- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "mac80211: prevent skb/txq mismatch" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211: prevent skb/txq mismatch to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211-prevent-skb-txq-mismatch.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Michal Kazior <michal.kazior(a)tieto.com> Date: Fri, 13 Jan 2017 13:32:51 +0100 Subject: mac80211: prevent skb/txq mismatch From: Michal Kazior <michal.kazior(a)tieto.com> [ Upstream commit dbef53621116474bb883f76f0ba6b7640bc42332 ] Station structure is considered as not uploaded (to driver) until drv_sta_state() finishes. This call is however done after the structure is attached to mac80211 internal lists and hashes. This means mac80211 can lookup (and use) station structure before it is uploaded to a driver. If this happens (structure exists, but sta->uploaded is false) fast_tx path can still be taken. Deep in the fastpath call the sta->uploaded is checked against to derive "pubsta" argument for ieee80211_get_txq(). If sta->uploaded is false (and sta is actually non-NULL) ieee80211_get_txq() effectively downgraded to vif->txq. At first glance this may look innocent but coerces mac80211 into a state that is almost guaranteed (codel may drop offending skb) to crash because a station-oriented skb gets queued up on vif-oriented txq. The ieee80211_tx_dequeue() ends up looking at info->control.flags and tries to use txq->sta which in the fail case is NULL. It's probably pointless to pretend one can downgrade skb from sta-txq to vif-txq. Since downgrading unicast traffic to vif->txq must not be done there's no txq to put a frame on if sta->uploaded is false. Therefore the code is made to fall back to regular tx() op path if the described condition is hit. Only drivers using wake_tx_queue were affected. Example crash dump before fix: Unable to handle kernel paging request at virtual address ffffe26c PC is at ieee80211_tx_dequeue+0x204/0x690 [mac80211] [<bf4252a4>] (ieee80211_tx_dequeue [mac80211]) from [<bf4b1388>] (ath10k_mac_tx_push_txq+0x54/0x1c0 [ath10k_core]) [<bf4b1388>] (ath10k_mac_tx_push_txq [ath10k_core]) from [<bf4bdfbc>] (ath10k_htt_txrx_compl_task+0xd78/0x11d0 [ath10k_core]) [<bf4bdfbc>] (ath10k_htt_txrx_compl_task [ath10k_core]) [<bf51c5a4>] (ath10k_pci_napi_poll+0x54/0xe8 [ath10k_pci]) [<bf51c5a4>] (ath10k_pci_napi_poll [ath10k_pci]) from [<c0572e90>] (net_rx_action+0xac/0x160) Reported-by: Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> Signed-off-by: Michal Kazior <michal.kazior(a)tieto.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/mac80211/tx.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1244,7 +1244,7 @@ ieee80211_tx_prepare(struct ieee80211_su static struct txq_info *ieee80211_get_txq(struct ieee80211_local *local, struct ieee80211_vif *vif, - struct ieee80211_sta *pubsta, + struct sta_info *sta, struct sk_buff *skb) { struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; @@ -1258,10 +1258,13 @@ static struct txq_info *ieee80211_get_tx if (!ieee80211_is_data(hdr->frame_control)) return NULL; - if (pubsta) { + if (sta) { u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK; - txq = pubsta->txq[tid]; + if (!sta->uploaded) + return NULL; + + txq = sta->sta.txq[tid]; } else if (vif) { txq = vif->txq; } @@ -1499,23 +1502,17 @@ static bool ieee80211_queue_skb(struct i struct fq *fq = &local->fq; struct ieee80211_vif *vif; struct txq_info *txqi; - struct ieee80211_sta *pubsta; if (!local->ops->wake_tx_queue || sdata->vif.type == NL80211_IFTYPE_MONITOR) return false; - if (sta && sta->uploaded) - pubsta = &sta->sta; - else - pubsta = NULL; - if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap); vif = &sdata->vif; - txqi = ieee80211_get_txq(local, vif, pubsta, skb); + txqi = ieee80211_get_txq(local, vif, sta, skb); if (!txqi) return false; Patches currently in stable-queue which might be from michal.kazior(a)tieto.com are queue-4.9/mac80211-prevent-skb-txq-mismatch.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "mac80211: don't try to sleep in rate_control_rate_init()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211: don't try to sleep in rate_control_rate_init() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211-don-t-try-to-sleep-in-rate_control_rate_init.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Johannes Berg <johannes.berg(a)intel.com> Date: Mon, 23 Jan 2017 09:29:09 +0100 Subject: mac80211: don't try to sleep in rate_control_rate_init() From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 115865fa0826ed18ca04717cf72d0fe874c0fe7f ] In my previous patch, I missed that rate_control_rate_init() is called from some places that cannot sleep, so it cannot call ieee80211_recalc_min_chandef(). Remove that call for now to fix the context bug, we'll have to find a different way to fix the minimum channel width issue. Fixes: 96aa2e7cf126 ("mac80211: calculate min channel width correctly") Reported-by: Xiaolong Ye (via lkp-robot) <xiaolong.ye(a)intel.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/mac80211/rate.c | 2 -- 1 file changed, 2 deletions(-) --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -40,8 +40,6 @@ void rate_control_rate_init(struct sta_i ieee80211_sta_set_rx_nss(sta); - ieee80211_recalc_min_chandef(sta->sdata); - if (!ref) return; Patches currently in stable-queue which might be from johannes.berg(a)intel.com are queue-4.9/mac80211-calculate-min-channel-width-correctly.patch queue-4.9/mac80211-prevent-skb-txq-mismatch.patch queue-4.9/mac80211-don-t-try-to-sleep-in-rate_control_rate_init.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "mac80211: calculate min channel width correctly" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211: calculate min channel width correctly to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211-calculate-min-channel-width-correctly.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Johannes Berg <johannes.berg(a)intel.com> Date: Fri, 7 Oct 2016 12:23:49 +0200 Subject: mac80211: calculate min channel width correctly From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 96aa2e7cf126773b16c6c19b7474a8a38d3c707e ] In the current minimum chandef code there's an issue in that the recalculation can happen after rate control is initialized for a station that has a wider bandwidth than the current chanctx, and then rate control can immediately start using those higher rates which could cause problems. Observe that first of all that this problem is because we don't take non-associated and non-uploaded stations into account. The restriction to non-associated is quite pointless and is one of the causes for the problem described above, since the rate init will happen before the station is set to associated; no frames could actually be sent until associated, but the rate table can already contain higher rates and that might cause problems. Also, rejecting non-uploaded stations is wrong, since the rate control can select higher rates for those as well. Secondly, it's then necessary to recalculate the minimal config before initializing rate control, so that when rate control is initialized, the higher rates are already available. This can be done easily by adding the necessary function call in rate init. Change-Id: Ib9bc02d34797078db55459d196993f39dcd43070 Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/mac80211/chan.c | 3 --- net/mac80211/rate.c | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c @@ -231,9 +231,6 @@ ieee80211_get_max_required_bw(struct iee !(sta->sdata->bss && sta->sdata->bss == sdata->bss)) continue; - if (!sta->uploaded || !test_sta_flag(sta, WLAN_STA_ASSOC)) - continue; - max_bw = max(max_bw, ieee80211_get_sta_bw(&sta->sta)); } rcu_read_unlock(); --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -40,6 +40,8 @@ void rate_control_rate_init(struct sta_i ieee80211_sta_set_rx_nss(sta); + ieee80211_recalc_min_chandef(sta->sdata); + if (!ref) return; Patches currently in stable-queue which might be from johannes.berg(a)intel.com are queue-4.9/mac80211-calculate-min-channel-width-correctly.patch queue-4.9/mac80211-prevent-skb-txq-mismatch.patch queue-4.9/mac80211-don-t-try-to-sleep-in-rate_control_rate_init.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "m68k: fix ColdFire node shift size calculation" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled m68k: fix ColdFire node shift size calculation to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: m68k-fix-coldfire-node-shift-size-calculation.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Greg Ungerer <gerg(a)linux-m68k.org> Date: Tue, 5 Sep 2017 22:57:06 +1000 Subject: m68k: fix ColdFire node shift size calculation From: Greg Ungerer <gerg(a)linux-m68k.org> [ Upstream commit f55ab8f27548ff3431a6567d400c6757c49fd520 ] The m68k pg_data_table is a fix size array defined in arch/m68k/mm/init.c. Index numbers within it are defined based on memory size. But for Coldfire these don't take into account a non-zero physical RAM base address, and this causes us to access past the end of this array at system start time. Change the node shift calculation so that we keep the index inside its range. Reported-by: Angelo Dureghello <angelo(a)sysam.it> Tested-by: Angelo Dureghello <angelo(a)sysam.it> Signed-off-by: Greg Ungerer <gerg(a)linux-m68k.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/m68k/mm/mcfmmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/m68k/mm/mcfmmu.c +++ b/arch/m68k/mm/mcfmmu.c @@ -169,7 +169,7 @@ void __init cf_bootmem_alloc(void) max_pfn = max_low_pfn = PFN_DOWN(_ramend); high_memory = (void *)_ramend; - m68k_virt_to_node_shift = fls(_ramend - _rambase - 1) - 6; + m68k_virt_to_node_shift = fls(_ramend - 1) - 6; module_fixup(NULL, __start_fixup, __stop_fixup); /* setup bootmem data */ Patches currently in stable-queue which might be from gerg(a)linux-m68k.org are queue-4.9/m68k-fix-coldfire-node-shift-size-calculation.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.9

by alexander.levin＠verizon.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 8743ce3d7c9698285310920c443c086e337aef44: Linux 4.9.66 (2017-11-30 08:39:15 +0000) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-02122017 for you to fetch changes up to ae0e4a7931bc644a811c3130fd4857fa5c1baffc: net: fec: fix multicast filtering hardware setup (2017-12-02 10:33:44 -0500) - ---------------------------------------------------------------- for-greg-4.9-02122017 - ---------------------------------------------------------------- Aaron Sierra (1): serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X Adam Ford (1): ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate Alexey Kardashevskiy (1): vfio/spapr: Fix missing mutex unlock when creating a window Alexey Khoroshilov (1): usb: phy: tahvo: fix error handling in tahvo_usb_probe() Andreas Schultz (2): gtp: clear DF bit on GTP packet tx gtp: fix cross netns recv on gtp socket Andrzej Hajda (3): drm/exynos/decon5433: update shadow registers iff there are active windows drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement Andy Lutomirski (1): selftests/x86/ldt_get: Add a few additional tests for limits Arnaldo Carvalho de Melo (1): tools include: Do not use poison with C++ Ben Hutchings (1): usbip: tools: Install all headers needed for libusbip development Benjamin Coddington (1): nfs: Don't take a reference on fl->fl_file for LOCK operation Boshi Wang (1): ima: fix hash algorithm initialization Bryan O'Donoghue (1): staging: greybus: loopback: Fix iteration count on async path Christian Borntraeger (1): s390/pci: do not require AIS facility Christoffer Dall (1): KVM: arm/arm64: Fix occasional warning from the timer work function Colin Ian King (2): staging: rtl8188eu: avoid a null dereference on pmlmepriv net: sctp: fix array overrun read on sctp_timer_tbl Dave Hansen (1): x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() David Forster (1): vti6: fix device register to report IFLA_INFO_KIND Eric W. Biederman (1): libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount Florian Fainelli (2): net: systemport: Utilize skb_put_padto() net: systemport: Pad packet before inserting TSB Greg Ungerer (1): m68k: fix ColdFire node shift size calculation Guillaume Nault (1): l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups Gustavo A. R. Silva (1): EDAC, sb_edac: Fix missing break in switch Hans Verkuil (1): [media] cec: initiator should be the same as the destination for, poll Hiromitsu Yamasaki (1): spi: sh-msiof: Fix DMA transfer size check Iago Abal (1): dmaengine: pl330: fix double lock Ivan Vecera (3): be2net: fix accesses to unicast list be2net: fix unicast list filling be2net: fix initial MAC setting Jan Kara (2): dax: Avoid page invalidation races and unnecessary radix tree traversals mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers Jason Baron (1): tcp: correct memory barrier usage in tcp_check_space() Jibin Xu (1): sysrq : fix Show Regs call trace on ARM Jiri Olsa (1): perf/x86/intel: Account interrupts for PEBS errors Johan Hovold (1): spi: spi-axi: fix potential use-after-free after deregistration Johannes Berg (2): mac80211: calculate min channel width correctly mac80211: don't try to sleep in rate_control_rate_init() John Stultz (2): usb: dwc2: Fix UDC state tracking usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode Kazuya Mizuguchi (1): ravb: Remove Rx overflow log messages Kevin Hao (1): x86/fpu: Set the xcomp_bv when we fake up a XSAVES area Ladislav Michl (1): iio: adc: ti-ads1015: add 10% to conversion wait time Lukas Wunner (1): serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() M'boumba Cedric Madianga (2): dmaengine: stm32-dma: Set correct args number for DMA request from DT dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status Mart van Santen (1): xen-netback: vif counters from int/long to u64 Masami Hiramatsu (2): kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y kprobes/x86: Disable preemption in ftrace-based jprobes Michal Hocko (1): mm: fix remote numa hits statistics Michal Kazior (1): mac80211: prevent skb/txq mismatch Mike Looijmans (1): i2c: i2c-cadence: Initialize configuration before probing devices Parthasarathy Bhuvaragan (2): tipc: fix nametbl_lock soft lockup at module exit tipc: fix cleanup at module unload Peter Ujfalusi (1): ARM: OMAP1: DMA: Correct the number of logical channels Quinn Tran (1): qla2xxx: Fix wrong IOCB type assumption Ram Amrani (2): RDMA/qedr: Return success when not changing QP state RDMA/qedr: Fix RDMA CM loopback Rex Zhu (1): drm/amdgpu: fix bug set incorrect value to vce register Reza Arbab (1): powerpc/mm: Fix memory hotplug BUG() on radix Ross Lagerwall (1): xen-netfront: Improve error handling during initialization Rui Sousa (1): net: fec: fix multicast filtering hardware setup Sagi Grimberg (1): nvmet: cancel fatal error and flush async work before free controller Sean Nyekjaer (1): net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause Slava Shwartsman (1): net/mlx4_en: Fix type mismatch for 32-bit systems Stephen Boyd (1): net: qrtr: Mark 'buf' as little endian Subhash Jadavani (1): mmc: sdhci-msm: fix issue with power irq Thomas Richter (1): perf test attr: Fix ignored test case result Trond Myklebust (1): NFSv4: Fix client recovery when server reboots multiple times Varun Prakash (1): libcxgb: fix error check for ip6_route_output() Vincent (1): net: thunderx: avoid dereferencing xcv when NULL Vincent Pelletier (1): usb: gadget: f_fs: Fix ExtCompat descriptor validation Vlad Tsyrklevich (1): net/appletalk: Fix kernel memory disclosure Xiangliang Yu (1): drm/amdgpu: fix unload driver issue for virtual display arch/Kconfig | 2 +- arch/arm/mach-omap1/dma.c | 16 ++++---- arch/arm/mach-omap2/pdata-quirks.c | 2 +- arch/m68k/mm/mcfmmu.c | 2 +- arch/powerpc/include/asm/book3s/64/hash.h | 4 ++ arch/powerpc/mm/hash_utils_64.c | 4 +- arch/powerpc/mm/pgtable-book3s64.c | 18 +++++++++ arch/s390/include/asm/pci_insn.h | 2 +- arch/s390/pci/pci.c | 5 ++- arch/s390/pci/pci_insn.c | 6 ++- arch/x86/events/intel/ds.c | 6 ++- arch/x86/include/asm/syscalls.h | 2 +- arch/x86/kernel/fpu/xstate.c | 1 + arch/x86/kernel/kprobes/ftrace.c | 23 ++++++----- arch/x86/kernel/ldt.c | 16 ++++++-- arch/x86/um/ldt.c | 7 +++- drivers/dma/pl330.c | 19 +++------ drivers/dma/stm32-dma.c | 17 +++----- drivers/edac/sb_edac.c | 1 + drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 5 +-- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 2 +- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 9 +++-- drivers/i2c/busses/i2c-cadence.c | 8 ++-- drivers/iio/adc/ti-ads1015.c | 1 + drivers/infiniband/hw/qedr/qedr_cm.c | 4 +- drivers/infiniband/hw/qedr/verbs.c | 2 +- drivers/mmc/host/sdhci-msm.c | 18 +++++++++ drivers/net/appletalk/ipddp.c | 2 +- drivers/net/ethernet/broadcom/bcmsysport.c | 23 ++++++----- drivers/net/ethernet/cavium/thunder/thunder_xcv.c | 3 +- drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 12 +++--- drivers/net/ethernet/emulex/benet/be_main.c | 45 +++++++++++++++------- drivers/net/ethernet/freescale/fec_main.c | 23 +++++------ drivers/net/ethernet/mellanox/mlx4/en_clock.c | 8 +--- drivers/net/ethernet/renesas/ravb_main.c | 8 +--- drivers/net/gtp.c | 12 +++--- drivers/net/phy/micrel.c | 2 +- drivers/net/xen-netback/common.h | 8 ++-- drivers/net/xen-netback/interface.c | 8 ++-- drivers/net/xen-netfront.c | 29 ++++++-------- drivers/nvme/target/core.c | 3 ++ drivers/scsi/qla2xxx/qla_target.c | 8 +--- drivers/spi/spi-axi-spi-engine.c | 4 +- drivers/spi/spi-sh-msiof.c | 2 +- drivers/staging/greybus/loopback.c | 4 +- drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +- drivers/staging/media/cec/cec-adap.c | 7 ++-- drivers/staging/rtl8188eu/core/rtw_mlme.c | 6 +-- drivers/tty/serial/8250/8250_fintek.c | 2 +- drivers/tty/serial/8250/8250_port.c | 5 ++- drivers/tty/sysrq.c | 9 ++++- drivers/usb/dwc2/gadget.c | 7 ++++ drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/phy/phy-tahvo.c | 3 +- drivers/vfio/vfio_iommu_spapr_tce.c | 11 +++--- fs/dax.c | 28 ++++++-------- fs/libfs.c | 3 +- fs/nfs/nfs4proc.c | 3 -- fs/nfs/nfs4state.c | 1 - include/linux/buffer_head.h | 4 +- include/linux/perf_event.h | 1 + kernel/events/core.c | 47 +++++++++++++++-------- kernel/kprobes.c | 14 ++++--- mm/page_alloc.c | 15 ++------ net/ipv4/tcp_input.c | 2 +- net/ipv6/ip6_vti.c | 2 +- net/l2tp/l2tp_ip.c | 19 +++------ net/l2tp/l2tp_ip6.c | 20 +++------- net/mac80211/chan.c | 3 -- net/mac80211/tx.c | 17 ++++---- net/qrtr/qrtr.c | 4 +- net/sctp/debug.c | 2 +- net/tipc/server.c | 20 +++------- security/integrity/ima/ima_main.c | 4 ++ tools/include/linux/poison.h | 5 +++ tools/perf/tests/attr.c | 2 +- tools/testing/selftests/x86/ldt_gdt.c | 17 +++++++- tools/usb/usbip/Makefile.am | 3 +- virt/kvm/arm/arch_timer.c | 3 -- 79 files changed, 377 insertions(+), 324 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaIsqlAAoJEN6mb/eXdyzcFb8QAIMOrJopr22BXqL/1fjVjtHq JC/CRKAIyjKs7TqGTMdXjmDFwoqEoS5YWcjc+ZpBUMlqfcej5T8Sn6H7Qh6/2pP0 V76CUGiB6XUR0GN3ebkXH/KxTFaSPSELGpadCmTbStoNOZ0lLKnaP+52bHUVdNWs GMFvmXkP60nbkELK0Vg/3ECZT3BaKLBR0QZ2NtRZeL+RJrr1KFxDUwvAwK8W4W49 738AsBtyTASm4deq872vQQ/G0KhLhPgDv1lHKdItbDT0KvLCKLSkE7o1cFPjatht q4D8/BVrGQW5tJOHgojYlgNS9pCSeMQQxdIzkBxyE8RWsDWCobQYGbpLIrc/xYOs ndasfAddw4lq/1gC0wv3tYNwmXwZ5GqWJVzfiIlqNL85gdS/xcRDWDWR2x8o2mbp efadyM+vjDEwWBJUyFCOYg+8ckCOp/4Knxvalt+7we3YzgCShla98K1eqCKsoJ6k HqZ0lA3CeLojI4hM7Mf/4hN27H7Q0sDOdUNHGoEAowdnzZzHGyVIx1EYtoKlMY6k HFWJBFvWtNsFFqxCm9Ral+sHYfOz9CC6+fxUkm+mPxS/9ErdwU1nJv3xaY060JD4 liCxaQkGnDxsoU3eQetZOyTgnj8X6bl8K5/f/X07ijmO0ssUXhLjKw1lZ2xQqiJb Um3apv/8xyVY38vwRV0P =99Jv -----END PGP SIGNATURE-----

7 years, 10 months

2
1
0 0

[Linux-stable-mirror] Patch "libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: libfs-modify-mount_pseudo_xattr-to-be-clear-it-is-not-a-userspace-mount.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: "Eric W. Biederman" <ebiederm(a)xmission.com> Date: Wed, 4 Jan 2017 17:37:27 +1300 Subject: libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount From: "Eric W. Biederman" <ebiederm(a)xmission.com> [ Upstream commit 75422726b0f717d67db3283c2eb5bc14fa2619c5 ] Add MS_KERNMOUNT to the flags that are passed. Use sget_userns and force &init_user_ns instead of calling sget so that even if called from a weird context the internal filesystem will be considered to be in the intial user namespace. Luis Ressel reported that the the failure to pass MS_KERNMOUNT into mount_pseudo broke his in development graphics driver that uses the generic drm infrastructure. I am not certain the deriver was bug free in it's usage of that infrastructure but since mount_pseudo_xattr can never be triggered by userspace it is clearer and less error prone, and less problematic for the code to be explicit. Reported-by: Luis Ressel <aranea(a)aixah.de> Tested-by: Luis Ressel <aranea(a)aixah.de> Acked-by: Al Viro <viro(a)ZenIV.linux.org.uk> Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/libfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/libfs.c +++ b/fs/libfs.c @@ -245,7 +245,8 @@ struct dentry *mount_pseudo_xattr(struct struct inode *root; struct qstr d_name = QSTR_INIT(name, strlen(name)); - s = sget(fs_type, NULL, set_anon_super, MS_NOUSER, NULL); + s = sget_userns(fs_type, NULL, set_anon_super, MS_KERNMOUNT|MS_NOUSER, + &init_user_ns, NULL); if (IS_ERR(s)) return ERR_CAST(s); Patches currently in stable-queue which might be from ebiederm(a)xmission.com are queue-4.9/libfs-modify-mount_pseudo_xattr-to-be-clear-it-is-not-a-userspace-mount.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "libcxgb: fix error check for ip6_route_output()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled libcxgb: fix error check for ip6_route_output() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: libcxgb-fix-error-check-for-ip6_route_output.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Varun Prakash <varun(a)chelsio.com> Date: Tue, 3 Jan 2017 21:25:48 +0530 Subject: libcxgb: fix error check for ip6_route_output() From: Varun Prakash <varun(a)chelsio.com> [ Upstream commit a9a8cdb368d99bb655b5cdabea560446db0527cc ] ip6_route_output() never returns NULL so check dst->error instead of !dst. Signed-off-by: Varun Prakash <varun(a)chelsio.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c +++ b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c @@ -133,17 +133,15 @@ cxgb_find_route6(struct cxgb4_lld_info * if (ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LINKLOCAL) fl6.flowi6_oif = sin6_scope_id; dst = ip6_route_output(&init_net, NULL, &fl6); - if (!dst) - goto out; - if (!cxgb_our_interface(lldi, get_real_dev, - ip6_dst_idev(dst)->dev) && - !(ip6_dst_idev(dst)->dev->flags & IFF_LOOPBACK)) { + if (dst->error || + (!cxgb_our_interface(lldi, get_real_dev, + ip6_dst_idev(dst)->dev) && + !(ip6_dst_idev(dst)->dev->flags & IFF_LOOPBACK))) { dst_release(dst); - dst = NULL; + return NULL; } } -out: return dst; } EXPORT_SYMBOL(cxgb_find_route6); Patches currently in stable-queue which might be from varun(a)chelsio.com are queue-4.9/libcxgb-fix-error-check-for-ip6_route_output.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: l2tp-take-remote-address-into-account-in-l2tp_ip-and-l2tp_ip6-socket-lookups.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Guillaume Nault <g.nault(a)alphalink.fr> Date: Fri, 30 Dec 2016 19:48:20 +0100 Subject: l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups From: Guillaume Nault <g.nault(a)alphalink.fr> [ Upstream commit a9b2dff80be979432484afaf7f8d8e73f9e8838a ] For connected sockets, __l2tp_ip{,6}_bind_lookup() needs to check the remote IP when looking for a matching socket. Otherwise a connected socket can receive traffic not originating from its peer. Drop l2tp_ip_bind_lookup() and l2tp_ip6_bind_lookup() instead of updating their prototype, as these functions aren't used. Signed-off-by: Guillaume Nault <g.nault(a)alphalink.fr> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/l2tp/l2tp_ip.c | 19 ++++++------------- net/l2tp/l2tp_ip6.c | 20 ++++++-------------- 2 files changed, 12 insertions(+), 27 deletions(-) --- a/net/l2tp/l2tp_ip.c +++ b/net/l2tp/l2tp_ip.c @@ -48,7 +48,8 @@ static inline struct l2tp_ip_sock *l2tp_ return (struct l2tp_ip_sock *)sk; } -static struct sock *__l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif, u32 tunnel_id) +static struct sock *__l2tp_ip_bind_lookup(const struct net *net, __be32 laddr, + __be32 raddr, int dif, u32 tunnel_id) { struct sock *sk; @@ -62,6 +63,7 @@ static struct sock *__l2tp_ip_bind_looku if ((l2tp->conn_id == tunnel_id) && net_eq(sock_net(sk), net) && !(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) && + (!inet->inet_daddr || !raddr || inet->inet_daddr == raddr) && (!sk->sk_bound_dev_if || !dif || sk->sk_bound_dev_if == dif)) goto found; @@ -72,15 +74,6 @@ found: return sk; } -static inline struct sock *l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif, u32 tunnel_id) -{ - struct sock *sk = __l2tp_ip_bind_lookup(net, laddr, dif, tunnel_id); - if (sk) - sock_hold(sk); - - return sk; -} - /* When processing receive frames, there are two cases to * consider. Data frames consist of a non-zero session-id and an * optional cookie. Control frames consist of a regular L2TP header @@ -186,8 +179,8 @@ pass_up: struct iphdr *iph = (struct iphdr *) skb_network_header(skb); read_lock_bh(&l2tp_ip_lock); - sk = __l2tp_ip_bind_lookup(net, iph->daddr, inet_iif(skb), - tunnel_id); + sk = __l2tp_ip_bind_lookup(net, iph->daddr, iph->saddr, + inet_iif(skb), tunnel_id); if (!sk) { read_unlock_bh(&l2tp_ip_lock); goto discard; @@ -289,7 +282,7 @@ static int l2tp_ip_bind(struct sock *sk, inet->inet_saddr = 0; /* Use device */ write_lock_bh(&l2tp_ip_lock); - if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, + if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, 0, sk->sk_bound_dev_if, addr->l2tp_conn_id)) { write_unlock_bh(&l2tp_ip_lock); ret = -EADDRINUSE; --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c @@ -59,12 +59,14 @@ static inline struct l2tp_ip6_sock *l2tp static struct sock *__l2tp_ip6_bind_lookup(struct net *net, struct in6_addr *laddr, + const struct in6_addr *raddr, int dif, u32 tunnel_id) { struct sock *sk; sk_for_each_bound(sk, &l2tp_ip6_bind_table) { const struct in6_addr *sk_laddr = inet6_rcv_saddr(sk); + const struct in6_addr *sk_raddr = &sk->sk_v6_daddr; struct l2tp_ip6_sock *l2tp = l2tp_ip6_sk(sk); if (l2tp == NULL) @@ -73,6 +75,7 @@ static struct sock *__l2tp_ip6_bind_look if ((l2tp->conn_id == tunnel_id) && net_eq(sock_net(sk), net) && (!sk_laddr || ipv6_addr_any(sk_laddr) || ipv6_addr_equal(sk_laddr, laddr)) && + (!raddr || ipv6_addr_any(sk_raddr) || ipv6_addr_equal(sk_raddr, raddr)) && (!sk->sk_bound_dev_if || !dif || sk->sk_bound_dev_if == dif)) goto found; @@ -83,17 +86,6 @@ found: return sk; } -static inline struct sock *l2tp_ip6_bind_lookup(struct net *net, - struct in6_addr *laddr, - int dif, u32 tunnel_id) -{ - struct sock *sk = __l2tp_ip6_bind_lookup(net, laddr, dif, tunnel_id); - if (sk) - sock_hold(sk); - - return sk; -} - /* When processing receive frames, there are two cases to * consider. Data frames consist of a non-zero session-id and an * optional cookie. Control frames consist of a regular L2TP header @@ -200,8 +192,8 @@ pass_up: struct ipv6hdr *iph = ipv6_hdr(skb); read_lock_bh(&l2tp_ip6_lock); - sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, inet6_iif(skb), - tunnel_id); + sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, &iph->saddr, + inet6_iif(skb), tunnel_id); if (!sk) { read_unlock_bh(&l2tp_ip6_lock); goto discard; @@ -339,7 +331,7 @@ static int l2tp_ip6_bind(struct sock *sk rcu_read_unlock(); write_lock_bh(&l2tp_ip6_lock); - if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, bound_dev_if, + if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, NULL, bound_dev_if, addr->l2tp_conn_id)) { write_unlock_bh(&l2tp_ip6_lock); err = -EADDRINUSE; Patches currently in stable-queue which might be from g.nault(a)alphalink.fr are queue-4.9/l2tp-take-remote-address-into-account-in-l2tp_ip-and-l2tp_ip6-socket-lookups.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "KVM: arm/arm64: Fix occasional warning from the timer work function" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KVM: arm/arm64: Fix occasional warning from the timer work function to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-arm-arm64-fix-occasional-warning-from-the-timer-work-function.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Christoffer Dall <christoffer.dall(a)linaro.org> Date: Mon, 9 Jan 2017 12:18:56 +0100 Subject: KVM: arm/arm64: Fix occasional warning from the timer work function From: Christoffer Dall <christoffer.dall(a)linaro.org> [ Upstream commit 63e41226afc3f7a044b70325566fa86ac3142538 ] When a VCPU blocks (WFI) and has programmed the vtimer, we program a soft timer to expire in the future to wake up the vcpu thread when appropriate. Because such as wake up involves a vcpu kick, and the timer expire function can get called from interrupt context, and the kick may sleep, we have to schedule the kick in the work function. The work function currently has a warning that gets raised if it turns out that the timer shouldn't fire when it's run, which was added because the idea was that in that case the work should never have been cancelled. However, it turns out that this whole thing is racy and we can get spurious warnings. The problem is that we clear the armed flag in the work function, which may run in parallel with the kvm_timer_unschedule->timer_disarm() call. This results in a possible situation where the timer_disarm() call does not call cancel_work_sync(), which effectively synchronizes the completion of the work function with running the VCPU. As a result, the VCPU thread proceeds before the work function completees, causing changes to the timer state such that kvm_timer_should_fire(vcpu) returns false in the work function. All we do in the work function is to kick the VCPU, and an occasional rare extra kick never harmed anyone. Since the race above is extremely rare, we don't bother checking if the race happens but simply remove the check and the clearing of the armed flag from the work function. Reported-by: Matthias Brugger <mbrugger(a)suse.com> Reviewed-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- virt/kvm/arm/arch_timer.c | 3 --- 1 file changed, 3 deletions(-) --- a/virt/kvm/arm/arch_timer.c +++ b/virt/kvm/arm/arch_timer.c @@ -89,9 +89,6 @@ static void kvm_timer_inject_irq_work(st struct kvm_vcpu *vcpu; vcpu = container_of(work, struct kvm_vcpu, arch.timer_cpu.expired); - vcpu->arch.timer_cpu.armed = false; - - WARN_ON(!kvm_timer_should_fire(vcpu)); /* * If the vcpu is blocked we want to wake it up so that it will see Patches currently in stable-queue which might be from christoffer.dall(a)linaro.org are queue-4.9/kvm-arm-arm64-fix-occasional-warning-from-the-timer-work-function.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "kprobes/x86: Disable preemption in ftrace-based jprobes" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kprobes/x86: Disable preemption in ftrace-based jprobes to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Tue, 19 Sep 2017 19:01:40 +0900 Subject: kprobes/x86: Disable preemption in ftrace-based jprobes From: Masami Hiramatsu <mhiramat(a)kernel.org> [ Upstream commit 5bb4fc2d8641219732eb2bb654206775a4219aca ] Disable preemption in ftrace-based jprobe handlers as described in Documentation/kprobes.txt: "Probe handlers are run with preemption disabled." This will fix jprobes behavior when CONFIG_PREEMPT=y. Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Alexei Starovoitov <ast(a)fb.com> Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Ananth N Mavinakayanahalli <ananth(a)linux.vnet.ibm.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Paul E . McKenney <paulmck(a)linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/150581530024.32348.9863783558598926771.stgit@devbox Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/kprobes/ftrace.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) --- a/arch/x86/kernel/kprobes/ftrace.c +++ b/arch/x86/kernel/kprobes/ftrace.c @@ -26,7 +26,7 @@ #include "common.h" static nokprobe_inline -int __skip_singlestep(struct kprobe *p, struct pt_regs *regs, +void __skip_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb, unsigned long orig_ip) { /* @@ -41,20 +41,21 @@ int __skip_singlestep(struct kprobe *p, __this_cpu_write(current_kprobe, NULL); if (orig_ip) regs->ip = orig_ip; - return 1; } int skip_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { - if (kprobe_ftrace(p)) - return __skip_singlestep(p, regs, kcb, 0); - else - return 0; + if (kprobe_ftrace(p)) { + __skip_singlestep(p, regs, kcb, 0); + preempt_enable_no_resched(); + return 1; + } + return 0; } NOKPROBE_SYMBOL(skip_singlestep); -/* Ftrace callback handler for kprobes */ +/* Ftrace callback handler for kprobes -- called under preepmt disabed */ void kprobe_ftrace_handler(unsigned long ip, unsigned long parent_ip, struct ftrace_ops *ops, struct pt_regs *regs) { @@ -77,13 +78,17 @@ void kprobe_ftrace_handler(unsigned long /* Kprobe handler expects regs->ip = ip + 1 as breakpoint hit */ regs->ip = ip + sizeof(kprobe_opcode_t); + /* To emulate trap based kprobes, preempt_disable here */ + preempt_disable(); __this_cpu_write(current_kprobe, p); kcb->kprobe_status = KPROBE_HIT_ACTIVE; - if (!p->pre_handler || !p->pre_handler(p, regs)) + if (!p->pre_handler || !p->pre_handler(p, regs)) { __skip_singlestep(p, regs, kcb, orig_ip); + preempt_enable_no_resched(); + } /* * If pre_handler returns !0, it sets regs->ip and - * resets current kprobe. + * resets current kprobe, and keep preempt count +1. */ } end: Patches currently in stable-queue which might be from mhiramat(a)kernel.org are queue-4.9/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch queue-4.9/kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Fri, 20 Oct 2017 08:43:39 +0900 Subject: kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y From: Masami Hiramatsu <mhiramat(a)kernel.org> [ Upstream commit a30b85df7d599f626973e9cd3056fe755bd778e0 ] We want to wait for all potentially preempted kprobes trampoline execution to have completed. This guarantees that any freed trampoline memory is not in use by any task in the system anymore. synchronize_rcu_tasks() gives such a guarantee, so use it. Also, this guarantees to wait for all potentially preempted tasks on the instructions which will be replaced with a jump. Since this becomes a problem only when CONFIG_PREEMPT=y, enable CONFIG_TASKS_RCU=y for synchronize_rcu_tasks() in that case. Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Acked-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> Cc: Ananth N Mavinakayanahalli <ananth(a)linux.vnet.ibm.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Naveen N . Rao <naveen.n.rao(a)linux.vnet.ibm.com> Cc: Paul E . McKenney <paulmck(a)linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/150845661962.5443.17724352636247312231.stgit@devbox Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/Kconfig | 2 +- kernel/kprobes.c | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) --- a/arch/Kconfig +++ b/arch/Kconfig @@ -83,7 +83,7 @@ config STATIC_KEYS_SELFTEST config OPTPROBES def_bool y depends on KPROBES && HAVE_OPTPROBES - depends on !PREEMPT + select TASKS_RCU if PREEMPT config KPROBES_ON_FTRACE def_bool y --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -540,13 +540,15 @@ static void kprobe_optimizer(struct work do_unoptimize_kprobes(); /* - * Step 2: Wait for quiesence period to ensure all running interrupts - * are done. Because optprobe may modify multiple instructions - * there is a chance that Nth instruction is interrupted. In that - * case, running interrupt can return to 2nd-Nth byte of jump - * instruction. This wait is for avoiding it. + * Step 2: Wait for quiesence period to ensure all potentially + * preempted tasks to have normally scheduled. Because optprobe + * may modify multiple instructions, there is a chance that Nth + * instruction is preempted. In that case, such tasks can return + * to 2nd-Nth byte of jump instruction. This wait is for avoiding it. + * Note that on non-preemptive kernel, this is transparently converted + * to synchronoze_sched() to wait for all interrupts to have completed. */ - synchronize_sched(); + synchronize_rcu_tasks(); /* Step 3: Optimize kprobes after quiesence period */ do_optimize_kprobes(); Patches currently in stable-queue which might be from mhiramat(a)kernel.org are queue-4.9/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch queue-4.9/kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "ima: fix hash algorithm initialization" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ima: fix hash algorithm initialization to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ima-fix-hash-algorithm-initialization.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Boshi Wang <wangboshi(a)huawei.com> Date: Fri, 20 Oct 2017 16:01:03 +0800 Subject: ima: fix hash algorithm initialization From: Boshi Wang <wangboshi(a)huawei.com> [ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ] The hash_setup function always sets the hash_setup_done flag, even when the hash algorithm is invalid. This prevents the default hash algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used. This patch sets hash_setup_done flag only for valid hash algorithms. Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms" Signed-off-by: Boshi Wang <wangboshi(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/integrity/ima/ima_main.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -51,6 +51,8 @@ static int __init hash_setup(char *str) ima_hash_algo = HASH_ALGO_SHA1; else if (strncmp(str, "md5", 3) == 0) ima_hash_algo = HASH_ALGO_MD5; + else + return 1; goto out; } @@ -60,6 +62,8 @@ static int __init hash_setup(char *str) break; } } + if (i == HASH_ALGO__LAST) + return 1; out: hash_setup_done = 1; return 1; Patches currently in stable-queue which might be from wangboshi(a)huawei.com are queue-4.9/ima-fix-hash-algorithm-initialization.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "iio: adc: ti-ads1015: add 10% to conversion wait time" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1015: add 10% to conversion wait time to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Ladislav Michl <ladis(a)linux-mips.org> Date: Fri, 25 Aug 2017 07:39:16 +0200 Subject: iio: adc: ti-ads1015: add 10% to conversion wait time From: Ladislav Michl <ladis(a)linux-mips.org> [ Upstream commit fe895ac88b9fbdf2026f0bfd56c82747bb9d7c48 ] As user's guide "ADS1015EVM, ADS1115EVM, ADS1015EVM-PDK, ADS1115EVM-PDK User Guide (Rev. B)" (http://www.ti.com/lit/ug/sbau157b/sbau157b.pdf) states at page 16: "Note that both the ADS1115 and ADS1015 have internal clocks with a ±10% accuracy. If performing FFT tests, frequencies may appear to be incorrect as a result of this tolerance range.", add those 10% to converion wait time. Cc: Daniel Baluta <daniel.baluta(a)gmail.com> Cc: Jonathan Cameron <jic23(a)kernel.org> Signed-off-by: Ladislav Michl <ladis(a)linux-mips.org> Reviewed-by: Akinobu Mita <akinobu.mita(a)gmail.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iio/adc/ti-ads1015.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/iio/adc/ti-ads1015.c +++ b/drivers/iio/adc/ti-ads1015.c @@ -269,6 +269,7 @@ int ads1015_get_adc_result(struct ads101 conv_time = DIV_ROUND_UP(USEC_PER_SEC, data->data_rate[dr_old]); conv_time += DIV_ROUND_UP(USEC_PER_SEC, data->data_rate[dr]); + conv_time += conv_time / 10; /* 10% internal clock inaccuracy */ usleep_range(conv_time, conv_time + 1); data->conv_invalid = false; } Patches currently in stable-queue which might be from ladis(a)linux-mips.org are queue-4.9/iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "i2c: i2c-cadence: Initialize configuration before probing devices" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled i2c: i2c-cadence: Initialize configuration before probing devices to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: i2c-i2c-cadence-initialize-configuration-before-probing-devices.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Mike Looijmans <mike.looijmans(a)topic.nl> Date: Mon, 16 Jan 2017 15:49:38 +0100 Subject: i2c: i2c-cadence: Initialize configuration before probing devices From: Mike Looijmans <mike.looijmans(a)topic.nl> [ Upstream commit 0e1929dedea36781e25902118c93edd8d8f09af1 ] The cadence I2C driver calls cdns_i2c_writereg(..) to setup a workaround in the controller, but did so after calling i2c_add_adapter() which starts probing devices on the bus. Change the order so that the configuration is completely finished before using the adapter. Signed-off-by: Mike Looijmans <mike.looijmans(a)topic.nl> Signed-off-by: Wolfram Sang <wsa(a)the-dreams.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/i2c/busses/i2c-cadence.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/i2c/busses/i2c-cadence.c +++ b/drivers/i2c/busses/i2c-cadence.c @@ -962,10 +962,6 @@ static int cdns_i2c_probe(struct platfor goto err_clk_dis; } - ret = i2c_add_adapter(&id->adap); - if (ret < 0) - goto err_clk_dis; - /* * Cadence I2C controller has a bug wherein it generates * invalid read transaction after HW timeout in master receiver mode. @@ -975,6 +971,10 @@ static int cdns_i2c_probe(struct platfor */ cdns_i2c_writereg(CDNS_I2C_TIMEOUT_MAX, CDNS_I2C_TIME_OUT_OFFSET); + ret = i2c_add_adapter(&id->adap); + if (ret < 0) + goto err_clk_dis; + dev_info(&pdev->dev, "%u kHz mmio %08lx irq %d\n", id->i2c_clk / 1000, (unsigned long)r_mem->start, id->irq); Patches currently in stable-queue which might be from mike.looijmans(a)topic.nl are queue-4.9/i2c-i2c-cadence-initialize-configuration-before-probing-devices.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "gtp: fix cross netns recv on gtp socket" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gtp: fix cross netns recv on gtp socket to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gtp-fix-cross-netns-recv-on-gtp-socket.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Andreas Schultz <aschultz(a)tpip.net> Date: Fri, 27 Jan 2017 10:40:58 +0100 Subject: gtp: fix cross netns recv on gtp socket From: Andreas Schultz <aschultz(a)tpip.net> [ Upstream commit 3ab1b469e847ba425af3c5ad5068cc94b55b38d0 ] The use of the passed through netlink src_net to check for a cross netns operation was wrong. Using the GTP socket and the GTP netdevice is always correct (even if the netdev has been moved to new netns after link creation). Remove the now obsolete net field from gtp_dev. Signed-off-by: Andreas Schultz <aschultz(a)tpip.net> Acked-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/gtp.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -69,7 +69,6 @@ struct gtp_dev { struct socket *sock0; struct socket *sock1u; - struct net *net; struct net_device *dev; unsigned int hash_size; @@ -316,7 +315,7 @@ static int gtp_encap_recv(struct sock *s netdev_dbg(gtp->dev, "encap_recv sk=%p\n", sk); - xnet = !net_eq(gtp->net, dev_net(gtp->dev)); + xnet = !net_eq(sock_net(sk), dev_net(gtp->dev)); switch (udp_sk(sk)->encap_type) { case UDP_ENCAP_GTP0: @@ -658,7 +657,7 @@ static void gtp_link_setup(struct net_de static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize); static void gtp_hashtable_free(struct gtp_dev *gtp); static int gtp_encap_enable(struct net_device *dev, struct gtp_dev *gtp, - int fd_gtp0, int fd_gtp1, struct net *src_net); + int fd_gtp0, int fd_gtp1); static int gtp_newlink(struct net *src_net, struct net_device *dev, struct nlattr *tb[], struct nlattr *data[]) @@ -675,7 +674,7 @@ static int gtp_newlink(struct net *src_n fd0 = nla_get_u32(data[IFLA_GTP_FD0]); fd1 = nla_get_u32(data[IFLA_GTP_FD1]); - err = gtp_encap_enable(dev, gtp, fd0, fd1, src_net); + err = gtp_encap_enable(dev, gtp, fd0, fd1); if (err < 0) goto out_err; @@ -821,7 +820,7 @@ static void gtp_hashtable_free(struct gt } static int gtp_encap_enable(struct net_device *dev, struct gtp_dev *gtp, - int fd_gtp0, int fd_gtp1, struct net *src_net) + int fd_gtp0, int fd_gtp1) { struct udp_tunnel_sock_cfg tuncfg = {NULL}; struct socket *sock0, *sock1u; @@ -858,7 +857,6 @@ static int gtp_encap_enable(struct net_d gtp->sock0 = sock0; gtp->sock1u = sock1u; - gtp->net = src_net; tuncfg.sk_user_data = gtp; tuncfg.encap_rcv = gtp_encap_recv; Patches currently in stable-queue which might be from aschultz(a)tpip.net are queue-4.9/gtp-clear-df-bit-on-gtp-packet-tx.patch queue-4.9/gtp-fix-cross-netns-recv-on-gtp-socket.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "gtp: clear DF bit on GTP packet tx" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gtp: clear DF bit on GTP packet tx to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gtp-clear-df-bit-on-gtp-packet-tx.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Andreas Schultz <aschultz(a)tpip.net> Date: Fri, 27 Jan 2017 10:40:57 +0100 Subject: gtp: clear DF bit on GTP packet tx From: Andreas Schultz <aschultz(a)tpip.net> [ Upstream commit c6ce1d08eede4c2968ed08aafa3165e8e183c5a1 ] 3GPP TS 29.281 and 3GPP TS 29.060 imply that GTP-U packets should be sent with the DF bit cleared. For example 3GPP TS 29.060, Release 8, Section 13.2.2: > Backbone router: Any router in the backbone may fragment the GTP > packet if needed, according to IPv4. Signed-off-by: Andreas Schultz <aschultz(a)tpip.net> Acked-by: Harald Welte <laforge(a)netfilter.org> Acked-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/gtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -612,7 +612,7 @@ static netdev_tx_t gtp_dev_xmit(struct s pktinfo.fl4.saddr, pktinfo.fl4.daddr, pktinfo.iph->tos, ip4_dst_hoplimit(&pktinfo.rt->dst), - htons(IP_DF), + 0, pktinfo.gtph_port, pktinfo.gtph_port, true, false); break; Patches currently in stable-queue which might be from aschultz(a)tpip.net are queue-4.9/gtp-clear-df-bit-on-gtp-packet-tx.patch queue-4.9/gtp-fix-cross-netns-recv-on-gtp-socket.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "EDAC, sb_edac: Fix missing break in switch" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled EDAC, sb_edac: Fix missing break in switch to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: edac-sb_edac-fix-missing-break-in-switch.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: "Gustavo A. R. Silva" <garsilva(a)embeddedor.com> Date: Mon, 16 Oct 2017 12:40:29 -0500 Subject: EDAC, sb_edac: Fix missing break in switch From: "Gustavo A. R. Silva" <garsilva(a)embeddedor.com> [ Upstream commit a8e9b186f153a44690ad0363a56716e7077ad28c ] Add missing break statement in order to prevent the code from falling through. Signed-off-by: Gustavo A. R. Silva <garsilva(a)embeddedor.com> Cc: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Cc: linux-edac <linux-edac(a)vger.kernel.org> Link: http://lkml.kernel.org/r/20171016174029.GA19757@embeddedor.com Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/edac/sb_edac.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/edac/sb_edac.c +++ b/drivers/edac/sb_edac.c @@ -2510,6 +2510,7 @@ static int ibridge_mci_bind_devs(struct break; case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_TA: pvt->pci_ta = pdev; + break; case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_RAS: pvt->pci_ras = pdev; break; Patches currently in stable-queue which might be from garsilva(a)embeddedor.com are queue-4.9/edac-sb_edac-fix-missing-break-in-switch.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm/exynos/decon5433: update shadow registers iff there are active windows" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/exynos/decon5433: update shadow registers iff there are active windows to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-exynos-decon5433-update-shadow-registers-iff-there-are-active-windows.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Andrzej Hajda <a.hajda(a)samsung.com> Date: Mon, 9 Jan 2017 15:33:02 +0100 Subject: drm/exynos/decon5433: update shadow registers iff there are active windows From: Andrzej Hajda <a.hajda(a)samsung.com> [ Upstream commit f65a7c9cb3770ed4d3e7c57c66d7032689081b5e ] Improper usage of DECON_UPDATE register leads to subtle errors. If it set in decon_commit when there are no active windows it results in slow registry updates - all subsequent shadow registry updates takes more than full vblank. On the other side if it is not set when there are active windows it results in garbage on the screen after suspend/resume of FB console. The patch hopefully fixes it. Signed-off-by: Andrzej Hajda <a.hajda(a)samsung.com> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c @@ -188,8 +188,6 @@ static void decon_commit(struct exynos_d /* enable output and display signal */ decon_set_bits(ctx, DECON_VIDCON0, VIDCON0_ENVID | VIDCON0_ENVID_F, ~0); - - decon_set_bits(ctx, DECON_UPDATE, STANDALONE_UPDATE_F, ~0); } static void decon_win_set_pixfmt(struct decon_context *ctx, unsigned int win, @@ -340,8 +338,9 @@ static void decon_atomic_flush(struct ex for (i = ctx->first_win; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); - /* standalone update */ - decon_set_bits(ctx, DECON_UPDATE, STANDALONE_UPDATE_F, ~0); + /* update iff there are active windows */ + if (crtc->base.state->plane_mask) + decon_set_bits(ctx, DECON_UPDATE, STANDALONE_UPDATE_F, ~0); if (ctx->out_type & IFTYPE_I80) set_bit(BIT_WIN_UPDATED, &ctx->flags); Patches currently in stable-queue which might be from a.hajda(a)samsung.com are queue-4.9/drm-exynos-decon5433-set-standalone_update_f-also-if-planes-are-disabled.patch queue-4.9/drm-exynos-decon5433-update-shadow-registers-iff-there-are-active-windows.patch queue-4.9/drm-exynos-decon5433-set-standalone_update_f-on-output-enablement.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-exynos-decon5433-set-standalone_update_f-on-output-enablement.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Andrzej Hajda <a.hajda(a)samsung.com> Date: Tue, 17 Jan 2017 15:15:20 +0100 Subject: drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement From: Andrzej Hajda <a.hajda(a)samsung.com> [ Upstream commit 11d8bcef7a0399e1d2519f207fd575fc404306b4 ] DECON_TV requires STANDALONE_UPDATE after output enabling, otherwise it does not start. This change is neutral for DECON. Signed-off-by: Andrzej Hajda <a.hajda(a)samsung.com> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c @@ -189,6 +189,8 @@ static void decon_commit(struct exynos_d /* enable output and display signal */ decon_set_bits(ctx, DECON_VIDCON0, VIDCON0_ENVID | VIDCON0_ENVID_F, ~0); + + decon_set_bits(ctx, DECON_UPDATE, STANDALONE_UPDATE_F, ~0); } static void decon_win_set_pixfmt(struct decon_context *ctx, unsigned int win, Patches currently in stable-queue which might be from a.hajda(a)samsung.com are queue-4.9/drm-exynos-decon5433-set-standalone_update_f-also-if-planes-are-disabled.patch queue-4.9/drm-exynos-decon5433-update-shadow-registers-iff-there-are-active-windows.patch queue-4.9/drm-exynos-decon5433-set-standalone_update_f-on-output-enablement.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-exynos-decon5433-set-standalone_update_f-also-if-planes-are-disabled.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Andrzej Hajda <a.hajda(a)samsung.com> Date: Fri, 13 Jan 2017 10:20:58 +0100 Subject: drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled From: Andrzej Hajda <a.hajda(a)samsung.com> [ Upstream commit 821b40b79db7dedbfe15ab330dfd181e661a533f ] STANDALONE_UPDATE_F should be set if something changed in plane configurations, including plane disable. The patch fixes page-faults bugs, caused by decon still using framebuffers of disabled planes. v2: fixed clear-bit code (Thx Marek) v3: use test_and_clear_bit (Thx Joonyoung) Signed-off-by: Andrzej Hajda <a.hajda(a)samsung.com> Tested-by: Joonyoung Shim <jy0922.shim(a)samsung.com> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c @@ -46,7 +46,8 @@ enum decon_flag_bits { BIT_CLKS_ENABLED, BIT_IRQS_ENABLED, BIT_WIN_UPDATED, - BIT_SUSPENDED + BIT_SUSPENDED, + BIT_REQUEST_UPDATE }; struct decon_context { @@ -313,6 +314,7 @@ static void decon_update_plane(struct ex /* window enable */ decon_set_bits(ctx, DECON_WINCONx(win), WINCONx_ENWIN_F, ~0); + set_bit(BIT_REQUEST_UPDATE, &ctx->flags); } static void decon_disable_plane(struct exynos_drm_crtc *crtc, @@ -325,6 +327,7 @@ static void decon_disable_plane(struct e return; decon_set_bits(ctx, DECON_WINCONx(win), WINCONx_ENWIN_F, 0); + set_bit(BIT_REQUEST_UPDATE, &ctx->flags); } static void decon_atomic_flush(struct exynos_drm_crtc *crtc) @@ -338,8 +341,7 @@ static void decon_atomic_flush(struct ex for (i = ctx->first_win; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); - /* update iff there are active windows */ - if (crtc->base.state->plane_mask) + if (test_and_clear_bit(BIT_REQUEST_UPDATE, &ctx->flags)) decon_set_bits(ctx, DECON_UPDATE, STANDALONE_UPDATE_F, ~0); if (ctx->out_type & IFTYPE_I80) Patches currently in stable-queue which might be from a.hajda(a)samsung.com are queue-4.9/drm-exynos-decon5433-set-standalone_update_f-also-if-planes-are-disabled.patch queue-4.9/drm-exynos-decon5433-update-shadow-registers-iff-there-are-active-windows.patch queue-4.9/drm-exynos-decon5433-set-standalone_update_f-on-output-enablement.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm/amdgpu: fix unload driver issue for virtual display" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/amdgpu: fix unload driver issue for virtual display to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-amdgpu-fix-unload-driver-issue-for-virtual-display.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Xiangliang Yu <Xiangliang.Yu(a)amd.com> Date: Thu, 19 Jan 2017 09:57:41 +0800 Subject: drm/amdgpu: fix unload driver issue for virtual display From: Xiangliang Yu <Xiangliang.Yu(a)amd.com> [ Upstream commit 3a1d19a29670aa7eb58576a31883d0aa9fb77549 ] Virtual display doesn't allocate amdgpu_encoder when initializing, so will get invaild pointer if try to free amdgpu_encoder when unloading driver. Signed-off-by: Xiangliang Yu <Xiangliang.Yu(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Acked-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) --- a/drivers/gpu/drm/amd/amdgpu/dce_virtual.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_virtual.c @@ -565,11 +565,8 @@ static const struct drm_encoder_helper_f static void dce_virtual_encoder_destroy(struct drm_encoder *encoder) { - struct amdgpu_encoder *amdgpu_encoder = to_amdgpu_encoder(encoder); - - kfree(amdgpu_encoder->enc_priv); drm_encoder_cleanup(encoder); - kfree(amdgpu_encoder); + kfree(encoder); } static const struct drm_encoder_funcs dce_virtual_encoder_funcs = { Patches currently in stable-queue which might be from Xiangliang.Yu(a)amd.com are queue-4.9/drm-amdgpu-fix-unload-driver-issue-for-virtual-display.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "drm/amdgpu: fix bug set incorrect value to vce register" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled drm/amdgpu: fix bug set incorrect value to vce register to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-amdgpu-fix-bug-set-incorrect-value-to-vce-register.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Rex Zhu <Rex.Zhu(a)amd.com> Date: Tue, 10 Jan 2017 20:00:40 +0800 Subject: drm/amdgpu: fix bug set incorrect value to vce register From: Rex Zhu <Rex.Zhu(a)amd.com> [ Upstream commit e05208ded1905e500cd5b369d624b071951c68b9 ] Set the proper bits for clockgating setup. Signed-off-by: Rex Zhu <Rex.Zhu(a)amd.com> Acked-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/amd/amdgpu/vce_v3_0.c +++ b/drivers/gpu/drm/amd/amdgpu/vce_v3_0.c @@ -182,7 +182,7 @@ static void vce_v3_0_set_vce_sw_clock_ga WREG32(mmVCE_UENC_CLOCK_GATING_2, data); data = RREG32(mmVCE_UENC_REG_CLOCK_GATING); - data &= ~0xffc00000; + data &= ~0x3ff; WREG32(mmVCE_UENC_REG_CLOCK_GATING, data); data = RREG32(mmVCE_UENC_DMA_DCLK_CTRL); Patches currently in stable-queue which might be from Rex.Zhu(a)amd.com are queue-4.9/drm-amdgpu-fix-bug-set-incorrect-value-to-vce-register.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dmaengine: stm32-dma: Set correct args number for DMA request from DT" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: stm32-dma: Set correct args number for DMA request from DT to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-stm32-dma-set-correct-args-number-for-dma-request-from-dt.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: M'boumba Cedric Madianga <cedric.madianga(a)gmail.com> Date: Tue, 13 Dec 2016 14:40:43 +0100 Subject: dmaengine: stm32-dma: Set correct args number for DMA request from DT From: M'boumba Cedric Madianga <cedric.madianga(a)gmail.com> [ Upstream commit 7e96304d99477de1f70db42035071e56439da817 ] This patch sets the right number of arguments to be used for DMA clients which request channels from DT. Signed-off-by: M'boumba Cedric Madianga <cedric.madianga(a)gmail.com> Reviewed-by: Ludovic BARRE <ludovic.barre(a)st.com> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/stm32-dma.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) --- a/drivers/dma/stm32-dma.c +++ b/drivers/dma/stm32-dma.c @@ -976,21 +976,18 @@ static struct dma_chan *stm32_dma_of_xla struct stm32_dma_chan *chan; struct dma_chan *c; - if (dma_spec->args_count < 3) + if (dma_spec->args_count < 4) return NULL; cfg.channel_id = dma_spec->args[0]; cfg.request_line = dma_spec->args[1]; cfg.stream_config = dma_spec->args[2]; - cfg.threshold = 0; + cfg.threshold = dma_spec->args[3]; if ((cfg.channel_id >= STM32_DMA_MAX_CHANNELS) || (cfg.request_line >= STM32_DMA_MAX_REQUEST_ID)) return NULL; - if (dma_spec->args_count > 3) - cfg.threshold = dma_spec->args[3]; - chan = &dmadev->chan[cfg.channel_id]; c = dma_get_slave_channel(&chan->vchan.chan); Patches currently in stable-queue which might be from cedric.madianga(a)gmail.com are queue-4.9/dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch queue-4.9/dmaengine-stm32-dma-set-correct-args-number-for-dma-request-from-dt.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: M'boumba Cedric Madianga <cedric.madianga(a)gmail.com> Date: Tue, 13 Dec 2016 14:40:46 +0100 Subject: dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status From: M'boumba Cedric Madianga <cedric.madianga(a)gmail.com> [ Upstream commit 57b5a32135c813f2ab669039fb4ec16b30cb3305 ] chan->desc is always set to NULL when a DMA transfer is complete. As a DMA transfer could be complete during the call of stm32_dma_tx_status, we need to be sure that chan->desc is not NULL before using this variable to avoid a null pointer deference issue. Signed-off-by: M'boumba Cedric Madianga <cedric.madianga(a)gmail.com> Reviewed-by: Ludovic BARRE <ludovic.barre(a)st.com> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/stm32-dma.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/drivers/dma/stm32-dma.c +++ b/drivers/dma/stm32-dma.c @@ -884,7 +884,7 @@ static enum dma_status stm32_dma_tx_stat struct virt_dma_desc *vdesc; enum dma_status status; unsigned long flags; - u32 residue; + u32 residue = 0; status = dma_cookie_status(c, cookie, state); if ((status == DMA_COMPLETE) || (!state)) @@ -892,16 +892,12 @@ static enum dma_status stm32_dma_tx_stat spin_lock_irqsave(&chan->vchan.lock, flags); vdesc = vchan_find_desc(&chan->vchan, cookie); - if (cookie == chan->desc->vdesc.tx.cookie) { + if (chan->desc && cookie == chan->desc->vdesc.tx.cookie) residue = stm32_dma_desc_residue(chan, chan->desc, chan->next_sg); - } else if (vdesc) { + else if (vdesc) residue = stm32_dma_desc_residue(chan, to_stm32_dma_desc(vdesc), 0); - } else { - residue = 0; - } - dma_set_residue(state, residue); spin_unlock_irqrestore(&chan->vchan.lock, flags); Patches currently in stable-queue which might be from cedric.madianga(a)gmail.com are queue-4.9/dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch queue-4.9/dmaengine-stm32-dma-set-correct-args-number-for-dma-request-from-dt.patch

7 years, 10 months

1
0
0 0

[Linux-stable-mirror] Patch "dmaengine: pl330: fix double lock" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: pl330: fix double lock to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-pl330-fix-double-lock.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Dec 6 17:39:55 CET 2017 From: Iago Abal <mail(a)iagoabal.eu> Date: Wed, 11 Jan 2017 14:00:21 +0100 Subject: dmaengine: pl330: fix double lock From: Iago Abal <mail(a)iagoabal.eu> [ Upstream commit 91539eb1fda2d530d3b268eef542c5414e54bf1a ] The static bug finder EBA (http://www.iagoabal.eu/eba/) reported the following double-lock bug: Double lock: 1. spin_lock_irqsave(pch->lock, flags) at pl330_free_chan_resources:2236; 2. call to function `pl330_release_channel' immediately after; 3. call to function `dma_pl330_rqcb' in line 1753; 4. spin_lock_irqsave(pch->lock, flags) at dma_pl330_rqcb:1505. I have fixed it as suggested by Marek Szyprowski. First, I have replaced `pch->lock' with `pl330->lock' in functions `pl330_alloc_chan_resources' and `pl330_free_chan_resources'. This avoids the double-lock by acquiring a different lock than `dma_pl330_rqcb'. NOTE that, as a result, `pl330_free_chan_resources' executes `list_splice_tail_init' on `pch->work_list' under lock `pl330->lock', whereas in the rest of the code `pch->work_list' is protected by `pch->lock'. I don't know if this may cause race conditions. Similarly `pch->cyclic' is written by `pl330_alloc_chan_resources' under `pl330->lock' but read by `pl330_tx_submit' under `pch->lock'. Second, I have removed locking from `pl330_request_channel' and `pl330_release_channel' functions. Function `pl330_request_channel' is only called from `pl330_alloc_chan_resources', so the lock is already held. Function `pl330_release_channel' is called from `pl330_free_chan_resources', which already holds the lock, and from `pl330_del'. Function `pl330_del' is called in an error path of `pl330_probe' and at the end of `pl330_remove', but I assume that there cannot be concurrent accesses to the protected data at those points. Signed-off-by: Iago Abal <mail(a)iagoabal.eu> Reviewed-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/pl330.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) --- a/drivers/dma/pl330.c +++ b/drivers/dma/pl330.c @@ -1694,7 +1694,6 @@ static bool _chan_ns(const struct pl330_ static struct pl330_thread *pl330_request_channel(struct pl330_dmac *pl330) { struct pl330_thread *thrd = NULL; - unsigned long flags; int chans, i; if (pl330->state == DYING) @@ -1702,8 +1701,6 @@ static struct pl330_thread *pl330_reques chans = pl330->pcfg.num_chan; - spin_lock_irqsave(&pl330->lock, flags); - for (i = 0; i < chans; i++) { thrd = &pl330->channels[i]; if ((thrd->free) && (!_manager_ns(thrd) || @@ -1721,8 +1718,6 @@ static struct pl330_thread *pl330_reques thrd = NULL; } - spin_unlock_irqrestore(&pl330->lock, flags); - return thrd; } @@ -1740,7 +1735,6 @@ static inline void _free_event(struct pl static void pl330_release_channel(struct pl330_thread *thrd) { struct pl330_dmac *pl330; - unsigned long flags; if (!thrd || thrd->free) return; @@ -1752,10 +1746,8 @@ static void pl330_release_channel(struct pl330 = thrd->dmac; - spin_lock_irqsave(&pl330->lock, flags); _free_event(thrd, thrd->ev); thrd->free = true; - spin_unlock_irqrestore(&pl330->lock, flags); } /* Initialize the structure for PL330 configuration, that can be used @@ -2120,20 +2112,20 @@ static int pl330_alloc_chan_resources(st struct pl330_dmac *pl330 = pch->dmac; unsigned long flags; - spin_lock_irqsave(&pch->lock, flags); + spin_lock_irqsave(&pl330->lock, flags); dma_cookie_init(chan); pch->cyclic = false; pch->thread = pl330_request_channel(pl330); if (!pch->thread) { - spin_unlock_irqrestore(&pch->lock, flags); + spin_unlock_irqrestore(&pl330->lock, flags); return -ENOMEM; } tasklet_init(&pch->task, pl330_tasklet, (unsigned long) pch); - spin_unlock_irqrestore(&pch->lock, flags); + spin_unlock_irqrestore(&pl330->lock, flags); return 1; } @@ -2236,12 +2228,13 @@ static int pl330_pause(struct dma_chan * static void pl330_free_chan_resources(struct dma_chan *chan) { struct dma_pl330_chan *pch = to_pchan(chan); + struct pl330_dmac *pl330 = pch->dmac; unsigned long flags; tasklet_kill(&pch->task); pm_runtime_get_sync(pch->dmac->ddma.dev); - spin_lock_irqsave(&pch->lock, flags); + spin_lock_irqsave(&pl330->lock, flags); pl330_release_channel(pch->thread); pch->thread = NULL; @@ -2249,7 +2242,7 @@ static void pl330_free_chan_resources(st if (pch->cyclic) list_splice_tail_init(&pch->work_list, &pch->dmac->desc_pool); - spin_unlock_irqrestore(&pch->lock, flags); + spin_unlock_irqrestore(&pl330->lock, flags); pm_runtime_mark_last_busy(pch->dmac->ddma.dev); pm_runtime_put_autosuspend(pch->dmac->ddma.dev); } Patches currently in stable-queue which might be from mail(a)iagoabal.eu are queue-4.9/dmaengine-pl330-fix-double-lock.patch

7 years, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror