- Linux-stable-mirror - lists.linaro.org

[PATCH AUTOSEL 4.9 01/12] gpu: ipu-v3: Fix i.MX51 CSI control registers offset

by Sasha Levin

From: Alexander Shiyan <shc_work(a)mail.ru> [ Upstream commit 2c0408dd0d8906b26fe8023889af7adf5e68b2c2 ] The CSI0/CSI1 registers offset is at +0xe030000/+0xe038000 relative to the control module registers on IPUv3EX. This patch fixes wrong values for i.MX51 CSI0/CSI1. Fixes: 2ffd48f2e7 ("gpu: ipu-v3: Add Camera Sensor Interface unit") Signed-off-by: Alexander Shiyan <shc_work(a)mail.ru> Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/ipu-v3/ipu-common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/ipu-v3/ipu-common.c b/drivers/gpu/ipu-v3/ipu-common.c index 99c813a4ec1f..d41983f3ad3e 100644 --- a/drivers/gpu/ipu-v3/ipu-common.c +++ b/drivers/gpu/ipu-v3/ipu-common.c @@ -884,8 +884,8 @@ static struct ipu_devtype ipu_type_imx51 = { .cpmem_ofs = 0x1f000000, .srm_ofs = 0x1f040000, .tpm_ofs = 0x1f060000, - .csi0_ofs = 0x1f030000, - .csi1_ofs = 0x1f038000, + .csi0_ofs = 0x1e030000, + .csi1_ofs = 0x1e038000, .ic_ofs = 0x1e020000, .disp0_ofs = 0x1e040000, .disp1_ofs = 0x1e048000, -- 2.19.1

6 years, 6 months

1
11
0 0

[PATCH AUTOSEL 4.14 01/27] drm/imx: ignore plane updates on disabled crtcs

by Sasha Levin

From: Philipp Zabel <p.zabel(a)pengutronix.de> [ Upstream commit 4fb873c9648e383206e0a91cef9b03aa54066aca ] This patch fixes backtraces like the following when sending SIGKILL to a process with a currently pending plane update: [drm:ipu_plane_atomic_check] CRTC should be enabled [drm:drm_framebuffer_remove] *ERROR* failed to commit ------------[ cut here ]------------ WARNING: CPU: 3 PID: 63 at drivers/gpu/drm/drm_framebuffer.c:926 drm_framebuffer_remove+0x47c/0x498 atomic remove_fb failed with -22 Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/imx/ipuv3-plane.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/imx/ipuv3-plane.c b/drivers/gpu/drm/imx/ipuv3-plane.c index cf98596c7ce1..d0d7f6adbc89 100644 --- a/drivers/gpu/drm/imx/ipuv3-plane.c +++ b/drivers/gpu/drm/imx/ipuv3-plane.c @@ -348,9 +348,9 @@ static int ipu_plane_atomic_check(struct drm_plane *plane, if (ret) return ret; - /* CRTC should be enabled */ + /* nothing to check when disabling or disabled */ if (!crtc_state->enable) - return -EINVAL; + return 0; switch (plane->type) { case DRM_PLANE_TYPE_PRIMARY: -- 2.19.1

6 years, 6 months

1
26
0 0

[PATCH AUTOSEL 4.19 01/44] drm/imx: ignore plane updates on disabled crtcs

by Sasha Levin

From: Philipp Zabel <p.zabel(a)pengutronix.de> [ Upstream commit 4fb873c9648e383206e0a91cef9b03aa54066aca ] This patch fixes backtraces like the following when sending SIGKILL to a process with a currently pending plane update: [drm:ipu_plane_atomic_check] CRTC should be enabled [drm:drm_framebuffer_remove] *ERROR* failed to commit ------------[ cut here ]------------ WARNING: CPU: 3 PID: 63 at drivers/gpu/drm/drm_framebuffer.c:926 drm_framebuffer_remove+0x47c/0x498 atomic remove_fb failed with -22 Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/imx/ipuv3-plane.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/imx/ipuv3-plane.c b/drivers/gpu/drm/imx/ipuv3-plane.c index 203f247d4854..a323a0db2fc1 100644 --- a/drivers/gpu/drm/imx/ipuv3-plane.c +++ b/drivers/gpu/drm/imx/ipuv3-plane.c @@ -375,9 +375,9 @@ static int ipu_plane_atomic_check(struct drm_plane *plane, if (ret) return ret; - /* CRTC should be enabled */ + /* nothing to check when disabling or disabled */ if (!crtc_state->enable) - return -EINVAL; + return 0; switch (plane->type) { case DRM_PLANE_TYPE_PRIMARY: -- 2.19.1

6 years, 6 months

1
43
0 0

[PATCH AUTOSEL 4.20 01/52] drm/imx: ignore plane updates on disabled crtcs

by Sasha Levin

From: Philipp Zabel <p.zabel(a)pengutronix.de> [ Upstream commit 4fb873c9648e383206e0a91cef9b03aa54066aca ] This patch fixes backtraces like the following when sending SIGKILL to a process with a currently pending plane update: [drm:ipu_plane_atomic_check] CRTC should be enabled [drm:drm_framebuffer_remove] *ERROR* failed to commit ------------[ cut here ]------------ WARNING: CPU: 3 PID: 63 at drivers/gpu/drm/drm_framebuffer.c:926 drm_framebuffer_remove+0x47c/0x498 atomic remove_fb failed with -22 Signed-off-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/imx/ipuv3-plane.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/imx/ipuv3-plane.c b/drivers/gpu/drm/imx/ipuv3-plane.c index 40605fdf0e33..b1f327dcea99 100644 --- a/drivers/gpu/drm/imx/ipuv3-plane.c +++ b/drivers/gpu/drm/imx/ipuv3-plane.c @@ -372,9 +372,9 @@ static int ipu_plane_atomic_check(struct drm_plane *plane, if (ret) return ret; - /* CRTC should be enabled */ + /* nothing to check when disabling or disabled */ if (!crtc_state->enable) - return -EINVAL; + return 0; switch (plane->type) { case DRM_PLANE_TYPE_PRIMARY: -- 2.19.1

6 years, 6 months

1
51
0 0

[PATCH AUTOSEL 4.20 01/81] ARM: OMAP: dts: N950/N9: fix onenand timings

by Sasha Levin

From: Aaro Koskinen <aaro.koskinen(a)iki.fi> [ Upstream commit 8443e4843e1c2594bf5664e1d993a1be71d1befb ] Commit a758f50f10cf ("mtd: onenand: omap2: Configure driver from DT") started using DT specified timings for GPMC, and as a result the OneNAND stopped working on N950/N9 as we had wrong values in the DT. Fix by updating the values to bootloader timings that have been tested to be working on both Nokia N950 and N9. Fixes: a758f50f10cf ("mtd: onenand: omap2: Configure driver from DT") Signed-off-by: Aaro Koskinen <aaro.koskinen(a)iki.fi> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/arm/boot/dts/omap3-n950-n9.dtsi | 42 ++++++++++++++++++---------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/arch/arm/boot/dts/omap3-n950-n9.dtsi b/arch/arm/boot/dts/omap3-n950-n9.dtsi index 0d9b85317529b..e142e6c70a59f 100644 --- a/arch/arm/boot/dts/omap3-n950-n9.dtsi +++ b/arch/arm/boot/dts/omap3-n950-n9.dtsi @@ -370,6 +370,19 @@ compatible = "ti,omap2-onenand"; reg = <0 0 0x20000>; /* CS0, offset 0, IO size 128K */ + /* + * These timings are based on CONFIG_OMAP_GPMC_DEBUG=y reported + * bootloader set values when booted with v4.19 using both N950 + * and N9 devices (OneNAND Manufacturer: Samsung): + * + * gpmc cs0 before gpmc_cs_program_settings: + * cs0 GPMC_CS_CONFIG1: 0xfd001202 + * cs0 GPMC_CS_CONFIG2: 0x00181800 + * cs0 GPMC_CS_CONFIG3: 0x00030300 + * cs0 GPMC_CS_CONFIG4: 0x18001804 + * cs0 GPMC_CS_CONFIG5: 0x03171d1d + * cs0 GPMC_CS_CONFIG6: 0x97080000 + */ gpmc,sync-read; gpmc,sync-write; gpmc,burst-length = <16>; @@ -379,26 +392,27 @@ gpmc,device-width = <2>; gpmc,mux-add-data = <2>; gpmc,cs-on-ns = <0>; - gpmc,cs-rd-off-ns = <87>; - gpmc,cs-wr-off-ns = <87>; + gpmc,cs-rd-off-ns = <122>; + gpmc,cs-wr-off-ns = <122>; gpmc,adv-on-ns = <0>; - gpmc,adv-rd-off-ns = <10>; - gpmc,adv-wr-off-ns = <10>; - gpmc,oe-on-ns = <15>; - gpmc,oe-off-ns = <87>; + gpmc,adv-rd-off-ns = <15>; + gpmc,adv-wr-off-ns = <15>; + gpmc,oe-on-ns = <20>; + gpmc,oe-off-ns = <122>; gpmc,we-on-ns = <0>; - gpmc,we-off-ns = <87>; - gpmc,rd-cycle-ns = <112>; - gpmc,wr-cycle-ns = <112>; - gpmc,access-ns = <81>; + gpmc,we-off-ns = <122>; + gpmc,rd-cycle-ns = <148>; + gpmc,wr-cycle-ns = <148>; + gpmc,access-ns = <117>; gpmc,page-burst-access-ns = <15>; gpmc,bus-turnaround-ns = <0>; gpmc,cycle2cycle-delay-ns = <0>; gpmc,wait-monitoring-ns = <0>; - gpmc,clk-activation-ns = <5>; - gpmc,wr-data-mux-bus-ns = <30>; - gpmc,wr-access-ns = <81>; - gpmc,sync-clk-ps = <15000>; + gpmc,clk-activation-ns = <10>; + gpmc,wr-data-mux-bus-ns = <40>; + gpmc,wr-access-ns = <117>; + + gpmc,sync-clk-ps = <15000>; /* TBC; Where this value came? */ /* * MTD partition table corresponding to Nokia's MeeGo 1.2 -- 2.19.1

6 years, 6 months

3
88
0 0

[PATCH AUTOSEL 4.19 01/64] ARM: OMAP: dts: N950/N9: fix onenand timings

by Sasha Levin

From: Aaro Koskinen <aaro.koskinen(a)iki.fi> [ Upstream commit 8443e4843e1c2594bf5664e1d993a1be71d1befb ] Commit a758f50f10cf ("mtd: onenand: omap2: Configure driver from DT") started using DT specified timings for GPMC, and as a result the OneNAND stopped working on N950/N9 as we had wrong values in the DT. Fix by updating the values to bootloader timings that have been tested to be working on both Nokia N950 and N9. Fixes: a758f50f10cf ("mtd: onenand: omap2: Configure driver from DT") Signed-off-by: Aaro Koskinen <aaro.koskinen(a)iki.fi> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/arm/boot/dts/omap3-n950-n9.dtsi | 42 ++++++++++++++++++---------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/arch/arm/boot/dts/omap3-n950-n9.dtsi b/arch/arm/boot/dts/omap3-n950-n9.dtsi index 0d9b85317529b..e142e6c70a59f 100644 --- a/arch/arm/boot/dts/omap3-n950-n9.dtsi +++ b/arch/arm/boot/dts/omap3-n950-n9.dtsi @@ -370,6 +370,19 @@ compatible = "ti,omap2-onenand"; reg = <0 0 0x20000>; /* CS0, offset 0, IO size 128K */ + /* + * These timings are based on CONFIG_OMAP_GPMC_DEBUG=y reported + * bootloader set values when booted with v4.19 using both N950 + * and N9 devices (OneNAND Manufacturer: Samsung): + * + * gpmc cs0 before gpmc_cs_program_settings: + * cs0 GPMC_CS_CONFIG1: 0xfd001202 + * cs0 GPMC_CS_CONFIG2: 0x00181800 + * cs0 GPMC_CS_CONFIG3: 0x00030300 + * cs0 GPMC_CS_CONFIG4: 0x18001804 + * cs0 GPMC_CS_CONFIG5: 0x03171d1d + * cs0 GPMC_CS_CONFIG6: 0x97080000 + */ gpmc,sync-read; gpmc,sync-write; gpmc,burst-length = <16>; @@ -379,26 +392,27 @@ gpmc,device-width = <2>; gpmc,mux-add-data = <2>; gpmc,cs-on-ns = <0>; - gpmc,cs-rd-off-ns = <87>; - gpmc,cs-wr-off-ns = <87>; + gpmc,cs-rd-off-ns = <122>; + gpmc,cs-wr-off-ns = <122>; gpmc,adv-on-ns = <0>; - gpmc,adv-rd-off-ns = <10>; - gpmc,adv-wr-off-ns = <10>; - gpmc,oe-on-ns = <15>; - gpmc,oe-off-ns = <87>; + gpmc,adv-rd-off-ns = <15>; + gpmc,adv-wr-off-ns = <15>; + gpmc,oe-on-ns = <20>; + gpmc,oe-off-ns = <122>; gpmc,we-on-ns = <0>; - gpmc,we-off-ns = <87>; - gpmc,rd-cycle-ns = <112>; - gpmc,wr-cycle-ns = <112>; - gpmc,access-ns = <81>; + gpmc,we-off-ns = <122>; + gpmc,rd-cycle-ns = <148>; + gpmc,wr-cycle-ns = <148>; + gpmc,access-ns = <117>; gpmc,page-burst-access-ns = <15>; gpmc,bus-turnaround-ns = <0>; gpmc,cycle2cycle-delay-ns = <0>; gpmc,wait-monitoring-ns = <0>; - gpmc,clk-activation-ns = <5>; - gpmc,wr-data-mux-bus-ns = <30>; - gpmc,wr-access-ns = <81>; - gpmc,sync-clk-ps = <15000>; + gpmc,clk-activation-ns = <10>; + gpmc,wr-data-mux-bus-ns = <40>; + gpmc,wr-access-ns = <117>; + + gpmc,sync-clk-ps = <15000>; /* TBC; Where this value came? */ /* * MTD partition table corresponding to Nokia's MeeGo 1.2 -- 2.19.1

6 years, 6 months

3
67
0 0

[PATCH 18/20] KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()

by Leonardo Bras

From: Paul Mackerras <paulus(a)ozlabs.org> Since commit e641a317830b ("KVM: PPC: Book3S HV: Unify dirty page map between HPT and radix", 2017-10-26), kvm_unmap_radix() computes the number of PAGE_SIZEd pages being unmapped and passes it to kvmppc_update_dirty_map(), which expects to be passed the page size instead. Consequently it will only mark one system page dirty even when a large page (for example a THP page) is being unmapped. The consequence of this is that part of the THP page might not get copied during live migration, resulting in memory corruption for the guest. This fixes it by computing and passing the page size in kvm_unmap_radix(). Cc: stable(a)vger.kernel.org # v4.15+ Fixes: e641a317830b (KVM: PPC: Book3S HV: Unify dirty page map between HPT and radix) Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org> Signed-off-by: Leonardo Bras <leonardo(a)linux.ibm.com> --- arch/powerpc/kvm/book3s_64_mmu_radix.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c index 176f911ee983..7efc42538ccf 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c @@ -738,10 +738,10 @@ int kvm_unmap_radix(struct kvm *kvm, struct kvm_memory_slot *memslot, gpa, shift); kvmppc_radix_tlbie_page(kvm, gpa, shift); if ((old & _PAGE_DIRTY) && memslot->dirty_bitmap) { - unsigned long npages = 1; + unsigned long psize = PAGE_SIZE; if (shift) - npages = 1ul << (shift - PAGE_SHIFT); - kvmppc_update_dirty_map(memslot, gfn, npages); + psize = 1ul << shift; + kvmppc_update_dirty_map(memslot, gfn, psize); } } return 0; -- 2.20.1

6 years, 6 months

1
0
0 0

Re: [tip:x86/cpu] x86/CPU/AMD: Set the CPB bit unconditionally on F17h

by Borislav Petkov

On Fri, Jan 18, 2019 at 07:48:59AM -0800, tip-bot for Jiaxun Yang wrote: > Commit-ID: 0237199186e7a4aa5310741f0a6498a20c820fd7 > Gitweb: https://git.kernel.org/tip/0237199186e7a4aa5310741f0a6498a20c820fd7 > Author: Jiaxun Yang <jiaxun.yang(a)flygoat.com> > AuthorDate: Tue, 20 Nov 2018 11:00:18 +0800 > Committer: Borislav Petkov <bp(a)suse.de> > CommitDate: Fri, 18 Jan 2019 16:44:03 +0100 > > x86/CPU/AMD: Set the CPB bit unconditionally on F17h > > Some F17h models do not have CPB set in CPUID even though the CPU > supports it. Set the feature bit unconditionally on all F17h. > > [ bp: Rewrite commit message and patch. ] > > Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> > Signed-off-by: Borislav Petkov <bp(a)suse.de> > Acked-by: Tom Lendacky <thomas.lendacky(a)amd.com> > Cc: "H. Peter Anvin" <hpa(a)zytor.com> > Cc: Ingo Molnar <mingo(a)redhat.com> > Cc: Sherry Hurwitz <sherry.hurwitz(a)amd.com> > Cc: Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Cc: x86-ml <x86(a)kernel.org> > Link: https://lkml.kernel.org/r/20181120030018.5185-1-jiaxun.yang@flygoat.com > --- > arch/x86/kernel/cpu/amd.c | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index 69f6bbb41be0..01004bfb1a1b 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -819,11 +819,9 @@ static void init_amd_bd(struct cpuinfo_x86 *c) > static void init_amd_zn(struct cpuinfo_x86 *c) > { > set_cpu_cap(c, X86_FEATURE_ZEN); > - /* > - * Fix erratum 1076: CPB feature bit not being set in CPUID. It affects > - * all up to and including B1. > - */ > - if (c->x86_model <= 1 && c->x86_stepping <= 1) > + > + /* Fix erratum 1076: CPB feature bit not being set in CPUID. */ > + if (!cpu_has(c, X86_FEATURE_CPB)) > set_cpu_cap(c, X86_FEATURE_CPB); Stable folks, please take this one above into those stable trees which have backported f7f3dc00f612 ("x86/cpu/AMD: Fix erratum 1076 (CPB bit)") Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.

6 years, 6 months

3
4
0 0

[PULL 1/1] vfio: ccw: only free cp on final interrupt

by Cornelia Huck

When we get an interrupt for a channel program, it is not necessarily the final interrupt; for example, the issuing guest may request an intermediate interrupt by specifying the program-controlled-interrupt flag on a ccw. We must not switch the state to idle if the interrupt is not yet final; even more importantly, we must not free the translated channel program if the interrupt is not yet final, or the host can crash during cp rewind. Fixes: e5f84dbaea59 ("vfio: ccw: return I/O results asynchronously") Cc: stable(a)vger.kernel.org # v4.12+ Reviewed-by: Eric Farman <farman(a)linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> --- drivers/s390/cio/vfio_ccw_drv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c index a10cec0e86eb..0b3b9de45c60 100644 --- a/drivers/s390/cio/vfio_ccw_drv.c +++ b/drivers/s390/cio/vfio_ccw_drv.c @@ -72,20 +72,24 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work) { struct vfio_ccw_private *private; struct irb *irb; + bool is_final; private = container_of(work, struct vfio_ccw_private, io_work); irb = &private->irb; + is_final = !(scsw_actl(&irb->scsw) & + (SCSW_ACTL_DEVACT | SCSW_ACTL_SCHACT)); if (scsw_is_solicited(&irb->scsw)) { cp_update_scsw(&private->cp, &irb->scsw); - cp_free(&private->cp); + if (is_final) + cp_free(&private->cp); } memcpy(private->io_region->irb_area, irb, sizeof(*irb)); if (private->io_trigger) eventfd_signal(private->io_trigger, 1); - if (private->mdev) + if (private->mdev && is_final) private->state = VFIO_CCW_STATE_IDLE; } -- 2.17.2

6 years, 6 months

1
0
0 0

[PATCH AUTOSEL 4.20 01/72] vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel

by Sasha Levin

From: Su Yanjun <suyj.fnst(a)cn.fujitsu.com> [ Upstream commit dd9ee3444014e8f28c0eefc9fffc9ac9c5248c12 ] Recently we run a network test over ipcomp virtual tunnel.We find that if a ipv4 packet needs fragment, then the peer can't receive it. We deep into the code and find that when packet need fragment the smaller fragment will be encapsulated by ipip not ipcomp. So when the ipip packet goes into xfrm, it's skb->dev is not properly set. The ipv4 reassembly code always set skb'dev to the last fragment's dev. After ipv4 defrag processing, when the kernel rp_filter parameter is set, the skb will be drop by -EXDEV error. This patch adds compatible support for the ipip process in ipcomp virtual tunnel. Signed-off-by: Su Yanjun <suyj.fnst(a)cn.fujitsu.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/ipv4/ip_vti.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index d7b43e700023a..68a21bf75dd0b 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -74,6 +74,33 @@ static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi, return 0; } +static int vti_input_ipip(struct sk_buff *skb, int nexthdr, __be32 spi, + int encap_type) +{ + struct ip_tunnel *tunnel; + const struct iphdr *iph = ip_hdr(skb); + struct net *net = dev_net(skb->dev); + struct ip_tunnel_net *itn = net_generic(net, vti_net_id); + + tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, + iph->saddr, iph->daddr, 0); + if (tunnel) { + if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) + goto drop; + + XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel; + + skb->dev = tunnel->dev; + + return xfrm_input(skb, nexthdr, spi, encap_type); + } + + return -EINVAL; +drop: + kfree_skb(skb); + return 0; +} + static int vti_rcv(struct sk_buff *skb) { XFRM_SPI_SKB_CB(skb)->family = AF_INET; @@ -82,6 +109,14 @@ static int vti_rcv(struct sk_buff *skb) return vti_input(skb, ip_hdr(skb)->protocol, 0, 0); } +static int vti_rcv_ipip(struct sk_buff *skb) +{ + XFRM_SPI_SKB_CB(skb)->family = AF_INET; + XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); + + return vti_input_ipip(skb, ip_hdr(skb)->protocol, ip_hdr(skb)->saddr, 0); +} + static int vti_rcv_cb(struct sk_buff *skb, int err) { unsigned short family; @@ -435,6 +470,12 @@ static struct xfrm4_protocol vti_ipcomp4_protocol __read_mostly = { .priority = 100, }; +static struct xfrm_tunnel ipip_handler __read_mostly = { + .handler = vti_rcv_ipip, + .err_handler = vti4_err, + .priority = 0, +}; + static int __net_init vti_init_net(struct net *net) { int err; @@ -603,6 +644,13 @@ static int __init vti_init(void) if (err < 0) goto xfrm_proto_comp_failed; + msg = "ipip tunnel"; + err = xfrm4_tunnel_register(&ipip_handler, AF_INET); + if (err < 0) { + pr_info("%s: cant't register tunnel\n",__func__); + goto xfrm_tunnel_failed; + } + msg = "netlink interface"; err = rtnl_link_register(&vti_link_ops); if (err < 0) @@ -612,6 +660,8 @@ static int __init vti_init(void) rtnl_link_failed: xfrm4_protocol_deregister(&vti_ipcomp4_protocol, IPPROTO_COMP); +xfrm_tunnel_failed: + xfrm4_tunnel_deregister(&ipip_handler, AF_INET); xfrm_proto_comp_failed: xfrm4_protocol_deregister(&vti_ah4_protocol, IPPROTO_AH); xfrm_proto_ah_failed: -- 2.19.1

6 years, 6 months

2
73
0 0

[PATCH] staging: erofs: fix to handle error path of erofs_vmap()

by Chao Yu

From: Chao Yu <yuchao0(a)huawei.com> erofs_vmap() wrapped vmap() and vm_map_ram() to return virtual continuous memory, but both of them can failed due to a lot of reason, previously, erofs_vmap()'s callers didn't handle them, which can potentially cause NULL pointer access, fix it. Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support") Fixes: 0d40d6e399c1 ("staging: erofs: add a generic z_erofs VLE decompressor") Cc: <stable(a)vger.kernel.org> # 4.19+ Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- drivers/staging/erofs/unzip_vle.c | 4 ++++ drivers/staging/erofs/unzip_vle_lz4.c | 7 +++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/staging/erofs/unzip_vle.c b/drivers/staging/erofs/unzip_vle.c index 2b5951f233db..396f38b1c1b2 100644 --- a/drivers/staging/erofs/unzip_vle.c +++ b/drivers/staging/erofs/unzip_vle.c @@ -1010,6 +1010,10 @@ static int z_erofs_vle_unzip(struct super_block *sb, skip_allocpage: vout = erofs_vmap(pages, nr_pages); + if (!vout) { + err = -ENOMEM; + goto out; + } err = z_erofs_vle_unzip_vmap(compressed_pages, clusterpages, vout, llen, work->pageofs, overlapped); diff --git a/drivers/staging/erofs/unzip_vle_lz4.c b/drivers/staging/erofs/unzip_vle_lz4.c index 8e8d705a6861..cff293710663 100644 --- a/drivers/staging/erofs/unzip_vle_lz4.c +++ b/drivers/staging/erofs/unzip_vle_lz4.c @@ -137,10 +137,13 @@ int z_erofs_vle_unzip_fast_percpu(struct page **compressed_pages, nr_pages = DIV_ROUND_UP(outlen + pageofs, PAGE_SIZE); - if (clusterpages == 1) + if (clusterpages == 1) { vin = kmap_atomic(compressed_pages[0]); - else + } else { vin = erofs_vmap(compressed_pages, clusterpages); + if (!vin) + return -ENOMEM; + } preempt_disable(); vout = erofs_pcpubuf[smp_processor_id()].data; -- 2.18.0

6 years, 6 months

1
0
0 0

[PATCH] ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier

by Konstantin Khlebnikov

free_user() could be called in atomic context. This patch uses non-sleeping cleanup_srcu_struct_quiesced(). At this stage atomic refcount is zero, thus all read-sections should have been ended. Example: BUG: sleeping function called from invalid context at kernel/workqueue.c:2856 in_atomic(): 1, irqs_disabled(): 0, pid: 177, name: ksoftirqd/27 CPU: 27 PID: 177 Comm: ksoftirqd/27 Not tainted 4.19.25-3 #1 Hardware name: AIC 1S-HV26-08/MB-DPSB04-06, BIOS IVYBV060 10/21/2015 Call Trace: dump_stack+0x5c/0x7b ___might_sleep+0xec/0x110 __flush_work+0x48/0x1f0 ? try_to_del_timer_sync+0x4d/0x80 _cleanup_srcu_struct+0x104/0x140 free_user+0x18/0x30 [ipmi_msghandler] ipmi_free_recv_msg+0x3a/0x50 [ipmi_msghandler] deliver_response+0xbd/0xd0 [ipmi_msghandler] deliver_local_response+0xe/0x30 [ipmi_msghandler] handle_one_recv_msg+0x163/0xc80 [ipmi_msghandler] ? dequeue_entity+0xa0/0x960 handle_new_recv_msgs+0x15c/0x1f0 [ipmi_msghandler] tasklet_action_common.isra.22+0x103/0x120 __do_softirq+0xf8/0x2d7 run_ksoftirqd+0x26/0x50 smpboot_thread_fn+0x11d/0x1e0 kthread+0x103/0x140 ? sort_range+0x20/0x20 ? kthread_destroy_worker+0x40/0x40 ret_from_fork+0x1f/0x40 Fixes: 77f8269606bf ("ipmi: fix use-after-free of user->release_barrier.rda") Signed-off-by: Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> Cc: stable(a)vger.kernel.org # 4.18 Cc: Yang Yingliang <yangyingliang(a)huawei.com> Cc: Corey Minyard <cminyard(a)mvista.com> --- drivers/char/ipmi/ipmi_msghandler.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index e8ba67834746..c35f2bcbaa23 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -1260,7 +1260,12 @@ EXPORT_SYMBOL(ipmi_get_smi_info); static void free_user(struct kref *ref) { struct ipmi_user *user = container_of(ref, struct ipmi_user, refcount); - cleanup_srcu_struct(&user->release_barrier); + + /* + * Cleanup without waiting. This could be called in atomic context. + * Refcount is zero: all read-sections should have been ended. + */ + cleanup_srcu_struct_quiesced(&user->release_barrier); kfree(user); }

6 years, 6 months

2
1
0 0

[PATCH] vfio: ccw: only free cp on final interrupt

by Cornelia Huck

When we get an interrupt for a channel program, it is not necessarily the final interrupt; for example, the issuing guest may request an intermediate interrupt by specifying the program-controlled-interrupt flag on a ccw. We must not switch the state to idle if the interrupt is not yet final; even more importantly, we must not free the translated channel program if the interrupt is not yet final, or the host can crash during cp rewind. Fixes: e5f84dbaea59 ("vfio: ccw: return I/O results asynchronously") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Cornelia Huck <cohuck(a)redhat.com> --- Previously part of "vfio-ccw: rework ssch state handling". Please review, I plan to send a pull req asap. --- drivers/s390/cio/vfio_ccw_drv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c index a10cec0e86eb..0b3b9de45c60 100644 --- a/drivers/s390/cio/vfio_ccw_drv.c +++ b/drivers/s390/cio/vfio_ccw_drv.c @@ -72,20 +72,24 @@ static void vfio_ccw_sch_io_todo(struct work_struct *work) { struct vfio_ccw_private *private; struct irb *irb; + bool is_final; private = container_of(work, struct vfio_ccw_private, io_work); irb = &private->irb; + is_final = !(scsw_actl(&irb->scsw) & + (SCSW_ACTL_DEVACT | SCSW_ACTL_SCHACT)); if (scsw_is_solicited(&irb->scsw)) { cp_update_scsw(&private->cp, &irb->scsw); - cp_free(&private->cp); + if (is_final) + cp_free(&private->cp); } memcpy(private->io_region->irb_area, irb, sizeof(*irb)); if (private->io_trigger) eventfd_signal(private->io_trigger, 1); - if (private->mdev) + if (private->mdev && is_final) private->state = VFIO_CCW_STATE_IDLE; } -- 2.17.2

6 years, 6 months

2
1
0 0

✅ PASS: Stable queue: queue-5.0

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 283506fcd65d Stable queue: queue-5.0 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK We hope that these logs can help you find the problem quickly. For the full detail on our testing procedures, please scroll to the bottom of this message. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: 283506fcd65d Stable queue: queue-5.0 We then merged the patchset with `git am`: media-uvcvideo-fix-type-check-leading-to-overflow.patch Compile testing --------------- We compiled the kernel for 3 architectures: arm64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/aarch64/34db4a16da5b49964cefe6f56c… powerpc: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/ppc64le/137dad9d0c9074d5a906c1302a… x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/x86_64/0402d49463ebfcd246905f0c80b… Hardware testing ---------------- We booted each kernel and ran the following tests: arm64: https://beaker.engineering.redhat.com/jobs/3405949 Boot test [0] LTP lite - release 20190115 [1] AMTU (Abstract Machine Test Utility) [2] httpd: mod_ssl smoke sanity [3] ⚠ httpd: php sanity [4] ⚠ tuned: tune-processes-through-perf [5] ⚠ powerpc: https://beaker.engineering.redhat.com/jobs/3405948 Boot test [0] LTP lite - release 20190115 [1] AMTU (Abstract Machine Test Utility) [2] httpd: mod_ssl smoke sanity [3] ⚠ httpd: php sanity [4] ⚠ tuned: tune-processes-through-perf [5] ⚠ x86_64: https://beaker.engineering.redhat.com/jobs/3405950 Boot test [0] LTP lite - release 20190115 [1] AMTU (Abstract Machine Test Utility) [2] httpd: mod_ssl smoke sanity [3] ⚠ httpd: php sanity [4] ⚠ tuned: tune-processes-through-perf [5] ⚠ Test source: [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… Experimental tests (marked with ⚠ ) ----------------------------------- This test run included experimental tests. These tests are still under development and they may not pass or fail correctly under certain conditions.

6 years, 6 months

1
0
0 0

Please apply 47bb117911b0 (media) to stable, 3.18+

by Alistair Strachan

Please could the following change be applied to the stable trees: commit 47bb117911b051bbc90764a8bff96543cbd2005f Author: Alistair Strachan <astrachan(a)google.com> Date: Tue Dec 18 20:32:48 2018 -0500 media: uvcvideo: Fix 'type' check leading to overflow This change applies cleanly to 3.18+. It is in Linus's tree. This change fixes a potential buffer overflow if a specially crafted USB video device is attached to a system with kernel support for uvcvideo. (I mistakenly did not Cc: stable@ with the original change.) Thanks!

6 years, 6 months

2
1
0 0

[PATCH for-5.0 1/2] staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()

by Gao Xiang

commit 419d6efc50e94bcf5d6b35cd8c71f79edadec564 upstream. As Al pointed out, " ... and while we are at it, what happens to unsigned int nameoff = le16_to_cpu(de[mid].nameoff); unsigned int matched = min(startprfx, endprfx); struct qstr dname = QSTR_INIT(data + nameoff, unlikely(mid >= ndirents - 1) ? maxsize - nameoff : le16_to_cpu(de[mid + 1].nameoff) - nameoff); /* string comparison without already matched prefix */ int ret = dirnamecmp(name, &dname, &matched); if le16_to_cpu(de[...].nameoff) is not monotonically increasing? I.e. what's to prevent e.g. (unsigned)-1 ending up in dname.len? Corrupted fs image shouldn't oops the kernel.. " Revisit the related lookup flow to address the issue. Fixes: d72d1ce60174 ("staging: erofs: add namei functions") Cc: <stable(a)vger.kernel.org> # 4.19+ Suggested-by: Al Viro <viro(a)ZenIV.linux.org.uk> Signed-off-by: Gao Xiang <gaoxiang25(a)huawei.com> --- This series resolves the following conflicts: FAILED: patch "[PATCH] staging: erofs: keep corrupted fs from crashing kernel in" failed to apply to 5.0-stable tree FAILED: patch "[PATCH] staging: erofs: compressed_pages should not be accessed again" failed to apply to 5.0-stable tree drivers/staging/erofs/namei.c | 183 ++++++++++++++++++++++-------------------- 1 file changed, 97 insertions(+), 86 deletions(-) diff --git a/drivers/staging/erofs/namei.c b/drivers/staging/erofs/namei.c index 5596c52e246d..ecc51ef0753f 100644 --- a/drivers/staging/erofs/namei.c +++ b/drivers/staging/erofs/namei.c @@ -15,74 +15,77 @@ #include <trace/events/erofs.h> -/* based on the value of qn->len is accurate */ -static inline int dirnamecmp(struct qstr *qn, - struct qstr *qd, unsigned int *matched) +struct erofs_qstr { + const unsigned char *name; + const unsigned char *end; +}; + +/* based on the end of qn is accurate and it must have the trailing '\0' */ +static inline int dirnamecmp(const struct erofs_qstr *qn, + const struct erofs_qstr *qd, + unsigned int *matched) { - unsigned int i = *matched, len = min(qn->len, qd->len); -loop: - if (unlikely(i >= len)) { - *matched = i; - if (qn->len < qd->len) { - /* - * actually (qn->len == qd->len) - * when qd->name[i] == '\0' - */ - return qd->name[i] == '\0' ? 0 : -1; + unsigned int i = *matched; + + /* + * on-disk error, let's only BUG_ON in the debugging mode. + * otherwise, it will return 1 to just skip the invalid name + * and go on (in consideration of the lookup performance). + */ + DBG_BUGON(qd->name > qd->end); + + /* qd could not have trailing '\0' */ + /* However it is absolutely safe if < qd->end */ + while (qd->name + i < qd->end && qd->name[i] != '\0') { + if (qn->name[i] != qd->name[i]) { + *matched = i; + return qn->name[i] > qd->name[i] ? 1 : -1; } - return (qn->len > qd->len); + ++i; } - - if (qn->name[i] != qd->name[i]) { - *matched = i; - return qn->name[i] > qd->name[i] ? 1 : -1; - } - - ++i; - goto loop; + *matched = i; + /* See comments in __d_alloc on the terminating NUL character */ + return qn->name[i] == '\0' ? 0 : 1; } -static struct erofs_dirent *find_target_dirent( - struct qstr *name, - u8 *data, int maxsize) +#define nameoff_from_disk(off, sz) (le16_to_cpu(off) & ((sz) - 1)) + +static struct erofs_dirent *find_target_dirent(struct erofs_qstr *name, + u8 *data, + unsigned int dirblksize, + const int ndirents) { - unsigned int ndirents, head, back; + int head, back; unsigned int startprfx, endprfx; struct erofs_dirent *const de = (struct erofs_dirent *)data; - /* make sure that maxsize is valid */ - BUG_ON(maxsize < sizeof(struct erofs_dirent)); - - ndirents = le16_to_cpu(de->nameoff) / sizeof(*de); - - /* corrupted dir (may be unnecessary...) */ - BUG_ON(!ndirents); - - head = 0; + /* since the 1st dirent has been evaluated previously */ + head = 1; back = ndirents - 1; startprfx = endprfx = 0; while (head <= back) { - unsigned int mid = head + (back - head) / 2; - unsigned int nameoff = le16_to_cpu(de[mid].nameoff); + const int mid = head + (back - head) / 2; + const int nameoff = nameoff_from_disk(de[mid].nameoff, + dirblksize); unsigned int matched = min(startprfx, endprfx); - - struct qstr dname = QSTR_INIT(data + nameoff, - unlikely(mid >= ndirents - 1) ? - maxsize - nameoff : - le16_to_cpu(de[mid + 1].nameoff) - nameoff); + struct erofs_qstr dname = { + .name = data + nameoff, + .end = unlikely(mid >= ndirents - 1) ? + data + dirblksize : + data + nameoff_from_disk(de[mid + 1].nameoff, + dirblksize) + }; /* string comparison without already matched prefix */ int ret = dirnamecmp(name, &dname, &matched); - if (unlikely(!ret)) + if (unlikely(!ret)) { return de + mid; - else if (ret > 0) { + } else if (ret > 0) { head = mid + 1; startprfx = matched; - } else if (unlikely(mid < 1)) /* fix "mid" overflow */ - break; - else { + } else { back = mid - 1; endprfx = matched; } @@ -91,12 +94,12 @@ static struct erofs_dirent *find_target_dirent( return ERR_PTR(-ENOENT); } -static struct page *find_target_block_classic( - struct inode *dir, - struct qstr *name, int *_diff) +static struct page *find_target_block_classic(struct inode *dir, + struct erofs_qstr *name, + int *_ndirents) { unsigned int startprfx, endprfx; - unsigned int head, back; + int head, back; struct address_space *const mapping = dir->i_mapping; struct page *candidate = ERR_PTR(-ENOENT); @@ -105,41 +108,43 @@ static struct page *find_target_block_classic( back = inode_datablocks(dir) - 1; while (head <= back) { - unsigned int mid = head + (back - head) / 2; + const int mid = head + (back - head) / 2; struct page *page = read_mapping_page(mapping, mid, NULL); - if (IS_ERR(page)) { -exact_out: - if (!IS_ERR(candidate)) /* valid candidate */ - put_page(candidate); - return page; - } else { - int diff; - unsigned int ndirents, matched; - struct qstr dname; + if (!IS_ERR(page)) { struct erofs_dirent *de = kmap_atomic(page); - unsigned int nameoff = le16_to_cpu(de->nameoff); - - ndirents = nameoff / sizeof(*de); + const int nameoff = nameoff_from_disk(de->nameoff, + EROFS_BLKSIZ); + const int ndirents = nameoff / sizeof(*de); + int diff; + unsigned int matched; + struct erofs_qstr dname; - /* corrupted dir (should have one entry at least) */ - BUG_ON(!ndirents || nameoff > PAGE_SIZE); + if (unlikely(!ndirents)) { + DBG_BUGON(1); + kunmap_atomic(de); + put_page(page); + page = ERR_PTR(-EIO); + goto out; + } matched = min(startprfx, endprfx); dname.name = (u8 *)de + nameoff; - dname.len = ndirents == 1 ? - /* since the rest of the last page is 0 */ - EROFS_BLKSIZ - nameoff - : le16_to_cpu(de[1].nameoff) - nameoff; + if (ndirents == 1) + dname.end = (u8 *)de + EROFS_BLKSIZ; + else + dname.end = (u8 *)de + + nameoff_from_disk(de[1].nameoff, + EROFS_BLKSIZ); /* string comparison without already matched prefix */ diff = dirnamecmp(name, &dname, &matched); kunmap_atomic(de); if (unlikely(!diff)) { - *_diff = 0; - goto exact_out; + *_ndirents = 0; + goto out; } else if (diff > 0) { head = mid + 1; startprfx = matched; @@ -147,45 +152,51 @@ static struct page *find_target_block_classic( if (likely(!IS_ERR(candidate))) put_page(candidate); candidate = page; + *_ndirents = ndirents; } else { put_page(page); - if (unlikely(mid < 1)) /* fix "mid" overflow */ - break; - back = mid - 1; endprfx = matched; } + continue; } +out: /* free if the candidate is valid */ + if (!IS_ERR(candidate)) + put_page(candidate); + return page; } - *_diff = 1; return candidate; } int erofs_namei(struct inode *dir, - struct qstr *name, - erofs_nid_t *nid, unsigned int *d_type) + struct qstr *name, + erofs_nid_t *nid, unsigned int *d_type) { - int diff; + int ndirents; struct page *page; - u8 *data; + void *data; struct erofs_dirent *de; + struct erofs_qstr qn; if (unlikely(!dir->i_size)) return -ENOENT; - diff = 1; - page = find_target_block_classic(dir, name, &diff); + qn.name = name->name; + qn.end = name->name + name->len; + + ndirents = 0; + page = find_target_block_classic(dir, &qn, &ndirents); if (unlikely(IS_ERR(page))) return PTR_ERR(page); data = kmap_atomic(page); /* the target page has been mapped */ - de = likely(diff) ? - /* since the rest of the last page is 0 */ - find_target_dirent(name, data, EROFS_BLKSIZ) : - (struct erofs_dirent *)data; + if (ndirents) + de = find_target_dirent(&qn, data, EROFS_BLKSIZ, ndirents); + else + de = (struct erofs_dirent *)data; if (likely(!IS_ERR(de))) { *nid = le64_to_cpu(de->nid); -- 2.14.5

6 years, 6 months

1
1
0 0

[PATCH] drm/vkms: fix use-after-free when drm_gem_handle_create() fails

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> If drm_gem_handle_create() fails in vkms_gem_create(), then the vkms_gem_object is freed twice: once when the reference is dropped by drm_gem_object_put_unlocked(), and again by the extra calls to drm_gem_object_release() and kfree(). Fix it by skipping the second release and free. This bug was originally found in the vgem driver by syzkaller using fault injection, but I noticed it's also present in the vkms driver. Fixes: 559e50fd34d1 ("drm/vkms: Add dumb operations") Cc: Rodrigo Siqueira <rodrigosiqueiramelo(a)gmail.com> Cc: Haneen Mohammed <hamohammed.sa(a)gmail.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- drivers/gpu/drm/vkms/vkms_gem.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vkms/vkms_gem.c b/drivers/gpu/drm/vkms/vkms_gem.c index 138b0bb325cf9..69048e73377dc 100644 --- a/drivers/gpu/drm/vkms/vkms_gem.c +++ b/drivers/gpu/drm/vkms/vkms_gem.c @@ -111,11 +111,8 @@ struct drm_gem_object *vkms_gem_create(struct drm_device *dev, ret = drm_gem_handle_create(file, &obj->gem, handle); drm_gem_object_put_unlocked(&obj->gem); - if (ret) { - drm_gem_object_release(&obj->gem); - kfree(obj); + if (ret) return ERR_PTR(ret); - } return &obj->gem; } -- 2.21.0.rc2.261.ga7da99ff1b-goog

6 years, 6 months

4
6
0 0

[tip:sched/core] sched/core: Fix a potential double-fetch bug in sched_copy_attr()

by tip-bot for Kangjie Lu

Commit-ID: 120e4e76857ddbc9268e1aa3f9de61a498e84618 Gitweb: https://git.kernel.org/tip/120e4e76857ddbc9268e1aa3f9de61a498e84618 Author: Kangjie Lu <kjlu(a)umn.edu> AuthorDate: Wed, 9 Jan 2019 01:45:24 -0600 Committer: Ingo Molnar <mingo(a)kernel.org> CommitDate: Mon, 21 Jan 2019 11:26:17 +0100 sched/core: Fix a potential double-fetch bug in sched_copy_attr() "uattr->size" is copied in from user space and checked. However, it is copied in again after the security check. A malicious user may race to change it. The fix sets uattr->size to be the checked size. Signed-off-by: Kangjie Lu <kjlu(a)umn.edu> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: pakki001(a)umn.edu Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20190109074524.10176-1-kjlu@umn.edu Signed-off-by: Ingo Molnar <mingo(a)kernel.org> --- kernel/sched/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index a674c7db2f29..d4d3514c4fe9 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4499,6 +4499,9 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a if (ret) return -EFAULT; + /* In case attr->size was changed by user-space: */ + attr->size = size; + /* * XXX: Do we want to be lenient like existing syscalls; or do we want * to be strict and return an error on out-of-bounds values?

6 years, 6 months

4
5
0 0

Linux 5.0.1

by Greg KH

I'm announcing the release of the 5.0.1 kernel. All users of the 5.0.1 kernel series must upgrade. The updated 5.0.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.0.1.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

6 years, 6 months

1
3
0 0

Linux 4.19.28

by Greg KH

I'm announcing the release of the 4.19.28 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/mips/kernel/irq.c | 4 arch/x86/boot/compressed/pgtable_64.c | 19 +++- arch/x86/kernel/cpu/amd.c | 8 - arch/xtensa/kernel/process.c | 4 drivers/bluetooth/btrtl.c | 10 +- drivers/char/applicom.c | 35 +++++-- drivers/cpufreq/cpufreq.c | 6 - drivers/cpufreq/intel_pstate.c | 23 ++--- drivers/gnss/sirf.c | 32 +++---- drivers/net/dsa/mv88e6xxx/chip.c | 26 ++++- drivers/net/dsa/mv88e6xxx/port.c | 10 +- drivers/net/dsa/mv88e6xxx/port.h | 1 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 + drivers/net/ethernet/marvell/sky2.c | 24 +++++ drivers/net/ethernet/microchip/lan743x_main.c | 16 ++- drivers/net/geneve.c | 11 +- drivers/net/hyperv/netvsc_drv.c | 22 ++++- drivers/net/phy/micrel.c | 13 ++ drivers/net/phy/phylink.c | 4 drivers/net/team/team_mode_loadbalance.c | 15 +++ drivers/net/tun.c | 4 drivers/net/usb/qmi_wwan.c | 26 ++++- drivers/net/xen-netback/hash.c | 2 drivers/net/xen-netback/interface.c | 7 + drivers/net/xen-netback/netback.c | 10 +- drivers/scsi/scsi_lib.c | 1 drivers/staging/android/ashmem.c | 67 ++++++++++----- drivers/staging/android/ion/ion_system_heap.c | 2 drivers/staging/comedi/drivers/ni_660x.c | 1 drivers/staging/erofs/unzip_vle.c | 114 +++++++++++++++----------- drivers/staging/erofs/unzip_vle.h | 3 drivers/staging/erofs/unzip_vle_lz4.c | 20 ++-- drivers/staging/wilc1000/linux_wlan.c | 4 drivers/usb/host/xhci-pci.c | 1 drivers/usb/serial/cp210x.c | 12 ++ drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 2 fs/aio.c | 12 ++ fs/exec.c | 2 include/linux/cpufreq.h | 12 -- include/net/bluetooth/bluetooth.h | 2 include/net/icmp.h | 9 +- include/net/ip.h | 4 include/net/sch_generic.h | 31 ++----- kernel/bpf/verifier.c | 3 kernel/trace/trace_events_filter.c | 5 - net/bluetooth/af_bluetooth.c | 16 ++- net/bluetooth/l2cap_sock.c | 2 net/bluetooth/rfcomm/sock.c | 2 net/bluetooth/sco.c | 2 net/core/gen_stats.c | 2 net/core/net-sysfs.c | 3 net/ipv4/cipso_ipv4.c | 20 +++- net/ipv4/fib_frontend.c | 4 net/ipv4/icmp.c | 7 - net/ipv4/ip_input.c | 9 +- net/ipv4/ip_options.c | 22 +++-- net/ipv4/netlink.c | 17 ++- net/ipv4/route.c | 2 net/ipv6/ip6mr.c | 8 - net/ipv6/route.c | 7 + net/ipv6/sit.c | 1 net/mpls/af_mpls.c | 3 net/netlabel/netlabel_kapi.c | 3 net/nfc/llcp_commands.c | 20 ++++ net/nfc/llcp_core.c | 24 ++++- net/sched/act_ipt.c | 3 net/sched/act_skbedit.c | 3 net/sched/act_tunnel_key.c | 3 net/sched/sch_generic.c | 13 +- net/sched/sch_netem.c | 10 +- net/sctp/socket.c | 1 net/socket.c | 1 net/tipc/socket.c | 8 + tools/testing/selftests/firmware/fw_lib.sh | 2 77 files changed, 603 insertions(+), 270 deletions(-) Ajay Singh (1): staging: wilc1000: fix to set correct value for 'vif_num' Andrew Lunn (2): net: dsa: mv88e6xxx: Fix statistics on mv88e6161 net: dsa: mv88e6xxx: Fix u64 statistics Balaji Manoharan (1): usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI Bart Van Assche (1): aio: Fix locking in aio_poll() Bryan Whitehead (1): lan743x: Fix TX Stall Issue Daniel Borkmann (1): bpf: fix sanitation rewrite in case of non-pointers Daniele Palmas (1): USB: serial: option: add Telit ME910 ECM composition David Ahern (4): ipv4: Return error for RTA_VIA attribute ipv6: Return error for RTA_VIA attribute mpls: Return error for RTA_GATEWAY attribute ipv4: Pass original device to ip_rcv_finish_core Davide Caratti (2): net/sched: act_ipt: fix refcount leak when replace fails net/sched: act_skbedit: fix refcount leak when replace fails Eric Biggers (1): net: socket: set sock->sk to NULL after calling proto_ops::release() Eric Dumazet (1): net: sched: put back q.qlen into a single location Erik Hugne (1): tipc: fix RDM/DGRAM connect() regression Gao Xiang (3): staging: erofs: fix mis-acted TAIL merging behavior staging: erofs: fix illegal address access under memory pressure staging: erofs: compressed_pages should not be accessed again after freed Greg Kroah-Hartman (1): Linux 4.19.28 Gustavo A. R. Silva (2): staging: comedi: ni_660x: fix missing break in switch statement applicom: Fix potential Spectre v1 vulnerabilities Haiyang Zhang (1): hv_netvsc: Fix IP header checksum for coalesced packets Hangbin Liu (1): ipv4: Add ICMPv6 support when parse route ipproto Heiner Kallweit (4): net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90 family net: phy: phylink: fix uninitialized variable in phylink_get_mac_state net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode Ido Schimmel (2): ip6mr: Do not call __IP6_INC_STATS() from preemptible context team: Free BPF filter when unregistering netdev Igor Druzhinin (2): xen-netback: don't populate the hash cache on XenBus disconnect xen-netback: fix occasional leak of grant ref mappings under memory pressure Ivan Mironov (1): USB: serial: cp210x: add ID for Ingenico 3070 Jiaxun Yang (1): x86/CPU/AMD: Set the CPB bit unconditionally on F17h Jiri Benc (1): geneve: correctly handle ipv6.disable module parameter Johan Hovold (1): gnss: sirf: fix premature wakeup interrupt enable Kai-Heng Feng (2): sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 Bluetooth: btrtl: Restore old logic to assume firmware is already loaded Karoly Pados (1): USB: serial: cp210x: fix GPIO in autosuspend Kirill A. Shutemov (1): x86/boot/compressed/64: Do not read legacy ROM on EFI system Kristian Evensen (1): qmi_wwan: Add support for Quectel EG12/EM12 Liu Xiang (1): MIPS: irq: Allocate accurate order pages for irq stack Luis Chamberlain (1): selftests: firmware: fix verify_reqs() return value Mans Rullgard (1): USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 Mao Wenan (1): net: sit: fix memory leak in sit_init_net() Martin Wilck (1): scsi: core: reset host byte in DID_NEXUS_FAILURE case Matthias Kaehlcke (1): Bluetooth: Fix locking in bt_accept_enqueue() for BH context Max Filippov (1): xtensa: fix get_wchan Maxime Chevallier (1): net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X Michael Chan (1): bnxt_en: Drop oversize TX packets to prevent errors. Nazarov Sergey (2): net: Add __icmp_send helper. net: avoid use IPCB in cipso_v4_error Paul Moore (1): netlabel: fix out-of-bounds memory accesses Pavel Tikhomirov (1): tracing: Fix event filters and triggers to handle negative numbers Qing Xia (1): staging: android: ion: fix sys heap pool's gfp_flags Rajasingh Thavamani (1): net: phy: Micrel KSZ8061: link failure after cable connect Sheng Lan (1): net: netem: fix skb length BUG_ON in __skb_to_sgvec Tetsuo Handa (2): staging: android: ashmem: Don't call fallocate() with ashmem_mutex held. staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. Timur Celik (2): tun: fix blocking read tun: remove unnecessary memory barrier Tung Nguyen (1): tipc: fix race condition causing hung sendto Viresh Kumar (1): cpufreq: Use struct kobj_attribute instead of struct global_attr Vlad Buslov (1): net: sched: act_tunnel_key: fix NULL pointer dereference during init Xin Long (1): sctp: call iov_iter_revert() after sending ABORT YueHaibing (3): net-sysfs: Fix mem leak in netdev_register_kobject net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails exec: Fix mem leak in kernel_read_file

6 years, 6 months

1
1
0 0

Linux 4.20.15

by Greg KH

I'm announcing the release of the 4.20.15 kernel. All users of the 4.20 kernel series must upgrade. The updated 4.20.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.20.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/mips/kernel/irq.c | 4 arch/x86/boot/compressed/pgtable_64.c | 19 +++- arch/x86/kernel/cpu/amd.c | 8 - arch/xtensa/kernel/process.c | 4 drivers/android/binder.c | 106 ++++++++++++++++++----- drivers/base/dd.c | 2 drivers/bluetooth/btrtl.c | 10 +- drivers/char/applicom.c | 35 +++++-- drivers/cpufreq/cpufreq.c | 6 - drivers/cpufreq/intel_pstate.c | 23 ++--- drivers/gnss/sirf.c | 32 +++---- drivers/net/dsa/mv88e6xxx/chip.c | 27 ++++-- drivers/net/dsa/mv88e6xxx/port.c | 10 +- drivers/net/dsa/mv88e6xxx/port.h | 1 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 + drivers/net/ethernet/marvell/sky2.c | 24 +++++ drivers/net/ethernet/microchip/lan743x_main.c | 16 ++- drivers/net/ethernet/mscc/ocelot_board.c | 14 ++- drivers/net/geneve.c | 11 +- drivers/net/hyperv/netvsc_drv.c | 22 ++++ drivers/net/phy/micrel.c | 13 ++ drivers/net/phy/phylink.c | 4 drivers/net/team/team_mode_loadbalance.c | 15 +++ drivers/net/tun.c | 4 drivers/net/usb/qmi_wwan.c | 26 ++++- drivers/net/xen-netback/hash.c | 2 drivers/net/xen-netback/interface.c | 7 + drivers/net/xen-netback/netback.c | 10 +- drivers/scsi/scsi_lib.c | 1 drivers/staging/android/ashmem.c | 67 +++++++++------ drivers/staging/android/ion/ion_system_heap.c | 2 drivers/staging/comedi/drivers/ni_660x.c | 1 drivers/staging/erofs/inode.c | 8 - drivers/staging/erofs/internal.h | 11 +- drivers/staging/erofs/unzip_vle.c | 115 ++++++++++++++++---------- drivers/staging/erofs/unzip_vle.h | 3 drivers/staging/erofs/unzip_vle_lz4.c | 19 +--- drivers/staging/erofs/xattr.c | 65 +++++++++++--- drivers/staging/wilc1000/linux_wlan.c | 4 drivers/usb/host/xhci-pci.c | 1 drivers/usb/host/xhci-tegra.c | 4 drivers/usb/serial/cp210x.c | 12 ++ drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 2 fs/aio.c | 12 ++ fs/exec.c | 2 include/linux/cpufreq.h | 12 -- include/net/bluetooth/bluetooth.h | 2 include/net/icmp.h | 9 +- include/net/ip.h | 4 include/net/sch_generic.h | 31 ++----- include/uapi/linux/android/binder.h | 19 ++++ kernel/bpf/verifier.c | 3 kernel/trace/trace_events_filter.c | 5 - net/bluetooth/af_bluetooth.c | 16 ++- net/bluetooth/l2cap_sock.c | 2 net/bluetooth/rfcomm/sock.c | 2 net/bluetooth/sco.c | 2 net/core/gen_stats.c | 2 net/core/net-sysfs.c | 3 net/ipv4/cipso_ipv4.c | 20 +++- net/ipv4/fib_frontend.c | 4 net/ipv4/icmp.c | 7 - net/ipv4/ip_input.c | 9 +- net/ipv4/ip_options.c | 22 +++- net/ipv4/netlink.c | 17 ++- net/ipv4/route.c | 2 net/ipv6/ip6mr.c | 8 - net/ipv6/route.c | 7 + net/ipv6/sit.c | 1 net/mpls/af_mpls.c | 3 net/netlabel/netlabel_kapi.c | 3 net/nfc/llcp_commands.c | 20 ++++ net/nfc/llcp_core.c | 24 ++++- net/sched/act_ipt.c | 3 net/sched/act_skbedit.c | 3 net/sched/act_tunnel_key.c | 3 net/sched/sch_generic.c | 13 +- net/sched/sch_netem.c | 10 +- net/sctp/socket.c | 1 net/socket.c | 1 net/tipc/socket.c | 8 + tools/testing/selftests/firmware/fw_lib.sh | 2 85 files changed, 782 insertions(+), 321 deletions(-) Ajay Singh (1): staging: wilc1000: fix to set correct value for 'vif_num' Andrew Lunn (2): net: dsa: mv88e6xxx: Fix statistics on mv88e6161 net: dsa: mv88e6xxx: Fix u64 statistics Balaji Manoharan (1): usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI Bart Van Assche (1): aio: Fix locking in aio_poll() Bryan Whitehead (1): lan743x: Fix TX Stall Issue Daniel Borkmann (1): bpf: fix sanitation rewrite in case of non-pointers Daniele Palmas (1): USB: serial: option: add Telit ME910 ECM composition David Ahern (4): ipv4: Return error for RTA_VIA attribute ipv6: Return error for RTA_VIA attribute mpls: Return error for RTA_GATEWAY attribute ipv4: Pass original device to ip_rcv_finish_core Davide Caratti (2): net/sched: act_ipt: fix refcount leak when replace fails net/sched: act_skbedit: fix refcount leak when replace fails Eric Biggers (1): net: socket: set sock->sk to NULL after calling proto_ops::release() Eric Dumazet (1): net: sched: put back q.qlen into a single location Erik Hugne (1): tipc: fix RDM/DGRAM connect() regression Gao Xiang (5): staging: erofs: fix mis-acted TAIL merging behavior staging: erofs: fix fast symlink w/o xattr when fs xattr is on staging: erofs: fix race of initializing xattrs of a inode at the same time staging: erofs: fix illegal address access under memory pressure staging: erofs: compressed_pages should not be accessed again after freed Geert Uytterhoeven (1): driver core: Postpone DMA tear-down until after devres release Greg Kroah-Hartman (1): Linux 4.20.15 Gustavo A. R. Silva (2): staging: comedi: ni_660x: fix missing break in switch statement applicom: Fix potential Spectre v1 vulnerabilities Haiyang Zhang (1): hv_netvsc: Fix IP header checksum for coalesced packets Hangbin Liu (1): ipv4: Add ICMPv6 support when parse route ipproto Heiner Kallweit (5): net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init to probe for new DSA framework net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90 family net: phy: phylink: fix uninitialized variable in phylink_get_mac_state net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode Ido Schimmel (2): ip6mr: Do not call __IP6_INC_STATS() from preemptible context team: Free BPF filter when unregistering netdev Igor Druzhinin (2): xen-netback: don't populate the hash cache on XenBus disconnect xen-netback: fix occasional leak of grant ref mappings under memory pressure Ivan Mironov (1): USB: serial: cp210x: add ID for Ingenico 3070 Jiaxun Yang (1): x86/CPU/AMD: Set the CPB bit unconditionally on F17h Jiri Benc (1): geneve: correctly handle ipv6.disable module parameter Johan Hovold (1): gnss: sirf: fix premature wakeup interrupt enable Kai-Heng Feng (2): sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 Bluetooth: btrtl: Restore old logic to assume firmware is already loaded Karoly Pados (1): USB: serial: cp210x: fix GPIO in autosuspend Kavya Sree Kotagiri (1): net: mscc: Enable all ports in QSGMII Kirill A. Shutemov (1): x86/boot/compressed/64: Do not read legacy ROM on EFI system Kristian Evensen (1): qmi_wwan: Add support for Quectel EG12/EM12 Liu Xiang (1): MIPS: irq: Allocate accurate order pages for irq stack Luis Chamberlain (1): selftests: firmware: fix verify_reqs() return value Mans Rullgard (1): USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 Mao Wenan (1): net: sit: fix memory leak in sit_init_net() Martin Wilck (1): scsi: core: reset host byte in DID_NEXUS_FAILURE case Matthias Kaehlcke (1): Bluetooth: Fix locking in bt_accept_enqueue() for BH context Max Filippov (1): xtensa: fix get_wchan Maxime Chevallier (1): net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X Michael Chan (1): bnxt_en: Drop oversize TX packets to prevent errors. Nazarov Sergey (2): net: Add __icmp_send helper. net: avoid use IPCB in cipso_v4_error Paul Moore (1): netlabel: fix out-of-bounds memory accesses Pavel Tikhomirov (1): tracing: Fix event filters and triggers to handle negative numbers Qing Xia (1): staging: android: ion: fix sys heap pool's gfp_flags Rajasingh Thavamani (1): net: phy: Micrel KSZ8061: link failure after cable connect Sheng Lan (1): net: netem: fix skb length BUG_ON in __skb_to_sgvec Sheng Yong (1): staging: erofs: fix memleak of inode's shared xattr array Tetsuo Handa (2): staging: android: ashmem: Don't call fallocate() with ashmem_mutex held. staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. Thierry Reding (1): xhci: tegra: Prevent error pointer dereference Timur Celik (2): tun: fix blocking read tun: remove unnecessary memory barrier Todd Kjos (1): binder: create node flag to request sender's security context Tung Nguyen (1): tipc: fix race condition causing hung sendto Viresh Kumar (1): cpufreq: Use struct kobj_attribute instead of struct global_attr Vlad Buslov (1): net: sched: act_tunnel_key: fix NULL pointer dereference during init Xin Long (1): sctp: call iov_iter_revert() after sending ABORT YueHaibing (3): net-sysfs: Fix mem leak in netdev_register_kobject net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails exec: Fix mem leak in kernel_read_file

6 years, 6 months

1
1
0 0

Build failures in {v3.18,v4.4,v4.9}-stable-queue

by Guenter Roeck

Building xtensa:defconfig ... failed -------------- Error log: arch/xtensa/kernel/process.c: In function 'get_wchan': arch/xtensa/kernel/process.c:314:24: error: implicit declaration of function 'SPILL_SLOT'; did you mean 'PCI_SLOT'? Guenter

6 years, 6 months

2
1
0 0

[PATCH 4.20 00/76] 4.20.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.20.15 release. There are 76 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 10 12:48:49 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.20.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.20.15-rc1 Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sanitation rewrite in case of non-pointers Martin Wilck <mwilck(a)suse.com> scsi: core: reset host byte in DID_NEXUS_FAILURE case YueHaibing <yuehaibing(a)huawei.com> exec: Fix mem leak in kernel_read_file Matthias Kaehlcke <mka(a)chromium.org> Bluetooth: Fix locking in bt_accept_enqueue() for BH context Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: btrtl: Restore old logic to assume firmware is already loaded Luis Chamberlain <mcgrof(a)kernel.org> selftests: firmware: fix verify_reqs() return value Karoly Pados <pados(a)pados.hu> USB: serial: cp210x: fix GPIO in autosuspend Johan Hovold <johan(a)kernel.org> gnss: sirf: fix premature wakeup interrupt enable Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix get_wchan Bart Van Assche <bvanassche(a)acm.org> aio: Fix locking in aio_poll() Liu Xiang <liu.xiang6(a)zte.com.cn> MIPS: irq: Allocate accurate order pages for irq stack Gustavo A. R. Silva <gustavo(a)embeddedor.com> applicom: Fix potential Spectre v1 vulnerabilities Balaji Manoharan <m.balaji(a)intel.com> usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI Thierry Reding <treding(a)nvidia.com> xhci: tegra: Prevent error pointer dereference Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> tracing: Fix event filters and triggers to handle negative numbers Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/boot/compressed/64: Do not read legacy ROM on EFI system Jiaxun Yang <jiaxun.yang(a)flygoat.com> x86/CPU/AMD: Set the CPB bit unconditionally on F17h Vlad Buslov <vladbu(a)mellanox.com> net: sched: act_tunnel_key: fix NULL pointer dereference during init Davide Caratti <dcaratti(a)redhat.com> net/sched: act_skbedit: fix refcount leak when replace fails Davide Caratti <dcaratti(a)redhat.com> net/sched: act_ipt: fix refcount leak when replace fails Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X David Ahern <dsahern(a)gmail.com> ipv4: Pass original device to ip_rcv_finish_core David Ahern <dsahern(a)gmail.com> mpls: Return error for RTA_GATEWAY attribute David Ahern <dsahern(a)gmail.com> ipv6: Return error for RTA_VIA attribute David Ahern <dsahern(a)gmail.com> ipv4: Return error for RTA_VIA attribute Nazarov Sergey <s-nazarov(a)yandex.ru> net: avoid use IPCB in cipso_v4_error Nazarov Sergey <s-nazarov(a)yandex.ru> net: Add __icmp_send helper. Timur Celik <mail(a)timurcelik.de> tun: remove unnecessary memory barrier Igor Druzhinin <igor.druzhinin(a)citrix.com> xen-netback: fix occasional leak of grant ref mappings under memory pressure Igor Druzhinin <igor.druzhinin(a)citrix.com> xen-netback: don't populate the hash cache on XenBus disconnect Timur Celik <mail(a)timurcelik.de> tun: fix blocking read Tung Nguyen <tung.q.nguyen(a)dektech.com.au> tipc: fix race condition causing hung sendto Eric Biggers <ebiggers(a)google.com> net: socket: set sock->sk to NULL after calling proto_ops::release() Mao Wenan <maowenan(a)huawei.com> net: sit: fix memory leak in sit_init_net() Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: phylink: fix uninitialized variable in phylink_get_mac_state Rajasingh Thavamani <T.Rajasingh(a)landisgyr.com> net: phy: Micrel KSZ8061: link failure after cable connect YueHaibing <yuehaibing(a)huawei.com> net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails Sheng Lan <lansheng(a)huawei.com> net: netem: fix skb length BUG_ON in __skb_to_sgvec Paul Moore <paul(a)paul-moore.com> netlabel: fix out-of-bounds memory accesses Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix u64 statistics Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix statistics on mv88e6161 Bryan Whitehead <Bryan.Whitehead(a)microchip.com> lan743x: Fix TX Stall Issue Hangbin Liu <liuhangbin(a)gmail.com> ipv4: Add ICMPv6 support when parse route ipproto Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix IP header checksum for coalesced packets Jiri Benc <jbenc(a)redhat.com> geneve: correctly handle ipv6.disable module parameter Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Drop oversize TX packets to prevent errors. Erik Hugne <erik.hugne(a)gmail.com> tipc: fix RDM/DGRAM connect() regression Ido Schimmel <idosch(a)mellanox.com> team: Free BPF filter when unregistering netdev Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 Xin Long <lucien.xin(a)gmail.com> sctp: call iov_iter_revert() after sending ABORT Kristian Evensen <kristian.evensen(a)gmail.com> qmi_wwan: Add support for Quectel EG12/EM12 YueHaibing <yuehaibing(a)huawei.com> net-sysfs: Fix mem leak in netdev_register_kobject Eric Dumazet <edumazet(a)google.com> net: sched: put back q.qlen into a single location Kavya Sree Kotagiri <kavyasree.kotagiri(a)microchip.com> net: mscc: Enable all ports in QSGMII Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90 family Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init to probe for new DSA framework Ido Schimmel <idosch(a)mellanox.com> ip6mr: Do not call __IP6_INC_STATS() from preemptible context Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> staging: android: ashmem: Don't call fallocate() with ashmem_mutex held. Qing Xia <saberlily.xia(a)hisilicon.com> staging: android: ion: fix sys heap pool's gfp_flags Ajay Singh <ajay.kathat(a)microchip.com> staging: wilc1000: fix to set correct value for 'vif_num' Gustavo A. R. Silva <gustavo(a)embeddedor.com> staging: comedi: ni_660x: fix missing break in switch statement Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: compressed_pages should not be accessed again after freed Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix illegal address access under memory pressure Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix race of initializing xattrs of a inode at the same time Sheng Yong <shengyong1(a)huawei.com> staging: erofs: fix memleak of inode's shared xattr array Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix fast symlink w/o xattr when fs xattr is on Geert Uytterhoeven <geert+renesas(a)glider.be> driver core: Postpone DMA tear-down until after devres release Mans Rullgard <mans(a)mansr.com> USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 Ivan Mironov <mironov.ivan(a)gmail.com> USB: serial: cp210x: add ID for Ingenico 3070 Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit ME910 ECM composition Todd Kjos <tkjos(a)android.com> binder: create node flag to request sender's security context Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix mis-acted TAIL merging behavior Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Use struct kobj_attribute instead of struct global_attr ------------- Diffstat: Makefile | 4 +- arch/mips/kernel/irq.c | 4 +- arch/x86/boot/compressed/pgtable_64.c | 19 ++++- arch/x86/kernel/cpu/amd.c | 8 +- arch/xtensa/kernel/process.c | 4 +- drivers/android/binder.c | 106 ++++++++++++++++++------ drivers/base/dd.c | 2 +- drivers/bluetooth/btrtl.c | 10 ++- drivers/char/applicom.c | 35 +++++--- drivers/cpufreq/cpufreq.c | 6 +- drivers/cpufreq/intel_pstate.c | 23 +++--- drivers/gnss/sirf.c | 32 +++---- drivers/net/dsa/mv88e6xxx/chip.c | 27 ++++-- drivers/net/dsa/mv88e6xxx/port.c | 10 ++- drivers/net/dsa/mv88e6xxx/port.h | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 ++ drivers/net/ethernet/marvell/sky2.c | 24 +++++- drivers/net/ethernet/microchip/lan743x_main.c | 16 +++- drivers/net/ethernet/mscc/ocelot_board.c | 14 +++- drivers/net/geneve.c | 11 ++- drivers/net/hyperv/netvsc_drv.c | 22 ++++- drivers/net/phy/micrel.c | 13 ++- drivers/net/phy/phylink.c | 4 + drivers/net/team/team_mode_loadbalance.c | 15 ++++ drivers/net/tun.c | 4 +- drivers/net/usb/qmi_wwan.c | 26 ++++-- drivers/net/xen-netback/hash.c | 2 + drivers/net/xen-netback/interface.c | 7 ++ drivers/net/xen-netback/netback.c | 10 +-- drivers/scsi/scsi_lib.c | 1 + drivers/staging/android/ashmem.c | 67 +++++++++------ drivers/staging/android/ion/ion_system_heap.c | 2 +- drivers/staging/comedi/drivers/ni_660x.c | 1 + drivers/staging/erofs/inode.c | 8 +- drivers/staging/erofs/internal.h | 11 ++- drivers/staging/erofs/unzip_vle.c | 115 ++++++++++++++++---------- drivers/staging/erofs/unzip_vle.h | 3 +- drivers/staging/erofs/unzip_vle_lz4.c | 19 ++--- drivers/staging/erofs/xattr.c | 65 +++++++++++---- drivers/staging/wilc1000/linux_wlan.c | 4 +- drivers/usb/host/xhci-pci.c | 1 + drivers/usb/host/xhci-tegra.c | 4 +- drivers/usb/serial/cp210x.c | 12 +++ drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 ++ drivers/usb/serial/option.c | 2 + fs/aio.c | 12 ++- fs/exec.c | 2 +- include/linux/cpufreq.h | 12 +-- include/net/bluetooth/bluetooth.h | 2 +- include/net/icmp.h | 9 +- include/net/ip.h | 4 +- include/net/sch_generic.h | 31 +++---- include/uapi/linux/android/binder.h | 19 +++++ kernel/bpf/verifier.c | 3 +- kernel/trace/trace_events_filter.c | 5 +- net/bluetooth/af_bluetooth.c | 16 +++- net/bluetooth/l2cap_sock.c | 2 +- net/bluetooth/rfcomm/sock.c | 2 +- net/bluetooth/sco.c | 2 +- net/core/gen_stats.c | 2 - net/core/net-sysfs.c | 3 + net/ipv4/cipso_ipv4.c | 20 ++++- net/ipv4/fib_frontend.c | 4 + net/ipv4/icmp.c | 7 +- net/ipv4/ip_input.c | 9 +- net/ipv4/ip_options.c | 22 +++-- net/ipv4/netlink.c | 17 +++- net/ipv4/route.c | 2 +- net/ipv6/ip6mr.c | 8 +- net/ipv6/route.c | 7 +- net/ipv6/sit.c | 1 + net/mpls/af_mpls.c | 3 + net/netlabel/netlabel_kapi.c | 3 +- net/nfc/llcp_commands.c | 20 +++++ net/nfc/llcp_core.c | 24 +++++- net/sched/act_ipt.c | 3 +- net/sched/act_skbedit.c | 3 +- net/sched/act_tunnel_key.c | 3 +- net/sched/sch_generic.c | 13 ++- net/sched/sch_netem.c | 10 ++- net/sctp/socket.c | 1 + net/socket.c | 1 + net/tipc/socket.c | 8 +- tools/testing/selftests/firmware/fw_lib.sh | 2 +- 85 files changed, 783 insertions(+), 322 deletions(-)

6 years, 6 months

5
80
0 0

[PATCH 4.19 00/68] 4.19.28-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.28 release. There are 68 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 10 12:48:45 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.28-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.28-rc1 Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sanitation rewrite in case of non-pointers Martin Wilck <mwilck(a)suse.com> scsi: core: reset host byte in DID_NEXUS_FAILURE case YueHaibing <yuehaibing(a)huawei.com> exec: Fix mem leak in kernel_read_file Matthias Kaehlcke <mka(a)chromium.org> Bluetooth: Fix locking in bt_accept_enqueue() for BH context Kai-Heng Feng <kai.heng.feng(a)canonical.com> Bluetooth: btrtl: Restore old logic to assume firmware is already loaded Luis Chamberlain <mcgrof(a)kernel.org> selftests: firmware: fix verify_reqs() return value Karoly Pados <pados(a)pados.hu> USB: serial: cp210x: fix GPIO in autosuspend Johan Hovold <johan(a)kernel.org> gnss: sirf: fix premature wakeup interrupt enable Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix get_wchan Bart Van Assche <bvanassche(a)acm.org> aio: Fix locking in aio_poll() Liu Xiang <liu.xiang6(a)zte.com.cn> MIPS: irq: Allocate accurate order pages for irq stack Gustavo A. R. Silva <gustavo(a)embeddedor.com> applicom: Fix potential Spectre v1 vulnerabilities Balaji Manoharan <m.balaji(a)intel.com> usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> tracing: Fix event filters and triggers to handle negative numbers Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/boot/compressed/64: Do not read legacy ROM on EFI system Jiaxun Yang <jiaxun.yang(a)flygoat.com> x86/CPU/AMD: Set the CPB bit unconditionally on F17h Vlad Buslov <vladbu(a)mellanox.com> net: sched: act_tunnel_key: fix NULL pointer dereference during init Davide Caratti <dcaratti(a)redhat.com> net/sched: act_skbedit: fix refcount leak when replace fails Davide Caratti <dcaratti(a)redhat.com> net/sched: act_ipt: fix refcount leak when replace fails Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X David Ahern <dsahern(a)gmail.com> ipv4: Pass original device to ip_rcv_finish_core David Ahern <dsahern(a)gmail.com> mpls: Return error for RTA_GATEWAY attribute David Ahern <dsahern(a)gmail.com> ipv6: Return error for RTA_VIA attribute David Ahern <dsahern(a)gmail.com> ipv4: Return error for RTA_VIA attribute Nazarov Sergey <s-nazarov(a)yandex.ru> net: avoid use IPCB in cipso_v4_error Nazarov Sergey <s-nazarov(a)yandex.ru> net: Add __icmp_send helper. Timur Celik <mail(a)timurcelik.de> tun: remove unnecessary memory barrier Igor Druzhinin <igor.druzhinin(a)citrix.com> xen-netback: fix occasional leak of grant ref mappings under memory pressure Igor Druzhinin <igor.druzhinin(a)citrix.com> xen-netback: don't populate the hash cache on XenBus disconnect Timur Celik <mail(a)timurcelik.de> tun: fix blocking read Tung Nguyen <tung.q.nguyen(a)dektech.com.au> tipc: fix race condition causing hung sendto Eric Biggers <ebiggers(a)google.com> net: socket: set sock->sk to NULL after calling proto_ops::release() Mao Wenan <maowenan(a)huawei.com> net: sit: fix memory leak in sit_init_net() Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: phylink: fix uninitialized variable in phylink_get_mac_state Rajasingh Thavamani <T.Rajasingh(a)landisgyr.com> net: phy: Micrel KSZ8061: link failure after cable connect YueHaibing <yuehaibing(a)huawei.com> net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails Sheng Lan <lansheng(a)huawei.com> net: netem: fix skb length BUG_ON in __skb_to_sgvec Paul Moore <paul(a)paul-moore.com> netlabel: fix out-of-bounds memory accesses Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix u64 statistics Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Fix statistics on mv88e6161 Bryan Whitehead <Bryan.Whitehead(a)microchip.com> lan743x: Fix TX Stall Issue Hangbin Liu <liuhangbin(a)gmail.com> ipv4: Add ICMPv6 support when parse route ipproto Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix IP header checksum for coalesced packets Jiri Benc <jbenc(a)redhat.com> geneve: correctly handle ipv6.disable module parameter Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Drop oversize TX packets to prevent errors. Erik Hugne <erik.hugne(a)gmail.com> tipc: fix RDM/DGRAM connect() regression Ido Schimmel <idosch(a)mellanox.com> team: Free BPF filter when unregistering netdev Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 Xin Long <lucien.xin(a)gmail.com> sctp: call iov_iter_revert() after sending ABORT Kristian Evensen <kristian.evensen(a)gmail.com> qmi_wwan: Add support for Quectel EG12/EM12 YueHaibing <yuehaibing(a)huawei.com> net-sysfs: Fix mem leak in netdev_register_kobject Eric Dumazet <edumazet(a)google.com> net: sched: put back q.qlen into a single location Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90 family Heiner Kallweit <hkallweit1(a)gmail.com> net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex Ido Schimmel <idosch(a)mellanox.com> ip6mr: Do not call __IP6_INC_STATS() from preemptible context Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> staging: android: ashmem: Don't call fallocate() with ashmem_mutex held. Qing Xia <saberlily.xia(a)hisilicon.com> staging: android: ion: fix sys heap pool's gfp_flags Ajay Singh <ajay.kathat(a)microchip.com> staging: wilc1000: fix to set correct value for 'vif_num' Gustavo A. R. Silva <gustavo(a)embeddedor.com> staging: comedi: ni_660x: fix missing break in switch statement Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: compressed_pages should not be accessed again after freed Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix illegal address access under memory pressure Mans Rullgard <mans(a)mansr.com> USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 Ivan Mironov <mironov.ivan(a)gmail.com> USB: serial: cp210x: add ID for Ingenico 3070 Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit ME910 ECM composition Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: fix mis-acted TAIL merging behavior Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Use struct kobj_attribute instead of struct global_attr ------------- Diffstat: Makefile | 4 +- arch/mips/kernel/irq.c | 4 +- arch/x86/boot/compressed/pgtable_64.c | 19 ++++- arch/x86/kernel/cpu/amd.c | 8 +- arch/xtensa/kernel/process.c | 4 +- drivers/bluetooth/btrtl.c | 10 ++- drivers/char/applicom.c | 35 +++++--- drivers/cpufreq/cpufreq.c | 6 +- drivers/cpufreq/intel_pstate.c | 23 +++--- drivers/gnss/sirf.c | 32 ++++---- drivers/net/dsa/mv88e6xxx/chip.c | 26 ++++-- drivers/net/dsa/mv88e6xxx/port.c | 10 ++- drivers/net/dsa/mv88e6xxx/port.h | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 ++ drivers/net/ethernet/marvell/sky2.c | 24 +++++- drivers/net/ethernet/microchip/lan743x_main.c | 16 +++- drivers/net/geneve.c | 11 ++- drivers/net/hyperv/netvsc_drv.c | 22 ++++- drivers/net/phy/micrel.c | 13 ++- drivers/net/phy/phylink.c | 4 + drivers/net/team/team_mode_loadbalance.c | 15 ++++ drivers/net/tun.c | 4 +- drivers/net/usb/qmi_wwan.c | 26 ++++-- drivers/net/xen-netback/hash.c | 2 + drivers/net/xen-netback/interface.c | 7 ++ drivers/net/xen-netback/netback.c | 10 +-- drivers/scsi/scsi_lib.c | 1 + drivers/staging/android/ashmem.c | 67 +++++++++------ drivers/staging/android/ion/ion_system_heap.c | 2 +- drivers/staging/comedi/drivers/ni_660x.c | 1 + drivers/staging/erofs/unzip_vle.c | 114 ++++++++++++++++---------- drivers/staging/erofs/unzip_vle.h | 3 +- drivers/staging/erofs/unzip_vle_lz4.c | 20 ++--- drivers/staging/wilc1000/linux_wlan.c | 4 +- drivers/usb/host/xhci-pci.c | 1 + drivers/usb/serial/cp210x.c | 12 +++ drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 ++ drivers/usb/serial/option.c | 2 + fs/aio.c | 12 ++- fs/exec.c | 2 +- include/linux/cpufreq.h | 12 +-- include/net/bluetooth/bluetooth.h | 2 +- include/net/icmp.h | 9 +- include/net/ip.h | 4 +- include/net/sch_generic.h | 31 +++---- kernel/bpf/verifier.c | 3 +- kernel/trace/trace_events_filter.c | 5 +- net/bluetooth/af_bluetooth.c | 16 +++- net/bluetooth/l2cap_sock.c | 2 +- net/bluetooth/rfcomm/sock.c | 2 +- net/bluetooth/sco.c | 2 +- net/core/gen_stats.c | 2 - net/core/net-sysfs.c | 3 + net/ipv4/cipso_ipv4.c | 20 ++++- net/ipv4/fib_frontend.c | 4 + net/ipv4/icmp.c | 7 +- net/ipv4/ip_input.c | 9 +- net/ipv4/ip_options.c | 22 +++-- net/ipv4/netlink.c | 17 +++- net/ipv4/route.c | 2 +- net/ipv6/ip6mr.c | 8 +- net/ipv6/route.c | 7 +- net/ipv6/sit.c | 1 + net/mpls/af_mpls.c | 3 + net/netlabel/netlabel_kapi.c | 3 +- net/nfc/llcp_commands.c | 20 +++++ net/nfc/llcp_core.c | 24 +++++- net/sched/act_ipt.c | 3 +- net/sched/act_skbedit.c | 3 +- net/sched/act_tunnel_key.c | 3 +- net/sched/sch_generic.c | 13 ++- net/sched/sch_netem.c | 10 ++- net/sctp/socket.c | 1 + net/socket.c | 1 + net/tipc/socket.c | 8 +- tools/testing/selftests/firmware/fw_lib.sh | 2 +- 77 files changed, 604 insertions(+), 271 deletions(-)

6 years, 6 months

5
72
0 0

[PATCH v6 2/7] gpu: ipu-v3: ipu-ic: Fix BT.601 coefficients

by Steve Longerbeam

The ycbcr2rgb and inverse rgb2ycbcr tables define the BT.601 Y'CbCr encoding coefficients. The rgb2ycbcr table specifically describes the BT.601 encoding from full range RGB to full range YUV. Add table comments to make this more clear. The ycbcr2rgb inverse table describes encoding YUV limited range to RGB full range. To be consistent with the rgb2ycbcr table, convert this to YUV full range to RGB full range, and adjust/expand on the comments. The ic_csc_rgb2rgb table is just an identity matrix, so rename to ic_encode_identity. Fixes: 1aa8ea0d2bd5d ("gpu: ipu-v3: Add Image Converter unit") Suggested-by: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Steve Longerbeam <slongerbeam(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/ipu-v3/ipu-ic.c | 61 ++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 24 deletions(-) diff --git a/drivers/gpu/ipu-v3/ipu-ic.c b/drivers/gpu/ipu-v3/ipu-ic.c index 18816ccf600e..b63a2826b629 100644 --- a/drivers/gpu/ipu-v3/ipu-ic.c +++ b/drivers/gpu/ipu-v3/ipu-ic.c @@ -175,7 +175,7 @@ static inline void ipu_ic_write(struct ipu_ic *ic, u32 value, unsigned offset) writel(value, ic->priv->base + offset); } -struct ic_csc_params { +struct ic_encode_coeff { s16 coeff[3][3]; /* signed 9-bit integer coefficients */ s16 offset[3]; /* signed 11+2-bit fixed point offset */ u8 scale:2; /* scale coefficients * 2^(scale-1) */ @@ -183,13 +183,15 @@ struct ic_csc_params { }; /* - * Y = R * .299 + G * .587 + B * .114; - * U = R * -.169 + G * -.332 + B * .500 + 128.; - * V = R * .500 + G * -.419 + B * -.0813 + 128.; + * BT.601 encoding from RGB full range to YUV full range: + * + * Y = .2990 * R + .5870 * G + .1140 * B + * U = -.1687 * R - .3313 * G + .5000 * B + 128 + * V = .5000 * R - .4187 * G - .0813 * B + 128 */ -static const struct ic_csc_params ic_csc_rgb2ycbcr = { +static const struct ic_encode_coeff ic_encode_rgb2ycbcr_601 = { .coeff = { - { 77, 150, 29 }, + { 77, 150, 29 }, { 469, 427, 128 }, { 128, 405, 491 }, }, @@ -197,8 +199,11 @@ static const struct ic_csc_params ic_csc_rgb2ycbcr = { .scale = 1, }; -/* transparent RGB->RGB matrix for graphics combining */ -static const struct ic_csc_params ic_csc_rgb2rgb = { +/* + * identity matrix, used for transparent RGB->RGB graphics + * combining. + */ +static const struct ic_encode_coeff ic_encode_identity = { .coeff = { { 128, 0, 0 }, { 0, 128, 0 }, @@ -208,17 +213,25 @@ static const struct ic_csc_params ic_csc_rgb2rgb = { }; /* - * R = (1.164 * (Y - 16)) + (1.596 * (Cr - 128)); - * G = (1.164 * (Y - 16)) - (0.392 * (Cb - 128)) - (0.813 * (Cr - 128)); - * B = (1.164 * (Y - 16)) + (2.017 * (Cb - 128); + * Inverse BT.601 encoding from YUV full range to RGB full range: + * + * R = 1. * Y + 0 * (Cb - 128) + 1.4020 * (Cr - 128) + * G = 1. * Y - .3442 * (Cb - 128) - 0.7142 * (Cr - 128) + * B = 1. * Y + 1.7720 * (Cb - 128) + 0 * (Cr - 128) + * + * equivalently (factoring out the offsets): + * + * R = 1. * Y + 0 * Cb + 1.4020 * Cr - 179.456 + * G = 1. * Y - .3442 * Cb - 0.7142 * Cr + 135.475 + * B = 1. * Y + 1.7720 * Cb + 0 * Cr - 226.816 */ -static const struct ic_csc_params ic_csc_ycbcr2rgb = { +static const struct ic_encode_coeff ic_encode_ycbcr2rgb_601 = { .coeff = { - { 149, 0, 204 }, - { 149, 462, 408 }, - { 149, 255, 0 }, + { 128, 0, 179 }, + { 128, 468, 421 }, + { 128, 227, 0 }, }, - .offset = { -446, 266, -554 }, + .offset = { -359, 271, -454 }, .scale = 2, }; @@ -228,7 +241,7 @@ static int init_csc(struct ipu_ic *ic, int csc_index) { struct ipu_ic_priv *priv = ic->priv; - const struct ic_csc_params *params; + const struct ic_encode_coeff *coeff; u32 __iomem *base; const u16 (*c)[3]; const u16 *a; @@ -238,26 +251,26 @@ static int init_csc(struct ipu_ic *ic, (priv->tpmem_base + ic->reg->tpmem_csc[csc_index]); if (inf == IPUV3_COLORSPACE_YUV && outf == IPUV3_COLORSPACE_RGB) - params = &ic_csc_ycbcr2rgb; + coeff = &ic_encode_ycbcr2rgb_601; else if (inf == IPUV3_COLORSPACE_RGB && outf == IPUV3_COLORSPACE_YUV) - params = &ic_csc_rgb2ycbcr; + coeff = &ic_encode_rgb2ycbcr_601; else if (inf == IPUV3_COLORSPACE_RGB && outf == IPUV3_COLORSPACE_RGB) - params = &ic_csc_rgb2rgb; + coeff = &ic_encode_identity; else { dev_err(priv->ipu->dev, "Unsupported color space conversion\n"); return -EINVAL; } /* Cast to unsigned */ - c = (const u16 (*)[3])params->coeff; - a = (const u16 *)params->offset; + c = (const u16 (*)[3])coeff->coeff; + a = (const u16 *)coeff->offset; param = ((a[0] & 0x1f) << 27) | ((c[0][0] & 0x1ff) << 18) | ((c[1][1] & 0x1ff) << 9) | (c[2][2] & 0x1ff); writel(param, base++); - param = ((a[0] & 0x1fe0) >> 5) | (params->scale << 8) | - (params->sat << 10); + param = ((a[0] & 0x1fe0) >> 5) | (coeff->scale << 8) | + (coeff->sat << 10); writel(param, base++); param = ((a[1] & 0x1f) << 27) | ((c[0][1] & 0x1ff) << 18) | -- 2.17.1

6 years, 6 months

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror