix register offsets for the IRDA serial port" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: sh-sci: Fix register offsets for the IRDA serial port to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-sh-sci-fix-register-offsets-for-the-irda-serial-port.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Date: Wed, 11 Jan 2017 16:43:32 +0200 Subject: serial: sh-sci: Fix register offsets for the IRDA serial port From: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> [ Upstream commit a752ba18af8285e3eeda572f40dddaebff0c3621 ] Even though most of its registers are 8-bit wide, the IRDA has two 16-bit registers that make it a 16-bit peripheral and not a 8-bit peripheral with addresses shifted by one. Fix the registers offset in the driver and the platform data regshift value. Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/sh/kernel/cpu/sh3/setup-sh770x.c | 1 - drivers/tty/serial/sh-sci.c | 17 ++++++++--------- 2 files changed, 8 insertions(+), 10 deletions(-) --- a/arch/sh/kernel/cpu/sh3/setup-sh770x.c +++ b/arch/sh/kernel/cpu/sh3/setup-sh770x.c @@ -165,7 +165,6 @@ static struct plat_sci_port scif2_platfo .scscr = SCSCR_TE | SCSCR_RE, .type = PORT_IRDA, .ops = &sh770x_sci_port_ops, - .regshift = 1, }; static struct resource scif2_resources[] = { --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -163,18 +163,17 @@ static const struct plat_sci_reg sci_reg }, /* - * Common definitions for legacy IrDA ports, dependent on - * regshift value. + * Common definitions for legacy IrDA ports. */ [SCIx_IRDA_REGTYPE] = { [SCSMR] = { 0x00, 8 }, - [SCBRR] = { 0x01, 8 }, - [SCSCR] = { 0x02, 8 }, - [SCxTDR] = { 0x03, 8 }, - [SCxSR] = { 0x04, 8 }, - [SCxRDR] = { 0x05, 8 }, - [SCFCR] = { 0x06, 8 }, - [SCFDR] = { 0x07, 16 }, + [SCBRR] = { 0x02, 8 }, + [SCSCR] = { 0x04, 8 }, + [SCxTDR] = { 0x06, 8 }, + [SCxSR] = { 0x08, 16 }, + [SCxRDR] = { 0x0a, 8 }, + [SCFCR] = { 0x0c, 8 }, + [SCFDR] = { 0x0e, 16 }, [SCTFDR] = sci_reg_invalid, [SCRFDR] = sci_reg_invalid, [SCSPTR] = sci_reg_invalid, Patches currently in stable-queue which might be from laurent.pinchart+renesas(a)ideasonboard.com are queue-4.4/serial-sh-sci-fix-register-offsets-for-the-irda-serial-port.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "powerpc/corenet: explicitly disable the SDHC controller on kmcoge4" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-corenet-explicitly-disable-the-sdhc-controller-on-kmcoge4.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Valentin Longchamp <valentin.longchamp(a)keymile.com> Date: Thu, 15 Dec 2016 14:22:26 +0100 Subject: powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 From: Valentin Longchamp <valentin.longchamp(a)keymile.com> [ Upstream commit a674c7d470bb47e82f4eb1fa944eadeac2f6bbaf ] It is not implemented on the kmcoge4 hardware and if not disabled it leads to error messages with the corenet32_smp_defconfig. Signed-off-by: Valentin Longchamp <valentin.longchamp(a)keymile.com> Signed-off-by: Scott Wood <oss(a)buserror.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/boot/dts/fsl/kmcoge4.dts | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/powerpc/boot/dts/fsl/kmcoge4.dts +++ b/arch/powerpc/boot/dts/fsl/kmcoge4.dts @@ -83,6 +83,10 @@ }; }; + sdhc@114000 { + status = "disabled"; + }; + i2c@119000 { status = "disabled"; }; Patches currently in stable-queue which might be from valentin.longchamp(a)keymile.com are queue-4.4/powerpc-corenet-explicitly-disable-the-sdhc-controller-on-kmcoge4.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "s390/qeth: issue STARTLAN as first IPA command" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: issue STARTLAN as first IPA command to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-issue-startlan-as-first-ipa-command.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Thu, 12 Jan 2017 15:48:42 +0100 Subject: s390/qeth: issue STARTLAN as first IPA command From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 1034051045d125579ab1e8fcd5a724eeb0e70149 ] STARTLAN needs to be the first IPA command after MPC initialization completes. So move the qeth_send_startlan() call from the layer disciplines into the core path, right after the MPC handshake. While at it, replace the magic LAN OFFLINE return code with the existing enum. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Reviewed-by: Thomas Richter <tmricht(a)linux.vnet.ibm.com> Reviewed-by: Ursula Braun <ubraun(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 21 +++++++++++++++++---- drivers/s390/net/qeth_l2_main.c | 15 --------------- drivers/s390/net/qeth_l3_main.c | 15 --------------- 4 files changed, 17 insertions(+), 35 deletions(-) --- a/drivers/s390/net/qeth_core.h +++ b/drivers/s390/net/qeth_core.h @@ -909,7 +909,6 @@ void qeth_clear_thread_running_bit(struc int qeth_core_hardsetup_card(struct qeth_card *); void qeth_print_status_message(struct qeth_card *); int qeth_init_qdio_queues(struct qeth_card *); -int qeth_send_startlan(struct qeth_card *); int qeth_send_ipa_cmd(struct qeth_card *, struct qeth_cmd_buffer *, int (*reply_cb) (struct qeth_card *, struct qeth_reply *, unsigned long), --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -2955,7 +2955,7 @@ int qeth_send_ipa_cmd(struct qeth_card * } EXPORT_SYMBOL_GPL(qeth_send_ipa_cmd); -int qeth_send_startlan(struct qeth_card *card) +static int qeth_send_startlan(struct qeth_card *card) { int rc; struct qeth_cmd_buffer *iob; @@ -2968,7 +2968,6 @@ int qeth_send_startlan(struct qeth_card rc = qeth_send_ipa_cmd(card, iob, NULL, NULL); return rc; } -EXPORT_SYMBOL_GPL(qeth_send_startlan); static int qeth_default_setadapterparms_cb(struct qeth_card *card, struct qeth_reply *reply, unsigned long data) @@ -5080,6 +5079,20 @@ retriable: goto out; } + rc = qeth_send_startlan(card); + if (rc) { + QETH_DBF_TEXT_(SETUP, 2, "6err%d", rc); + if (rc == IPA_RC_LAN_OFFLINE) { + dev_warn(&card->gdev->dev, + "The LAN is offline\n"); + card->lan_online = 0; + } else { + rc = -ENODEV; + goto out; + } + } else + card->lan_online = 1; + card->options.ipa4.supported_funcs = 0; card->options.ipa6.supported_funcs = 0; card->options.adp.supported_funcs = 0; @@ -5091,14 +5104,14 @@ retriable: if (qeth_is_supported(card, IPA_SETADAPTERPARMS)) { rc = qeth_query_setadapterparms(card); if (rc < 0) { - QETH_DBF_TEXT_(SETUP, 2, "6err%d", rc); + QETH_DBF_TEXT_(SETUP, 2, "7err%d", rc); goto out; } } if (qeth_adp_supported(card, IPA_SETADP_SET_DIAG_ASSIST)) { rc = qeth_query_setdiagass(card); if (rc < 0) { - QETH_DBF_TEXT_(SETUP, 2, "7err%d", rc); + QETH_DBF_TEXT_(SETUP, 2, "8err%d", rc); goto out; } } --- a/drivers/s390/net/qeth_l2_main.c +++ b/drivers/s390/net/qeth_l2_main.c @@ -1203,21 +1203,6 @@ static int __qeth_l2_set_online(struct c /* softsetup */ QETH_DBF_TEXT(SETUP, 2, "softsetp"); - rc = qeth_send_startlan(card); - if (rc) { - QETH_DBF_TEXT_(SETUP, 2, "1err%d", rc); - if (rc == 0xe080) { - dev_warn(&card->gdev->dev, - "The LAN is offline\n"); - card->lan_online = 0; - goto contin; - } - rc = -ENODEV; - goto out_remove; - } else - card->lan_online = 1; - -contin: if ((card->info.type == QETH_CARD_TYPE_OSD) || (card->info.type == QETH_CARD_TYPE_OSX)) { if (qeth_l2_start_ipassists(card)) --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -3298,21 +3298,6 @@ static int __qeth_l3_set_online(struct c /* softsetup */ QETH_DBF_TEXT(SETUP, 2, "softsetp"); - rc = qeth_send_startlan(card); - if (rc) { - QETH_DBF_TEXT_(SETUP, 2, "1err%d", rc); - if (rc == 0xe080) { - dev_warn(&card->gdev->dev, - "The LAN is offline\n"); - card->lan_online = 0; - goto contin; - } - rc = -ENODEV; - goto out_remove; - } else - card->lan_online = 1; - -contin: rc = qeth_l3_setadapter_parms(card); if (rc) QETH_DBF_TEXT_(SETUP, 2, "2err%04x", rc); Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-4.4/s390-qeth-issue-startlan-as-first-ipa-command.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "phy: increase size of MII_BUS_ID_SIZE and bus_id" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled phy: increase size of MII_BUS_ID_SIZE and bus_id to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: phy-increase-size-of-mii_bus_id_size-and-bus_id.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Volodymyr Bendiuga <volodymyr.bendiuga(a)gmail.com> Date: Thu, 19 Jan 2017 17:05:04 +0100 Subject: phy: increase size of MII_BUS_ID_SIZE and bus_id From: Volodymyr Bendiuga <volodymyr.bendiuga(a)gmail.com> [ Upstream commit 4567d686f5c6d955e57a3afa1741944c1e7f4033 ] Some bus names are pretty long and do not fit into 17 chars. Increase therefore MII_BUS_ID_SIZE and phy_fixup.bus_id to larger number. Now mii_bus.id can host larger name. Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga(a)gmail.com> Signed-off-by: Magnus Öberg <magnus.oberg(a)westermo.se> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/phy.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) --- a/include/linux/phy.h +++ b/include/linux/phy.h @@ -136,11 +136,7 @@ static inline const char *phy_modes(phy_ /* Used when trying to connect to a specific phy (mii bus id:phy device id) */ #define PHY_ID_FMT "%s:%02x" -/* - * Need to be a little smaller than phydev->dev.bus_id to leave room - * for the ":%02x" - */ -#define MII_BUS_ID_SIZE (20 - 3) +#define MII_BUS_ID_SIZE 61 /* Or MII_ADDR_C45 into regnum for read/write on mii_bus to enable the 21 bit IEEE 802.3ae clause 45 addressing mode used by 10GIGE phy chips. */ @@ -599,7 +595,7 @@ struct phy_driver { /* A Structure for boards to register fixups with the PHY Lib */ struct phy_fixup { struct list_head list; - char bus_id[20]; + char bus_id[MII_BUS_ID_SIZE + 3]; u32 phy_uid; u32 phy_uid_mask; int (*run)(struct phy_device *phydev); Patches currently in stable-queue which might be from volodymyr.bendiuga(a)gmail.com are queue-4.4/phy-increase-size-of-mii_bus_id_size-and-bus_id.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "PCI: mvebu: Handle changes to the bridge windows while enabled" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled PCI: mvebu: Handle changes to the bridge windows while enabled to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pci-mvebu-handle-changes-to-the-bridge-windows-while-enabled.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Jason Gunthorpe <jgunthorpe(a)obsidianresearch.com> Date: Mon, 12 Dec 2016 11:30:20 -0700 Subject: PCI: mvebu: Handle changes to the bridge windows while enabled From: Jason Gunthorpe <jgunthorpe(a)obsidianresearch.com> [ Upstream commit d9bf28e2650fe3eeefed7e34841aea07d10c6543 ] The PCI core will write to the bridge window config multiple times while they are enabled. This can lead to mbus failures like this: mvebu_mbus: cannot add window '4:e8', conflicts with another window mvebu-pcie mbus:pex@e0000000: Could not create MBus window at [mem 0xe0000000-0xe00fffff]: -22 For me this is happening during a hotplug cycle. The PCI core is not changing the values, just writing them twice while active. The patch addresses the general case of any change to an active window, but not atomically. The code is slightly refactored so io and mem can share more of the window logic. Signed-off-by: Jason Gunthorpe <jgunthorpe(a)obsidianresearch.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Acked-by: Jason Cooper <jason(a)lakedaemon.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/pci/host/pci-mvebu.c | 101 +++++++++++++++++++++++++------------------ 1 file changed, 60 insertions(+), 41 deletions(-) --- a/drivers/pci/host/pci-mvebu.c +++ b/drivers/pci/host/pci-mvebu.c @@ -131,6 +131,12 @@ struct mvebu_pcie { int nports; }; +struct mvebu_pcie_window { + phys_addr_t base; + phys_addr_t remap; + size_t size; +}; + /* Structure representing one PCIe interface */ struct mvebu_pcie_port { char *name; @@ -148,10 +154,8 @@ struct mvebu_pcie_port { struct mvebu_sw_pci_bridge bridge; struct device_node *dn; struct mvebu_pcie *pcie; - phys_addr_t memwin_base; - size_t memwin_size; - phys_addr_t iowin_base; - size_t iowin_size; + struct mvebu_pcie_window memwin; + struct mvebu_pcie_window iowin; u32 saved_pcie_stat; }; @@ -377,23 +381,45 @@ static void mvebu_pcie_add_windows(struc } } +static void mvebu_pcie_set_window(struct mvebu_pcie_port *port, + unsigned int target, unsigned int attribute, + const struct mvebu_pcie_window *desired, + struct mvebu_pcie_window *cur) +{ + if (desired->base == cur->base && desired->remap == cur->remap && + desired->size == cur->size) + return; + + if (cur->size != 0) { + mvebu_pcie_del_windows(port, cur->base, cur->size); + cur->size = 0; + cur->base = 0; + + /* + * If something tries to change the window while it is enabled + * the change will not be done atomically. That would be + * difficult to do in the general case. + */ + } + + if (desired->size == 0) + return; + + mvebu_pcie_add_windows(port, target, attribute, desired->base, + desired->size, desired->remap); + *cur = *desired; +} + static void mvebu_pcie_handle_iobase_change(struct mvebu_pcie_port *port) { - phys_addr_t iobase; + struct mvebu_pcie_window desired = {}; /* Are the new iobase/iolimit values invalid? */ if (port->bridge.iolimit < port->bridge.iobase || port->bridge.iolimitupper < port->bridge.iobaseupper || !(port->bridge.command & PCI_COMMAND_IO)) { - - /* If a window was configured, remove it */ - if (port->iowin_base) { - mvebu_pcie_del_windows(port, port->iowin_base, - port->iowin_size); - port->iowin_base = 0; - port->iowin_size = 0; - } - + mvebu_pcie_set_window(port, port->io_target, port->io_attr, + &desired, &port->iowin); return; } @@ -410,32 +436,27 @@ static void mvebu_pcie_handle_iobase_cha * specifications. iobase is the bus address, port->iowin_base * is the CPU address. */ - iobase = ((port->bridge.iobase & 0xF0) << 8) | - (port->bridge.iobaseupper << 16); - port->iowin_base = port->pcie->io.start + iobase; - port->iowin_size = ((0xFFF | ((port->bridge.iolimit & 0xF0) << 8) | - (port->bridge.iolimitupper << 16)) - - iobase) + 1; - - mvebu_pcie_add_windows(port, port->io_target, port->io_attr, - port->iowin_base, port->iowin_size, - iobase); + desired.remap = ((port->bridge.iobase & 0xF0) << 8) | + (port->bridge.iobaseupper << 16); + desired.base = port->pcie->io.start + desired.remap; + desired.size = ((0xFFF | ((port->bridge.iolimit & 0xF0) << 8) | + (port->bridge.iolimitupper << 16)) - + desired.remap) + + 1; + + mvebu_pcie_set_window(port, port->io_target, port->io_attr, &desired, + &port->iowin); } static void mvebu_pcie_handle_membase_change(struct mvebu_pcie_port *port) { + struct mvebu_pcie_window desired = {.remap = MVEBU_MBUS_NO_REMAP}; + /* Are the new membase/memlimit values invalid? */ if (port->bridge.memlimit < port->bridge.membase || !(port->bridge.command & PCI_COMMAND_MEMORY)) { - - /* If a window was configured, remove it */ - if (port->memwin_base) { - mvebu_pcie_del_windows(port, port->memwin_base, - port->memwin_size); - port->memwin_base = 0; - port->memwin_size = 0; - } - + mvebu_pcie_set_window(port, port->mem_target, port->mem_attr, + &desired, &port->memwin); return; } @@ -445,14 +466,12 @@ static void mvebu_pcie_handle_membase_ch * window to setup, according to the PCI-to-PCI bridge * specifications. */ - port->memwin_base = ((port->bridge.membase & 0xFFF0) << 16); - port->memwin_size = - (((port->bridge.memlimit & 0xFFF0) << 16) | 0xFFFFF) - - port->memwin_base + 1; - - mvebu_pcie_add_windows(port, port->mem_target, port->mem_attr, - port->memwin_base, port->memwin_size, - MVEBU_MBUS_NO_REMAP); + desired.base = ((port->bridge.membase & 0xFFF0) << 16); + desired.size = (((port->bridge.memlimit & 0xFFF0) << 16) | 0xFFFFF) - + desired.base + 1; + + mvebu_pcie_set_window(port, port->mem_target, port->mem_attr, &desired, + &port->memwin); } /* Patches currently in stable-queue which might be from jgunthorpe(a)obsidianresearch.com are queue-4.4/pci-mvebu-handle-changes-to-the-bridge-windows-while-enabled.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "net: dsa: select NET_SWITCHDEV" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: dsa: select NET_SWITCHDEV to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-dsa-select-net_switchdev.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Vivien Didelot <vivien.didelot(a)savoirfairelinux.com> Date: Mon, 9 Jan 2017 16:49:26 -0500 Subject: net: dsa: select NET_SWITCHDEV From: Vivien Didelot <vivien.didelot(a)savoirfairelinux.com> [ Upstream commit 3a89eaa65db68bf53bf92dedc60084f810e1779a ] The support for DSA Ethernet switch chips depends on TCP/IP networking, thus explicit that HAVE_NET_DSA depends on INET. DSA uses SWITCHDEV, thus select it instead of depending on it. Signed-off-by: Vivien Didelot <vivien.didelot(a)savoirfairelinux.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli(a)gmail.com> Tested-by: Randy Dunlap <rdunlap(a)infradead.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dsa/Kconfig | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/net/dsa/Kconfig +++ b/net/dsa/Kconfig @@ -1,12 +1,13 @@ config HAVE_NET_DSA def_bool y - depends on NETDEVICES && !S390 + depends on INET && NETDEVICES && !S390 # Drivers must select NET_DSA and the appropriate tagging format config NET_DSA tristate "Distributed Switch Architecture" - depends on HAVE_NET_DSA && NET_SWITCHDEV + depends on HAVE_NET_DSA + select NET_SWITCHDEV select PHYLIB ---help--- Say Y if you want to enable support for the hardware switches supported Patches currently in stable-queue which might be from vivien.didelot(a)savoirfairelinux.com are queue-4.4/net-dsa-select-net_switchdev.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nft_meta-deal-with-packet_loopback-in-netdev-family.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Liping Zhang <zlpnobody(a)gmail.com> Date: Sat, 7 Jan 2017 21:33:55 +0800 Subject: netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family From: Liping Zhang <zlpnobody(a)gmail.com> [ Upstream commit f169fd695b192dd7b23aff8e69d25a1bc881bbfa ] After adding the following nft rule, then ping 224.0.0.1: # nft add rule netdev t c pkttype host counter The warning complain message will be printed out again and again: WARNING: CPU: 0 PID: 10182 at net/netfilter/nft_meta.c:163 \ nft_meta_get_eval+0x3fe/0x460 [nft_meta] [...] Call Trace: <IRQ> dump_stack+0x85/0xc2 __warn+0xcb/0xf0 warn_slowpath_null+0x1d/0x20 nft_meta_get_eval+0x3fe/0x460 [nft_meta] nft_do_chain+0xff/0x5e0 [nf_tables] So we should deal with PACKET_LOOPBACK in netdev family too. For ipv4, convert it to PACKET_BROADCAST/MULTICAST according to the destination address's type; For ipv6, convert it to PACKET_MULTICAST directly. Signed-off-by: Liping Zhang <zlpnobody(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/nft_meta.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -151,8 +151,34 @@ void nft_meta_get_eval(const struct nft_ else *dest = PACKET_BROADCAST; break; + case NFPROTO_NETDEV: + switch (skb->protocol) { + case htons(ETH_P_IP): { + int noff = skb_network_offset(skb); + struct iphdr *iph, _iph; + + iph = skb_header_pointer(skb, noff, + sizeof(_iph), &_iph); + if (!iph) + goto err; + + if (ipv4_is_multicast(iph->daddr)) + *dest = PACKET_MULTICAST; + else + *dest = PACKET_BROADCAST; + + break; + } + case htons(ETH_P_IPV6): + *dest = PACKET_MULTICAST; + break; + default: + WARN_ON_ONCE(1); + goto err; + } + break; default: - WARN_ON(1); + WARN_ON_ONCE(1); goto err; } break; Patches currently in stable-queue which might be from zlpnobody(a)gmail.com are queue-4.4/netfilter-nft_meta-deal-with-packet_loopback-in-netdev-family.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "IPsec: do not ignore crypto err in ah4 input" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IPsec: do not ignore crypto err in ah4 input to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipsec-do-not-ignore-crypto-err-in-ah4-input.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Gilad Ben-Yossef <gilad(a)benyossef.com> Date: Mon, 16 Jan 2017 13:17:55 +0200 Subject: IPsec: do not ignore crypto err in ah4 input From: Gilad Ben-Yossef <gilad(a)benyossef.com> [ Upstream commit ebd89a2d0675f1325c2be5b7576fd8cb7e8defd0 ] ah4 input processing uses the asynchronous hash crypto API which supplies an error code as part of the operation completion but the error code was being ignored. Treat a crypto API error indication as a verification failure. While a crypto API reported error would almost certainly result in a memcpy of the digest failing anyway and thus the security risk seems minor, performing a memory compare on what might be uninitialized memory is wrong. Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ah4.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -270,6 +270,9 @@ static void ah_input_done(struct crypto_ int ihl = ip_hdrlen(skb); int ah_hlen = (ah->hdrlen + 2) << 2; + if (err) + goto out; + work_iph = AH_SKB_CB(skb)->tmp; auth_data = ah_tmp_auth(work_iph, ihl); icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len); Patches currently in stable-queue which might be from gilad(a)benyossef.com are queue-4.4/ipsec-do-not-ignore-crypto-err-in-ah4-input.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-ppc-book-3s-xics-correct-the-real-mode-icp-rejecting-counter.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Li Zhong <zhong(a)linux.vnet.ibm.com> Date: Fri, 11 Nov 2016 12:57:33 +0800 Subject: KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter From: Li Zhong <zhong(a)linux.vnet.ibm.com> [ Upstream commit 37451bc95dee0e666927d6ffdda302dbbaaae6fa ] Some counters are added in Commit 6e0365b78273 ("KVM: PPC: Book3S HV: Add ICP real mode counters"), to provide some performance statistics to determine whether further optimizing is needed for real mode functions. The n_reject counter counts how many times ICP rejects an irq because of priority in real mode. The redelivery of an lsi that is still asserted after eoi doesn't fall into this category, so the increasement there is removed. Also, it needs to be increased in icp_rm_deliver_irq() if it rejects another one. Signed-off-by: Li Zhong <zhong(a)linux.vnet.ibm.com> Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kvm/book3s_hv_rm_xics.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/arch/powerpc/kvm/book3s_hv_rm_xics.c +++ b/arch/powerpc/kvm/book3s_hv_rm_xics.c @@ -280,6 +280,7 @@ static void icp_rm_deliver_irq(struct kv */ if (reject && reject != XICS_IPI) { arch_spin_unlock(&ics->lock); + icp->n_reject++; new_irq = reject; goto again; } @@ -611,10 +612,8 @@ int kvmppc_rm_h_eoi(struct kvm_vcpu *vcp state = &ics->irq_state[src]; /* Still asserted, resend it */ - if (state->asserted) { - icp->n_reject++; + if (state->asserted) icp_rm_deliver_irq(xics, icp, irq); - } if (!hlist_empty(&vcpu->kvm->irq_ack_notifier_list)) { icp->rm_action |= XICS_RM_NOTIFY_EOI; Patches currently in stable-queue which might be from zhong(a)linux.vnet.ibm.com are queue-4.4/crypto-vmx-disable-preemption-to-enable-vsx-in-aes_ctr.c.patch queue-4.4/kvm-ppc-book-3s-xics-correct-the-real-mode-icp-rejecting-counter.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "Input: mpr121 - handle multiple bits change of status register" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: mpr121 - handle multiple bits change of status register to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-mpr121-handle-multiple-bits-change-of-status-register.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Akinobu Mita <akinobu.mita(a)gmail.com> Date: Sun, 15 Jan 2017 14:44:30 -0800 Subject: Input: mpr121 - handle multiple bits change of status register From: Akinobu Mita <akinobu.mita(a)gmail.com> [ Upstream commit 08fea55e37f58371bffc5336a59e55d1f155955a ] This driver reports input events on their interrupts which are triggered by the sensor's status register changes. But only single bit change is reported in the interrupt handler. So if there are multiple bits are changed at almost the same time, other press or release events are ignored. This fixes it by detecting all changed bits in the status register. Signed-off-by: Akinobu Mita <akinobu.mita(a)gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/keyboard/mpr121_touchkey.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) --- a/drivers/input/keyboard/mpr121_touchkey.c +++ b/drivers/input/keyboard/mpr121_touchkey.c @@ -87,7 +87,8 @@ static irqreturn_t mpr_touchkey_interrup struct mpr121_touchkey *mpr121 = dev_id; struct i2c_client *client = mpr121->client; struct input_dev *input = mpr121->input_dev; - unsigned int key_num, key_val, pressed; + unsigned long bit_changed; + unsigned int key_num; int reg; reg = i2c_smbus_read_byte_data(client, ELE_TOUCH_STATUS_1_ADDR); @@ -105,18 +106,22 @@ static irqreturn_t mpr_touchkey_interrup reg &= TOUCH_STATUS_MASK; /* use old press bit to figure out which bit changed */ - key_num = ffs(reg ^ mpr121->statusbits) - 1; - pressed = reg & (1 << key_num); + bit_changed = reg ^ mpr121->statusbits; mpr121->statusbits = reg; + for_each_set_bit(key_num, &bit_changed, mpr121->keycount) { + unsigned int key_val, pressed; - key_val = mpr121->keycodes[key_num]; + pressed = reg & BIT(key_num); + key_val = mpr121->keycodes[key_num]; - input_event(input, EV_MSC, MSC_SCAN, key_num); - input_report_key(input, key_val, pressed); - input_sync(input); + input_event(input, EV_MSC, MSC_SCAN, key_num); + input_report_key(input, key_val, pressed); + + dev_dbg(&client->dev, "key %d %d %s\n", key_num, key_val, + pressed ? "pressed" : "released"); - dev_dbg(&client->dev, "key %d %d %s\n", key_num, key_val, - pressed ? "pressed" : "released"); + } + input_sync(input); out: return IRQ_HANDLED; Patches currently in stable-queue which might be from akinobu.mita(a)gmail.com are queue-4.4/input-mpr121-set-missing-event-capability.patch queue-4.4/input-mpr121-handle-multiple-bits-change-of-status-register.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "iommu/arm-smmu-v3: Clear prior settings when updating STEs" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iommu/arm-smmu-v3: Clear prior settings when updating STEs to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iommu-arm-smmu-v3-clear-prior-settings-when-updating-stes.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Nate Watterson <nwatters(a)codeaurora.org> Date: Tue, 20 Dec 2016 23:11:48 -0500 Subject: iommu/arm-smmu-v3: Clear prior settings when updating STEs From: Nate Watterson <nwatters(a)codeaurora.org> [ Upstream commit 810871c57011eb3e89e6768932757f169d666cd2 ] To prevent corruption of the stage-1 context pointer field when updating STEs, rebuild the entire containing dword instead of clearing individual fields. Signed-off-by: Nate Watterson <nwatters(a)codeaurora.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iommu/arm-smmu-v3.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) --- a/drivers/iommu/arm-smmu-v3.c +++ b/drivers/iommu/arm-smmu-v3.c @@ -1033,13 +1033,8 @@ static void arm_smmu_write_strtab_ent(st } } - /* Nuke the existing Config, as we're going to rewrite it */ - val &= ~(STRTAB_STE_0_CFG_MASK << STRTAB_STE_0_CFG_SHIFT); - - if (ste->valid) - val |= STRTAB_STE_0_V; - else - val &= ~STRTAB_STE_0_V; + /* Nuke the existing STE_0 value, as we're going to rewrite it */ + val = ste->valid ? STRTAB_STE_0_V : 0; if (ste->bypass) { val |= disable_bypass ? STRTAB_STE_0_CFG_ABORT @@ -1068,7 +1063,6 @@ static void arm_smmu_write_strtab_ent(st val |= (ste->s1_cfg->cdptr_dma & STRTAB_STE_0_S1CTXPTR_MASK << STRTAB_STE_0_S1CTXPTR_SHIFT) | STRTAB_STE_0_CFG_S1_TRANS; - } if (ste->s2_cfg) { Patches currently in stable-queue which might be from nwatters(a)codeaurora.org are queue-4.4/iommu-arm-smmu-v3-clear-prior-settings-when-updating-stes.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "Input: mpr121 - set missing event capability" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: mpr121 - set missing event capability to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-mpr121-set-missing-event-capability.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Akinobu Mita <akinobu.mita(a)gmail.com> Date: Sun, 15 Jan 2017 14:44:05 -0800 Subject: Input: mpr121 - set missing event capability From: Akinobu Mita <akinobu.mita(a)gmail.com> [ Upstream commit 9723ddc8fe0d76ce41fe0dc16afb241ec7d0a29d ] This driver reports misc scan input events on the sensor's status register changes. But the event capability for them was not set in the device initialization, so these events were ignored. This change adds the missing event capability. Signed-off-by: Akinobu Mita <akinobu.mita(a)gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/keyboard/mpr121_touchkey.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/input/keyboard/mpr121_touchkey.c +++ b/drivers/input/keyboard/mpr121_touchkey.c @@ -236,6 +236,7 @@ static int mpr_touchkey_probe(struct i2c input_dev->id.bustype = BUS_I2C; input_dev->dev.parent = &client->dev; input_dev->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REP); + input_set_capability(input_dev, EV_MSC, MSC_SCAN); input_dev->keycode = mpr121->keycodes; input_dev->keycodesize = sizeof(mpr121->keycodes[0]); Patches currently in stable-queue which might be from akinobu.mita(a)gmail.com are queue-4.4/input-mpr121-set-missing-event-capability.patch queue-4.4/input-mpr121-handle-multiple-bits-change-of-status-register.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "iio: trigger: free trigger resource correctly" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: trigger: free trigger resource correctly to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iio-trigger-free-trigger-resource-correctly.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Alison Schofield <amsfield22(a)gmail.com> Date: Thu, 19 Jan 2017 19:47:38 -0800 Subject: iio: trigger: free trigger resource correctly From: Alison Schofield <amsfield22(a)gmail.com> [ Upstream commit 10e840dfb0b7fc345082dd9e5fff3c1c02e7690e ] These stand-alone trigger drivers were using iio_trigger_put() where they should have been using iio_trigger_free(). The iio_trigger_put() adds a module_put which is bad since they never did a module_get. In the sysfs driver, module_get/put's are used as triggers are added & removed. This extra module_put() occurs on an error path in the probe routine (probably rare). In the bfin-timer & interrupt trigger drivers, the module resources are not explicitly managed, so it's doing a put on something that was never get'd. It occurs on the probe error path and on the remove path (not so rare). Tested with the sysfs trigger driver. The bfin & interrupt drivers were build tested & inspected only. Signed-off-by: Alison Schofield <amsfield22(a)gmail.com> Signed-off-by: Jonathan Cameron <jic23(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iio/trigger/iio-trig-interrupt.c | 8 ++++---- drivers/iio/trigger/iio-trig-sysfs.c | 2 +- drivers/staging/iio/trigger/iio-trig-bfin-timer.c | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) --- a/drivers/iio/trigger/iio-trig-interrupt.c +++ b/drivers/iio/trigger/iio-trig-interrupt.c @@ -58,7 +58,7 @@ static int iio_interrupt_trigger_probe(s trig_info = kzalloc(sizeof(*trig_info), GFP_KERNEL); if (!trig_info) { ret = -ENOMEM; - goto error_put_trigger; + goto error_free_trigger; } iio_trigger_set_drvdata(trig, trig_info); trig_info->irq = irq; @@ -83,8 +83,8 @@ error_release_irq: free_irq(irq, trig); error_free_trig_info: kfree(trig_info); -error_put_trigger: - iio_trigger_put(trig); +error_free_trigger: + iio_trigger_free(trig); error_ret: return ret; } @@ -99,7 +99,7 @@ static int iio_interrupt_trigger_remove( iio_trigger_unregister(trig); free_irq(trig_info->irq, trig); kfree(trig_info); - iio_trigger_put(trig); + iio_trigger_free(trig); return 0; } --- a/drivers/iio/trigger/iio-trig-sysfs.c +++ b/drivers/iio/trigger/iio-trig-sysfs.c @@ -174,7 +174,7 @@ static int iio_sysfs_trigger_probe(int i return 0; out2: - iio_trigger_put(t->trig); + iio_trigger_free(t->trig); free_t: kfree(t); out1: --- a/drivers/staging/iio/trigger/iio-trig-bfin-timer.c +++ b/drivers/staging/iio/trigger/iio-trig-bfin-timer.c @@ -259,7 +259,7 @@ out_free_irq: out1: iio_trigger_unregister(st->trig); out: - iio_trigger_put(st->trig); + iio_trigger_free(st->trig); return ret; } @@ -272,7 +272,7 @@ static int iio_bfin_tmr_trigger_remove(s peripheral_free(st->t->pin); free_irq(st->irq, st); iio_trigger_unregister(st->trig); - iio_trigger_put(st->trig); + iio_trigger_free(st->trig); return 0; } Patches currently in stable-queue which might be from amsfield22(a)gmail.com are queue-4.4/iio-trigger-free-trigger-resource-correctly.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "IB/ipoib: Change list_del to list_del_init in the tx object" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/ipoib: Change list_del to list_del_init in the tx object to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-ipoib-change-list_del-to-list_del_init-in-the-tx-object.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Feras Daoud <ferasda(a)mellanox.com> Date: Wed, 28 Dec 2016 14:47:28 +0200 Subject: IB/ipoib: Change list_del to list_del_init in the tx object From: Feras Daoud <ferasda(a)mellanox.com> [ Upstream commit 27d41d29c7f093f6f77843624fbb080c1b4a8b9c ] Since ipoib_cm_tx_start function and ipoib_cm_tx_reap function belong to different work queues, they can run in parallel. In this case if ipoib_cm_tx_reap calls list_del and release the lock, ipoib_cm_tx_start may acquire it and call list_del_init on the already deleted object. Changing list_del to list_del_init in ipoib_cm_tx_reap fixes the problem. Fixes: 839fcaba355a ("IPoIB: Connected mode experimental support") Signed-off-by: Feras Daoud <ferasda(a)mellanox.com> Signed-off-by: Erez Shitrit <erezsh(a)mellanox.com> Reviewed-by: Alex Vesker <valex(a)mellanox.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Reviewed-by: Yuval Shaia <yuval.shaia(a)oracle.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c @@ -1373,7 +1373,7 @@ static void ipoib_cm_tx_reap(struct work while (!list_empty(&priv->cm.reap_list)) { p = list_entry(priv->cm.reap_list.next, typeof(*p), list); - list_del(&p->list); + list_del_init(&p->list); spin_unlock_irqrestore(&priv->lock, flags); netif_tx_unlock_bh(dev); ipoib_cm_tx_destroy(p); Patches currently in stable-queue which might be from ferasda(a)mellanox.com are queue-4.4/ib-ipoib-change-list_del-to-list_del_init-in-the-tx-object.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dt-bindings: clockgen: Add compatible string for LS1012A" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dt-bindings: clockgen: Add compatible string for LS1012A to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dt-bindings-clockgen-add-compatible-string-for-ls1012a.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Harninder Rai <harninder.rai(a)nxp.com> Date: Wed, 9 Nov 2016 23:40:53 +0530 Subject: dt-bindings: clockgen: Add compatible string for LS1012A From: Harninder Rai <harninder.rai(a)nxp.com> [ Upstream commit 73447f68d7b2bc1df870da88b0e21d2bc1afc025 ] Signed-off-by: Harninder Rai <harninder.rai(a)nxp.com> Signed-off-by: Bhaskar Upadhaya <Bhaskar.Upadhaya(a)nxp.com> Acked-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/devicetree/bindings/clock/qoriq-clock.txt | 1 + 1 file changed, 1 insertion(+) --- a/Documentation/devicetree/bindings/clock/qoriq-clock.txt +++ b/Documentation/devicetree/bindings/clock/qoriq-clock.txt @@ -31,6 +31,7 @@ Required properties: * "fsl,t4240-clockgen" * "fsl,b4420-clockgen" * "fsl,b4860-clockgen" + * "fsl,ls1012a-clockgen" * "fsl,ls1021a-clockgen" Chassis-version clock strings include: * "fsl,qoriq-clockgen-1.0": for chassis 1.0 clocks Patches currently in stable-queue which might be from harninder.rai(a)nxp.com are queue-4.4/dt-bindings-clockgen-add-compatible-string-for-ls1012a.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dt-bindings-add-lego-mindstorms-ev3-compatible-specification.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: David Lechner <david(a)lechnology.com> Date: Fri, 13 Jan 2017 13:03:40 -0600 Subject: dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification From: David Lechner <david(a)lechnology.com> [ Upstream commit 21078ab174c99885ca83a5c32db0d33b1617745e ] This adds the board level device tree specification for LEGO MINDSTORMS EV3 Acked-by: Rob Herring <robh(a)kernel.org> Signed-off-by: David Lechner <david(a)lechnology.com> Signed-off-by: Sekhar Nori <nsekhar(a)ti.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/devicetree/bindings/arm/davinci.txt | 4 ++++ 1 file changed, 4 insertions(+) --- a/Documentation/devicetree/bindings/arm/davinci.txt +++ b/Documentation/devicetree/bindings/arm/davinci.txt @@ -9,6 +9,10 @@ EnBW AM1808 based CMC board Required root node properties: - compatible = "enbw,cmc", "ti,da850; +LEGO MINDSTORMS EV3 (AM1808 based) +Required root node properties: + - compatible = "lego,ev3", "ti,da850"; + Generic DaVinci Boards ---------------------- Patches currently in stable-queue which might be from david(a)lechnology.com are queue-4.4/dt-bindings-add-lego-mindstorms-ev3-compatible-specification.patch queue-4.4/dt-bindings-add-vendor-prefix-for-lego.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dt-bindings: Add vendor prefix for LEGO" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dt-bindings: Add vendor prefix for LEGO to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dt-bindings-add-vendor-prefix-for-lego.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: David Lechner <david(a)lechnology.com> Date: Fri, 13 Jan 2017 13:03:39 -0600 Subject: dt-bindings: Add vendor prefix for LEGO From: David Lechner <david(a)lechnology.com> [ Upstream commit 7dcc31e2e68a386a29070384b51683ece80982bf ] Add a vendor prefix for LEGO Systems A/S Acked-by: Rob Herring <robh(a)kernel.org> Signed-off-by: David Lechner <david(a)lechnology.com> Signed-off-by: Sekhar Nori <nsekhar(a)ti.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) --- a/Documentation/devicetree/bindings/vendor-prefixes.txt +++ b/Documentation/devicetree/bindings/vendor-prefixes.txt @@ -126,6 +126,7 @@ keymile Keymile GmbH kinetic Kinetic Technologies lacie LaCie lantiq Lantiq Semiconductor +lego LEGO Systems A/S lenovo Lenovo Group Ltd. lg LG Corporation linux Linux-specific binding Patches currently in stable-queue which might be from david(a)lechnology.com are queue-4.4/dt-bindings-add-lego-mindstorms-ev3-compatible-specification.patch queue-4.4/dt-bindings-add-vendor-prefix-for-lego.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm: drm_minor_register(): Clean up debugfs on failure" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm: drm_minor_register(): Clean up debugfs on failure to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-drm_minor_register-clean-up-debugfs-on-failure.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Noralf Trønnes <noralf(a)tronnes.org> Date: Thu, 26 Jan 2017 23:56:04 +0100 Subject: drm: drm_minor_register(): Clean up debugfs on failure From: Noralf Trønnes <noralf(a)tronnes.org> [ Upstream commit a67834f8bfa1e2f48bb27d07b9a552ba7c3af82a ] Call drm_debugfs_cleanup() in case drm_debugfs_init() fails to cover for failure in the drm_driver.debugfs_init callback. Signed-off-by: Noralf TrÃ¸nnes <noralf(a)tronnes.org> Signed-off-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/20170126225621.12314-3-noralf@… Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -312,7 +312,7 @@ static int drm_minor_register(struct drm ret = drm_debugfs_init(minor, minor->index, drm_debugfs_root); if (ret) { DRM_ERROR("DRM: Failed to initialize /sys/kernel/debug/dri.\n"); - return ret; + goto err_debugfs; } ret = device_add(minor->kdev); Patches currently in stable-queue which might be from noralf(a)tronnes.org are queue-4.4/drm-drm_minor_register-clean-up-debugfs-on-failure.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-omap2plus_defconfig-fix-probe-errors-on-uarts-5-and-6.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Tony Lindgren <tony(a)atomide.com> Date: Fri, 20 Jan 2017 12:13:19 -0800 Subject: ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 From: Tony Lindgren <tony(a)atomide.com> [ Upstream commit 4cd6a59f5c1a9b0cca0da09fbba42b9450ffc899 ] We have more than four uarts on some SoCs and that can cause noise with errors while booting. Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/configs/omap2plus_defconfig | 1 + 1 file changed, 1 insertion(+) --- a/arch/arm/configs/omap2plus_defconfig +++ b/arch/arm/configs/omap2plus_defconfig @@ -221,6 +221,7 @@ CONFIG_SERIO=m CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_RUNTIME_UARTS=6 CONFIG_SERIAL_8250_EXTENDED=y CONFIG_SERIAL_8250_MANY_PORTS=y CONFIG_SERIAL_8250_SHARE_IRQ=y Patches currently in stable-queue which might be from tony(a)atomide.com are queue-4.4/arm-omap2plus_defconfig-fix-probe-errors-on-uarts-5-and-6.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: vmx - disable preemption to enable vsx in aes_ctr.c" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: vmx - disable preemption to enable vsx in aes_ctr.c to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-vmx-disable-preemption-to-enable-vsx-in-aes_ctr.c.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Li Zhong <zhong(a)linux.vnet.ibm.com> Date: Fri, 20 Jan 2017 16:35:33 +0800 Subject: crypto: vmx - disable preemption to enable vsx in aes_ctr.c From: Li Zhong <zhong(a)linux.vnet.ibm.com> [ Upstream commit 7dede913fc2ab9c0d3bff3a49e26fa9e858b0c13 ] Some preemptible check warnings were reported from enable_kernel_vsx(). This patch disables preemption in aes_ctr.c before enabling vsx, and they are now consistent with other files in the same directory. Signed-off-by: Li Zhong <zhong(a)linux.vnet.ibm.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/vmx/aes_ctr.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/crypto/vmx/aes_ctr.c +++ b/drivers/crypto/vmx/aes_ctr.c @@ -80,11 +80,13 @@ static int p8_aes_ctr_setkey(struct cryp int ret; struct p8_aes_ctr_ctx *ctx = crypto_tfm_ctx(tfm); + preempt_disable(); pagefault_disable(); enable_kernel_altivec(); enable_kernel_vsx(); ret = aes_p8_set_encrypt_key(key, keylen * 8, &ctx->enc_key); pagefault_enable(); + preempt_enable(); ret += crypto_blkcipher_setkey(ctx->fallback, key, keylen); return ret; @@ -99,11 +101,13 @@ static void p8_aes_ctr_final(struct p8_a u8 *dst = walk->dst.virt.addr; unsigned int nbytes = walk->nbytes; + preempt_disable(); pagefault_disable(); enable_kernel_altivec(); enable_kernel_vsx(); aes_p8_encrypt(ctrblk, keystream, &ctx->enc_key); pagefault_enable(); + preempt_enable(); crypto_xor(keystream, src, nbytes); memcpy(dst, keystream, nbytes); @@ -132,6 +136,7 @@ static int p8_aes_ctr_crypt(struct blkci blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt_block(desc, &walk, AES_BLOCK_SIZE); while ((nbytes = walk.nbytes) >= AES_BLOCK_SIZE) { + preempt_disable(); pagefault_disable(); enable_kernel_altivec(); enable_kernel_vsx(); @@ -143,6 +148,7 @@ static int p8_aes_ctr_crypt(struct blkci &ctx->enc_key, walk.iv); pagefault_enable(); + preempt_enable(); /* We need to update IV mostly for last bytes/round */ inc = (nbytes & AES_BLOCK_MASK) / AES_BLOCK_SIZE; Patches currently in stable-queue which might be from zhong(a)linux.vnet.ibm.com are queue-4.4/crypto-vmx-disable-preemption-to-enable-vsx-in-aes_ctr.c.patch queue-4.4/kvm-ppc-book-3s-xics-correct-the-real-mode-icp-rejecting-counter.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ARM: dts: imx53-qsb-common: fix FEC pinmux config" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: imx53-qsb-common: fix FEC pinmux config to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-imx53-qsb-common-fix-fec-pinmux-config.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Patrick Bruenn <p.bruenn(a)beckhoff.com> Date: Wed, 25 Jan 2017 06:25:48 +0100 Subject: ARM: dts: imx53-qsb-common: fix FEC pinmux config From: Patrick Bruenn <p.bruenn(a)beckhoff.com> [ Upstream commit 8b649e426336d7d4800ff9c82858328f4215ba01 ] The pinmux configuration in device tree was different from manual muxing in <u-boot>/board/freescale/mx53loco/mx53loco.c All pins were configured as NO_PAD_CTL(1 << 31), which was fine as the bootloader already did the correct pinmuxing for us. But recently u-boot is migrating to reuse device tree files from the kernel tree, so it seems to be better to have the correct pinmuxing in our files, too. Signed-off-by: Patrick Bruenn <p.bruenn(a)beckhoff.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/imx53-qsb-common.dtsi | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- a/arch/arm/boot/dts/imx53-qsb-common.dtsi +++ b/arch/arm/boot/dts/imx53-qsb-common.dtsi @@ -215,16 +215,16 @@ pinctrl_fec: fecgrp { fsl,pins = < - MX53_PAD_FEC_MDC__FEC_MDC 0x80000000 - MX53_PAD_FEC_MDIO__FEC_MDIO 0x80000000 - MX53_PAD_FEC_REF_CLK__FEC_TX_CLK 0x80000000 - MX53_PAD_FEC_RX_ER__FEC_RX_ER 0x80000000 - MX53_PAD_FEC_CRS_DV__FEC_RX_DV 0x80000000 - MX53_PAD_FEC_RXD1__FEC_RDATA_1 0x80000000 - MX53_PAD_FEC_RXD0__FEC_RDATA_0 0x80000000 - MX53_PAD_FEC_TX_EN__FEC_TX_EN 0x80000000 - MX53_PAD_FEC_TXD1__FEC_TDATA_1 0x80000000 - MX53_PAD_FEC_TXD0__FEC_TDATA_0 0x80000000 + MX53_PAD_FEC_MDC__FEC_MDC 0x4 + MX53_PAD_FEC_MDIO__FEC_MDIO 0x1fc + MX53_PAD_FEC_REF_CLK__FEC_TX_CLK 0x180 + MX53_PAD_FEC_RX_ER__FEC_RX_ER 0x180 + MX53_PAD_FEC_CRS_DV__FEC_RX_DV 0x180 + MX53_PAD_FEC_RXD1__FEC_RDATA_1 0x180 + MX53_PAD_FEC_RXD0__FEC_RDATA_0 0x180 + MX53_PAD_FEC_TX_EN__FEC_TX_EN 0x4 + MX53_PAD_FEC_TXD1__FEC_TDATA_1 0x4 + MX53_PAD_FEC_TXD0__FEC_TDATA_0 0x4 >; }; Patches currently in stable-queue which might be from p.bruenn(a)beckhoff.com are queue-4.4/arm-dts-imx53-qsb-common-fix-fec-pinmux-config.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "[media] adv7604: Initialize drive strength to default when using DT" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [media] adv7604: Initialize drive strength to default when using DT to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: adv7604-initialize-drive-strength-to-default-when-using-dt.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Lars-Peter Clausen <lars(a)metafoo.de> Date: Tue, 29 Nov 2016 09:23:48 -0200 Subject: [media] adv7604: Initialize drive strength to default when using DT From: Lars-Peter Clausen <lars(a)metafoo.de> [ Upstream commit da8892d410db224d9a24104529794e6e37e0c100 ] The adv7604 driver platform data contains fields for configuring the drive strength of the output pins. When probing the driver through DT these fields are not explicitly initialized, which means they are left at 0. This is a reserved setting for the drive strength configuration though and can cause signal integrity issues. Whether these signal integrity issues are visible depends on the PCB specifics (e.g. the higher the load capacitance for the output the more visible the issue). But it has been observed on existing solutions at high pixel clock rates. Initialize the drive strength settings to the power-on-reset value of the device when probing through devicetree to avoid this issue. Fixes: 0e158be0162b ("adv7604: Add DT support") Signed-off-by: Lars-Peter Clausen <lars(a)metafoo.de> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Tested-by: Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/i2c/adv7604.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/media/i2c/adv7604.c +++ b/drivers/media/i2c/adv7604.c @@ -2856,6 +2856,9 @@ static int adv76xx_parse_dt(struct adv76 state->pdata.alt_data_sat = 1; state->pdata.op_format_mode_sel = ADV7604_OP_FORMAT_MODE0; state->pdata.bus_order = ADV7604_BUS_ORDER_RGB; + state->pdata.dr_str_data = ADV76XX_DR_STR_MEDIUM_HIGH; + state->pdata.dr_str_clk = ADV76XX_DR_STR_MEDIUM_HIGH; + state->pdata.dr_str_sync = ADV76XX_DR_STR_MEDIUM_HIGH; return 0; } Patches currently in stable-queue which might be from lars(a)metafoo.de are queue-4.4/adv7604-initialize-drive-strength-to-default-when-using-dt.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 3.18

by Levin, Alexander (Sasha Levin)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 943dc0b3ef9f0168494d6dca305cd0cf53a0b3d4: Linux 3.18.80 (2017-11-08 10:03:50 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git for-greg-3.18-2 for you to fetch changes up to dc9288cdd7a681a1eeaa03054be6a098925f06db: IB/ipoib: Change list_del to list_del_init in the tx object (2017-11-08 15:41:33 -0500) - ---------------------------------------------------------------- Akinobu Mita (2): Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability Alison Schofield (1): iio: trigger: free trigger resource correctly David Lechner (2): dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO Feras Daoud (1): IB/ipoib: Change list_del to list_del_init in the tx object Gilad Ben-Yossef (1): IPsec: do not ignore crypto err in ah4 input Juergen Gross (1): xen/netback: set default upper limit of tx/rx queues to 8 Laurent Pinchart (1): serial: sh-sci: Fix register offsets for the IRDA serial port Maciej W. Rozycki (1): video: fbdev: pmag-ba-fb: Remove bad `__init' annotation Noralf TrÃ¸nnes (1): drm: drm_minor_register(): Clean up debugfs on failure Patrick Bruenn (1): ARM: dts: imx53-qsb-common: fix FEC pinmux config Tony Lindgren (1): ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 Volodymyr Bendiuga (1): phy: increase size of MII_BUS_ID_SIZE and bus_id William wu (1): usb: hcd: initialize hcd->flags to 0 when rm hcd Documentation/devicetree/bindings/arm/davinci.txt | 4 ++++ .../devicetree/bindings/vendor-prefixes.txt | 1 + arch/arm/boot/dts/imx53-qsb-common.dtsi | 20 +++++++++--------- arch/arm/configs/omap2plus_defconfig | 1 + arch/sh/kernel/cpu/sh3/setup-sh770x.c | 1 - drivers/gpu/drm/drm_drv.c | 2 +- drivers/iio/trigger/iio-trig-interrupt.c | 8 ++++---- drivers/iio/trigger/iio-trig-sysfs.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +- drivers/input/keyboard/mpr121_touchkey.c | 24 ++++++++++++++-------- drivers/net/xen-netback/netback.c | 6 ++++-- drivers/staging/iio/trigger/iio-trig-bfin-timer.c | 4 ++-- drivers/tty/serial/sh-sci.c | 17 ++++++++------- drivers/usb/core/hcd.c | 1 + drivers/video/fbdev/pmag-ba-fb.c | 2 +- include/linux/phy.h | 8 ++------ net/ipv4/ah4.c | 3 +++ 17 files changed, 59 insertions(+), 47 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaA2z7AAoJEN6mb/eXdyzcY/8QAJupw2qifHueOo1aV55oBhVU bdaPFKjx/qDW9h+K3lbAIESv9LO2tnrWGyWwEr+WnALF8v34h4z5SyvlH1IbiANz FFS66JijtewDecrGd1jSDFsA31Fb/Fy42vHQIYMxiZFETByr3U4NlDS1zkzvp/IH tF1hVu9pMZXWhRLi1h1YxZe97ZU9Ryj+euMGAQW/PZsn3ZNu3YzOi8GqfHgXeCZE YmsKGU9brevJPJFbm2hBrxCfiRmtUgzb4eb914Mf0zm1B0HOmr3vKtsW/6QvDAYE rGrVXpUMyfoP80WJH9Mxw5qLeKnpSi6o5jdzXf3arzt5JJIyj8XL5X/C6IuoxTNx LbCFfJpW4Qyf+yIW01eM7f3zSlimTyLtih7cwMTGNge0LcAnFcrL+MC+s36tOpvG UH+HxDwzG+7dqnfTb/5ypbsZI6srgyb5PbxEuFzG/YM2/Es1QfWS9zPOzdaPE+Xn WzjU+CbIrSoiJc5qi/61nlhBVK+aNSIIyuNCGjY3FQV4OTYAAKWpezZa0uMFZS5r L3GCaYqZr551Z8uTOm0a4tiZ+1jZPlZ1Tv8YUGr0MqrcR2B0DIIxAeNgOnd8M2op acJkngJiYGrNGp3ZznZvv9ZMPPktRysVwN8u5s/SQvjDlYzCZhAPvnEsRezWLzuk 2/NLxsxp8qRMMK6d8LVh =kzGq -----END PGP SIGNATURE-----

7 years, 10 months

2
1
0 0

Re: [Linux-stable-mirror] [PATCH] HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection

by Jason Gerecke

On Thu, Oct 19, 2017 at 1:22 AM, Jiri Kosina <jikos(a)kernel.org> wrote: > On Wed, 18 Oct 2017, Jason Gerecke wrote: > >> The WACOM_PEN_FIELD macro is used to determine if a given HID field should be >> associated with pen input. This field includes several known collection types >> that Wacom pen data is contained in, but the WACOM_HID_WD_PEN application >> collection type is notably missing. This can result in fields within this >> kind of collection being completely ignored by the `wacom_usage_mapping` >> function, preventing the later '*_event' functions from being notified about >> changes to their value. >> >> Fixes: c9c095874a ("HID: wacom: generic: Support and use 'Custom HID' mode and usages") >> Fixes: ac2423c975 ("HID: wacom: generic: add vendor defined touch") >> Cc: stable(a)vger.kernel.org >> Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> > > Applied to for-4.14/upstream-fixes > > -- > Jiri Kosina > SUSE Labs > Was this branch ever sent to Linus? I don't see any mention of it (or this patch) in the 4.14-rc8 history... Jason --- Now instead of four in the eights place / you’ve got three, ‘Cause you added one / (That is to say, eight) to the two, / But you can’t take seven from three, / So you look at the sixty-fours....

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH AUTOSEL for-4.4 01/39] extcon: palmas: Check the parent instance to prevent the NULL

by Levin, Alexander (Sasha Levin)

From: Roger Quadros <rogerq(a)ti.com> [ Upstream commit 9fe172b9be532acc23e35ba693700383ab775e66 ] extcon-palmas must be child of palmas and expects parent's drvdata to be valid. Check for non NULL parent drvdata and fail if it is NULL. Not doing so will result in a NULL pointer dereference later in the probe() parent drvdata is NULL (e.g. misplaced extcon-palmas node in device tree). Signed-off-by: Roger Quadros <rogerq(a)ti.com> Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> --- drivers/extcon/extcon-palmas.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/extcon/extcon-palmas.c b/drivers/extcon/extcon-palmas.c index 93c30a885740..aa2f6bb82b32 100644 --- a/drivers/extcon/extcon-palmas.c +++ b/drivers/extcon/extcon-palmas.c @@ -190,6 +190,11 @@ static int palmas_usb_probe(struct platform_device *pdev) struct palmas_usb *palmas_usb; int status; + if (!palmas) { + dev_err(&pdev->dev, "failed to get valid parent\n"); + return -EINVAL; + } + palmas_usb = devm_kzalloc(&pdev->dev, sizeof(*palmas_usb), GFP_KERNEL); if (!palmas_usb) return -ENOMEM; -- 2.11.0

7 years, 10 months

2
40
0 0

[Linux-stable-mirror] [PATCH] usb: f_fs: Drop check on Reserved1 field on OS_DESC_EXT_COMPAT

by John Keeping

This check has gone through several incompatible variations in commits 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of OS_DESC_EXT_COMPAT"), 354bc45bf329 ("usb: gadget: f_fs: Fix ExtCompat descriptor validation") and 3ba534df815f ("Revert "usb: gadget: f_fs: Fix ExtCompat descriptor validation"") after initially being introduced in commit f0175ab51993 ("usb: gadget: f_fs: OS descriptors support"). The various changes make it impossible for a single userspace implementation to work with different kernel versions, so let's just drop the condition to avoid breaking userspace. Fixes: 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of OS_DESC_EXT_COMPAT") Cc: stable(a)vger.kernel.org # v4.7+ Signed-off-by: John Keeping <john(a)metanate.com> --- drivers/usb/gadget/function/f_fs.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 652397eda6d6..0d9962834345 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -2282,8 +2282,7 @@ static int __ffs_data_do_os_desc(enum ffs_os_desc_type type, int i; if (len < sizeof(*d) || - d->bFirstInterfaceNumber >= ffs->interfaces_count || - !d->Reserved1) + d->bFirstInterfaceNumber >= ffs->interfaces_count) return -EINVAL; for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i) if (d->Reserved2[i]) -- 2.15.0

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH v2 1/6] drm/i915: Update watermark state correctly in sanitize_watermarks

by Maarten Lankhorst

We no longer use intel_crtc->wm.active for watermarks any more, which was incorrect. But this uncovered a bug in sanitize_watermarks(), which meant that we wrote the correct watermarks, but the next update would still use the wrong hw watermarks for calculating. This caused all further updates to fail with -EINVAL and the log would reveal an error like the one below: [ 10.043902] [drm:ilk_validate_wm_level.part.8 [i915]] Sprite WM0 too large 56 (max 0) [ 10.043960] [drm:ilk_validate_pipe_wm [i915]] LP0 watermark invalid [ 10.044030] [drm:intel_crtc_atomic_check [i915]] No valid intermediate pipe watermarks are possible Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: b6b178a77210 ("drm/i915: Calculate ironlake intermediate watermarks correctly, v2.") Cc: stable(a)vger.kernel.org #v4.8+ --- drivers/gpu/drm/i915/intel_display.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 84817ccc5305..17665ee06c9a 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -14442,6 +14442,8 @@ static void sanitize_watermarks(struct drm_device *dev) cs->wm.need_postvbl_update = true; dev_priv->display.optimize_watermarks(intel_state, cs); + + to_intel_crtc_state(crtc->state)->wm = cs->wm; } put_state: -- 2.15.0

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] Patch "ASoC: sunxi: Add bindings for sun8i to SPDIF" has been added to the 4.9-stable tree

by Levin, Alexander (Sasha Levin)

On Thu, Nov 09, 2017 at 11:07:44AM +0000, Mark Brown wrote: >On Thu, Nov 09, 2017 at 10:09:10AM +0100, gregkh(a)linuxfoundation.org wrote: > >> This is a note to let you know that I've just added the patch titled >> >> ASoC: sunxi: Add bindings for sun8i to SPDIF > >> The H3 SoC uses the same SPDIF block as found in earlier SoCs, but the >> transmit fifo is at a different address. > >This doesn't seem like a good idea - note how the changelog says that >the transmit FIFO is at a different address, I'd expect this means that >people won't be able to use the new compatible without a corresponding >code change. Interesting. I keep trying to automate DT patch selection to deal with issues as this, but it seems like there is always something... I agree with Mark. I think it would make sense to pick 1bd92af877 as well to deal with this issue. -- Thanks, Sasha

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 3.16 000/294] 3.16.50-rc1 review

by Guenter Roeck

On Thu, Nov 09, 2017 at 12:40:36PM +0000, Ben Hutchings wrote: > On Thu, 2017-11-09 at 13:21 +0100, Arnd Bergmann wrote: > > On Thu, Nov 9, 2017 at 1:08 PM, Greg KH <greg(a)kroah.com> wrote: > > > On Thu, Nov 09, 2017 at 12:55:30PM +0100, Arnd Bergmann wrote: > [...] > > > > I think if you upload the branch to the stable-rc git, that should produce > > > > the automated build and boot results via email or via the > > > > https://kernelci.org/job/ interface. Once there are some results > > > > there, I'll go through the list once more to see what warnings > > > > and failures remain. > > > > > > I don't know of a way to have others push to that tree/branch at the > > > moment :( > > > > > > I'll go update that branch now... > > > > Thanks! > > > > With the arm-soc tree, we simply have a shared group-id on > > gitolite.kernel.org and everyone in that group can push to it. > > > > If that is the only thing you need, it should be trivial to let Ben > > and Sasha push to /pub/scm/linux/kernel/git/stable/*.git as well, > > I'm sure helpdesk(a)kernel.org can arrange that. Of course if you are > > worried about having multiple accounts with write access to all the > > branches, then that wouldn't be enough. > > I think I'd rather send a pull request to Greg at the start of the > review period. > If you change the trees I am supposed to pull from for my builders, please let me know. Guenter

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH] drm/fsl-dcu: set DPMS off before initializing connector

by Stefan Agner

Since commit 4a97a3da420b ("drm: Don't update property values for atomic drivers") atomic drivers must not update property values as properties are read from the state instead. To catch remaining users, the drm_object_property_set_value() function now throws a warning when called by atomic drivers on non-immutable properties, and we hit that warning when creating connectors. The easy fix is to just remove the drm_object_property_set_value() as it is used here to set the initial value of the connector's DPMS property to OFF. The DPMS property applies on top of the connector's state crtc pointer (initialized to NULL) that is the main connector on/off control, and should thus default to ON. Fixes: 4a97a3da420b ("drm: Don't update property values for atomic drivers") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c index edd7d8127d19..c54806d08dd7 100644 --- a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c +++ b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c @@ -102,7 +102,6 @@ static int fsl_dcu_attach_panel(struct fsl_dcu_drm_device *fsl_dev, { struct drm_encoder *encoder = &fsl_dev->encoder; struct drm_connector *connector = &fsl_dev->connector.base; - struct drm_mode_config *mode_config = &fsl_dev->drm->mode_config; int ret; fsl_dev->connector.encoder = encoder; @@ -122,10 +121,6 @@ static int fsl_dcu_attach_panel(struct fsl_dcu_drm_device *fsl_dev, if (ret < 0) goto err_sysfs; - drm_object_property_set_value(&connector->base, - mode_config->dpms_property, - DRM_MODE_DPMS_OFF); - ret = drm_panel_attach(panel, connector); if (ret) { dev_err(fsl_dev->dev, "failed to attach panel\n"); -- 2.14.2

7 years, 10 months

2
2
0 0

[Linux-stable-mirror] patch "USB: usbfs: compute urb->actual_length for isochronous" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbfs: compute urb->actual_length for isochronous to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 2ef47001b3ee3ded579b7532ebdcf8680e4d8c54 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Wed, 8 Nov 2017 12:23:17 -0500 Subject: USB: usbfs: compute urb->actual_length for isochronous The USB kerneldoc says that the actual_length field "is read in non-iso completion functions", but the usbfs driver uses it for all URB types in processcompl(). Since not all of the host controller drivers set actual_length for isochronous URBs, programs using usbfs with some host controllers don't work properly. For example, Minas reports that a USB camera controlled by libusb doesn't work properly with a dwc2 controller. It doesn't seem worthwhile to change the HCDs and the documentation, since the in-kernel USB class drivers evidently don't rely on actual_length for isochronous transfers. The easiest solution is for usbfs to calculate the actual_length value for itself, by adding up the lengths of the individual packets in an isochronous transfer. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> CC: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Reported-and-tested-by: wlf <wulf(a)rock-chips.com> CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index c3aaafc25a04..2edb4e7b2ab8 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1820,6 +1820,18 @@ static int proc_unlinkurb(struct usb_dev_state *ps, void __user *arg) return 0; } +static void compute_isochronous_actual_length(struct urb *urb) +{ + unsigned int i; + + if (urb->number_of_packets > 0) { + urb->actual_length = 0; + for (i = 0; i < urb->number_of_packets; i++) + urb->actual_length += + urb->iso_frame_desc[i].actual_length; + } +} + static int processcompl(struct async *as, void __user * __user *arg) { struct urb *urb = as->urb; @@ -1827,6 +1839,7 @@ static int processcompl(struct async *as, void __user * __user *arg) void __user *addr = as->userurb; unsigned int i; + compute_isochronous_actual_length(urb); if (as->userbuffer && urb->actual_length) { if (copy_urb_data_to_user(as->userbuffer, urb)) goto err_out; @@ -1995,6 +2008,7 @@ static int processcompl_compat(struct async *as, void __user * __user *arg) void __user *addr = as->userurb; unsigned int i; + compute_isochronous_actual_length(urb); if (as->userbuffer && urb->actual_length) { if (copy_urb_data_to_user(as->userbuffer, urb)) return -EFAULT; -- 2.15.0

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] v4.1.46 build: 0 failures 33 warnings (v4.1.46)

by Build bot for Mark Brown

Tree/Branch: v4.1.46 Git describe: v4.1.46 Commit: 200d858d94 Linux 4.1.46 Build Time: 60 min 3 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 33 Section Mismatches: 1 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 22 warnings 3 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 23 warnings 0 mismatches : arm-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 6 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 33 8 ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast 5 ../include/linux/blkdev.h:624:26: warning: switch condition has boolean value [-Wswitch-bool] 2 ../sound/pci/oxygen/oxygen_mixer.c:91:43: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] 2 ../include/linux/ftrace.h:671:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] 2 ../drivers/scsi/qla2xxx/qla_target.c:3086:6: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type 'uint32_t {aka unsigned int}' [-Wformat=] 2 ../drivers/scsi/qla2xxx/qla_target.c:3083:17: warning: unused variable 'se_cmd' [-Wunused-variable] 2 ../drivers/scsi/ips.c:210:2: warning: #warning "This driver has only been tested on the x86/ia64/x86_64 platforms" [-Wcpp] 2 ../drivers/scsi/be2iscsi/be_main.c:3168:18: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] 2 ../drivers/media/platform/s3c-camif/camif-capture.c:134:10: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] 2 ../drivers/media/platform/s3c-camif/camif-capture.c:118:10: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] 2 ../drivers/ata/pata_hpt366.c:382:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] 2 ../drivers/ata/pata_hpt366.c:379:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] 2 ../drivers/ata/pata_hpt366.c:376:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] 1 ../include/trace/ftrace.h:28:0: warning: "TRACE_SYSTEM_STRING" redefined 1 ../drivers/usb/renesas_usbhs/common.c:492:25: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 1 ../drivers/rtc/rtc-pcf8563.c:444:5: warning: 'alm_pending' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/rtc/rtc-armada38x.c:91:22: warning: unused variable 'flags' [-Wunused-variable] 1 ../drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c:1478:8: warning: 'skb' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/net/ethernet/dec/tulip/winbond-840.c:910:2: warning: #warning Processor architecture undefined [-Wcpp] 1 ../drivers/net/ethernet/dec/tulip/tulip_core.c:101:2: warning: #warning Processor architecture undefined! [-Wcpp] 1 ../drivers/mmc/host/sh_mmcif.c:402:4: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 1 ../drivers/mmc/host/sh_mmcif.c:401:4: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 1 ../drivers/media/platform/coda/./trace.h:12:0: warning: "TRACE_SYSTEM_STRING" redefined 1 ../drivers/iommu/intel-iommu.c:3798:5: warning: suggest explicit braces to avoid ambiguous 'else' [-Wparentheses] 1 ../drivers/iommu/dmar.c:1849:5: warning: suggest explicit braces to avoid ambiguous 'else' [-Wparentheses] 1 ../drivers/infiniband/hw/qib/qib_qp.c:44:0: warning: "BITS_PER_PAGE" redefined 1 ../drivers/infiniband/hw/cxgb4/mem.c:147:20: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 1 ../drivers/hid/hid-input.c:1163:67: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] 1 ../drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm204.c:975:1: warning: the frame size of 1192 bytes is larger than 1024 bytes [-Wframe-larger-than=] 1 ../drivers/gpio/gpio-74xx-mmio.c:132:16: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 1 ../arch/x86/include/asm/msr.h:209:23: warning: right shift count >= width of type [-Wshift-count-overflow] 1 ../arch/arm/mach-cns3xxx/pcie.c:266:1: warning: the frame size of 1088 bytes is larger than 1024 bytes [-Wframe-larger-than=] 1 ../arch/arm/include/asm/cmpxchg.h:205:3: warning: value computed is not used [-Wunused-value] Section Mismatch Summary: 1 3 WARNING: drivers/staging/fsl-mc/bus/mc-bus-driver.o(.init.text+0x168): Section mismatch in reference from the function init_module() to the function .exit.text:dprc_driver_exit() =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 22 warnings, 3 section mismatches Warnings: ../drivers/ata/pata_hpt366.c:376:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] ../drivers/ata/pata_hpt366.c:379:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] ../drivers/ata/pata_hpt366.c:382:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] ../sound/pci/oxygen/oxygen_mixer.c:91:43: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/gpio/gpio-74xx-mmio.c:132:16: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] ../drivers/infiniband/hw/qib/qib_qp.c:44:0: warning: "BITS_PER_PAGE" redefined ../drivers/mmc/host/sh_mmcif.c:401:4: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] ../drivers/mmc/host/sh_mmcif.c:402:4: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] ../include/linux/blkdev.h:624:26: warning: switch condition has boolean value [-Wswitch-bool] ../drivers/net/ethernet/dec/tulip/winbond-840.c:910:2: warning: #warning Processor architecture undefined [-Wcpp] ../drivers/net/ethernet/dec/tulip/tulip_core.c:101:2: warning: #warning Processor architecture undefined! [-Wcpp] ../drivers/media/platform/s3c-camif/camif-capture.c:118:10: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/media/platform/s3c-camif/camif-capture.c:134:10: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/scsi/be2iscsi/be_main.c:3168:18: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/scsi/qla2xxx/qla_target.c:3086:6: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type 'uint32_t {aka unsigned int}' [-Wformat=] ../drivers/scsi/qla2xxx/qla_target.c:3083:17: warning: unused variable 'se_cmd' [-Wunused-variable] ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../drivers/scsi/ips.c:210:2: warning: #warning "This driver has only been tested on the x86/ia64/x86_64 platforms" [-Wcpp] ../drivers/usb/renesas_usbhs/common.c:492:25: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] Section Mismatches: WARNING: drivers/staging/fsl-mc/bus/mc-bus-driver.o(.init.text+0x168): Section mismatch in reference from the function init_module() to the function .exit.text:dprc_driver_exit() WARNING: drivers/staging/fsl-mc/bus/mc-bus-driver.o(.init.text+0x168): Section mismatch in reference from the function init_module() to the function .exit.text:dprc_driver_exit() WARNING: drivers/staging/fsl-mc/bus/mc-bus-driver.o(.init.text+0x168): Section mismatch in reference from the function init_module() to the function .exit.text:dprc_driver_exit() ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/blkdev.h:624:26: warning: switch condition has boolean value [-Wswitch-bool] ../drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c:1478:8: warning: 'skb' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 23 warnings, 0 section mismatches Warnings: ../arch/arm/mach-cns3xxx/pcie.c:266:1: warning: the frame size of 1088 bytes is larger than 1024 bytes [-Wframe-larger-than=] ../arch/arm/include/asm/cmpxchg.h:205:3: warning: value computed is not used [-Wunused-value] ../drivers/ata/pata_hpt366.c:376:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] ../drivers/ata/pata_hpt366.c:379:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] ../drivers/ata/pata_hpt366.c:382:9: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] ../include/linux/blkdev.h:624:26: warning: switch condition has boolean value [-Wswitch-bool] ../sound/pci/oxygen/oxygen_mixer.c:91:43: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/gpu/drm/nouveau/nvkm/engine/gr/ctxgm204.c:975:1: warning: the frame size of 1192 bytes is larger than 1024 bytes [-Wframe-larger-than=] ../drivers/infiniband/hw/cxgb4/mem.c:147:20: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] ../include/linux/blkdev.h:624:26: warning: switch condition has boolean value [-Wswitch-bool] ../include/trace/ftrace.h:28:0: warning: "TRACE_SYSTEM_STRING" redefined ../drivers/media/platform/coda/./trace.h:12:0: warning: "TRACE_SYSTEM_STRING" redefined ../drivers/media/platform/s3c-camif/camif-capture.c:118:10: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/media/platform/s3c-camif/camif-capture.c:134:10: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/rtc/rtc-armada38x.c:91:22: warning: unused variable 'flags' [-Wunused-variable] ../drivers/scsi/be2iscsi/be_main.c:3168:18: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/scsi/qla2xxx/qla_target.c:3086:6: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type 'uint32_t {aka unsigned int}' [-Wformat=] ../drivers/scsi/qla2xxx/qla_target.c:3083:17: warning: unused variable 'se_cmd' [-Wunused-variable] ../drivers/scsi/ips.c:210:2: warning: #warning "This driver has only been tested on the x86/ia64/x86_64 platforms" [-Wcpp] ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ../include/linux/kernel.h:723:17: warning: comparison of distinct pointer types lacks a cast ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/blkdev.h:624:26: warning: switch condition has boolean value [-Wswitch-bool] ../drivers/rtc/rtc-pcf8563.c:444:5: warning: 'alm_pending' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:671:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:671:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../arch/x86/include/asm/msr.h:209:23: warning: right shift count >= width of type [-Wshift-count-overflow] ../drivers/hid/hid-input.c:1163:67: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] ../drivers/iommu/dmar.c:1849:5: warning: suggest explicit braces to avoid ambiguous 'else' [-Wparentheses] ../drivers/iommu/intel-iommu.c:3798:5: warning: suggest explicit braces to avoid ambiguous 'else' [-Wparentheses] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm64-allnoconfig arm-allnoconfig arm64-defconfig

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 3.16 000/294] 3.16.50-rc1 review

by Arnd Bergmann

On Tue, Nov 7, 2017 at 12:02 AM, Ben Hutchings <ben(a)decadent.org.uk> wrote: > This is the start of the stable review cycle for the 3.16.50 release. > There are 294 patches in this series, which will be posted as responses > to this one. If anyone has any issues with these being applied, please > let me know. > > Responses should be made by Fri Nov 08 18:00:00 UTC 2017. > Anything received after that time might be too late. > > A combined patch relative to 3.16.49 will be posted as an additional > response to this. A shortlog and diffstat can be found below. I haven'tr tried building the proposed patches so far, as I was waiting for the kernelci builds. However, I see that the stable-rc/linux-3.16.y doesn't have the current set, it still points to the old 3.16.35 release from last year. I think if you upload the branch to the stable-rc git, that should produce the automated build and boot results via email or via the https://kernelci.org/job/ interface. Once there are some results there, I'll go through the list once more to see what warnings and failures remain. I'm not in a hurry to fix the old warnings, and can do that pass after the 3.16 release is out on git and in kernelci, but it would help to see if the bots has caught any regressions. Arnd

7 years, 10 months

2
2
0 0

[Linux-stable-mirror] patch "USB: usbfs: compute urb->actual_length for isochronous" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbfs: compute urb->actual_length for isochronous to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 2ef47001b3ee3ded579b7532ebdcf8680e4d8c54 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Wed, 8 Nov 2017 12:23:17 -0500 Subject: USB: usbfs: compute urb->actual_length for isochronous The USB kerneldoc says that the actual_length field "is read in non-iso completion functions", but the usbfs driver uses it for all URB types in processcompl(). Since not all of the host controller drivers set actual_length for isochronous URBs, programs using usbfs with some host controllers don't work properly. For example, Minas reports that a USB camera controlled by libusb doesn't work properly with a dwc2 controller. It doesn't seem worthwhile to change the HCDs and the documentation, since the in-kernel USB class drivers evidently don't rely on actual_length for isochronous transfers. The easiest solution is for usbfs to calculate the actual_length value for itself, by adding up the lengths of the individual packets in an isochronous transfer. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> CC: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Reported-and-tested-by: wlf <wulf(a)rock-chips.com> CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index c3aaafc25a04..2edb4e7b2ab8 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1820,6 +1820,18 @@ static int proc_unlinkurb(struct usb_dev_state *ps, void __user *arg) return 0; } +static void compute_isochronous_actual_length(struct urb *urb) +{ + unsigned int i; + + if (urb->number_of_packets > 0) { + urb->actual_length = 0; + for (i = 0; i < urb->number_of_packets; i++) + urb->actual_length += + urb->iso_frame_desc[i].actual_length; + } +} + static int processcompl(struct async *as, void __user * __user *arg) { struct urb *urb = as->urb; @@ -1827,6 +1839,7 @@ static int processcompl(struct async *as, void __user * __user *arg) void __user *addr = as->userurb; unsigned int i; + compute_isochronous_actual_length(urb); if (as->userbuffer && urb->actual_length) { if (copy_urb_data_to_user(as->userbuffer, urb)) goto err_out; @@ -1995,6 +2008,7 @@ static int processcompl_compat(struct async *as, void __user * __user *arg) void __user *addr = as->userurb; unsigned int i; + compute_isochronous_actual_length(urb); if (as->userbuffer && urb->actual_length) { if (copy_urb_data_to_user(as->userbuffer, urb)) return -EFAULT; -- 2.15.0

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] test

by Benjamin Copeland

test

7 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 1/1] ovl: Put upperdentry if ovl_check_origin() fails

by Vivek Goyal

On Wed, Nov 01, 2017 at 03:37:22PM -0400, Vivek Goyal wrote: > If ovl_check_origin() fails, we should put upperdentry. We have a reference > on it by now. So goto out_put_upper instead of out. > > Fixes: a9d019573e88 ("ovl: lookup non-dir copy-up-origin by file handle") > Cc: <stable(a)vger.kernel.org> #4.12 > Signed-off-by: Vivek Goyal <vgoyal(a)redhat.com> Hi Amir, Miklos, Does this patch look fine? I think its a simple bug fix and should go in 4.15. Vivek > --- > fs/overlayfs/namei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c > index a12dc10bf726..bc6d5c5a3443 100644 > --- a/fs/overlayfs/namei.c > +++ b/fs/overlayfs/namei.c > @@ -630,7 +630,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, > err = ovl_check_origin(upperdentry, roe->lowerstack, > roe->numlower, &stack, &ctr); > if (err) > - goto out; > + goto out_put_upper; > } > > if (d.redirect) { > -- > 2.13.6 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in > the body of a message to majordomo(a)vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html

7 years, 10 months

3
2
0 0

[Linux-stable-mirror] Patch "xen/netback: set default upper limit of tx/rx queues to 8" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/netback: set default upper limit of tx/rx queues to 8 to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Juergen Gross <jgross(a)suse.com> Date: Tue, 10 Jan 2017 14:32:52 +0100 Subject: xen/netback: set default upper limit of tx/rx queues to 8 From: Juergen Gross <jgross(a)suse.com> [ Upstream commit 56dd5af9bc23d0d5d23bb207c477715b4c2216c5 ] The default for the maximum number of tx/rx queues of one interface is the number of cpus of the system today. As each queue pair reserves 512 grant pages this default consumes a ridiculous number of grants for large guests. Limit the queue number to 8 as default. This value can be modified via a module parameter if required. Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netback/netback.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c @@ -67,6 +67,7 @@ module_param(rx_drain_timeout_msecs, uin unsigned int rx_stall_timeout_msecs = 60000; module_param(rx_stall_timeout_msecs, uint, 0444); +#define MAX_QUEUES_DEFAULT 8 unsigned int xenvif_max_queues; module_param_named(max_queues, xenvif_max_queues, uint, 0644); MODULE_PARM_DESC(max_queues, @@ -2189,11 +2190,12 @@ static int __init netback_init(void) if (!xen_domain()) return -ENODEV; - /* Allow as many queues as there are CPUs if user has not + /* Allow as many queues as there are CPUs but max. 8 if user has not * specified a value. */ if (xenvif_max_queues == 0) - xenvif_max_queues = num_online_cpus(); + xenvif_max_queues = min_t(unsigned int, MAX_QUEUES_DEFAULT, + num_online_cpus()); if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", Patches currently in stable-queue which might be from jgross(a)suse.com are queue-3.18/xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "video: fbdev: pmag-ba-fb: Remove bad `__init' annotation" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled video: fbdev: pmag-ba-fb: Remove bad `__init' annotation to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: video-fbdev-pmag-ba-fb-remove-bad-__init-annotation.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Mon, 30 Jan 2017 17:39:48 +0100 Subject: video: fbdev: pmag-ba-fb: Remove bad `__init' annotation From: "Maciej W. Rozycki" <macro(a)linux-mips.org> [ Upstream commit 879e5a0df626f39cbb3c61bb90373e56d67012c4 ] Fix: WARNING: drivers/video/fbdev/pmag-ba-fb.o(.text+0x308): Section mismatch in reference from the function pmagbafb_probe() to the function .init.text:pmagbafb_erase_cursor() The function pmagbafb_probe() references the function __init pmagbafb_erase_cursor(). This is often because pmagbafb_probe lacks a __init annotation or the annotation of pmagbafb_erase_cursor is wrong. -- a fallout from a missed update from commit 9625b51350cc ("VIDEO: PMAG-BA: Fix section mismatch") and then commit 48c68c4f1b54 ("Drivers: video: remove __dev* attributes.") Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/video/fbdev/pmag-ba-fb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/video/fbdev/pmag-ba-fb.c +++ b/drivers/video/fbdev/pmag-ba-fb.c @@ -129,7 +129,7 @@ static struct fb_ops pmagbafb_ops = { /* * Turn the hardware cursor off. */ -static void __init pmagbafb_erase_cursor(struct fb_info *info) +static void pmagbafb_erase_cursor(struct fb_info *info) { struct pmagbafb_par *par = info->par; Patches currently in stable-queue which might be from macro(a)linux-mips.org are queue-3.18/video-fbdev-pmag-ba-fb-remove-bad-__init-annotation.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: hcd: initialize hcd->flags to 0 when rm hcd" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: hcd: initialize hcd->flags to 0 when rm hcd to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-hcd-initialize-hcd-flags-to-0-when-rm-hcd.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: William wu <wulf(a)rock-chips.com> Date: Fri, 13 Jan 2017 11:04:22 +0800 Subject: usb: hcd: initialize hcd->flags to 0 when rm hcd From: William wu <wulf(a)rock-chips.com> [ Upstream commit 76b8db0d480e8045e1a1902fc9ab143b3b9ef115 ] On some platforms(e.g. rk3399 board), we can call hcd_add/remove consecutively without calling usb_put_hcd/usb_create_hcd in between, so hcd->flags can be stale. If the HC dies due to whatever reason then without this patch we get the below error on next hcd_add. [173.296154] xhci-hcd xhci-hcd.2.auto: HC died; cleaning up [173.296209] xhci-hcd xhci-hcd.2.auto: xHCI Host Controller [173.296762] xhci-hcd xhci-hcd.2.auto: new USB bus registered, assigned bus number 6 [173.296931] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. [173.297179] usb usb6: New USB device found, idVendor=1d6b, idProduct=0003 [173.297203] usb usb6: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [173.297222] usb usb6: Product: xHCI Host Controller [173.297240] usb usb6: Manufacturer: Linux 4.4.21 xhci-hcd [173.297257] usb usb6: SerialNumber: xhci-hcd.2.auto [173.298680] hub 6-0:1.0: USB hub found [173.298749] hub 6-0:1.0: 1 port detected [173.299382] rockchip-dwc3 usb@fe800000: USB HOST connected [173.395418] hub 5-0:1.0: activate --> -19 [173.603447] irq 228: nobody cared (try booting with the "irqpoll" option) [173.603493] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.21 #9 [173.603513] Hardware name: Google Kevin (DT) [173.603531] Call trace: [173.603568] [<ffffffc0002087dc>] dump_backtrace+0x0/0x160 [173.603596] [<ffffffc00020895c>] show_stack+0x20/0x28 [173.603623] [<ffffffc0004b28a8>] dump_stack+0x90/0xb0 [173.603650] [<ffffffc00027347c>] __report_bad_irq+0x48/0xe8 [173.603674] [<ffffffc0002737cc>] note_interrupt+0x1e8/0x28c [173.603698] [<ffffffc000270a38>] handle_irq_event_percpu+0x1d4/0x25c [173.603722] [<ffffffc000270b0c>] handle_irq_event+0x4c/0x7c [173.603748] [<ffffffc00027456c>] handle_fasteoi_irq+0xb4/0x124 [173.603777] [<ffffffc00026fe3c>] generic_handle_irq+0x30/0x44 [173.603804] [<ffffffc0002701a8>] __handle_domain_irq+0x90/0xbc [173.603827] [<ffffffc0002006f4>] gic_handle_irq+0xcc/0x188 ... [173.604500] [<ffffffc000203700>] el1_irq+0x80/0xf8 [173.604530] [<ffffffc000261388>] cpu_startup_entry+0x38/0x3cc [173.604558] [<ffffffc00090f7d8>] rest_init+0x8c/0x94 [173.604585] [<ffffffc000e009ac>] start_kernel+0x3d0/0x3fc [173.604607] [<0000000000b16000>] 0xb16000 [173.604622] handlers: [173.604648] [<ffffffc000642084>] usb_hcd_irq [173.604673] Disabling IRQ #228 Signed-off-by: William wu <wulf(a)rock-chips.com> Acked-by: Roger Quadros <rogerq(a)ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hcd.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -2927,6 +2927,7 @@ void usb_remove_hcd(struct usb_hcd *hcd) } usb_put_invalidate_rhdev(hcd); + hcd->flags = 0; } EXPORT_SYMBOL_GPL(usb_remove_hcd); Patches currently in stable-queue which might be from wulf(a)rock-chips.com are queue-3.18/usb-hcd-initialize-hcd-flags-to-0-when-rm-hcd.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "serial: sh-sci: Fix register offsets for the IRDA serial port" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: sh-sci: Fix register offsets for the IRDA serial port to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: serial-sh-sci-fix-register-offsets-for-the-irda-serial-port.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Date: Wed, 11 Jan 2017 16:43:32 +0200 Subject: serial: sh-sci: Fix register offsets for the IRDA serial port From: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> [ Upstream commit a752ba18af8285e3eeda572f40dddaebff0c3621 ] Even though most of its registers are 8-bit wide, the IRDA has two 16-bit registers that make it a 16-bit peripheral and not a 8-bit peripheral with addresses shifted by one. Fix the registers offset in the driver and the platform data regshift value. Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/sh/kernel/cpu/sh3/setup-sh770x.c | 1 - drivers/tty/serial/sh-sci.c | 17 ++++++++--------- 2 files changed, 8 insertions(+), 10 deletions(-) --- a/arch/sh/kernel/cpu/sh3/setup-sh770x.c +++ b/arch/sh/kernel/cpu/sh3/setup-sh770x.c @@ -165,7 +165,6 @@ static struct plat_sci_port scif2_platfo .scscr = SCSCR_TE | SCSCR_RE, .type = PORT_IRDA, .ops = &sh770x_sci_port_ops, - .regshift = 1, }; static struct resource scif2_resources[] = { --- a/drivers/tty/serial/sh-sci.c +++ b/drivers/tty/serial/sh-sci.c @@ -171,18 +171,17 @@ static struct plat_sci_reg sci_regmap[SC }, /* - * Common definitions for legacy IrDA ports, dependent on - * regshift value. + * Common definitions for legacy IrDA ports. */ [SCIx_IRDA_REGTYPE] = { [SCSMR] = { 0x00, 8 }, - [SCBRR] = { 0x01, 8 }, - [SCSCR] = { 0x02, 8 }, - [SCxTDR] = { 0x03, 8 }, - [SCxSR] = { 0x04, 8 }, - [SCxRDR] = { 0x05, 8 }, - [SCFCR] = { 0x06, 8 }, - [SCFDR] = { 0x07, 16 }, + [SCBRR] = { 0x02, 8 }, + [SCSCR] = { 0x04, 8 }, + [SCxTDR] = { 0x06, 8 }, + [SCxSR] = { 0x08, 16 }, + [SCxRDR] = { 0x0a, 8 }, + [SCFCR] = { 0x0c, 8 }, + [SCFDR] = { 0x0e, 16 }, [SCTFDR] = sci_reg_invalid, [SCRFDR] = sci_reg_invalid, [SCSPTR] = sci_reg_invalid, Patches currently in stable-queue which might be from laurent.pinchart+renesas(a)ideasonboard.com are queue-3.18/serial-sh-sci-fix-register-offsets-for-the-irda-serial-port.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "phy: increase size of MII_BUS_ID_SIZE and bus_id" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled phy: increase size of MII_BUS_ID_SIZE and bus_id to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: phy-increase-size-of-mii_bus_id_size-and-bus_id.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Volodymyr Bendiuga <volodymyr.bendiuga(a)gmail.com> Date: Thu, 19 Jan 2017 17:05:04 +0100 Subject: phy: increase size of MII_BUS_ID_SIZE and bus_id From: Volodymyr Bendiuga <volodymyr.bendiuga(a)gmail.com> [ Upstream commit 4567d686f5c6d955e57a3afa1741944c1e7f4033 ] Some bus names are pretty long and do not fit into 17 chars. Increase therefore MII_BUS_ID_SIZE and phy_fixup.bus_id to larger number. Now mii_bus.id can host larger name. Signed-off-by: Volodymyr Bendiuga <volodymyr.bendiuga(a)gmail.com> Signed-off-by: Magnus Öberg <magnus.oberg(a)westermo.se> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/phy.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) --- a/include/linux/phy.h +++ b/include/linux/phy.h @@ -135,11 +135,7 @@ static inline const char *phy_modes(phy_ /* Used when trying to connect to a specific phy (mii bus id:phy device id) */ #define PHY_ID_FMT "%s:%02x" -/* - * Need to be a little smaller than phydev->dev.bus_id to leave room - * for the ":%02x" - */ -#define MII_BUS_ID_SIZE (20 - 3) +#define MII_BUS_ID_SIZE 61 /* Or MII_ADDR_C45 into regnum for read/write on mii_bus to enable the 21 bit IEEE 802.3ae clause 45 addressing mode used by 10GIGE phy chips. */ @@ -573,7 +569,7 @@ struct phy_driver { /* A Structure for boards to register fixups with the PHY Lib */ struct phy_fixup { struct list_head list; - char bus_id[20]; + char bus_id[MII_BUS_ID_SIZE + 3]; u32 phy_uid; u32 phy_uid_mask; int (*run)(struct phy_device *phydev); Patches currently in stable-queue which might be from volodymyr.bendiuga(a)gmail.com are queue-3.18/phy-increase-size-of-mii_bus_id_size-and-bus_id.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "IPsec: do not ignore crypto err in ah4 input" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IPsec: do not ignore crypto err in ah4 input to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipsec-do-not-ignore-crypto-err-in-ah4-input.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Gilad Ben-Yossef <gilad(a)benyossef.com> Date: Mon, 16 Jan 2017 13:17:55 +0200 Subject: IPsec: do not ignore crypto err in ah4 input From: Gilad Ben-Yossef <gilad(a)benyossef.com> [ Upstream commit ebd89a2d0675f1325c2be5b7576fd8cb7e8defd0 ] ah4 input processing uses the asynchronous hash crypto API which supplies an error code as part of the operation completion but the error code was being ignored. Treat a crypto API error indication as a verification failure. While a crypto API reported error would almost certainly result in a memcpy of the digest failing anyway and thus the security risk seems minor, performing a memory compare on what might be uninitialized memory is wrong. Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ah4.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -270,6 +270,9 @@ static void ah_input_done(struct crypto_ int ihl = ip_hdrlen(skb); int ah_hlen = (ah->hdrlen + 2) << 2; + if (err) + goto out; + work_iph = AH_SKB_CB(skb)->tmp; auth_data = ah_tmp_auth(work_iph, ihl); icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len); Patches currently in stable-queue which might be from gilad(a)benyossef.com are queue-3.18/ipsec-do-not-ignore-crypto-err-in-ah4-input.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "Input: mpr121 - set missing event capability" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: mpr121 - set missing event capability to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-mpr121-set-missing-event-capability.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Akinobu Mita <akinobu.mita(a)gmail.com> Date: Sun, 15 Jan 2017 14:44:05 -0800 Subject: Input: mpr121 - set missing event capability From: Akinobu Mita <akinobu.mita(a)gmail.com> [ Upstream commit 9723ddc8fe0d76ce41fe0dc16afb241ec7d0a29d ] This driver reports misc scan input events on the sensor's status register changes. But the event capability for them was not set in the device initialization, so these events were ignored. This change adds the missing event capability. Signed-off-by: Akinobu Mita <akinobu.mita(a)gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/keyboard/mpr121_touchkey.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/input/keyboard/mpr121_touchkey.c +++ b/drivers/input/keyboard/mpr121_touchkey.c @@ -235,6 +235,7 @@ static int mpr_touchkey_probe(struct i2c input_dev->id.bustype = BUS_I2C; input_dev->dev.parent = &client->dev; input_dev->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REP); + input_set_capability(input_dev, EV_MSC, MSC_SCAN); input_dev->keycode = mpr121->keycodes; input_dev->keycodesize = sizeof(mpr121->keycodes[0]); Patches currently in stable-queue which might be from akinobu.mita(a)gmail.com are queue-3.18/input-mpr121-set-missing-event-capability.patch queue-3.18/input-mpr121-handle-multiple-bits-change-of-status-register.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "Input: mpr121 - handle multiple bits change of status register" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: mpr121 - handle multiple bits change of status register to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-mpr121-handle-multiple-bits-change-of-status-register.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Akinobu Mita <akinobu.mita(a)gmail.com> Date: Sun, 15 Jan 2017 14:44:30 -0800 Subject: Input: mpr121 - handle multiple bits change of status register From: Akinobu Mita <akinobu.mita(a)gmail.com> [ Upstream commit 08fea55e37f58371bffc5336a59e55d1f155955a ] This driver reports input events on their interrupts which are triggered by the sensor's status register changes. But only single bit change is reported in the interrupt handler. So if there are multiple bits are changed at almost the same time, other press or release events are ignored. This fixes it by detecting all changed bits in the status register. Signed-off-by: Akinobu Mita <akinobu.mita(a)gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/keyboard/mpr121_touchkey.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) --- a/drivers/input/keyboard/mpr121_touchkey.c +++ b/drivers/input/keyboard/mpr121_touchkey.c @@ -87,7 +87,8 @@ static irqreturn_t mpr_touchkey_interrup struct mpr121_touchkey *mpr121 = dev_id; struct i2c_client *client = mpr121->client; struct input_dev *input = mpr121->input_dev; - unsigned int key_num, key_val, pressed; + unsigned long bit_changed; + unsigned int key_num; int reg; reg = i2c_smbus_read_byte_data(client, ELE_TOUCH_STATUS_1_ADDR); @@ -105,18 +106,22 @@ static irqreturn_t mpr_touchkey_interrup reg &= TOUCH_STATUS_MASK; /* use old press bit to figure out which bit changed */ - key_num = ffs(reg ^ mpr121->statusbits) - 1; - pressed = reg & (1 << key_num); + bit_changed = reg ^ mpr121->statusbits; mpr121->statusbits = reg; + for_each_set_bit(key_num, &bit_changed, mpr121->keycount) { + unsigned int key_val, pressed; - key_val = mpr121->keycodes[key_num]; + pressed = reg & BIT(key_num); + key_val = mpr121->keycodes[key_num]; - input_event(input, EV_MSC, MSC_SCAN, key_num); - input_report_key(input, key_val, pressed); - input_sync(input); + input_event(input, EV_MSC, MSC_SCAN, key_num); + input_report_key(input, key_val, pressed); + + dev_dbg(&client->dev, "key %d %d %s\n", key_num, key_val, + pressed ? "pressed" : "released"); - dev_dbg(&client->dev, "key %d %d %s\n", key_num, key_val, - pressed ? "pressed" : "released"); + } + input_sync(input); out: return IRQ_HANDLED; Patches currently in stable-queue which might be from akinobu.mita(a)gmail.com are queue-3.18/input-mpr121-set-missing-event-capability.patch queue-3.18/input-mpr121-handle-multiple-bits-change-of-status-register.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "iio: trigger: free trigger resource correctly" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: trigger: free trigger resource correctly to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iio-trigger-free-trigger-resource-correctly.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Alison Schofield <amsfield22(a)gmail.com> Date: Thu, 19 Jan 2017 19:47:38 -0800 Subject: iio: trigger: free trigger resource correctly From: Alison Schofield <amsfield22(a)gmail.com> [ Upstream commit 10e840dfb0b7fc345082dd9e5fff3c1c02e7690e ] These stand-alone trigger drivers were using iio_trigger_put() where they should have been using iio_trigger_free(). The iio_trigger_put() adds a module_put which is bad since they never did a module_get. In the sysfs driver, module_get/put's are used as triggers are added & removed. This extra module_put() occurs on an error path in the probe routine (probably rare). In the bfin-timer & interrupt trigger drivers, the module resources are not explicitly managed, so it's doing a put on something that was never get'd. It occurs on the probe error path and on the remove path (not so rare). Tested with the sysfs trigger driver. The bfin & interrupt drivers were build tested & inspected only. Signed-off-by: Alison Schofield <amsfield22(a)gmail.com> Signed-off-by: Jonathan Cameron <jic23(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iio/trigger/iio-trig-interrupt.c | 8 ++++---- drivers/iio/trigger/iio-trig-sysfs.c | 2 +- drivers/staging/iio/trigger/iio-trig-bfin-timer.c | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) --- a/drivers/iio/trigger/iio-trig-interrupt.c +++ b/drivers/iio/trigger/iio-trig-interrupt.c @@ -58,7 +58,7 @@ static int iio_interrupt_trigger_probe(s trig_info = kzalloc(sizeof(*trig_info), GFP_KERNEL); if (!trig_info) { ret = -ENOMEM; - goto error_put_trigger; + goto error_free_trigger; } iio_trigger_set_drvdata(trig, trig_info); trig_info->irq = irq; @@ -83,8 +83,8 @@ error_release_irq: free_irq(irq, trig); error_free_trig_info: kfree(trig_info); -error_put_trigger: - iio_trigger_put(trig); +error_free_trigger: + iio_trigger_free(trig); error_ret: return ret; } @@ -99,7 +99,7 @@ static int iio_interrupt_trigger_remove( iio_trigger_unregister(trig); free_irq(trig_info->irq, trig); kfree(trig_info); - iio_trigger_put(trig); + iio_trigger_free(trig); return 0; } --- a/drivers/iio/trigger/iio-trig-sysfs.c +++ b/drivers/iio/trigger/iio-trig-sysfs.c @@ -173,7 +173,7 @@ static int iio_sysfs_trigger_probe(int i return 0; out2: - iio_trigger_put(t->trig); + iio_trigger_free(t->trig); free_t: kfree(t); out1: --- a/drivers/staging/iio/trigger/iio-trig-bfin-timer.c +++ b/drivers/staging/iio/trigger/iio-trig-bfin-timer.c @@ -258,7 +258,7 @@ out_free_irq: out1: iio_trigger_unregister(st->trig); out: - iio_trigger_put(st->trig); + iio_trigger_free(st->trig); return ret; } @@ -271,7 +271,7 @@ static int iio_bfin_tmr_trigger_remove(s peripheral_free(st->t->pin); free_irq(st->irq, st); iio_trigger_unregister(st->trig); - iio_trigger_put(st->trig); + iio_trigger_free(st->trig); return 0; } Patches currently in stable-queue which might be from amsfield22(a)gmail.com are queue-3.18/iio-trigger-free-trigger-resource-correctly.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "IB/ipoib: Change list_del to list_del_init in the tx object" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled IB/ipoib: Change list_del to list_del_init in the tx object to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ib-ipoib-change-list_del-to-list_del_init-in-the-tx-object.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Feras Daoud <ferasda(a)mellanox.com> Date: Wed, 28 Dec 2016 14:47:28 +0200 Subject: IB/ipoib: Change list_del to list_del_init in the tx object From: Feras Daoud <ferasda(a)mellanox.com> [ Upstream commit 27d41d29c7f093f6f77843624fbb080c1b4a8b9c ] Since ipoib_cm_tx_start function and ipoib_cm_tx_reap function belong to different work queues, they can run in parallel. In this case if ipoib_cm_tx_reap calls list_del and release the lock, ipoib_cm_tx_start may acquire it and call list_del_init on the already deleted object. Changing list_del to list_del_init in ipoib_cm_tx_reap fixes the problem. Fixes: 839fcaba355a ("IPoIB: Connected mode experimental support") Signed-off-by: Feras Daoud <ferasda(a)mellanox.com> Signed-off-by: Erez Shitrit <erezsh(a)mellanox.com> Reviewed-by: Alex Vesker <valex(a)mellanox.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Reviewed-by: Yuval Shaia <yuval.shaia(a)oracle.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c @@ -1362,7 +1362,7 @@ static void ipoib_cm_tx_reap(struct work while (!list_empty(&priv->cm.reap_list)) { p = list_entry(priv->cm.reap_list.next, typeof(*p), list); - list_del(&p->list); + list_del_init(&p->list); spin_unlock_irqrestore(&priv->lock, flags); netif_tx_unlock_bh(dev); ipoib_cm_tx_destroy(p); Patches currently in stable-queue which might be from ferasda(a)mellanox.com are queue-3.18/ib-ipoib-change-list_del-to-list_del_init-in-the-tx-object.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dt-bindings: Add vendor prefix for LEGO" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dt-bindings: Add vendor prefix for LEGO to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dt-bindings-add-vendor-prefix-for-lego.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: David Lechner <david(a)lechnology.com> Date: Fri, 13 Jan 2017 13:03:39 -0600 Subject: dt-bindings: Add vendor prefix for LEGO From: David Lechner <david(a)lechnology.com> [ Upstream commit 7dcc31e2e68a386a29070384b51683ece80982bf ] Add a vendor prefix for LEGO Systems A/S Acked-by: Rob Herring <robh(a)kernel.org> Signed-off-by: David Lechner <david(a)lechnology.com> Signed-off-by: Sekhar Nori <nsekhar(a)ti.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) --- a/Documentation/devicetree/bindings/vendor-prefixes.txt +++ b/Documentation/devicetree/bindings/vendor-prefixes.txt @@ -83,6 +83,7 @@ karo Ka-Ro electronics GmbH keymile Keymile GmbH lacie LaCie lantiq Lantiq Semiconductor +lego LEGO Systems A/S lenovo Lenovo Group Ltd. lg LG Corporation linux Linux-specific binding Patches currently in stable-queue which might be from david(a)lechnology.com are queue-3.18/dt-bindings-add-lego-mindstorms-ev3-compatible-specification.patch queue-3.18/dt-bindings-add-vendor-prefix-for-lego.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dt-bindings-add-lego-mindstorms-ev3-compatible-specification.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: David Lechner <david(a)lechnology.com> Date: Fri, 13 Jan 2017 13:03:40 -0600 Subject: dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification From: David Lechner <david(a)lechnology.com> [ Upstream commit 21078ab174c99885ca83a5c32db0d33b1617745e ] This adds the board level device tree specification for LEGO MINDSTORMS EV3 Acked-by: Rob Herring <robh(a)kernel.org> Signed-off-by: David Lechner <david(a)lechnology.com> Signed-off-by: Sekhar Nori <nsekhar(a)ti.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Documentation/devicetree/bindings/arm/davinci.txt | 4 ++++ 1 file changed, 4 insertions(+) --- a/Documentation/devicetree/bindings/arm/davinci.txt +++ b/Documentation/devicetree/bindings/arm/davinci.txt @@ -9,6 +9,10 @@ EnBW AM1808 based CMC board Required root node properties: - compatible = "enbw,cmc", "ti,da850; +LEGO MINDSTORMS EV3 (AM1808 based) +Required root node properties: + - compatible = "lego,ev3", "ti,da850"; + Generic DaVinci Boards ---------------------- Patches currently in stable-queue which might be from david(a)lechnology.com are queue-3.18/dt-bindings-add-lego-mindstorms-ev3-compatible-specification.patch queue-3.18/dt-bindings-add-vendor-prefix-for-lego.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm: drm_minor_register(): Clean up debugfs on failure" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm: drm_minor_register(): Clean up debugfs on failure to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-drm_minor_register-clean-up-debugfs-on-failure.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Noralf Trønnes <noralf(a)tronnes.org> Date: Thu, 26 Jan 2017 23:56:04 +0100 Subject: drm: drm_minor_register(): Clean up debugfs on failure From: Noralf Trønnes <noralf(a)tronnes.org> [ Upstream commit a67834f8bfa1e2f48bb27d07b9a552ba7c3af82a ] Call drm_debugfs_cleanup() in case drm_debugfs_init() fails to cover for failure in the drm_driver.debugfs_init callback. Signed-off-by: Noralf TrÃ¸nnes <noralf(a)tronnes.org> Signed-off-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/20170126225621.12314-3-noralf@… Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -320,7 +320,7 @@ static int drm_minor_register(struct drm ret = drm_debugfs_init(minor, minor->index, drm_debugfs_root); if (ret) { DRM_ERROR("DRM: Failed to initialize /sys/kernel/debug/dri.\n"); - return ret; + goto err_debugfs; } ret = device_add(minor->kdev); Patches currently in stable-queue which might be from noralf(a)tronnes.org are queue-3.18/drm-drm_minor_register-clean-up-debugfs-on-failure.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-omap2plus_defconfig-fix-probe-errors-on-uarts-5-and-6.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Tony Lindgren <tony(a)atomide.com> Date: Fri, 20 Jan 2017 12:13:19 -0800 Subject: ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 From: Tony Lindgren <tony(a)atomide.com> [ Upstream commit 4cd6a59f5c1a9b0cca0da09fbba42b9450ffc899 ] We have more than four uarts on some SoCs and that can cause noise with errors while booting. Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/configs/omap2plus_defconfig | 1 + 1 file changed, 1 insertion(+) --- a/arch/arm/configs/omap2plus_defconfig +++ b/arch/arm/configs/omap2plus_defconfig @@ -169,6 +169,7 @@ CONFIG_INPUT_TWL4030_PWRBUTTON=y CONFIG_SERIAL_8250=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_RUNTIME_UARTS=6 CONFIG_SERIAL_8250_EXTENDED=y CONFIG_SERIAL_8250_MANY_PORTS=y CONFIG_SERIAL_8250_SHARE_IRQ=y Patches currently in stable-queue which might be from tony(a)atomide.com are queue-3.18/arm-omap2plus_defconfig-fix-probe-errors-on-uarts-5-and-6.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ARM: dts: imx53-qsb-common: fix FEC pinmux config" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: imx53-qsb-common: fix FEC pinmux config to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-imx53-qsb-common-fix-fec-pinmux-config.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 10:19:57 CET 2017 From: Patrick Bruenn <p.bruenn(a)beckhoff.com> Date: Wed, 25 Jan 2017 06:25:48 +0100 Subject: ARM: dts: imx53-qsb-common: fix FEC pinmux config From: Patrick Bruenn <p.bruenn(a)beckhoff.com> [ Upstream commit 8b649e426336d7d4800ff9c82858328f4215ba01 ] The pinmux configuration in device tree was different from manual muxing in <u-boot>/board/freescale/mx53loco/mx53loco.c All pins were configured as NO_PAD_CTL(1 << 31), which was fine as the bootloader already did the correct pinmuxing for us. But recently u-boot is migrating to reuse device tree files from the kernel tree, so it seems to be better to have the correct pinmuxing in our files, too. Signed-off-by: Patrick Bruenn <p.bruenn(a)beckhoff.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/imx53-qsb-common.dtsi | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- a/arch/arm/boot/dts/imx53-qsb-common.dtsi +++ b/arch/arm/boot/dts/imx53-qsb-common.dtsi @@ -215,16 +215,16 @@ pinctrl_fec: fecgrp { fsl,pins = < - MX53_PAD_FEC_MDC__FEC_MDC 0x80000000 - MX53_PAD_FEC_MDIO__FEC_MDIO 0x80000000 - MX53_PAD_FEC_REF_CLK__FEC_TX_CLK 0x80000000 - MX53_PAD_FEC_RX_ER__FEC_RX_ER 0x80000000 - MX53_PAD_FEC_CRS_DV__FEC_RX_DV 0x80000000 - MX53_PAD_FEC_RXD1__FEC_RDATA_1 0x80000000 - MX53_PAD_FEC_RXD0__FEC_RDATA_0 0x80000000 - MX53_PAD_FEC_TX_EN__FEC_TX_EN 0x80000000 - MX53_PAD_FEC_TXD1__FEC_TDATA_1 0x80000000 - MX53_PAD_FEC_TXD0__FEC_TDATA_0 0x80000000 + MX53_PAD_FEC_MDC__FEC_MDC 0x4 + MX53_PAD_FEC_MDIO__FEC_MDIO 0x1fc + MX53_PAD_FEC_REF_CLK__FEC_TX_CLK 0x180 + MX53_PAD_FEC_RX_ER__FEC_RX_ER 0x180 + MX53_PAD_FEC_CRS_DV__FEC_RX_DV 0x180 + MX53_PAD_FEC_RXD1__FEC_RDATA_1 0x180 + MX53_PAD_FEC_RXD0__FEC_RDATA_0 0x180 + MX53_PAD_FEC_TX_EN__FEC_TX_EN 0x4 + MX53_PAD_FEC_TXD1__FEC_TDATA_1 0x4 + MX53_PAD_FEC_TXD0__FEC_TDATA_0 0x4 >; }; Patches currently in stable-queue which might be from p.bruenn(a)beckhoff.com are queue-3.18/arm-dts-imx53-qsb-common-fix-fec-pinmux-config.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH v2 01/10] staging: ccree: fix leak of import() after init()

by Gilad Ben-Yossef

crypto_ahash_import() may be called either after crypto_ahash_init() or without such call. Right now we always internally call init() as part of import(), thus leaking memory and mappings if the user has already called init() herself. Fix this by only calling init() internally if the state is not already initialized. Fixes: commit 454527d0d94f ("staging: ccree: fix hash import/export") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> --- drivers/staging/ccree/ssi_hash.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c index d79090e..1799d3f 100644 --- a/drivers/staging/ccree/ssi_hash.c +++ b/drivers/staging/ccree/ssi_hash.c @@ -1778,9 +1778,12 @@ static int ssi_ahash_import(struct ahash_request *req, const void *in) } in += sizeof(u32); - rc = ssi_hash_init(state, ctx); - if (rc) - goto out; + /* call init() to allocate bufs if the user hasn't */ + if (!state->digest_buff) { + rc = ssi_hash_init(state, ctx); + if (rc) + goto out; + } dma_sync_single_for_cpu(dev, state->digest_buff_dma_addr, ctx->inter_digestsize, DMA_BIDIRECTIONAL); -- 2.7.4

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.9

by Levin, Alexander (Sasha Levin)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 5caae9d1419914177994363218616b869659e871: Linux 4.9.61 (2017-11-08 10:08:37 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git for-greg-4.9-2 for you to fetch changes up to 815f1731f39d164ba279e7835bcb985588f5a8cd: net: dsa: select NET_SWITCHDEV (2017-11-08 15:34:46 -0500) - ---------------------------------------------------------------- Akinobu Mita (2): Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability Alexander Stein (1): pinctrl: baytrail: Fix debugfs offset output Alison Schofield (4): iio: trigger: free trigger resource correctly iio: pressure: ms5611: claim direct mode during oversampling changes iio: magnetometer: mag3110: claim direct mode during raw writes iio: proximity: sx9500: claim direct mode during raw proximity reads Bart Van Assche (1): IB/rxe: Fix reference leaks in memory key invalidation code Bjorn Andersson (1): wcn36xx: Don't use the destroyed hal_mutex David Lechner (2): dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO Feras Daoud (1): IB/ipoib: Change list_del to list_del_init in the tx object Frederic Weisbecker (1): sched/cputime, powerpc32: Fix stale scaled stime on context switch Gilad Ben-Yossef (1): IPsec: do not ignore crypto err in ah4 input Harninder Rai (1): dt-bindings: clockgen: Add compatible string for LS1012A Heiko Carstens (1): s390/topology: make "topology=off" parameter work Jason Gunthorpe (1): PCI: mvebu: Handle changes to the bridge windows while enabled John Johansen (1): apparmor: fix undefined reference to `aa_g_hash_policy' Juergen Gross (1): xen/netback: set default upper limit of tx/rx queues to 8 Julian Wiedmann (1): s390/qeth: issue STARTLAN as first IPA command Lars-Peter Clausen (1): [media] adv7604: Initialize drive strength to default when using DT Laurent Pinchart (1): serial: sh-sci: Fix register offsets for the IRDA serial port Li Zhong (2): KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter crypto: vmx - disable preemption to enable vsx in aes_ctr.c Liping Zhang (1): netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family Maciej W. Rozycki (1): video: fbdev: pmag-ba-fb: Remove bad `__init' annotation Marcus Cooper (1): ASoC: sunxi: Add bindings for sun8i to SPDIF Marek Szyprowski (1): clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks Mihail Atanassov (1): drm: mali-dp: fix Lx_CONTROL register fields clobber Nate Watterson (1): iommu/arm-smmu-v3: Clear prior settings when updating STEs Noralf Trønnes (1): drm: drm_minor_register(): Clean up debugfs on failure Pan Bian (1): libertas: fix improper return value Patrice Chotard (1): ARM: dts: STiH410-family: fix wrong parent clock frequency Patrick Bruenn (1): ARM: dts: imx53-qsb-common: fix FEC pinmux config Peter Zijlstra (1): sched/core: Add missing update_rq_clock() call in sched_move_task() Rafał Miłecki (1): brcmfmac: setup wiphy bands after registering it first Stanislaw Gruszka (1): rt2800usb: mark tx failure on timeout Thomas Petazzoni (1): clk: mvebu: adjust AP806 CPU clock frequencies to production chip Tony Lindgren (1): ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 Ursula Braun (1): s390/qeth: fix retrieval of vipa and proxy-arp addresses Vaibhav Jain (1): cxl: Force psl data-cache flush during device shutdown Valentin Longchamp (1): powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 Viresh Kumar (1): PM / OPP: Error out on failing to add static OPPs for v1 bindings Vivien Didelot (1): net: dsa: select NET_SWITCHDEV Volodymyr Bendiuga (1): phy: increase size of MII_BUS_ID_SIZE and bus_id Will Deacon (1): arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA William wu (1): usb: hcd: initialize hcd->flags to 0 when rm hcd Yazen Ghannam (2): EDAC, amd64: Add x86cpuid sanity check during init EDAC, amd64: Save and return err code from probe_one_instance() Documentation/devicetree/bindings/arm/davinci.txt | 4 + .../devicetree/bindings/clock/qoriq-clock.txt | 1 + .../bindings/sound/sunxi,sun4i-spdif.txt | 1 + .../devicetree/bindings/vendor-prefixes.txt | 1 + arch/arm/boot/dts/imx53-qsb-common.dtsi | 20 ++-- arch/arm/boot/dts/stih410.dtsi | 2 +- arch/arm/configs/omap2plus_defconfig | 1 + arch/arm64/mm/dma-mapping.c | 17 +++- arch/powerpc/boot/dts/fsl/kmcoge4.dts | 4 + arch/powerpc/kernel/time.c | 1 + arch/powerpc/kvm/book3s_hv_rm_xics.c | 5 +- arch/s390/kernel/early.c | 12 +++ arch/s390/kernel/topology.c | 11 +-- arch/sh/kernel/cpu/sh3/setup-sh770x.c | 1 - drivers/base/power/opp/of.c | 12 ++- drivers/clk/mvebu/ap806-system-controller.c | 28 +++++- drivers/clk/samsung/clk-exynos5433.c | 6 +- drivers/crypto/vmx/aes_ctr.c | 6 ++ drivers/edac/amd64_edac.c | 12 ++- drivers/edac/amd64_edac.h | 1 + drivers/gpu/drm/arm/malidp_planes.c | 3 +- drivers/gpu/drm/drm_drv.c | 2 +- drivers/iio/magnetometer/mag3110.c | 30 ++++-- drivers/iio/pressure/ms5611_core.c | 12 ++- drivers/iio/proximity/sx9500.c | 10 +- drivers/iio/trigger/iio-trig-interrupt.c | 8 +- drivers/iio/trigger/iio-trig-sysfs.c | 2 +- drivers/infiniband/sw/rxe/rxe_req.c | 1 + drivers/infiniband/sw/rxe/rxe_resp.c | 1 + drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +- drivers/input/keyboard/mpr121_touchkey.c | 24 +++-- drivers/iommu/arm-smmu-v3.c | 10 +- drivers/media/i2c/adv7604.c | 3 + drivers/misc/cxl/pci.c | 3 + drivers/net/wireless/ath/wcn36xx/main.c | 3 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 9 +- drivers/net/wireless/marvell/libertas/cmd.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800usb.c | 5 +- drivers/net/xen-netback/netback.c | 6 +- drivers/pci/host/pci-mvebu.c | 101 ++++++++++++--------- drivers/pinctrl/intel/pinctrl-baytrail.c | 2 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 21 ++++- drivers/s390/net/qeth_l2_main.c | 15 --- drivers/s390/net/qeth_l3_main.c | 15 --- drivers/s390/net/qeth_l3_sys.c | 30 +++--- drivers/staging/iio/trigger/iio-trig-bfin-timer.c | 4 +- drivers/tty/serial/sh-sci.c | 17 ++-- drivers/usb/core/hcd.c | 1 + drivers/video/fbdev/pmag-ba-fb.c | 2 +- include/dt-bindings/clock/exynos5433.h | 5 +- include/linux/phy.h | 8 +- kernel/sched/core.c | 1 + net/dsa/Kconfig | 5 +- net/ipv4/ah4.c | 3 + net/netfilter/nft_meta.c | 28 +++++- security/apparmor/lsm.c | 2 +- 57 files changed, 333 insertions(+), 210 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaA2ziAAoJEN6mb/eXdyzcX88P/i2q+fayJnzyfAe5EfkYZu7H PCeA7jVGtb8qxWHIMyhz/zIIo53qfatEzC/5Py4/Elo72HF6Jvsxat8/0xsV/HiT fQK24hMYk5M0M50x6FzuQqy/VFlQdrZaHnz/dqoWR6KKZT+RD112usLRa2Y8d51Y /26UqXJIflr92GzmC0/SUWtjJ/4KJsQBHCB4pVdI4m1aCyftg9P18p8rWq5n2cVA t8/znc9PwCggo7JR+AJN+DC2YmnB1dJnuNd+ilqIjwmcwgR/cDRT907v0RWV0Q4M 6PxjxdrBZZGOhUWxu+XWhr1cdjfPDLPa1g1sOhkx+qYPxMXIdGO9N7bCPbyOGd1j KT0rSmeC/QyL4VeMzUPIpc+bkLMTmt98/oVwj2LLtEtIkQ/g3XWbqKKW8hJqSHoS NnJG/Ps+8EcuBbidn4BBbIpEPyONPbjFNTUjkpIeoTGDVgJ8FQtLsNRw9C96Pogs 1hXhYQu8sWvjMycqktBN8DtCm5a4DJnu5mwSd5DfKxQlBQ+EIdVGZQudCYkogR+v +Ylam6juiM8zCLVW1tdk5p0ufC0nxYISIokAH/udTx1exU64xa4xyc/qnjqeyWWd HaE+zQK7gucWSAnkb8LO/9T21RZD9DlZSRq8BD+GD5nmtxluzyvMBlb43FtL9ftk wHXTDFBvEAO/I6s6zBm6 =3q3p -----END PGP SIGNATURE-----

7 years, 10 months

2
1
0 0

[Linux-stable-mirror] Patch "xen/netback: set default upper limit of tx/rx queues to 8" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/netback: set default upper limit of tx/rx queues to 8 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 09:48:01 CET 2017 From: Juergen Gross <jgross(a)suse.com> Date: Tue, 10 Jan 2017 14:32:52 +0100 Subject: xen/netback: set default upper limit of tx/rx queues to 8 From: Juergen Gross <jgross(a)suse.com> [ Upstream commit 56dd5af9bc23d0d5d23bb207c477715b4c2216c5 ] The default for the maximum number of tx/rx queues of one interface is the number of cpus of the system today. As each queue pair reserves 512 grant pages this default consumes a ridiculous number of grants for large guests. Limit the queue number to 8 as default. This value can be modified via a module parameter if required. Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netback/netback.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c @@ -67,6 +67,7 @@ module_param(rx_drain_timeout_msecs, uin unsigned int rx_stall_timeout_msecs = 60000; module_param(rx_stall_timeout_msecs, uint, 0444); +#define MAX_QUEUES_DEFAULT 8 unsigned int xenvif_max_queues; module_param_named(max_queues, xenvif_max_queues, uint, 0644); MODULE_PARM_DESC(max_queues, @@ -1626,11 +1627,12 @@ static int __init netback_init(void) if (!xen_domain()) return -ENODEV; - /* Allow as many queues as there are CPUs if user has not + /* Allow as many queues as there are CPUs but max. 8 if user has not * specified a value. */ if (xenvif_max_queues == 0) - xenvif_max_queues = num_online_cpus(); + xenvif_max_queues = min_t(unsigned int, MAX_QUEUES_DEFAULT, + num_online_cpus()); if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", Patches currently in stable-queue which might be from jgross(a)suse.com are queue-4.9/xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "wcn36xx: Don't use the destroyed hal_mutex" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled wcn36xx: Don't use the destroyed hal_mutex to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: wcn36xx-don-t-use-the-destroyed-hal_mutex.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 09:48:01 CET 2017 From: Bjorn Andersson <bjorn.andersson(a)linaro.org> Date: Wed, 11 Jan 2017 16:32:21 +0200 Subject: wcn36xx: Don't use the destroyed hal_mutex From: Bjorn Andersson <bjorn.andersson(a)linaro.org> [ Upstream commit d53628882255481b710641dd0118fbd80af6e983 ] ieee80211_unregister_hw() might invoke operations to stop the interface, that uses the hal_mutex. So don't destroy it until after we're done using it. Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/ath/wcn36xx/main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/wireless/ath/wcn36xx/main.c +++ b/drivers/net/wireless/ath/wcn36xx/main.c @@ -1165,11 +1165,12 @@ static int wcn36xx_remove(struct platfor wcn36xx_dbg(WCN36XX_DBG_MAC, "platform remove\n"); release_firmware(wcn->nv); - mutex_destroy(&wcn->hal_mutex); ieee80211_unregister_hw(hw); iounmap(wcn->dxe_base); iounmap(wcn->ccu_base); + + mutex_destroy(&wcn->hal_mutex); ieee80211_free_hw(hw); return 0; Patches currently in stable-queue which might be from bjorn.andersson(a)linaro.org are queue-4.9/wcn36xx-don-t-use-the-destroyed-hal_mutex.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "video: fbdev: pmag-ba-fb: Remove bad `__init' annotation" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled video: fbdev: pmag-ba-fb: Remove bad `__init' annotation to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: video-fbdev-pmag-ba-fb-remove-bad-__init-annotation.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 09:48:01 CET 2017 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Mon, 30 Jan 2017 17:39:48 +0100 Subject: video: fbdev: pmag-ba-fb: Remove bad `__init' annotation From: "Maciej W. Rozycki" <macro(a)linux-mips.org> [ Upstream commit 879e5a0df626f39cbb3c61bb90373e56d67012c4 ] Fix: WARNING: drivers/video/fbdev/pmag-ba-fb.o(.text+0x308): Section mismatch in reference from the function pmagbafb_probe() to the function .init.text:pmagbafb_erase_cursor() The function pmagbafb_probe() references the function __init pmagbafb_erase_cursor(). This is often because pmagbafb_probe lacks a __init annotation or the annotation of pmagbafb_erase_cursor is wrong. -- a fallout from a missed update from commit 9625b51350cc ("VIDEO: PMAG-BA: Fix section mismatch") and then commit 48c68c4f1b54 ("Drivers: video: remove __dev* attributes.") Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/video/fbdev/pmag-ba-fb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/video/fbdev/pmag-ba-fb.c +++ b/drivers/video/fbdev/pmag-ba-fb.c @@ -129,7 +129,7 @@ static struct fb_ops pmagbafb_ops = { /* * Turn the hardware cursor off. */ -static void __init pmagbafb_erase_cursor(struct fb_info *info) +static void pmagbafb_erase_cursor(struct fb_info *info) { struct pmagbafb_par *par = info->par; Patches currently in stable-queue which might be from macro(a)linux-mips.org are queue-4.9/video-fbdev-pmag-ba-fb-remove-bad-__init-annotation.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: hcd: initialize hcd->flags to 0 when rm hcd" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: hcd: initialize hcd->flags to 0 when rm hcd to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-hcd-initialize-hcd-flags-to-0-when-rm-hcd.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 09:48:01 CET 2017 From: William wu <wulf(a)rock-chips.com> Date: Fri, 13 Jan 2017 11:04:22 +0800 Subject: usb: hcd: initialize hcd->flags to 0 when rm hcd From: William wu <wulf(a)rock-chips.com> [ Upstream commit 76b8db0d480e8045e1a1902fc9ab143b3b9ef115 ] On some platforms(e.g. rk3399 board), we can call hcd_add/remove consecutively without calling usb_put_hcd/usb_create_hcd in between, so hcd->flags can be stale. If the HC dies due to whatever reason then without this patch we get the below error on next hcd_add. [173.296154] xhci-hcd xhci-hcd.2.auto: HC died; cleaning up [173.296209] xhci-hcd xhci-hcd.2.auto: xHCI Host Controller [173.296762] xhci-hcd xhci-hcd.2.auto: new USB bus registered, assigned bus number 6 [173.296931] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. [173.297179] usb usb6: New USB device found, idVendor=1d6b, idProduct=0003 [173.297203] usb usb6: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [173.297222] usb usb6: Product: xHCI Host Controller [173.297240] usb usb6: Manufacturer: Linux 4.4.21 xhci-hcd [173.297257] usb usb6: SerialNumber: xhci-hcd.2.auto [173.298680] hub 6-0:1.0: USB hub found [173.298749] hub 6-0:1.0: 1 port detected [173.299382] rockchip-dwc3 usb@fe800000: USB HOST connected [173.395418] hub 5-0:1.0: activate --> -19 [173.603447] irq 228: nobody cared (try booting with the "irqpoll" option) [173.603493] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.21 #9 [173.603513] Hardware name: Google Kevin (DT) [173.603531] Call trace: [173.603568] [<ffffffc0002087dc>] dump_backtrace+0x0/0x160 [173.603596] [<ffffffc00020895c>] show_stack+0x20/0x28 [173.603623] [<ffffffc0004b28a8>] dump_stack+0x90/0xb0 [173.603650] [<ffffffc00027347c>] __report_bad_irq+0x48/0xe8 [173.603674] [<ffffffc0002737cc>] note_interrupt+0x1e8/0x28c [173.603698] [<ffffffc000270a38>] handle_irq_event_percpu+0x1d4/0x25c [173.603722] [<ffffffc000270b0c>] handle_irq_event+0x4c/0x7c [173.603748] [<ffffffc00027456c>] handle_fasteoi_irq+0xb4/0x124 [173.603777] [<ffffffc00026fe3c>] generic_handle_irq+0x30/0x44 [173.603804] [<ffffffc0002701a8>] __handle_domain_irq+0x90/0xbc [173.603827] [<ffffffc0002006f4>] gic_handle_irq+0xcc/0x188 ... [173.604500] [<ffffffc000203700>] el1_irq+0x80/0xf8 [173.604530] [<ffffffc000261388>] cpu_startup_entry+0x38/0x3cc [173.604558] [<ffffffc00090f7d8>] rest_init+0x8c/0x94 [173.604585] [<ffffffc000e009ac>] start_kernel+0x3d0/0x3fc [173.604607] [<0000000000b16000>] 0xb16000 [173.604622] handlers: [173.604648] [<ffffffc000642084>] usb_hcd_irq [173.604673] Disabling IRQ #228 Signed-off-by: William wu <wulf(a)rock-chips.com> Acked-by: Roger Quadros <rogerq(a)ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hcd.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -3023,6 +3023,7 @@ void usb_remove_hcd(struct usb_hcd *hcd) } usb_put_invalidate_rhdev(hcd); + hcd->flags = 0; } EXPORT_SYMBOL_GPL(usb_remove_hcd); Patches currently in stable-queue which might be from wulf(a)rock-chips.com are queue-4.9/usb-hcd-initialize-hcd-flags-to-0-when-rm-hcd.patch

7 years, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror