- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [PATCH 4.9 00/27] 4.9.70-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.70 release. There are 27 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 17 09:22:42 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.70-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.70-rc1 Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Annotate r2 and stag as __be32 Zdenek Kabelac <zkabelac(a)redhat.com> md: free unused memory after bitmap resize Paul Moore <paul(a)paul-moore.com> audit: ensure that 'audit=1' actually enables audit for PID 1 Keefe Liu <liuqifa(a)huawei.com> ipvlan: fix ipv6 outbound device Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: do not call cc-option before KBUILD_CFLAGS initialization Paul Mackerras <paulus(a)ozlabs.org> powerpc/64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table Al Viro <viro(a)ZenIV.linux.org.uk> fix kcm_clone() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: always save and restore all registers on context switch Masamitsu Yamazaki <m-yamazaki(a)ah.jp.nec.com> ipmi: Stop timers before cleaning up the module Debabrata Banerjee <dbanerje(a)akamai.com> Fix handling of verdicts after NF_QUEUE Tommi Rantala <tommi.t.rantala(a)nokia.com> tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: fix thinko in IPv4 multicast address tracking Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: fix GSO throughput regression Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: build max size GSO skbs on L2 devices Eric Dumazet <edumazet(a)google.com> tcp/dccp: block bh before arming time_wait timer Lars Persson <lars.persson(a)axis.com> stmmac: reset last TSO segment size after device open Eric Dumazet <edumazet(a)google.com> net: remove hlist_nulls_add_tail_rcu() Bjørn Mork <bjorn(a)mork.no> usbnet: fix alignment for frames with no ethernet header Eric Dumazet <edumazet(a)google.com> net/packet: fix a race in packet_bind() and packet_notifier() Mike Maloney <maloney(a)google.com> packet: fix crash in fanout_demux_rollover() Hangbin Liu <liuhangbin(a)gmail.com> sit: update frag_off info Håkon Bugge <Haakon.Bugge(a)oracle.com> rds: Fix NULL pointer dereference in __rds_rdma_map Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix memory leak in tipc_accept_from_sock() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: fix early exit from error path Sebastian Sjoholm <ssjoholm(a)mac.com> net: qmi_wwan: add Quectel BG96 2c7c:0296 ------------- Diffstat: Makefile | 25 ++++---- arch/powerpc/include/asm/checksum.h | 17 ++++-- arch/s390/include/asm/switch_to.h | 19 +++--- drivers/char/ipmi/ipmi_si_intf.c | 44 +++++++------- drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 +- drivers/md/bitmap.c | 9 +++ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 + drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/net/usb/usbnet.c | 5 +- drivers/s390/net/qeth_core.h | 3 + drivers/s390/net/qeth_core_main.c | 31 ++++++++++ drivers/s390/net/qeth_l2_main.c | 4 +- drivers/s390/net/qeth_l3_main.c | 13 +++-- drivers/usb/gadget/function/f_fs.c | 2 +- include/linux/rculist_nulls.h | 38 ------------ include/linux/usb/usbnet.h | 1 + include/net/sock.h | 6 +- kernel/audit.c | 10 ++-- net/dccp/minisocks.c | 6 ++ net/ipv4/tcp_minisocks.c | 6 ++ net/ipv6/sit.c | 1 + net/kcm/kcmsock.c | 71 ++++++++--------------- net/netfilter/core.c | 5 ++ net/packet/af_packet.c | 37 +++++------- net/packet/internal.h | 1 - net/rds/rdma.c | 2 +- net/tipc/server.c | 1 + net/tipc/udp_media.c | 4 -- virt/kvm/arm/vgic/vgic-its.c | 2 +- 30 files changed, 191 insertions(+), 182 deletions(-)

7 years, 9 months

4
25
0 0

[Linux-stable-mirror] [PATCH 3.18 00/64] 3.18.88-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.88 release. There are 64 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 17 09:21:53 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.88-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.88-rc1 Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping Marc Zyngier <marc.zyngier(a)arm.com> arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one Paul Moore <paul(a)paul-moore.com> audit: ensure that 'audit=1' actually enables audit for PID 1 David Howells <dhowells(a)redhat.com> afs: Connect up the CB.ProbeUuid Majd Dibbiny <majd(a)mellanox.com> IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch <markb(a)mellanox.com> IB/mlx4: Increase maximal message size under UD QP Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Copy policy family in clone_policy Arvind Yadav <arvind.yadav.cs(a)gmail.com> atm: horizon: Fix irq release error Xin Long <lucien.xin(a)gmail.com> sctp: use the right sk after waking up from wait_buf sleep Xin Long <lucien.xin(a)gmail.com> sctp: do not free asoc when it is already dead in sctp_sendmsg Pavel Tatashin <pasha.tatashin(a)oracle.com> sparc64/mm: set fields in deferred pages Chuck Lever <chuck.lever(a)oracle.com> sunrpc: Fix rpc_task_begin trace point Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix a typo in nfs_rename() Randy Dunlap <rdunlap(a)infradead.org> dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Stephen Bates <sbates(a)raithlin.com> lib/genalloc.c: make the avail variable an atomic_long_t Xin Long <lucien.xin(a)gmail.com> route: update fnhe_expires for redirect when the fnhe exists Xin Long <lucien.xin(a)gmail.com> route: also update fnhe_genid when updating a route cache Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix definition of NRECMEMB register Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro Jan Kara <jack(a)suse.cz> axonram: Fix gendisk handling Chris Brandt <chris.brandt(a)renesas.com> i2c: riic: fix restart condition Krzysztof Kozlowski <krzk(a)kernel.org> crypto: s5p-sss - Fix completing crypto request in IRQ handler WANG Cong <xiyou.wangcong(a)gmail.com> ipv6: reorder icmpv6_init() and ip6_mr_init() Michal Schmidt <mschmidt(a)redhat.com> bnx2x: fix possible overrun of VFPF multicast addresses array Blomme, Maarten <Maarten.Blomme(a)flir.com> spi_ks8995: fix "BUG: key accdaa28 not in .data!" Mark Rutland <mark.rutland(a)arm.com> arm: KVM: Survive unknown traps from guests Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset Franck Demathieu <fdemathieu(a)gmail.com> irqchip/crossbar: Fix incorrect type of register size James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters Tejun Heo <tj(a)kernel.org> workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq Tejun Heo <tj(a)kernel.org> libata: drop WARN from protocol error in ata_sff_qc_issue() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> USB: gadgetfs: Fix a potential memory leak in 'dev_config()' John Keeping <john(a)metanate.com> usb: gadget: configs: plug memory leak Sachin Sant <sachinp(a)linux.vnet.ibm.com> selftest/powerpc: Fix false failures for skipped tests Sasha Levin <alexander.levin(a)verizon.com> Revert "s390/kbuild: enable modversions for symbols exported from asm" Sasha Levin <alexander.levin(a)verizon.com> Revert "drm/armada: Fix compile fail" Eric Dumazet <edumazet(a)google.com> net/packet: fix a race in packet_bind() and packet_notifier() Hangbin Liu <liuhangbin(a)gmail.com> sit: update frag_off info Håkon Bugge <Haakon.Bugge(a)oracle.com> rds: Fix NULL pointer dereference in __rds_rdma_map Dave Martin <Dave.Martin(a)arm.com> arm64: fpsimd: Prevent registers leaking from dead tasks Andrew Honig <ahonig(a)google.com> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one Laurent Caumont <lcaumont2(a)gmail.com> media: dvb: i2c transfers over usb cannot be done from stack Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix handling of kallsyms_symbol_next() return value Robin Murphy <robin.murphy(a)arm.com> iommu/vt-d: Fix scatterlist offset handling Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Add check return value for usb_string() Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Fix out-of-bound error Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Remove spurious WARN_ON() at timer check Robb Glasser <rglasser(a)google.com> ALSA: pcm: prevent UAF in snd_pcm_info Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> x86/PCI: Make broadcom_postcore_init() check acpi_disabled Eric Biggers <ebiggers(a)google.com> X.509: reject invalid BIT STRING for subjectPublicKey Eric Biggers <ebiggers(a)google.com> KEYS: add missing permission check for request_key() destination Eric Biggers <ebiggers(a)google.com> ASN.1: check for error from ASN1_OP_END__ACT actions Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> efi: Move some sysfs files to be read-only by root William Breathitt Gray <vilhelm.gray(a)gmail.com> isa: Prevent NULL dereference in isa_bus driver callbacks Paul Meyer <Paul.Meyer(a)microsoft.com> hv: kvp: Avoid reading past allocated blocks from KVP file weiping zhang <zwp10758(a)gmail.com> virtio: release virtio index when fail to device_register Martin Kelly <mkelly(a)xevo.com> can: usb_8dev: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: esd_usb2: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: ems_usb: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: kvaser_usb: cancel urb on -EPIPE and -EPROTO Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: ratelimit errors if incomplete messages are received Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: free buf in error paths ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/kvm_arm.h | 4 +- arch/arm/kvm/handle_exit.c | 19 ++++--- arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/kernel/process.c | 9 +++ arch/powerpc/sysdev/axonram.c | 5 +- arch/s390/include/asm/asm-prototypes.h | 8 --- arch/sparc/mm/init_64.c | 9 ++- arch/x86/kvm/vmx.c | 9 +-- arch/x86/pci/broadcom_bus.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 2 + drivers/ata/libata-sff.c | 1 - drivers/atm/horizon.c | 2 +- drivers/base/isa.c | 10 ++-- drivers/crypto/s5p-sss.c | 5 +- drivers/edac/i5000_edac.c | 8 +-- drivers/edac/i5400_edac.c | 9 +-- drivers/firmware/efi/efi.c | 3 +- drivers/firmware/efi/runtime-map.c | 10 ++-- drivers/gpu/drm/armada/Makefile | 2 - drivers/i2c/busses/i2c-riic.c | 6 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/iommu/intel-iommu.c | 8 ++- drivers/irqchip/irq-crossbar.c | 8 +-- drivers/media/usb/dvb-usb/dibusb-common.c | 16 +++++- drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + drivers/net/can/usb/kvaser_usb.c | 13 +++-- drivers/net/can/usb/usb_8dev.c | 2 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 ++++---- drivers/net/phy/spi_ks8995.c | 1 + drivers/scsi/lpfc/lpfc_els.c | 14 +++-- drivers/usb/gadget/configfs.c | 1 + drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/legacy/inode.c | 4 +- drivers/virtio/virtio.c | 2 + fs/afs/cmservice.c | 3 + fs/nfs/dir.c | 2 +- include/linux/genalloc.h | 3 +- include/linux/sysfs.h | 6 ++ kernel/audit.c | 10 ++-- kernel/debug/kdb/kdb_io.c | 2 +- kernel/workqueue.c | 1 + lib/asn1_decoder.c | 2 + lib/dynamic_debug.c | 4 ++ lib/genalloc.c | 10 ++-- net/ipv4/route.c | 14 +++-- net/ipv6/af_inet6.c | 10 ++-- net/ipv6/sit.c | 1 + net/packet/af_packet.c | 5 ++ net/rds/rdma.c | 2 +- net/sctp/socket.c | 38 ++++++++----- net/sunrpc/sched.c | 3 +- net/xfrm/xfrm_policy.c | 1 + security/keys/request_key.c | 46 +++++++++++++--- sound/core/pcm.c | 2 + sound/core/seq/seq_timer.c | 2 +- sound/usb/mixer.c | 13 +++-- tools/hv/hv_kvp_daemon.c | 70 +++++------------------- tools/testing/selftests/powerpc/harness.c | 6 +- 61 files changed, 288 insertions(+), 200 deletions(-)

7 years, 9 months

4
63
0 0

[Linux-stable-mirror] patch "drivers: base: cacheinfo: fix cache type for non-architected system" added to driver-core-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drivers: base: cacheinfo: fix cache type for non-architected system to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f57ab9a01a36ef3454333251cc57e3a9948b17bf Mon Sep 17 00:00:00 2001 From: Sudeep Holla <sudeep.holla(a)arm.com> Date: Fri, 17 Nov 2017 11:56:41 +0000 Subject: drivers: base: cacheinfo: fix cache type for non-architected system cache Commit dfea747d2aba ("drivers: base: cacheinfo: support DT overrides for cache properties") doesn't initialise the cache type if it's present only in DT and the architecture is not aware of it. They are unified system level cache which are generally transparent. This patch check if the cache type is set to NOCACHE but the DT node indicates that it's unified cache and sets the cache type accordingly. Fixes: dfea747d2aba ("drivers: base: cacheinfo: support DT overrides for cache properties") Reported-and-tested-by: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/base/cacheinfo.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c index eb3af2739537..07532d83be0b 100644 --- a/drivers/base/cacheinfo.c +++ b/drivers/base/cacheinfo.c @@ -186,6 +186,11 @@ static void cache_associativity(struct cacheinfo *this_leaf) this_leaf->ways_of_associativity = (size / nr_sets) / line_size; } +static bool cache_node_is_unified(struct cacheinfo *this_leaf) +{ + return of_property_read_bool(this_leaf->of_node, "cache-unified"); +} + static void cache_of_override_properties(unsigned int cpu) { int index; @@ -194,6 +199,14 @@ static void cache_of_override_properties(unsigned int cpu) for (index = 0; index < cache_leaves(cpu); index++) { this_leaf = this_cpu_ci->info_list + index; + /* + * init_cache_level must setup the cache level correctly + * overriding the architecturally specified levels, so + * if type is NONE at this stage, it should be unified + */ + if (this_leaf->type == CACHE_TYPE_NOCACHE && + cache_node_is_unified(this_leaf)) + this_leaf->type = CACHE_TYPE_UNIFIED; cache_size(this_leaf); cache_get_line_size(this_leaf); cache_nr_sets(this_leaf); -- 2.15.1

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] patch "Revert "staging: ion: Fix ion_cma_heap allocations"" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "staging: ion: Fix ion_cma_heap allocations" to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 3d2a0c5ff02d57ab7b4f16a6782a66765d930b7d Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 15 Dec 2017 19:36:24 +0100 Subject: Revert "staging: ion: Fix ion_cma_heap allocations" This reverts commit d98e6dbf42f73101128885a1e0ae672cd92b2e1a as it broke the build on some configurations. It's not really obvious why those configurataions/platforms do not have all of the cma #defines availble, which means something larger is going wrong here. Reported-by: kbuild test robot <fengguang.wu(a)intel.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)linaro.org> Cc: Archit Taneja <architt(a)codeaurora.org> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dmitry Shmidt <dimitrysh(a)google.com> Cc: Todd Kjos <tkjos(a)google.com> Cc: Amit Pundir <amit.pundir(a)linaro.org> Cc: stable <stable(a)vger.kernel.org> Cc: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ion/ion_cma_heap.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/drivers/staging/android/ion/ion_cma_heap.c b/drivers/staging/android/ion/ion_cma_heap.c index 86196ffd2faf..dd5545d9990a 100644 --- a/drivers/staging/android/ion/ion_cma_heap.c +++ b/drivers/staging/android/ion/ion_cma_heap.c @@ -39,15 +39,9 @@ static int ion_cma_allocate(struct ion_heap *heap, struct ion_buffer *buffer, struct ion_cma_heap *cma_heap = to_cma_heap(heap); struct sg_table *table; struct page *pages; - unsigned long size = PAGE_ALIGN(len); - unsigned long nr_pages = size >> PAGE_SHIFT; - unsigned long align = get_order(size); int ret; - if (align > CONFIG_CMA_ALIGNMENT) - align = CONFIG_CMA_ALIGNMENT; - - pages = cma_alloc(cma_heap->cma, nr_pages, align, GFP_KERNEL); + pages = cma_alloc(cma_heap->cma, len, 0, GFP_KERNEL); if (!pages) return -ENOMEM; @@ -59,7 +53,7 @@ static int ion_cma_allocate(struct ion_heap *heap, struct ion_buffer *buffer, if (ret) goto free_mem; - sg_set_page(table->sgl, pages, size, 0); + sg_set_page(table->sgl, pages, len, 0); buffer->priv_virt = pages; buffer->sg_table = table; @@ -68,7 +62,7 @@ static int ion_cma_allocate(struct ion_heap *heap, struct ion_buffer *buffer, free_mem: kfree(table); err: - cma_release(cma_heap->cma, pages, nr_pages); + cma_release(cma_heap->cma, pages, buffer->size); return -ENOMEM; } @@ -76,10 +70,9 @@ static void ion_cma_free(struct ion_buffer *buffer) { struct ion_cma_heap *cma_heap = to_cma_heap(buffer->heap); struct page *pages = buffer->priv_virt; - unsigned long nr_pages = PAGE_ALIGN(buffer->size) >> PAGE_SHIFT; /* release memory */ - cma_release(cma_heap->cma, pages, nr_pages); + cma_release(cma_heap->cma, pages, buffer->size); /* release sg table */ sg_free_table(buffer->sg_table); kfree(buffer->sg_table); -- 2.15.1

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] [PATCH 16/24] ubifs: free the encrypted symlink target

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> ubifs_symlink() forgot to free the kmalloc()'ed buffer holding the encrypted symlink target, creating a memory leak. Fix it. (UBIFS could actually encrypt directly into ui->data, removing the temporary buffer, but that is left for the patch that switches to use the symlink helper functions.) Fixes: ca7f85be8d6c ("ubifs: Add support for encrypted symlinks") Cc: <stable(a)vger.kernel.org> # v4.10+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/ubifs/dir.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 417fe0b29f23..ef820f803176 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1216,10 +1216,8 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, ostr.len = disk_link.len; err = fscrypt_fname_usr_to_disk(inode, &istr, &ostr); - if (err) { - kfree(sd); + if (err) goto out_inode; - } sd->len = cpu_to_le16(ostr.len); disk_link.name = (char *)sd; @@ -1251,11 +1249,10 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, goto out_cancel; mutex_unlock(&dir_ui->ui_mutex); - ubifs_release_budget(c, &req); insert_inode_hash(inode); d_instantiate(dentry, inode); - fscrypt_free_filename(&nm); - return 0; + err = 0; + goto out_fname; out_cancel: dir->i_size -= sz_change; @@ -1268,6 +1265,7 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, fscrypt_free_filename(&nm); out_budg: ubifs_release_budget(c, &req); + kfree(sd); return err; } -- 2.15.1

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] [git:media_tree/master] media: dvb-frontends: fix i2c access helpers for KASAN

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: dvb-frontends: fix i2c access helpers for KASAN Author: Arnd Bergmann <arnd(a)arndb.de> Date: Thu Nov 30 11:55:46 2017 -0500 A typical code fragment was copied across many dvb-frontend drivers and causes large stack frames when built with with CONFIG_KASAN on gcc-5/6/7: drivers/media/dvb-frontends/cxd2841er.c:3225:1: error: the frame size of 3992 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/cxd2841er.c:3404:1: error: the frame size of 3136 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/stv0367.c:3143:1: error: the frame size of 4016 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/stv090x.c:3430:1: error: the frame size of 5312 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/stv090x.c:4248:1: error: the frame size of 4872 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] gcc-8 now solves this by consolidating the stack slots for the argument variables, but on older compilers we can get the same behavior by taking the pointer of a local variable rather than the inline function argument. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> drivers/media/dvb-frontends/ascot2e.c | 4 +++- drivers/media/dvb-frontends/cxd2841er.c | 4 +++- drivers/media/dvb-frontends/helene.c | 4 +++- drivers/media/dvb-frontends/horus3a.c | 4 +++- drivers/media/dvb-frontends/itd1000.c | 5 +++-- drivers/media/dvb-frontends/mt312.c | 5 ++++- drivers/media/dvb-frontends/stb0899_drv.c | 3 ++- drivers/media/dvb-frontends/stb6100.c | 6 ++++-- drivers/media/dvb-frontends/stv0367.c | 4 +++- drivers/media/dvb-frontends/stv090x.c | 4 +++- drivers/media/dvb-frontends/stv6110x.c | 4 +++- drivers/media/dvb-frontends/zl10039.c | 4 +++- 12 files changed, 37 insertions(+), 14 deletions(-) --- diff --git a/drivers/media/dvb-frontends/ascot2e.c b/drivers/media/dvb-frontends/ascot2e.c index 0ee0df53b91b..79d5d89bc95e 100644 --- a/drivers/media/dvb-frontends/ascot2e.c +++ b/drivers/media/dvb-frontends/ascot2e.c @@ -155,7 +155,9 @@ static int ascot2e_write_regs(struct ascot2e_priv *priv, static int ascot2e_write_reg(struct ascot2e_priv *priv, u8 reg, u8 val) { - return ascot2e_write_regs(priv, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return ascot2e_write_regs(priv, reg, &tmp, 1); } static int ascot2e_read_regs(struct ascot2e_priv *priv, diff --git a/drivers/media/dvb-frontends/cxd2841er.c b/drivers/media/dvb-frontends/cxd2841er.c index 17e4db7900e5..16763903d4ad 100644 --- a/drivers/media/dvb-frontends/cxd2841er.c +++ b/drivers/media/dvb-frontends/cxd2841er.c @@ -258,7 +258,9 @@ static int cxd2841er_write_regs(struct cxd2841er_priv *priv, static int cxd2841er_write_reg(struct cxd2841er_priv *priv, u8 addr, u8 reg, u8 val) { - return cxd2841er_write_regs(priv, addr, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return cxd2841er_write_regs(priv, addr, reg, &tmp, 1); } static int cxd2841er_read_regs(struct cxd2841er_priv *priv, diff --git a/drivers/media/dvb-frontends/helene.c b/drivers/media/dvb-frontends/helene.c index 4bf5a551ba40..2ab8d83e5576 100644 --- a/drivers/media/dvb-frontends/helene.c +++ b/drivers/media/dvb-frontends/helene.c @@ -331,7 +331,9 @@ static int helene_write_regs(struct helene_priv *priv, static int helene_write_reg(struct helene_priv *priv, u8 reg, u8 val) { - return helene_write_regs(priv, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return helene_write_regs(priv, reg, &tmp, 1); } static int helene_read_regs(struct helene_priv *priv, diff --git a/drivers/media/dvb-frontends/horus3a.c b/drivers/media/dvb-frontends/horus3a.c index 68d759c4c52e..5c8b405f2ddc 100644 --- a/drivers/media/dvb-frontends/horus3a.c +++ b/drivers/media/dvb-frontends/horus3a.c @@ -89,7 +89,9 @@ static int horus3a_write_regs(struct horus3a_priv *priv, static int horus3a_write_reg(struct horus3a_priv *priv, u8 reg, u8 val) { - return horus3a_write_regs(priv, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return horus3a_write_regs(priv, reg, &tmp, 1); } static int horus3a_enter_power_save(struct horus3a_priv *priv) diff --git a/drivers/media/dvb-frontends/itd1000.c b/drivers/media/dvb-frontends/itd1000.c index 5bb1e73a10b4..ce7c443d3eac 100644 --- a/drivers/media/dvb-frontends/itd1000.c +++ b/drivers/media/dvb-frontends/itd1000.c @@ -95,8 +95,9 @@ static int itd1000_read_reg(struct itd1000_state *state, u8 reg) static inline int itd1000_write_reg(struct itd1000_state *state, u8 r, u8 v) { - int ret = itd1000_write_regs(state, r, &v, 1); - state->shadow[r] = v; + u8 tmp = v; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + int ret = itd1000_write_regs(state, r, &tmp, 1); + state->shadow[r] = tmp; return ret; } diff --git a/drivers/media/dvb-frontends/mt312.c b/drivers/media/dvb-frontends/mt312.c index 961b9a2508e0..0b23cbc021b8 100644 --- a/drivers/media/dvb-frontends/mt312.c +++ b/drivers/media/dvb-frontends/mt312.c @@ -142,7 +142,10 @@ static inline int mt312_readreg(struct mt312_state *state, static inline int mt312_writereg(struct mt312_state *state, const enum mt312_reg_addr reg, const u8 val) { - return mt312_write(state, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + + return mt312_write(state, reg, &tmp, 1); } static inline u32 mt312_div(u32 a, u32 b) diff --git a/drivers/media/dvb-frontends/stb0899_drv.c b/drivers/media/dvb-frontends/stb0899_drv.c index 02347598277a..db5dde3215f0 100644 --- a/drivers/media/dvb-frontends/stb0899_drv.c +++ b/drivers/media/dvb-frontends/stb0899_drv.c @@ -539,7 +539,8 @@ int stb0899_write_regs(struct stb0899_state *state, unsigned int reg, u8 *data, int stb0899_write_reg(struct stb0899_state *state, unsigned int reg, u8 data) { - return stb0899_write_regs(state, reg, &data, 1); + u8 tmp = data; + return stb0899_write_regs(state, reg, &tmp, 1); } /* diff --git a/drivers/media/dvb-frontends/stb6100.c b/drivers/media/dvb-frontends/stb6100.c index 17a955d0031b..75509bec66e4 100644 --- a/drivers/media/dvb-frontends/stb6100.c +++ b/drivers/media/dvb-frontends/stb6100.c @@ -226,12 +226,14 @@ static int stb6100_write_reg_range(struct stb6100_state *state, u8 buf[], int st static int stb6100_write_reg(struct stb6100_state *state, u8 reg, u8 data) { + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + if (unlikely(reg >= STB6100_NUMREGS)) { dprintk(verbose, FE_ERROR, 1, "Invalid register offset 0x%x", reg); return -EREMOTEIO; } - data = (data & stb6100_template[reg].mask) | stb6100_template[reg].set; - return stb6100_write_reg_range(state, &data, reg, 1); + tmp = (tmp & stb6100_template[reg].mask) | stb6100_template[reg].set; + return stb6100_write_reg_range(state, &tmp, reg, 1); } diff --git a/drivers/media/dvb-frontends/stv0367.c b/drivers/media/dvb-frontends/stv0367.c index ebad100d913f..4fa119d83bc5 100644 --- a/drivers/media/dvb-frontends/stv0367.c +++ b/drivers/media/dvb-frontends/stv0367.c @@ -166,7 +166,9 @@ int stv0367_writeregs(struct stv0367_state *state, u16 reg, u8 *data, int len) static int stv0367_writereg(struct stv0367_state *state, u16 reg, u8 data) { - return stv0367_writeregs(state, reg, &data, 1); + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return stv0367_writeregs(state, reg, &tmp, 1); } static u8 stv0367_readreg(struct stv0367_state *state, u16 reg) diff --git a/drivers/media/dvb-frontends/stv090x.c b/drivers/media/dvb-frontends/stv090x.c index 0f375df13fbe..77510bc95dcf 100644 --- a/drivers/media/dvb-frontends/stv090x.c +++ b/drivers/media/dvb-frontends/stv090x.c @@ -755,7 +755,9 @@ static int stv090x_write_regs(struct stv090x_state *state, unsigned int reg, u8 static int stv090x_write_reg(struct stv090x_state *state, unsigned int reg, u8 data) { - return stv090x_write_regs(state, reg, &data, 1); + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return stv090x_write_regs(state, reg, &tmp, 1); } static int stv090x_i2c_gate_ctrl(struct stv090x_state *state, int enable) diff --git a/drivers/media/dvb-frontends/stv6110x.c b/drivers/media/dvb-frontends/stv6110x.c index 66eba38f1014..7e8e01389c55 100644 --- a/drivers/media/dvb-frontends/stv6110x.c +++ b/drivers/media/dvb-frontends/stv6110x.c @@ -97,7 +97,9 @@ static int stv6110x_write_regs(struct stv6110x_state *stv6110x, int start, u8 da static int stv6110x_write_reg(struct stv6110x_state *stv6110x, u8 reg, u8 data) { - return stv6110x_write_regs(stv6110x, reg, &data, 1); + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return stv6110x_write_regs(stv6110x, reg, &tmp, 1); } static int stv6110x_init(struct dvb_frontend *fe) diff --git a/drivers/media/dvb-frontends/zl10039.c b/drivers/media/dvb-frontends/zl10039.c index 623355fc2666..3208b866d1cb 100644 --- a/drivers/media/dvb-frontends/zl10039.c +++ b/drivers/media/dvb-frontends/zl10039.c @@ -134,7 +134,9 @@ static inline int zl10039_writereg(struct zl10039_state *state, const enum zl10039_reg_addr reg, const u8 val) { - return zl10039_write(state, reg, &val, 1); + const u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return zl10039_write(state, reg, &tmp, 1); } static int zl10039_init(struct dvb_frontend *fe)

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] [git:media_tree/master] media: dvb-frontends: fix i2c access helpers for KASAN

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: dvb-frontends: fix i2c access helpers for KASAN Author: Arnd Bergmann <arnd(a)arndb.de> Date: Thu Nov 30 11:55:46 2017 -0500 A typical code fragment was copied across many dvb-frontend drivers and causes large stack frames when built with with CONFIG_KASAN on gcc-5/6/7: drivers/media/dvb-frontends/cxd2841er.c:3225:1: error: the frame size of 3992 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/cxd2841er.c:3404:1: error: the frame size of 3136 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/stv0367.c:3143:1: error: the frame size of 4016 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/stv090x.c:3430:1: error: the frame size of 5312 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] drivers/media/dvb-frontends/stv090x.c:4248:1: error: the frame size of 4872 bytes is larger than 3072 bytes [-Werror=frame-larger-than=] gcc-8 now solves this by consolidating the stack slots for the argument variables, but on older compilers we can get the same behavior by taking the pointer of a local variable rather than the inline function argument. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> drivers/media/dvb-frontends/ascot2e.c | 4 +++- drivers/media/dvb-frontends/cxd2841er.c | 4 +++- drivers/media/dvb-frontends/helene.c | 4 +++- drivers/media/dvb-frontends/horus3a.c | 4 +++- drivers/media/dvb-frontends/itd1000.c | 5 +++-- drivers/media/dvb-frontends/mt312.c | 5 ++++- drivers/media/dvb-frontends/stb0899_drv.c | 3 ++- drivers/media/dvb-frontends/stb6100.c | 6 ++++-- drivers/media/dvb-frontends/stv0367.c | 4 +++- drivers/media/dvb-frontends/stv090x.c | 4 +++- drivers/media/dvb-frontends/stv6110x.c | 4 +++- drivers/media/dvb-frontends/zl10039.c | 4 +++- 12 files changed, 37 insertions(+), 14 deletions(-) --- diff --git a/drivers/media/dvb-frontends/ascot2e.c b/drivers/media/dvb-frontends/ascot2e.c index 0ee0df53b91b..79d5d89bc95e 100644 --- a/drivers/media/dvb-frontends/ascot2e.c +++ b/drivers/media/dvb-frontends/ascot2e.c @@ -155,7 +155,9 @@ static int ascot2e_write_regs(struct ascot2e_priv *priv, static int ascot2e_write_reg(struct ascot2e_priv *priv, u8 reg, u8 val) { - return ascot2e_write_regs(priv, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return ascot2e_write_regs(priv, reg, &tmp, 1); } static int ascot2e_read_regs(struct ascot2e_priv *priv, diff --git a/drivers/media/dvb-frontends/cxd2841er.c b/drivers/media/dvb-frontends/cxd2841er.c index 17e4db7900e5..16763903d4ad 100644 --- a/drivers/media/dvb-frontends/cxd2841er.c +++ b/drivers/media/dvb-frontends/cxd2841er.c @@ -258,7 +258,9 @@ static int cxd2841er_write_regs(struct cxd2841er_priv *priv, static int cxd2841er_write_reg(struct cxd2841er_priv *priv, u8 addr, u8 reg, u8 val) { - return cxd2841er_write_regs(priv, addr, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return cxd2841er_write_regs(priv, addr, reg, &tmp, 1); } static int cxd2841er_read_regs(struct cxd2841er_priv *priv, diff --git a/drivers/media/dvb-frontends/helene.c b/drivers/media/dvb-frontends/helene.c index 4bf5a551ba40..2ab8d83e5576 100644 --- a/drivers/media/dvb-frontends/helene.c +++ b/drivers/media/dvb-frontends/helene.c @@ -331,7 +331,9 @@ static int helene_write_regs(struct helene_priv *priv, static int helene_write_reg(struct helene_priv *priv, u8 reg, u8 val) { - return helene_write_regs(priv, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return helene_write_regs(priv, reg, &tmp, 1); } static int helene_read_regs(struct helene_priv *priv, diff --git a/drivers/media/dvb-frontends/horus3a.c b/drivers/media/dvb-frontends/horus3a.c index 68d759c4c52e..5c8b405f2ddc 100644 --- a/drivers/media/dvb-frontends/horus3a.c +++ b/drivers/media/dvb-frontends/horus3a.c @@ -89,7 +89,9 @@ static int horus3a_write_regs(struct horus3a_priv *priv, static int horus3a_write_reg(struct horus3a_priv *priv, u8 reg, u8 val) { - return horus3a_write_regs(priv, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return horus3a_write_regs(priv, reg, &tmp, 1); } static int horus3a_enter_power_save(struct horus3a_priv *priv) diff --git a/drivers/media/dvb-frontends/itd1000.c b/drivers/media/dvb-frontends/itd1000.c index 5bb1e73a10b4..ce7c443d3eac 100644 --- a/drivers/media/dvb-frontends/itd1000.c +++ b/drivers/media/dvb-frontends/itd1000.c @@ -95,8 +95,9 @@ static int itd1000_read_reg(struct itd1000_state *state, u8 reg) static inline int itd1000_write_reg(struct itd1000_state *state, u8 r, u8 v) { - int ret = itd1000_write_regs(state, r, &v, 1); - state->shadow[r] = v; + u8 tmp = v; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + int ret = itd1000_write_regs(state, r, &tmp, 1); + state->shadow[r] = tmp; return ret; } diff --git a/drivers/media/dvb-frontends/mt312.c b/drivers/media/dvb-frontends/mt312.c index 961b9a2508e0..0b23cbc021b8 100644 --- a/drivers/media/dvb-frontends/mt312.c +++ b/drivers/media/dvb-frontends/mt312.c @@ -142,7 +142,10 @@ static inline int mt312_readreg(struct mt312_state *state, static inline int mt312_writereg(struct mt312_state *state, const enum mt312_reg_addr reg, const u8 val) { - return mt312_write(state, reg, &val, 1); + u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + + return mt312_write(state, reg, &tmp, 1); } static inline u32 mt312_div(u32 a, u32 b) diff --git a/drivers/media/dvb-frontends/stb0899_drv.c b/drivers/media/dvb-frontends/stb0899_drv.c index 02347598277a..db5dde3215f0 100644 --- a/drivers/media/dvb-frontends/stb0899_drv.c +++ b/drivers/media/dvb-frontends/stb0899_drv.c @@ -539,7 +539,8 @@ int stb0899_write_regs(struct stb0899_state *state, unsigned int reg, u8 *data, int stb0899_write_reg(struct stb0899_state *state, unsigned int reg, u8 data) { - return stb0899_write_regs(state, reg, &data, 1); + u8 tmp = data; + return stb0899_write_regs(state, reg, &tmp, 1); } /* diff --git a/drivers/media/dvb-frontends/stb6100.c b/drivers/media/dvb-frontends/stb6100.c index 17a955d0031b..75509bec66e4 100644 --- a/drivers/media/dvb-frontends/stb6100.c +++ b/drivers/media/dvb-frontends/stb6100.c @@ -226,12 +226,14 @@ static int stb6100_write_reg_range(struct stb6100_state *state, u8 buf[], int st static int stb6100_write_reg(struct stb6100_state *state, u8 reg, u8 data) { + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + if (unlikely(reg >= STB6100_NUMREGS)) { dprintk(verbose, FE_ERROR, 1, "Invalid register offset 0x%x", reg); return -EREMOTEIO; } - data = (data & stb6100_template[reg].mask) | stb6100_template[reg].set; - return stb6100_write_reg_range(state, &data, reg, 1); + tmp = (tmp & stb6100_template[reg].mask) | stb6100_template[reg].set; + return stb6100_write_reg_range(state, &tmp, reg, 1); } diff --git a/drivers/media/dvb-frontends/stv0367.c b/drivers/media/dvb-frontends/stv0367.c index ebad100d913f..4fa119d83bc5 100644 --- a/drivers/media/dvb-frontends/stv0367.c +++ b/drivers/media/dvb-frontends/stv0367.c @@ -166,7 +166,9 @@ int stv0367_writeregs(struct stv0367_state *state, u16 reg, u8 *data, int len) static int stv0367_writereg(struct stv0367_state *state, u16 reg, u8 data) { - return stv0367_writeregs(state, reg, &data, 1); + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return stv0367_writeregs(state, reg, &tmp, 1); } static u8 stv0367_readreg(struct stv0367_state *state, u16 reg) diff --git a/drivers/media/dvb-frontends/stv090x.c b/drivers/media/dvb-frontends/stv090x.c index 0f375df13fbe..77510bc95dcf 100644 --- a/drivers/media/dvb-frontends/stv090x.c +++ b/drivers/media/dvb-frontends/stv090x.c @@ -755,7 +755,9 @@ static int stv090x_write_regs(struct stv090x_state *state, unsigned int reg, u8 static int stv090x_write_reg(struct stv090x_state *state, unsigned int reg, u8 data) { - return stv090x_write_regs(state, reg, &data, 1); + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return stv090x_write_regs(state, reg, &tmp, 1); } static int stv090x_i2c_gate_ctrl(struct stv090x_state *state, int enable) diff --git a/drivers/media/dvb-frontends/stv6110x.c b/drivers/media/dvb-frontends/stv6110x.c index 66eba38f1014..7e8e01389c55 100644 --- a/drivers/media/dvb-frontends/stv6110x.c +++ b/drivers/media/dvb-frontends/stv6110x.c @@ -97,7 +97,9 @@ static int stv6110x_write_regs(struct stv6110x_state *stv6110x, int start, u8 da static int stv6110x_write_reg(struct stv6110x_state *stv6110x, u8 reg, u8 data) { - return stv6110x_write_regs(stv6110x, reg, &data, 1); + u8 tmp = data; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return stv6110x_write_regs(stv6110x, reg, &tmp, 1); } static int stv6110x_init(struct dvb_frontend *fe) diff --git a/drivers/media/dvb-frontends/zl10039.c b/drivers/media/dvb-frontends/zl10039.c index 623355fc2666..3208b866d1cb 100644 --- a/drivers/media/dvb-frontends/zl10039.c +++ b/drivers/media/dvb-frontends/zl10039.c @@ -134,7 +134,9 @@ static inline int zl10039_writereg(struct zl10039_state *state, const enum zl10039_reg_addr reg, const u8 val) { - return zl10039_write(state, reg, &val, 1); + const u8 tmp = val; /* see gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 */ + + return zl10039_write(state, reg, &tmp, 1); } static int zl10039_init(struct dvb_frontend *fe)

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.14 000/164] 4.14.6-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.6 release. There are 164 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Dec 14 12:34:08 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.6-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.6-rc1 Reinette Chatre <reinette.chatre(a)intel.com> x86/intel_rdt: Fix potential deadlock during resctrl unmount Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Annotate r2 and stag as __be32 Zdenek Kabelac <zkabelac(a)redhat.com> md: free unused memory after bitmap resize Heinz Mauelshagen <heinzm(a)redhat.com> dm raid: fix panic when attempting to force a raid to sync Paul Moore <paul(a)paul-moore.com> audit: ensure that 'audit=1' actually enables audit for PID 1 Steve Grubb <sgrubb(a)redhat.com> audit: Allow auditd to set pid to 0 to end auditing Israel Rukshin <israelr(a)mellanox.com> nvmet-rdma: update queue list during ib_device removal Bart Van Assche <bart.vanassche(a)wdc.com> blk-mq: Avoid that request queue removal can trigger list corruption Hongxu Jia <hongxu.jia(a)windriver.com> ide: ide-atapi: fix compile error with defining macro DEBUG Keefe Liu <liuqifa(a)huawei.com> ipvlan: fix ipv6 outbound device Vaidyanathan Srinivasan <svaidy(a)linux.vnet.ibm.com> powerpc/powernv/idle: Round up latency and residency values Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: do not call cc-option before KBUILD_CFLAGS initialization David Howells <dhowells(a)redhat.com> afs: Connect up the CB.ProbeUuid David Howells <dhowells(a)redhat.com> afs: Fix total-length calculation for multiple-page send Majd Dibbiny <majd(a)mellanox.com> IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch <markb(a)mellanox.com> IB/mlx4: Increase maximal message size under UD QP Sriharsha Basavapatna <sriharsha.basavapatna(a)broadcom.com> bnxt_re: changing the ip address shouldn't affect new connections Chao Yu <yuchao0(a)huawei.com> f2fs: fix to clear FI_NO_PREALLOC Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Copy policy family in clone_policy Ilya Lesokhin <ilyal(a)mellanox.com> tls: Use kzalloc for aead_request allocation Jason Baron <jbaron(a)akamai.com> jump_label: Invoke jump_label_test() via early_initcall() Arvind Yadav <arvind.yadav.cs(a)gmail.com> atm: horizon: Fix irq release error Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: rpm-pkg: fix jobserver unavailable warning Sudeep Holla <sudeep.holla(a)arm.com> mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready Zhong Kaihua <zhongkaihua(a)huawei.com> clk: hi3660: fix incorrect uart3 clock freqency Masahiro Yamada <yamada.masahiro(a)socionext.com> clk: uniphier: fix DAPLL2 clock rate of Pro5 Johan Hovold <johan(a)kernel.org> clk: qcom: common: fix legacy board-clock registration Mylene JOSSERAND <mylene.josserand(a)free-electrons.com> clk: sunxi-ng: a83t: Fix i2c buses bits Gabriel Fernandez <gabriel.fernandez(a)st.com> clk: stm32h7: fix test of clock config Eric Dumazet <edumazet(a)google.com> bpf: fix lockdep splat Hangbin Liu <liuhangbin(a)gmail.com> geneve: fix fill_info when link down Jeff Layton <jlayton(a)redhat.com> fcntl: don't leak fd reference when fixup_compat_flock fails Xin Long <lucien.xin(a)gmail.com> sctp: use the right sk after waking up from wait_buf sleep Xin Long <lucien.xin(a)gmail.com> sctp: do not free asoc when it is already dead in sctp_sendmsg Miles Chen <miles.chen(a)mediatek.com> slub: fix sysfs duplicate filename creation when slub_debug=O Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> zsmalloc: calling zs_map_object() from irq is a bug Pavel Tatashin <pasha.tatashin(a)oracle.com> sparc64/mm: set fields in deferred pages Ming Lei <ming.lei(a)redhat.com> block: wake up all tasks blocked in get_request() Johan Hovold <johan(a)kernel.org> dt-bindings: usb: fix reg-property port-number range Darrick J. Wong <darrick.wong(a)oracle.com> xfs: fix forgotten rcu read unlock when skipping inode reclaim Pieter Jansen van Vuuren <pieter.jansenvanvuuren(a)netronome.com> nfp: fix flower offload metadata flag usage Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> nfp: inherit the max_mtu from the PF netdev Chuck Lever <chuck.lever(a)oracle.com> sunrpc: Fix rpc_task_begin trace point Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix a typo in nfs_rename() Randy Dunlap <rdunlap(a)infradead.org> dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Stephen Bates <sbates(a)raithlin.com> lib/genalloc.c: make the avail variable an atomic_long_t Joe Lawrence <joe.lawrence(a)redhat.com> pipe: match pipe_max_size data type with procfs Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' Colin Ian King <colin.king(a)canonical.com> rsi: fix memory leak on buf and usb_reg_buf Xin Long <lucien.xin(a)gmail.com> route: update fnhe_expires for redirect when the fnhe exists Xin Long <lucien.xin(a)gmail.com> route: also update fnhe_genid when updating a route cache Alexey Kodanev <alexey.kodanev(a)oracle.com> gre6: use log_ecn_error module parameter in ip6_tnl_rcv() Ben Hutchings <ben.hutchings(a)codethink.co.uk> mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() Dave Hansen <dave.hansen(a)linux.intel.com> x86/mpx/selftests: Fix up weird arrays John Johansen <john.johansen(a)canonical.com> apparmor: fix leak of null profile name if profile allocation fails Madhavan Srinivasan <maddy(a)linux.vnet.ibm.com> powerpc/perf: Fix pmu_count to count only nest imc pmus Masahiro Yamada <yamada.masahiro(a)socionext.com> coccinelle: fix parallel build with CHECK=scripts/coccicheck Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: pkg: use --transform option to prefix paths in tar Ursula Braun <ursula.braun(a)de.ibm.com> net/smc: use sk_rcvbuf as start for rmb creation Colin Ian King <colin.king(a)canonical.com> irqchip/qcom: Fix u32 comparison with value less than zero Russell King <rmk+kernel(a)armlinux.org.uk> ARM: avoid faulting on qemu Russell King <rmk+kernel(a)armlinux.org.uk> ARM: BUG if jumping to usermode address in kernel mode LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix ctr-aes-talitos LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix use of sg_link_tbl_len LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix AEAD for sha224 on non sha224 capable chips LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix setkey to check key weakness LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix memory corruption on SEC2 LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix AEAD test failures Daniel Jurgens <danielj(a)mellanox.com> IB/core: Only enforce security for InfiniBand Parav Pandit <parav(a)mellanox.com> IB/core: Avoid unnecessary return value check Kim Phillips <kim.phillips(a)arm.com> bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. Marc Zyngier <marc.zyngier(a)arm.com> bus: arm-ccn: Fix use of smp_processor_id() in preemptible context Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> bus: arm-ccn: Check memory allocation failure Marc Zyngier <marc.zyngier(a)arm.com> bus: arm-cci: Fix use of smp_processor_id() in preemptible context Fabio Estevam <fabio.estevam(a)nxp.com> Revert "ARM: dts: imx53: add srtc node" Will Deacon <will.deacon(a)arm.com> arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb Will Deacon <will.deacon(a)arm.com> arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm Dave Martin <Dave.Martin(a)arm.com> arm64: fpsimd: Prevent registers leaking from dead tasks Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: vgic-its: Check result of allocation before use Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: vgic: Preserve the revious read from the pending table Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation Christoffer Dall <christoffer.dall(a)linaro.org> KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion Andrew Honig <ahonig(a)google.com> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Marc Zyngier <marc.zyngier(a)arm.com> arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one Sean Young <sean(a)mess.org> media: rc: partial revert of "media: rc: per-protocol repeat period" Sean Young <sean(a)mess.org> media: rc: sir_ir: detect presence of port Laurent Caumont <lcaumont2(a)gmail.com> media: dvb: i2c transfers over usb cannot be done from stack Daniel Vetter <daniel.vetter(a)ffwll.ch> drm: safely free connectors from connector_iter Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix vblank timestamp/frame counter jumps on gen2 Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU Marek Szyprowski <m.szyprowski(a)samsung.com> drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback Song Liu <songliubraving(a)fb.com> md/r5cache: move mddev_lock() out of r5c_journal_mode_set() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix handling of kallsyms_symbol_next() return value Arend Van Spriel <arend.vanspriel(a)broadcom.com> brcmfmac: change driver unbind order of the sdio function devices David Spinadel <david.spinadel(a)intel.com> iwlwifi: mvm: enable RX offloading with TKIP and WEP Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: fix packet injection Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for 9260 and 22000 series Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: flush queue before deleting ROC Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: don't use transmit queue hang detection when it is not possible Sara Sharon <sara.sharon(a)intel.com> iwlwifi: mvm: mark MIC stripped MPDUs Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Initialize ISAv3 MMU registers before setting partition table David Gibson <david(a)gibson.dropbear.id.au> Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier" Janosch Frank <frankja(a)linux.vnet.ibm.com> KVM: s390: Fix skey emulation permission check Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix compat system call table Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/mm: fix off-by-one bug in 5-level page table handling Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: always save and restore all registers on context switch Lai Jiangshan <jiangshanlai(a)gmail.com> smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place Robin Murphy <robin.murphy(a)arm.com> iommu/vt-d: Fix scatterlist offset handling Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Add check return value for usb_string() Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Fix out-of-bound error Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Remove spurious WARN_ON() at timer check Robb Glasser <rglasser(a)google.com> ALSA: pcm: prevent UAF in snd_pcm_info Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - New codec support for ALC257 Jeff Mahoney <jeffm(a)suse.com> btrfs: handle errors while updating refcounts in update_ref_for_cow Jeff Mahoney <jeffm(a)suse.com> btrfs: fix missing error return in btrfs_drop_snapshot Radim Krčmář <rkrcmar(a)redhat.com> KVM: x86: fix APIC page invalidation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> x86/PCI: Make broadcom_postcore_init() check acpi_disabled Chunyu Hu <chuhu(a)redhat.com> x86/idt: Load idt early in start_secondary Eric Biggers <ebiggers(a)google.com> X.509: fix comparisons of ->pkey_algo Eric Biggers <ebiggers(a)google.com> X.509: reject invalid BIT STRING for subjectPublicKey Eric Biggers <ebiggers(a)google.com> KEYS: reject NULL restriction string when type is specified Eric Biggers <ebiggers(a)google.com> KEYS: add missing permission check for request_key() destination Eric Biggers <ebiggers(a)google.com> ASN.1: check for error from ASN1_OP_END__ACT actions Eric Biggers <ebiggers(a)google.com> ASN.1: fix out-of-bounds read when parsing indefinite length item Pan Bian <bianpan2016(a)163.com> efi/esrt: Use memunmap() instead of kfree() to free the remapping Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> efi: Move some sysfs files to be read-only by root Huacai Chen <chenhc(a)lemote.com> scsi: libsas: align sata_device's rps_resp on a cacheline Huacai Chen <chenhc(a)lemote.com> scsi: use dma_get_cache_alignment() as minimum DMA alignment Christoph Hellwig <hch(a)lst.de> scsi: dma-mapping: always provide dma_get_cache_alignment William Breathitt Gray <vilhelm.gray(a)gmail.com> isa: Prevent NULL dereference in isa_bus driver callbacks Guenter Roeck <linux(a)roeck-us.net> firmware: vpd: Fix platform driver and device registration/unregistration Guenter Roeck <linux(a)roeck-us.net> firmware: vpd: Tie firmware kobject to device lifetime Guenter Roeck <linux(a)roeck-us.net> firmware: vpd: Destroy vpd sections in remove function Robin H. Johnson <robbat2(a)gentoo.org> firmware: cleanup FIRMWARE_IN_KERNEL message Paul Meyer <Paul.Meyer(a)microsoft.com> hv: kvp: Avoid reading past allocated blocks from KVP file K. Y. Srinivasan <kys(a)microsoft.com> Drivers: hv: vmbus: Fix a rescind issue Gregory CLEMENT <gregory.clement(a)free-electrons.com> pinctrl: armada-37xx: Fix direction_output() callback behavior Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> iio: adc: meson-saradc: fix the bit_idx of the adc_en clock Pan Bian <bianpan2016(a)163.com> iio: adc: cpcap: fix incorrect validation Peter Meerwald-Stadler <pmeerw(a)pmeerw.net> iio: health: max30102: Temperature should be in milli Celsius Arnd Bergmann <arnd(a)arndb.de> iio: stm32: fix adc/trigger link error weiping zhang <zwp10758(a)gmail.com> virtio: release virtio index when fail to device_register Stephane Grosjean <s.grosjean(a)peak-system.com> can: peak/pcie_fd: fix potential bug in restarting tx queue Martin Kelly <mkelly(a)xevo.com> can: usb_8dev: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: esd_usb2: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: ems_usb: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: mcba_usb: cancel urb on -EPROTO Martin Kelly <mkelly(a)xevo.com> can: kvaser_usb: cancel urb on -EPIPE and -EPROTO Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: ratelimit errors if incomplete messages are received Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: free buf in error paths Oliver Stäbler <oliver.staebler(a)bytesatwork.ch> can: ti_hecc: Fix napi poll return value for repoll Marc Kleine-Budde <mkl(a)pengutronix.de> can: flexcan: fix VF610 state transition issue Stephane Grosjean <s.grosjean(a)peak-system.com> can: peak/pci: fix potential bug when probe() fails Martin Kelly <mkelly(a)xevo.com> can: mcba_usb: fix device disconnect bug John Keeping <john(a)metanate.com> usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT Johan Hovold <johan(a)kernel.org> serdev: ttyport: fix tty locking in close Johan Hovold <johan(a)kernel.org> serdev: ttyport: fix NULL-deref on hangup Johan Hovold <johan(a)kernel.org> serdev: ttyport: add missing receive_buf sanity checks Roger Quadros <rogerq(a)ti.com> usb: gadget: core: Fix ->udc_set_speed() speed handling Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: fix number of the pipes ------------- Diffstat: .../devicetree/bindings/usb/usb-device.txt | 2 +- Makefile | 25 ++++---- arch/arm/boot/dts/imx53.dtsi | 9 --- arch/arm/include/asm/assembler.h | 18 ++++++ arch/arm/include/asm/kvm_arm.h | 3 +- arch/arm/kernel/entry-header.S | 6 ++ arch/arm64/include/asm/efi.h | 4 +- arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/include/asm/mmu_context.h | 46 +++++++------- arch/arm64/kernel/process.c | 9 +++ arch/powerpc/include/asm/machdep.h | 1 + arch/powerpc/include/asm/setup.h | 1 + arch/powerpc/kernel/cpu_setup_power.S | 2 + arch/powerpc/kernel/fadump.c | 22 ------- arch/powerpc/kernel/setup-common.c | 27 +++++++++ arch/powerpc/platforms/powernv/opal-imc.c | 6 +- arch/powerpc/platforms/ps3/setup.c | 15 +++++ arch/powerpc/platforms/pseries/setup.c | 1 + arch/s390/include/asm/switch_to.h | 27 ++++----- arch/s390/kernel/syscalls.S | 6 +- arch/s390/kvm/priv.c | 11 +++- arch/s390/mm/pgalloc.c | 2 - arch/sparc/mm/init_64.c | 9 ++- arch/x86/include/asm/kvm_host.h | 3 + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 10 ++-- arch/x86/kernel/smpboot.c | 2 +- arch/x86/kvm/vmx.c | 5 -- arch/x86/kvm/x86.c | 14 +++++ arch/x86/pci/broadcom_bus.c | 2 +- block/blk-core.c | 5 +- crypto/asymmetric_keys/pkcs7_verify.c | 2 +- crypto/asymmetric_keys/x509_cert_parser.c | 2 + crypto/asymmetric_keys/x509_public_key.c | 2 +- drivers/atm/horizon.c | 2 +- drivers/base/Kconfig | 25 ++++---- drivers/base/isa.c | 10 ++-- drivers/bus/arm-cci.c | 7 ++- drivers/bus/arm-ccn.c | 11 +++- drivers/clk/clk-stm32h7.c | 4 +- drivers/clk/hisilicon/clk-hi3660.c | 2 +- drivers/clk/qcom/common.c | 6 +- drivers/clk/sunxi-ng/ccu-sun8i-a83t.c | 4 +- drivers/clk/uniphier/clk-uniphier-sys.c | 2 +- drivers/cpuidle/cpuidle-powernv.c | 4 +- drivers/crypto/talitos.c | 66 +++++++++++++------- drivers/firmware/efi/efi.c | 3 +- drivers/firmware/efi/esrt.c | 17 +++--- drivers/firmware/efi/runtime-map.c | 10 ++-- drivers/firmware/google/vpd.c | 48 +++++++++++---- drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 2 + drivers/gpu/drm/drm_connector.c | 28 ++++++++- drivers/gpu/drm/drm_mode_config.c | 2 + drivers/gpu/drm/exynos/exynos_drm_gem.c | 9 +++ drivers/gpu/drm/i915/intel_display.c | 51 +++++++++++----- drivers/hv/channel.c | 10 +++- drivers/hv/channel_mgmt.c | 7 ++- drivers/ide/ide-atapi.c | 6 +- drivers/iio/adc/cpcap-adc.c | 2 +- drivers/iio/adc/meson_saradc.c | 52 ++++++++++++---- drivers/iio/health/max30102.c | 2 +- drivers/infiniband/core/security.c | 63 ++++++++++++++----- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 + drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/iommu/intel-iommu.c | 8 ++- drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/mailbox/mailbox-test.c | 11 ++-- drivers/md/bitmap.c | 9 +++ drivers/md/dm-raid.c | 21 +++---- drivers/md/raid5-cache.c | 22 +++---- drivers/media/rc/rc-main.c | 32 +++++----- drivers/media/rc/sir_ir.c | 40 +++++++++++-- drivers/media/usb/dvb-usb/dibusb-common.c | 16 ++++- drivers/net/can/flexcan.c | 5 +- drivers/net/can/peak_canfd/peak_canfd.c | 9 +-- drivers/net/can/peak_canfd/peak_pciefd_main.c | 5 +- drivers/net/can/sja1000/peak_pci.c | 5 +- drivers/net/can/ti_hecc.c | 3 + drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + drivers/net/can/usb/kvaser_usb.c | 13 ++-- drivers/net/can/usb/mcba_usb.c | 2 + drivers/net/can/usb/usb_8dev.c | 2 + drivers/net/ethernet/netronome/nfp/flower/main.h | 3 +- .../net/ethernet/netronome/nfp/flower/metadata.c | 7 ++- drivers/net/ethernet/netronome/nfp/nfp_net_repr.c | 2 + drivers/net/geneve.c | 24 ++++---- drivers/net/ipvlan/ipvlan_core.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/api/txq.h | 4 ++ drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 + drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 14 ++++- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 53 ++++++++++++---- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 24 +++++++- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 3 +- drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 11 +++- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 2 + drivers/net/wireless/mac80211_hwsim.c | 5 +- drivers/net/wireless/rsi/rsi_91x_usb.c | 12 ++-- drivers/nvme/target/rdma.c | 6 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 13 +++- drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/scsi/scsi_lib.c | 10 ++-- drivers/tty/serdev/serdev-ttyport.c | 26 +++++++- drivers/usb/gadget/function/f_fs.c | 13 +++- drivers/usb/gadget/udc/core.c | 8 ++- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/virtio/virtio.c | 2 + fs/afs/cmservice.c | 3 + fs/afs/rxrpc.c | 13 +++- fs/btrfs/ctree.c | 18 ++++-- fs/btrfs/extent-tree.c | 1 + fs/f2fs/file.c | 1 + fs/fcntl.c | 5 +- fs/nfs/dir.c | 2 +- fs/pipe.c | 2 +- fs/xfs/xfs_inode.c | 1 + include/drm/drm_connector.h | 8 +++ include/linux/dma-mapping.h | 2 - include/linux/genalloc.h | 3 +- include/linux/hyperv.h | 1 + include/linux/iio/timer/stm32-lptim-trigger.h | 5 +- include/linux/sysfs.h | 6 ++ include/scsi/libsas.h | 2 +- kernel/audit.c | 39 ++++++------ kernel/bpf/percpu_freelist.c | 8 ++- kernel/cpu.c | 10 ++-- kernel/debug/kdb/kdb_io.c | 2 +- kernel/jump_label.c | 2 +- kernel/sysctl.c | 2 +- lib/asn1_decoder.c | 49 ++++++++------- lib/dynamic_debug.c | 4 ++ lib/genalloc.c | 10 ++-- mm/slub.c | 4 ++ mm/zsmalloc.c | 2 +- net/ipv4/route.c | 14 +++-- net/ipv6/ip6_gre.c | 2 +- net/sctp/socket.c | 38 ++++++++---- net/smc/smc_core.c | 2 +- net/sunrpc/sched.c | 3 +- net/tls/tls_sw.c | 2 +- net/xfrm/xfrm_policy.c | 1 + scripts/coccicheck | 15 +++-- scripts/package/Makefile | 9 ++- security/apparmor/policy.c | 3 +- security/keys/keyctl.c | 24 ++++---- security/keys/request_key.c | 46 +++++++++++--- sound/core/pcm.c | 2 + sound/core/seq/seq_timer.c | 2 +- sound/pci/hda/patch_realtek.c | 8 +++ sound/usb/mixer.c | 13 ++-- tools/hv/hv_kvp_daemon.c | 70 +++++----------------- tools/testing/selftests/x86/mpx-hw.h | 4 +- virt/kvm/arm/hyp/vgic-v2-sr.c | 4 -- virt/kvm/arm/vgic/vgic-irqfd.c | 3 +- virt/kvm/arm/vgic/vgic-its.c | 2 + virt/kvm/arm/vgic/vgic-v3.c | 2 +- virt/kvm/kvm_main.c | 8 +++ 162 files changed, 1132 insertions(+), 586 deletions(-)

7 years, 9 months

7
173
0 0

[Linux-stable-mirror] [PATCH v2] gpio: fix "gpio-line-names" property retrieval

by chleroy

Following commit 9427ecbed46cc ("gpio: Rework of_gpiochip_set_names() to use device property accessors"), "gpio-line-names" DT property is not retrieved anymore when chip->parent is not set by the driver. This is due to OF based property reads having been replaced by device based property reads. This patch fixes that by making use of fwnode_property_read_string_array() instead of device_property_read_string_array() and handing over either of_fwnode_handle(chip->of_node) or dev_fwnode(chip->parent) to that function. Fixes: 9427ecbed46cc ("gpio: Rework of_gpiochip_set_names() to use device property accessors") Cc: stable(a)vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- drivers/gpio/gpiolib-acpi.c | 2 +- drivers/gpio/gpiolib-devprop.c | 17 +++++++---------- drivers/gpio/gpiolib-of.c | 3 ++- drivers/gpio/gpiolib.h | 3 ++- 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c index eb4528c87c0b..d6f3d9ee1350 100644 --- a/drivers/gpio/gpiolib-acpi.c +++ b/drivers/gpio/gpiolib-acpi.c @@ -1074,7 +1074,7 @@ void acpi_gpiochip_add(struct gpio_chip *chip) } if (!chip->names) - devprop_gpiochip_set_names(chip); + devprop_gpiochip_set_names(chip, dev_fwnode(chip->parent)); acpi_gpiochip_request_regions(acpi_gpio); acpi_gpiochip_scan_gpios(acpi_gpio); diff --git a/drivers/gpio/gpiolib-devprop.c b/drivers/gpio/gpiolib-devprop.c index 27f383bda7d9..f748aa3e77f7 100644 --- a/drivers/gpio/gpiolib-devprop.c +++ b/drivers/gpio/gpiolib-devprop.c @@ -19,30 +19,27 @@ /** * devprop_gpiochip_set_names - Set GPIO line names using device properties * @chip: GPIO chip whose lines should be named, if possible + * @fwnode: Property Node containing the gpio-line-names property * * Looks for device property "gpio-line-names" and if it exists assigns * GPIO line names for the chip. The memory allocated for the assigned * names belong to the underlying firmware node and should not be released * by the caller. */ -void devprop_gpiochip_set_names(struct gpio_chip *chip) +void devprop_gpiochip_set_names(struct gpio_chip *chip, + const struct fwnode_handle *fwnode) { struct gpio_device *gdev = chip->gpiodev; const char **names; int ret, i; - if (!chip->parent) { - dev_warn(&gdev->dev, "GPIO chip parent is NULL\n"); - return; - } - - ret = device_property_read_string_array(chip->parent, "gpio-line-names", + ret = fwnode_property_read_string_array(fwnode, "gpio-line-names", NULL, 0); if (ret < 0) return; if (ret != gdev->ngpio) { - dev_warn(chip->parent, + dev_warn(&gdev->dev, "names %d do not match number of GPIOs %d\n", ret, gdev->ngpio); return; @@ -52,10 +49,10 @@ void devprop_gpiochip_set_names(struct gpio_chip *chip) if (!names) return; - ret = device_property_read_string_array(chip->parent, "gpio-line-names", + ret = fwnode_property_read_string_array(fwnode, "gpio-line-names", names, gdev->ngpio); if (ret < 0) { - dev_warn(chip->parent, "failed to read GPIO line names\n"); + dev_warn(&gdev->dev, "failed to read GPIO line names\n"); kfree(names); return; } diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c index e0d59e61b52f..72a0695d2ac3 100644 --- a/drivers/gpio/gpiolib-of.c +++ b/drivers/gpio/gpiolib-of.c @@ -493,7 +493,8 @@ int of_gpiochip_add(struct gpio_chip *chip) /* If the chip defines names itself, these take precedence */ if (!chip->names) - devprop_gpiochip_set_names(chip); + devprop_gpiochip_set_names(chip, + of_fwnode_handle(chip->of_node)); of_node_get(chip->of_node); diff --git a/drivers/gpio/gpiolib.h b/drivers/gpio/gpiolib.h index af48322839c3..6c44d1652139 100644 --- a/drivers/gpio/gpiolib.h +++ b/drivers/gpio/gpiolib.h @@ -228,7 +228,8 @@ static inline int gpio_chip_hwgpio(const struct gpio_desc *desc) return desc - &desc->gdev->descs[0]; } -void devprop_gpiochip_set_names(struct gpio_chip *chip); +void devprop_gpiochip_set_names(struct gpio_chip *chip, + const struct fwnode_handle *fwnode); /* With descriptor prefix */ -- 2.13.3

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] [PATCH v2] PCI: keystone: fix interrupt-controller-node lookup

by Johan Hovold

Fix child-node lookup during initialisation which was using the wrong OF-helper and ended up searching the whole device tree depth-first starting at the parent rather than just matching on its children. To make things worse, the parent pci node could end up being prematurely freed as of_find_node_by_name() drops a reference to its first argument. Any matching child interrupt-controller node was also leaked. Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") Cc: stable <stable(a)vger.kernel.org> # 3.18 Acked-by: Murali Karicheri <m-karicheri2(a)ti.com> Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- v2 - amend commit message and mention explicitly that of_find_node_by_name() drops a reference to the start node - add Murali's and Lorenzo's acks drivers/pci/dwc/pci-keystone.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/pci/dwc/pci-keystone.c b/drivers/pci/dwc/pci-keystone.c index 5bee3af47588..39405598b22d 100644 --- a/drivers/pci/dwc/pci-keystone.c +++ b/drivers/pci/dwc/pci-keystone.c @@ -178,7 +178,7 @@ static int ks_pcie_get_irq_controller_info(struct keystone_pcie *ks_pcie, } /* interrupt controller is in a child node */ - *np_temp = of_find_node_by_name(np_pcie, controller); + *np_temp = of_get_child_by_name(np_pcie, controller); if (!(*np_temp)) { dev_err(dev, "Node for %s is absent\n", controller); return -EINVAL; @@ -187,6 +187,7 @@ static int ks_pcie_get_irq_controller_info(struct keystone_pcie *ks_pcie, temp = of_irq_count(*np_temp); if (!temp) { dev_err(dev, "No IRQ entries in %s\n", controller); + of_node_put(*np_temp); return -EINVAL; } @@ -204,6 +205,8 @@ static int ks_pcie_get_irq_controller_info(struct keystone_pcie *ks_pcie, break; } + of_node_put(*np_temp); + if (temp) { *num_irqs = temp; return 0; -- 2.15.0

7 years, 9 months

3
6
0 0

[Linux-stable-mirror] [PATCH] mm: save/restore current->journal_info in handle_mm_fault

by Yan, Zheng

We recently got an Oops report: BUG: unable to handle kernel NULL pointer dereference at (null) IP: jbd2__journal_start+0x38/0x1a2 [...] Call Trace: ext4_page_mkwrite+0x307/0x52b _ext4_get_block+0xd8/0xd8 do_page_mkwrite+0x6e/0xd8 handle_mm_fault+0x686/0xf9b mntput_no_expire+0x1f/0x21e __do_page_fault+0x21d/0x465 dput+0x4a/0x2f7 page_fault+0x22/0x30 copy_user_generic_string+0x2c/0x40 copy_page_to_iter+0x8c/0x2b8 generic_file_read_iter+0x26e/0x845 timerqueue_del+0x31/0x90 ceph_read_iter+0x697/0xa33 [ceph] hrtimer_cancel+0x23/0x41 futex_wait+0x1c8/0x24d get_futex_key+0x32c/0x39a __vfs_read+0xe0/0x130 vfs_read.part.1+0x6c/0x123 handle_mm_fault+0x831/0xf9b __fget+0x7e/0xbf SyS_read+0x4d/0xb5 ceph_read_iter() uses current->journal_info to pass context info to ceph_readpages(). Because ceph_readpages() needs to know if its caller has already gotten capability of using page cache (distinguish read from readahead/fadvise). ceph_read_iter() set current->journal_info, then calls generic_file_read_iter(). In above Oops, page fault happened when copying data to userspace. Page fault handler called ext4_page_mkwrite(). Ext4 code read current->journal_info and assumed it is journal handle. I checked other filesystems, btrfs probably suffers similar problem for its readpage. (page fault happens when write() copies data from userspace memory and the memory is mapped to a file in btrfs. verify_parent_transid() can be called during readpage) Cc: stable(a)vger.kernel.org Signed-off-by: "Yan, Zheng" <zyan(a)redhat.com> --- mm/memory.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/mm/memory.c b/mm/memory.c index a728bed16c20..db2a50233c49 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4044,6 +4044,7 @@ int handle_mm_fault(struct vm_area_struct *vma, unsigned long address, unsigned int flags) { int ret; + void *old_journal_info; __set_current_state(TASK_RUNNING); @@ -4065,11 +4066,24 @@ int handle_mm_fault(struct vm_area_struct *vma, unsigned long address, if (flags & FAULT_FLAG_USER) mem_cgroup_oom_enable(); + /* + * Fault can happen when filesystem A's read_iter()/write_iter() + * copies data to/from userspace. Filesystem A may have set + * current->journal_info. If the userspace memory is MAP_SHARED + * mapped to a file in filesystem B, we later may call filesystem + * B's vm operation. Filesystem B may also want to read/set + * current->journal_info. + */ + old_journal_info = current->journal_info; + current->journal_info = NULL; + if (unlikely(is_vm_hugetlb_page(vma))) ret = hugetlb_fault(vma->vm_mm, vma, address, flags); else ret = __handle_mm_fault(vma, address, flags); + current->journal_info = old_journal_info; + if (flags & FAULT_FLAG_USER) { mem_cgroup_oom_disable(); /* -- 2.13.6

7 years, 9 months

4
6
0 0

[Linux-stable-mirror] [PATCH] mac80211: Fix addition of mesh configuration element

by Richard Schütz

From: Ilan peer <ilan.peer(a)intel.com> commit 57629915d568c522ac1422df7bba4bee5b5c7a7c upstream. The code was setting the capabilities byte to zero, after it was already properly set previously. Fix it. The bug was found while debugging hwsim mesh tests failures that happened since the commit mentioned below. Fixes: 76f43b4c0a93 ("mac80211: Remove invalid flag operations in mesh TSF synchronization") Signed-off-by: Ilan Peer <ilan.peer(a)intel.com> Reviewed-by: Masashi Honma <masashi.honma(a)gmail.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Richard Schütz <rschuetz(a)uni-koblenz.de> --- net/mac80211/mesh.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index cc2a63bd233f..9c23172feba0 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -279,8 +279,6 @@ int mesh_add_meshconf_ie(struct ieee80211_sub_if_data *sdata, /* Mesh PS mode. See IEEE802.11-2012 8.4.2.100.8 */ *pos |= ifmsh->ps_peers_deep_sleep ? IEEE80211_MESHCONF_CAPAB_POWER_SAVE_LEVEL : 0x00; - *pos++ = 0x00; - return 0; } -- 2.15.1

7 years, 9 months

2
1
0 0

[Linux-stable-mirror] [PATCH] gpio: fix "gpio-line-names" property retrieval

by Christophe Leroy

Following commit 9427ecbed46cc ("gpio: Rework of_gpiochip_set_names() to use device property accessors"), "gpio-line-names" DT property is not retrieved anymore when chip->parent is not set by the driver. This patch fixes that. Fixes: 9427ecbed46cc ("gpio: Rework of_gpiochip_set_names() to use device property accessors") Cc: stable(a)vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- drivers/gpio/gpiolib-devprop.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpio/gpiolib-devprop.c b/drivers/gpio/gpiolib-devprop.c index 27f383bda7d9..310dbc451a85 100644 --- a/drivers/gpio/gpiolib-devprop.c +++ b/drivers/gpio/gpiolib-devprop.c @@ -30,20 +30,24 @@ void devprop_gpiochip_set_names(struct gpio_chip *chip) struct gpio_device *gdev = chip->gpiodev; const char **names; int ret, i; + struct device *dev; - if (!chip->parent) { + if (chip->parent) { + dev = chip->parent; + } else if (gdev->dev.of_node) { + dev = &gdev->dev; + } else { dev_warn(&gdev->dev, "GPIO chip parent is NULL\n"); return; } - ret = device_property_read_string_array(chip->parent, "gpio-line-names", + ret = device_property_read_string_array(dev, "gpio-line-names", NULL, 0); if (ret < 0) return; if (ret != gdev->ngpio) { - dev_warn(chip->parent, - "names %d do not match number of GPIOs %d\n", ret, + dev_warn(dev, "names %d do not match number of GPIOs %d\n", ret, gdev->ngpio); return; } @@ -52,10 +56,10 @@ void devprop_gpiochip_set_names(struct gpio_chip *chip) if (!names) return; - ret = device_property_read_string_array(chip->parent, "gpio-line-names", + ret = device_property_read_string_array(dev, "gpio-line-names", names, gdev->ngpio); if (ret < 0) { - dev_warn(chip->parent, "failed to read GPIO line names\n"); + dev_warn(dev, "failed to read GPIO line names\n"); kfree(names); return; } -- 2.13.3

7 years, 9 months

2
1
0 0

[Linux-stable-mirror] [PATCH] mmc: renesas_sdhi: Add MODULE_LICENSE

by Yoshihiro Shimoda

From: Masaharu Hayakawa <masaharu.hayakawa.ry(a)renesas.com> The following error occurs when loading renesas_sdhi_core.c module, so add MODULE_LICENSE("GPL v2"). renesas_sdhi_core: module license 'unspecified' taints kernel. Signed-off-by: Masaharu Hayakawa <masaharu.hayakawa.ry(a)renesas.com> Fixes: 9d08428afb72 ("mmc: renesas-sdhi: make renesas_sdhi_sys_dmac main module file") Cc: <stable(a)vger.kernel.org> # v4.13+ [Shimoda: Added Fixes tag and Cc to the stable ML] Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> --- drivers/mmc/host/renesas_sdhi_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/mmc/host/renesas_sdhi_core.c b/drivers/mmc/host/renesas_sdhi_core.c index fcf7235..157e1d9 100644 --- a/drivers/mmc/host/renesas_sdhi_core.c +++ b/drivers/mmc/host/renesas_sdhi_core.c @@ -24,6 +24,7 @@ #include <linux/kernel.h> #include <linux/clk.h> #include <linux/slab.h> +#include <linux/module.h> #include <linux/of_device.h> #include <linux/platform_device.h> #include <linux/mmc/host.h> @@ -667,3 +668,5 @@ int renesas_sdhi_remove(struct platform_device *pdev) return 0; } EXPORT_SYMBOL_GPL(renesas_sdhi_remove); + +MODULE_LICENSE("GPL v2"); -- 1.9.1

7 years, 9 months

3
2
0 0

[Linux-stable-mirror] Patch "media: dvb-core: always call invoke_release() in fe_free()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: dvb-core: always call invoke_release() in fe_free() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-dvb-core-always-call-invoke_release-in-fe_free.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 62229de19ff2b7f3e0ebf4d48ad99061127d0281 Mon Sep 17 00:00:00 2001 From: Daniel Scheller <d.scheller(a)gmx.net> Date: Sun, 29 Oct 2017 11:43:22 -0400 Subject: media: dvb-core: always call invoke_release() in fe_free() From: Daniel Scheller <d.scheller(a)gmx.net> commit 62229de19ff2b7f3e0ebf4d48ad99061127d0281 upstream. Follow-up to: ead666000a5f ("media: dvb_frontend: only use kref after initialized") The aforementioned commit fixed refcount OOPSes when demod driver attaching succeeded but tuner driver didn't. However, the use count of the attached demod drivers don't go back to zero and thus couldn't be cleanly unloaded. Improve on this by calling dvb_frontend_invoke_release() in __dvb_frontend_free() regardless of fepriv being NULL, instead of returning when fepriv is NULL. This is safe to do since _invoke_release() will check for passed pointers being valid before calling the .release() function. [mchehab(a)s-opensource.com: changed the logic a little bit to reduce conflicts with another bug fix patch under review] Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized") Signed-off-by: Daniel Scheller <d.scheller(a)gmx.net> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/dvb-core/dvb_frontend.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/media/dvb-core/dvb_frontend.c +++ b/drivers/media/dvb-core/dvb_frontend.c @@ -145,13 +145,14 @@ static void __dvb_frontend_free(struct d { struct dvb_frontend_private *fepriv = fe->frontend_priv; - if (!fepriv) - return; - - dvb_free_device(fepriv->dvbdev); + if (fepriv) + dvb_free_device(fepriv->dvbdev); dvb_frontend_invoke_release(fe, fe->ops.release); + if (!fepriv) + return; + kfree(fepriv); fe->frontend_priv = NULL; } Patches currently in stable-queue which might be from d.scheller(a)gmx.net are queue-4.14/media-dvb-core-always-call-invoke_release-in-fe_free.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "dvb_frontend: don't use-after-free the frontend struct" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dvb_frontend: don't use-after-free the frontend struct to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dvb_frontend-don-t-use-after-free-the-frontend-struct.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b1cb7372fa822af6c06c8045963571d13ad6348b Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Date: Tue, 7 Nov 2017 08:39:39 -0500 Subject: dvb_frontend: don't use-after-free the frontend struct From: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> commit b1cb7372fa822af6c06c8045963571d13ad6348b upstream. dvb_frontend_invoke_release() may free the frontend struct. So, the free logic can't update it anymore after calling it. That's OK, as __dvb_frontend_free() is called only when the krefs are zeroed, so nobody is using it anymore. That should fix the following KASAN error: The KASAN report looks like this (running on kernel 3e0cc09a3a2c40ec1ffb6b4e12da86e98feccb11 (4.14-rc5+)): ================================================================== BUG: KASAN: use-after-free in __dvb_frontend_free+0x113/0x120 Write of size 8 at addr ffff880067d45a00 by task kworker/0:1/24 CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.0-rc5-43687-g06ab8a23e0e6 #545 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:16 dump_stack+0x292/0x395 lib/dump_stack.c:52 print_address_description+0x78/0x280 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 kasan_report+0x23d/0x350 mm/kasan/report.c:409 __asan_report_store8_noabort+0x1c/0x20 mm/kasan/report.c:435 __dvb_frontend_free+0x113/0x120 drivers/media/dvb-core/dvb_frontend.c:156 dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176 dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803 dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340 dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116 dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132 dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295 usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423 __device_release_driver drivers/base/dd.c:861 device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893 device_release_driver+0x1e/0x30 drivers/base/dd.c:918 bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565 device_del+0x5c4/0xab0 drivers/base/core.c:1985 usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170 usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124 hub_port_connect drivers/usb/core/hub.c:4754 hub_port_connect_change drivers/usb/core/hub.c:5009 port_event drivers/usb/core/hub.c:5115 hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195 process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119 worker_thread+0x221/0x1850 kernel/workqueue.c:2253 kthread+0x363/0x440 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 Allocated by task 24: save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551 kmem_cache_alloc_trace+0x11e/0x2d0 mm/slub.c:2772 kmalloc ./include/linux/slab.h:493 kzalloc ./include/linux/slab.h:666 dtt200u_fe_attach+0x4c/0x110 drivers/media/usb/dvb-usb/dtt200u-fe.c:212 dtt200u_frontend_attach+0x35/0x80 drivers/media/usb/dvb-usb/dtt200u.c:136 dvb_usb_adapter_frontend_init+0x32b/0x660 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:286 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:86 dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:162 dvb_usb_device_init+0xf73/0x17f0 drivers/media/usb/dvb-usb/dvb-usb-init.c:277 dtt200u_usb_probe+0xa1/0xe0 drivers/media/usb/dvb-usb/dtt200u.c:155 usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361 really_probe drivers/base/dd.c:413 driver_probe_device+0x610/0xa00 drivers/base/dd.c:557 __device_attach_driver+0x230/0x290 drivers/base/dd.c:653 bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463 __device_attach+0x26b/0x3c0 drivers/base/dd.c:710 device_initial_probe+0x1f/0x30 drivers/base/dd.c:757 bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523 device_add+0xd0b/0x1660 drivers/base/core.c:1835 usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932 generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174 usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266 really_probe drivers/base/dd.c:413 driver_probe_device+0x610/0xa00 drivers/base/dd.c:557 __device_attach_driver+0x230/0x290 drivers/base/dd.c:653 bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463 __device_attach+0x26b/0x3c0 drivers/base/dd.c:710 device_initial_probe+0x1f/0x30 drivers/base/dd.c:757 bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523 device_add+0xd0b/0x1660 drivers/base/core.c:1835 usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457 hub_port_connect drivers/usb/core/hub.c:4903 hub_port_connect_change drivers/usb/core/hub.c:5009 port_event drivers/usb/core/hub.c:5115 hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195 process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119 worker_thread+0x221/0x1850 kernel/workqueue.c:2253 kthread+0x363/0x440 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 Freed by task 24: save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 kasan_slab_free+0x72/0xc0 mm/kasan/kasan.c:524 slab_free_hook mm/slub.c:1390 slab_free_freelist_hook mm/slub.c:1412 slab_free mm/slub.c:2988 kfree+0xf6/0x2f0 mm/slub.c:3919 dtt200u_fe_release+0x3c/0x50 drivers/media/usb/dvb-usb/dtt200u-fe.c:202 dvb_frontend_invoke_release.part.13+0x1c/0x30 drivers/media/dvb-core/dvb_frontend.c:2790 dvb_frontend_invoke_release drivers/media/dvb-core/dvb_frontend.c:2789 __dvb_frontend_free+0xad/0x120 drivers/media/dvb-core/dvb_frontend.c:153 dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176 dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803 dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340 dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116 dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132 dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295 usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423 __device_release_driver drivers/base/dd.c:861 device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893 device_release_driver+0x1e/0x30 drivers/base/dd.c:918 bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565 device_del+0x5c4/0xab0 drivers/base/core.c:1985 usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170 usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124 hub_port_connect drivers/usb/core/hub.c:4754 hub_port_connect_change drivers/usb/core/hub.c:5009 port_event drivers/usb/core/hub.c:5115 hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195 process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119 worker_thread+0x221/0x1850 kernel/workqueue.c:2253 kthread+0x363/0x440 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 The buggy address belongs to the object at ffff880067d45500 which belongs to the cache kmalloc-2048 of size 2048 The buggy address is located 1280 bytes inside of 2048-byte region [ffff880067d45500, ffff880067d45d00) The buggy address belongs to the page: page:ffffea00019f5000 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 flags: 0x100000000008100(slab|head) raw: 0100000000008100 0000000000000000 0000000000000000 00000001000f000f raw: dead000000000100 dead000000000200 ffff88006c002d80 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880067d45900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880067d45980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880067d45a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880067d45a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880067d45b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized") Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Suggested-by: Matthias Schwarzott <zzam(a)gentoo.org> Tested-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Cc: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/dvb-core/dvb_frontend.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) --- a/drivers/media/dvb-core/dvb_frontend.c +++ b/drivers/media/dvb-core/dvb_frontend.c @@ -150,11 +150,8 @@ static void __dvb_frontend_free(struct d dvb_frontend_invoke_release(fe, fe->ops.release); - if (!fepriv) - return; - - kfree(fepriv); - fe->frontend_priv = NULL; + if (fepriv) + kfree(fepriv); } static void dvb_frontend_free(struct kref *ref) Patches currently in stable-queue which might be from mchehab(a)s-opensource.com are queue-4.14/media-dvb-core-always-call-invoke_release-in-fe_free.patch queue-4.14/dvb_frontend-don-t-use-after-free-the-frontend-struct.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Stable patches for v4.14:dvb_frontend

by Guenter Roeck

Hi Greg, please apply the following two patches to v4.14-stable. 62229de19ff2 media: dvb-core: always call invoke_release() in fe_free() b1cb7372fa82 dvb_frontend: don't use-after-free the frontend struct The first patch fixes a bug and avoids a conflict when applying the second patch, and the second patch fixes CVE-2017-16648. My apologies for the noise if the patches are already queued. Thanks, Guenter

7 years, 9 months

2
1
0 0

[Linux-stable-mirror] Patch "x86/intel_rdt: Fix potential deadlock during resctrl unmount" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/intel_rdt: Fix potential deadlock during resctrl unmount to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Reinette Chatre <reinette.chatre(a)intel.com> Date: Fri, 20 Oct 2017 02:16:58 -0700 Subject: x86/intel_rdt: Fix potential deadlock during resctrl unmount From: Reinette Chatre <reinette.chatre(a)intel.com> [ Upstream commit 36b6f9fcb8928c06b6638a4cf91bc9d69bb49aa2 ] Lockdep warns about a potential deadlock: [ 66.782842] ====================================================== [ 66.782888] WARNING: possible circular locking dependency detected [ 66.782937] 4.14.0-rc2-test-test+ #48 Not tainted [ 66.782983] ------------------------------------------------------ [ 66.783052] umount/336 is trying to acquire lock: [ 66.783117] (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffff81032395>] rdt_kill_sb+0x215/0x390 [ 66.783193] but task is already holding lock: [ 66.783244] (rdtgroup_mutex){+.+.}, at: [<ffffffff810321b6>] rdt_kill_sb+0x36/0x390 [ 66.783305] which lock already depends on the new lock. [ 66.783364] the existing dependency chain (in reverse order) is: [ 66.783419] -> #3 (rdtgroup_mutex){+.+.}: [ 66.783467] __lock_acquire+0x1293/0x13f0 [ 66.783509] lock_acquire+0xaf/0x220 [ 66.783543] __mutex_lock+0x71/0x9b0 [ 66.783575] mutex_lock_nested+0x1b/0x20 [ 66.783610] intel_rdt_online_cpu+0x3b/0x430 [ 66.783649] cpuhp_invoke_callback+0xab/0x8e0 [ 66.783687] cpuhp_thread_fun+0x7a/0x150 [ 66.783722] smpboot_thread_fn+0x1cc/0x270 [ 66.783764] kthread+0x16e/0x190 [ 66.783794] ret_from_fork+0x27/0x40 [ 66.783825] -> #2 (cpuhp_state){+.+.}: [ 66.783870] __lock_acquire+0x1293/0x13f0 [ 66.783906] lock_acquire+0xaf/0x220 [ 66.783938] cpuhp_issue_call+0x102/0x170 [ 66.783974] __cpuhp_setup_state_cpuslocked+0x154/0x2a0 [ 66.784023] __cpuhp_setup_state+0xc7/0x170 [ 66.784061] page_writeback_init+0x43/0x67 [ 66.784097] pagecache_init+0x43/0x4a [ 66.784131] start_kernel+0x3ad/0x3f7 [ 66.784165] x86_64_start_reservations+0x2a/0x2c [ 66.784204] x86_64_start_kernel+0x72/0x75 [ 66.784241] verify_cpu+0x0/0xfb [ 66.784270] -> #1 (cpuhp_state_mutex){+.+.}: [ 66.784319] __lock_acquire+0x1293/0x13f0 [ 66.784355] lock_acquire+0xaf/0x220 [ 66.784387] __mutex_lock+0x71/0x9b0 [ 66.784419] mutex_lock_nested+0x1b/0x20 [ 66.784454] __cpuhp_setup_state_cpuslocked+0x52/0x2a0 [ 66.784497] __cpuhp_setup_state+0xc7/0x170 [ 66.784535] page_alloc_init+0x28/0x30 [ 66.784569] start_kernel+0x148/0x3f7 [ 66.784602] x86_64_start_reservations+0x2a/0x2c [ 66.784642] x86_64_start_kernel+0x72/0x75 [ 66.784678] verify_cpu+0x0/0xfb [ 66.784707] -> #0 (cpu_hotplug_lock.rw_sem){++++}: [ 66.784759] check_prev_add+0x32f/0x6e0 [ 66.784794] __lock_acquire+0x1293/0x13f0 [ 66.784830] lock_acquire+0xaf/0x220 [ 66.784863] cpus_read_lock+0x3d/0xb0 [ 66.784896] rdt_kill_sb+0x215/0x390 [ 66.784930] deactivate_locked_super+0x3e/0x70 [ 66.784968] deactivate_super+0x40/0x60 [ 66.785003] cleanup_mnt+0x3f/0x80 [ 66.785034] __cleanup_mnt+0x12/0x20 [ 66.785070] task_work_run+0x8b/0xc0 [ 66.785103] exit_to_usermode_loop+0x94/0xa0 [ 66.786804] syscall_return_slowpath+0xe8/0x150 [ 66.788502] entry_SYSCALL_64_fastpath+0xab/0xad [ 66.790194] other info that might help us debug this: [ 66.795139] Chain exists of: cpu_hotplug_lock.rw_sem --> cpuhp_state --> rdtgroup_mutex [ 66.800035] Possible unsafe locking scenario: [ 66.803267] CPU0 CPU1 [ 66.804867] ---- ---- [ 66.806443] lock(rdtgroup_mutex); [ 66.808002] lock(cpuhp_state); [ 66.809565] lock(rdtgroup_mutex); [ 66.811110] lock(cpu_hotplug_lock.rw_sem); [ 66.812608] *** DEADLOCK *** [ 66.816983] 2 locks held by umount/336: [ 66.818418] #0: (&type->s_umount_key#35){+.+.}, at: [<ffffffff81229738>] deactivate_super+0x38/0x60 [ 66.819922] #1: (rdtgroup_mutex){+.+.}, at: [<ffffffff810321b6>] rdt_kill_sb+0x36/0x390 When the resctrl filesystem is unmounted the locks should be obtain in the locks in the same order as was done when the cpus came online: cpu_hotplug_lock before rdtgroup_mutex. This also requires to switch the static_branch_disable() calls to the _cpulocked variant because now cpu hotplug lock is held already. [ tglx: Switched to cpus_read_[un]lock ] Signed-off-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Sai Praneeth Prakhya <sai.praneeth.prakhya(a)intel.com> Acked-by: Vikas Shivappa <vikas.shivappa(a)linux.intel.com> Acked-by: Fenghua Yu <fenghua.yu(a)intel.com> Acked-by: Tony Luck <tony.luck(a)intel.com> Link: https://lkml.kernel.org/r/cc292e76be073f7260604651711c47b09fd0dc81.15084901… Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c +++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c @@ -1297,9 +1297,7 @@ static void rmdir_all_sub(void) kfree(rdtgrp); } /* Notify online CPUs to update per cpu storage and PQR_ASSOC MSR */ - get_online_cpus(); update_closid_rmid(cpu_online_mask, &rdtgroup_default); - put_online_cpus(); kernfs_remove(kn_info); kernfs_remove(kn_mongrp); @@ -1310,6 +1308,7 @@ static void rdt_kill_sb(struct super_blo { struct rdt_resource *r; + cpus_read_lock(); mutex_lock(&rdtgroup_mutex); /*Put everything back to default values. */ @@ -1317,11 +1316,12 @@ static void rdt_kill_sb(struct super_blo reset_all_ctrls(r); cdp_disable(); rmdir_all_sub(); - static_branch_disable(&rdt_alloc_enable_key); - static_branch_disable(&rdt_mon_enable_key); - static_branch_disable(&rdt_enable_key); + static_branch_disable_cpuslocked(&rdt_alloc_enable_key); + static_branch_disable_cpuslocked(&rdt_mon_enable_key); + static_branch_disable_cpuslocked(&rdt_enable_key); kernfs_kill_sb(sb); mutex_unlock(&rdtgroup_mutex); + cpus_read_unlock(); } static struct file_system_type rdt_fs_type = { Patches currently in stable-queue which might be from reinette.chatre(a)intel.com are queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "RDMA/cxgb4: Annotate r2 and stag as __be32" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled RDMA/cxgb4: Annotate r2 and stag as __be32 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Leon Romanovsky <leon(a)kernel.org> Date: Wed, 25 Oct 2017 23:10:19 +0300 Subject: RDMA/cxgb4: Annotate r2 and stag as __be32 From: Leon Romanovsky <leon(a)kernel.org> [ Upstream commit 7d7d065a5eec7e218174d5c64a9f53f99ffdb119 ] Chelsio cxgb4 HW is big-endian, hence there is need to properly annotate r2 and stag fields as __be32 and not __u32 to fix the following sparse warnings. drivers/infiniband/hw/cxgb4/qp.c:614:16: warning: incorrect type in assignment (different base types) expected unsigned int [unsigned] [usertype] r2 got restricted __be32 [usertype] <noident> drivers/infiniband/hw/cxgb4/qp.c:615:18: warning: incorrect type in assignment (different base types) expected unsigned int [unsigned] [usertype] stag got restricted __be32 [usertype] <noident> Cc: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Reviewed-by: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/infiniband/hw/cxgb4/t4fw_ri_api.h +++ b/drivers/infiniband/hw/cxgb4/t4fw_ri_api.h @@ -675,8 +675,8 @@ struct fw_ri_fr_nsmr_tpte_wr { __u16 wrid; __u8 r1[3]; __u8 len16; - __u32 r2; - __u32 stag; + __be32 r2; + __be32 stag; struct fw_ri_tpte tpte; __u64 pbl[2]; }; Patches currently in stable-queue which might be from leon(a)kernel.org are queue-4.14/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "nvmet-rdma: update queue list during ib_device removal" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nvmet-rdma: update queue list during ib_device removal to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nvmet-rdma-update-queue-list-during-ib_device-removal.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Israel Rukshin <israelr(a)mellanox.com> Date: Sun, 5 Nov 2017 08:43:01 +0000 Subject: nvmet-rdma: update queue list during ib_device removal From: Israel Rukshin <israelr(a)mellanox.com> [ Upstream commit 43b92fd27aaef0f529c9321cfebbaec1d7b8f503 ] A NULL deref happens when nvmet_rdma_remove_one() is called more than once (e.g. while connected via 2 ports). The first call frees the queues related to the first ib_device but doesn't remove them from the queue list. While calling nvmet_rdma_remove_one() for the second ib_device it goes over the full queue list again and we get the NULL deref. Fixes: f1d4ef7d ("nvmet-rdma: register ib_client to not deadlock in device removal") Signed-off-by: Israel Rukshin <israelr(a)mellanox.com> Reviewed-by: Max Gurtovoy <maxg(a)mellanox.com> Reviewed-by: Sagi Grimberg <sagi(a)grmberg.me> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/nvme/target/rdma.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/nvme/target/rdma.c +++ b/drivers/nvme/target/rdma.c @@ -1512,15 +1512,17 @@ static struct nvmet_fabrics_ops nvmet_rd static void nvmet_rdma_remove_one(struct ib_device *ib_device, void *client_data) { - struct nvmet_rdma_queue *queue; + struct nvmet_rdma_queue *queue, *tmp; /* Device is being removed, delete all queues using this device */ mutex_lock(&nvmet_rdma_queue_mutex); - list_for_each_entry(queue, &nvmet_rdma_queue_list, queue_list) { + list_for_each_entry_safe(queue, tmp, &nvmet_rdma_queue_list, + queue_list) { if (queue->dev->device != ib_device) continue; pr_info("Removing queue %d\n", queue->idx); + list_del_init(&queue->queue_list); __nvmet_rdma_queue_disconnect(queue); } mutex_unlock(&nvmet_rdma_queue_mutex); Patches currently in stable-queue which might be from israelr(a)mellanox.com are queue-4.14/nvmet-rdma-update-queue-list-during-ib_device-removal.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "powerpc/powernv/idle: Round up latency and residency values" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/powernv/idle: Round up latency and residency values to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-powernv-idle-round-up-latency-and-residency-values.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Vaidyanathan Srinivasan <svaidy(a)linux.vnet.ibm.com> Date: Thu, 24 Aug 2017 00:28:41 +0530 Subject: powerpc/powernv/idle: Round up latency and residency values From: Vaidyanathan Srinivasan <svaidy(a)linux.vnet.ibm.com> [ Upstream commit 8d4e10e9ed9450e18fbbf6a8872be0eac9fd4999 ] On PowerNV platforms, firmware provides exit latency and target residency for each of the idle states in nano seconds. Cpuidle framework expects the values in micro seconds. Round up to nearest micro seconds to avoid errors in cases where the values are defined as fractional micro seconds. Default idle state of 'snooze' has exit latency of zero. If other states have fractional micro second exit latency, they would get rounded down to zero micro second and make cpuidle framework choose deeper idle state when snooze loop is the right choice. Reported-by: Anton Blanchard <anton(a)samba.org> Signed-off-by: Vaidyanathan Srinivasan <svaidy(a)linux.vnet.ibm.com> Reviewed-by: Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/cpuidle/cpuidle-powernv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/cpuidle/cpuidle-powernv.c +++ b/drivers/cpuidle/cpuidle-powernv.c @@ -384,9 +384,9 @@ static int powernv_add_idle_states(void) * Firmware passes residency and latency values in ns. * cpuidle expects it in us. */ - exit_latency = latency_ns[i] / 1000; + exit_latency = DIV_ROUND_UP(latency_ns[i], 1000); if (!rc) - target_residency = residency_ns[i] / 1000; + target_residency = DIV_ROUND_UP(residency_ns[i], 1000); else target_residency = 0; Patches currently in stable-queue which might be from svaidy(a)linux.vnet.ibm.com are queue-4.14/powerpc-powernv-idle-round-up-latency-and-residency-values.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "kbuild: do not call cc-option before KBUILD_CFLAGS initialization" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kbuild: do not call cc-option before KBUILD_CFLAGS initialization to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Masahiro Yamada <yamada.masahiro(a)socionext.com> Date: Thu, 12 Oct 2017 18:22:25 +0900 Subject: kbuild: do not call cc-option before KBUILD_CFLAGS initialization From: Masahiro Yamada <yamada.masahiro(a)socionext.com> [ Upstream commit 433dc2ebe7d17dd21cba7ad5c362d37323592236 ] Some $(call cc-option,...) are invoked very early, even before KBUILD_CFLAGS, etc. are initialized. The returned string from $(call cc-option,...) depends on KBUILD_CPPFLAGS, KBUILD_CFLAGS, and GCC_PLUGINS_CFLAGS. Since they are exported, they are not empty when the top Makefile is recursively invoked. The recursion occurs in several places. For example, the top Makefile invokes itself for silentoldconfig. "make tinyconfig", "make rpm-pkg" are the cases, too. In those cases, the second call of cc-option from the same line runs a different shell command due to non-pristine KBUILD_CFLAGS. To get the same result all the time, KBUILD_* and GCC_PLUGINS_CFLAGS must be initialized before any call of cc-option. This avoids garbage data in the .cache.mk file. Move all calls of cc-option below the config targets because target compiler flags are unnecessary for Kconfig. Signed-off-by: Masahiro Yamada <yamada.masahiro(a)socionext.com> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Makefile | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) --- a/Makefile +++ b/Makefile @@ -373,9 +373,6 @@ LDFLAGS_MODULE = CFLAGS_KERNEL = AFLAGS_KERNEL = LDFLAGS_vmlinux = -CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) -CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) - # Use USERINCLUDE when you must reference the UAPI directories only. USERINCLUDE := \ @@ -394,21 +391,19 @@ LINUXINCLUDE := \ -I$(objtree)/include \ $(USERINCLUDE) -KBUILD_CPPFLAGS := -D__KERNEL__ - +KBUILD_AFLAGS := -D__ASSEMBLY__ KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ -fno-strict-aliasing -fno-common -fshort-wchar \ -Werror-implicit-function-declaration \ -Wno-format-security \ - -std=gnu89 $(call cc-option,-fno-PIE) - - + -std=gnu89 +KBUILD_CPPFLAGS := -D__KERNEL__ KBUILD_AFLAGS_KERNEL := KBUILD_CFLAGS_KERNEL := -KBUILD_AFLAGS := -D__ASSEMBLY__ $(call cc-option,-fno-PIE) KBUILD_AFLAGS_MODULE := -DMODULE KBUILD_CFLAGS_MODULE := -DMODULE KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds +GCC_PLUGINS_CFLAGS := # Read KERNELRELEASE from include/config/kernel.release (if it exists) KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) @@ -421,7 +416,7 @@ export MAKE AWK GENKSYMS INSTALLKERNEL P export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS -export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KCOV CFLAGS_KASAN CFLAGS_UBSAN +export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_KASAN CFLAGS_UBSAN export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL @@ -622,6 +617,12 @@ endif # Defaults to vmlinux, but the arch makefile usually adds further targets all: vmlinux +KBUILD_CFLAGS += $(call cc-option,-fno-PIE) +KBUILD_AFLAGS += $(call cc-option,-fno-PIE) +CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) +CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) +export CFLAGS_GCOV CFLAGS_KCOV + # The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default # values of the respective KBUILD_* variables ARCH_CPPFLAGS := Patches currently in stable-queue which might be from yamada.masahiro(a)socionext.com are queue-4.14/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "md: free unused memory after bitmap resize" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled md: free unused memory after bitmap resize to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: md-free-unused-memory-after-bitmap-resize.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Zdenek Kabelac <zkabelac(a)redhat.com> Date: Wed, 8 Nov 2017 13:44:56 +0100 Subject: md: free unused memory after bitmap resize From: Zdenek Kabelac <zkabelac(a)redhat.com> [ Upstream commit 0868b99c214a3d55486c700de7c3f770b7243e7c ] When bitmap is resized, the old kalloced chunks just are not released once the resized bitmap starts to use new space. This fixes in particular kmemleak reports like this one: unreferenced object 0xffff8f4311e9c000 (size 4096): comm "lvm", pid 19333, jiffies 4295263268 (age 528.265s) hex dump (first 32 bytes): 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ backtrace: [<ffffffffa69471ca>] kmemleak_alloc+0x4a/0xa0 [<ffffffffa628c10e>] kmem_cache_alloc_trace+0x14e/0x2e0 [<ffffffffa676cfec>] bitmap_checkpage+0x7c/0x110 [<ffffffffa676d0c5>] bitmap_get_counter+0x45/0xd0 [<ffffffffa676d6b3>] bitmap_set_memory_bits+0x43/0xe0 [<ffffffffa676e41c>] bitmap_init_from_disk+0x23c/0x530 [<ffffffffa676f1ae>] bitmap_load+0xbe/0x160 [<ffffffffc04c47d3>] raid_preresume+0x203/0x2f0 [dm_raid] [<ffffffffa677762f>] dm_table_resume_targets+0x4f/0xe0 [<ffffffffa6774b52>] dm_resume+0x122/0x140 [<ffffffffa6779b9f>] dev_suspend+0x18f/0x290 [<ffffffffa677a3a7>] ctl_ioctl+0x287/0x560 [<ffffffffa677a693>] dm_ctl_ioctl+0x13/0x20 [<ffffffffa62d6b46>] do_vfs_ioctl+0xa6/0x750 [<ffffffffa62d7269>] SyS_ioctl+0x79/0x90 [<ffffffffa6956d41>] entry_SYSCALL_64_fastpath+0x1f/0xc2 Signed-off-by: Zdenek Kabelac <zkabelac(a)redhat.com> Signed-off-by: Shaohua Li <shli(a)fb.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/md/bitmap.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c @@ -2158,6 +2158,7 @@ int bitmap_resize(struct bitmap *bitmap, for (k = 0; k < page; k++) { kfree(new_bp[k].map); } + kfree(new_bp); /* restore some fields from old_counts */ bitmap->counts.bp = old_counts.bp; @@ -2208,6 +2209,14 @@ int bitmap_resize(struct bitmap *bitmap, block += old_blocks; } + if (bitmap->counts.bp != old_counts.bp) { + unsigned long k; + for (k = 0; k < old_counts.pages; k++) + if (!old_counts.bp[k].hijacked) + kfree(old_counts.bp[k].map); + kfree(old_counts.bp); + } + if (!init) { int i; while (block < (chunks << chunkshift)) { Patches currently in stable-queue which might be from zkabelac(a)redhat.com are queue-4.14/md-free-unused-memory-after-bitmap-resize.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "ipvlan: fix ipv6 outbound device" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipvlan: fix ipv6 outbound device to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipvlan-fix-ipv6-outbound-device.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Keefe Liu <liuqifa(a)huawei.com> Date: Thu, 9 Nov 2017 20:09:31 +0800 Subject: ipvlan: fix ipv6 outbound device From: Keefe Liu <liuqifa(a)huawei.com> [ Upstream commit ca29fd7cce5a6444d57fb86517589a1a31c759e1 ] When process the outbound packet of ipv6, we should assign the master device to output device other than input device. Signed-off-by: Keefe Liu <liuqifa(a)huawei.com> Acked-by: Mahesh Bandewar <maheshb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ipvlan/ipvlan_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ipvlan/ipvlan_core.c +++ b/drivers/net/ipvlan/ipvlan_core.c @@ -409,7 +409,7 @@ static int ipvlan_process_v6_outbound(st struct dst_entry *dst; int err, ret = NET_XMIT_DROP; struct flowi6 fl6 = { - .flowi6_iif = dev->ifindex, + .flowi6_oif = dev->ifindex, .daddr = ip6h->daddr, .saddr = ip6h->saddr, .flowi6_flags = FLOWI_FLAG_ANYSRC, Patches currently in stable-queue which might be from liuqifa(a)huawei.com are queue-4.14/ipvlan-fix-ipv6-outbound-device.patch

7 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "dm raid: fix panic when attempting to force a raid to sync" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dm raid: fix panic when attempting to force a raid to sync to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Heinz Mauelshagen <heinzm(a)redhat.com> Date: Thu, 2 Nov 2017 19:58:28 +0100 Subject: dm raid: fix panic when attempting to force a raid to sync From: Heinz Mauelshagen <heinzm(a)redhat.com> [ Upstream commit 233978449074ca7e45d9c959f9ec612d1b852893 ] Requesting a sync on an active raid device via a table reload (see 'sync' parameter in Documentation/device-mapper/dm-raid.txt) skips the super_load() call that defines the superblock size (rdev->sb_size) -- resulting in an oops if/when super_sync()->memset() is called. Fix by moving the initialization of the superblock start and size out of super_load() to the caller (analyse_superblocks). Signed-off-by: Heinz Mauelshagen <heinzm(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/md/dm-raid.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) --- a/drivers/md/dm-raid.c +++ b/drivers/md/dm-raid.c @@ -2143,13 +2143,6 @@ static int super_load(struct md_rdev *rd struct dm_raid_superblock *refsb; uint64_t events_sb, events_refsb; - rdev->sb_start = 0; - rdev->sb_size = bdev_logical_block_size(rdev->meta_bdev); - if (rdev->sb_size < sizeof(*sb) || rdev->sb_size > PAGE_SIZE) { - DMERR("superblock size of a logical block is no longer valid"); - return -EINVAL; - } - r = read_disk_sb(rdev, rdev->sb_size, false); if (r) return r; @@ -2494,6 +2487,17 @@ static int analyse_superblocks(struct dm if (test_bit(Journal, &rdev->flags)) continue; + if (!rdev->meta_bdev) + continue; + + /* Set superblock offset/size for metadata device. */ + rdev->sb_start = 0; + rdev->sb_size = bdev_logical_block_size(rdev->meta_bdev); + if (rdev->sb_size < sizeof(struct dm_raid_superblock) || rdev->sb_size > PAGE_SIZE) { + DMERR("superblock size of a logical block is no longer valid"); + return -EINVAL; + } + /* * Skipping super_load due to CTR_FLAG_SYNC will cause * the array to undergo initialization again as @@ -2506,9 +2510,6 @@ static int analyse_superblocks(struct dm if (test_bit(__CTR_FLAG_SYNC, &rs->ctr_flags)) continue; - if (!rdev->meta_bdev) - continue; - r = super_load(rdev, freshest); switch (r) { Patches currently in stable-queue which might be from heinzm(a)redhat.com are queue-4.14/dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch

7 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror