- Linux-stable-mirror - lists.linaro.org

[PATCH] drm/amd/display: Disallow enabling CRTC without primary plane with FB

by Harry Wentland

The below commit "drm/atomic: Try to preserve the crtc enabled state in drm_atomic_remove_fb, v2" introduces a slight behavioral change to rmfb. Instead of disabling a crtc when the primary plane is disabled, it now preserves it. Since DC is currently not equipped to handle this we need to fail such a commit, otherwise we might see a corrupted screen. This is based on Shirish's previous approach but avoids adding all planes to the new atomic state which leads to a full update in DC for any commit, and is not what we intend. Theoretically DM should be able to deal with states with fully populated planes, even for simple updates, such as cursor updates. This should still be addressed in the future. Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 6f92a19bebd6..0bdc6b484bad 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4683,6 +4683,7 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, struct amdgpu_dm_connector *aconnector = NULL; struct drm_connector_state *new_con_state = NULL; struct dm_connector_state *dm_conn_state = NULL; + struct drm_plane_state *new_plane_state = NULL; new_stream = NULL; @@ -4690,6 +4691,13 @@ static int dm_update_crtcs_state(struct amdgpu_display_manager *dm, dm_new_crtc_state = to_dm_crtc_state(new_crtc_state); acrtc = to_amdgpu_crtc(crtc); + new_plane_state = drm_atomic_get_new_plane_state(state, new_crtc_state->crtc->primary); + + if (new_crtc_state->enable && new_plane_state && !new_plane_state->fb) { + ret = -EINVAL; + goto fail; + } + aconnector = amdgpu_dm_find_first_crtc_matching_connector(state, crtc); /* TODO This hack should go away */ @@ -4894,7 +4902,7 @@ static int dm_update_planes_state(struct dc *dc, if (!dm_old_crtc_state->stream) continue; - DRM_DEBUG_DRIVER("Disabling DRM plane: %d on DRM crtc %d\n", + DRM_DEBUG_ATOMIC("Disabling DRM plane: %d on DRM crtc %d\n", plane->base.id, old_plane_crtc->base.id); if (!dc_remove_plane_from_context( -- 2.17.0

7 years, 6 months

1
0
0 0

[Patch v3 2/6] cifs: Allocate validate negotiation request through kmalloc

by Long Li

From: Long Li <longli(a)microsoft.com> The data buffer allocated on the stack can't be DMA'ed, and hence can't send through RDMA via SMB Direct. Fix this by allocating the request on the heap in smb3_validate_negotiate. Changes in v2: Removed duplicated code on freeing buffers on function exit. (Thanks to Parav Pandit <parav(a)mellanox.com>) Fixed typo in the patch title. Changes in v3: Added "Fixes" to the patch. Changed sizeof() to use *pointer in place of struct. Fixes: ff1c038addc4 ("Check SMB3 dialects against downgrade attacks") Signed-off-by: Long Li <longli(a)microsoft.com> Cc: stable(a)vger.kernel.org --- fs/cifs/smb2pdu.c | 59 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 0f044c4..5582a02 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -729,8 +729,8 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) { - int rc = 0; - struct validate_negotiate_info_req vneg_inbuf; + int ret, rc = -EIO; + struct validate_negotiate_info_req *pneg_inbuf; struct validate_negotiate_info_rsp *pneg_rsp = NULL; u32 rsplen; u32 inbuflen; /* max of 4 dialects */ @@ -741,6 +741,9 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) if (tcon->ses->server->rdma) return 0; #endif + pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_KERNEL); + if (!pneg_inbuf) + return -ENOMEM; /* In SMB3.11 preauth integrity supersedes validate negotiate */ if (tcon->ses->server->dialect == SMB311_PROT_ID) @@ -764,63 +767,63 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) cifs_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); - vneg_inbuf.Capabilities = + pneg_inbuf->Capabilities = cpu_to_le32(tcon->ses->server->vals->req_capabilities); - memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid, + memcpy(pneg_inbuf->Guid, tcon->ses->server->client_guid, SMB2_CLIENT_GUID_SIZE); if (tcon->ses->sign) - vneg_inbuf.SecurityMode = + pneg_inbuf->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); else if (global_secflags & CIFSSEC_MAY_SIGN) - vneg_inbuf.SecurityMode = + pneg_inbuf->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); else - vneg_inbuf.SecurityMode = 0; + pneg_inbuf->SecurityMode = 0; if (strcmp(tcon->ses->server->vals->version_string, SMB3ANY_VERSION_STRING) == 0) { - vneg_inbuf.Dialects[0] = cpu_to_le16(SMB30_PROT_ID); - vneg_inbuf.Dialects[1] = cpu_to_le16(SMB302_PROT_ID); - vneg_inbuf.DialectCount = cpu_to_le16(2); + pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); + pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); + pneg_inbuf->DialectCount = cpu_to_le16(2); /* structure is big enough for 3 dialects, sending only 2 */ inbuflen = sizeof(struct validate_negotiate_info_req) - 2; } else if (strcmp(tcon->ses->server->vals->version_string, SMBDEFAULT_VERSION_STRING) == 0) { - vneg_inbuf.Dialects[0] = cpu_to_le16(SMB21_PROT_ID); - vneg_inbuf.Dialects[1] = cpu_to_le16(SMB30_PROT_ID); - vneg_inbuf.Dialects[2] = cpu_to_le16(SMB302_PROT_ID); - vneg_inbuf.DialectCount = cpu_to_le16(3); + pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); + pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); + pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); + pneg_inbuf->DialectCount = cpu_to_le16(3); /* structure is big enough for 3 dialects */ inbuflen = sizeof(struct validate_negotiate_info_req); } else { /* otherwise specific dialect was requested */ - vneg_inbuf.Dialects[0] = + pneg_inbuf->Dialects[0] = cpu_to_le16(tcon->ses->server->vals->protocol_id); - vneg_inbuf.DialectCount = cpu_to_le16(1); + pneg_inbuf->DialectCount = cpu_to_le16(1); /* structure is big enough for 3 dialects, sending only 1 */ inbuflen = sizeof(struct validate_negotiate_info_req) - 4; } - rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, + ret = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */, - (char *)&vneg_inbuf, sizeof(struct validate_negotiate_info_req), + (char *)pneg_inbuf, sizeof(*pneg_inbuf), (char **)&pneg_rsp, &rsplen); - if (rc != 0) { - cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); - return -EIO; + if (ret) { + cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", ret); + goto out_free_inbuf; } - if (rsplen != sizeof(struct validate_negotiate_info_rsp)) { + if (rsplen != sizeof(*pneg_rsp)) { cifs_dbg(VFS, "invalid protocol negotiate response size: %d\n", rsplen); /* relax check since Mac returns max bufsize allowed on ioctl */ if ((rsplen > CIFSMaxBufSize) || (rsplen < sizeof(struct validate_negotiate_info_rsp))) - goto err_rsp_free; + goto out_free_rsp; } /* check validate negotiate info response matches what we got earlier */ @@ -838,14 +841,16 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) /* validate negotiate successful */ cifs_dbg(FYI, "validate negotiate info successful\n"); - kfree(pneg_rsp); - return 0; + rc = 0; + goto out_free_rsp; vneg_out: cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n"); -err_rsp_free: +out_free_rsp: kfree(pneg_rsp); - return -EIO; +out_free_inbuf: + kfree(pneg_inbuf); + return rc; } enum securityEnum -- 2.7.4

7 years, 6 months

4
9
0 0

[PATCH] btrfs: fix unaligned access in readdir

by David Sterba

The last update to readdir introduced a temporary buffer to store the emitted readdir data, but as there are file names of variable length, there's a lot of unaligned access. This was observed on a sparc64 machine: Kernel unaligned access at TPC[102f3080] btrfs_real_readdir+0x51c/0x718 [btrfs] Fixes: 23b5ec74943 ("btrfs: fix readdir deadlock with pagefault") CC: stable(a)vger.kernel.org # 4.14+ Reported-and-tested-by: René Rebe <rene(a)exactcode.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/inode.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index e064c49c9a9a..d241285a0d2a 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -31,6 +31,7 @@ #include <linux/uio.h> #include <linux/magic.h> #include <linux/iversion.h> +#include <asm/unaligned.h> #include "ctree.h" #include "disk-io.h" #include "transaction.h" @@ -5905,11 +5906,13 @@ static int btrfs_filldir(void *addr, int entries, struct dir_context *ctx) struct dir_entry *entry = addr; char *name = (char *)(entry + 1); - ctx->pos = entry->offset; - if (!dir_emit(ctx, name, entry->name_len, entry->ino, - entry->type)) + ctx->pos = get_unaligned(&entry->offset); + if (!dir_emit(ctx, name, get_unaligned(&entry->name_len), + get_unaligned(&entry->ino), + get_unaligned(&entry->type))) return 1; - addr += sizeof(struct dir_entry) + entry->name_len; + addr += sizeof(struct dir_entry) + + get_unaligned(&entry->name_len); ctx->pos++; } return 0; @@ -5999,14 +6002,15 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) } entry = addr; - entry->name_len = name_len; + put_unaligned(name_len, &entry->name_len); name_ptr = (char *)(entry + 1); read_extent_buffer(leaf, name_ptr, (unsigned long)(di + 1), name_len); - entry->type = btrfs_filetype_table[btrfs_dir_type(leaf, di)]; + put_unaligned(btrfs_filetype_table[btrfs_dir_type(leaf, di)], + &entry->type); btrfs_dir_item_key_to_cpu(leaf, di, &location); - entry->ino = location.objectid; - entry->offset = found_key.offset; + put_unaligned(location.objectid, &entry->ino); + put_unaligned(found_key.offset, &entry->offset); entries++; addr += sizeof(struct dir_entry) + name_len; total_len += sizeof(struct dir_entry) + name_len; -- 2.16.2

7 years, 6 months

2
1
0 0

Re: [PATCH] usbip: vhc_hcd: prevent module being removed while device are attached

by Sasha Levin

Hi. [This is an automated email] This commit has been processed by the -stable helper bot and determined to be a high probability candidate for -stable trees. (score: 13.1846) The bot has tested the following trees: v4.15.15, v4.14.32, v4.9.92, v4.4.126, v4.15.15: Build OK! v4.14.32: Build OK! v4.9.92: Failed to apply! Possible dependencies: 3920ad4951e2 ("usbip: vhc_hcd: prevent module being removed while device are attached") a38711a88b7e ("usbip: auto retry for concurrent attach") v4.4.126: Failed to apply! Possible dependencies: 0775a9cbc694 ("usbip: vhci extension: modifications to vhci driver") 3920ad4951e2 ("usbip: vhc_hcd: prevent module being removed while device are attached") a38711a88b7e ("usbip: auto retry for concurrent attach") Please let us know if you'd like to have this patch included in a stable tree. -- Thanks. Sasha

7 years, 6 months

3
4
0 0

[PATCH v4] blk-mq: Fix race conditions in request timeout handling

by Bart Van Assche

If a completion occurs after blk_mq_rq_timed_out() has reset rq->aborted_gstate and the request is again in flight when the timeout expires then a request will be completed twice: a first time by the timeout handler and a second time when the regular completion occurs. Additionally, the blk-mq timeout handling code ignores completions that occur after blk_mq_check_expired() has been called and before blk_mq_rq_timed_out() has reset rq->aborted_gstate. If a block driver timeout handler always returns BLK_EH_RESET_TIMER then the result will be that the request never terminates. Since the request state can be updated from two different contexts, namely regular completion and request timeout, this race cannot be fixed with RCU synchronization only. Fix this race as follows: - Split __deadline in two variables, namely lq_deadline for legacy request queues and mq_deadline for blk-mq request queues. Use atomic operations to update mq_deadline. - Use the deadline instead of the request generation to detect whether or not a request timer fired after reinitialization of a request. - Store the request state in the lowest two bits of the deadline instead of the lowest two bits of 'gstate'. - Remove all request member variables that became superfluous due to this change: gstate, aborted_gstate, gstate_seq and aborted_gstate_sync. - Remove the request state information that became superfluous due to this patch, namely RQF_MQ_TIMEOUT_EXPIRED. - Remove the hctx member that became superfluous due to these changes, namely nr_expired. - Remove the code that became superfluous due to this change, namely the RCU lock and unlock statements in blk_mq_complete_request() and also the synchronize_rcu() call in the timeout handler. This patch fixes the following kernel crashes: BUG: unable to handle kernel NULL pointer dereference at (null) Oops: 0000 [#1] PREEMPT SMP CPU: 2 PID: 151 Comm: kworker/2:1H Tainted: G W 4.15.0-dbg+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Workqueue: kblockd blk_mq_timeout_work RIP: 0010:scsi_times_out+0x17/0x2c0 [scsi_mod] Call Trace: blk_mq_terminate_expired+0x42/0x80 bt_iter+0x3d/0x50 blk_mq_queue_tag_busy_iter+0xe9/0x200 blk_mq_timeout_work+0x181/0x2e0 process_one_work+0x21c/0x6d0 worker_thread+0x35/0x380 kthread+0x117/0x130 ret_from_fork+0x24/0x30 This patch also fixes a double completion problem in the NVMeOF initiator driver. See also http://lists.infradead.org/pipermail/linux-nvme/2018-February/015848.html. Fixes: 1d9bd5161ba3 ("blk-mq: replace timeout synchronization with a RCU and generation based scheme") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Israel Rukshin <israelr(a)mellanox.com>, Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: <stable(a)vger.kernel.org> # v4.16 --- Changes compared to v3 (see also https://www.mail-archive.com/linux-block@vger.kernel.org/msg20073.html): - Removed the spinlock again that was introduced to protect the request state. v4 uses atomic_long_cmpxchg() instead. - Split __deadline into two variables - one for the legacy block layer and one for blk-mq. Changes compared to v2 (https://www.mail-archive.com/linux-block@vger.kernel.org/msg18338.html): - Rebased and retested on top of kernel v4.16. Changes compared to v1 (https://www.mail-archive.com/linux-block@vger.kernel.org/msg18089.html): - Removed the gstate and aborted_gstate members of struct request and used the __deadline member to encode both the generation and state information. block/blk-core.c | 2 - block/blk-mq-debugfs.c | 1 - block/blk-mq.c | 166 +++---------------------------------------------- block/blk-mq.h | 47 ++++++++------ block/blk-timeout.c | 57 ++++++++++++----- block/blk.h | 41 ++++++++++-- include/linux/blk-mq.h | 1 - include/linux/blkdev.h | 32 +++------- 8 files changed, 122 insertions(+), 225 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 0c48bef8490f..422b79b61bb9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -200,8 +200,6 @@ void blk_rq_init(struct request_queue *q, struct request *rq) rq->start_time = jiffies; set_start_time_ns(rq); rq->part = NULL; - seqcount_init(&rq->gstate_seq); - u64_stats_init(&rq->aborted_gstate_sync); } EXPORT_SYMBOL(blk_rq_init); diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c index 6f72413b6cab..80c7c585769f 100644 --- a/block/blk-mq-debugfs.c +++ b/block/blk-mq-debugfs.c @@ -345,7 +345,6 @@ static const char *const rqf_name[] = { RQF_NAME(STATS), RQF_NAME(SPECIAL_PAYLOAD), RQF_NAME(ZONE_WRITE_LOCKED), - RQF_NAME(MQ_TIMEOUT_EXPIRED), RQF_NAME(MQ_POLL_SLEPT), }; #undef RQF_NAME diff --git a/block/blk-mq.c b/block/blk-mq.c index 7816d28b7219..337e10a5a30c 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -305,7 +305,6 @@ static struct request *blk_mq_rq_ctx_init(struct blk_mq_alloc_data *data, rq->special = NULL; /* tag was already set */ rq->extra_len = 0; - rq->__deadline = 0; INIT_LIST_HEAD(&rq->timeout_list); rq->timeout = 0; @@ -527,8 +526,7 @@ static void __blk_mq_complete_request(struct request *rq) bool shared = false; int cpu; - WARN_ON_ONCE(blk_mq_rq_state(rq) != MQ_RQ_IN_FLIGHT); - blk_mq_rq_update_state(rq, MQ_RQ_COMPLETE); + WARN_ON_ONCE(blk_mq_rq_state(rq) != MQ_RQ_COMPLETE); if (rq->internal_tag != -1) blk_mq_sched_completed_request(rq); @@ -577,36 +575,6 @@ static void hctx_lock(struct blk_mq_hw_ctx *hctx, int *srcu_idx) *srcu_idx = srcu_read_lock(hctx->srcu); } -static void blk_mq_rq_update_aborted_gstate(struct request *rq, u64 gstate) -{ - unsigned long flags; - - /* - * blk_mq_rq_aborted_gstate() is used from the completion path and - * can thus be called from irq context. u64_stats_fetch in the - * middle of update on the same CPU leads to lockup. Disable irq - * while updating. - */ - local_irq_save(flags); - u64_stats_update_begin(&rq->aborted_gstate_sync); - rq->aborted_gstate = gstate; - u64_stats_update_end(&rq->aborted_gstate_sync); - local_irq_restore(flags); -} - -static u64 blk_mq_rq_aborted_gstate(struct request *rq) -{ - unsigned int start; - u64 aborted_gstate; - - do { - start = u64_stats_fetch_begin(&rq->aborted_gstate_sync); - aborted_gstate = rq->aborted_gstate; - } while (u64_stats_fetch_retry(&rq->aborted_gstate_sync, start)); - - return aborted_gstate; -} - /** * blk_mq_complete_request - end I/O on a request * @rq: the request being processed @@ -618,27 +586,12 @@ static u64 blk_mq_rq_aborted_gstate(struct request *rq) void blk_mq_complete_request(struct request *rq) { struct request_queue *q = rq->q; - struct blk_mq_hw_ctx *hctx = blk_mq_map_queue(q, rq->mq_ctx->cpu); - int srcu_idx; if (unlikely(blk_should_fake_timeout(q))) return; - /* - * If @rq->aborted_gstate equals the current instance, timeout is - * claiming @rq and we lost. This is synchronized through - * hctx_lock(). See blk_mq_timeout_work() for details. - * - * Completion path never blocks and we can directly use RCU here - * instead of hctx_lock() which can be either RCU or SRCU. - * However, that would complicate paths which want to synchronize - * against us. Let stay in sync with the issue path so that - * hctx_lock() covers both issue and completion paths. - */ - hctx_lock(hctx, &srcu_idx); - if (blk_mq_rq_aborted_gstate(rq) != rq->gstate) + if (blk_mq_change_rq_state(rq, MQ_RQ_IN_FLIGHT, MQ_RQ_COMPLETE)) __blk_mq_complete_request(rq); - hctx_unlock(hctx, srcu_idx); } EXPORT_SYMBOL(blk_mq_complete_request); @@ -662,27 +615,8 @@ void blk_mq_start_request(struct request *rq) wbt_issue(q->rq_wb, &rq->issue_stat); } - WARN_ON_ONCE(blk_mq_rq_state(rq) != MQ_RQ_IDLE); - - /* - * Mark @rq in-flight which also advances the generation number, - * and register for timeout. Protect with a seqcount to allow the - * timeout path to read both @rq->gstate and @rq->deadline - * coherently. - * - * This is the only place where a request is marked in-flight. If - * the timeout path reads an in-flight @rq->gstate, the - * @rq->deadline it reads together under @rq->gstate_seq is - * guaranteed to be the matching one. - */ - preempt_disable(); - write_seqcount_begin(&rq->gstate_seq); - - blk_mq_rq_update_state(rq, MQ_RQ_IN_FLIGHT); - blk_add_timer(rq); - - write_seqcount_end(&rq->gstate_seq); - preempt_enable(); + /* Mark @rq in-flight and set its deadline. */ + blk_mq_add_timer(rq, MQ_RQ_IDLE, MQ_RQ_IN_FLIGHT); if (q->dma_drain_size && blk_rq_bytes(rq)) { /* @@ -695,11 +629,6 @@ void blk_mq_start_request(struct request *rq) } EXPORT_SYMBOL(blk_mq_start_request); -/* - * When we reach here because queue is busy, it's safe to change the state - * to IDLE without checking @rq->aborted_gstate because we should still be - * holding the RCU read lock and thus protected against timeout. - */ static void __blk_mq_requeue_request(struct request *rq) { struct request_queue *q = rq->q; @@ -811,7 +740,6 @@ EXPORT_SYMBOL(blk_mq_tag_to_rq); struct blk_mq_timeout_data { unsigned long next; unsigned int next_set; - unsigned int nr_expired; }; static void blk_mq_rq_timed_out(struct request *req, bool reserved) @@ -819,8 +747,6 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) const struct blk_mq_ops *ops = req->q->mq_ops; enum blk_eh_timer_return ret = BLK_EH_RESET_TIMER; - req->rq_flags |= RQF_MQ_TIMEOUT_EXPIRED; - if (ops->timeout) ret = ops->timeout(req, reserved); @@ -829,13 +755,7 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) __blk_mq_complete_request(req); break; case BLK_EH_RESET_TIMER: - /* - * As nothing prevents from completion happening while - * ->aborted_gstate is set, this may lead to ignored - * completions and further spurious timeouts. - */ - blk_mq_rq_update_aborted_gstate(req, 0); - blk_add_timer(req); + blk_mq_add_timer(req, MQ_RQ_COMPLETE, MQ_RQ_IN_FLIGHT); break; case BLK_EH_NOT_HANDLED: break; @@ -849,60 +769,23 @@ static void blk_mq_check_expired(struct blk_mq_hw_ctx *hctx, struct request *rq, void *priv, bool reserved) { struct blk_mq_timeout_data *data = priv; - unsigned long gstate, deadline; - int start; - - might_sleep(); - - if (rq->rq_flags & RQF_MQ_TIMEOUT_EXPIRED) - return; - - /* read coherent snapshots of @rq->state_gen and @rq->deadline */ - while (true) { - start = read_seqcount_begin(&rq->gstate_seq); - gstate = READ_ONCE(rq->gstate); - deadline = blk_rq_deadline(rq); - if (!read_seqcount_retry(&rq->gstate_seq, start)) - break; - cond_resched(); - } + unsigned long deadline = blk_mq_rq_deadline(rq); - /* if in-flight && overdue, mark for abortion */ - if ((gstate & MQ_RQ_STATE_MASK) == MQ_RQ_IN_FLIGHT && - time_after_eq(jiffies, deadline)) { - blk_mq_rq_update_aborted_gstate(rq, gstate); - data->nr_expired++; - hctx->nr_expired++; + if (time_after_eq(jiffies, deadline) && + blk_mq_change_rq_state(rq, MQ_RQ_IN_FLIGHT, MQ_RQ_COMPLETE)) { + blk_mq_rq_timed_out(rq, reserved); } else if (!data->next_set || time_after(data->next, deadline)) { data->next = deadline; data->next_set = 1; } -} -static void blk_mq_terminate_expired(struct blk_mq_hw_ctx *hctx, - struct request *rq, void *priv, bool reserved) -{ - /* - * We marked @rq->aborted_gstate and waited for RCU. If there were - * completions that we lost to, they would have finished and - * updated @rq->gstate by now; otherwise, the completion path is - * now guaranteed to see @rq->aborted_gstate and yield. If - * @rq->aborted_gstate still matches @rq->gstate, @rq is ours. - */ - if (!(rq->rq_flags & RQF_MQ_TIMEOUT_EXPIRED) && - READ_ONCE(rq->gstate) == rq->aborted_gstate) - blk_mq_rq_timed_out(rq, reserved); } static void blk_mq_timeout_work(struct work_struct *work) { struct request_queue *q = container_of(work, struct request_queue, timeout_work); - struct blk_mq_timeout_data data = { - .next = 0, - .next_set = 0, - .nr_expired = 0, - }; + struct blk_mq_timeout_data data = { }; struct blk_mq_hw_ctx *hctx; int i; @@ -925,33 +808,6 @@ static void blk_mq_timeout_work(struct work_struct *work) /* scan for the expired ones and set their ->aborted_gstate */ blk_mq_queue_tag_busy_iter(q, blk_mq_check_expired, &data); - if (data.nr_expired) { - bool has_rcu = false; - - /* - * Wait till everyone sees ->aborted_gstate. The - * sequential waits for SRCUs aren't ideal. If this ever - * becomes a problem, we can add per-hw_ctx rcu_head and - * wait in parallel. - */ - queue_for_each_hw_ctx(q, hctx, i) { - if (!hctx->nr_expired) - continue; - - if (!(hctx->flags & BLK_MQ_F_BLOCKING)) - has_rcu = true; - else - synchronize_srcu(hctx->srcu); - - hctx->nr_expired = 0; - } - if (has_rcu) - synchronize_rcu(); - - /* terminate the ones we won */ - blk_mq_queue_tag_busy_iter(q, blk_mq_terminate_expired, NULL); - } - if (data.next_set) { data.next = blk_rq_timeout(round_jiffies_up(data.next)); mod_timer(&q->timeout, data.next); @@ -2087,8 +1943,6 @@ static int blk_mq_init_request(struct blk_mq_tag_set *set, struct request *rq, return ret; } - seqcount_init(&rq->gstate_seq); - u64_stats_init(&rq->aborted_gstate_sync); return 0; } diff --git a/block/blk-mq.h b/block/blk-mq.h index 88c558f71819..4f96fd66eb8a 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -27,10 +27,7 @@ struct blk_mq_ctx { struct kobject kobj; } ____cacheline_aligned_in_smp; -/* - * Bits for request->gstate. The lower two bits carry MQ_RQ_* state value - * and the upper bits the generation number. - */ +/* Lowest two bits of request->mq_deadline. */ enum mq_rq_state { MQ_RQ_IDLE = 0, MQ_RQ_IN_FLIGHT = 1, @@ -38,7 +35,6 @@ enum mq_rq_state { MQ_RQ_STATE_BITS = 2, MQ_RQ_STATE_MASK = (1 << MQ_RQ_STATE_BITS) - 1, - MQ_RQ_GEN_INC = 1 << MQ_RQ_STATE_BITS, }; void blk_mq_freeze_queue(struct request_queue *q); @@ -104,9 +100,30 @@ void blk_mq_release(struct request_queue *q); * blk_mq_rq_state() - read the current MQ_RQ_* state of a request * @rq: target request. */ -static inline int blk_mq_rq_state(struct request *rq) +static inline enum mq_rq_state blk_mq_rq_state(struct request *rq) { - return READ_ONCE(rq->gstate) & MQ_RQ_STATE_MASK; + return atomic_long_read(&rq->mq_deadline) & MQ_RQ_STATE_MASK; +} + +/** + * blk_mq_change_rq_state - atomically test and set request state + * @rq: Request pointer. + * @old: Old request state. + * @new: New request state. + * + * Returns %true if and only if the old state was @old and if the state has + * been changed into @new. + */ +static inline bool blk_mq_change_rq_state(struct request *rq, + enum mq_rq_state old_s, + enum mq_rq_state new_s) +{ + unsigned long old_d = (atomic_long_read(&rq->mq_deadline) & + ~(unsigned long)MQ_RQ_STATE_MASK) | old_s; + unsigned long new_d = (old_d & ~(unsigned long)MQ_RQ_STATE_MASK) | + new_s; + + return atomic_long_cmpxchg(&rq->mq_deadline, old_d, new_d) == old_d; } /** @@ -114,23 +131,13 @@ static inline int blk_mq_rq_state(struct request *rq) * @rq: target request. * @state: new state to set. * - * Set @rq's state to @state. The caller is responsible for ensuring that - * there are no other updaters. A request can transition into IN_FLIGHT - * only from IDLE and doing so increments the generation number. + * Set @rq's state to @state. */ static inline void blk_mq_rq_update_state(struct request *rq, - enum mq_rq_state state) + enum mq_rq_state new_s) { - u64 old_val = READ_ONCE(rq->gstate); - u64 new_val = (old_val & ~MQ_RQ_STATE_MASK) | state; - - if (state == MQ_RQ_IN_FLIGHT) { - WARN_ON_ONCE((old_val & MQ_RQ_STATE_MASK) != MQ_RQ_IDLE); - new_val += MQ_RQ_GEN_INC; + while (!blk_mq_change_rq_state(rq, blk_mq_rq_state(rq), new_s)) { } - - /* avoid exposing interim values */ - WRITE_ONCE(rq->gstate, new_val); } static inline struct blk_mq_ctx *__blk_mq_get_ctx(struct request_queue *q, diff --git a/block/blk-timeout.c b/block/blk-timeout.c index 50a191720055..3ca829dce2d6 100644 --- a/block/blk-timeout.c +++ b/block/blk-timeout.c @@ -165,8 +165,9 @@ void blk_abort_request(struct request *req) * immediately and that scan sees the new timeout value. * No need for fancy synchronizations. */ - blk_rq_set_deadline(req, jiffies); - kblockd_schedule_work(&req->q->timeout_work); + if (blk_mq_rq_set_deadline(req, jiffies, MQ_RQ_IN_FLIGHT, + MQ_RQ_IN_FLIGHT)) + kblockd_schedule_work(&req->q->timeout_work); } else { if (blk_mark_rq_complete(req)) return; @@ -187,15 +188,8 @@ unsigned long blk_rq_timeout(unsigned long timeout) return timeout; } -/** - * blk_add_timer - Start timeout timer for a single request - * @req: request that is about to start running. - * - * Notes: - * Each request has its own timer, and as it is added to the queue, we - * set up the timer. When the request completes, we cancel the timer. - */ -void blk_add_timer(struct request *req) +static void __blk_add_timer(struct request *req, enum mq_rq_state old, + enum mq_rq_state new) { struct request_queue *q = req->q; unsigned long expiry; @@ -216,15 +210,17 @@ void blk_add_timer(struct request *req) if (!req->timeout) req->timeout = q->rq_timeout; - blk_rq_set_deadline(req, jiffies + req->timeout); - req->rq_flags &= ~RQF_MQ_TIMEOUT_EXPIRED; - /* * Only the non-mq case needs to add the request to a protected list. * For the mq case we simply scan the tag map. */ - if (!q->mq_ops) + if (!q->mq_ops) { + blk_rq_set_deadline(req, jiffies + req->timeout); list_add_tail(&req->timeout_list, &req->q->timeout_list); + } else { + WARN_ON_ONCE(!blk_mq_rq_set_deadline(req, jiffies + + req->timeout, old, new)); + } /* * If the timer isn't already pending or this timeout is earlier @@ -249,3 +245,34 @@ void blk_add_timer(struct request *req) } } + +/** + * blk_add_timer - Start timeout timer for a single request + * @req: request that is about to start running. + * + * Notes: + * Each request has its own timer, and as it is added to the queue, we + * set up the timer. When the request completes, we cancel the timer. + */ +void blk_add_timer(struct request *req) +{ + return __blk_add_timer(req, MQ_RQ_IDLE/*ignored*/, + MQ_RQ_IDLE/*ignored*/); +} + +/** + * blk_mq_add_timer - set the deadline for a single request + * @req: request for which to set the deadline. + * @old: current request state. + * @new: new request state. + * + * Sets the deadline of a request if and only if it has state @old and + * at the same time changes the request state from @old into @new. The caller + * must guarantee that the request state won't be modified while this function + * is in progress. + */ +void blk_mq_add_timer(struct request *req, enum mq_rq_state old, + enum mq_rq_state new) +{ + return __blk_add_timer(req, old, new); +} diff --git a/block/blk.h b/block/blk.h index b034fd2460c4..7665d4af777e 100644 --- a/block/blk.h +++ b/block/blk.h @@ -170,6 +170,8 @@ static inline bool bio_integrity_endio(struct bio *bio) void blk_timeout_work(struct work_struct *work); unsigned long blk_rq_timeout(unsigned long timeout); void blk_add_timer(struct request *req); +void blk_mq_add_timer(struct request *req, enum mq_rq_state old, + enum mq_rq_state new); void blk_delete_timer(struct request *); @@ -191,21 +193,21 @@ void blk_account_io_done(struct request *req); /* * EH timer and IO completion will both attempt to 'grab' the request, make * sure that only one of them succeeds. Steal the bottom bit of the - * __deadline field for this. + * lq_deadline field for this. */ static inline int blk_mark_rq_complete(struct request *rq) { - return test_and_set_bit(0, &rq->__deadline); + return test_and_set_bit(0, &rq->lq_deadline); } static inline void blk_clear_rq_complete(struct request *rq) { - clear_bit(0, &rq->__deadline); + clear_bit(0, &rq->lq_deadline); } static inline bool blk_rq_is_complete(struct request *rq) { - return test_bit(0, &rq->__deadline); + return test_bit(0, &rq->lq_deadline); } /* @@ -311,15 +313,42 @@ static inline void req_set_nomerge(struct request_queue *q, struct request *req) * Steal a bit from this field for legacy IO path atomic IO marking. Note that * setting the deadline clears the bottom bit, potentially clearing the * completed bit. The user has to be OK with this (current ones are fine). + * Must be called with the request queue lock held. */ static inline void blk_rq_set_deadline(struct request *rq, unsigned long time) { - rq->__deadline = time & ~0x1UL; + rq->lq_deadline = time & ~0x1UL; } static inline unsigned long blk_rq_deadline(struct request *rq) { - return rq->__deadline & ~0x1UL; + return rq->lq_deadline & ~0x1UL; +} + +/* + * If the state of request @rq equals @old_s, update deadline and request state + * atomically to @time and @new_s. blk-mq only. + */ +static inline bool blk_mq_rq_set_deadline(struct request *rq, + unsigned long time, + enum mq_rq_state old_s, + enum mq_rq_state new_s) +{ + unsigned long old_d, new_d; + + do { + old_d = atomic_long_read(&rq->mq_deadline); + if ((old_d & MQ_RQ_STATE_MASK) != old_s) + return false; + new_d = (time & ~0x3UL) | (new_s & 3UL); + } while (atomic_long_cmpxchg(&rq->mq_deadline, old_d, new_d) != old_d); + + return true; +} + +static inline unsigned long blk_mq_rq_deadline(struct request *rq) +{ + return atomic_long_read(&rq->mq_deadline) & ~0x3UL; } /* diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h index 8efcf49796a3..13ccbb418e89 100644 --- a/include/linux/blk-mq.h +++ b/include/linux/blk-mq.h @@ -51,7 +51,6 @@ struct blk_mq_hw_ctx { unsigned int queue_num; atomic_t nr_active; - unsigned int nr_expired; struct hlist_node cpuhp_dead; struct kobject kobj; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 6075d1a6760c..abf78819014b 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -27,7 +27,6 @@ #include <linux/percpu-refcount.h> #include <linux/scatterlist.h> #include <linux/blkzoned.h> -#include <linux/seqlock.h> #include <linux/u64_stats_sync.h> struct module; @@ -125,8 +124,6 @@ typedef __u32 __bitwise req_flags_t; #define RQF_SPECIAL_PAYLOAD ((__force req_flags_t)(1 << 18)) /* The per-zone write lock is held for this request */ #define RQF_ZONE_WRITE_LOCKED ((__force req_flags_t)(1 << 19)) -/* timeout is expired */ -#define RQF_MQ_TIMEOUT_EXPIRED ((__force req_flags_t)(1 << 20)) /* already slept for hybrid poll */ #define RQF_MQ_POLL_SLEPT ((__force req_flags_t)(1 << 21)) @@ -226,28 +223,15 @@ struct request { unsigned int extra_len; /* length of alignment and padding */ /* - * On blk-mq, the lower bits of ->gstate (generation number and - * state) carry the MQ_RQ_* state value and the upper bits the - * generation number which is monotonically incremented and used to - * distinguish the reuse instances. - * - * ->gstate_seq allows updates to ->gstate and other fields - * (currently ->deadline) during request start to be read - * atomically from the timeout path, so that it can operate on a - * coherent set of information. + * Access through blk_rq_set_deadline(), blk_rq_deadline() and + * blk_mark_rq_complete(), blk_clear_rq_complete() and + * blk_rq_is_complete() for legacy queues or blk_mq_rq_set_deadline(), + * blk_mq_rq_deadline() and blk_mq_rq_state() for blk-mq queues. */ - seqcount_t gstate_seq; - u64 gstate; - - /* - * ->aborted_gstate is used by the timeout to claim a specific - * recycle instance of this request. See blk_mq_timeout_work(). - */ - struct u64_stats_sync aborted_gstate_sync; - u64 aborted_gstate; - - /* access through blk_rq_set_deadline, blk_rq_deadline */ - unsigned long __deadline; + union { + unsigned long lq_deadline; + atomic_long_t mq_deadline; + }; struct list_head timeout_list; -- 2.16.2

7 years, 6 months

13
37
0 0

[PATCH v2 2/2] pinctrl/samsung: Document required order of banks

by Paweł Chmiel

This patch documents requirement coming from the way exynos_eint_gpio_irq() is working now, which expects EINTG banks to be at the beginning of the bank arrays. Cc: stable(a)vger.kernel.org Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> --- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 26 ++++++++++++++++++++++++++ drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 20 ++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c index 4f4ae66..d82820f 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c @@ -88,6 +88,7 @@ static const struct samsung_retention_data s5pv210_retention_data __initconst = /* pin banks of s5pv210 pin-controller */ static const struct samsung_pin_bank_data s5pv210_pin_bank[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(4, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpb", 0x08), @@ -147,6 +148,7 @@ static atomic_t exynos_shared_retention_refcnt; /* pin banks of exynos3250 pin-controller 0 */ static const struct samsung_pin_bank_data exynos3250_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpb", 0x08), @@ -158,6 +160,7 @@ static const struct samsung_pin_bank_data exynos3250_pin_banks0[] __initconst = /* pin banks of exynos3250 pin-controller 1 */ static const struct samsung_pin_bank_data exynos3250_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTN(8, 0x120, "gpe0"), EXYNOS_PIN_BANK_EINTN(8, 0x140, "gpe1"), EXYNOS_PIN_BANK_EINTN(3, 0x180, "gpe2"), @@ -232,6 +235,7 @@ const struct samsung_pinctrl_of_match_data exynos3250_of_data __initconst = { /* pin banks of exynos4210 pin-controller 0 */ static const struct samsung_pin_bank_data exynos4210_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpb", 0x08), @@ -252,6 +256,7 @@ static const struct samsung_pin_bank_data exynos4210_pin_banks0[] __initconst = /* pin banks of exynos4210 pin-controller 1 */ static const struct samsung_pin_bank_data exynos4210_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpj0", 0x00), EXYNOS_PIN_BANK_EINTG(5, 0x020, "gpj1", 0x04), EXYNOS_PIN_BANK_EINTG(7, 0x040, "gpk0", 0x08), @@ -276,6 +281,7 @@ static const struct samsung_pin_bank_data exynos4210_pin_banks1[] __initconst = /* pin banks of exynos4210 pin-controller 2 */ static const struct samsung_pin_bank_data exynos4210_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTN(7, 0x000, "gpz"), }; @@ -346,6 +352,7 @@ const struct samsung_pinctrl_of_match_data exynos4210_of_data __initconst = { /* pin banks of exynos4x12 pin-controller 0 */ static const struct samsung_pin_bank_data exynos4x12_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpb", 0x08), @@ -363,6 +370,7 @@ static const struct samsung_pin_bank_data exynos4x12_pin_banks0[] __initconst = /* pin banks of exynos4x12 pin-controller 1 */ static const struct samsung_pin_bank_data exynos4x12_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x040, "gpk0", 0x08), EXYNOS_PIN_BANK_EINTG(7, 0x060, "gpk1", 0x0c), EXYNOS_PIN_BANK_EINTG(7, 0x080, "gpk2", 0x10), @@ -390,11 +398,13 @@ static const struct samsung_pin_bank_data exynos4x12_pin_banks1[] __initconst = /* pin banks of exynos4x12 pin-controller 2 */ static const struct samsung_pin_bank_data exynos4x12_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpz", 0x00), }; /* pin banks of exynos4x12 pin-controller 3 */ static const struct samsung_pin_bank_data exynos4x12_pin_banks3[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpv0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpv1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpv2", 0x08), @@ -449,6 +459,7 @@ const struct samsung_pinctrl_of_match_data exynos4x12_of_data __initconst = { /* pin banks of exynos5250 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5250_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpa2", 0x08), @@ -478,6 +489,7 @@ static const struct samsung_pin_bank_data exynos5250_pin_banks0[] __initconst = /* pin banks of exynos5250 pin-controller 1 */ static const struct samsung_pin_bank_data exynos5250_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpe0", 0x00), EXYNOS_PIN_BANK_EINTG(2, 0x020, "gpe1", 0x04), EXYNOS_PIN_BANK_EINTG(4, 0x040, "gpf0", 0x08), @@ -491,6 +503,7 @@ static const struct samsung_pin_bank_data exynos5250_pin_banks1[] __initconst = /* pin banks of exynos5250 pin-controller 2 */ static const struct samsung_pin_bank_data exynos5250_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpv0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpv1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x060, "gpv2", 0x08), @@ -500,6 +513,7 @@ static const struct samsung_pin_bank_data exynos5250_pin_banks2[] __initconst = /* pin banks of exynos5250 pin-controller 3 */ static const struct samsung_pin_bank_data exynos5250_pin_banks3[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpz", 0x00), }; @@ -550,6 +564,7 @@ const struct samsung_pinctrl_of_match_data exynos5250_of_data __initconst = { /* pin banks of exynos5260 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5260_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(4, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(7, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpa2", 0x08), @@ -575,6 +590,7 @@ static const struct samsung_pin_bank_data exynos5260_pin_banks0[] __initconst = /* pin banks of exynos5260 pin-controller 1 */ static const struct samsung_pin_bank_data exynos5260_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpc0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpc1", 0x04), EXYNOS_PIN_BANK_EINTG(7, 0x040, "gpc2", 0x08), @@ -584,6 +600,7 @@ static const struct samsung_pin_bank_data exynos5260_pin_banks1[] __initconst = /* pin banks of exynos5260 pin-controller 2 */ static const struct samsung_pin_bank_data exynos5260_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpz0", 0x00), EXYNOS_PIN_BANK_EINTG(4, 0x020, "gpz1", 0x04), }; @@ -619,6 +636,7 @@ const struct samsung_pinctrl_of_match_data exynos5260_of_data __initconst = { /* pin banks of exynos5410 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpa2", 0x08), @@ -658,6 +676,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = /* pin banks of exynos5410 pin-controller 1 */ static const struct samsung_pin_bank_data exynos5410_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(5, 0x000, "gpj0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpj1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpj2", 0x08), @@ -671,6 +690,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks1[] __initconst = /* pin banks of exynos5410 pin-controller 2 */ static const struct samsung_pin_bank_data exynos5410_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpv0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpv1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x060, "gpv2", 0x08), @@ -680,6 +700,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks2[] __initconst = /* pin banks of exynos5410 pin-controller 3 */ static const struct samsung_pin_bank_data exynos5410_pin_banks3[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpz", 0x00), }; @@ -727,6 +748,7 @@ const struct samsung_pinctrl_of_match_data exynos5410_of_data __initconst = { /* pin banks of exynos5420 pin-controller 0 */ static const struct samsung_pin_bank_data exynos5420_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpy7", 0x00), EXYNOS_PIN_BANK_EINTW(8, 0xC00, "gpx0", 0x00), EXYNOS_PIN_BANK_EINTW(8, 0xC20, "gpx1", 0x04), @@ -736,6 +758,7 @@ static const struct samsung_pin_bank_data exynos5420_pin_banks0[] __initconst = /* pin banks of exynos5420 pin-controller 1 */ static const struct samsung_pin_bank_data exynos5420_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpc0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpc1", 0x04), EXYNOS_PIN_BANK_EINTG(7, 0x040, "gpc2", 0x08), @@ -753,6 +776,7 @@ static const struct samsung_pin_bank_data exynos5420_pin_banks1[] __initconst = /* pin banks of exynos5420 pin-controller 2 */ static const struct samsung_pin_bank_data exynos5420_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpe0", 0x00), EXYNOS_PIN_BANK_EINTG(2, 0x020, "gpe1", 0x04), EXYNOS_PIN_BANK_EINTG(6, 0x040, "gpf0", 0x08), @@ -765,6 +789,7 @@ static const struct samsung_pin_bank_data exynos5420_pin_banks2[] __initconst = /* pin banks of exynos5420 pin-controller 3 */ static const struct samsung_pin_bank_data exynos5420_pin_banks3[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTG(6, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpa2", 0x08), @@ -778,6 +803,7 @@ static const struct samsung_pin_bank_data exynos5420_pin_banks3[] __initconst = /* pin banks of exynos5420 pin-controller 4 */ static const struct samsung_pin_bank_data exynos5420_pin_banks4[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpz", 0x00), }; diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c index 71c9d1d..b6e5642 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm64.c @@ -45,6 +45,7 @@ static atomic_t exynos_shared_retention_refcnt; /* pin banks of exynos5433 pin-controller - ALIVE */ static const struct samsung_pin_bank_data exynos5433_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTW(8, 0x000, "gpa0", 0x00), EXYNOS5433_PIN_BANK_EINTW(8, 0x020, "gpa1", 0x04), EXYNOS5433_PIN_BANK_EINTW(8, 0x040, "gpa2", 0x08), @@ -58,27 +59,32 @@ static const struct samsung_pin_bank_data exynos5433_pin_banks0[] __initconst = /* pin banks of exynos5433 pin-controller - AUD */ static const struct samsung_pin_bank_data exynos5433_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(7, 0x000, "gpz0", 0x00), EXYNOS5433_PIN_BANK_EINTG(4, 0x020, "gpz1", 0x04), }; /* pin banks of exynos5433 pin-controller - CPIF */ static const struct samsung_pin_bank_data exynos5433_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(2, 0x000, "gpv6", 0x00), }; /* pin banks of exynos5433 pin-controller - eSE */ static const struct samsung_pin_bank_data exynos5433_pin_banks3[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(3, 0x000, "gpj2", 0x00), }; /* pin banks of exynos5433 pin-controller - FINGER */ static const struct samsung_pin_bank_data exynos5433_pin_banks4[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(4, 0x000, "gpd5", 0x00), }; /* pin banks of exynos5433 pin-controller - FSYS */ static const struct samsung_pin_bank_data exynos5433_pin_banks5[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(6, 0x000, "gph1", 0x00), EXYNOS5433_PIN_BANK_EINTG(7, 0x020, "gpr4", 0x04), EXYNOS5433_PIN_BANK_EINTG(5, 0x040, "gpr0", 0x08), @@ -89,16 +95,19 @@ static const struct samsung_pin_bank_data exynos5433_pin_banks5[] __initconst = /* pin banks of exynos5433 pin-controller - IMEM */ static const struct samsung_pin_bank_data exynos5433_pin_banks6[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(8, 0x000, "gpf0", 0x00), }; /* pin banks of exynos5433 pin-controller - NFC */ static const struct samsung_pin_bank_data exynos5433_pin_banks7[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(3, 0x000, "gpj0", 0x00), }; /* pin banks of exynos5433 pin-controller - PERIC */ static const struct samsung_pin_bank_data exynos5433_pin_banks8[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(6, 0x000, "gpv7", 0x00), EXYNOS5433_PIN_BANK_EINTG(5, 0x020, "gpb0", 0x04), EXYNOS5433_PIN_BANK_EINTG(8, 0x040, "gpc0", 0x08), @@ -120,6 +129,7 @@ static const struct samsung_pin_bank_data exynos5433_pin_banks8[] __initconst = /* pin banks of exynos5433 pin-controller - TOUCH */ static const struct samsung_pin_bank_data exynos5433_pin_banks9[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS5433_PIN_BANK_EINTG(3, 0x000, "gpj1", 0x00), }; @@ -267,6 +277,7 @@ const struct samsung_pinctrl_of_match_data exynos5433_of_data __initconst = { /* pin banks of exynos7 pin-controller - ALIVE */ static const struct samsung_pin_bank_data exynos7_pin_banks0[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTW(8, 0x000, "gpa0", 0x00), EXYNOS_PIN_BANK_EINTW(8, 0x020, "gpa1", 0x04), EXYNOS_PIN_BANK_EINTW(8, 0x040, "gpa2", 0x08), @@ -275,6 +286,7 @@ static const struct samsung_pin_bank_data exynos7_pin_banks0[] __initconst = { /* pin banks of exynos7 pin-controller - BUS0 */ static const struct samsung_pin_bank_data exynos7_pin_banks1[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(5, 0x000, "gpb0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpc0", 0x04), EXYNOS_PIN_BANK_EINTG(2, 0x040, "gpc1", 0x08), @@ -294,31 +306,37 @@ static const struct samsung_pin_bank_data exynos7_pin_banks1[] __initconst = { /* pin banks of exynos7 pin-controller - NFC */ static const struct samsung_pin_bank_data exynos7_pin_banks2[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(3, 0x000, "gpj0", 0x00), }; /* pin banks of exynos7 pin-controller - TOUCH */ static const struct samsung_pin_bank_data exynos7_pin_banks3[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(3, 0x000, "gpj1", 0x00), }; /* pin banks of exynos7 pin-controller - FF */ static const struct samsung_pin_bank_data exynos7_pin_banks4[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(4, 0x000, "gpg4", 0x00), }; /* pin banks of exynos7 pin-controller - ESE */ static const struct samsung_pin_bank_data exynos7_pin_banks5[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(5, 0x000, "gpv7", 0x00), }; /* pin banks of exynos7 pin-controller - FSYS0 */ static const struct samsung_pin_bank_data exynos7_pin_banks6[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpr4", 0x00), }; /* pin banks of exynos7 pin-controller - FSYS1 */ static const struct samsung_pin_bank_data exynos7_pin_banks7[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(4, 0x000, "gpr0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpr1", 0x04), EXYNOS_PIN_BANK_EINTG(5, 0x040, "gpr2", 0x08), @@ -327,6 +345,7 @@ static const struct samsung_pin_bank_data exynos7_pin_banks7[] __initconst = { /* pin banks of exynos7 pin-controller - BUS1 */ static const struct samsung_pin_bank_data exynos7_pin_banks8[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(8, 0x020, "gpf0", 0x00), EXYNOS_PIN_BANK_EINTG(8, 0x040, "gpf1", 0x04), EXYNOS_PIN_BANK_EINTG(4, 0x060, "gpf2", 0x08), @@ -340,6 +359,7 @@ static const struct samsung_pin_bank_data exynos7_pin_banks8[] __initconst = { }; static const struct samsung_pin_bank_data exynos7_pin_banks9[] __initconst = { + /* Must start with EINTG banks, ordered by EINT group number. */ EXYNOS_PIN_BANK_EINTG(7, 0x000, "gpz0", 0x00), EXYNOS_PIN_BANK_EINTG(4, 0x020, "gpz1", 0x04), }; -- 2.7.4

7 years, 6 months

3
2
0 0

[PATCH 4.15 00/53] 4.15.18-stable review

by Greg Kroah-Hartman

------------------------ NOTE, this is the last expected 4.15.y release. After this one, the tree is end-of-life. Please move to 4.16.y at this point in time. ------------------------ This is the start of the stable review cycle for the 4.15.18 release. There are 53 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Apr 19 15:57:06 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.15.18-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.15.18-rc1 Amir Goldstein <amir73il(a)gmail.com> ovl: set lower layer st_dev only if setting lower st_ino Sudhir Sreedharan <ssreedharan(a)mvista.com> rtl8187: Fix NULL pointer dereference in priv->conf_mutex Hans de Goede <hdegoede(a)redhat.com> Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low Szymon Janc <szymon.janc(a)codecoup.pl> Bluetooth: Fix connection if directed advertising and privacy is used Al Viro <viro(a)zeniv.linux.org.uk> getname_kernel() needs to make sure that ->name != ->iname in long case Michael S. Tsirkin <mst(a)redhat.com> mm/gup_benchmark: handle gup failures Michael S. Tsirkin <mst(a)redhat.com> get_user_pages_fast(): return -EFAULT on access_ok failure Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/compat: fix setup_frame32 Vasily Gorbik <gor(a)linux.ibm.com> s390/ipl: ensure loadparm valid flag is set Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't merge ERROR output buffers Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't retry EQBS after CCQ 96 Dan Williams <dan.j.williams(a)intel.com> nfit: fix region registration vs block-data-window ranges Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> block/loop: fix deadlock after loop_set_status John Johansen <john.johansen(a)canonical.com> apparmor: fix resource audit messages when auditing peer John Johansen <john.johansen(a)canonical.com> apparmor: fix display of .ns_name for containers John Johansen <john.johansen(a)canonical.com> apparmor: fix logging of the existence test for signals Bill Kuzeja <William.Kuzeja(a)stratus.com> scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure J. Bruce Fields <bfields(a)redhat.com> nfsd: fix incorrect umasks Mike Kravetz <mike.kravetz(a)oracle.com> hugetlbfs: fix bug in pgoff overflow checking Simon Gaiser <simon(a)invisiblethingslab.com> xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling Amir Goldstein <amir73il(a)gmail.com> ovl: fix lookup with middle layer opaque dir and absolute path redirects Ming Lei <ming.lei(a)redhat.com> blk-mq: don't keep offline CPUs mapped to hctx 0 Ming Lei <ming.lei(a)redhat.com> blk-mq: order getting budget and driver tag Yury Norov <ynorov(a)caviumnetworks.com> lib: fix stall in __bitmap_parselist() Keith Busch <keith.busch(a)intel.com> nvme: Skip checking heads without namespaces Bart Van Assche <bart.vanassche(a)wdc.com> block: Change a rcu_read_{lock,unlock}_sched() pair into rcu_read_{lock,unlock}() Yunlong Song <yunlong.song(a)huawei.com> f2fs: fix heap mode to reset it back Eric Biggers <ebiggers(a)google.com> sunrpc: remove incorrect HMAC request initialization Li RongQing <lirongqing(a)baidu.com> x86/apic: Fix signedness bug in APIC ID validity checks Toke Høiland-Jørgensen <toke(a)toke.dk> ath9k: Protect queue draining by rcu_read_lock() Marek Szyprowski <m.szyprowski(a)samsung.com> hwmon: (ina2xx) Fix access to uninitialized mutex Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/AMD: Get address from already initialized block Prashant Bhole <bhole_prashant_q7(a)lab.ntt.co.jp> perf/core: Fix use-after-free in uprobe_perf_close() Nicholas Piggin <npiggin(a)gmail.com> KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode Dexuan Cui <decui(a)microsoft.com> PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() Dexuan Cui <decui(a)microsoft.com> PCI: hv: Serialize the present and eject work items Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: do not mark HV_PCIE as perf_device Helge Deller <deller(a)gmx.de> parisc: Fix HPMC handler by increasing size to multiple of 16 bytes Helge Deller <deller(a)gmx.de> parisc: Fix out of array access in match_pci_device() Corey Minyard <cminyard(a)mvista.com> ipmi: Fix some error cleanup issues Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: v4l: vsp1: Fix header display list status check in continuous mode Mauro Carvalho Chehab <mchehab(a)kernel.org> media: v4l2-compat-ioctl32: don't oops on overlay Phil Elwell <phil(a)raspberrypi.org> lan78xx: Correctly indicate invalid OTP Eric Auger <eric.auger(a)redhat.com> vhost: Fix vhost_copy_to_user() Sabrina Dubroca <sd(a)queasysnail.net> ip_gre: clear feature flags when incompatible o_flags are set Guillaume Nault <g.nault(a)alphalink.fr> l2tp: fix race in duplicate tunnel detection Guillaume Nault <g.nault(a)alphalink.fr> l2tp: fix races in tunnel creation Stefan Hajnoczi <stefanha(a)redhat.com> vhost: fix vhost_vq_access_ok() log check Tejaswi Tanikella <tejaswit(a)codeaurora.org> slip: Check if rstate is initialized before uncompressing Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: MP-RDS may use an invalid c_path Bassem Boubaker <bassem.boubaker(a)actia.fr> cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Jozsef Kadlecsik <kadlec(a)blackhole.kfki.hu> netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() Manasi Navare <manasi.d.navare(a)intel.com> drm/i915/edp: Do not do link training fallback or prune modes on EDP ------------- Diffstat: Makefile | 4 +- arch/parisc/kernel/drivers.c | 4 + arch/parisc/kernel/hpmc.S | 6 +- arch/powerpc/kvm/book3s_hv_rm_mmu.c | 4 - arch/s390/kernel/compat_signal.c | 2 +- arch/s390/kernel/ipl.c | 1 + arch/x86/include/asm/apic.h | 4 +- arch/x86/kernel/acpi/boot.c | 13 +- arch/x86/kernel/apic/apic_common.c | 2 +- arch/x86/kernel/apic/apic_numachip.c | 2 +- arch/x86/kernel/apic/x2apic.h | 2 +- arch/x86/kernel/apic/x2apic_phys.c | 2 +- arch/x86/kernel/apic/x2apic_uv_x.c | 2 +- arch/x86/kernel/cpu/mcheck/mce_amd.c | 15 ++ arch/x86/xen/apic.c | 2 +- block/blk-core.c | 4 +- block/blk-mq-cpumap.c | 5 - block/blk-mq.c | 21 +- drivers/acpi/nfit/core.c | 22 +- drivers/block/loop.c | 12 +- drivers/bluetooth/hci_bcm.c | 20 +- drivers/char/ipmi/ipmi_si_intf.c | 18 +- drivers/gpu/drm/i915/intel_dp_link_training.c | 26 ++- drivers/hv/channel_mgmt.c | 2 +- drivers/hwmon/ina2xx.c | 3 +- drivers/media/platform/vsp1/vsp1_dl.c | 3 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +- drivers/net/slip/slhc.c | 5 + drivers/net/usb/cdc_ether.c | 6 + drivers/net/usb/lan78xx.c | 3 +- drivers/net/wireless/ath/ath9k/xmit.c | 4 + drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 2 +- drivers/nvme/host/core.c | 1 + drivers/pci/host/pci-hyperv.c | 92 +++++++-- drivers/s390/cio/qdio_main.c | 42 ++-- drivers/scsi/qla2xxx/qla_os.c | 44 ++-- drivers/vhost/vhost.c | 10 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- fs/f2fs/gc.c | 5 +- fs/f2fs/segment.c | 3 +- fs/hugetlbfs/inode.c | 10 +- fs/namei.c | 3 +- fs/nfsd/nfs4proc.c | 12 +- fs/nfsd/nfs4xdr.c | 8 +- fs/nfsd/xdr4.h | 2 + fs/overlayfs/inode.c | 7 +- fs/overlayfs/namei.c | 9 + include/net/bluetooth/hci_core.h | 2 +- include/net/slhc_vj.h | 1 + kernel/events/core.c | 6 + lib/bitmap.c | 2 +- lib/test_bitmap.c | 4 + mm/gup.c | 5 +- mm/gup_benchmark.c | 4 +- net/bluetooth/hci_conn.c | 29 ++- net/bluetooth/hci_event.c | 15 +- net/bluetooth/l2cap_core.c | 2 +- net/ipv4/ip_gre.c | 6 + net/l2tp/l2tp_core.c | 225 +++++++++------------ net/l2tp/l2tp_core.h | 4 +- net/l2tp/l2tp_netlink.c | 22 +- net/l2tp/l2tp_ppp.c | 9 + net/netfilter/ipset/ip_set_core.c | 2 + net/rds/send.c | 15 +- net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 - security/apparmor/apparmorfs.c | 4 +- security/apparmor/include/audit.h | 8 +- security/apparmor/include/sig_names.h | 4 +- security/apparmor/ipc.c | 2 +- 69 files changed, 504 insertions(+), 345 deletions(-)

7 years, 6 months

4
55
0 0

[PATCH 4.14 00/49] 4.14.35-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.35 release. There are 49 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Apr 19 15:56:59 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.35-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.35-rc1 J. Bruce Fields <bfields(a)redhat.com> nfsd: fix incorrect umasks Mike Kravetz <mike.kravetz(a)oracle.com> hugetlbfs: fix bug in pgoff overflow checking Simon Gaiser <simon(a)invisiblethingslab.com> xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling Amir Goldstein <amir73il(a)gmail.com> ovl: fix lookup with middle layer opaque dir and absolute path redirects Ming Lei <ming.lei(a)redhat.com> blk-mq: don't keep offline CPUs mapped to hctx 0 Yury Norov <ynorov(a)caviumnetworks.com> lib: fix stall in __bitmap_parselist() Yunlong Song <yunlong.song(a)huawei.com> f2fs: fix heap mode to reset it back Eric Biggers <ebiggers(a)google.com> sunrpc: remove incorrect HMAC request initialization Toke Høiland-Jørgensen <toke(a)toke.dk> ath9k: Protect queue draining by rcu_read_lock() Marek Szyprowski <m.szyprowski(a)samsung.com> hwmon: (ina2xx) Fix access to uninitialized mutex Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/AMD: Get address from already initialized block Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/AMD: Pass the bank number to smca_get_bank_type() Yazen Ghannam <yazen.ghannam(a)amd.com> x86/MCE: Report only DRAM ECC as memory errors on AMD systems Sudhir Sreedharan <ssreedharan(a)mvista.com> rtl8187: Fix NULL pointer dereference in priv->conf_mutex Hans de Goede <hdegoede(a)redhat.com> Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low Szymon Janc <szymon.janc(a)codecoup.pl> Bluetooth: Fix connection if directed advertising and privacy is used Al Viro <viro(a)zeniv.linux.org.uk> getname_kernel() needs to make sure that ->name != ->iname in long case Michael S. Tsirkin <mst(a)redhat.com> get_user_pages_fast(): return -EFAULT on access_ok failure Vasily Gorbik <gor(a)linux.ibm.com> s390/ipl: ensure loadparm valid flag is set Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't merge ERROR output buffers Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't retry EQBS after CCQ 96 Dan Williams <dan.j.williams(a)intel.com> nfit: fix region registration vs block-data-window ranges Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> block/loop: fix deadlock after loop_set_status John Johansen <john.johansen(a)canonical.com> apparmor: fix resource audit messages when auditing peer John Johansen <john.johansen(a)canonical.com> apparmor: fix display of .ns_name for containers John Johansen <john.johansen(a)canonical.com> apparmor: fix logging of the existence test for signals Bill Kuzeja <William.Kuzeja(a)stratus.com> scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure Yazen Ghannam <yazen.ghannam(a)amd.com> x86/MCE/AMD: Define a function to get SMCA bank type Arnd Bergmann <arnd(a)arndb.de> radeon: hide pointless #warning when compile testing Prashant Bhole <bhole_prashant_q7(a)lab.ntt.co.jp> perf/core: Fix use-after-free in uprobe_perf_close() Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix timestamp following overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix error recovery from missing TIP packet Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix overlap detection to identify consecutive buffers correctly Nicholas Piggin <npiggin(a)gmail.com> KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode Dexuan Cui <decui(a)microsoft.com> PCI: hv: Serialize the present and eject work items Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: do not mark HV_PCIE as perf_device Helge Deller <deller(a)gmx.de> parisc: Fix HPMC handler by increasing size to multiple of 16 bytes Helge Deller <deller(a)gmx.de> parisc: Fix out of array access in match_pci_device() Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: v4l: vsp1: Fix header display list status check in continuous mode Mauro Carvalho Chehab <mchehab(a)kernel.org> media: v4l2-compat-ioctl32: don't oops on overlay Phil Elwell <phil(a)raspberrypi.org> lan78xx: Correctly indicate invalid OTP Eric Auger <eric.auger(a)redhat.com> vhost: Fix vhost_copy_to_user() Stefan Hajnoczi <stefanha(a)redhat.com> vhost: fix vhost_vq_access_ok() log check Tejaswi Tanikella <tejaswit(a)codeaurora.org> slip: Check if rstate is initialized before uncompressing Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: MP-RDS may use an invalid c_path Bassem Boubaker <bassem.boubaker(a)actia.fr> cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Jozsef Kadlecsik <kadlec(a)blackhole.kfki.hu> netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() ------------- Diffstat: Makefile | 4 +- arch/parisc/kernel/drivers.c | 4 ++ arch/parisc/kernel/hpmc.S | 6 +- arch/powerpc/kvm/book3s_hv_rm_mmu.c | 4 -- arch/s390/kernel/ipl.c | 1 + arch/x86/include/asm/mce.h | 3 + arch/x86/kernel/cpu/mcheck/mce.c | 4 +- arch/x86/kernel/cpu/mcheck/mce_amd.c | 54 ++++++++++++++++-- block/blk-mq-cpumap.c | 5 -- drivers/acpi/nfit/core.c | 22 +++++--- drivers/block/loop.c | 12 ++-- drivers/bluetooth/hci_bcm.c | 20 +------ drivers/edac/mce_amd.c | 11 ++-- drivers/gpu/drm/radeon/radeon_object.c | 3 +- drivers/hv/channel_mgmt.c | 2 +- drivers/hwmon/ina2xx.c | 3 +- drivers/media/platform/vsp1/vsp1_dl.c | 3 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +- drivers/net/slip/slhc.c | 5 ++ drivers/net/usb/cdc_ether.c | 6 ++ drivers/net/usb/lan78xx.c | 3 +- drivers/net/wireless/ath/ath9k/xmit.c | 4 ++ drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 2 +- drivers/pci/host/pci-hyperv.c | 34 ++++++------ drivers/s390/cio/qdio_main.c | 42 +++++++------- drivers/scsi/qla2xxx/qla_os.c | 44 +++++++-------- drivers/vhost/vhost.c | 10 ++-- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- fs/f2fs/gc.c | 5 +- fs/f2fs/segment.c | 3 +- fs/hugetlbfs/inode.c | 10 +++- fs/namei.c | 3 +- fs/nfsd/nfs4proc.c | 12 +++- fs/nfsd/nfs4xdr.c | 8 +-- fs/nfsd/xdr4.h | 2 + fs/overlayfs/namei.c | 9 +++ include/net/bluetooth/hci_core.h | 2 +- include/net/slhc_vj.h | 1 + kernel/events/core.c | 6 ++ lib/bitmap.c | 2 +- lib/test_bitmap.c | 4 ++ mm/gup.c | 5 +- net/bluetooth/hci_conn.c | 29 +++++++--- net/bluetooth/hci_event.c | 15 +++-- net/bluetooth/l2cap_core.c | 2 +- net/netfilter/ipset/ip_set_core.c | 2 + net/rds/send.c | 15 +++-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 - security/apparmor/apparmorfs.c | 4 +- security/apparmor/include/audit.h | 8 +-- security/apparmor/include/sig_names.h | 4 +- security/apparmor/ipc.c | 2 +- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 64 +++++++++++----------- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 2 +- tools/perf/util/intel-pt.c | 37 ++++++++++--- 55 files changed, 361 insertions(+), 215 deletions(-)

7 years, 6 months

4
50
0 0

[PATCH resend 3/4] virt: vbox: Use __get_free_pages instead of kmalloc for DMA32 memory

by Hans de Goede

It is not possible to get DMA32 zone memory through kmalloc, causing the vboxguest driver to malfunction due to getting memory above 4G which the PCI device cannot handle. This commit changes the kmalloc calls where the 4G limit matters to using __get_free_pages() fixing vboxguest not working on x86_64 guests with more then 4G RAM. Cc: stable(a)vger.kernel.org Reported-by: Eloy Coto Pereiro <eloy.coto(a)gmail.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/virt/vboxguest/vboxguest_linux.c | 19 ++++++++++++++++--- drivers/virt/vboxguest/vboxguest_utils.c | 5 +++-- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/drivers/virt/vboxguest/vboxguest_linux.c b/drivers/virt/vboxguest/vboxguest_linux.c index 82e280d38cc2..398d22693234 100644 --- a/drivers/virt/vboxguest/vboxguest_linux.c +++ b/drivers/virt/vboxguest/vboxguest_linux.c @@ -87,6 +87,7 @@ static long vbg_misc_device_ioctl(struct file *filp, unsigned int req, struct vbg_session *session = filp->private_data; size_t returned_size, size; struct vbg_ioctl_hdr hdr; + bool is_vmmdev_req; int ret = 0; void *buf; @@ -106,8 +107,17 @@ static long vbg_misc_device_ioctl(struct file *filp, unsigned int req, if (size > SZ_16M) return -E2BIG; - /* __GFP_DMA32 because IOCTL_VMMDEV_REQUEST passes this to the host */ - buf = kmalloc(size, GFP_KERNEL | __GFP_DMA32); + /* + * IOCTL_VMMDEV_REQUEST needs the buffer to be below 4G to avoid + * the need for a bounce-buffer and another copy later on. + */ + is_vmmdev_req = (req & ~IOCSIZE_MASK) == VBG_IOCTL_VMMDEV_REQUEST(0) || + req == VBG_IOCTL_VMMDEV_REQUEST_BIG; + + if (is_vmmdev_req) + buf = vbg_req_alloc(size, VBG_IOCTL_HDR_TYPE_DEFAULT); + else + buf = kmalloc(size, GFP_KERNEL); if (!buf) return -ENOMEM; @@ -132,7 +142,10 @@ static long vbg_misc_device_ioctl(struct file *filp, unsigned int req, ret = -EFAULT; out: - kfree(buf); + if (is_vmmdev_req) + vbg_req_free(buf, size); + else + kfree(buf); return ret; } diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c index bad915463359..bf4474214b4d 100644 --- a/drivers/virt/vboxguest/vboxguest_utils.c +++ b/drivers/virt/vboxguest/vboxguest_utils.c @@ -65,8 +65,9 @@ VBG_LOG(vbg_debug, pr_debug); void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type) { struct vmmdev_request_header *req; + int order = get_order(PAGE_ALIGN(len)); - req = kmalloc(len, GFP_KERNEL | __GFP_DMA32); + req = (void *)__get_free_pages(GFP_KERNEL | GFP_DMA32, order); if (!req) return NULL; @@ -87,7 +88,7 @@ void vbg_req_free(void *req, size_t len) if (!req) return; - kfree(req); + free_pages((unsigned long)req, get_order(PAGE_ALIGN(len))); } /* Note this function returns a VBox status code, not a negative errno!! */ -- 2.17.0

7 years, 6 months

1
0
0 0

[PATCH resend 2/4] virt: vbox: Add vbg_req_free() helper function

by Hans de Goede

This is a preparation patch for fixing issues on x86_64 virtual-machines with more then 4G of RAM, atm we pass __GFP_DMA32 to kmalloc, but kmalloc does not honor that, so we need to switch to get_pages, which means we will not be able to use kfree to free memory allocated with vbg_alloc_req. While at it also remove a comment on a vbg_alloc_req call which talks about Windows (inherited from the vbox upstream cross-platform code). Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- Changes in v2: -Put the vbg_req_free() prototype decl. in the private vboxguest_core.h instead of in linux/vbox_utils.h as it is private --- drivers/virt/vboxguest/vboxguest_core.c | 66 +++++++++++++----------- drivers/virt/vboxguest/vboxguest_core.h | 1 + drivers/virt/vboxguest/vboxguest_utils.c | 14 +++-- 3 files changed, 47 insertions(+), 34 deletions(-) diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c index 190dbf8cfcb5..7411a535fda2 100644 --- a/drivers/virt/vboxguest/vboxguest_core.c +++ b/drivers/virt/vboxguest/vboxguest_core.c @@ -114,7 +114,7 @@ static void vbg_guest_mappings_init(struct vbg_dev *gdev) } out: - kfree(req); + vbg_req_free(req, sizeof(*req)); kfree(pages); } @@ -144,7 +144,7 @@ static void vbg_guest_mappings_exit(struct vbg_dev *gdev) rc = vbg_req_perform(gdev, req); - kfree(req); + vbg_req_free(req, sizeof(*req)); if (rc < 0) { vbg_err("%s error: %d\n", __func__, rc); @@ -214,8 +214,8 @@ static int vbg_report_guest_info(struct vbg_dev *gdev) ret = vbg_status_code_to_errno(rc); out_free: - kfree(req2); - kfree(req1); + vbg_req_free(req2, sizeof(*req2)); + vbg_req_free(req1, sizeof(*req1)); return ret; } @@ -245,7 +245,7 @@ static int vbg_report_driver_status(struct vbg_dev *gdev, bool active) if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */ rc = VINF_SUCCESS; - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -431,7 +431,7 @@ static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled) rc = vbg_req_perform(gdev, req); do_div(req->interval_ns, 1000000); /* ns -> ms */ gdev->heartbeat_interval_ms = req->interval_ns; - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -454,12 +454,6 @@ static int vbg_heartbeat_init(struct vbg_dev *gdev) if (ret < 0) return ret; - /* - * Preallocate the request to use it from the timer callback because: - * 1) on Windows vbg_req_alloc must be called at IRQL <= APC_LEVEL - * and the timer callback runs at DISPATCH_LEVEL; - * 2) avoid repeated allocations. - */ gdev->guest_heartbeat_req = vbg_req_alloc( sizeof(*gdev->guest_heartbeat_req), VMMDEVREQ_GUEST_HEARTBEAT); @@ -481,8 +475,8 @@ static void vbg_heartbeat_exit(struct vbg_dev *gdev) { del_timer_sync(&gdev->heartbeat_timer); vbg_heartbeat_host_config(gdev, false); - kfree(gdev->guest_heartbeat_req); - + vbg_req_free(gdev->guest_heartbeat_req, + sizeof(*gdev->guest_heartbeat_req)); } /** @@ -543,7 +537,7 @@ static int vbg_reset_host_event_filter(struct vbg_dev *gdev, if (rc < 0) vbg_err("%s error, rc: %d\n", __func__, rc); - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -617,7 +611,7 @@ static int vbg_set_session_event_filter(struct vbg_dev *gdev, out: mutex_unlock(&gdev->session_mutex); - kfree(req); + vbg_req_free(req, sizeof(*req)); return ret; } @@ -642,7 +636,7 @@ static int vbg_reset_host_capabilities(struct vbg_dev *gdev) if (rc < 0) vbg_err("%s error, rc: %d\n", __func__, rc); - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -712,7 +706,7 @@ static int vbg_set_session_capabilities(struct vbg_dev *gdev, out: mutex_unlock(&gdev->session_mutex); - kfree(req); + vbg_req_free(req, sizeof(*req)); return ret; } @@ -749,7 +743,7 @@ static int vbg_query_host_version(struct vbg_dev *gdev) } out: - kfree(req); + vbg_req_free(req, sizeof(*req)); return ret; } @@ -847,11 +841,16 @@ int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events) return 0; err_free_reqs: - kfree(gdev->mouse_status_req); - kfree(gdev->ack_events_req); - kfree(gdev->cancel_req); - kfree(gdev->mem_balloon.change_req); - kfree(gdev->mem_balloon.get_req); + vbg_req_free(gdev->mouse_status_req, + sizeof(*gdev->mouse_status_req)); + vbg_req_free(gdev->ack_events_req, + sizeof(*gdev->ack_events_req)); + vbg_req_free(gdev->cancel_req, + sizeof(*gdev->cancel_req)); + vbg_req_free(gdev->mem_balloon.change_req, + sizeof(*gdev->mem_balloon.change_req)); + vbg_req_free(gdev->mem_balloon.get_req, + sizeof(*gdev->mem_balloon.get_req)); return ret; } @@ -872,11 +871,16 @@ void vbg_core_exit(struct vbg_dev *gdev) vbg_reset_host_capabilities(gdev); vbg_core_set_mouse_status(gdev, 0); - kfree(gdev->mouse_status_req); - kfree(gdev->ack_events_req); - kfree(gdev->cancel_req); - kfree(gdev->mem_balloon.change_req); - kfree(gdev->mem_balloon.get_req); + vbg_req_free(gdev->mouse_status_req, + sizeof(*gdev->mouse_status_req)); + vbg_req_free(gdev->ack_events_req, + sizeof(*gdev->ack_events_req)); + vbg_req_free(gdev->cancel_req, + sizeof(*gdev->cancel_req)); + vbg_req_free(gdev->mem_balloon.change_req, + sizeof(*gdev->mem_balloon.change_req)); + vbg_req_free(gdev->mem_balloon.get_req, + sizeof(*gdev->mem_balloon.get_req)); } /** @@ -1415,7 +1419,7 @@ static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev, req->flags = dump->u.in.flags; dump->hdr.rc = vbg_req_perform(gdev, req); - kfree(req); + vbg_req_free(req, sizeof(*req)); return 0; } @@ -1513,7 +1517,7 @@ int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features) if (rc < 0) vbg_err("%s error, rc: %d\n", __func__, rc); - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } diff --git a/drivers/virt/vboxguest/vboxguest_core.h b/drivers/virt/vboxguest/vboxguest_core.h index 39ed85cf9244..7ad9ec45bfa9 100644 --- a/drivers/virt/vboxguest/vboxguest_core.h +++ b/drivers/virt/vboxguest/vboxguest_core.h @@ -173,6 +173,7 @@ void vbg_linux_mouse_event(struct vbg_dev *gdev); /* Private (non exported) functions form vboxguest_utils.c */ void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type); +void vbg_req_free(void *req, size_t len); int vbg_req_perform(struct vbg_dev *gdev, void *req); int vbg_hgcm_call32( struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms, diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c index 0f0dab8023cf..bad915463359 100644 --- a/drivers/virt/vboxguest/vboxguest_utils.c +++ b/drivers/virt/vboxguest/vboxguest_utils.c @@ -82,6 +82,14 @@ void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type) return req; } +void vbg_req_free(void *req, size_t len) +{ + if (!req) + return; + + kfree(req); +} + /* Note this function returns a VBox status code, not a negative errno!! */ int vbg_req_perform(struct vbg_dev *gdev, void *req) { @@ -137,7 +145,7 @@ int vbg_hgcm_connect(struct vbg_dev *gdev, rc = hgcm_connect->header.result; } - kfree(hgcm_connect); + vbg_req_free(hgcm_connect, sizeof(*hgcm_connect)); *vbox_status = rc; return 0; @@ -166,7 +174,7 @@ int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 client_id, int *vbox_status) if (rc >= 0) rc = hgcm_disconnect->header.result; - kfree(hgcm_disconnect); + vbg_req_free(hgcm_disconnect, sizeof(*hgcm_disconnect)); *vbox_status = rc; return 0; @@ -623,7 +631,7 @@ int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function, } if (!leak_it) - kfree(call); + vbg_req_free(call, size); free_bounce_bufs: if (bounce_bufs) { -- 2.17.0

7 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror