- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] tty: pl011: Avoid spuriously stuck-off interrupts" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4a7e625ce50412a7711efa0f2ef0b96ce3826759 Mon Sep 17 00:00:00 2001 From: Dave Martin <Dave.Martin(a)arm.com> Date: Thu, 10 May 2018 18:08:23 +0100 Subject: [PATCH] tty: pl011: Avoid spuriously stuck-off interrupts Commit 9b96fbacda34 ("serial: PL011: clear pending interrupts") clears the RX and receive timeout interrupts on pl011 startup, to avoid a screaming-interrupt scenario that can occur when the firmware or bootloader leaves these interrupts asserted. This has been noted as an issue when running Linux on qemu [1]. Unfortunately, the above fix seems to lead to potential misbehaviour if the RX FIFO interrupt is asserted _non_ spuriously on driver startup, if the RX FIFO is also already full to the trigger level. Clearing the RX FIFO interrupt does not change the FIFO fill level. In this scenario, because the interrupt is now clear and because the FIFO is already full to the trigger level, no new assertion of the RX FIFO interrupt can occur unless the FIFO is drained back below the trigger level. This never occurs because the pl011 driver is waiting for an RX FIFO interrupt to tell it that there is something to read, and does not read the FIFO at all until that interrupt occurs. Thus, simply clearing "spurious" interrupts on startup may be misguided, since there is no way to be sure that the interrupts are truly spurious, and things can go wrong if they are not. This patch instead clears the interrupt condition by draining the RX FIFO during UART startup, after clearing any potentially spurious interrupt. This should ensure that an interrupt will definitely be asserted if the RX FIFO subsequently becomes sufficiently full. The drain is done at the point of enabling interrupts only. This means that it will occur any time the UART is newly opened through the tty layer. It will not apply to polled-mode use of the UART by kgdboc: since that scenario cannot use interrupts by design, this should not matter. kgdboc will interact badly with "normal" use of the UART in any case: this patch makes no attempt to paper over such issues. This patch does not attempt to address the case where the RX FIFO fills faster than it can be drained: that is a pathological hardware design problem that is beyond the scope of the driver to work around. As a failsafe, the number of poll iterations for draining the FIFO is limited to twice the FIFO size. This will ensure that the kernel at least boots even if it is impossible to drain the FIFO for some reason. [1] [Qemu-devel] [Qemu-arm] [PATCH] pl011: do not put into fifo before enabled the interruption https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg06446.html Reported-by: Wei Xu <xuwei5(a)hisilicon.com> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Peter Maydell <peter.maydell(a)linaro.org> Fixes: 9b96fbacda34 ("serial: PL011: clear pending interrupts") Signed-off-by: Dave Martin <Dave.Martin(a)arm.com> Cc: stable <stable(a)vger.kernel.org> Tested-by: Wei Xu <xuwei5(a)hisilicon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c index 4b40a5b449ee..ebd33c0232e6 100644 --- a/drivers/tty/serial/amba-pl011.c +++ b/drivers/tty/serial/amba-pl011.c @@ -1727,10 +1727,26 @@ static int pl011_allocate_irq(struct uart_amba_port *uap) */ static void pl011_enable_interrupts(struct uart_amba_port *uap) { + unsigned int i; + spin_lock_irq(&uap->port.lock); /* Clear out any spuriously appearing RX interrupts */ pl011_write(UART011_RTIS | UART011_RXIS, uap, REG_ICR); + + /* + * RXIS is asserted only when the RX FIFO transitions from below + * to above the trigger threshold. If the RX FIFO is already + * full to the threshold this can't happen and RXIS will now be + * stuck off. Drain the RX FIFO explicitly to fix this: + */ + for (i = 0; i < uap->fifosize * 2; ++i) { + if (pl011_read(uap, REG_FR) & UART01x_FR_RXFE) + break; + + pl011_read(uap, REG_DR); + } + uap->im = UART011_RTIM; if (!pl011_dma_rx_running(uap)) uap->im |= UART011_RXIM;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] serial: 8250: omap: Fix idling of clocks for unused uarts" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 13dc04d0e5fdc25c8f713ad23fdce51cf2bf96ba Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Fri, 4 May 2018 10:44:09 -0700 Subject: [PATCH] serial: 8250: omap: Fix idling of clocks for unused uarts I noticed that unused UARTs won't necessarily idle properly always unless at least one byte tx transfer is done first. After some debugging I narrowed down the problem to the scr register dma configuration bits that need to be set before softreset for the clocks to idle. Unless we do this, the module clkctrl idlest bits may be set to 1 instead of 3 meaning the clock will never idle and is blocking deeper idle states for the whole domain. This might be related to the configuration done by the bootloader or kexec booting where certain configurations cause the 8250 or the clkctrl clock to jam in a way where setting of the scr bits and reset is needed to clear it. I've tried diffing the 8250 registers for the various modes, but did not see anything specific. So far I've only seen this on omap4 but I'm suspecting this might also happen on the other clkctrl using SoCs considering they already have a quirk enabled for UART_ERRATA_CLOCK_DISABLE. Let's fix the issue by configuring scr before reset for basic dma even if we don't use it. The scr register will be reset when we do softreset few lines after, and we restore scr on resume. We should do this for all the SoCs with UART_ERRATA_CLOCK_DISABLE quirk flag set since the ones with UART_ERRATA_CLOCK_DISABLE are all based using clkctrl similar to omap4. Looks like both OMAP_UART_SCR_DMAMODE_1 | OMAP_UART_SCR_DMAMODE_CTL bits are needed for the clkctrl to idle after a softreset. And we need to add omap4 to also use the UART_ERRATA_CLOCK_DISABLE for the related workaround to be enabled. This same compatible value will also be used for omap5. Fixes: cdb929e4452a ("serial: 8250_omap: workaround errata around idling UART after using DMA") Cc: Keerthy <j-keerthy(a)ti.com> Cc: Matthijs van Duin <matthijsvanduin(a)gmail.com> Cc: Sekhar Nori <nsekhar(a)ti.com> Cc: Tero Kristo <t-kristo(a)ti.com> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index 6aaa84355fd1..1b337fee07ed 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1110,13 +1110,14 @@ static int omap8250_no_handle_irq(struct uart_port *port) return 0; } +static const u8 omap4_habit = UART_ERRATA_CLOCK_DISABLE; static const u8 am3352_habit = OMAP_DMA_TX_KICK | UART_ERRATA_CLOCK_DISABLE; static const u8 dra742_habit = UART_ERRATA_CLOCK_DISABLE; static const struct of_device_id omap8250_dt_ids[] = { { .compatible = "ti,omap2-uart" }, { .compatible = "ti,omap3-uart" }, - { .compatible = "ti,omap4-uart" }, + { .compatible = "ti,omap4-uart", .data = &omap4_habit, }, { .compatible = "ti,am3352-uart", .data = &am3352_habit, }, { .compatible = "ti,am4372-uart", .data = &am3352_habit, }, { .compatible = "ti,dra742-uart", .data = &dra742_habit, }, @@ -1362,6 +1363,19 @@ static int omap8250_soft_reset(struct device *dev) int sysc; int syss; + /* + * At least on omap4, unused uarts may not idle after reset without + * a basic scr dma configuration even with no dma in use. The + * module clkctrl status bits will be 1 instead of 3 blocking idle + * for the whole clockdomain. The softreset below will clear scr, + * and we restore it on resume so this is safe to do on all SoCs + * needing omap8250_soft_reset() quirk. Do it in two writes as + * recommended in the comment for omap8250_update_scr(). + */ + serial_out(up, UART_OMAP_SCR, OMAP_UART_SCR_DMAMODE_1); + serial_out(up, UART_OMAP_SCR, + OMAP_UART_SCR_DMAMODE_1 | OMAP_UART_SCR_DMAMODE_CTL); + sysc = serial_in(up, UART_OMAP_SYSC); /* softreset the UART */

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 05645366f3893c160bd39ca49f3fe2f2f026f58b Mon Sep 17 00:00:00 2001 From: Mayank Rana <mrana(a)codeaurora.org> Date: Fri, 23 Mar 2018 10:05:33 -0700 Subject: [PATCH] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue dwc3_ep_dequeue() waits for completion of End Transfer command using wait_event_lock_irq(), which will release the dwc3->lock while waiting and reacquire after completion. This allows a potential race condition with ep_disable() which also removes all requests from started_list and pending_list. The check for NULL r->trb should catch this but currently it exits to the wrong 'out1' label which calls dwc3_gadget_giveback(). Since its list entry was already removed, if CONFIG_DEBUG_LIST is enabled a 'list_del corruption' bug is thrown since its next/prev pointers are already LIST_POISON1/2. If r->trb is NULL it should simply exit to 'out0'. Fixes: cf3113d893d4 ("usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Mayank Rana <mrana(a)codeaurora.org> Signed-off-by: Jack Pham <jackp(a)codeaurora.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index eeb30133878e..69bf137aab37 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1395,7 +1395,7 @@ static int dwc3_gadget_ep_dequeue(struct usb_ep *ep, dwc->lock); if (!r->trb) - goto out1; + goto out0; if (r->num_pending_sgs) { struct dwc3_trb *trb;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 05645366f3893c160bd39ca49f3fe2f2f026f58b Mon Sep 17 00:00:00 2001 From: Mayank Rana <mrana(a)codeaurora.org> Date: Fri, 23 Mar 2018 10:05:33 -0700 Subject: [PATCH] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue dwc3_ep_dequeue() waits for completion of End Transfer command using wait_event_lock_irq(), which will release the dwc3->lock while waiting and reacquire after completion. This allows a potential race condition with ep_disable() which also removes all requests from started_list and pending_list. The check for NULL r->trb should catch this but currently it exits to the wrong 'out1' label which calls dwc3_gadget_giveback(). Since its list entry was already removed, if CONFIG_DEBUG_LIST is enabled a 'list_del corruption' bug is thrown since its next/prev pointers are already LIST_POISON1/2. If r->trb is NULL it should simply exit to 'out0'. Fixes: cf3113d893d4 ("usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Mayank Rana <mrana(a)codeaurora.org> Signed-off-by: Jack Pham <jackp(a)codeaurora.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index eeb30133878e..69bf137aab37 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1395,7 +1395,7 @@ static int dwc3_gadget_ep_dequeue(struct usb_ep *ep, dwc->lock); if (!r->trb) - goto out1; + goto out0; if (r->num_pending_sgs) { struct dwc3_trb *trb;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 05645366f3893c160bd39ca49f3fe2f2f026f58b Mon Sep 17 00:00:00 2001 From: Mayank Rana <mrana(a)codeaurora.org> Date: Fri, 23 Mar 2018 10:05:33 -0700 Subject: [PATCH] usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue dwc3_ep_dequeue() waits for completion of End Transfer command using wait_event_lock_irq(), which will release the dwc3->lock while waiting and reacquire after completion. This allows a potential race condition with ep_disable() which also removes all requests from started_list and pending_list. The check for NULL r->trb should catch this but currently it exits to the wrong 'out1' label which calls dwc3_gadget_giveback(). Since its list entry was already removed, if CONFIG_DEBUG_LIST is enabled a 'list_del corruption' bug is thrown since its next/prev pointers are already LIST_POISON1/2. If r->trb is NULL it should simply exit to 'out0'. Fixes: cf3113d893d4 ("usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Mayank Rana <mrana(a)codeaurora.org> Signed-off-by: Jack Pham <jackp(a)codeaurora.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index eeb30133878e..69bf137aab37 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -1395,7 +1395,7 @@ static int dwc3_gadget_ep_dequeue(struct usb_ep *ep, dwc->lock); if (!r->trb) - goto out1; + goto out0; if (r->num_pending_sgs) { struct dwc3_trb *trb;

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: udc: renesas_usb3: should remove debugfs" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 1990cf7c21ea185cec98c6d45a82c04481261e35 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Date: Tue, 10 Apr 2018 14:38:50 +0900 Subject: [PATCH] usb: gadget: udc: renesas_usb3: should remove debugfs This patch fixes an issue that this driver doesn't remove its debugfs. Fixes: 43ba968b00ea ("usb: gadget: udc: renesas_usb3: add debugfs to set the b-device mode") Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Simon Horman <horms+renesas(a)verge.net.au> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index 409cde4e6a51..4ef2386c3ac4 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -333,6 +333,7 @@ struct renesas_usb3 { struct extcon_dev *extcon; struct work_struct extcon_work; struct phy *phy; + struct dentry *dentry; struct renesas_usb3_ep *usb3_ep; int num_usb3_eps; @@ -2393,8 +2394,12 @@ static void renesas_usb3_debugfs_init(struct renesas_usb3 *usb3, file = debugfs_create_file("b_device", 0644, root, usb3, &renesas_usb3_b_device_fops); - if (!file) + if (!file) { dev_info(dev, "%s: Can't create debugfs mode\n", __func__); + debugfs_remove_recursive(root); + } else { + usb3->dentry = root; + } } /*------- platform_driver ------------------------------------------------*/ @@ -2402,6 +2407,7 @@ static int renesas_usb3_remove(struct platform_device *pdev) { struct renesas_usb3 *usb3 = platform_get_drvdata(pdev); + debugfs_remove_recursive(usb3->dentry); device_remove_file(&pdev->dev, &dev_attr_role); usb_del_gadget_udc(&usb3->gadget);

7 years, 2 months

1
0
0 0

Please apply 7d18f0a14aa6a ("gpio: No Null owner") to 4.4.y, 4.9.y, 4.14.y

by Daniel Rosenberg

7d18f0a14aa6a0d6bad39111c1fb655f07f71d59 ("gpio: No NULL owner") fixes an issue from 24e78079bf2250874e33da2e7cfbb6db72d3caf4 ("gpio: label descriptors using the device name") which has been included in stable branches. It handles the case where GPIOs are fetched with a NULL parent device. The patch originally went in in 4.15, so more recent branches shouldn't have that issue. -Daniel Rosenberg

7 years, 2 months

2
1
0 0

[PATCH v2 1/7] vmw_balloon: fix inflation of 64-bit GFNs

by Nadav Amit

When balloon batching is not supported by the hypervisor, the guest frame number (GFN) must fit in 32-bit. However, due to a bug, this check was mistakenly ignored. In practice, when total RAM is greater than 16TB, the balloon does not work currently, making this bug unlikely to happen. Fixes: ef0f8f112984 ("VMware balloon: partially inline vmballoon_reserve_page.") Cc: stable(a)vger.kernel.org Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index efd733472a35..28e77ab1e136 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -450,7 +450,7 @@ static int vmballoon_send_lock_page(struct vmballoon *b, unsigned long pfn, pfn32 = (u32)pfn; if (pfn32 != pfn) - return -1; + return -EINVAL; STATS_INC(b->stats.lock[false]); @@ -460,7 +460,7 @@ static int vmballoon_send_lock_page(struct vmballoon *b, unsigned long pfn, pr_debug("%s - ppn %lx, hv returns %ld\n", __func__, pfn, status); STATS_INC(b->stats.lock_fail[false]); - return 1; + return -EIO; } static int vmballoon_send_batched_lock(struct vmballoon *b, @@ -597,11 +597,12 @@ static int vmballoon_lock_page(struct vmballoon *b, unsigned int num_pages, locked = vmballoon_send_lock_page(b, page_to_pfn(page), &hv_status, target); - if (locked > 0) { + if (locked) { STATS_INC(b->stats.refused_alloc[false]); - if (hv_status == VMW_BALLOON_ERROR_RESET || - hv_status == VMW_BALLOON_ERROR_PPN_NOTNEEDED) { + if (locked == -EIO && + (hv_status == VMW_BALLOON_ERROR_RESET || + hv_status == VMW_BALLOON_ERROR_PPN_NOTNEEDED)) { vmballoon_free_page(page, false); return -EIO; } @@ -617,7 +618,7 @@ static int vmballoon_lock_page(struct vmballoon *b, unsigned int num_pages, } else { vmballoon_free_page(page, false); } - return -EIO; + return locked; } /* track allocated page */ -- 2.17.0

7 years, 2 months

2
4
0 0

[PULL v2] vhost, virtio

by Michael S. Tsirkin

Page hints are reworked - I dropped them for now. The following changes since commit 29dcea88779c856c7dc92040a0c01233263101d4: Linux 4.17 (2018-06-03 14:15:21 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus for you to fetch changes up to 2eb98105f8c7f4b867f7f714a998f5b8c1bb009b: virtio: update the comments for transport features (2018-06-12 04:59:29 +0300) ---------------------------------------------------------------- virtio, vhost: features, fixes VF support for virtio. DMA barriers for virtio strong barriers. Bugfixes. Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> ---------------------------------------------------------------- Michael S. Tsirkin (2): virtio_ring: switch to dma_XX barriers for rpmsg vhost: fix info leak due to uninitialized memory Tiwei Bie (2): virtio_pci: support enabling VFs virtio: update the comments for transport features drivers/vhost/vhost.c | 3 +++ drivers/virtio/virtio_pci_common.c | 30 ++++++++++++++++++++++++++++++ drivers/virtio/virtio_pci_modern.c | 14 ++++++++++++++ include/linux/virtio_ring.h | 4 ++-- include/uapi/linux/virtio_config.h | 16 ++++++++++++---- 5 files changed, 61 insertions(+), 6 deletions(-)

7 years, 2 months

1
0
0 0

+ mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: zero remaining unavailable struct pages has been added to the -mm tree. Its filename is mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-zero-remaining-unavailable-stru… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-zero-remaining-unavailable-stru… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Subject: mm: zero remaining unavailable struct pages There is a kernel panic that is triggered when reading /proc/kpageflags on the kernel booted with kernel parameter 'memmap=nn[KMG]!ss[KMG]': BUG: unable to handle kernel paging request at fffffffffffffffe PGD 9b20e067 P4D 9b20e067 PUD 9b210067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 2 PID: 1728 Comm: page-types Not tainted 4.17.0-rc6-mm1-v4.17-rc6-180605-0816-00236-g2dfb086ef02c+ #160 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014 RIP: 0010:stable_page_flags+0x27/0x3c0 Code: 00 00 00 0f 1f 44 00 00 48 85 ff 0f 84 a0 03 00 00 41 54 55 49 89 fc 53 48 8b 57 08 48 8b 2f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 01 0f 84 10 03 00 00 31 db 49 8b 54 24 08 4c 89 e7 RSP: 0018:ffffbbd44111fde0 EFLAGS: 00010202 RAX: fffffffffffffffe RBX: 00007fffffffeff9 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000202 RDI: ffffed1182fff5c0 RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000001 R10: ffffbbd44111fed8 R11: 0000000000000000 R12: ffffed1182fff5c0 R13: 00000000000bffd7 R14: 0000000002fff5c0 R15: ffffbbd44111ff10 FS: 00007efc4335a500(0000) GS:ffff93a5bfc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffffe CR3: 00000000b2a58000 CR4: 00000000001406e0 Call Trace: kpageflags_read+0xc7/0x120 proc_reg_read+0x3c/0x60 __vfs_read+0x36/0x170 vfs_read+0x89/0x130 ksys_pread64+0x71/0x90 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7efc42e75e23 Code: 09 00 ba 9f 01 00 00 e8 ab 81 f4 ff 66 2e 0f 1f 84 00 00 00 00 00 90 83 3d 29 0a 2d 00 00 75 13 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 db d3 01 00 48 89 04 24 According to kernel bisection, this problem became visible due to commit f7f99100d8d9 which changes how struct pages are initialized. Memblock layout affects the pfn ranges covered by node/zone. Consider that we have a VM with 2 NUMA nodes and each node has 4GB memory, and the default (no memmap= given) memblock layout is like below: MEMBLOCK configuration: memory size = 0x00000001fff75c00 reserved size = 0x000000000300c000 memory.cnt = 0x4 memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0 memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0 memory[0x2] [0x0000000100000000-0x000000013fffffff], 0x0000000040000000 bytes on node 0 flags: 0x0 memory[0x3] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0 ... If you give memmap=1G!4G (so it just covers memory[0x2]), the range [0x100000000-0x13fffffff] is gone: MEMBLOCK configuration: memory size = 0x00000001bff75c00 reserved size = 0x000000000300c000 memory.cnt = 0x3 memory[0x0] [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0 memory[0x1] [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0 memory[0x2] [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0 ... This causes shrinking node 0's pfn range because it is calculated by the address range of memblock.memory. So some of struct pages in the gap range are left uninitialized. We have a function zero_resv_unavail() which does zeroing the struct pages outside memblock.memory, but currently it covers only the reserved unavailable range (i.e. memblock.memory && !memblock.reserved). This patch extends it to cover all unavailable range, which fixes the reported issue. Link: http://lkml.kernel.org/r/20180613054107.GA5329@hori1.linux.bs1.fc.nec.co.jp Fixes: f7f99100d8d9 ("mm: stop zeroing memory during allocation in vmemmap") Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Tested-by: Oscar Salvador <osalvador(a)suse.de> Cc: Pavel Tatashin <pasha.tatashin(a)oracle.com> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: "Bob Picco" <bob.picco(a)oracle.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Huang Ying <ying.huang(a)intel.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN include/linux/memblock.h~mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem include/linux/memblock.h --- a/include/linux/memblock.h~mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem +++ a/include/linux/memblock.h @@ -236,22 +236,6 @@ void __next_mem_pfn_range(int *idx, int for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved, \ nid, flags, p_start, p_end, p_nid) -/** - * for_each_resv_unavail_range - iterate through reserved and unavailable memory - * @i: u64 used as loop variable - * @flags: pick from blocks based on memory attributes - * @p_start: ptr to phys_addr_t for start address of the range, can be %NULL - * @p_end: ptr to phys_addr_t for end address of the range, can be %NULL - * - * Walks over unavailable but reserved (reserved && !memory) areas of memblock. - * Available as soon as memblock is initialized. - * Note: because this memory does not belong to any physical node, flags and - * nid arguments do not make sense and thus not exported as arguments. - */ -#define for_each_resv_unavail_range(i, p_start, p_end) \ - for_each_mem_range(i, &memblock.reserved, &memblock.memory, \ - NUMA_NO_NODE, MEMBLOCK_NONE, p_start, p_end, NULL) - static inline void memblock_set_region_flags(struct memblock_region *r, unsigned long flags) { diff -puN mm/page_alloc.c~mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem mm/page_alloc.c --- a/mm/page_alloc.c~mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem +++ a/mm/page_alloc.c @@ -6390,25 +6390,40 @@ void __paginginit free_area_init_node(in * struct pages which are reserved in memblock allocator and their fields * may be accessed (for example page_to_pfn() on some configuration accesses * flags). We must explicitly zero those struct pages. + * + * This function also addresses a similar issue where struct pages are left + * uninitialized because the physical address range is not covered by + * memblock.memory or memblock.reserved. That could happen when memblock + * layout is manually configured via memmap=. */ void __paginginit zero_resv_unavail(void) { phys_addr_t start, end; unsigned long pfn; u64 i, pgcnt; + phys_addr_t next = 0; /* - * Loop through ranges that are reserved, but do not have reported - * physical memory backing. + * Loop through unavailable ranges not covered by memblock.memory. */ pgcnt = 0; - for_each_resv_unavail_range(i, &start, &end) { - for (pfn = PFN_DOWN(start); pfn < PFN_UP(end); pfn++) { - if (!pfn_valid(ALIGN_DOWN(pfn, pageblock_nr_pages))) - continue; - mm_zero_struct_page(pfn_to_page(pfn)); - pgcnt++; + for_each_mem_range(i, &memblock.memory, NULL, + NUMA_NO_NODE, MEMBLOCK_NONE, &start, &end, NULL) { + if (next < start) { + for (pfn = PFN_DOWN(next); pfn < PFN_UP(start); pfn++) { + if (!pfn_valid(ALIGN_DOWN(pfn, pageblock_nr_pages))) + continue; + mm_zero_struct_page(pfn_to_page(pfn)); + pgcnt++; + } } + next = end; + } + for (pfn = PFN_DOWN(next); pfn < max_pfn; pfn++) { + if (!pfn_valid(ALIGN_DOWN(pfn, pageblock_nr_pages))) + continue; + mm_zero_struct_page(pfn_to_page(pfn)); + pgcnt++; } /* @@ -6419,7 +6434,7 @@ void __paginginit zero_resv_unavail(void * this code can be removed. */ if (pgcnt) - pr_info("Reserved but unavailable: %lld pages", pgcnt); + pr_info("Zeroed struct page in unavailable ranges: %lld pages", pgcnt); } #endif /* CONFIG_HAVE_MEMBLOCK */ _ Patches currently in -mm which might be from n-horiguchi(a)ah.jp.nec.com are mm-zero-remaining-unavailable-struct-pages-re-kernel-panic-in-reading-proc-kpageflags-when-enabling-ram-simulated-pmem.patch

7 years, 2 months

1
0
0 0

4b66af2d("af_key: Always verify length of provided sadb_key")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a slab OOB read in pfkey_add. Could the following patch be applied to stable kernels for 4.14, 4.4, 3.18, 3.14, 3.10 and 3.8? 4b66af2d("af_key: Always verify length of provided sadb_key") [1] https://syzkaller.appspot.com/bug?id=26cb120b31cd24d984fc16da67f50fb375c432… Thanks, - Zubin

7 years, 2 months

2
1
0 0

[PATCH 3.18 00/21] 3.18.113-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.113 release. There are 21 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jun 14 16:48:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.113-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.113-rc1 Eric Dumazet <edumazet(a)google.com> rtnetlink: validate attributes in do_setlink() Dan Carpenter <dan.carpenter(a)oracle.com> team: use netdev_features_t instead of u32 Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx4: Fix irq-unsafe spinlock usage Daniele Palmas <dnlplm(a)gmail.com> net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Eric Dumazet <edumazet(a)google.com> net/packet: refine check for priv area size Wenwen Wang <wang6495(a)umn.edu> isdn: eicon: fix a missing-check bug Sabrina Dubroca <sd(a)queasysnail.net> ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: set DMA mask to 47 bit Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Julia Lawall <Julia.Lawall(a)lip6.fr> bnx2x: use the right constant Dave Airlie <airlied(a)redhat.com> drm: set FMODE_UNSIGNED_OFFSET for drm files Linus Torvalds <torvalds(a)linux-foundation.org> mmap: relax file size limit for regular files Linus Torvalds <torvalds(a)linux-foundation.org> mmap: introduce sane default mmap limits Hugh Dickins <hughd(a)google.com> mm: fix the NULL mapping case in __isolate_lru_page() Al Viro <viro(a)zeniv.linux.org.uk> fix io_destroy()/aio_complete() race Ondrej Zary <linux(a)rainbow-software.org> drm/i915: Disable LVDS on Radiant P845 Maciej W. Rozycki <macro(a)mips.com> MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs Eric Dumazet <edumazet(a)google.com> tcp: avoid integer overflows in tcp_rcv_space_adjust() Eric Biggers <ebiggers(a)google.com> cfg80211: further limit wiphy names to 64 bytes Sachin Grover <sgrover(a)codeaurora.org> selinux: KASAN: slab-out-of-bounds in xattr_getsecurity Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix crash when freeing instances with event triggers ------------- Diffstat: Makefile | 4 +-- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- drivers/gpu/drm/drm_fops.c | 1 + drivers/gpu/drm/i915/intel_lvds.c | 8 ++++++ drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++------ drivers/isdn/hardware/eicon/diva.h | 5 ++-- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++------ drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 8 +++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +-- drivers/net/team/team.c | 3 ++- drivers/net/usb/cdc_mbim.c | 2 +- fs/aio.c | 3 +-- include/linux/tcp.h | 2 +- include/uapi/linux/nl80211.h | 2 +- kernel/trace/trace_events_trigger.c | 5 ++-- mm/mmap.c | 32 ++++++++++++++++++++++++ mm/vmscan.c | 2 +- net/core/rtnetlink.c | 8 +++--- net/dccp/proto.c | 2 -- net/ipv4/tcp_input.c | 10 +++++--- net/ipv6/ip6mr.c | 3 ++- net/packet/af_packet.c | 2 +- security/selinux/ss/services.c | 2 +- 25 files changed, 105 insertions(+), 49 deletions(-)

7 years, 2 months

5
27
0 0

[Backport request] blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers

by Bart Van Assche

Hello stable kernel maintainers, Please backport patch 327ea4adcfa3 ("blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers") to at least the v4.17.x and v4.14.y stable kernel series. That patch fixes a bug introduced in kernel v4.10. The entire patch is shown below. Thanks, Bart. commit cf0110698846fc5a93df89eb20ac7cc70a860c17 Author: Bart Van Assche <bart.vanassche(a)wdc.com> Date: Tue May 22 08:27:22 2018 -0700 blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers Avoid that complaints similar to the following appear in the kernel log if the number of zones is sufficiently large: fio: page allocation failure: order:9, mode:0x140c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null) Call Trace: dump_stack+0x63/0x88 warn_alloc+0xf5/0x190 __alloc_pages_slowpath+0x8f0/0xb0d __alloc_pages_nodemask+0x242/0x260 alloc_pages_current+0x6a/0xb0 kmalloc_order+0x18/0x50 kmalloc_order_trace+0x26/0xb0 __kmalloc+0x20e/0x220 blkdev_report_zones_ioctl+0xa5/0x1a0 blkdev_ioctl+0x1ba/0x930 block_ioctl+0x41/0x50 do_vfs_ioctl+0xaa/0x610 SyS_ioctl+0x79/0x90 do_syscall_64+0x79/0x1b0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Shaun Tancheff <shaun.tancheff(a)seagate.com> Cc: Damien Le Moal <damien.lemoal(a)hgst.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-zoned.c b/block/blk-zoned.c index 08e84ef2bc05..3d08dc84db16 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -328,7 +328,11 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, if (!rep.nr_zones) return -EINVAL; - zones = kcalloc(rep.nr_zones, sizeof(struct blk_zone), GFP_KERNEL); + if (rep.nr_zones > INT_MAX / sizeof(struct blk_zone)) + return -ERANGE; + + zones = kvmalloc(rep.nr_zones * sizeof(struct blk_zone), + GFP_KERNEL | __GFP_ZERO); if (!zones) return -ENOMEM; @@ -350,7 +354,7 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, } out: - kfree(zones); + kvfree(zones); return ret; }

7 years, 2 months

2
1
0 0

Backport bonding patches to fix active-passive in 4.9

by Nate Clark

Hi, On the latest 4.9 stable active-passive bonding does not always failover to the passive slave when carrier is lost on the active slave. It seems that the issue stems from the backport of c4adfc822bf5d8e97660b6114b5a8892530ce8cb, bonding: make speed, duplex setting consistent with link state. There were subsequent patches which resolved issues with the change to bond_update_speed_duplex which were not backported. The three commits which seem to resolve the issue are b5bf0f5b16b9c316c34df9f31d4be8729eb86845, 3f3c278c94dd994fe0d9f21679ae19b9c0a55292 and ad729bc9acfb7c47112964b4877ef5404578ed13. There are other commits in mainline which also revolve around c4adfc822bf5d8e97660b6114b5a8892530ce8cb but are not necessary to resolving the active-passive failover problems. Would it be possible to queue up the three commits for backporting to 4.9 stable: b5bf0f5b16b9c316c34df9f31d4be8729eb86845 bonding: correctly update link status during mii-commit 3f3c278c94dd994fe0d9f21679ae19b9c0a55292 bonding: fix active-backup transition ad729bc9acfb7c47112964b4877ef5404578ed13 bonding: require speed/duplex only for 802.3ad, alb and tlb All of those commits apply cleanly to 4.9.107. Thanks, -nate

7 years, 2 months

2
1
0 0

[PATCH] blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers

by Bart Van Assche

Avoid that complaints similar to the following appear in the kernel log if the number of zones is sufficiently large: fio: page allocation failure: order:9, mode:0x140c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null) Call Trace: dump_stack+0x63/0x88 warn_alloc+0xf5/0x190 __alloc_pages_slowpath+0x8f0/0xb0d __alloc_pages_nodemask+0x242/0x260 alloc_pages_current+0x6a/0xb0 kmalloc_order+0x18/0x50 kmalloc_order_trace+0x26/0xb0 __kmalloc+0x20e/0x220 blkdev_report_zones_ioctl+0xa5/0x1a0 blkdev_ioctl+0x1ba/0x930 block_ioctl+0x41/0x50 do_vfs_ioctl+0xaa/0x610 SyS_ioctl+0x79/0x90 do_syscall_64+0x79/0x1b0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Shaun Tancheff <shaun.tancheff(a)seagate.com> Cc: Damien Le Moal <damien.lemoal(a)hgst.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: <stable(a)vger.kernel.org> --- block/blk-zoned.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/block/blk-zoned.c b/block/blk-zoned.c index 20bfc37e1852..92e6108487c4 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -328,7 +328,11 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, if (!rep.nr_zones) return -EINVAL; - zones = kcalloc(rep.nr_zones, sizeof(struct blk_zone), GFP_KERNEL); + if (rep.nr_zones > INT_MAX / sizeof(struct blk_zone)) + return -ERANGE; + + zones = kvmalloc(rep.nr_zones * sizeof(struct blk_zone), + GFP_KERNEL | __GFP_ZERO); if (!zones) return -ENOMEM; @@ -350,7 +354,7 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, } out: - kfree(zones); + kvfree(zones); return ret; } -- 2.16.3

7 years, 2 months

3
4
0 0

[PATCH] serdev: fix memleak on module unload

by Johan Hovold

Make sure to free all resources associated with the ida on module exit. Fixes: cd6484e1830b ("serdev: Introduce new bus for serial attached devices") Cc: stable <stable(a)vger.kernel.org> # 4.11 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/serdev/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serdev/core.c b/drivers/tty/serdev/core.c index df93b727e984..9e59f4788589 100644 --- a/drivers/tty/serdev/core.c +++ b/drivers/tty/serdev/core.c @@ -617,6 +617,7 @@ EXPORT_SYMBOL_GPL(__serdev_device_driver_register); static void __exit serdev_exit(void) { bus_unregister(&serdev_bus_type); + ida_destroy(&ctrl_ida); } module_exit(serdev_exit); -- 2.17.1

7 years, 2 months

1
0
0 0

Linux 4.9.108

by Greg KH

I'm announcing the release of the 4.9.108 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 ++++++ Makefile | 2 - arch/x86/kernel/vmlinux.lds.S | 2 - arch/x86/kvm/cpuid.h | 2 - drivers/char/tpm/tpm-chip.c | 13 +++++++++ drivers/char/tpm/tpm-interface.c | 7 +++++ drivers/char/tpm/tpm.h | 1 drivers/gpu/drm/drm_fops.c | 1 drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++----- drivers/isdn/hardware/eicon/diva.h | 5 ++- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++----- drivers/md/dm-bufio.c | 17 +++++------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 - drivers/net/phy/bcm-cygnus.c | 6 ++-- drivers/net/phy/bcm-phy-lib.h | 7 +++++ drivers/net/phy/bcm7xxx.c | 4 +- drivers/net/team/team.c | 3 +- drivers/net/usb/cdc_mbim.c | 2 - drivers/vhost/vhost.c | 3 ++ fs/btrfs/disk-io.c | 3 +- include/linux/compiler-gcc.h | 2 - include/uapi/linux/btrfs_tree.h | 1 mm/mmap.c | 32 +++++++++++++++++++++++ net/core/rtnetlink.c | 8 ++--- net/dccp/proto.c | 2 - net/ipv4/fib_semantics.c | 2 + net/ipv4/ip_sockglue.c | 2 - net/ipv6/ip6_output.c | 3 +- net/ipv6/ip6mr.c | 3 +- net/ipv6/ndisc.c | 6 ++++ net/kcm/kcmsock.c | 2 - net/packet/af_packet.c | 4 +- net/sctp/transport.c | 2 - scripts/Makefile.build | 3 ++ scripts/kconfig/confdata.c | 2 - 38 files changed, 155 insertions(+), 62 deletions(-) Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Anand Jain (1): btrfs: define SUPER_FLAG_METADUMP_V2 Arnd Bergmann (1): dm bufio: avoid false-positive Wmaybe-uninitialized warning Ben Hutchings (1): KVM: VMX: Expose SSBD properly to guests, 4.9 supplement Chris Chiu (1): tpm: self test failure should not cause suspend to fail Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Enric Balletbo i Serra (1): tpm: do not suspend/resume if power stays on Eric Dumazet (3): net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() net: metrics: add proper netlink validation Florian Fainelli (1): net: phy: broadcom: Fix bcm_write_exp() Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 4.9.108 Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Jason Wang (1): vhost: synchronize IOTLB message with dev cleanup Josh Poimboeuf (1): objtool: Fix gcov check for older versions of GCC Julia Lawall (1): bnx2x: use the right constant Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Nathan Chancellor (1): kconfig: Avoid format overflow warning from GCC 8.1 Philip Müller (1): complete e390f9a port for v4.9.106 Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Shahed Shaikh (1): qed: Fix mask for physical address in ILT entry Stephen Suryaputra (1): vrf: check the original netdevice for generating redirect Wenwen Wang (1): isdn: eicon: fix a missing-check bug Willem de Bruijn (2): ipv4: remove warning in ip_recv_error packet: fix reserve calculation Xin Long (1): sctp: not allow transport timeout value less than HZ/5 for hb_timer

7 years, 2 months

1
1
0 0

Linux 4.4.137

by Greg KH

I'm announcing the release of the 4.4.137 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 +++++ Makefile | 2 - drivers/char/tpm/tpm-chip.c | 13 ++++++++ drivers/char/tpm/tpm-interface.c | 7 ++++ drivers/char/tpm/tpm.h | 1 drivers/gpu/drm/drm_fops.c | 1 drivers/isdn/hardware/eicon/diva.c | 22 +++++++++----- drivers/isdn/hardware/eicon/diva.h | 5 +-- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++---- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 - drivers/net/phy/bcm-cygnus.c | 6 +-- drivers/net/phy/bcm-phy-lib.h | 7 ++++ drivers/net/phy/bcm7xxx.c | 4 +- drivers/net/team/team.c | 3 + drivers/net/usb/cdc_mbim.c | 2 - drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c | 2 - fs/xfs/xfs_log.c | 7 ---- mm/mmap.c | 32 +++++++++++++++++++++ net/core/rtnetlink.c | 8 ++--- net/dccp/proto.c | 2 - net/ipv4/fib_semantics.c | 2 + net/ipv4/ip_sockglue.c | 2 - net/ipv6/ip6mr.c | 3 + net/packet/af_packet.c | 4 +- scripts/kconfig/confdata.c | 2 - 28 files changed, 128 insertions(+), 52 deletions(-) Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Amir Goldstein (1): xfs: fix incorrect log_flushed on fsync Chris Chiu (1): tpm: self test failure should not cause suspend to fail Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Enric Balletbo i Serra (1): tpm: do not suspend/resume if power stays on Eric Dumazet (3): net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() net: metrics: add proper netlink validation Florian Fainelli (1): net: phy: broadcom: Fix bcm_write_exp() Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 4.4.137 Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Julia Lawall (1): bnx2x: use the right constant Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Nathan Chancellor (1): kconfig: Avoid format overflow warning from GCC 8.1 Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Shahed Shaikh (1): qed: Fix mask for physical address in ILT entry Stefan Wahren (1): brcmfmac: Fix check for ISO3166 code Wenwen Wang (1): isdn: eicon: fix a missing-check bug Willem de Bruijn (2): ipv4: remove warning in ip_recv_error packet: fix reserve calculation

7 years, 2 months

1
1
0 0

Linux 3.18.113

by Greg KH

I'm announcing the release of the 3.18.113 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/mips/kernel/ptrace.c | 2 - arch/mips/kernel/ptrace32.c | 2 - drivers/gpu/drm/drm_fops.c | 1 drivers/gpu/drm/i915/intel_lvds.c | 8 +++++ drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++----- drivers/isdn/hardware/eicon/diva.h | 5 ++- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++----- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/team/team.c | 3 +- drivers/net/usb/cdc_mbim.c | 2 - fs/aio.c | 3 -- include/linux/tcp.h | 2 - include/uapi/linux/nl80211.h | 2 - kernel/trace/trace_events_trigger.c | 5 ++- mm/mmap.c | 32 +++++++++++++++++++++++ mm/vmscan.c | 2 - net/core/rtnetlink.c | 8 ++--- net/dccp/proto.c | 2 - net/ipv4/tcp_input.c | 10 ++++--- net/ipv6/ip6mr.c | 3 +- net/packet/af_packet.c | 2 - security/selinux/ss/services.c | 2 - 25 files changed, 104 insertions(+), 48 deletions(-) Al Viro (1): fix io_destroy()/aio_complete() race Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Eric Biggers (1): cfg80211: further limit wiphy names to 64 bytes Eric Dumazet (3): tcp: avoid integer overflows in tcp_rcv_space_adjust() net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 3.18.113 Hugh Dickins (1): mm: fix the NULL mapping case in __isolate_lru_page() Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Julia Lawall (1): bnx2x: use the right constant Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Maciej W. Rozycki (1): MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs Ondrej Zary (1): drm/i915: Disable LVDS on Radiant P845 Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Sachin Grover (1): selinux: KASAN: slab-out-of-bounds in xattr_getsecurity Steven Rostedt (VMware) (1): tracing: Fix crash when freeing instances with event triggers Wenwen Wang (1): isdn: eicon: fix a missing-check bug

7 years, 2 months

1
1
0 0

crypto: chelsio - request to HW should wrap

by Herbert Xu

commit 4c826fed675dfffd8485c5477b616d61d1ec9e9a crypto: chelsio - request to HW should wrap -Tx request and data is copied to HW Q in 64B desc, check for end of queue and adjust the current position to start from beginning before passing the additional request info. -key context copy should check key length only -Few reverse christmas tree correction Fixes: 6dad4e8ab3ec ("chcr: Add support for Inline IPSec") Signed-off-by: Atul Gupta <atul.gupta(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_ipsec.c b/drivers/crypto/chelsio/chcr_ipsec.c index 8e0aa3f..461b97e 100644 --- a/drivers/crypto/chelsio/chcr_ipsec.c +++ b/drivers/crypto/chelsio/chcr_ipsec.c @@ -346,18 +346,23 @@ inline void *copy_cpltx_pktxt(struct sk_buff *skb, struct net_device *dev, void *pos) { + struct cpl_tx_pkt_core *cpl; + struct sge_eth_txq *q; struct adapter *adap; struct port_info *pi; - struct sge_eth_txq *q; - struct cpl_tx_pkt_core *cpl; - u64 cntrl = 0; u32 ctrl0, qidx; + u64 cntrl = 0; + int left; pi = netdev_priv(dev); adap = pi->adapter; qidx = skb->queue_mapping; q = &adap->sge.ethtxq[qidx + pi->first_qset]; + left = (void *)q->q.stat - pos; + if (!left) + pos = q->q.desc; + cpl = (struct cpl_tx_pkt_core *)pos; cntrl = TXPKT_L4CSUM_DIS_F | TXPKT_IPCSUM_DIS_F; @@ -382,18 +387,17 @@ inline void *copy_key_cpltx_pktxt(struct sk_buff *skb, void *pos, struct ipsec_sa_entry *sa_entry) { - struct adapter *adap; - struct port_info *pi; - struct sge_eth_txq *q; - unsigned int len, qidx; struct _key_ctx *key_ctx; int left, eoq, key_len; + struct sge_eth_txq *q; + struct adapter *adap; + struct port_info *pi; + unsigned int qidx; pi = netdev_priv(dev); adap = pi->adapter; qidx = skb->queue_mapping; q = &adap->sge.ethtxq[qidx + pi->first_qset]; - len = sa_entry->enckey_len + sizeof(struct cpl_tx_pkt_core); key_len = sa_entry->kctx_len; /* end of queue, reset pos to start of queue */ @@ -411,19 +415,14 @@ inline void *copy_key_cpltx_pktxt(struct sk_buff *skb, pos += sizeof(struct _key_ctx); left -= sizeof(struct _key_ctx); - if (likely(len <= left)) { + if (likely(key_len <= left)) { memcpy(key_ctx->key, sa_entry->key, key_len); pos += key_len; } else { - if (key_len <= left) { - memcpy(pos, sa_entry->key, key_len); - pos += key_len; - } else { - memcpy(pos, sa_entry->key, left); - memcpy(q->q.desc, sa_entry->key + left, - key_len - left); - pos = (u8 *)q->q.desc + (key_len - left); - } + memcpy(pos, sa_entry->key, left); + memcpy(q->q.desc, sa_entry->key + left, + key_len - left); + pos = (u8 *)q->q.desc + (key_len - left); } /* Copy CPL TX PKT XT */ pos = copy_cpltx_pktxt(skb, dev, pos); -- Email: Herbert Xu <herbert(a)gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

7 years, 2 months

2
1
0 0

[PATCH 4.9 00/31] 4.9.108-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.108 release. There are 31 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jun 14 16:46:09 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.108-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.108-rc1 Philip Müller <philm(a)manjaro.org> complete e390f9a port for v4.9.106 Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Fix gcov check for older versions of GCC Arnd Bergmann <arnd(a)arndb.de> dm bufio: avoid false-positive Wmaybe-uninitialized warning Ben Hutchings <ben(a)decadent.org.uk> KVM: VMX: Expose SSBD properly to guests, 4.9 supplement Eric Dumazet <edumazet(a)google.com> net: metrics: add proper netlink validation Florian Fainelli <f.fainelli(a)gmail.com> net: phy: broadcom: Fix bcm_write_exp() Eric Dumazet <edumazet(a)google.com> rtnetlink: validate attributes in do_setlink() Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx4: Fix irq-unsafe spinlock usage Stephen Suryaputra <ssuryaextr(a)gmail.com> vrf: check the original netdevice for generating redirect Jason Wang <jasowang(a)redhat.com> vhost: synchronize IOTLB message with dev cleanup Dan Carpenter <dan.carpenter(a)oracle.com> team: use netdev_features_t instead of u32 Xin Long <lucien.xin(a)gmail.com> sctp: not allow transport timeout value less than HZ/5 for hb_timer Shahed Shaikh <shahed.shaikh(a)cavium.com> qed: Fix mask for physical address in ILT entry Willem de Bruijn <willemb(a)google.com> packet: fix reserve calculation Daniele Palmas <dnlplm(a)gmail.com> net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Eric Dumazet <edumazet(a)google.com> net/packet: refine check for priv area size Cong Wang <xiyou.wangcong(a)gmail.com> netdev-FAQ: clarify DaveM's position for stable backports Kirill Tkhai <ktkhai(a)virtuozzo.com> kcm: Fix use-after-free caused by clonned sockets Wenwen Wang <wang6495(a)umn.edu> isdn: eicon: fix a missing-check bug Willem de Bruijn <willemb(a)google.com> ipv4: remove warning in ip_recv_error Sabrina Dubroca <sd(a)queasysnail.net> ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: set DMA mask to 47 bit Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Julia Lawall <Julia.Lawall(a)lip6.fr> bnx2x: use the right constant Dave Airlie <airlied(a)redhat.com> drm: set FMODE_UNSIGNED_OFFSET for drm files Nathan Chancellor <natechancellor(a)gmail.com> kconfig: Avoid format overflow warning from GCC 8.1 Anand Jain <Anand.Jain(a)oracle.com> btrfs: define SUPER_FLAG_METADUMP_V2 Linus Torvalds <torvalds(a)linux-foundation.org> mmap: relax file size limit for regular files Linus Torvalds <torvalds(a)linux-foundation.org> mmap: introduce sane default mmap limits Chris Chiu <chiu(a)endlessm.com> tpm: self test failure should not cause suspend to fail Enric Balletbo i Serra <enric.balletbo(a)collabora.com> tpm: do not suspend/resume if power stays on ------------- Diffstat: Documentation/networking/netdev-FAQ.txt | 9 +++++++ Makefile | 4 +-- arch/x86/kernel/vmlinux.lds.S | 2 -- arch/x86/kvm/cpuid.h | 2 +- drivers/char/tpm/tpm-chip.c | 13 ++++++++++ drivers/char/tpm/tpm-interface.c | 7 ++++++ drivers/char/tpm/tpm.h | 1 + drivers/gpu/drm/drm_fops.c | 1 + drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++------ drivers/isdn/hardware/eicon/diva.h | 5 ++-- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++------ drivers/md/dm-bufio.c | 17 ++++++------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 8 +++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +-- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 +- drivers/net/phy/bcm-cygnus.c | 6 ++--- drivers/net/phy/bcm-phy-lib.h | 7 ++++++ drivers/net/phy/bcm7xxx.c | 4 +-- drivers/net/team/team.c | 3 ++- drivers/net/usb/cdc_mbim.c | 2 +- drivers/vhost/vhost.c | 3 +++ fs/btrfs/disk-io.c | 3 ++- include/linux/compiler-gcc.h | 2 +- include/uapi/linux/btrfs_tree.h | 1 + mm/mmap.c | 32 ++++++++++++++++++++++++ net/core/rtnetlink.c | 8 +++--- net/dccp/proto.c | 2 -- net/ipv4/fib_semantics.c | 2 ++ net/ipv4/ip_sockglue.c | 2 -- net/ipv6/ip6_output.c | 3 ++- net/ipv6/ip6mr.c | 3 ++- net/ipv6/ndisc.c | 6 +++++ net/kcm/kcmsock.c | 2 +- net/packet/af_packet.c | 4 +-- net/sctp/transport.c | 2 +- scripts/Makefile.build | 3 +++ scripts/kconfig/confdata.c | 2 +- 38 files changed, 156 insertions(+), 63 deletions(-)

7 years, 2 months

5
35
0 0

[PATCH v2 4/7] vmw_balloon: fix VMCI use when balloon built into kernel

by Nadav Amit

Currently, when all modules, including VMCI and VMware balloon are built into the kernel, the initialization of the balloon happens before the VMCI is probed. As a result, the balloon fails to initialize the VMCI doorbell, which it uses to get asynchronous requests for balloon size changes. The problem can be seen in the logs, in the form of the following message: "vmw_balloon: failed to initialize vmci doorbell" The driver would work correctly but slightly less efficiently, probing for requests periodically. This patch changes the balloon to be initialized using late_initcall() instead of module_init() to address this issue. It does not address a situation in which VMCI is built as a module and the balloon is built into the kernel. Fixes: 48e3d668b790 ("VMware balloon: Enable notification via VMCI") Cc: stable(a)vger.kernel.org Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index a7df4c24a28d..e7cfc85f6961 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -1297,7 +1297,14 @@ static int __init vmballoon_init(void) return 0; } -module_init(vmballoon_init); + +/* + * Using late_initcall() instead of module_init() allows the balloon to use the + * VMCI doorbell even when the balloon is built into the kernel. Otherwise the + * VMCI is probed only after the balloon is initialized. If the balloon is used + * as a module, late_initcall() is equivalent to module_init(). + */ +late_initcall(vmballoon_init); static void __exit vmballoon_exit(void) { -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH v2 3/7] vmw_balloon: VMCI_DOORBELL_SET does not check status

by Nadav Amit

When vmballoon_vmci_init() sets a doorbell using VMCI_DOORBELL_SET, for some reason it does not consider the status and looks at the result. However, the hypervisor does not update the result - it updates the status. This might cause VMCI doorbell not to be enabled, resulting in degraded performance. Fixes: 48e3d668b790 ("VMware balloon: Enable notification via VMCI") Cc: stable(a)vger.kernel.org Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 60ab83d3d0ef..a7df4c24a28d 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -1036,29 +1036,30 @@ static void vmballoon_vmci_cleanup(struct vmballoon *b) */ static int vmballoon_vmci_init(struct vmballoon *b) { - int error = 0; + unsigned long error, dummy; - if ((b->capabilities & VMW_BALLOON_SIGNALLED_WAKEUP_CMD) != 0) { - error = vmci_doorbell_create(&b->vmci_doorbell, - VMCI_FLAG_DELAYED_CB, - VMCI_PRIVILEGE_FLAG_RESTRICTED, - vmballoon_doorbell, b); - - if (error == VMCI_SUCCESS) { - VMWARE_BALLOON_CMD(VMCI_DOORBELL_SET, - b->vmci_doorbell.context, - b->vmci_doorbell.resource, error); - STATS_INC(b->stats.doorbell_set); - } - } + if ((b->capabilities & VMW_BALLOON_SIGNALLED_WAKEUP_CMD) == 0) + return 0; - if (error != 0) { - vmballoon_vmci_cleanup(b); + error = vmci_doorbell_create(&b->vmci_doorbell, VMCI_FLAG_DELAYED_CB, + VMCI_PRIVILEGE_FLAG_RESTRICTED, + vmballoon_doorbell, b); - return -EIO; - } + if (error != VMCI_SUCCESS) + goto fail; + + error = VMWARE_BALLOON_CMD(VMCI_DOORBELL_SET, b->vmci_doorbell.context, + b->vmci_doorbell.resource, dummy); + + STATS_INC(b->stats.doorbell_set); + + if (error != VMW_BALLOON_SUCCESS) + goto fail; return 0; +fail: + vmballoon_vmci_cleanup(b); + return -EIO; } /* -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH v2 2/7] vmw_balloon: do not use 2MB without batching

by Nadav Amit

If the hypervisor sets 2MB batching is on, while batching is cleared, the balloon code breaks. In this case the legacy mechanism is used with 2MB page. The VM would report a 2MB page is ballooned, and the hypervisor would only take the first 4KB. While the hypervisor should not report such settings, make the code more robust by not enabling 2MB support without batching. Fixes: 365bd7ef7ec8e ("VMware balloon: Support 2m page ballooning.") Cc: stable(a)vger.kernel.org Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <nadav.amit(a)gmail.com> --- drivers/misc/vmw_balloon.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 28e77ab1e136..60ab83d3d0ef 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -341,7 +341,13 @@ static bool vmballoon_send_start(struct vmballoon *b, unsigned long req_caps) success = false; } - if (b->capabilities & VMW_BALLOON_BATCHED_2M_CMDS) + /* + * 2MB pages are only supported with batching. If batching is for some + * reason disabled, do not use 2MB pages, since otherwise the legacy + * mechanism is used with 2MB pages, causing a failure. + */ + if ((b->capabilities & VMW_BALLOON_BATCHED_2M_CMDS) && + (b->capabilities & VMW_BALLOON_BATCHED_CMDS)) b->supported_page_sizes = 2; else b->supported_page_sizes = 1; -- 2.17.0

7 years, 2 months

1
0
0 0

[PATCH] HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large

by Jason Gerecke

The HID descriptor for the 2nd-gen Intuos Pro large (PTH-860) contains a typo which defines an incorrect logical maximum Y value. This causes a small portion of the bottom of the tablet to become unusable (both because the area is below the "bottom" of the tablet and because 'wacom_wac_event' ignores out-of-range values). It also results in a skewed aspect ratio. To fix this, we add a quirk to 'wacom_usage_mapping' which overwrites the data with the correct value. Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> CC: stable(a)vger.kernel.org # v4.10+ --- drivers/hid/wacom_sys.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c index ee7a37eb159a..545986cfb978 100644 --- a/drivers/hid/wacom_sys.c +++ b/drivers/hid/wacom_sys.c @@ -395,6 +395,14 @@ static void wacom_usage_mapping(struct hid_device *hdev, } } + /* 2nd-generation Intuos Pro Large has incorrect Y maximum */ + if (hdev->vendor == USB_VENDOR_ID_WACOM && + hdev->product == 0x0358 && + WACOM_PEN_FIELD(field) && + wacom_equivalent_usage(usage->hid) == HID_GD_Y) { + field->logical_maximum = 43200; + } + switch (usage->hid) { case HID_GD_X: features->x_max = field->logical_maximum; -- 2.17.1

7 years, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror