- Linux-stable-mirror - lists.linaro.org

[PATCH 4.9 000/241] 4.9.89-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.89 release. There are 241 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 21 18:07:03 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.89-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.89-rc1 Srinath Mannam <srinath.mannam(a)broadcom.com> usb: gadget: bdc: 64-bit pointer capability check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Fix GDBGFIFOSPACE_TYPE values Wei Yongjun <weiyongjun1(a)huawei.com> USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() Bill Kuzeja <William.Kuzeja(a)stratus.com> scsi: qla2xxx: Fix extraneous ref on sp's after adapter break Nikolay Borisov <nborisov(a)suse.com> btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device Hans van Kranenburg <hans.van.kranenburg(a)mendix.com> btrfs: alloc_chunk: fix DUP stripe size handling Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: only check for dxfer_len greater than 256M Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: fix static checker warning in sg_is_valid_dxfer Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: fix SG_DXFER_FROM_DEV transfers Ard Biesheuvel <ard.biesheuvel(a)linaro.org> irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis Tejun Heo <tj(a)kernel.org> fs/aio: Use RCU accessors for kioctx_table->table[] Tejun Heo <tj(a)kernel.org> fs/aio: Add explicit RCU grace period when freeing kioctx Al Viro <viro(a)zeniv.linux.org.uk> lock_parent() needs to recheck if dentry got __dentry_kill'ed under it Eric W. Biederman <ebiederm(a)xmission.com> fs: Teach path_connected to handle nfs filesystems with multiple roots. Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu/dce: Don't turn off DP sink when disconnected Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix prime teardown order Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Clear client entry before deleting else at closing Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix possible UAF in snd_seq_check_queue() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Revert power_save option default value Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() John David Anglin <dave.anglin(a)bell.net> parisc: Handle case where flush_cache_range is called with no context Toshi Kani <toshi.kani(a)hpe.com> x86/mm: Fix vmalloc_fault to use pXd_large Alexander Sergeyev <sergeev917(a)gmail.com> x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist Andy Whitcroft <apw(a)canonical.com> x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels Andy Lutomirski <luto(a)kernel.org> x86/vm86/32: Fix POPF emulation Andy Lutomirski <luto(a)kernel.org> selftests/x86/entry_from_vm86: Add test cases for POPF Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> selftests/x86: Add tests for the STR and SLDT instructions Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> selftests/x86: Add tests for User-Mode Instruction Prevention Andy Lutomirski <luto(a)kernel.org> selftests/x86/entry_from_vm86: Exit with 1 if we fail Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/cpufeatures: Add Intel PCONFIG cpufeature Andy Lutomirski <luto(a)kernel.org> x86/boot/32: Fix UP boot on Quark and possibly other platforms Salil <salil.mehta(a)huawei.com> net: hns: Some checkpatch.pl script & warning fixes Mimi Zohar <zohar(a)linux.vnet.ibm.com> ima: relax requiring a file signature for new files with zero length Davidlohr Bueso <dave(a)stgolabs.net> locking/locktorture: Fix num reader/writer corner cases SeongJae Park <sj38.park(a)gmail.com> rcutorture/configinit: Fix build directory error message Mahesh Bandewar <maheshb(a)google.com> ipvlan: add L2 check for packets arriving via virtual devices Dan Carpenter <dan.carpenter(a)oracle.com> ASoC: nuc900: Fix a loop timeout test Luca Coelho <luciano.coelho(a)intel.com> mac80211: remove BUG() when interface type is invalid Adiel Aloni <adiel.aloni(a)intel.com> mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED Chris Wilson <chris(a)chris-wilson.co.uk> agp/intel: Flush all chipset writes after updating the GGTT Josh Poimboeuf <jpoimboe(a)redhat.com> powerpc/modules: Don't try to restore r2 after a sibling call Yong Zhao <yong.zhao(a)amd.com> drm/amdkfd: Fix memory leaks in kfd topology Stephen Hemminger <stephen(a)networkplumber.org> veth: set peer GSO values Dan Carpenter <dan.carpenter(a)oracle.com> media: cpia2: Fix a couple off by one bugs Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: vsp1: Prevent suspending and resuming DRM pipelines Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: dh: add new rdac devices Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: devinfo: apply to HP XP the same flags as Hitachi VSP Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: scsi_get_device_flags_keyed(): Always return device flags Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Don't print "Link speed -1 no longer supported" messages. Tobias Jordan <Tobias.Jordan(a)elektrobit.com> spi: sun6i: disable/unprepare clocks on remove Julien BOIBESSOT <julien.boibessot(a)armadeus.com> tools/usbip: fixes build with musl libc toolchain Ben Greear <greearb(a)candelatech.com> ath10k: fix invalid STS_CAP_OFFSET_MASK Limin Zhu <liminzhu(a)marvell.com> mwifiex: cfg80211: do not change virtual interface during scan processing Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> clk: qcom: msm8916: fix mnd_width for codec_digcodec Axel Lin <axel.lin(a)ingics.com> pwm: stmpe: Fix wrong register offset for hwpwm=2 case Li Dongyang <dongyang.li(a)anu.edu.au> scsi: ses: don't ask for diagnostic pages repeatedly during probe Peter Ujfalusi <peter.ujfalusi(a)ti.com> dmaengine: bcm2835-dma: Use vchan_terminate_vdesc() instead of desc_free Manikanta Pubbisetty <mpubbise(a)qti.qualcomm.com> ath10k: update tdls teardown state to target Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> power: supply: ab8500_charger: Fix an error handling path Bjorn Andersson <bjorn.andersson(a)linaro.org> leds: pm8058: Silence pointer to integer size warning Eric W. Biederman <ebiederm(a)xmission.com> userns: Don't fail follow_automount based on s_user_ns Jagdish Gediya <jagdish.gediya(a)nxp.com> mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 Andrew F. Davis <afd(a)ti.com> ARM: dts: omap3-n900: Fix the audio CODEC's reset pin Andrew F. Davis <afd(a)ti.com> ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin Sunil Goutham <sgoutham(a)cavium.com> net: thunderx: Set max queue count taking XDP_TX into account Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Lorenzo Colitti <lorenzo(a)google.com> net: xfrm: allow clearing socket xfrm policies. Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix bug if defined DEBUG Luis R. Rodriguez <mcgrof(a)kernel.org> test_firmware: fix setting old custom fw path back on exit Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Stop resched_cpu() from sending IPIs to offline CPUs Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Stop switched_to_rt() from sending IPIs to offline CPUs Simon Shields <simon(a)lineageos.org> ARM: dts: exynos: Correct Trats2 panel reset line Yixun Lan <yixun.lan(a)amlogic.com> clk: meson: gxbb: fix wrong clock for SARADC/SANA Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: rs: don't override the rate history in the search cycle Jiri Kosina <jkosina(a)suse.cz> HID: elo: clear BTN_LEFT mapping Ville Syrjälä <ville.syrjala(a)linux.intel.com> video/hdmi: Allow "empty" HDMI infoframes Jani Nikula <jani.nikula(a)intel.com> drm/edid: set ELD connector type in drm_edid_to_eld() Ganapathi Bhat <gbhat(a)marvell.com> mwifiex: Fix invalid port issue Stephane Eranian <eranian(a)google.com> perf stat: Fix bug in handling events in error state Dedy Lansky <qca_dlansky(a)qca.qualcomm.com> wil6210: fix memory access violation in wil_memcpy_from/toio_32 Hamad Kadmany <qca_hkadmany(a)qca.qualcomm.com> wil6210: fix protection against connections during reset Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: fix compile time sanity check for CE4 buffer size Johannes Berg <johannes.berg(a)intel.com> mac80211_hwsim: use per-interface power level Michael Scott <michael.scott(a)linaro.org> Bluetooth: 6lowpan: fix delay work init in add_peer_chan() Dean Jenkins <Dean_Jenkins(a)mentor.com> Bluetooth: Avoid bt_accept_unlink() double unlinking Rajendra Nayak <rnayak(a)codeaurora.org> clk: qcom: msm8996: Fix the vfe1 powerdomain name Laxman Dewangan <ldewangan(a)nvidia.com> pwm: tegra: Increase precision in PWM rate calculation Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Set kprobes pages read-only Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix kprobe-booster not to boost far call instructions Subhransu S. Prusty <subhransu.s.prusty(a)intel.com> ALSA: hda: Add Geminilake id to SKL_PLUS Hannes Reinecke <hare(a)suse.de> scsi: sg: close race condition in sg_remove_sfp_usercontext() Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: check for valid direction before starting the request Alexey Kardashevskiy <aik(a)ozlabs.ru> vfio/spapr_tce: Check kzalloc() return when preregistering memory Alexey Kardashevskiy <aik(a)ozlabs.ru> vfio/powerpc/spapr_tce: Enforce IOMMU type compatibility check David Carrillo-Cisneros <davidcc(a)google.com> perf session: Don't rely on evlist in pipe mode Fugang Duan <fugang.duan(a)nxp.com> net: fec: add phy-reset-gpios PROBE_DEFER check David Carrillo-Cisneros <davidcc(a)google.com> perf inject: Copy events when reordering events in pipe mode Mark Rutland <mark.rutland(a)arm.com> drivers/perf: arm_pmu: handle no platform_device Johannes Berg <johannes.berg(a)intel.com> iwlwifi: mvm: fix RX SKB header size and align it properly Jin Yao <yao.jin(a)linux.intel.com> perf evsel: Return exact sub event which failed with EPERM for wildcards Yuyang Du <yuyang.du(a)intel.com> usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() John Stultz <john.stultz(a)linaro.org> usb: dwc2: Make sure we disconnect the gadget state Michael Ellerman <mpe(a)ellerman.id.au> powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit() Zhilong Liu <zlliu(a)suse.com> md.c:didn't unlock the mddev before return EINVAL in array_size_store NeilBrown <neilb(a)suse.com> md/raid6: Fix anomily when recovering a single device in RAID6. Vincent Stehlé <vincent.stehle(a)laposte.net> regulator: isl9305: fix array size Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> v4l: vsp1: Register pipe with output WPF Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> v4l: vsp1: Prevent multiple streamon race commencing pipeline early Aleksandar Markovic <aleksandar.markovic(a)imgtec.com> MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters Leonid Yegoshin <Leonid.Yegoshin(a)imgtec.com> MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification David Daney <david.daney(a)cavium.com> MIPS: BPF: Fix multiple problems in JIT skb access helpers. David Daney <david.daney(a)cavium.com> MIPS: BPF: Quit clobbering callee saved registers in JIT code. Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: setup DCEDTE early and ensure DCD and RI irqs to be off Jayachandran C <jnair(a)caviumnetworks.com> tty: amba-pl011: Fix spurious TX interrupts Arnd Bergmann <arnd(a)arndb.de> lkdtm: turn off kcov for lkdtm_rodata_do_nothing: Mike Leach <mike.leach(a)linaro.org> coresight: Fixes coresight DT parse to get correct output port ID. Mitch Williams <mitch.a.williams(a)intel.com> i40e: only register client on iWarp-capable devices Jeffy Chen <jeffy.chen(a)rock-chips.com> drm/rockchip: vop: Enable pm domain before vop_initial Christopher James Halse Rogers <christopher.halse.rogers(a)canonical.com> drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) Christopher James Halse Rogers <christopher.halse.rogers(a)canonical.com> drm/radeon: Fail fb creation from imported dma-bufs. Liam Beguin <lbeguin(a)tycoint.com> video: ARM CLCD: fix dma allocation size Jim Mattson <jmattson(a)google.com> kvm: nVMX: Disallow userspace-injected exceptions in guest mode Borislav Petkov <bp(a)suse.de> kvm/svm: Setup MCG_CAP on AMD properly Nate Watterson <nwatters(a)codeaurora.org> iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range John Johansen <john.johansen(a)canonical.com> apparmor: Make path_max parameter readonly Mintz, Yuval <Yuval.Mintz(a)cavium.com> qed: Correct MSI-x for storage Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> scsi: ses: don't get power status of SES device slot on probe Thor Thayer <thor.thayer(a)linux.intel.com> EDAC, altera: Fix peripheral warnings for Cyclone5 Phil Turnbull <phil.turnbull(a)oracle.com> fm10k: correctly check if interface is removed Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-digi00x: handle all MIDI messages on streaming packets Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-digi00x: add support for console models of Digi00x series Easwar Hariharan <easwar.hariharan(a)intel.com> IB/hfi1: Check for QSFP presence before attempting reads Javier Martinez Canillas <javier(a)osg.samsung.com> ASoC: rt5677: Add OF device ID table Jan Kara <jack(a)suse.cz> reiserfs: Make cancel_old_flush() reliable Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: a33: Add offset and minimum value for DDR1 PLL N factor Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: koelsch: Correct clock frequency of X2 DU clock input Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> drm: rcar-du: Handle event when disabling CRTCs Arnd Bergmann <arnd(a)arndb.de> soc/tegra: Fix link errors with PMC disabled Petr Mladek <pmladek(a)suse.com> printk: Correctly handle preemption in console_unlock() Peter Zijlstra <peterz(a)infradead.org> rtmutex: Fix PI chain order integrity Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix TM block ILT allocation Andrew Lunn <andrew(a)lunn.ch> net/faraday: Add missing include of of.h lipeng <lipeng321(a)huawei.com> net: hns: Correct HNS RSS key set function Anton Blanchard <anton(a)samba.org> powerpc: Avoid taking a data miss on every userspace instruction miss Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7793: Correct parent of SSI[0-9] clocks Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks Chris Brandt <chris.brandt(a)renesas.com> ARM: dts: r7s72100: fix ethernet clock parent Andrey Rusalin <arusalin(a)dev.rtsoft.ru> NFC: pn533: change order of free_irq and dev unregistration Dan Carpenter <dan.carpenter(a)oracle.com> NFC: nfcmrvl: double free on error path Tobias Klauser <tklauser(a)distanz.ch> NFC: nfcmrvl: Include unaligned.h instead of access_ok.h Felix Manlunas <felix.manlunas(a)cavium.com> vxlan: vxlan dev should inherit lowerdev's gso_max_size Sinclair Yeh <syeh(a)vmware.com> drm/vmwgfx: Fixes to vmwgfx_fb Samuel Thibault <samuel.thibault(a)ens-lyon.org> braille-console: Fix value returned by _braille_console_setup Aneesh Kumar K.V <aneesh.kumar(a)linux.vnet.ibm.com> powerpc/mm/hugetlb: Filter out hugepage size not supported by page table layout Manish Jaggi <mjaggi(a)caviumnetworks.com> PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices Eric Dumazet <edumazet(a)google.com> bonding: refine bond_fold_stats() wrap detection Nicolai Hähnle <nicolai.haehnle(a)amd.com> drm/ttm: never add BO that failed to validate to the LRU list Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: relax node version check for victim data in gc Arnaldo Carvalho de Melo <acme(a)redhat.com> perf trace: Handle unpaired raw_syscalls:sys_exit event Matthias Kaehlcke <mka(a)chromium.org> regulator: core: Limit propagation of parent voltage count and list Roger Quadros <rogerq(a)ti.com> ARM: DRA7: hwmod_data: Prevent wait_target_disable error for usb_otg_ss Shaohua Li <shli(a)fb.com> blk-throttle: make sure expire time isn't too big Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: silk: Correct clock of DU1 Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7794: Correct clock of DU1 Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: add a quirk of packet without valid EOH in CIP format Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() Mahesh Bandewar <maheshb(a)google.com> bonding: make speed, duplex setting consistent with link state Shikhar Dogra <shidogra(a)cisco.com> driver: (adm1275) set the m,b and R coefficients correctly for power Jitendra Bhivare <jitendra.bhivare(a)broadcom.com> scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait Alexander Duyck <alexander.h.duyck(a)intel.com> i40e/i40evf: Fix use after free in Rx cleanup path Tommi Rantala <tommi.t.rantala(a)nokia.com> perf buildid: Do not assume that readlink() returns a null terminated string Taeung Song <treeze.taeung(a)gmail.com> perf annotate: Fix a bug following symbolic link of a build-id file Baruch Siach <baruch(a)tkos.co.il> ARM: dts: bcm2835: add index to the ethernet alias Felipe Balbi <felipe.balbi(a)linux.intel.com> usb: dwc3: make sure UX_EXIT_PX is cleared Jiada Wang <jiada_wang(a)mentor.com> dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped Gao Feng <fgao(a)ikuai8.com> tcp: sysctl: Fix a race to avoid unexpected 0 window from space Akinobu Mita <akinobu.mita(a)gmail.com> spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT Long Li <longli(a)microsoft.com> PCI: hv: Lock PCI bus on device eject Long Li <longli(a)microsoft.com> PCI: hv: Properly handle PCI bus remove Davide Caratti <dcaratti(a)redhat.com> sched: act_csum: don't mangle TCP and UDP GSO packets Javier Martinez Canillas <javier(a)osg.samsung.com> Input: qt1070 - add OF device ID table Tom Hromatka <tom.hromatka(a)oracle.com> sysrq: Reset the watchdog timers while displaying high-resolution timers David Engraf <david.engraf(a)sysgo.com> timers, sched_clock: Update timeout for clock wrap Janusz Krzysztofik <jmkrzyszt(a)gmail.com> media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Brian King <brking(a)linux.vnet.ibm.com> scsi: ipr: Fix missed EH wakeup Satish Kharat <satishkh(a)cisco.com> scsi: fnic: Fix for "Number of Active IOs" in fnicstats becoming negative Andy Lutomirski <luto(a)kernel.org> x86/boot/32: Defer resyncing initial_page_table until per-cpu is set up Anton Sviridenko <anton(a)corp.bluecherry.net> solo6x10: release vb2 buffers in solo_stop_streaming() Rob Herring <robh(a)kernel.org> of: fix of_device_get_modalias returned length when truncating buffers Andreas Pape <APape(a)phoenixcontact.com> batman-adv: handle race condition for claims between gateways Johan Hovold <johan(a)kernel.org> zd1211rw: fix NULL-deref at probe Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/topology: fix typo in early topology code Mintz, Yuval <Yuval.Mintz(a)cavium.com> qed: Always publish VF link from leading hwfn Linus Walleij <linus.walleij(a)linaro.org> ARM: dts: Adjust moxart IRQ controller and flags Andrey Vagin <avagin(a)openvz.org> net/8021q: create device with all possible features in wanted_features Tomasz Kramkowski <tk(a)the-tk.com> HID: clamp input to logical range if no null state Kefeng Wang <wangkefeng.wang(a)huawei.com> perf probe: Return errno when not hitting any event Ravi Bangoria <ravi.bangoria(a)linux.vnet.ibm.com> perf probe: Fix concat_probe_trace_events Arvind Yadav <arvind.yadav.cs(a)gmail.com> omapfb: dss: Handle return errors in dss_init_ports() Yazen Ghannam <Yazen.Ghannam(a)amd.com> x86/mce: Init some CPU features early Nik Unger <njunger(a)uwaterloo.ca> netem: apply correct delay when rate throttling Steve Lin <steven.lin1(a)broadcom.com> net: ethernet: bgmac: Allow MAC address to be specified in DTB Stefan Wahren <stefan.wahren(a)i2se.com> ARM: bcm2835: Enable missing CMA settings for VC4 driver Oliver Neukum <oneukum(a)suse.com> usb: misc: lvs: fix race condition in disconnect handling Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: fix fetching channel during potential radar detection Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: disallow DFS simulation if DFS channel is not enabled Chris Wilson <chris(a)chris-wilson.co.uk> drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) Iyappan Subramanian <isubramanian(a)apm.com> drivers: net: xgene: Fix Rx checksum validation logic Quan Nguyen <qnguyen(a)apm.com> drivers: net: xgene: Fix wrong logical operation Quan Nguyen <qnguyen(a)apm.com> drivers: net: phy: xgene: Fix mdio write Quan Nguyen <qnguyen(a)apm.com> drivers: net: xgene: Fix hardware checksum setting Al Cooper <alcooperx(a)gmail.com> ARM: brcmstb: Enable ZONE_DMA for non 64-bit capable peripherals Stephane Eranian <eranian(a)google.com> perf tools: Make perf_event__synthesize_mmap_events() scale Lihong Yang <lihong.yang(a)intel.com> i40e: fix ethtool to get EEPROM data from X722 interface Aaron Salter <aaron.k.salter(a)intel.com> i40e: Acquire NVM lock before reads on all devices Greg KH <gregkh(a)linuxfoundation.org> eventpoll.h: fix epoll event masks Xunlei Pang <xlpang(a)redhat.com> x86/mce: Handle broadcasted MCE gracefully with kexec Changbin Du <changbin.du(a)intel.com> perf sort: Fix segfault with basic block 'cycles' sort dimension Dmitry Safonov <dsafonov(a)virtuozzo.com> x86/mm: Make mmap(MAP_32BIT) work correctly Alexander Potapenko <glider(a)google.com> selinux: check for address length in selinux_socket_bind() Prarit Bhargava <prarit(a)redhat.com> PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> net: mvpp2: set dma mask and coherent dma mask on PPv2.2 Chen-Yu Tsai <wens(a)csie.org> drm/sun4i: Fix TCON clock and regmap initialization sequence Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath10k: fix a warning during channel switch with multiple vaps Chen-Yu Tsai <wens(a)csie.org> drm/sun4i: Set drm_crtc.port to the underlying TCON's output port node Chen-Yu Tsai <wens(a)csie.org> drm/sun4i: Fix up error path cleanup for master bind function Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: r8a7796: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7794: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7793: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7792: Remove unit-address and reg from integrated cache Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: r8a7791: Remove unit-address and reg from integrated cache Gabriel Krisman Bertazi <krisman(a)collabora.co.uk> drm: qxl: Don't alloc fbdev if emulation is not supported Valtteri Heikkilä <rnd(a)nic.fi> HID: reject input outside logical range only if null state is set Colin Ian King <colin.king(a)canonical.com> staging: wilc1000: add check for kmalloc allocation failure. Varsha Rao <rvarsha016(a)gmail.com> staging: speakup: Replace BUG_ON() with WARN_ON(). Borislav Petkov <bp(a)suse.de> perf stat: Issue a HW watchdog disable hint H. Nikolaus Schaller <hns(a)goldelico.com> Input: tsc2007 - check for presence and power down tsc2007 during probe Hou Tao <houtao1(a)huawei.com> blkcg: fix double free of new_blkg in blkcg_init_queue ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am335x-pepper.dts | 2 +- arch/arm/boot/dts/bcm283x-rpi-smsc9512.dtsi | 2 +- arch/arm/boot/dts/bcm283x-rpi-smsc9514.dtsi | 2 +- arch/arm/boot/dts/exynos4412-trats2.dts | 2 +- arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +- arch/arm/boot/dts/moxart.dtsi | 17 +-- arch/arm/boot/dts/omap3-n900.dts | 4 +- arch/arm/boot/dts/r7s72100.dtsi | 2 +- arch/arm/boot/dts/r8a7790.dtsi | 7 +- arch/arm/boot/dts/r8a7791-koelsch.dts | 2 +- arch/arm/boot/dts/r8a7791.dtsi | 10 +- arch/arm/boot/dts/r8a7792.dtsi | 3 +- arch/arm/boot/dts/r8a7793.dtsi | 10 +- arch/arm/boot/dts/r8a7794-silk.dts | 2 +- arch/arm/boot/dts/r8a7794.dtsi | 5 +- arch/arm/configs/bcm2835_defconfig | 4 +- arch/arm/mach-bcm/Kconfig | 1 + arch/arm/mach-omap2/omap_hwmod_7xx_data.c | 2 + arch/arm64/boot/dts/renesas/r8a7796.dtsi | 3 +- arch/mips/kernel/mips-r2-to-r6-emul.c | 16 ++- arch/mips/net/bpf_jit.c | 16 ++- arch/mips/net/bpf_jit_asm.S | 23 ++-- arch/parisc/kernel/cache.c | 41 ++++++-- arch/powerpc/include/asm/code-patching.h | 1 + arch/powerpc/kernel/module_64.c | 12 ++- arch/powerpc/lib/code-patching.c | 5 + arch/powerpc/mm/fault.c | 2 +- arch/powerpc/mm/hugetlbpage.c | 18 ++++ arch/powerpc/mm/tlb_nohash.c | 2 +- arch/s390/kernel/early.c | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/nospec-branch.h | 5 +- arch/x86/include/asm/reboot.h | 1 + arch/x86/kernel/cpu/intel.c | 3 +- arch/x86/kernel/cpu/mcheck/mce.c | 48 ++++++--- arch/x86/kernel/kprobes/core.c | 6 ++ arch/x86/kernel/kprobes/opt.c | 3 + arch/x86/kernel/reboot.c | 5 +- arch/x86/kernel/setup_percpu.c | 21 ++++ arch/x86/kernel/sys_x86_64.c | 4 +- arch/x86/kernel/vm86_32.c | 3 +- arch/x86/kvm/svm.c | 7 ++ arch/x86/kvm/x86.c | 3 +- arch/x86/mm/fault.c | 6 +- block/blk-cgroup.c | 4 +- block/blk-throttle.c | 11 ++ drivers/char/agp/intel-gtt.c | 2 + drivers/clk/meson/gxbb.c | 4 +- drivers/clk/qcom/gcc-msm8916.c | 1 + drivers/clk/qcom/mmcc-msm8996.c | 2 +- drivers/clk/sunxi-ng/ccu-sun8i-a33.c | 18 ++-- drivers/dma/bcm2835-dma.c | 10 +- drivers/dma/imx-sdma.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 31 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 6 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 2 - drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 10 ++ drivers/gpu/drm/drm_edid.c | 9 +- drivers/gpu/drm/drm_irq.c | 14 ++- drivers/gpu/drm/qxl/qxl_fb.c | 9 +- drivers/gpu/drm/radeon/radeon_display.c | 6 ++ drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 7 ++ drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 29 +++-- drivers/gpu/drm/sun4i/sun4i_crtc.c | 5 + drivers/gpu/drm/sun4i/sun4i_drv.c | 16 ++- drivers/gpu/drm/sun4i/sun4i_tcon.c | 22 ++-- drivers/gpu/drm/ttm/ttm_bo.c | 12 ++- drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 4 +- drivers/hid/hid-elo.c | 6 ++ drivers/hid/hid-input.c | 20 ++-- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwtracing/coresight/of_coresight.c | 2 +- drivers/infiniband/hw/hfi1/chip.c | 7 +- drivers/input/keyboard/qt1070.c | 9 ++ drivers/input/touchscreen/tsc2007.c | 8 ++ drivers/iommu/iova.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/leds/leds-pm8058.c | 2 +- drivers/md/md.c | 4 +- drivers/md/raid5.c | 13 ++- drivers/media/i2c/soc_camera/ov6650.c | 2 +- drivers/media/pci/solo6x10/solo6x10-v4l2.c | 11 ++ drivers/media/platform/vsp1/vsp1_drm.c | 1 + drivers/media/platform/vsp1/vsp1_drv.c | 16 ++- drivers/media/platform/vsp1/vsp1_video.c | 13 +++ drivers/media/usb/cpia2/cpia2_v4l.c | 4 +- drivers/misc/Makefile | 2 + drivers/misc/enclosure.c | 7 +- drivers/mtd/nand/fsl_ifc_nand.c | 7 ++ drivers/mtd/nand/nand_base.c | 9 +- drivers/net/bonding/bond_main.c | 35 +++--- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 1 + drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 1 + drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 31 +++--- drivers/net/ethernet/broadcom/bgmac-bcma.c | 39 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/cavium/thunder/nicvf_main.c | 5 + drivers/net/ethernet/faraday/ftgmac100.c | 1 + drivers/net/ethernet/freescale/fec_main.c | 26 +++-- drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c | 23 ++-- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 11 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 1 - drivers/net/ethernet/hisilicon/hns/hns_enet.c | 5 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 8 +- drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 5 + drivers/net/ethernet/intel/i40e/i40e_main.c | 19 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 12 +-- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 1 + drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 1 + drivers/net/ethernet/marvell/mvpp2.c | 14 +++ drivers/net/ethernet/qlogic/qed/qed_cxt.c | 32 ++++-- drivers/net/ethernet/qlogic/qed/qed_main.c | 3 +- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 13 ++- drivers/net/ieee802154/adf7242.c | 4 +- drivers/net/ipvlan/ipvlan_core.c | 4 + drivers/net/phy/mdio-xgene.c | 2 +- drivers/net/veth.c | 3 + drivers/net/vxlan.c | 5 + drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/debug.c | 9 ++ drivers/net/wireless/ath/ath10k/mac.c | 12 ++- drivers/net/wireless/ath/ath10k/wmi.c | 5 + drivers/net/wireless/ath/ath10k/wmi.h | 3 +- drivers/net/wireless/ath/wil6210/main.c | 20 +++- drivers/net/wireless/ath/wil6210/wmi.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 18 +++- drivers/net/wireless/mac80211_hwsim.c | 26 ++--- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 ++ drivers/net/wireless/marvell/mwifiex/sdio.c | 4 +- drivers/net/wireless/zydas/zd1211rw/zd_usb.c | 3 + drivers/nfc/nfcmrvl/fw_dnld.c | 2 +- drivers/nfc/nfcmrvl/spi.c | 5 +- drivers/nfc/pn533/i2c.c | 4 +- drivers/of/device.c | 2 +- drivers/pci/host/pci-hyperv.c | 24 ++++- drivers/pci/pci-driver.c | 2 - drivers/pci/quirks.c | 3 + drivers/perf/arm_pmu.c | 12 ++- drivers/power/supply/ab8500_charger.c | 6 +- drivers/pwm/pwm-stmpe.c | 2 +- drivers/pwm/pwm-tegra.c | 7 +- drivers/regulator/core.c | 9 +- drivers/scsi/be2iscsi/be_cmds.c | 6 ++ drivers/scsi/fnic/fnic_scsi.c | 16 +-- drivers/scsi/ipr.c | 16 ++- drivers/scsi/qla2xxx/qla_os.c | 8 +- drivers/scsi/scsi_devinfo.c | 9 +- drivers/scsi/scsi_dh.c | 5 +- drivers/scsi/ses.c | 12 ++- drivers/scsi/sg.c | 35 +++--- drivers/spi/spi-omap2-mcspi.c | 9 +- drivers/spi/spi-sun6i.c | 2 +- drivers/staging/speakup/kobjects.c | 8 +- drivers/staging/wilc1000/host_interface.c | 2 + drivers/tty/serial/amba-pl011.c | 23 ++-- drivers/tty/serial/imx.c | 36 ++++--- drivers/usb/dwc2/hcd.c | 1 + drivers/usb/dwc3/core.c | 6 ++ drivers/usb/dwc3/core.h | 17 +-- drivers/usb/gadget/udc/bdc/bdc_core.c | 2 +- drivers/usb/gadget/udc/bdc/bdc_pci.c | 1 + drivers/usb/gadget/udc/dummy_hcd.c | 20 ++-- drivers/usb/misc/lvstest.c | 1 + drivers/vfio/vfio_iommu_spapr_tce.c | 13 +++ drivers/video/fbdev/amba-clcd.c | 4 +- drivers/video/fbdev/omap2/omapfb/dss/dss.c | 16 ++- drivers/video/hdmi.c | 51 +++++---- fs/aio.c | 44 +++++--- fs/btrfs/volumes.c | 12 ++- fs/dcache.c | 11 +- fs/f2fs/gc.c | 6 +- fs/namei.c | 8 +- fs/nfs/super.c | 2 + fs/reiserfs/journal.c | 2 +- fs/reiserfs/reiserfs.h | 1 + fs/reiserfs/super.c | 21 ++-- include/linux/fs.h | 1 + include/linux/pagemap.h | 4 +- include/linux/platform_data/isl9305.h | 2 +- include/linux/regulator/driver.h | 2 + include/net/tcp.h | 8 +- include/soc/tegra/pmc.h | 29 +++-- include/uapi/linux/eventpoll.h | 8 +- kernel/locking/locktorture.c | 76 +++++++------ kernel/locking/rtmutex.c | 29 ++++- kernel/locking/rtmutex_common.h | 1 + kernel/printk/braille.c | 15 +-- kernel/printk/braille.h | 13 ++- kernel/printk/printk.c | 8 +- kernel/sched/core.c | 3 +- kernel/sched/rt.c | 2 +- kernel/time/sched_clock.c | 5 + kernel/time/timer_list.c | 6 ++ net/8021q/vlan_dev.c | 3 +- net/batman-adv/bridge_loop_avoidance.c | 20 +++- net/bluetooth/6lowpan.c | 10 +- net/bluetooth/af_bluetooth.c | 24 +++++ net/mac80211/iface.c | 2 +- net/sched/act_csum.c | 12 +++ net/sched/sch_netem.c | 26 +++-- net/xfrm/xfrm_policy.c | 2 +- net/xfrm/xfrm_state.c | 7 ++ security/apparmor/lsm.c | 2 +- security/integrity/ima/ima_appraise.c | 3 +- security/selinux/hooks.c | 8 ++ sound/core/oss/pcm_oss.c | 10 +- sound/core/seq/seq_clientmgr.c | 4 +- sound/core/seq/seq_prioq.c | 28 ++--- sound/core/seq/seq_prioq.h | 6 +- sound/core/seq/seq_queue.c | 28 ++--- sound/firewire/amdtp-stream.c | 5 +- sound/firewire/amdtp-stream.h | 3 + sound/firewire/digi00x/amdtp-dot.c | 55 ++++++---- sound/firewire/digi00x/digi00x.c | 13 ++- sound/firewire/digi00x/digi00x.h | 1 + sound/pci/hda/hda_intel.c | 13 ++- sound/soc/codecs/rt5677.c | 7 ++ sound/soc/nuc900/nuc900-ac97.c | 4 +- sound/soc/sh/rcar/ssi.c | 9 ++ tools/perf/builtin-probe.c | 6 +- tools/perf/builtin-stat.c | 23 +++- tools/perf/builtin-trace.c | 43 ++++++-- tools/perf/util/annotate.c | 10 +- tools/perf/util/build-id.c | 6 +- tools/perf/util/event.c | 4 +- tools/perf/util/evsel.c | 12 ++- tools/perf/util/ordered-events.c | 3 +- tools/perf/util/probe-event.c | 2 +- tools/perf/util/session.c | 17 ++- tools/perf/util/sort.c | 5 + tools/testing/selftests/firmware/fw_filesystem.sh | 5 +- .../testing/selftests/rcutorture/bin/configinit.sh | 2 +- tools/testing/selftests/x86/entry_from_vm86.c | 117 ++++++++++++++++++++- tools/usb/usbip/src/usbipd.c | 2 +- 240 files changed, 1802 insertions(+), 691 deletions(-)

7 years, 5 months

5
240
0 0

Re: [PATCH v3] drm/i915/gvt: throw error on unhandled vfio ioctls

by Alex Williamson

On Wed, 21 Mar 2018 15:08:47 +0100 Gerd Hoffmann <kraxel(a)redhat.com> wrote: > On unknown/unhandled ioctls the driver should return an error, so > userspace knows it tried to use something unsupported. > > Cc: stable(a)vger.kernel.org > Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com> > --- > drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c > index 021f722e24..f34d7f1e6c 100644 > --- a/drivers/gpu/drm/i915/gvt/kvmgt.c > +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c > @@ -1284,7 +1284,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd, > > } > > - return 0; > + return -ENOTTY; > } > > static ssize_t Reviewed-by: Alex Williamson <alex.williamson(a)redhat.com>

7 years, 5 months

2
1
0 0

[PATCH 03/15] mm/hmm: HMM should have a callback before MM is destroyed v2

by jglisse＠redhat.com

From: Ralph Campbell <rcampbell(a)nvidia.com> The hmm_mirror_register() function registers a callback for when the CPU pagetable is modified. Normally, the device driver will call hmm_mirror_unregister() when the process using the device is finished. However, if the process exits uncleanly, the struct_mm can be destroyed with no warning to the device driver. Changed since v1: - dropped VM_BUG_ON() - cc stable Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: Mark Hairgrove <mhairgrove(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> --- include/linux/hmm.h | 10 ++++++++++ mm/hmm.c | 18 +++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/include/linux/hmm.h b/include/linux/hmm.h index 36dd21fe5caf..fa7b51f65905 100644 --- a/include/linux/hmm.h +++ b/include/linux/hmm.h @@ -218,6 +218,16 @@ enum hmm_update_type { * @update: callback to update range on a device */ struct hmm_mirror_ops { + /* release() - release hmm_mirror + * + * @mirror: pointer to struct hmm_mirror + * + * This is called when the mm_struct is being released. + * The callback should make sure no references to the mirror occur + * after the callback returns. + */ + void (*release)(struct hmm_mirror *mirror); + /* sync_cpu_device_pagetables() - synchronize page tables * * @mirror: pointer to struct hmm_mirror diff --git a/mm/hmm.c b/mm/hmm.c index 320545b98ff5..6088fa6ed137 100644 --- a/mm/hmm.c +++ b/mm/hmm.c @@ -160,6 +160,21 @@ static void hmm_invalidate_range(struct hmm *hmm, up_read(&hmm->mirrors_sem); } +static void hmm_release(struct mmu_notifier *mn, struct mm_struct *mm) +{ + struct hmm *hmm = mm->hmm; + struct hmm_mirror *mirror; + struct hmm_mirror *mirror_next; + + down_write(&hmm->mirrors_sem); + list_for_each_entry_safe(mirror, mirror_next, &hmm->mirrors, list) { + list_del_init(&mirror->list); + if (mirror->ops->release) + mirror->ops->release(mirror); + } + up_write(&hmm->mirrors_sem); +} + static void hmm_invalidate_range_start(struct mmu_notifier *mn, struct mm_struct *mm, unsigned long start, @@ -185,6 +200,7 @@ static void hmm_invalidate_range_end(struct mmu_notifier *mn, } static const struct mmu_notifier_ops hmm_mmu_notifier_ops = { + .release = hmm_release, .invalidate_range_start = hmm_invalidate_range_start, .invalidate_range_end = hmm_invalidate_range_end, }; @@ -230,7 +246,7 @@ void hmm_mirror_unregister(struct hmm_mirror *mirror) struct hmm *hmm = mirror->hmm; down_write(&hmm->mirrors_sem); - list_del(&mirror->list); + list_del_init(&mirror->list); up_write(&hmm->mirrors_sem); } EXPORT_SYMBOL(hmm_mirror_unregister); -- 2.14.3

7 years, 5 months

3
8
0 0

[PATCH v2] shm: add split function to shm_vm_ops

by Mike Kravetz

If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt 8<--8<--8<--8< snip 8<--8<--8<--8< CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 GPR00: c00000000036ee48 c000003fbcdcfa90 c0000000016ea600 c000003fbcdcfc40 GPR04: c000003fd9858950 00007115e4e00000 00007115e4e10000 0000000000000000 GPR08: 0000000000000010 0000000000010000 0000000000000000 0000000000000000 GPR12: 0000000000002000 c000000007a2c600 00000fe3985954d0 00007115e4e00000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 00000fe398595a94 000000000000a6fc c000003fd9858950 0000000000018554 GPR24: c000003fdcd84500 c0000000019acd00 00007115e4e10000 c000003fbcdcfc40 GPR28: 0000000000200000 00007115e4e00000 c000003fbc9ac600 c000003fd9858950 NIP [c00000000036e764] __unmap_hugepage_range+0xa4/0x760 LR [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 Call Trace: [c000003fbcdcfa90] [00007115e4e00000] 0x7115e4e00000 (unreliable) [c000003fbcdcfb50] [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 [c000003fbcdcfb80] [c00000000033497c] unmap_single_vma+0x11c/0x190 [c000003fbcdcfbd0] [c000000000334e14] unmap_vmas+0x94/0x140 [c000003fbcdcfc20] [c00000000034265c] exit_mmap+0x9c/0x1d0 [c000003fbcdcfce0] [c000000000105448] mmput+0xa8/0x1d0 [c000003fbcdcfd10] [c00000000010fad0] do_exit+0x360/0xc80 [c000003fbcdcfdd0] [c0000000001104c0] do_group_exit+0x60/0x100 [c000003fbcdcfe10] [c000000000110584] SyS_exit_group+0x24/0x30 [c000003fbcdcfe30] [c00000000000b184] system_call+0x58/0x6c Instruction dump: 552907fe e94a0028 e94a0408 eb2a0018 81590008 7f9c5036 0b090000 e9390010 7d2948f8 7d2a2838 0b0a0000 7d293038 <0b090000> e9230086 2fa90000 419e0468 ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by commit 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: stable(a)vger.kernel.org --- Changes in v2 * Updated commit message * Cc stable ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ipc/shm.c b/ipc/shm.c index 4643865e9171..93e0e3a4d009 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -386,6 +386,17 @@ static int shm_fault(struct vm_fault *vmf) return sfd->vm_ops->fault(vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -510,6 +521,7 @@ static const struct vm_operations_struct shm_vm_ops = { .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, -- 2.13.6

7 years, 5 months

3
3
0 0

[PATCH v2 1/3] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling

by Simon Gaiser

Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") made a subtle change to the semantic of xenbus_dev_request_and_reply() and xenbus_transaction_end(). Before on an error response to XS_TRANSACTION_END xenbus_dev_request_and_reply() would not decrement the active transaction counter. But xenbus_transaction_end() has always counted the transaction as finished regardless of the response. The new behavior is that xenbus_dev_request_and_reply() and xenbus_transaction_end() will always count the transaction as finished regardless the response code (handled in xs_request_exit()). But xenbus_dev_frontend tries to end a transaction on closing of the device if the XS_TRANSACTION_END failed before. Trying to close the transaction twice corrupts the reference count. So fix this by also considering a transaction closed if we have sent XS_TRANSACTION_END once regardless of the return code. Cc: <stable(a)vger.kernel.org> # 4.11 Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") Signed-off-by: Simon Gaiser <simon(a)invisiblethingslab.com> --- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c index a493e99bed21..81a84b3c1c50 100644 --- a/drivers/xen/xenbus/xenbus_dev_frontend.c +++ b/drivers/xen/xenbus/xenbus_dev_frontend.c @@ -365,7 +365,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req) if (WARN_ON(rc)) goto out; } - } else if (req->msg.type == XS_TRANSACTION_END) { + } else if (req->type == XS_TRANSACTION_END) { trans = xenbus_get_transaction(u, req->msg.tx_id); if (WARN_ON(!trans)) goto out; -- 2.16.2

7 years, 5 months

3
2
0 0

[alternative-merged] mm-hugetlb-prevent-hugetlb-vma-to-be-misaligned.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: prevent hugetlb VMA to be misaligned has been removed from the -mm tree. Its filename was mm-hugetlb-prevent-hugetlb-vma-to-be-misaligned.patch This patch was dropped because an alternative patch was merged ------------------------------------------------------ From: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Subject: mm/hugetlb: prevent hugetlb VMA to be misaligned When running the sampler detailed below, the kernel, if built with the VM debug option turned on (as many distro do), is panicing with the following message: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt 8<--8<--8<--8< snip 8<--8<--8<--8< CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 GPR00: c00000000036ee48 c000003fbcdcfa90 c0000000016ea600 c000003fbcdcfc40 GPR04: c000003fd9858950 00007115e4e00000 00007115e4e10000 0000000000000000 GPR08: 0000000000000010 0000000000010000 0000000000000000 0000000000000000 GPR12: 0000000000002000 c000000007a2c600 00000fe3985954d0 00007115e4e00000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 00000fe398595a94 000000000000a6fc c000003fd9858950 0000000000018554 GPR24: c000003fdcd84500 c0000000019acd00 00007115e4e10000 c000003fbcdcfc40 GPR28: 0000000000200000 00007115e4e00000 c000003fbc9ac600 c000003fd9858950 NIP [c00000000036e764] __unmap_hugepage_range+0xa4/0x760 LR [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 Call Trace: [c000003fbcdcfa90] [00007115e4e00000] 0x7115e4e00000 (unreliable) [c000003fbcdcfb50] [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 [c000003fbcdcfb80] [c00000000033497c] unmap_single_vma+0x11c/0x190 [c000003fbcdcfbd0] [c000000000334e14] unmap_vmas+0x94/0x140 [c000003fbcdcfc20] [c00000000034265c] exit_mmap+0x9c/0x1d0 [c000003fbcdcfce0] [c000000000105448] mmput+0xa8/0x1d0 [c000003fbcdcfd10] [c00000000010fad0] do_exit+0x360/0xc80 [c000003fbcdcfdd0] [c0000000001104c0] do_group_exit+0x60/0x100 [c000003fbcdcfe10] [c000000000110584] SyS_exit_group+0x24/0x30 [c000003fbcdcfe30] [c00000000000b184] system_call+0x58/0x6c Instruction dump: 552907fe e94a0028 e94a0408 eb2a0018 81590008 7f9c5036 0b090000 e9390010 7d2948f8 7d2a2838 0b0a0000 7d293038 <0b090000> e9230086 2fa90000 419e0468 ===[ end trace ee88f958a1c62605 ]=== The panic is due to a VMA pointing to a hugetlb area while the vma->vm_start or vma->vm_end field are not aligned to the huge page boundaries. The sampler is just unmapping a part of the hugetlb area, leading to 2 VMAs which are not well aligned. The same could be achieved by calling madvise() situation, as it is when running: stress-ng --shm-sysv 1 The hugetlb code is assuming that the VMA will be well aligned when it is unmapped, so we must prevent such a VMA from bing split or shrunk to a misaligned address. This patch prevents this by checking the new VMA's boundaries when a VMA is modified by calling vma_adjust(). === Sampler used to hit the panic nclude <sys/ipc.h> unsigned long page_size; int main(void) { int shmid, ret=1; void *addr; setbuf(stdout, NULL); page_size = getpagesize(); shmid = shmget(0x1410, LENGTH, IPC_CREAT | SHM_HUGETLB | SHM_R | SHM_W); if (shmid < 0) { perror("shmget"); exit(1); } printf("shmid: %d ", shmid); addr = shmat(shmid, NULL, 0); if (addr == (void*)-1) { perror("shmat"); goto out; } /* * The following munmap() call will split the VMA in 2, leading to * unaligned to huge page size VMAs which will trigger a check when * shmdt() is called. */ if (munmap(addr + HPSIZE + page_size, page_size)) { perror("munmap"); goto out; } if (shmdt(addr)) { perror("shmdt"); goto out; } printf("test done. "); ret = 0; out: shmctl(shmid, IPC_RMID, NULL); return ret; } === End of code Link: http://lkml.kernel.org/r/1521566754-30390-1-git-send-email-ldufour@linux.vn… Signed-off-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/mmap.c~mm-hugetlb-prevent-hugetlb-vma-to-be-misaligned mm/mmap.c --- a/mm/mmap.c~mm-hugetlb-prevent-hugetlb-vma-to-be-misaligned +++ a/mm/mmap.c @@ -692,6 +692,17 @@ int __vma_adjust(struct vm_area_struct * long adjust_next = 0; int remove_next = 0; + if (is_vm_hugetlb_page(vma)) { + /* + * We must check against the huge page boundarie to not + * create misaligned VMA. + */ + struct hstate *h = hstate_vma(vma); + + if (start & ~huge_page_mask(h) || end & ~huge_page_mask(h)) + return -EINVAL; + } + if (next && !insert) { struct vm_area_struct *exporter = NULL, *importer = NULL; _ Patches currently in -mm which might be from ldufour(a)linux.vnet.ibm.com are

7 years, 5 months

1
0
0 0

+ shm-add-split-function-to-shm_vm_ops.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ipc/shm.c: add split function to shm_vm_ops has been added to the -mm tree. Its filename is shm-add-split-function-to-shm_vm_ops.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/shm-add-split-function-to-shm_vm_o… and later at http://ozlabs.org/~akpm/mmotm/broken-out/shm-add-split-function-to-shm_vm_o… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: ipc/shm.c: add split function to shm_vm_ops If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt 8<--8<--8<--8< snip 8<--8<--8<--8< CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 GPR00: c00000000036ee48 c000003fbcdcfa90 c0000000016ea600 c000003fbcdcfc40 GPR04: c000003fd9858950 00007115e4e00000 00007115e4e10000 0000000000000000 GPR08: 0000000000000010 0000000000010000 0000000000000000 0000000000000000 GPR12: 0000000000002000 c000000007a2c600 00000fe3985954d0 00007115e4e00000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 00000fe398595a94 000000000000a6fc c000003fd9858950 0000000000018554 GPR24: c000003fdcd84500 c0000000019acd00 00007115e4e10000 c000003fbcdcfc40 GPR28: 0000000000200000 00007115e4e00000 c000003fbc9ac600 c000003fd9858950 NIP [c00000000036e764] __unmap_hugepage_range+0xa4/0x760 LR [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 Call Trace: [c000003fbcdcfa90] [00007115e4e00000] 0x7115e4e00000 (unreliable) [c000003fbcdcfb50] [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 [c000003fbcdcfb80] [c00000000033497c] unmap_single_vma+0x11c/0x190 [c000003fbcdcfbd0] [c000000000334e14] unmap_vmas+0x94/0x140 [c000003fbcdcfc20] [c00000000034265c] exit_mmap+0x9c/0x1d0 [c000003fbcdcfce0] [c000000000105448] mmput+0xa8/0x1d0 [c000003fbcdcfd10] [c00000000010fad0] do_exit+0x360/0xc80 [c000003fbcdcfdd0] [c0000000001104c0] do_group_exit+0x60/0x100 [c000003fbcdcfe10] [c000000000110584] SyS_exit_group+0x24/0x30 [c000003fbcdcfe30] [c00000000000b184] system_call+0x58/0x6c Instruction dump: 552907fe e94a0028 e94a0408 eb2a0018 81590008 7f9c5036 0b090000 e9390010 7d2948f8 7d2a2838 0b0a0000 7d293038 <0b090000> e9230086 2fa90000 419e0468 ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff -puN ipc/shm.c~shm-add-split-function-to-shm_vm_ops ipc/shm.c --- a/ipc/shm.c~shm-add-split-function-to-shm_vm_ops +++ a/ipc/shm.c @@ -386,6 +386,17 @@ static int shm_fault(struct vm_fault *vm return sfd->vm_ops->fault(vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -510,6 +521,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are hugetlbfs-check-for-pgoff-value-overflow.patch hugetlbfs-check-for-pgoff-value-overflow-v3.patch shm-add-split-function-to-shm_vm_ops.patch mm-hugetlbfs-move-hugetlbfs_i-outside-ifdef-config_hugetlbfs.patch mm-memfd-split-out-memfd-for-use-by-multiple-filesystems.patch mm-memfd-remove-memfd-code-from-shmem-files-and-use-new-memfd-files.patch mm-make-start_isolate_page_range-fail-if-already-isolated.patch

7 years, 5 months

1
0
0 0

[PATCH 1/1] Bluetooth: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for BTUSB_QCA_ROME

by Vic Wei

QCA Rome controllers can do both LE scan and BR/EDR inquiry at once. Change-Id: I89e1412d635f4cd7b2500f7492f37430ea139f0c Signed-off-by: Vic Wei <vwei(a)codeaurora.org> --- drivers/bluetooth/btusb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 60bf04b..b94ff37 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3050,6 +3050,7 @@ static int btusb_probe(struct usb_interface *intf, if (id->driver_info & BTUSB_QCA_ROME) { data->setup_on_usb = btusb_setup_qca; hdev->set_bdaddr = btusb_set_bdaddr_ath3012; + set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); } #ifdef CONFIG_BT_HCIBTUSB_RTL -- 1.9.1

7 years, 5 months

3
3
0 0

[git:media_tree/master] media: atomisp_fops.c: disable atomisp_compat_ioctl32

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: atomisp_fops.c: disable atomisp_compat_ioctl32 Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Sun Feb 25 06:55:32 2018 -0500 The atomisp_compat_ioctl32() code has problems. This patch disables the compat_ioctl32 support until those issues have been fixed. Contact Sakari or me for more details. Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.12 and up Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c | 6 ++++++ 1 file changed, 6 insertions(+) --- diff --git a/drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c b/drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c index 4f9f9dca5e6a..545ef024841d 100644 --- a/drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c +++ b/drivers/staging/media/atomisp/pci/atomisp2/atomisp_fops.c @@ -1279,7 +1279,10 @@ const struct v4l2_file_operations atomisp_fops = { .mmap = atomisp_mmap, .unlocked_ioctl = video_ioctl2, #ifdef CONFIG_COMPAT + /* + * There are problems with this code. Disable this for now. .compat_ioctl32 = atomisp_compat_ioctl32, + */ #endif .poll = atomisp_poll, }; @@ -1291,7 +1294,10 @@ const struct v4l2_file_operations atomisp_file_fops = { .mmap = atomisp_file_mmap, .unlocked_ioctl = video_ioctl2, #ifdef CONFIG_COMPAT + /* + * There are problems with this code. Disable this for now. .compat_ioctl32 = atomisp_compat_ioctl32, + */ #endif .poll = atomisp_poll, };

7 years, 5 months

1
0
0 0

[PATCH 01/14] mmc: jz4740: Fix race condition in IRQ mask update

by Ezequiel Garcia

From: Alex Smith <alex.smith(a)imgtec.com> A spinlock is held while updating the internal copy of the IRQ mask, but not while writing it to the actual IMASK register. After the lock is released, an IRQ can occur before the IMASK register is written. If handling this IRQ causes the mask to be changed, when the handler returns back to the middle of the first mask update, a stale value will be written to the mask register. If this causes an IRQ to become unmasked that cannot have its status cleared by writing a 1 to it in the IREG register, e.g. the SDIO IRQ, then we can end up stuck with the same IRQ repeatedly being fired but not handled. Normally the MMC IRQ handler attempts to clear any unexpected IRQs by writing IREG, but for those that cannot be cleared in this way then the IRQ will just repeatedly fire. This was resulting in lockups after a while of using Wi-Fi on the CI20 (GitHub issue #19). Resolve by holding the spinlock until after the IMASK register has been updated. Cc: stable(a)vger.kernel.org Link: https://github.com/MIPS/CI20_linux/issues/19 Fixes: 61bfbdb85687 ("MMC: Add support for the controller on JZ4740 SoCs.") Tested-by: Mathieu Malaterre <malat(a)debian.org> Signed-off-by: Alex Smith <alex.smith(a)imgtec.com> --- drivers/mmc/host/jz4740_mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/host/jz4740_mmc.c b/drivers/mmc/host/jz4740_mmc.c index 712e08d9a45e..a0168e9e4fce 100644 --- a/drivers/mmc/host/jz4740_mmc.c +++ b/drivers/mmc/host/jz4740_mmc.c @@ -362,9 +362,9 @@ static void jz4740_mmc_set_irq_enabled(struct jz4740_mmc_host *host, host->irq_mask &= ~irq; else host->irq_mask |= irq; - spin_unlock_irqrestore(&host->lock, flags); writew(host->irq_mask, host->base + JZ_REG_MMC_IMASK); + spin_unlock_irqrestore(&host->lock, flags); } static void jz4740_mmc_clock_enable(struct jz4740_mmc_host *host, -- 2.16.2

7 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror