- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.134 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 18 17:05:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.134-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.134-rc1 Dan Carpenter <dan.carpenter(a)oracle.com> ipv4: frags: precedence bug in ip_expire() Taehee Yoo <ap420073(a)gmail.com> ip: frags: fix crash in ip_do_fragment() Peter Oskolkov <posk(a)google.com> ip: process in-order fragments efficiently Peter Oskolkov <posk(a)google.com> ip: add helpers to process in-order fragments faster. Peter Oskolkov <posk(a)google.com> ip: use rb trees for IP frag queue. Eric Dumazet <edumazet(a)google.com> net: add rb_to_skb() and other rb tree helpers Eric Dumazet <edumazet(a)google.com> net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends Florian Westphal <fw(a)strlen.de> ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov <posk(a)google.com> net: modify skb_rbtree_purge to return the truesize of all purged skbs. Eric Dumazet <edumazet(a)google.com> net: speed up skb_rbtree_purge() Peter Oskolkov <posk(a)google.com> ip: discard IPv4 datagrams with overlapping segments. Eric Dumazet <edumazet(a)google.com> inet: frags: fix ip6frag_low_thresh boundary Eric Dumazet <edumazet(a)google.com> inet: frags: get rid of ipfrag_skb_cb/FRAG_CB Eric Dumazet <edumazet(a)google.com> inet: frags: reorganize struct netns_frags Eric Dumazet <edumazet(a)google.com> rhashtable: reorganize struct rhashtable layout Eric Dumazet <edumazet(a)google.com> ipv6: frags: rewrite ip6_expire_frag_queue() Eric Dumazet <edumazet(a)google.com> inet: frags: do not clone skb in ip_expire() Eric Dumazet <edumazet(a)google.com> inet: frags: break the 2GB limit for frags storage Eric Dumazet <edumazet(a)google.com> inet: frags: remove inet_frag_maybe_warn_overflow() Eric Dumazet <edumazet(a)google.com> inet: frags: get rif of inet_frag_evicting() Eric Dumazet <edumazet(a)google.com> inet: frags: remove some helpers Eric Dumazet <edumazet(a)google.com> inet: frags: use rhashtables for reassembly units Eric Dumazet <edumazet(a)google.com> rhashtable: add schedule points Eric Dumazet <edumazet(a)google.com> ipv6: export ip6 fragments sysctl to unprivileged users Eric Dumazet <edumazet(a)google.com> inet: frags: refactor lowpan_net_frag_init() Eric Dumazet <edumazet(a)google.com> inet: frags: refactor ipv6_frag_init() Eric Dumazet <edumazet(a)google.com> inet: frags: refactor ipfrag_init() Eric Dumazet <edumazet(a)google.com> inet: frags: add a pointer to struct netns_frags Eric Dumazet <edumazet(a)google.com> inet: frags: change inet_frags_init_net() return value Eric Dumazet <edumazet(a)google.com> inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Dumazet <edumazet(a)google.com> tcp/dccp: fix lockdep issue when SYN is backlogged Eric Dumazet <edumazet(a)google.com> rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix wake-up interrupt race during resume Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix unbind ordering Ido Schimmel <idosch(a)mellanox.com> team: Forbid enslaving team device to itself Giacinto Cifelli <gciofono(a)gmail.com> qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Shahed Shaikh <shahed.shaikh(a)cavium.com> qlcnic: fix Tx descriptor corruption on 82xx devices Yu Zhao <yuzhao(a)google.com> net/usb: cancel pending work when unbinding smsc75xx Sean Tranchetti <stranche(a)codeaurora.org> netlabel: check for IPV4MASK in addrinfo_get Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Display all addresses in output of /proc/net/if_inet6 Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: update fnhe_pmtu when first hop's MTU changes Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: fix for unmapping problem when SMMU is on Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Call setup during switch resume Wei Wang <weiwan(a)google.com> ipv6: take rcu lock in rawv6_send_hdrinc() Eric Dumazet <edumazet(a)google.com> ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Paolo Abeni <pabeni(a)redhat.com> ip_tunnel: be careful when accessing the inner header Paolo Abeni <pabeni(a)redhat.com> ip6_tunnel: be careful when accessing the inner header Mahesh Bandewar <maheshb(a)google.com> bonding: avoid possible dead-lock Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout during netpoll. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Don't print a warning when setting link state for disabled ports Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: fix for i2c_smbus_write_block_data Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-postgresql.py occasional failure Mikulas Patocka <mpatocka(a)redhat.com> mach64: detect the dot clock divider correctly on sparc Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Always map near top of user memory Jann Horn <jannh(a)google.com> mm/vmstat.c: fix outdated vmstat_text Daniel Rosenberg <drosen(a)google.com> ext4: Fix error code in ext4_xattr_set_entry() Amber Lin <Amber.Lin(a)amd.com> drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/lapic: always disable MMIO interface in x2APIC mode Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: add new compatibility string for macb on sama5d3 Nicolas Ferre <nicolas.ferre(a)microchip.com> net: macb: disable scatter-gather for macb on sama5d3 Jongsung Kim <neidhard.kim(a)lge.com> stmmac: fix valid numbers of unicast filter entries Yu Zhao <yuzhao(a)google.com> sound: enable interrupt after dma buffer initialization Dan Carpenter <dan.carpenter(a)oracle.com> scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Laura Abbott <labbott(a)redhat.com> scsi: iscsi: target: Don't use stack buffer for scatterlist Tony Lindgren <tony(a)atomide.com> mfd: omap-usb-host: Fix dts probe of children Lei Yang <Lei.Yang(a)windriver.com> selftests: memory-hotplug: add required configs Lei Yang <Lei.Yang(a)windriver.com> selftests/efivarfs: add required kernel configs Danny Smith <danny.smith(a)axis.com> ASoC: sigmadsp: safeload should not have lower byte limit Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: wm8804: Add ACPI support ------------- Diffstat: Documentation/devicetree/bindings/net/macb.txt | 1 + Documentation/networking/ip-sysctl.txt | 13 +- Makefile | 4 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/mips/include/asm/processor.h | 10 +- arch/mips/kernel/process.c | 25 + arch/mips/kernel/vdso.c | 18 +- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +- arch/x86/include/asm/pgtable_types.h | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/i2c/busses/i2c-scmi.c | 1 + drivers/mfd/omap-usb-host.c | 11 +- drivers/net/bonding/bond_main.c | 43 +- drivers/net/dsa/bcm_sf2.c | 12 +- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/cadence/macb.c | 8 + drivers/net/ethernet/hisilicon/hns/hnae.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 +- drivers/net/ethernet/marvell/mvpp2.c | 10 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/team/team.c | 5 + drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/smsc75xx.c | 1 + drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 +- drivers/usb/host/xhci-hub.c | 18 +- drivers/video/fbdev/aty/atyfb.h | 3 +- drivers/video/fbdev/aty/atyfb_base.c | 7 +- drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/ext4/xattr.c | 2 +- include/linux/netdevice.h | 7 + include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 34 +- include/net/bonding.h | 7 +- include/net/inet_frag.h | 133 +++-- include/net/inet_sock.h | 6 - include/net/ip.h | 1 - include/net/ip_fib.h | 1 + include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- mm/vmstat.c | 1 - net/core/dev.c | 28 +- net/core/rtnetlink.c | 6 + net/core/skbuff.c | 31 +- net/dccp/input.c | 4 +- net/dccp/ipv4.c | 4 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 ++ net/ipv4/inet_connection_sock.c | 5 +- net/ipv4/inet_fragment.c | 379 +++----------- net/ipv4/ip_fragment.c | 573 ++++++++++++--------- net/ipv4/ip_sockglue.c | 3 +- net/ipv4/ip_tunnel.c | 9 + net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 37 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ip6_tunnel.c | 13 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++-- net/ipv6/proc.c | 5 +- net/ipv6/raw.c | 29 +- net/ipv6/reassembly.c | 212 ++++---- net/netlabel/netlabel_unlabeled.c | 3 +- sound/hda/hdac_controller.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- tools/perf/scripts/python/export-to-postgresql.py | 9 + tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 80 files changed, 1185 insertions(+), 1133 deletions(-)

6 years, 9 months

6
81
0 0

[PATCH 4.4] namei: allow restricted O_CREAT of FIFOs and regular files

by Loic

Hello, Please picked up this patch for linux 4.4 (backported version). Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel. Compiled/tested without problem. Thank. [ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ] From: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Date: Thu, 23 Aug 2018 17:00:35 -0700 Subject: namei: allow restricted O_CREAT of FIFOs and regular files Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is not meant to be complete. It's difficult to track down all vulnerabilities of this kind because they were often reported without any mention of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. [s.mesoraca16(a)gmail.com: fix bug reported by Dan Carpenter] Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gma… [keescook(a)chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] [keescook(a)chromium.org: adjust commit subjet] Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast Signed-off-by: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Signed-off-by: Kees Cook <keescook(a)chromium.org> Suggested-by: Solar Designer <solar(a)openwall.com> Suggested-by: Kees Cook <keescook(a)chromium.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter(a)oracle.com> [backported to 4.4 by Loic] Cc: Loic <hackurx(a)opensec.fr> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- Documentation/sysctl/fs.txt | 36 ++++++++++++++++++++++++++++++ fs/namei.c | 53 ++++++++++++++++++++++++++++++++++++++++++--- include/linux/fs.h | 2 ++ kernel/sysctl.c | 18 +++++++++++++++ 4 files changed, 106 insertions(+), 3 deletions(-) diff -Nurp a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt --- a/Documentation/sysctl/fs.txt 2018-10-20 09:52:38.000000000 +0200 +++ b/Documentation/sysctl/fs.txt 2018-10-23 18:08:20.398649373 +0200 @@ -34,7 +34,9 @@ Currently, these files are in /proc/sys/ - overflowgid - pipe-user-pages-hard - pipe-user-pages-soft +- protected_fifos - protected_hardlinks +- protected_regular - protected_symlinks - suid_dumpable - super-max @@ -182,6 +184,24 @@ applied. ============================================================== +protected_fifos: + +The intent of this protection is to avoid unintentional writes to +an attacker-controlled FIFO, where a program expected to create a regular +file. + +When set to "0", writing to FIFOs is unrestricted. + +When set to "1" don't allow O_CREAT open on FIFOs that we don't own +in world writable sticky directories, unless they are owned by the +owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +This protection is based on the restrictions in Openwall. + +============================================================== + protected_hardlinks: A long-standing class of security issues is the hardlink-based @@ -202,6 +222,22 @@ This protection is based on the restrict ============================================================== +protected_regular: + +This protection is similar to protected_fifos, but it +avoids writes to an attacker-controlled regular file, where a program +expected to create one. + +When set to "0", writing to regular files is unrestricted. + +When set to "1" don't allow O_CREAT open on regular files that we +don't own in world writable sticky directories, unless they are +owned by the owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +============================================================== + protected_symlinks: A long-standing class of security issues is the symlink-based diff -Nurp a/fs/namei.c b/fs/namei.c --- a/fs/namei.c 2018-10-20 09:52:38.000000000 +0200 +++ b/fs/namei.c 2018-10-23 18:09:35.450879869 +0200 @@ -869,6 +869,8 @@ static inline void put_link(struct namei int sysctl_protected_symlinks __read_mostly = 0; int sysctl_protected_hardlinks __read_mostly = 0; +int sysctl_protected_fifos __read_mostly; +int sysctl_protected_regular __read_mostly; /** * may_follow_link - Check symlink following for unsafe situations @@ -982,6 +984,45 @@ static int may_linkat(struct path *link) return -EPERM; } +/** + * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory + * should be allowed, or not, on files that already + * exist. + * @dir: the sticky parent directory + * @inode: the inode of the file to open + * + * Block an O_CREAT open of a FIFO (or a regular file) when: + * - sysctl_protected_fifos (or sysctl_protected_regular) is enabled + * - the file already exists + * - we are in a sticky directory + * - we don't own the file + * - the owner of the directory doesn't own the file + * - the directory is world writable + * If the sysctl_protected_fifos (or sysctl_protected_regular) is set to 2 + * the directory doesn't have to be world writable: being group writable will + * be enough. + * + * Returns 0 if the open is allowed, -ve on error. + */ +static int may_create_in_sticky(struct dentry * const dir, + struct inode * const inode) +{ + if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || + (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || + likely(!(dir->d_inode->i_mode & S_ISVTX)) || + uid_eq(inode->i_uid, dir->d_inode->i_uid) || + uid_eq(current_fsuid(), inode->i_uid)) + return 0; + + if (likely(dir->d_inode->i_mode & 0002) || + (dir->d_inode->i_mode & 0020 && + ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || + (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { + return -EACCES; + } + return 0; +} + static __always_inline const char *get_link(struct nameidata *nd) { @@ -3166,9 +3207,15 @@ finish_open: error = -ELOOP; goto out; } - error = -EISDIR; - if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) - goto out; + if (open_flag & O_CREAT) { + error = -EISDIR; + if (d_is_dir(nd->path.dentry)) + goto out; + error = may_create_in_sticky(dir, + d_backing_inode(nd->path.dentry)); + if (unlikely(error)) + goto out; + } error = -ENOTDIR; if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry)) goto out; diff -Nurp a/include/linux/fs.h b/include/linux/fs.h --- a/include/linux/fs.h 2018-10-20 09:52:38.000000000 +0200 +++ b/include/linux/fs.h 2018-10-23 18:08:20.402649386 +0200 @@ -65,6 +65,8 @@ extern struct inodes_stat_t inodes_stat; extern int leases_enable, lease_break_time; extern int sysctl_protected_symlinks; extern int sysctl_protected_hardlinks; +extern int sysctl_protected_fifos; +extern int sysctl_protected_regular; struct buffer_head; typedef int (get_block_t)(struct inode *inode, sector_t iblock, diff -Nurp a/kernel/sysctl.c b/kernel/sysctl.c --- a/kernel/sysctl.c 2018-10-20 09:52:38.000000000 +0200 +++ b/kernel/sysctl.c 2018-10-23 18:08:20.402649386 +0200 @@ -1716,6 +1716,24 @@ static struct ctl_table fs_table[] = { .extra2 = &one, }, { + .procname = "protected_fifos", + .data = &sysctl_protected_fifos, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, + { + .procname = "protected_regular", + .data = &sysctl_protected_regular, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, + { .procname = "suid_dumpable", .data = &suid_dumpable, .maxlen = sizeof(int),

6 years, 9 months

3
3
0 0

media: ov5640: fix framerate update

by Adam Ford

Please apply 0929983e49c8 (media: ov5640: fix framerate update") to Linux 4.19.y stable along with the list of the following fixes in order from top to bottom. This fixes multiple issues in the 4.19 kernel and allows my imx6q to sample the ov5640 module and stream to the LCD. Thank you, Cc: <stable(a)vger.kernel.org> # 4.19.x: fb98e29ff1ea ("media: ov5640: fix mode change regression") Cc: <stable(a)vger.kernel.org> # 4.19.x: aa4bb8b8838 ("media: ov5640: Re-work MIPI startup sequence") Cc: <stable(a)vger.kernel.org> # 4.19.x: bad1774ed41 ("media: ov5640: Fix timings setup code") Cc: <stable(a)vger.kernel.org> # 4.19.x: dc29a1c187e ("media: ov5640: fix exposure regression") Cc: <stable(a)vger.kernel.org> # 4.19.x: 3cca8ef5f774 ("media: ov5640: fix auto gain & exposure when changing mode") Cc: <stable(a)vger.kernel.org> # 4.19.x: c2c3f42df4dd ("media: ov5640: fix wrong binning value in exposure") Cc: <stable(a)vger.kernel.org> # 4.19.x: a8f438c684ea ("media: ov5640: fix auto controls values when switching to") Cc: <stable(a)vger.kernel.org> # 4.19.x: 985cdcb08a04 ("media: ov5640: fix restore of last mode set") Signed-off-by: Adam Ford <aford173(a)gmail.com>

6 years, 9 months

2
1
0 0

[PATCH RCU -stable] Make need_resched() respond to urgent RCU-QS needs

by Paul E. McKenney

commit 92aa39e9dc77 upstream. The per-CPU rcu_dynticks.rcu_urgent_qs variable communicates an urgent need for an RCU quiescent state from the force-quiescent-state processing within the grace-period kthread to context switches and to cond_resched(). Unfortunately, such urgent needs are not communicated to need_resched(), which is sometimes used to decide when to invoke cond_resched(), for but one example, within the KVM vcpu_run() function. As of v4.15, this can result in synchronize_sched() being delayed by up to ten seconds, which can be problematic, to say nothing of annoying. This commit therefore checks rcu_dynticks.rcu_urgent_qs from within rcu_check_callbacks(), which is invoked from the scheduling-clock interrupt handler. If the current task is not an idle task and is not executing in usermode, a context switch is forced, and either way, the rcu_dynticks.rcu_urgent_qs variable is set to false. If the current task is an idle task, then RCU's dyntick-idle code will detect the quiescent state, so no further action is required. Similarly, if the task is executing in usermode, other code in rcu_check_callbacks() and its called functions will report the corresponding quiescent state. Reported-by: Marius Hillenbrand <mhillenb(a)amazon.de> Reported-by: David Woodhouse <dwmw2(a)infradead.org> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> [ paulmck: Backported to make patch apply cleanly on older versions. ] Tested-by: Marius Hillenbrand <mhillenb(a)amazon.de> Cc: <stable(a)vger.kernel.org> # 4.12.x - 4.19.x diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index 0b760c1369f7..15301ed19da6 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -2662,6 +2662,15 @@ void rcu_check_callbacks(int user) rcu_bh_qs(); } rcu_preempt_check_callbacks(); + /* The load-acquire pairs with the store-release setting to true. */ + if (smp_load_acquire(this_cpu_ptr(&rcu_dynticks.rcu_urgent_qs))) { + /* Idle and userspace execution already are quiescent states. */ + if (!rcu_is_cpu_rrupt_from_idle() && !user) { + set_tsk_need_resched(current); + set_preempt_need_resched(); + } + __this_cpu_write(rcu_dynticks.rcu_urgent_qs, false); + } if (rcu_pending()) invoke_rcu_core();

6 years, 9 months

2
1
0 0

[PATCH] namei: allow restricted O_CREAT of FIFOs and regular files

by Loic

Hello, Please picked up this patch for linux 4.9 and 4.14 (linux 4.4 needs a small modification). Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel. Compiled/tested without problem. Thank. [ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ] From: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Date: Thu, 23 Aug 2018 17:00:35 -0700 Subject: namei: allow restricted O_CREAT of FIFOs and regular files Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is not meant to be complete. It's difficult to track down all vulnerabilities of this kind because they were often reported without any mention of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. [s.mesoraca16(a)gmail.com: fix bug reported by Dan Carpenter] Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gma… [keescook(a)chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] [keescook(a)chromium.org: adjust commit subjet] Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast Signed-off-by: Salvatore Mesoraca <s.mesoraca16(a)gmail.com> Signed-off-by: Kees Cook <keescook(a)chromium.org> Suggested-by: Solar Designer <solar(a)openwall.com> Suggested-by: Kees Cook <keescook(a)chromium.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- Documentation/sysctl/fs.txt | 36 ++++++++++++++++++++++++++++++ fs/namei.c | 53 ++++++++++++++++++++++++++++++++++++++++++--- include/linux/fs.h | 2 ++ kernel/sysctl.c | 18 +++++++++++++++ 4 files changed, 106 insertions(+), 3 deletions(-) diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt index 6c00c1e2743f..819caf8ca05f 100644 --- a/Documentation/sysctl/fs.txt +++ b/Documentation/sysctl/fs.txt @@ -34,7 +34,9 @@ Currently, these files are in /proc/sys/fs: - overflowgid - pipe-user-pages-hard - pipe-user-pages-soft +- protected_fifos - protected_hardlinks +- protected_regular - protected_symlinks - suid_dumpable - super-max @@ -182,6 +184,24 @@ applied. ============================================================== +protected_fifos: + +The intent of this protection is to avoid unintentional writes to +an attacker-controlled FIFO, where a program expected to create a regular +file. + +When set to "0", writing to FIFOs is unrestricted. + +When set to "1" don't allow O_CREAT open on FIFOs that we don't own +in world writable sticky directories, unless they are owned by the +owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +This protection is based on the restrictions in Openwall. + +============================================================== + protected_hardlinks: A long-standing class of security issues is the hardlink-based @@ -202,6 +222,22 @@ This protection is based on the restrictions in Openwall and grsecurity. ============================================================== +protected_regular: + +This protection is similar to protected_fifos, but it +avoids writes to an attacker-controlled regular file, where a program +expected to create one. + +When set to "0", writing to regular files is unrestricted. + +When set to "1" don't allow O_CREAT open on regular files that we +don't own in world writable sticky directories, unless they are +owned by the owner of the directory. + +When set to "2" it also applies to group writable sticky directories. + +============================================================== + protected_symlinks: A long-standing class of security issues is the symlink-based diff --git a/fs/namei.c b/fs/namei.c index ae6aa9ae757c..0cab6494978c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -887,6 +887,8 @@ static inline void put_link(struct nameidata *nd) int sysctl_protected_symlinks __read_mostly = 0; int sysctl_protected_hardlinks __read_mostly = 0; +int sysctl_protected_fifos __read_mostly; +int sysctl_protected_regular __read_mostly; /** * may_follow_link - Check symlink following for unsafe situations @@ -1003,6 +1005,45 @@ static int may_linkat(struct path *link) return -EPERM; } +/** + * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory + * should be allowed, or not, on files that already + * exist. + * @dir: the sticky parent directory + * @inode: the inode of the file to open + * + * Block an O_CREAT open of a FIFO (or a regular file) when: + * - sysctl_protected_fifos (or sysctl_protected_regular) is enabled + * - the file already exists + * - we are in a sticky directory + * - we don't own the file + * - the owner of the directory doesn't own the file + * - the directory is world writable + * If the sysctl_protected_fifos (or sysctl_protected_regular) is set to 2 + * the directory doesn't have to be world writable: being group writable will + * be enough. + * + * Returns 0 if the open is allowed, -ve on error. + */ +static int may_create_in_sticky(struct dentry * const dir, + struct inode * const inode) +{ + if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || + (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || + likely(!(dir->d_inode->i_mode & S_ISVTX)) || + uid_eq(inode->i_uid, dir->d_inode->i_uid) || + uid_eq(current_fsuid(), inode->i_uid)) + return 0; + + if (likely(dir->d_inode->i_mode & 0002) || + (dir->d_inode->i_mode & 0020 && + ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || + (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { + return -EACCES; + } + return 0; +} + static __always_inline const char *get_link(struct nameidata *nd) { @@ -3348,9 +3389,15 @@ finish_open: if (error) return error; audit_inode(nd->name, nd->path.dentry, 0); - error = -EISDIR; - if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) - goto out; + if (open_flag & O_CREAT) { + error = -EISDIR; + if (d_is_dir(nd->path.dentry)) + goto out; + error = may_create_in_sticky(dir, + d_backing_inode(nd->path.dentry)); + if (unlikely(error)) + goto out; + } error = -ENOTDIR; if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry)) goto out; diff --git a/include/linux/fs.h b/include/linux/fs.h index e5710541183b..33322702c910 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -74,6 +74,8 @@ extern struct inodes_stat_t inodes_stat; extern int leases_enable, lease_break_time; extern int sysctl_protected_symlinks; extern int sysctl_protected_hardlinks; +extern int sysctl_protected_fifos; +extern int sysctl_protected_regular; typedef __kernel_rwf_t rwf_t; diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 71ceb6c13c1a..cc02050fd0c4 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1807,6 +1807,24 @@ static struct ctl_table fs_table[] = { .extra1 = &zero, .extra2 = &one, }, + { + .procname = "protected_fifos", + .data = &sysctl_protected_fifos, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, + { + .procname = "protected_regular", + .data = &sysctl_protected_regular, + .maxlen = sizeof(int), + .mode = 0600, + .proc_handler = proc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &two, + }, { .procname = "suid_dumpable", .data = &suid_dumpable, -- cgit 1.2-0.3.lf.el7

6 years, 9 months

4
8
0 0

[PATCH] gfs2: Fix iomap buffer head reference counting bug

by Andreas Gruenbacher

commit c26b5aa8ef0d46035060fded475e6ab957b9f69f upstream. GFS2 passes the inode buffer head (dibh) from gfs2_iomap_begin to gfs2_iomap_end in iomap->private. It sets that private pointer in gfs2_iomap_get. Users of gfs2_iomap_get other than gfs2_iomap_begin would have to release iomap->private, but this isn't done correctly, leading to a leak of buffer head references. To fix this, move the code for setting iomap->private from gfs2_iomap_get to gfs2_iomap_begin. Fixes: 64bc06bb32 ("gfs2: iomap buffered write support") Cc: stable(a)vger.kernel.org # v4.19 Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- fs/gfs2/bmap.c | 40 +++++++++++++++++----------------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/fs/gfs2/bmap.c b/fs/gfs2/bmap.c index 84544a4f012d..be9cc9a388a6 100644 --- a/fs/gfs2/bmap.c +++ b/fs/gfs2/bmap.c @@ -826,7 +826,7 @@ static int gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length, ret = gfs2_meta_inode_buffer(ip, &dibh); if (ret) goto unlock; - iomap->private = dibh; + mp->mp_bh[0] = dibh; if (gfs2_is_stuffed(ip)) { if (flags & IOMAP_WRITE) { @@ -863,9 +863,6 @@ static int gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length, len = lblock_stop - lblock + 1; iomap->length = len << inode->i_blkbits; - get_bh(dibh); - mp->mp_bh[0] = dibh; - height = ip->i_height; while ((lblock + 1) * sdp->sd_sb.sb_bsize > sdp->sd_heightsize[height]) height++; @@ -898,8 +895,6 @@ static int gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length, iomap->bdev = inode->i_sb->s_bdev; unlock: up_read(&ip->i_rw_mutex); - if (ret && dibh) - brelse(dibh); return ret; do_alloc: @@ -980,9 +975,9 @@ static void gfs2_iomap_journaled_page_done(struct inode *inode, loff_t pos, static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, loff_t length, unsigned flags, - struct iomap *iomap) + struct iomap *iomap, + struct metapath *mp) { - struct metapath mp = { .mp_aheight = 1, }; struct gfs2_inode *ip = GFS2_I(inode); struct gfs2_sbd *sdp = GFS2_SB(inode); unsigned int data_blocks = 0, ind_blocks = 0, rblocks; @@ -996,9 +991,9 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, unstuff = gfs2_is_stuffed(ip) && pos + length > gfs2_max_stuffed_size(ip); - ret = gfs2_iomap_get(inode, pos, length, flags, iomap, &mp); + ret = gfs2_iomap_get(inode, pos, length, flags, iomap, mp); if (ret) - goto out_release; + goto out_unlock; alloc_required = unstuff || iomap->type == IOMAP_HOLE; @@ -1013,7 +1008,7 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, ret = gfs2_quota_lock_check(ip, &ap); if (ret) - goto out_release; + goto out_unlock; ret = gfs2_inplace_reserve(ip, &ap); if (ret) @@ -1038,17 +1033,15 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, ret = gfs2_unstuff_dinode(ip, NULL); if (ret) goto out_trans_end; - release_metapath(&mp); - brelse(iomap->private); - iomap->private = NULL; + release_metapath(mp); ret = gfs2_iomap_get(inode, iomap->offset, iomap->length, - flags, iomap, &mp); + flags, iomap, mp); if (ret) goto out_trans_end; } if (iomap->type == IOMAP_HOLE) { - ret = gfs2_iomap_alloc(inode, iomap, flags, &mp); + ret = gfs2_iomap_alloc(inode, iomap, flags, mp); if (ret) { gfs2_trans_end(sdp); gfs2_inplace_release(ip); @@ -1056,7 +1049,6 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, goto out_qunlock; } } - release_metapath(&mp); if (!gfs2_is_stuffed(ip) && gfs2_is_jdata(ip)) iomap->page_done = gfs2_iomap_journaled_page_done; return 0; @@ -1069,10 +1061,7 @@ static int gfs2_iomap_begin_write(struct inode *inode, loff_t pos, out_qunlock: if (alloc_required) gfs2_quota_unlock(ip); -out_release: - if (iomap->private) - brelse(iomap->private); - release_metapath(&mp); +out_unlock: gfs2_write_unlock(inode); return ret; } @@ -1088,10 +1077,10 @@ static int gfs2_iomap_begin(struct inode *inode, loff_t pos, loff_t length, trace_gfs2_iomap_start(ip, pos, length, flags); if ((flags & IOMAP_WRITE) && !(flags & IOMAP_DIRECT)) { - ret = gfs2_iomap_begin_write(inode, pos, length, flags, iomap); + ret = gfs2_iomap_begin_write(inode, pos, length, flags, iomap, &mp); } else { ret = gfs2_iomap_get(inode, pos, length, flags, iomap, &mp); - release_metapath(&mp); + /* * Silently fall back to buffered I/O for stuffed files or if * we've hot a hole (see gfs2_file_direct_write). @@ -1100,6 +1089,11 @@ static int gfs2_iomap_begin(struct inode *inode, loff_t pos, loff_t length, iomap->type != IOMAP_MAPPED) ret = -ENOTBLK; } + if (!ret) { + get_bh(mp.mp_bh[0]); + iomap->private = mp.mp_bh[0]; + } + release_metapath(&mp); trace_gfs2_iomap_end(ip, iomap, ret); return ret; } -- 2.19.1.546.g028f9c799.dirty

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6ba9fc8e628becf0e3ec94083450d089b0dec5f5 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Fri, 7 Sep 2018 14:16:24 +0800 Subject: [PATCH] btrfs: Ensure btrfs_trim_fs can trim the whole filesystem [BUG] fstrim on some btrfs only trims the unallocated space, not trimming any space in existing block groups. [CAUSE] Before fstrim_range passed to btrfs_trim_fs(), it gets truncated to range [0, super->total_bytes). So later btrfs_trim_fs() will only be able to trim block groups in range [0, super->total_bytes). While for btrfs, any bytenr aligned to sectorsize is valid, since btrfs uses its logical address space, there is nothing limiting the location where we put block groups. For filesystem with frequent balance, it's quite easy to relocate all block groups and bytenr of block groups will start beyond super->total_bytes. In that case, btrfs will not trim existing block groups. [FIX] Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs() can get the unmodified range, which is normally set to [0, U64_MAX]. Reported-by: Chris Murphy <lists(a)colorremedies.com> Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl") CC: <stable(a)vger.kernel.org> # v4.4+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 5dbb3f713125..da3257585e29 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -10851,21 +10851,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) u64 start; u64 end; u64 trimmed = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); u64 bg_failed = 0; u64 dev_failed = 0; int bg_ret = 0; int dev_ret = 0; int ret = 0; - /* - * try to trim all FS space, our block group may start from non-zero. - */ - if (range->len == total_bytes) - cache = btrfs_lookup_first_block_group(fs_info, range->start); - else - cache = btrfs_lookup_block_group(fs_info, range->start); - + cache = btrfs_lookup_first_block_group(fs_info, range->start); for (; cache; cache = next_block_group(fs_info, cache)) { if (cache->key.objectid >= (range->start + range->len)) { btrfs_put_block_group(cache); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 4905d13dee0a..a990a9045139 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) struct fstrim_range range; u64 minlen = ULLONG_MAX; u64 num_devices = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); int ret; if (!capable(CAP_SYS_ADMIN)) @@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) return -EOPNOTSUPP; if (copy_from_user(&range, arg, sizeof(range))) return -EFAULT; - if (range.start > total_bytes || - range.len < fs_info->sb->s_blocksize) + + /* + * NOTE: Don't truncate the range using super->total_bytes. Bytenr of + * block group is in the logical address space, which can be any + * sectorsize aligned bytenr in the range [0, U64_MAX]. + */ + if (range.len < fs_info->sb->s_blocksize) return -EINVAL; - range.len = min(range.len, total_bytes - range.start); range.minlen = max(range.minlen, minlen); ret = btrfs_trim_fs(fs_info, &range); if (ret < 0)

6 years, 9 months

3
2
0 0

[PATCH] usb: xhci: fix uninitialized completion when USB3 port got wrong status

by Aaron Ma

commit 958c0bd86075d4ef1c936998deefe1947e539240 upstream. Realtek USB3.0 Card Reader [0bda:0328] reports wrong port status on Cannon lake PCH USB3.1 xHCI [8086:a36d] after resume from S3, after clear port reset it works fine. Since this device is registered on USB3 roothub at boot, when port status reports not superspeed, xhci_get_port_status will call an uninitialized completion in bus_state[0]. Kernel will hang because of NULL pointer. Restrict the USB2 resume status check in USB2 roothub to fix hang issue. Cc: stable(a)vger.kernel.org # 4.17.x- Signed-off-by: Aaron Ma <aaron.ma(a)canonical.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Aaron Ma <aaron.ma(a)canonical.com> --- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-ring.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index aee29604bd79..b3376b1ab009 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -744,7 +744,7 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd, status |= USB_PORT_STAT_SUSPEND; } if ((raw_port_status & PORT_PLS_MASK) == XDEV_RESUME && - !DEV_SUPERSPEED_ANY(raw_port_status)) { + !DEV_SUPERSPEED_ANY(raw_port_status) && hcd->speed < HCD_USB3) { if ((raw_port_status & PORT_RESET) || !(raw_port_status & PORT_PE)) return 0xffffffff; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index ece0787d62bf..9f141113f202 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1673,7 +1673,7 @@ static void handle_port_status(struct xhci_hcd *xhci, * RExit to a disconnect state). If so, let the the driver know it's * out of the RExit state. */ - if (!DEV_SUPERSPEED_ANY(temp) && + if (!DEV_SUPERSPEED_ANY(portsc) && hcd->speed < HCD_USB3 && test_and_clear_bit(faked_port_index, &bus_state->rexit_ports)) { complete(&bus_state->rexit_done[faked_port_index]); -- 2.19.2

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] can: flexcan: handle tx-complete CAN frames via rx-offload" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ed72bc8bcb9277061e753faf300b20f97323761c Mon Sep 17 00:00:00 2001 From: Oleksij Rempel <o.rempel(a)pengutronix.de> Date: Tue, 18 Sep 2018 11:40:39 +0200 Subject: [PATCH] can: flexcan: handle tx-complete CAN frames via rx-offload infrastructure Current flexcan driver will put TX-ECHO in regular unsorted way, in this case TX-ECHO can come after the response to the same TXed message. In some cases, for example for J1939 stack, things will break. This patch is using new rx-offload API to put the messages just in the right place. Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c index 68b46395c580..41a175f80c4b 100644 --- a/drivers/net/can/flexcan.c +++ b/drivers/net/can/flexcan.c @@ -787,8 +787,11 @@ static irqreturn_t flexcan_irq(int irq, void *dev_id) /* transmission complete interrupt */ if (reg_iflag2 & FLEXCAN_IFLAG_MB(FLEXCAN_TX_MB)) { + u32 reg_ctrl = priv->read(&regs->mb[FLEXCAN_TX_MB].can_ctrl); + handled = IRQ_HANDLED; - stats->tx_bytes += can_get_echo_skb(dev, 0); + stats->tx_bytes += can_rx_offload_get_echo_skb(&priv->offload, + 0, reg_ctrl << 16); stats->tx_packets++; can_led_event(dev, CAN_LED_EVENT_TX);

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] can: flexcan: use can_rx_offload_queue_sorted() for" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d788905f68fd4714c82936f6f7f1d3644d7ae7ef Mon Sep 17 00:00:00 2001 From: Oleksij Rempel <o.rempel(a)pengutronix.de> Date: Tue, 18 Sep 2018 11:40:41 +0200 Subject: [PATCH] can: flexcan: use can_rx_offload_queue_sorted() for flexcan_irq_bus_*() Currently, in case of bus error, driver will generate error message and put in the tail of the message queue. To avoid confusions, this change should place the bus related messages in proper order. Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c index 5923bd0ec118..75ce11395ee8 100644 --- a/drivers/net/can/flexcan.c +++ b/drivers/net/can/flexcan.c @@ -561,9 +561,13 @@ static netdev_tx_t flexcan_start_xmit(struct sk_buff *skb, struct net_device *de static void flexcan_irq_bus_err(struct net_device *dev, u32 reg_esr) { struct flexcan_priv *priv = netdev_priv(dev); + struct flexcan_regs __iomem *regs = priv->regs; struct sk_buff *skb; struct can_frame *cf; bool rx_errors = false, tx_errors = false; + u32 timestamp; + + timestamp = priv->read(&regs->timer) << 16; skb = alloc_can_err_skb(dev, &cf); if (unlikely(!skb)) @@ -610,17 +614,21 @@ static void flexcan_irq_bus_err(struct net_device *dev, u32 reg_esr) if (tx_errors) dev->stats.tx_errors++; - can_rx_offload_queue_tail(&priv->offload, skb); + can_rx_offload_queue_sorted(&priv->offload, skb, timestamp); } static void flexcan_irq_state(struct net_device *dev, u32 reg_esr) { struct flexcan_priv *priv = netdev_priv(dev); + struct flexcan_regs __iomem *regs = priv->regs; struct sk_buff *skb; struct can_frame *cf; enum can_state new_state, rx_state, tx_state; int flt; struct can_berr_counter bec; + u32 timestamp; + + timestamp = priv->read(&regs->timer) << 16; flt = reg_esr & FLEXCAN_ESR_FLT_CONF_MASK; if (likely(flt == FLEXCAN_ESR_FLT_CONF_ACTIVE)) { @@ -650,7 +658,7 @@ static void flexcan_irq_state(struct net_device *dev, u32 reg_esr) if (unlikely(new_state == CAN_STATE_BUS_OFF)) can_bus_off(dev); - can_rx_offload_queue_tail(&priv->offload, skb); + can_rx_offload_queue_sorted(&priv->offload, skb, timestamp); } static inline struct flexcan_priv *rx_offload_to_priv(struct can_rx_offload *offload)

6 years, 9 months

1
0
0 0

patch "Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 38317f5c0f2faae5110854f36edad810f841d62f Mon Sep 17 00:00:00 2001 From: Felipe Balbi <felipe.balbi(a)linux.intel.com> Date: Mon, 19 Nov 2018 08:34:04 +0200 Subject: Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" This reverts commit ffb80fc672c3a7b6afd0cefcb1524fb99917b2f3. Turns out that commit is wrong. Host controllers are allowed to use Clear Feature HALT as means to sync data toggle between host and periperal. Cc: <stable(a)vger.kernel.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- drivers/usb/dwc3/gadget.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 9faad896b3a1..9f92ee03dde7 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1470,9 +1470,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) unsigned transfer_in_flight; unsigned started; - if (dep->flags & DWC3_EP_STALL) - return 0; - if (dep->number > 1) trb = dwc3_ep_prev_trb(dep, dep->trb_enqueue); else @@ -1494,8 +1491,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) else dep->flags |= DWC3_EP_STALL; } else { - if (!(dep->flags & DWC3_EP_STALL)) - return 0; ret = dwc3_send_clear_stall_ep_cmd(dep); if (ret) -- 2.19.2

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] iwlwifi: mvm: fix regulatory domain update when the firmware" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 82715ac71e6b94a2c2136e31f3a8e6748e33aa8c Mon Sep 17 00:00:00 2001 From: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Date: Wed, 3 Oct 2018 11:16:54 +0300 Subject: [PATCH] iwlwifi: mvm: fix regulatory domain update when the firmware starts When the firmware starts, it doesn't have any regulatory information, hence it uses the world wide limitations. The driver can feed the firmware with previous knowledge that was kept in the driver, but the firmware may still not update its internal tables. This happens when we start a BSS interface, and then the firmware can change the regulatory tables based on our location and it'll use more lenient, location specific rules. Then, if the firmware is shut down (when the interface is brought down), and then an AP interface is created, the firmware will forget the country specific rules. The host will think that we are in a certain country that may allow channels and will try to teach the firmware about our location, but the firmware may still not allow to drop the world wide limitations and apply country specific rules because it was just re-started. In this case, the firmware will reply with MCC_RESP_ILLEGAL to the MCC_UPDATE_CMD. In that case, iwlwifi needs to let the upper layers (cfg80211 / hostapd) know that the channel list they know about has been updated. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=201105 Cc: stable(a)vger.kernel.org Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c index 7c09ce20e8b1..00f831d88366 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c @@ -301,8 +301,12 @@ struct ieee80211_regdomain *iwl_mvm_get_regdomain(struct wiphy *wiphy, goto out; } - if (changed) - *changed = (resp->status == MCC_RESP_NEW_CHAN_PROFILE); + if (changed) { + u32 status = le32_to_cpu(resp->status); + + *changed = (status == MCC_RESP_NEW_CHAN_PROFILE || + status == MCC_RESP_ILLEGAL); + } regd = iwl_parse_nvm_mcc_info(mvm->trans->dev, mvm->cfg, __le32_to_cpu(resp->n_channels), diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c index 3633f27d048a..6fc5cc1f2b5b 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c @@ -539,9 +539,8 @@ iwl_mvm_update_mcc(struct iwl_mvm *mvm, const char *alpha2, } IWL_DEBUG_LAR(mvm, - "MCC response status: 0x%x. new MCC: 0x%x ('%c%c') change: %d n_chans: %d\n", - status, mcc, mcc >> 8, mcc & 0xff, - !!(status == MCC_RESP_NEW_CHAN_PROFILE), n_channels); + "MCC response status: 0x%x. new MCC: 0x%x ('%c%c') n_chans: %d\n", + status, mcc, mcc >> 8, mcc & 0xff, n_channels); exit: iwl_free_resp(&cmd);

6 years, 9 months

4
3
0 0

request for 4.14-stable: 0c47cd7a9b6c ("PCI: endpoint: Populate func_no before calling pci_epc_add_epf()")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be in stable. Please apply to your queue of 4.14-stable. -- Regards Sudip

6 years, 9 months

2
1
0 0

My Humble Request

by Abel Brent

Dear Friend, I am Abel Brent, a NATO soldier serving in Afghanistan. I and my Comrades, we are seeking your assistance to help us receive/invest our funds in your country in any lucrative business. Please if this proposal is acceptable by you, kindly respond back to me for more details. Thanks and waiting to hear from you. Abel.

6 years, 9 months

1
0
0 0

[PATCH 4.14] kbuild: allow to use GCC toolchain not in Clang search path

by Nathan Chancellor

From: Stefan Agner <stefan(a)agner.ch> commit ef8c4ed9db80261f397f0c0bf723684601ae3b52 upstream. When using a GCC cross toolchain which is not in a compiled in Clang search path, Clang reverts to the system assembler and linker. This leads to assembler or linker errors, depending on which tool is first used for a given architecture. It seems that Clang is not searching $PATH for a matching assembler or linker. Make sure that Clang picks up the correct assembler or linker by passing the cross compilers bin directory as search path. This allows to use Clang provided by distributions with GCC toolchains not in /usr/bin. Link: https://github.com/ClangBuiltLinux/linux/issues/78 Signed-off-by: Stefan Agner <stefan(a)agner.ch> Reviewed-and-tested-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Masahiro Yamada <yamada.masahiro(a)socionext.com> [nc: Adjust context] Signed-off-by: Nathan Chancellor <natechancellor(a)gmail.com> --- Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 874d72a3e6a7..cb131e135c42 100644 --- a/Makefile +++ b/Makefile @@ -480,13 +480,15 @@ endif ifeq ($(cc-name),clang) ifneq ($(CROSS_COMPILE),) CLANG_TARGET := --target=$(notdir $(CROSS_COMPILE:%-=%)) -GCC_TOOLCHAIN := $(realpath $(dir $(shell which $(LD)))/..) +GCC_TOOLCHAIN_DIR := $(dir $(shell which $(LD))) +CLANG_PREFIX := --prefix=$(GCC_TOOLCHAIN_DIR) +GCC_TOOLCHAIN := $(realpath $(GCC_TOOLCHAIN_DIR)/..) endif ifneq ($(GCC_TOOLCHAIN),) CLANG_GCC_TC := --gcc-toolchain=$(GCC_TOOLCHAIN) endif -KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) -KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) +KBUILD_CFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) $(CLANG_PREFIX) +KBUILD_AFLAGS += $(CLANG_TARGET) $(CLANG_GCC_TC) $(CLANG_PREFIX) KBUILD_CFLAGS += $(call cc-option, -no-integrated-as) KBUILD_AFLAGS += $(call cc-option, -no-integrated-as) endif -- 2.20.0.rc1

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 66e839030fd698586734e017fd55c4f2a89dba0b Mon Sep 17 00:00:00 2001 From: Matt Chen <matt.chen(a)intel.com> Date: Fri, 3 Aug 2018 14:29:20 +0800 Subject: [PATCH] iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE >From coreboot/BIOS: Name ("WGDS", Package() { Revision, Package() { DomainType, // 0x7:WiFi ==> We miss this one. WgdsWiFiSarDeltaGroup1PowerMax1, // Group 1 FCC 2400 Max WgdsWiFiSarDeltaGroup1PowerChainA1, // Group 1 FCC 2400 A Offset WgdsWiFiSarDeltaGroup1PowerChainB1, // Group 1 FCC 2400 B Offset WgdsWiFiSarDeltaGroup1PowerMax2, // Group 1 FCC 5200 Max WgdsWiFiSarDeltaGroup1PowerChainA2, // Group 1 FCC 5200 A Offset WgdsWiFiSarDeltaGroup1PowerChainB2, // Group 1 FCC 5200 B Offset WgdsWiFiSarDeltaGroup2PowerMax1, // Group 2 EC Jap 2400 Max WgdsWiFiSarDeltaGroup2PowerChainA1, // Group 2 EC Jap 2400 A Offset WgdsWiFiSarDeltaGroup2PowerChainB1, // Group 2 EC Jap 2400 B Offset WgdsWiFiSarDeltaGroup2PowerMax2, // Group 2 EC Jap 5200 Max WgdsWiFiSarDeltaGroup2PowerChainA2, // Group 2 EC Jap 5200 A Offset WgdsWiFiSarDeltaGroup2PowerChainB2, // Group 2 EC Jap 5200 B Offset WgdsWiFiSarDeltaGroup3PowerMax1, // Group 3 ROW 2400 Max WgdsWiFiSarDeltaGroup3PowerChainA1, // Group 3 ROW 2400 A Offset WgdsWiFiSarDeltaGroup3PowerChainB1, // Group 3 ROW 2400 B Offset WgdsWiFiSarDeltaGroup3PowerMax2, // Group 3 ROW 5200 Max WgdsWiFiSarDeltaGroup3PowerChainA2, // Group 3 ROW 5200 A Offset WgdsWiFiSarDeltaGroup3PowerChainB2, // Group 3 ROW 5200 B Offset } }) When read the ACPI data to find out the WGDS, the DATA_SIZE is never matched. >From the above format, it gives 19 numbers, but our driver is hardcode as 18. Fix it to pass then can parse the data into our wgds table. Then we will see: iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init Sending GEO_TX_POWER_LIMIT iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[0] Band[0]: chain A = 68 chain B = 69 max_tx_power = 54 iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[0] Band[1]: chain A = 48 chain B = 49 max_tx_power = 70 iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[1] Band[0]: chain A = 51 chain B = 67 max_tx_power = 50 iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[1] Band[1]: chain A = 69 chain B = 70 max_tx_power = 68 iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[2] Band[0]: chain A = 49 chain B = 50 max_tx_power = 48 iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[2] Band[1]: chain A = 52 chain B = 53 max_tx_power = 51 Cc: stable(a)vger.kernel.org # 4.12+ Fixes: a6bff3cb19b7 ("iwlwifi: mvm: add GEO_TX_POWER_LIMIT cmd for geographic tx power table") Signed-off-by: Matt Chen <matt.chen(a)intel.com> Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.h b/drivers/net/wireless/intel/iwlwifi/fw/acpi.h index 2439e98431ee..7492dfb6729b 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.h +++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.h @@ -6,6 +6,7 @@ * GPL LICENSE SUMMARY * * Copyright(c) 2017 Intel Deutschland GmbH + * Copyright(c) 2018 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of version 2 of the GNU General Public License as @@ -26,6 +27,7 @@ * BSD LICENSE * * Copyright(c) 2017 Intel Deutschland GmbH + * Copyright(c) 2018 Intel Corporation * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -81,7 +83,7 @@ #define ACPI_WRDS_WIFI_DATA_SIZE (ACPI_SAR_TABLE_SIZE + 2) #define ACPI_EWRD_WIFI_DATA_SIZE ((ACPI_SAR_PROFILE_NUM - 1) * \ ACPI_SAR_TABLE_SIZE + 3) -#define ACPI_WGDS_WIFI_DATA_SIZE 18 +#define ACPI_WGDS_WIFI_DATA_SIZE 19 #define ACPI_WRDD_WIFI_DATA_SIZE 2 #define ACPI_SPLC_WIFI_DATA_SIZE 2 diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c index dade206d5511..899f4a6432fb 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c @@ -893,7 +893,7 @@ static int iwl_mvm_sar_geo_init(struct iwl_mvm *mvm) IWL_DEBUG_RADIO(mvm, "Sending GEO_TX_POWER_LIMIT\n"); BUILD_BUG_ON(ACPI_NUM_GEO_PROFILES * ACPI_WGDS_NUM_BANDS * - ACPI_WGDS_TABLE_SIZE != ACPI_WGDS_WIFI_DATA_SIZE); + ACPI_WGDS_TABLE_SIZE + 1 != ACPI_WGDS_WIFI_DATA_SIZE); BUILD_BUG_ON(ACPI_NUM_GEO_PROFILES > IWL_NUM_GEO_PROFILES);

6 years, 9 months

3
2
0 0

[PATCH for-4.9.y 00/10] Stable candidates for linux-4.9.y

by Amit Pundir

Hi Greg, Few stable candidates for 4.9.y for your consideration. Cherry picked and build tested on linux-4.9.141 for ARCH=arm/arm64 + allmodconfig. Few fixes are applicable for 4.4.y and 3.18.y as well, but they needed minor rebasing, so I'll submit them along with other fixes shortly in separate threads. Regards, Amit Pundir Amitkumar Karwar (3): mwifiex: prevent register accesses after host is sleeping mwifiex: report error to PCIe for suspend failure mwifiex: Fix NULL pointer dereference in skb_dequeue() Johannes Thumshirn (1): cw1200: Don't leak memory if krealloc failes Karthik D A (1): mwifiex: fix p2p device doesn't find in scan problem Subhash Jadavani (2): scsi: ufs: fix race between clock gating and devfreq scaling work scsi: ufshcd: release resources if probe fails Vasanthakumar Thiagarajan (1): ath10k: fix kernel panic due to race in accessing arvif list Venkat Gopalakrishnan (1): scsi: ufshcd: Fix race between clk scaling and ungate work Yaniv Gardi (1): scsi: ufs: fix bugs related to null pointer access and array size drivers/net/wireless/ath/ath10k/mac.c | 6 ++ drivers/net/wireless/marvell/mwifiex/cfg80211.c | 10 +++- drivers/net/wireless/marvell/mwifiex/pcie.c | 19 +++++-- drivers/net/wireless/marvell/mwifiex/wmm.c | 12 +++- drivers/net/wireless/st/cw1200/wsm.c | 16 +++--- drivers/scsi/ufs/ufs.h | 3 +- drivers/scsi/ufs/ufshcd-pci.c | 2 + drivers/scsi/ufs/ufshcd-pltfrm.c | 5 +- drivers/scsi/ufs/ufshcd.c | 75 ++++++++++++++++++++++--- 9 files changed, 118 insertions(+), 30 deletions(-) -- 2.7.4

6 years, 9 months

2
11
0 0

Re: [tip:x86/pti] x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support

by David Woodhouse

On Thu, 2018-11-29 at 09:12 +0000, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: > all > > The bot has tested the following trees: v4.19.5, v4.14.84, v4.9.141, > v4.4.165, v3.18.127, > > v4.19.5: Build OK! > v4.14.84: Build OK! > v4.9.141: Failed to apply! Possible dependencies: > > v4.4.165: Failed to apply! Possible dependencies: > > v3.18.127: Failed to apply! Possible dependencies: > > How should we proceed with this patch? I think it's fine to apply it only to 4.19 and 4.14. It's not imperative that the older kernels get it. People building those kernels should already have their tools in place; it's not like we expect *new* users of ancient kernels, who will be tripped up by this.

6 years, 9 months

1
0
0 0

[PATCH v2] Return only active connectors for get_resources ioctl

by Stanislav Lisovskiy

Currently kernel might allocate different connector ids for the same outputs in case of DP MST, which seems to confuse userspace. There are can be different connector ids in the list, which could be assigned to the same output, while being in different states. This results in issues, like external displays staying blank after quick unplugging and plugging back(bug #106250). Returning only active DP connectors fixes the issue. v2: Removed caps from the title Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106250 Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy(a)intel.com> --- drivers/gpu/drm/drm_mode_config.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/drm_mode_config.c b/drivers/gpu/drm/drm_mode_config.c index ee80788f2c40..ec5b2b08a45e 100644 --- a/drivers/gpu/drm/drm_mode_config.c +++ b/drivers/gpu/drm/drm_mode_config.c @@ -143,6 +143,7 @@ int drm_mode_getresources(struct drm_device *dev, void *data, drm_connector_list_iter_begin(dev, &conn_iter); count = 0; connector_id = u64_to_user_ptr(card_res->connector_id_ptr); + DRM_DEBUG_KMS("GetResources: writing connectors start"); drm_for_each_connector_iter(connector, &conn_iter) { /* only expose writeback connectors if userspace understands them */ if (!file_priv->writeback_connectors && @@ -150,15 +151,20 @@ int drm_mode_getresources(struct drm_device *dev, void *data, continue; if (drm_lease_held(file_priv, connector->base.id)) { - if (count < card_res->count_connectors && - put_user(connector->base.id, connector_id + count)) { - drm_connector_list_iter_end(&conn_iter); - return -EFAULT; + if (connector->connector_type != DRM_MODE_CONNECTOR_DisplayPort || + connector->status != connector_status_disconnected) { + if (count < card_res->count_connectors && + put_user(connector->base.id, connector_id + count)) { + drm_connector_list_iter_end(&conn_iter); + return -EFAULT; + } + DRM_DEBUG_KMS("GetResources: connector %s", connector->name); + count++; } - count++; } } card_res->count_connectors = count; + DRM_DEBUG_KMS("GetResources: writing connectors end - count %d", count); drm_connector_list_iter_end(&conn_iter); return ret; -- 2.17.1

6 years, 9 months

3
7
0 0

[PATCH 4.14 00/62] 4.14.84-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.84 release. There are 62 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Nov 28 10:50:20 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.84-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.84-rc1 Ilya Dryomov <idryomov(a)gmail.com> libceph: fall back to sendmsg for slab pages Eric Biggers <ebiggers(a)google.com> HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges Hans de Goede <hdegoede(a)redhat.com> ACPI / platform: Add SMB0001 HID to forbidden_id_list Gustavo A. R. Silva <gustavo(a)embeddedor.com> drivers/misc/sgi-gru: fix Spectre v1 vulnerability Johan Hovold <johan(a)kernel.org> mtd: rawnand: atmel: fix OF child-node lookup Mattias Jacobsson <2pi(a)mok.nu> USB: misc: appledisplay: add 20" Apple Cinema Display Nathan Chancellor <natechancellor(a)gmail.com> misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data Emmanuel Pescosta <emmanuelpescosta099(a)gmail.com> usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB Kai-Heng Feng <kai.heng.feng(a)canonical.com> USB: quirks: Add no-lpm quirk for Raydium touchscreens Maarten Jacobs <maarten256(a)outlook.com> usb: cdc-acm: add entry for Hiro (Conexant) modem Dan Carpenter <dan.carpenter(a)oracle.com> uio: Fix an Oops on load Aaro Koskinen <aaro.koskinen(a)iki.fi> MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Add subscription to list before calling "add" operation Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/ldt: Unmap PTEs for the slot before freeing LDT pages Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/mm: Move LDT remap out of KASLR region on 5-level paging Adrian Hunter <adrian.hunter(a)intel.com> perf test code-reading: Fix perf_env setup for PTI entry trampolines Adrian Hunter <adrian.hunter(a)intel.com> perf machine: Workaround missing maps for x86 PTI entry trampolines Adrian Hunter <adrian.hunter(a)intel.com> perf machine: Add nr_cpus_avail() Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix kernel_start for PTI on x86 Adrian Hunter <adrian.hunter(a)intel.com> perf machine: Add machine__is() to identify machine arch Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM YueHaibing <yuehaibing(a)huawei.com> SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() Minchan Kim <minchan(a)kernel.org> zram: close udev startup race condition as default groups Thor Thayer <thor.thayer(a)linux.intel.com> net: stmmac: Fix RX packet size > 8191 Sagiv Ozeri <sagiv.ozeri(a)cavium.com> qed: Fix potential memory corruption Denis Bolotin <denis.bolotin(a)cavium.com> qed: Fix blocking/unlimited SPQ entries leak Denis Bolotin <denis.bolotin(a)cavium.com> qed: Fix memory/entry leak in qed_init_sp_request() Jacob Keller <jacob.e.keller(a)intel.com> i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features Gustavo Romero <gromero(a)linux.vnet.ibm.com> perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so Valentin Schneider <valentin.schneider(a)arm.com> sched/core: Take the hotplug lock in sched_init_smp() Vignesh R <vigneshr(a)ti.com> i2c: omap: Enable for ARCH_K3 Thomas Richter <tmricht(a)linux.ibm.com> s390/perf: Change CPUM_CF return code in event init function Jeremy Linton <jeremy.linton(a)arm.com> lib/raid6: Fix arm64 test build Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> clk: fixed-factor: fix of_node_get-put imbalance Inki Dae <inki.dae(a)samsung.com> Revert "drm/exynos/decon5433: implement frame counter" Geert Uytterhoeven <geert(a)linux-m68k.org> hwmon: (ibmpowernv) Remove bogus __init annotations Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix HiperSockets sniffer Taehee Yoo <ap420073(a)gmail.com> netfilter: xt_IDLETIMER: add sysfs filename checking routine Jozsef Kadlecsik <kadlec(a)blackhole.kfki.hu> netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() Justin M. Forbes <jforbes(a)fedoraproject.org> s390/mm: Fix ERROR: "__node_distance" undefined! Eric Westbrook <eric(a)westbrook.io> netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net Stefano Brivio <sbrivio(a)redhat.com> netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace Vasily Gorbik <gor(a)linux.ibm.com> s390/vdso: add missing FORCE to build targets Nathan Chancellor <natechancellor(a)gmail.com> arm64: percpu: Initialize ret in the default case Paul Gortmaker <paul.gortmaker(a)windriver.com> platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 Feng Tang <feng.tang(a)intel.com> x86/earlyprintk: Add a force option for pciserial device Zubin Mithra <zsm(a)chromium.org> apparmor: Fix uninitialized value in aa_split_fqname Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: exynos5420: Enable PERIS clocks for suspend Chengguang Xu <cgxu519(a)gmx.com> fs/exofs: fix potential memory leak in mount option parsing David Miller <davem(a)davemloft.net> perf symbols: Set PLT entry/header sizes properly on Sparc Alan Tull <atull(a)kernel.org> clk: fixed-rate: fix of_node_get-put imbalance Rajneesh Bhardwaj <rajneesh.bhardwaj(a)linux.intel.com> platform/x86: intel_telemetry: report debugfs failure Lee, Shawn C <shawn.c.lee(a)intel.com> drm/edid: Add 6 bpc quirk for BOE panel. Richard Weinberger <richard(a)nod.at> um: Give start_idle_thread() a return code Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfsplus: prevent btree data loss on root split Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfs: prevent btree data loss on root split Jann Horn <jannh(a)google.com> reiserfs: propagate errors from fill_with_dentries() properly Radoslaw Tyl <radoslawx.tyl(a)intel.com> ixgbe: fix MAC anti-spoofing filter after VFLR Keith Busch <keith.busch(a)intel.com> nvme-pci: fix conflicting p2p resource adds Anders Roxell <anders.roxell(a)linaro.org> arm64: kprobe: make page to RO mode when allocate it Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: fix return value for cifs_listxattr Colin Ian King <colin.king(a)canonical.com> cifs: don't dereference smb_file_target before null check ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 6 +- Documentation/x86/x86_64/mm.txt | 10 +- Makefile | 4 +- arch/arm64/include/asm/percpu.h | 3 + arch/arm64/kernel/probes/kprobes.c | 27 +++-- arch/mips/configs/cavium_octeon_defconfig | 1 + arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/vdso32/Makefile | 6 +- arch/s390/kernel/vdso64/Makefile | 6 +- arch/s390/numa/numa.c | 1 + arch/um/os-Linux/skas/process.c | 5 + arch/x86/include/asm/page_64_types.h | 12 ++- arch/x86/include/asm/pgtable_64_types.h | 7 +- arch/x86/kernel/early_printk.c | 29 ++++-- arch/x86/kernel/ldt.c | 49 ++++++--- arch/x86/xen/mmu_pv.c | 6 +- drivers/acpi/acpi_platform.c | 1 + drivers/acpi/acpi_watchdog.c | 72 ++++++++----- drivers/block/zram/zram_drv.c | 26 ++--- drivers/clk/clk-fixed-factor.c | 1 + drivers/clk/clk-fixed-rate.c | 1 + drivers/clk/samsung/clk-exynos5420.c | 1 + drivers/gpu/drm/drm_edid.c | 3 + drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 9 -- drivers/gpu/drm/exynos/exynos_drm_crtc.c | 11 -- drivers/gpu/drm/exynos/exynos_drm_drv.h | 1 - drivers/hid/uhid.c | 12 +++ drivers/hwmon/ibmpowernv.c | 7 +- drivers/i2c/busses/Kconfig | 2 +- drivers/media/v4l2-core/v4l2-event.c | 43 ++++---- drivers/misc/atmel-ssc.c | 2 +- drivers/misc/sgi-gru/grukdump.c | 4 + drivers/mtd/nand/atmel/nand-controller.c | 11 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_sp.h | 3 + drivers/net/ethernet/qlogic/qed/qed_sp_commands.c | 16 ++- drivers/net/ethernet/qlogic/qed/qed_spq.c | 69 ++++++------- drivers/net/ethernet/stmicro/stmmac/common.h | 3 +- drivers/net/ethernet/stmicro/stmmac/descs_com.h | 2 +- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 2 +- drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 2 +- drivers/nvme/host/pci.c | 5 +- drivers/platform/x86/acerhdf.c | 1 + drivers/platform/x86/intel_telemetry_debugfs.c | 8 +- drivers/s390/net/qeth_l3_main.c | 8 +- drivers/uio/uio.c | 7 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/quirks.c | 8 ++ drivers/usb/misc/appledisplay.c | 1 + fs/cifs/cifsfs.c | 7 +- fs/cifs/smb2ops.c | 11 +- fs/exofs/super.c | 5 +- fs/hfs/brec.c | 4 + fs/hfsplus/brec.c | 4 + fs/reiserfs/xattr.c | 7 ++ include/linux/netfilter/ipset/ip_set.h | 2 +- include/linux/netfilter/ipset/ip_set_comment.h | 4 +- kernel/sched/core.c | 5 +- lib/raid6/test/Makefile | 4 +- net/ceph/messenger.c | 12 ++- net/netfilter/ipset/ip_set_core.c | 23 ++--- net/netfilter/ipset/ip_set_hash_netportnet.c | 8 +- net/netfilter/ipset/ip_set_list_set.c | 17 ++-- net/netfilter/xt_IDLETIMER.c | 20 ++++ net/sunrpc/xdr.c | 2 +- security/apparmor/lib.c | 6 +- tools/perf/jvmti/jvmti_agent.c | 49 +++++++-- tools/perf/tests/code-reading.c | 1 + tools/perf/util/env.c | 32 ++++++ tools/perf/util/env.h | 4 + tools/perf/util/machine.c | 117 +++++++++++++++++++++- tools/perf/util/machine.h | 6 ++ tools/perf/util/symbol-elf.c | 12 ++- tools/perf/util/symbol.c | 12 ++- 75 files changed, 637 insertions(+), 262 deletions(-)

6 years, 9 months

11
79
0 0

FAILED: patch "[PATCH] dax: Avoid losing wakeup in dax_lock_mapping_entry" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 25bbe21bf427a81b8e3ccd480ea0e1d940256156 Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <willy(a)infradead.org> Date: Fri, 16 Nov 2018 15:50:02 -0500 Subject: [PATCH] dax: Avoid losing wakeup in dax_lock_mapping_entry After calling get_unlocked_entry(), you have to call put_unlocked_entry() to avoid subsequent waiters losing wakeups. Fixes: c2a7d2a11552 ("filesystem-dax: Introduce dax_lock_mapping_entry()") Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Wilcox <willy(a)infradead.org> diff --git a/fs/dax.c b/fs/dax.c index cf2394e2bf4b..9bcce89ea18e 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -391,6 +391,7 @@ bool dax_lock_mapping_entry(struct page *page) rcu_read_unlock(); entry = get_unlocked_entry(&xas); xas_unlock_irq(&xas); + put_unlocked_entry(&xas, entry); rcu_read_lock(); continue; }

6 years, 9 months

4
4
0 0

[PATCH] xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc

by Cherian, George

From: "Cherian, George" <George.Cherian(a)cavium.com> commit 11644a7659529730eaf2f166efaabe7c3dc7af8c upstream Implement workaround for ThunderX2 Errata-129 (documented in CN99XX Known Issues" available at Cavium support site). As per ThunderX2errata-129, USB 2 device may come up as USB 1 if a connection to a USB 1 device is followed by another connection to a USB 2 device, the link will come up as USB 1 for the USB 2 device. Resolution: Reset the PHY after the USB 1 device is disconnected. The PHY reset sequence is done using private registers in XHCI register space. After the PHY is reset we check for the PLL lock status and retry the operation if it fails. From our tests, retrying 4 times is sufficient. Add a new quirk flag XHCI_RESET_PLL_ON_DISCONNECT to invoke the workaround in handle_xhci_port_status(). Cc: stable(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 4.14.x: 36b6857: xhci: Allow more than 32 quirks Signed-off-by: George Cherian <george.cherian(a)cavium.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- There is a conflict while cherry-pick of 36b6857: xhci: Allow more than 32 quirks. It is trivial to resolve. Let me know in case if it is an issue. drivers/usb/host/xhci-pci.c | 5 +++++ drivers/usb/host/xhci-ring.c | 35 ++++++++++++++++++++++++++++++++++- drivers/usb/host/xhci.h | 1 + 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 9218f506f8e3..4b07b6859b4c 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -236,6 +236,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->vendor == PCI_VENDOR_ID_TI && pdev->device == 0x8241) xhci->quirks |= XHCI_LIMIT_ENDPOINT_INTERVAL_7; + if ((pdev->vendor == PCI_VENDOR_ID_BROADCOM || + pdev->vendor == PCI_VENDOR_ID_CAVIUM) && + pdev->device == 0x9026) + xhci->quirks |= XHCI_RESET_PLL_ON_DISCONNECT; + if (xhci->quirks & XHCI_RESET_ON_RESUME) xhci_dbg_trace(xhci, trace_xhci_dbg_quirks, "QUIRK: Resetting on resume"); diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 6996235e34a9..ea35f346d26b 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1568,6 +1568,35 @@ static void handle_device_notification(struct xhci_hcd *xhci, usb_wakeup_notification(udev->parent, udev->portnum); } +/* + * Quirk hanlder for errata seen on Cavium ThunderX2 processor XHCI + * Controller. + * As per ThunderX2errata-129 USB 2 device may come up as USB 1 + * If a connection to a USB 1 device is followed by another connection + * to a USB 2 device. + * + * Reset the PHY after the USB device is disconnected if device speed + * is less than HCD_USB3. + * Retry the reset sequence max of 4 times checking the PLL lock status. + * + */ +static void xhci_cavium_reset_phy_quirk(struct xhci_hcd *xhci) +{ + struct usb_hcd *hcd = xhci_to_hcd(xhci); + u32 pll_lock_check; + u32 retry_count = 4; + + do { + /* Assert PHY reset */ + writel(0x6F, hcd->regs + 0x1048); + udelay(10); + /* De-assert the PHY reset */ + writel(0x7F, hcd->regs + 0x1048); + udelay(200); + pll_lock_check = readl(hcd->regs + 0x1070); + } while (!(pll_lock_check & 0x1) && --retry_count); +} + static void handle_port_status(struct xhci_hcd *xhci, union xhci_trb *event) { @@ -1725,9 +1754,13 @@ static void handle_port_status(struct xhci_hcd *xhci, goto cleanup; } - if (hcd->speed < HCD_USB3) + if (hcd->speed < HCD_USB3) { xhci_test_and_clear_bit(xhci, port_array, faked_port_index, PORT_PLC); + if ((xhci->quirks & XHCI_RESET_PLL_ON_DISCONNECT) && + (portsc & PORT_CSC) && !(portsc & PORT_CONNECT)) + xhci_cavium_reset_phy_quirk(xhci); + } cleanup: /* Update event ring dequeue pointer before dropping the lock */ diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index d7d2a3dfafb8..84457fc192fc 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1836,6 +1836,7 @@ struct xhci_hcd { #define XHCI_U2_DISABLE_WAKE BIT_ULL(27) #define XHCI_ASMEDIA_MODIFY_FLOWCONTROL BIT_ULL(28) #define XHCI_SUSPEND_DELAY BIT_ULL(30) +#define XHCI_RESET_PLL_ON_DISCONNECT BIT_ULL(34) unsigned int num_active_eps; unsigned int limit_active_eps; -- 2.19.2

6 years, 9 months

2
1
0 0

[PATCH AUTOSEL 3.18 1/6] iommu/ipmmu-vmsa: Fix crash on early domain free

by Sasha Levin

From: Geert Uytterhoeven <geert+renesas(a)glider.be> [ Upstream commit e5b78f2e349eef5d4fca5dc1cf5a3b4b2cc27abd ] If iommu_ops.add_device() fails, iommu_ops.domain_free() is still called, leading to a crash, as the domain was only partially initialized: ipmmu-vmsa e67b0000.mmu: Cannot accommodate DMA translation for IOMMU page tables sata_rcar ee300000.sata: Unable to initialize IPMMU context iommu: Failed to add device ee300000.sata to group 0: -22 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 ... Call trace: ipmmu_domain_free+0x1c/0xa0 iommu_group_release+0x48/0x68 kobject_put+0x74/0xe8 kobject_del.part.0+0x3c/0x50 kobject_put+0x60/0xe8 iommu_group_get_for_dev+0xa8/0x1f0 ipmmu_add_device+0x1c/0x40 of_iommu_configure+0x118/0x190 Fix this by checking if the domain's context already exists, before trying to destroy it. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Fixes: d25a2a16f0889 ('iommu: Add driver for Renesas VMSA-compatible IPMMU') Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iommu/ipmmu-vmsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iommu/ipmmu-vmsa.c b/drivers/iommu/ipmmu-vmsa.c index 7dab5cbcc775..47e8db51288b 100644 --- a/drivers/iommu/ipmmu-vmsa.c +++ b/drivers/iommu/ipmmu-vmsa.c @@ -383,6 +383,9 @@ static int ipmmu_domain_init_context(struct ipmmu_vmsa_domain *domain) static void ipmmu_domain_destroy_context(struct ipmmu_vmsa_domain *domain) { + if (!domain->mmu) + return; + /* * Disable the context. Flush the TLB as required when modifying the * context registers. -- 2.17.1

6 years, 9 months

1
5
0 0

[PATCH AUTOSEL 4.4 01/13] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()

by Sasha Levin

From: Lu Baolu <baolu.lu(a)linux.intel.com> [ Upstream commit 19ed3e2dd8549c1a34914e8dad01b64e7837645a ] When handling page request without pasid event, go to "no_pasid" branch instead of "bad_req". Otherwise, a NULL pointer deference will happen there. Cc: Ashok Raj <ashok.raj(a)intel.com> Cc: Jacob Pan <jacob.jun.pan(a)linux.intel.com> Cc: Sohil Mehta <sohil.mehta(a)intel.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Fixes: a222a7f0bb6c9 'iommu/vt-d: Implement page request handling' Signed-off-by: Joerg Roedel <jroedel(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iommu/intel-svm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/intel-svm.c b/drivers/iommu/intel-svm.c index 10068a481e22..cbde03e509c1 100644 --- a/drivers/iommu/intel-svm.c +++ b/drivers/iommu/intel-svm.c @@ -558,7 +558,7 @@ static irqreturn_t prq_event_thread(int irq, void *d) pr_err("%s: Page request without PASID: %08llx %08llx\n", iommu->name, ((unsigned long long *)req)[0], ((unsigned long long *)req)[1]); - goto bad_req; + goto no_pasid; } if (!svm || svm->pasid != req->pasid) { -- 2.17.1

6 years, 9 months

1
12
0 0

[PATCH AUTOSEL 4.9 01/18] media: omap3isp: Unregister media device as first

by Sasha Levin

From: Sakari Ailus <sakari.ailus(a)linux.intel.com> [ Upstream commit 30efae3d789cd0714ef795545a46749236e29558 ] While there are issues related to object lifetime management, unregister the media device first when the driver is being unbound. This is slightly safer. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/platform/omap3isp/isp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/platform/omap3isp/isp.c b/drivers/media/platform/omap3isp/isp.c index 1e98b4845ea1..a21b12c5c085 100644 --- a/drivers/media/platform/omap3isp/isp.c +++ b/drivers/media/platform/omap3isp/isp.c @@ -1591,6 +1591,8 @@ static void isp_pm_complete(struct device *dev) static void isp_unregister_entities(struct isp_device *isp) { + media_device_unregister(&isp->media_dev); + omap3isp_csi2_unregister_entities(&isp->isp_csi2a); omap3isp_ccp2_unregister_entities(&isp->isp_ccp2); omap3isp_ccdc_unregister_entities(&isp->isp_ccdc); @@ -1601,7 +1603,6 @@ static void isp_unregister_entities(struct isp_device *isp) omap3isp_stat_unregister_entities(&isp->isp_hist); v4l2_device_unregister(&isp->v4l2_dev); - media_device_unregister(&isp->media_dev); media_device_cleanup(&isp->media_dev); } -- 2.17.1

6 years, 9 months

1
17
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror