This is a note to let you know that I've just added the patch titled
x86/module: Detect and skip invalid relocations
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
x86-module-detect-and-skip-invalid-relocations.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From eda9cec4c9a12208a6f69fbe68f72a6311d50032 Mon Sep 17 00:00:00 2001
From: Josh Poimboeuf <jpoimboe(a)redhat.com>
Date: Fri, 3 Nov 2017 07:58:54 -0500
Subject: x86/module: Detect and skip invalid relocations
From: Josh Poimboeuf <jpoimboe(a)redhat.com>
commit eda9cec4c9a12208a6f69fbe68f72a6311d50032 upstream.
There have been some cases where external tooling (e.g., kpatch-build)
creates a corrupt relocation which targets the wrong address. This is a
silent failure which can corrupt memory in unexpected places.
On x86, the bytes of data being overwritten by relocations are always
initialized to zero beforehand. Use that knowledge to add sanity checks
to detect such cases before they corrupt memory.
Signed-off-by: Josh Poimboeuf <jpoimboe(a)redhat.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: jeyu(a)kernel.org
Cc: live-patching(a)vger.kernel.org
Link: http://lkml.kernel.org/r/37450d6c6225e54db107fba447ce9e56e5f758e9.150971355…
[ Restructured the messages, as it's unclear whether the relocation or the target is corrupted. ]
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Cc: Matthias Kaehlcke <mka(a)chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
arch/x86/kernel/module.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -167,19 +167,27 @@ int apply_relocate_add(Elf64_Shdr *sechd
case R_X86_64_NONE:
break;
case R_X86_64_64:
+ if (*(u64 *)loc != 0)
+ goto invalid_relocation;
*(u64 *)loc = val;
break;
case R_X86_64_32:
+ if (*(u32 *)loc != 0)
+ goto invalid_relocation;
*(u32 *)loc = val;
if (val != *(u32 *)loc)
goto overflow;
break;
case R_X86_64_32S:
+ if (*(s32 *)loc != 0)
+ goto invalid_relocation;
*(s32 *)loc = val;
if ((s64)val != *(s32 *)loc)
goto overflow;
break;
case R_X86_64_PC32:
+ if (*(u32 *)loc != 0)
+ goto invalid_relocation;
val -= (u64)loc;
*(u32 *)loc = val;
#if 0
@@ -195,6 +203,11 @@ int apply_relocate_add(Elf64_Shdr *sechd
}
return 0;
+invalid_relocation:
+ pr_err("x86/modules: Skipping invalid relocation target, existing value is nonzero for type %d, loc %p, val %Lx\n",
+ (int)ELF64_R_TYPE(rel[i].r_info), loc, val);
+ return -ENOEXEC;
+
overflow:
pr_err("overflow in relocation type %d val %Lx\n",
(int)ELF64_R_TYPE(rel[i].r_info), val);
Patches currently in stable-queue which might be from jpoimboe(a)redhat.com are
queue-3.18/x86-module-detect-and-skip-invalid-relocations.patch
Hi Greg,
The below patch recently landed in Linus' tree:
commit b21ebf2fb4cde1618915a97cc773e287ff49173e
Author: H.J. Lu <hjl.tools(a)gmail.com>
Date: Wed Feb 7 14:20:09 2018 -0800
x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
On i386, there are 2 types of PLTs, PIC and non-PIC. PIE and shared
objects must use PIC PLT. To use PIC PLT, you need to load
_GLOBAL_OFFSET_TABLE_ into EBX first. There is no need for that on
x86-64 since x86-64 uses PC-relative PLT.
On x86-64, for 32-bit PC-relative branches, we can generate PLT32
relocation, instead of PC32 relocation, which can also be used as
a marker for 32-bit PC-relative branches. Linker can always reduce
PLT32 relocation to PC32 if function is defined locally. Local
functions should use PC32 relocation. As far as Linux kernel is
concerned, R_X86_64_PLT32 can be treated the same as R_X86_64_PC32
since Linux kernel doesn't use PLT.
R_X86_64_PLT32 for 32-bit PC-relative branches has been enabled in
binutils master branch which will become binutils 2.31.
[ hjl is working on having better documentation on this all, but a few
more notes from him:
"PLT32 relocation is used as marker for PC-relative branches. Because
of EBX, it looks odd to generate PLT32 relocation on i386 when EBX
doesn't have GOT.
As for symbol resolution, PLT32 and PC32 relocations are almost
interchangeable. But when linker sees PLT32 relocation against a
protected symbol, it can resolved locally at link-time since it is
used on a branch instruction. Linker can't do that for PC32
relocation"
but for the kernel use, the two are basically the same, and this
commit gets things building and working with the current binutils
master - Linus ]
Signed-off-by: H.J. Lu <hjl.tools(a)gmail.com>
Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org>
The commit message mentions that "R_X86_64_PLT32 for 32-bit
PC-relative branches has been enabled in binutils master branch which
will become binutils 2.31."
This probably means that builds of older kernels could fail with
binutils >= 2.31 and that the patch should be included in stable.
FYI: for pre-v4.14 kernel you might also want to include the below
patch. It isn't strictly needed, but is trivial and including it
avoids a conflict.
commit eda9cec4c9a12208a6f69fbe68f72a6311d50032
Author: Josh Poimboeuf <jpoimboe(a)redhat.com>
Date: Fri Nov 3 07:58:54 2017 -0500
x86/module: Detect and skip invalid relocations
Thanks
Matthias
On 03/13/2018 02:27 PM, Pavel Machek wrote:
> Hi!
>
>>>> At least 7b6af2c531 ("leds: core: Fix regression caused by commit
>>>> 2b83ff96f51d") is missing, causing visible regressions (LEDs not working at
>>>> all) on some OpenWrt devices. This was fixed in 4.4.121 by reverting the
>>>> offending commit, but if I followed the discussion correctly, 4.9 should
>>>> get the follow-up commit 7b6af2c531 instead (like 4.14 already did).
>>>>
>>>> Jacek's mail I replied to mentions that eb1610b4c273 ("led: core: Fix
>>>> blink_brightness setting race") should be included in 4.9 as well, but I
>>>> don't know the impact of the issue it fixes.
>>>
>>> It doesn't fix any reported issue, but is just an improvement
>>> aiming at preventing potential races while changing blink brightness.
>>>
>>> After taking closer look it turns out that for the patches in question
>>> to apply cleanly we need in 4.9 also a patch which introduces atomic
>>> bit fields for blink flags.
>>>
>>> Effectively, here is the list of patches required in 4.9 stable:
>>>
>>> Revert "led: core: Fix brightness setting when setting delay_off=0"
>>>
>>> followed by:
>>>
>>> a9c6ce57ec ("led: core: Use atomic bit-field for the blink-flags")
>>> eb1610b4c2 ("led: core: Fix blink_brightness setting race")
>>> 2b83ff96f5 ("led: core: Fix brightness setting when setting delay_off=0")
>>> 7b6af2c531 ("leds: core: Fix regression caused by commit 2b83ff96f51d")
>>
>> Odd, I just got another report that the 4.9.87 release fixed some
>> reported LED issues, so why do I need all of these?
Because 2b83ff96f5 introduces another bug, fixed in 7b6af2c531.
7b6af2c531 in turn uses atomic blink flags introduced in a9c6ce57ec.
eb1610b4c2 fixes theoretical races, actually we can do without it
in stable.
In order to avoid applying patch a9c6ce57ec, we could come up with the
below change which does exactly what 7b6af2c531 intended, but without
atomic blink flags, which are irrelevant for this bug.
diff --git a/drivers/leds/led-core.c b/drivers/leds/led-core.c
index 3bce448..454ed4d 100644
--- a/drivers/leds/led-core.c
+++ b/drivers/leds/led-core.c
@@ -188,6 +188,7 @@ void led_blink_set(struct led_classdev *led_cdev,
{
del_timer_sync(&led_cdev->blink_timer);
+ led_cdev->flags &= ~LED_BLINK_SW;
led_cdev->flags &= ~LED_BLINK_ONESHOT;
led_cdev->flags &= ~LED_BLINK_ONESHOT_STOP;
I can submit it to stable if it is preferred.
In every case tha patch 2b83ff96f5 needs to be reverted beforehand,
since otherwise none of the discussed patches will apply cleanly
(besides the aforementioned reasoning it has a truncated commit
message).
>> Should I just revert the single 2b83ff96f51d commit here instead?
>
> I believe so, yes.
>
> I'm not aware of any _really bad_ issues with LED subsystem in
> 4.9. Take a look at changelog of
> 2b83ff96f51d0b039c4561b9f95c824d7bddb85c -- it fixes rather
> theoretical issue; user can reproduce it by hand in shell, but,
> well... don't do it then.
Greg mentioned that 4.9.87 release fixed some LED issue for someone,
and it was the only LED related patch in that release.
> The rest of fixes ... fix some more theoretical races. I don't think
> it is -stable material, as I pointed out before.
--
Best regards,
Jacek Anaszewski
This is a note to let you know that I've just added the patch titled
Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
revert-arm-dts-logicpd-torpedo-fix-i2c1-pinmux.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 669f2dc901fbac917e494d392cfcc0b8db764947 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Date: Fri, 16 Mar 2018 13:39:47 +0100
Subject: Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
This reverts commit c86bfc7b7b01c4b98c29a39bd60e61fa8e337ebf which was
commit 74402055a2d3ec998a1ded599e86185a27d9bbf4 upstream.
The backport merged incorrectly, so I'm dropping it.
Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Cc: Adam Ford <aford173(a)gmail.com>
Cc: Tony Lindgren <tony(a)atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
arch/arm/boot/dts/logicpd-torpedo-som.dtsi | 8 --------
1 file changed, 8 deletions(-)
--- a/arch/arm/boot/dts/logicpd-torpedo-som.dtsi
+++ b/arch/arm/boot/dts/logicpd-torpedo-som.dtsi
@@ -90,8 +90,6 @@
};
&i2c1 {
- pinctrl-names = "default";
- pinctrl-0 = <&i2c1_pins>;
clock-frequency = <2600000>;
twl: twl@48 {
@@ -148,12 +146,6 @@
OMAP3630_CORE2_IOPAD(0x25da, PIN_INPUT_PULLUP | MUX_MODE2) /* etk_ctl.sdmmc3_cmd */
>;
};
- i2c1_pins: pinmux_i2c1_pins {
- pinctrl-single,pins = <
- OMAP3_CORE1_IOPAD(0x21ba, PIN_INPUT | MUX_MODE0) /* i2c1_scl.i2c1_scl */
- OMAP3_CORE1_IOPAD(0x21bc, PIN_INPUT | MUX_MODE0) /* i2c1_sda.i2c1_sda */
- >;
- };
};
#include "twl4030.dtsi"
Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are
queue-4.4/tc358743-fix-register-i2c_rd-wr-function-fix.patch
queue-4.4/netfilter-add-back-stackpointer-size-checks.patch
queue-4.4/watchdog-hpwdt-fix-unused-variable-warning.patch
queue-4.4/scsi-qla2xxx-fix-null-pointer-crash-due-to-active-timer-for-abts.patch
queue-4.4/watchdog-hpwdt-smbios-check.patch
queue-4.4/drm-amdgpu-notify-sbios-device-ready-before-send-request.patch
queue-4.4/workqueue-allow-retrieval-of-current-task-s-work-struct.patch
queue-4.4/loop-fix-lost-writes-caused-by-missing-flag.patch
queue-4.4/rdma-ucma-limit-possible-option-size.patch
queue-4.4/alsa-seq-don-t-allow-resizing-pool-in-use.patch
queue-4.4/netfilter-x_tables-pack-percpu-counter-allocations.patch
queue-4.4/revert-arm-dts-logicpd-torpedo-fix-i2c1-pinmux.patch
queue-4.4/arm-omap2-hide-omap3_save_secure_ram-on-non-omap3-builds.patch
queue-4.4/x86-mce-serialize-sysfs-changes.patch
queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-probook-640-g2.patch
queue-4.4/netfilter-idletimer-be-syzkaller-friendly.patch
queue-4.4/netfilter-use-skb_to_full_sk-in-ip_route_me_harder.patch
queue-4.4/drm-radeon-fix-kv-harvesting.patch
queue-4.4/ubi-fix-race-condition-between-ubi-volume-creation-and-udev.patch
queue-4.4/drm-radeon-fix-deadlock-on-runtime-suspend.patch
queue-4.4/scsi-qla2xxx-replace-fcport-alloc-with-qla2x00_alloc_fcport.patch
queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-elitebook-820-g3.patch
queue-4.4/watchdog-hpwdt-check-source-of-nmi.patch
queue-4.4/netfilter-ipv6-fix-use-after-free-write-in-nf_nat_ipv6_manip_pkt.patch
queue-4.4/mips-bmips-do-not-mask-ipis-during-suspend.patch
queue-4.4/netfilter-x_tables-pass-xt_counters-struct-instead-of-packet-counter.patch
queue-4.4/rdma-ucma-check-that-user-doesn-t-overflow-qp-state.patch
queue-4.4/nospec-include-asm-barrier.h-dependency.patch
queue-4.4/netfilter-ebtables-config_compat-don-t-trust-userland-offsets.patch
queue-4.4/drm-amdgpu-fix-deadlock-on-runtime-suspend.patch
queue-4.4/alsa-seq-more-protection-for-concurrent-write-and-ioctl-races.patch
queue-4.4/nfs-fix-an-incorrect-type-in-struct-nfs_direct_req.patch
queue-4.4/netfilter-nfnetlink_queue-fix-timestamp-attribute.patch
queue-4.4/mips-ath25-check-for-kzalloc-allocation-failure.patch
queue-4.4/bcache-don-t-attach-backing-with-duplicate-uuid.patch
queue-4.4/kbuild-handle-builtin-dtb-file-names-containing-hyphens.patch
queue-4.4/drm-allow-determining-if-current-task-is-output-poll-worker.patch
queue-4.4/netfilter-bridge-ebt_among-add-missing-match-size-checks.patch
queue-4.4/netfilter-nat-cope-with-negative-port-range.patch
queue-4.4/netfilter-x_tables-fix-missing-timer-initialization-in-xt_led.patch
queue-4.4/ext4-inplace-xattr-block-update-fails-to-deduplicate-blocks.patch
queue-4.4/input-tca8418_keypad-remove-double-read-of-key-event-register.patch
queue-4.4/alsa-hda-realtek-fix-dock-line-out-volume-on-dell-precision-7520.patch
queue-4.4/drm-amdgpu-fix-kv-harvesting.patch
queue-4.4/drm-nouveau-fix-deadlock-on-runtime-suspend.patch
queue-4.4/input-matrix_keypad-fix-race-when-disabling-interrupts.patch
queue-4.4/mips-octeon-irq-check-for-null-return-on-kzalloc-allocation.patch
queue-4.4/netfilter-x_tables-pass-xt_counters-struct-to-counter-allocator.patch
queue-4.4/rdma-mlx5-fix-integer-overflow-while-resizing-cq.patch
This is a note to let you know that I've just added the patch titled
net: phy: fix resume handling
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
net-phy-fix-resume-handling.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 28 16:23:28 CET 2018
From: Russell King <rmk+kernel(a)armlinux.org.uk>
Date: Tue, 12 Dec 2017 10:45:36 +0000
Subject: net: phy: fix resume handling
From: Russell King <rmk+kernel(a)armlinux.org.uk>
[ Upstream commit f5e64032a799d4f54decc7eb6aafcdffb67f9ad9 ]
When a PHY has the BMCR_PDOWN bit set, it may decide to ignore writes
to other registers, or reset the registers to power-on defaults.
Micrel PHYs do this for their interrupt registers.
The current structure of phylib tries to enable interrupts before
resuming (and releasing) the BMCR_PDOWN bit. This fails, causing
Micrel PHYs to stop working after a suspend/resume sequence if they
are using interrupts.
Fix this by ensuring that the PHY driver resume methods do not take
the phydev->lock mutex themselves, but the callers of phy_resume()
take that lock. This then allows us to move the call to phy_resume()
before we enable interrupts in phy_start().
Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/net/phy/at803x.c | 4 ----
drivers/net/phy/phy.c | 9 +++------
drivers/net/phy/phy_device.c | 10 ++++++----
3 files changed, 9 insertions(+), 14 deletions(-)
--- a/drivers/net/phy/at803x.c
+++ b/drivers/net/phy/at803x.c
@@ -239,14 +239,10 @@ static int at803x_resume(struct phy_devi
{
int value;
- mutex_lock(&phydev->lock);
-
value = phy_read(phydev, MII_BMCR);
value &= ~(BMCR_PDOWN | BMCR_ISOLATE);
phy_write(phydev, MII_BMCR, value);
- mutex_unlock(&phydev->lock);
-
return 0;
}
--- a/drivers/net/phy/phy.c
+++ b/drivers/net/phy/phy.c
@@ -828,7 +828,6 @@ EXPORT_SYMBOL(phy_stop);
*/
void phy_start(struct phy_device *phydev)
{
- bool do_resume = false;
int err = 0;
mutex_lock(&phydev->lock);
@@ -841,6 +840,9 @@ void phy_start(struct phy_device *phydev
phydev->state = PHY_UP;
break;
case PHY_HALTED:
+ /* if phy was suspended, bring the physical link up again */
+ phy_resume(phydev);
+
/* make sure interrupts are re-enabled for the PHY */
if (phydev->irq != PHY_POLL) {
err = phy_enable_interrupts(phydev);
@@ -849,17 +851,12 @@ void phy_start(struct phy_device *phydev
}
phydev->state = PHY_RESUMING;
- do_resume = true;
break;
default:
break;
}
mutex_unlock(&phydev->lock);
- /* if phy was suspended, bring the physical link up again */
- if (do_resume)
- phy_resume(phydev);
-
phy_trigger_machine(phydev, true);
}
EXPORT_SYMBOL(phy_start);
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -135,7 +135,9 @@ static int mdio_bus_phy_resume(struct de
if (!mdio_bus_phy_may_suspend(phydev))
goto no_resume;
+ mutex_lock(&phydev->lock);
ret = phy_resume(phydev);
+ mutex_unlock(&phydev->lock);
if (ret < 0)
return ret;
@@ -1026,7 +1028,9 @@ int phy_attach_direct(struct net_device
if (err)
goto error;
+ mutex_lock(&phydev->lock);
phy_resume(phydev);
+ mutex_unlock(&phydev->lock);
phy_led_triggers_register(phydev);
return err;
@@ -1157,6 +1161,8 @@ int phy_resume(struct phy_device *phydev
struct phy_driver *phydrv = to_phy_driver(phydev->mdio.dev.driver);
int ret = 0;
+ WARN_ON(!mutex_is_locked(&phydev->lock));
+
if (phydev->drv && phydrv->resume)
ret = phydrv->resume(phydev);
@@ -1639,13 +1645,9 @@ int genphy_resume(struct phy_device *phy
{
int value;
- mutex_lock(&phydev->lock);
-
value = phy_read(phydev, MII_BMCR);
phy_write(phydev, MII_BMCR, value & ~BMCR_PDOWN);
- mutex_unlock(&phydev->lock);
-
return 0;
}
EXPORT_SYMBOL(genphy_resume);
Patches currently in stable-queue which might be from rmk+kernel(a)armlinux.org.uk are
queue-4.14/arm-8731-1-fix-csum_partial_copy_from_user-stack-mismatch.patch
queue-4.14/net-phy-fix-resume-handling.patch
This is a note to let you know that I've just added the patch titled
net: phy: Restore phy_resume() locking assumption
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
net-phy-restore-phy_resume-locking-assumption.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 9c2c2e62df3fa30fb13fbeb7512a4eede729383b Mon Sep 17 00:00:00 2001
From: Andrew Lunn <andrew(a)lunn.ch>
Date: Tue, 27 Feb 2018 01:56:06 +0100
Subject: net: phy: Restore phy_resume() locking assumption
From: Andrew Lunn <andrew(a)lunn.ch>
commit 9c2c2e62df3fa30fb13fbeb7512a4eede729383b upstream.
commit f5e64032a799 ("net: phy: fix resume handling") changes the
locking semantics for phy_resume() such that the caller now needs to
hold the phy mutex. Not all call sites were adopted to this new
semantic, resulting in warnings from the added
WARN_ON(!mutex_is_locked(&phydev->lock)). Rather than change the
semantics, add a __phy_resume() and restore the old behavior of
phy_resume().
Reported-by: Heiner Kallweit <hkallweit1(a)gmail.com>
Fixes: f5e64032a799 ("net: phy: fix resume handling")
Signed-off-by: Andrew Lunn <andrew(a)lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/net/phy/phy.c | 2 +-
drivers/net/phy/phy_device.c | 18 +++++++++++++-----
include/linux/phy.h | 1 +
3 files changed, 15 insertions(+), 6 deletions(-)
--- a/drivers/net/phy/phy.c
+++ b/drivers/net/phy/phy.c
@@ -841,7 +841,7 @@ void phy_start(struct phy_device *phydev
break;
case PHY_HALTED:
/* if phy was suspended, bring the physical link up again */
- phy_resume(phydev);
+ __phy_resume(phydev);
/* make sure interrupts are re-enabled for the PHY */
if (phy_interrupt_is_valid(phydev)) {
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -135,9 +135,7 @@ static int mdio_bus_phy_resume(struct de
if (!mdio_bus_phy_may_suspend(phydev))
goto no_resume;
- mutex_lock(&phydev->lock);
ret = phy_resume(phydev);
- mutex_unlock(&phydev->lock);
if (ret < 0)
return ret;
@@ -1028,9 +1026,7 @@ int phy_attach_direct(struct net_device
if (err)
goto error;
- mutex_lock(&phydev->lock);
phy_resume(phydev);
- mutex_unlock(&phydev->lock);
phy_led_triggers_register(phydev);
return err;
@@ -1156,7 +1152,7 @@ int phy_suspend(struct phy_device *phyde
}
EXPORT_SYMBOL(phy_suspend);
-int phy_resume(struct phy_device *phydev)
+int __phy_resume(struct phy_device *phydev)
{
struct phy_driver *phydrv = to_phy_driver(phydev->mdio.dev.driver);
int ret = 0;
@@ -1173,6 +1169,18 @@ int phy_resume(struct phy_device *phydev
return ret;
}
+EXPORT_SYMBOL(__phy_resume);
+
+int phy_resume(struct phy_device *phydev)
+{
+ int ret;
+
+ mutex_lock(&phydev->lock);
+ ret = __phy_resume(phydev);
+ mutex_unlock(&phydev->lock);
+
+ return ret;
+}
EXPORT_SYMBOL(phy_resume);
int phy_loopback(struct phy_device *phydev, bool enable)
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -817,6 +817,7 @@ void phy_device_remove(struct phy_device
int phy_init_hw(struct phy_device *phydev);
int phy_suspend(struct phy_device *phydev);
int phy_resume(struct phy_device *phydev);
+int __phy_resume(struct phy_device *phydev);
int phy_loopback(struct phy_device *phydev, bool enable);
struct phy_device *phy_attach(struct net_device *dev, const char *bus_id,
phy_interface_t interface);
Patches currently in stable-queue which might be from andrew(a)lunn.ch are
queue-4.14/net-phy-fix-resume-handling.patch
queue-4.14/net-phy-restore-phy_resume-locking-assumption.patch
This is a note to let you know that I've just added the patch titled
[PATCH] net: phy: fix resume handling
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
net-phy-fix-resume-handling.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 6aae7a6232c6444941de8e5a1e0cc42442ab9bce Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel(a)armlinux.org.uk>
Date: Tue, 12 Dec 2017 10:45:36 +0000
Subject: [PATCH] net: phy: fix resume handling
From: Russell King <rmk+kernel(a)armlinux.org.uk>
[ Upstream commit f5e64032a799d4f54decc7eb6aafcdffb67f9ad9 ]
When a PHY has the BMCR_PDOWN bit set, it may decide to ignore writes
to other registers, or reset the registers to power-on defaults.
Micrel PHYs do this for their interrupt registers.
The current structure of phylib tries to enable interrupts before
resuming (and releasing) the BMCR_PDOWN bit. This fails, causing
Micrel PHYs to stop working after a suspend/resume sequence if they
are using interrupts.
Fix this by ensuring that the PHY driver resume methods do not take
the phydev->lock mutex themselves, but the callers of phy_resume()
take that lock. This then allows us to move the call to phy_resume()
before we enable interrupts in phy_start().
Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/net/phy/at803x.c | 4 ----
drivers/net/phy/phy.c | 9 +++------
drivers/net/phy/phy_device.c | 10 ++++++----
3 files changed, 9 insertions(+), 14 deletions(-)
--- a/drivers/net/phy/at803x.c
+++ b/drivers/net/phy/at803x.c
@@ -239,14 +239,10 @@ static int at803x_resume(struct phy_devi
{
int value;
- mutex_lock(&phydev->lock);
-
value = phy_read(phydev, MII_BMCR);
value &= ~(BMCR_PDOWN | BMCR_ISOLATE);
phy_write(phydev, MII_BMCR, value);
- mutex_unlock(&phydev->lock);
-
return 0;
}
--- a/drivers/net/phy/phy.c
+++ b/drivers/net/phy/phy.c
@@ -828,7 +828,6 @@ EXPORT_SYMBOL(phy_stop);
*/
void phy_start(struct phy_device *phydev)
{
- bool do_resume = false;
int err = 0;
mutex_lock(&phydev->lock);
@@ -841,6 +840,9 @@ void phy_start(struct phy_device *phydev
phydev->state = PHY_UP;
break;
case PHY_HALTED:
+ /* if phy was suspended, bring the physical link up again */
+ phy_resume(phydev);
+
/* make sure interrupts are re-enabled for the PHY */
if (phy_interrupt_is_valid(phydev)) {
err = phy_enable_interrupts(phydev);
@@ -849,17 +851,12 @@ void phy_start(struct phy_device *phydev
}
phydev->state = PHY_RESUMING;
- do_resume = true;
break;
default:
break;
}
mutex_unlock(&phydev->lock);
- /* if phy was suspended, bring the physical link up again */
- if (do_resume)
- phy_resume(phydev);
-
phy_trigger_machine(phydev, true);
}
EXPORT_SYMBOL(phy_start);
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -135,7 +135,9 @@ static int mdio_bus_phy_resume(struct de
if (!mdio_bus_phy_may_suspend(phydev))
goto no_resume;
+ mutex_lock(&phydev->lock);
ret = phy_resume(phydev);
+ mutex_unlock(&phydev->lock);
if (ret < 0)
return ret;
@@ -1026,7 +1028,9 @@ int phy_attach_direct(struct net_device
if (err)
goto error;
+ mutex_lock(&phydev->lock);
phy_resume(phydev);
+ mutex_unlock(&phydev->lock);
phy_led_triggers_register(phydev);
return err;
@@ -1157,6 +1161,8 @@ int phy_resume(struct phy_device *phydev
struct phy_driver *phydrv = to_phy_driver(phydev->mdio.dev.driver);
int ret = 0;
+ WARN_ON(!mutex_is_locked(&phydev->lock));
+
if (phydev->drv && phydrv->resume)
ret = phydrv->resume(phydev);
@@ -1639,13 +1645,9 @@ int genphy_resume(struct phy_device *phy
{
int value;
- mutex_lock(&phydev->lock);
-
value = phy_read(phydev, MII_BMCR);
phy_write(phydev, MII_BMCR, value & ~BMCR_PDOWN);
- mutex_unlock(&phydev->lock);
-
return 0;
}
EXPORT_SYMBOL(genphy_resume);
Patches currently in stable-queue which might be from rmk+kernel(a)armlinux.org.uk are
queue-4.14/net-phy-fix-resume-handling.patch
On Fri, Mar 16, 2018 at 10:31:16AM +0100, Rainer Fiebig wrote:
> Hi!
>
> When building 4.14.27 I got the a/m message. Same for 4.16-rc5.
> Building the kernel is OK, however. Same for Spectre- ect. mitigation.
>
> As I'm not sure whether this is a bug or a feature (and where to get libelf-devel from), any hint would be welcome.
It should be part of your Linux distribution, the help message says the
major different forms it is called, have you tried searching for those?
What Linux distro do you use?
thanks,
greg k-h
This is a note to let you know that I've just added the patch titled
siox: fix possible buffer overflow in device_add_store
to my char-misc git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
in the char-misc-next branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will also be merged in the next major kernel release
during the merge window.
If you have any questions about this process, please let me know.
>From f87deada80fe483e2286e29cd866dc66ddc2b6bc Mon Sep 17 00:00:00 2001
From: Gavin Schenk <g.schenk(a)eckelmann.de>
Date: Wed, 14 Feb 2018 15:25:02 +0100
Subject: siox: fix possible buffer overflow in device_add_store
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Width 20 given in format string is larger than destination
buffer 'type[20]', use %19s to prevent overflowing it.
Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX")
Cc: stable <stable(a)vger.kernel.org>
Reported-by: David Binderman <dcb314(a)hotmail.com>
Signed-off-by: Gavin Schenk <g.schenk(a)eckelmann.de>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/siox/siox-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c
index fdfcdea25867..16590dfaafa4 100644
--- a/drivers/siox/siox-core.c
+++ b/drivers/siox/siox-core.c
@@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev,
size_t inbytes = 0, outbytes = 0;
u8 statustype = 0;
- ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes,
+ ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes,
&outbytes, &statustype);
if (ret != 3 && ret != 4)
return -EINVAL;
--
2.16.2
This is a note to let you know that I've just added the patch titled
Revert "base: arch_topology: fix section mismatch build warnings"
to my driver-core git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git
in the driver-core-next branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will also be merged in the next major kernel release
during the merge window.
If you have any questions about this process, please let me know.
>From 9de9a449482677a75f1edd2049268a7efc40fc96 Mon Sep 17 00:00:00 2001
From: Gaku Inami <gaku.inami.xh(a)renesas.com>
Date: Tue, 13 Feb 2018 11:06:40 +0900
Subject: Revert "base: arch_topology: fix section mismatch build warnings"
This reverts commit 452562abb5b7 ("base: arch_topology: fix section
mismatch build warnings"). It causes the notifier call hangs in some
use-cases.
In some cases with using maxcpus, some of cpus are booted first and
then the remaining cpus are booted. As an example, some users who want
to realize fast boot up often use the following procedure.
1) Define all CPUs on device tree (CA57x4 + CA53x4)
2) Add "maxcpus=4" in bootargs
3) Kernel boot up with CA57x4
4) After kernel boot up, CA53x4 is booted from user
When kernel init was finished, CPUFREQ_POLICY_NOTIFIER was not still
unregisterd. This means that "__init init_cpu_capacity_callback()"
will be called after kernel init sequence. To avoid this problem,
it needs to remove __init{,data} annotations by reverting this commit.
Also, this commit was needed to fix kernel compile issue below.
However, this issue was also fixed by another patch: commit 82d8ba717ccb
("arch_topology: Fix section miss match warning due to
free_raw_capacity()") in v4.15 as well.
Whereas commit 452562abb5b7 added all the missing __init annotations,
commit 82d8ba717ccb removed it from free_raw_capacity().
WARNING: vmlinux.o(.text+0x548f24): Section mismatch in reference
from the function init_cpu_capacity_callback() to the variable
.init.text:$x
The function init_cpu_capacity_callback() references
the variable __init $x.
This is often because init_cpu_capacity_callback lacks a __init
annotation or the annotation of $x is wrong.
Fixes: 82d8ba717ccb ("arch_topology: Fix section miss match warning due to free_raw_capacity()")
Cc: stable <stable(a)vger.kernel.org>
Signed-off-by: Gaku Inami <gaku.inami.xh(a)renesas.com>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann(a)arm.com>
Tested-by: Dietmar Eggemann <dietmar.eggemann(a)arm.com>
Acked-by: Sudeep Holla <sudeep.holla(a)arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/base/arch_topology.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/base/arch_topology.c b/drivers/base/arch_topology.c
index 52ec5174bcb1..e7cb0c6ade81 100644
--- a/drivers/base/arch_topology.c
+++ b/drivers/base/arch_topology.c
@@ -169,11 +169,11 @@ bool __init topology_parse_cpu_capacity(struct device_node *cpu_node, int cpu)
}
#ifdef CONFIG_CPU_FREQ
-static cpumask_var_t cpus_to_visit __initdata;
-static void __init parsing_done_workfn(struct work_struct *work);
-static __initdata DECLARE_WORK(parsing_done_work, parsing_done_workfn);
+static cpumask_var_t cpus_to_visit;
+static void parsing_done_workfn(struct work_struct *work);
+static DECLARE_WORK(parsing_done_work, parsing_done_workfn);
-static int __init
+static int
init_cpu_capacity_callback(struct notifier_block *nb,
unsigned long val,
void *data)
@@ -209,7 +209,7 @@ init_cpu_capacity_callback(struct notifier_block *nb,
return 0;
}
-static struct notifier_block init_cpu_capacity_notifier __initdata = {
+static struct notifier_block init_cpu_capacity_notifier = {
.notifier_call = init_cpu_capacity_callback,
};
@@ -242,7 +242,7 @@ static int __init register_cpufreq_notifier(void)
}
core_initcall(register_cpufreq_notifier);
-static void __init parsing_done_workfn(struct work_struct *work)
+static void parsing_done_workfn(struct work_struct *work)
{
cpufreq_unregister_notifier(&init_cpu_capacity_notifier,
CPUFREQ_POLICY_NOTIFIER);
--
2.16.2