- Linux-stable-mirror - lists.linaro.org

[PATCH 4.14 00/77] 4.14.30-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.30 release. There are 77 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 25 09:41:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.30-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.30-rc1 Adit Ranadive <aditr(a)vmware.com> RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file Nick Desaulniers <ndesaulniers(a)google.com> kbuild: fix linker feature test macros when cross compiling with Clang Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Don't allow join attempts for unsupported AF family Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix access to non-initialized CM_ID object Jerome Brunet <jbrunet(a)baylibre.com> clk: migrate the count of orphaned clocks at init Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/core: Do not use invalid destination in determining port reuse Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Don't fail on multiport card class Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix integer overflows in mlx5_ib_create_srq Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: wait for and flush running commands on shutdown/unload Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> scsi: mpt3sas: fix oops in error handlers after shutdown/unload Vignesh R <vigneshr(a)ti.com> dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Lars Persson <lars.persson(a)axis.com> crypto: artpec6 - set correct iv size for gcm(aes) Sergej Sawazki <sergej(a)taudac.com> clk: si5351: Rename internal plls to avoid name collisions Lars-Peter Clausen <lars(a)metafoo.de> clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Stephen Boyd <sboyd(a)codeaurora.org> clk: Don't touch hardware when reparenting during registration Romain Izard <romain.izard.pro(a)gmail.com> clk: at91: pmc: Wait for clocks when resuming Benjamin Coddington <bcodding(a)redhat.com> nfsd4: permit layoutget of executable-only files Joel Stanley <joel(a)jms.id.au> ARM: dts: aspeed-evb: Add unit name to memory node Anton Vasilyev <vasilyev(a)ispras.ru> RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issues connecting with nvme initiator James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled Johan Hovold <johan(a)kernel.org> soc: qcom: smsm: fix child-node lookup Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_gre: fix potential memory leak in erspan_rcv Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_gre: fix error path when erspan_rcv failed Alexey Kodanev <alexey.kodanev(a)oracle.com> ip6_vti: adjust vti mtu according to mtu of lower device Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: clean up pr_irq if request_threaded_irq fails Brian Norris <briannorris(a)chromium.org> pinctrl: rockchip: enable clock when reading pin direction register Florian Fainelli <f.fainelli(a)gmail.com> pinctrl: Really force states during suspend/resume Mauro Carvalho Chehab <mchehab(a)kernel.org> media: davinci: fix a debug printk Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: rcar: Handle rcar_pcie_parse_request_of_pci_ranges() failures Niklas Cassel <niklas.cassel(a)axis.com> PCI: endpoint: Fix find_first_zero_bit() usage Kishon Vijay Abraham I <kishon(a)ti.com> PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit Robert Walker <robert.walker(a)arm.com> coresight: Fix disabling of CoreSight TPIU Sahara <keun-o.park(a)darkmatter.ae> pty: cancel pty slave port buf's work in tty_release Peter Ujfalusi <peter.ujfalusi(a)ti.com> drm/omap: DMM: Check for DMM readiness after successful transaction commit Zhoujie Wu <zjwu(a)marvell.com> mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable H. Nikolaus Schaller <hns(a)goldelico.com> omapdrm: panel: fix compatible vendor string for td028ttec1 Bjorn Helgaas <bhelgaas(a)google.com> vgacon: Set VGA struct resource types Bharat Potnuri <bharat(a)chelsio.com> iser-target: avoid reinitializing rdma contexts for isert commands Artemy Kovalyov <artemyko(a)mellanox.com> IB/umem: Fix use of npages/nmap fields Parav Pandit <parav(a)mellanox.com> RDMA/cma: Use correct size when writing netlink stats Erez Shitrit <erezsh(a)mellanox.com> IB/ipoib: Avoid memory leak if the SA returns a different DGID Alexandre Belloni <alexandre.belloni(a)free-electrons.com> rtc: ac100: Fix multiple race conditions Shuah Khan <shuah(a)kernel.org> media: s5p-mfc: Fix lock contention - request_firmware() once Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix non-detection of PHY Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix EEPROM reading in the case of non-SFF8472 SFPs Jerome Brunet <jbrunet(a)baylibre.com> net: phy: meson-gxl: check phy_write return value Kees Cook <keescook(a)chromium.org> /dev/mem: Add bounce buffer for copy-out Liu, Changcheng <changcheng.liu(a)intel.com> mmc: block: fix logical error to avoid memory leak Daniel Drake <drake(a)endlessm.com> mmc: avoid removing non-removable hosts during suspend Logan Gunthorpe <logang(a)deltatee.com> drm/tilcdc: ensure nonatomic iowrite64 is not used Kedareswara rao Appana <appana.durga.rao(a)xilinx.com> dmaengine: zynqmp_dma: Fix race condition in the probe Shawn Nematbakhsh <shawnn(a)chromium.org> platform/chrome: Use proper protocol transfer function Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix kref imbalance seen if handle_boot_enabled=0 Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix potential kref imbalance when opening watchdog Arnd Bergmann <arnd(a)arndb.de> cros_ec: fix nul-termination for firmware build info Stefan Potyra <Stefan.Potyra(a)elektrobit.com> serial: 8250_dw: Disable clock on error Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> tty: goldfish: Enable 'earlycon' only if built-in Bjørn Mork <bjorn(a)mork.no> qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Ron Economos <w6rz(a)comcast.net> media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> ath10k: handling qos at STA side based on AP WMM enable/disable Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: bt8xx: Fix err 'bt878_probe()' Nicolas Iooss <nicolas.iooss_linux(a)m4x.org> rtlwifi: always initialize variables given to RT_TRACE() Tsang-Shian Lin <thlin(a)realtek.com> rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Avoid writing to registers from spi_master.setup() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the TX/RX buffer default sizes Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the receive buffer size limit Geert Uytterhoeven <geert(a)linux-m68k.org> RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Richard Leitner <richard.leitner(a)skidata.com> net: fec: add phy_reset_after_clk_enable() support Prakash Kamliya <pkamliya(a)codeaurora.org> drm/msm: fix leak in failed get_pages Gustavo A. R. Silva <garsilva(a)embeddedor.com> media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: longhaul: Revert transition_delay_us to 200 ms Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: btqcomsmd: Fix skb double free corruption Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: hci_qca: Avoid setup failure on missing rampatch Yisheng Xie <xieyisheng1(a)huawei.com> staging: android: ashmem: Fix possible deadlock in ashmem_ioctl Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers ------------- Diffstat: .../{toppoly,td028ttec1.txt => tpo,td028ttec1.txt} | 4 +- Makefile | 4 +- arch/alpha/kernel/console.c | 1 + arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- drivers/bluetooth/btqcomsmd.c | 3 +- drivers/bluetooth/hci_qca.c | 3 ++ drivers/char/mem.c | 27 +++++++++--- drivers/clk/at91/pmc.c | 24 +++++++---- drivers/clk/clk-axi-clkgen.c | 29 ++++++++++--- drivers/clk/clk-si5351.c | 2 +- drivers/clk/clk.c | 32 ++++++++------ drivers/cpufreq/longhaul.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 5 ++- drivers/dma/ti-dma-crossbar.c | 10 ++++- drivers/dma/xilinx/zynqmp_dma.c | 3 +- drivers/gpu/drm/msm/msm_gem.c | 14 ++++-- .../drm/omapdrm/displays/panel-tpo-td028ttec1.c | 3 ++ drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 5 +++ drivers/gpu/drm/tilcdc/tilcdc_regs.h | 2 +- drivers/hwtracing/coresight/coresight-tpiu.c | 13 ++++-- drivers/infiniband/core/cma.c | 17 +++++--- drivers/infiniband/core/iwpm_util.c | 1 + drivers/infiniband/core/ucma.c | 8 +++- drivers/infiniband/core/umem.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 24 ++++++++--- drivers/infiniband/hw/mlx5/srq.c | 15 ++++--- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 4 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c | 4 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 16 +++++++ drivers/infiniband/ulp/isert/ib_isert.c | 7 +++ drivers/infiniband/ulp/isert/ib_isert.h | 1 + drivers/iommu/intel-svm.c | 9 ++-- drivers/media/dvb-frontends/si2168.c | 3 ++ drivers/media/pci/bt8xx/bt878.c | 3 +- drivers/media/platform/davinci/vpif_capture.c | 4 +- drivers/media/platform/s5p-mfc/s5p_mfc.c | 6 +++ drivers/media/platform/s5p-mfc/s5p_mfc_common.h | 3 ++ drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c | 5 +++ .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 4 +- drivers/mmc/core/block.c | 1 + drivers/mmc/core/core.c | 8 ++++ drivers/mmc/host/sdhci-xenon.c | 7 +++ drivers/net/ethernet/freescale/fec_main.c | 20 +++++++++ drivers/net/hyperv/hyperv_net.h | 19 ++++++-- drivers/net/hyperv/netvsc.c | 5 +++ drivers/net/hyperv/netvsc_drv.c | 4 -- drivers/net/phy/meson-gxl.c | 50 ++++++++++++++++------ drivers/net/phy/sfp.c | 15 +++---- drivers/net/usb/qmi_wwan.c | 4 +- drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/realtek/rtlwifi/base.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 7 +++ drivers/pci/dwc/pcie-designware-ep.c | 12 ++---- drivers/pci/dwc/pcie-designware.h | 1 + drivers/pci/endpoint/pci-ep-cfs.c | 5 ++- drivers/pci/host/pcie-rcar.c | 5 ++- drivers/pinctrl/core.c | 24 ++++++++--- drivers/pinctrl/pinctrl-rockchip.c | 8 ++++ drivers/platform/chrome/cros_ec_proto.c | 8 ++-- drivers/platform/chrome/cros_ec_sysfs.c | 2 +- drivers/rtc/rtc-ac100.c | 19 +++++--- drivers/scsi/lpfc/lpfc_ct.c | 1 + drivers/scsi/lpfc/lpfc_els.c | 30 ++++++++----- drivers/scsi/lpfc/lpfc_nportdisc.c | 34 +++++++-------- drivers/scsi/megaraid/megaraid_sas_fusion.c | 42 ++++++------------ drivers/scsi/mpt3sas/mpt3sas_base.c | 8 ++-- drivers/scsi/mpt3sas/mpt3sas_base.h | 3 ++ drivers/scsi/mpt3sas/mpt3sas_scsih.c | 21 ++++++--- drivers/soc/qcom/smsm.c | 6 ++- drivers/spi/spi-sh-msiof.c | 35 ++++++++++----- drivers/staging/android/ashmem.c | 8 ++-- drivers/tty/Kconfig | 6 ++- drivers/tty/goldfish.c | 2 + drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_pci.c | 10 +++-- drivers/tty/tty_io.c | 2 + drivers/video/console/vgacon.c | 34 +++++++++++---- .../omap2/omapfb/displays/panel-tpo-td028ttec1.c | 3 ++ drivers/watchdog/watchdog_dev.c | 17 ++++---- fs/nfsd/nfs4proc.c | 6 +-- include/linux/mlx5/driver.h | 4 +- net/ipv4/ip_gre.c | 6 ++- net/ipv6/ip6_vti.c | 20 +++++++++ scripts/Kbuild.include | 5 ++- security/Kconfig | 1 + 86 files changed, 606 insertions(+), 255 deletions(-)

7 years, 7 months

4
78
0 0

[Linux-stable-mirror] [PATCH] ath9k: Protect queue draining by rcu_read_lock()

by Toke Høiland-Jørgensen

When ath9k was switched over to use the mac80211 intermediate queues, node cleanup now drains the mac80211 queues. However, this call path is not protected by rcu_read_lock() as it was previously entirely internal to the driver which uses its own locking. This leads to a possible rcu_dereference() without holding rcu_read_lock(); but only if a station is cleaned up while having packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the caller in ath9k. Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.") Cc: stable(a)vger.kernel.org Reported-by: Ben Greear <greearb(a)candelatech.com> Signed-off-by: Toke Høiland-Jørgensen <toke(a)toke.dk> --- drivers/net/wireless/ath/ath9k/xmit.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c index 396bf05c6bf6..d8b041f48ca8 100644 --- a/drivers/net/wireless/ath/ath9k/xmit.c +++ b/drivers/net/wireless/ath/ath9k/xmit.c @@ -2892,6 +2892,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc, struct ath_node *an) struct ath_txq *txq; int tidno; + rcu_read_lock(); + for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { tid = ath_node_to_tid(an, tidno); txq = tid->txq; @@ -2909,6 +2911,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc, struct ath_node *an) if (!an->sta) break; /* just one multicast ath_atx_tid */ } + + rcu_read_unlock(); } #ifdef CONFIG_ATH9K_TX99 -- 2.16.0

7 years, 7 months

3
3
0 0

[PATCH 3.18 00/47] 3.18.102-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.102 release. There are 47 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 25 09:42:36 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.102-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.102-rc1 Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix access to non-initialized CM_ID object Sergej Sawazki <sergej(a)taudac.com> clk: si5351: Rename internal plls to avoid name collisions Florian Fainelli <f.fainelli(a)gmail.com> pinctrl: Really force states during suspend/resume Peter Ujfalusi <peter.ujfalusi(a)ti.com> drm/omap: DMM: Check for DMM readiness after successful transaction commit Bjorn Helgaas <bhelgaas(a)google.com> vgacon: Set VGA struct resource types Parav Pandit <parav(a)mellanox.com> RDMA/cma: Use correct size when writing netlink stats Erez Shitrit <erezsh(a)mellanox.com> IB/ipoib: Avoid memory leak if the SA returns a different DGID Daniel Drake <drake(a)endlessm.com> mmc: avoid removing non-removable hosts during suspend Ron Economos <w6rz(a)comcast.net> media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: bt8xx: Fix err 'bt878_probe()' Prakash Kamliya <pkamliya(a)codeaurora.org> drm/msm: fix leak in failed get_pages Dan Carpenter <dan.carpenter(a)oracle.com> cifs: small underflow in cnvrtDosUnixTm() Alexey Khoroshilov <khoroshilov(a)ispras.ru> sm501fb: don't return zero on failure path in sm501fb_start() Maksim Salau <maksim.salau(a)gmail.com> video: fbdev: udlfb: Fix buffer on stack Sergei Trofimovich <slyfox(a)gentoo.org> ia64: fix module loading for gcc-5.4 Shaohua Li <shli(a)fb.com> md/raid10: skip spare disk as 'first' disk Michael Trimarchi <michael(a)amarulasolutions.com> power: supply: pda_power: move from timer to delayed_work Scott Wood <swood(a)redhat.com> bnx2x: Align RX buffers Robert Lippert <roblip(a)gmail.com> ipmi/watchdog: fix wdog hang on panic waiting for ipmi response Kishon Vijay Abraham I <kishon(a)ti.com> ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP Keerthy <j-keerthy(a)ti.com> mfd: palmas: Reset the POWERHOLD mux during power off Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't parse encrypted management frames in ieee80211_frame_acked Filipe Manana <fdmanana(a)suse.com> Btrfs: send, fix file hole not being preserved due to inline extent Pan Bian <bianpan2016(a)163.com> rndis_wlan: add return value validation Finn Thain <fthain(a)telegraphics.com.au> scsi: mac_esp: Replace bogus memory barrier with spinlock Pan Bian <bianpan2016(a)163.com> qlcnic: fix unchecked return value Pan Bian <bianpan2016(a)163.com> wan: pc300too: abort path on failure Dan Carpenter <dan.carpenter(a)oracle.com> mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() James Smart <jsmart2021(a)gmail.com> Fix driver usage of 128B WQEs when WQ_CREATE is V1. Dan Carpenter <dan.carpenter(a)oracle.com> HSI: ssi_protocol: double free in ssip_pn_xmit() Feras Daoud <ferasda(a)mellanox.com> IB/ipoib: Update broadcast object if PKey value was changed in index 0 Mikhail Paulyshka <me(a)mixaill.tk> ALSA: hda - Fix headset microphone detection for ASUS N551 and N751 Bernd Faust <berndfaust(a)gmail.com> e1000e: fix timing for 82579 Gigabit Ethernet controller Eric Dumazet <edumazet(a)google.com> tcp: remove poll() flakes with FastOpen Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Book3S PR: Exit KVM on failed mapping David Gibson <david(a)gibson.dropbear.id.au> scsi: virtio_scsi: Always try to read VPD pages Mohammed Shafi Shajakhan <mohammed(a)qti.qualcomm.com> ath: Fix updating radar flags for coutry code India Marek Vasut <marex(a)denx.de> spi: dw: Disable clock after unregistering the host Jasmin J <jasmin(a)anw.at> media/dvb-core: Race condition when writing to CAM David Ahern <dsa(a)cumulusnetworks.com> net: ipv6: send unsolicited NA on admin up Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: add a MS HID Hans de Goede <hdegoede(a)redhat.com> genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs Thomas Gleixner <tglx(a)linutronix.de> cpufreq/sh: Replace racy task affinity logic Thomas Gleixner <tglx(a)linutronix.de> ACPI/processor: Replace racy task affinity logic Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ar1021_i2c - fix too long name in driver's device table Hans de Goede <hdegoede(a)redhat.com> x86: i8259: export legacy_pic symbol Santeri Toivonen <santeri.toivonen(a)vatsul.com> platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA ------------- Diffstat: Makefile | 4 +- arch/alpha/kernel/console.c | 1 + arch/arm/mach-omap2/clockdomains7xx_data.c | 2 +- arch/ia64/kernel/module.c | 4 +- arch/powerpc/kvm/book3s_64_mmu_host.c | 5 +- arch/powerpc/kvm/book3s_pr.c | 6 ++- arch/x86/kernel/i8259.c | 1 + drivers/acpi/processor_driver.c | 7 ++- drivers/acpi/processor_throttling.c | 62 +++++++++++++--------- drivers/char/ipmi/ipmi_watchdog.c | 8 +-- drivers/clk/clk-si5351.c | 2 +- drivers/cpufreq/sh-cpufreq.c | 45 +++++++++------- drivers/gpu/drm/msm/msm_gem.c | 14 +++-- drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 5 ++ drivers/hsi/clients/ssi_protocol.c | 5 +- drivers/i2c/busses/i2c-scmi.c | 4 ++ drivers/infiniband/core/cma.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 +++++ drivers/infiniband/ulp/ipoib/ipoib_main.c | 16 ++++++ drivers/input/touchscreen/ar1021_i2c.c | 2 +- drivers/md/raid10.c | 1 + drivers/media/dvb-core/dvb_ca_en50221.c | 23 ++++++++ drivers/media/dvb-frontends/si2168.c | 3 ++ drivers/media/pci/bt8xx/bt878.c | 3 +- drivers/mfd/palmas.c | 14 +++++ drivers/mmc/core/core.c | 8 +++ drivers/mmc/host/omap_hsmmc.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 + drivers/net/ethernet/intel/e1000e/netdev.c | 6 +++ .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 2 + drivers/net/wan/pc300too.c | 1 + drivers/net/wireless/ath/regd.c | 19 ++++--- drivers/net/wireless/rndis_wlan.c | 4 ++ drivers/pinctrl/core.c | 24 ++++++--- drivers/platform/x86/asus-nb-wmi.c | 9 ++++ drivers/power/pda_power.c | 49 +++++++++-------- drivers/scsi/lpfc/lpfc_sli.c | 3 ++ drivers/scsi/mac_esp.c | 33 ++++++++---- drivers/scsi/virtio_scsi.c | 24 +++++++++ drivers/spi/spi-dw-mmio.c | 2 +- drivers/video/console/vgacon.c | 34 +++++++++--- drivers/video/fbdev/sm501fb.c | 1 + drivers/video/fbdev/udlfb.c | 14 ++++- fs/btrfs/send.c | 23 +++++++- fs/cifs/netmisc.c | 6 +-- kernel/irq/manage.c | 4 +- net/ipv4/tcp_input.c | 16 +++--- net/ipv6/ndisc.c | 2 + net/mac80211/status.c | 1 + sound/pci/hda/patch_realtek.c | 12 ++++- 50 files changed, 416 insertions(+), 141 deletions(-)

7 years, 7 months

4
51
0 0

[PATCH 4.15 00/84] 4.15.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.15.13 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Mar 25 09:53:34 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.15.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.15.13-rc1 Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Don't allow join attempts for unsupported AF family Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix access to non-initialized CM_ID object Jerome Brunet <jbrunet(a)baylibre.com> clk: migrate the count of orphaned clocks at init Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/core: Do not use invalid destination in determining port reuse Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Don't fail on multiport card class Adit Ranadive <aditr(a)vmware.com> RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq Boris Pismenny <borisp(a)mellanox.com> IB/mlx5: Fix integer overflows in mlx5_ib_create_srq Vignesh R <vigneshr(a)ti.com> dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Gary R Hook <gary.hook(a)amd.com> hwrng: core - Clean up RNG list when last hwrng is unregistered Lars Persson <lars.persson(a)axis.com> crypto: artpec6 - set correct iv size for gcm(aes) Sergej Sawazki <sergej(a)taudac.com> clk: si5351: Rename internal plls to avoid name collisions Lars-Peter Clausen <lars(a)metafoo.de> clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Stephen Boyd <sboyd(a)codeaurora.org> clk: Don't touch hardware when reparenting during registration Romain Izard <romain.izard.pro(a)gmail.com> clk: at91: pmc: Wait for clocks when resuming Benjamin Coddington <bcodding(a)redhat.com> nfsd4: permit layoutget of executable-only files Joel Stanley <joel(a)jms.id.au> ARM: dts: aspeed-evb: Add unit name to memory node Anton Vasilyev <vasilyev(a)ispras.ru> RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix issues connecting with nvme initiator James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled Johan Hovold <johan(a)kernel.org> soc: qcom: smsm: fix child-node lookup Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_gre: fix potential memory leak in erspan_rcv Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip_gre: fix error path when erspan_rcv failed Alexey Kodanev <alexey.kodanev(a)oracle.com> ip6_vti: adjust vti mtu according to mtu of lower device Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: clean up pr_irq if request_threaded_irq fails Brian Norris <briannorris(a)chromium.org> pinctrl: rockchip: enable clock when reading pin direction register Florian Fainelli <f.fainelli(a)gmail.com> pinctrl: Really force states during suspend/resume Jerome Brunet <jbrunet(a)baylibre.com> clk: use round rate to bail out early in set_rate Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> dt-bindings: display: panel: Fix compatible string for Toshiba LT089AC29000 Jerome Brunet <jbrunet(a)baylibre.com> clk: check ops pointer on clock register Mauro Carvalho Chehab <mchehab(a)kernel.org> media: davinci: fix a debug printk Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: rcar: Handle rcar_pcie_parse_request_of_pci_ranges() failures Niklas Cassel <niklas.cassel(a)axis.com> PCI: endpoint: Fix find_first_zero_bit() usage Kishon Vijay Abraham I <kishon(a)ti.com> PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit Robert Walker <robert.walker(a)arm.com> coresight: Fix disabling of CoreSight TPIU Sahara <keun-o.park(a)darkmatter.ae> pty: cancel pty slave port buf's work in tty_release Peter Ujfalusi <peter.ujfalusi(a)ti.com> drm/omap: DMM: Check for DMM readiness after successful transaction commit Zhoujie Wu <zjwu(a)marvell.com> mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable H. Nikolaus Schaller <hns(a)goldelico.com> omapdrm: panel: fix compatible vendor string for td028ttec1 Bjorn Helgaas <bhelgaas(a)google.com> vgacon: Set VGA struct resource types Bjorn Helgaas <bhelgaas(a)google.com> PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics Yonghong Song <yhs(a)fb.com> bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog Bharat Potnuri <bharat(a)chelsio.com> iser-target: avoid reinitializing rdma contexts for isert commands Artemy Kovalyov <artemyko(a)mellanox.com> IB/umem: Fix use of npages/nmap fields Parav Pandit <parav(a)mellanox.com> RDMA/cma: Use correct size when writing netlink stats Erez Shitrit <erezsh(a)mellanox.com> IB/ipoib: Avoid memory leak if the SA returns a different DGID Alexandre Belloni <alexandre.belloni(a)free-electrons.com> rtc: ac100: Fix multiple race conditions Shuah Khan <shuah(a)kernel.org> media: s5p-mfc: Fix lock contention - request_firmware() once Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix non-detection of PHY Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix EEPROM reading in the case of non-SFF8472 SFPs Jerome Brunet <jbrunet(a)baylibre.com> net: phy: meson-gxl: check phy_write return value Kees Cook <keescook(a)chromium.org> /dev/mem: Add bounce buffer for copy-out Liu, Changcheng <changcheng.liu(a)intel.com> mmc: block: fix logical error to avoid memory leak Daniel Drake <drake(a)endlessm.com> mmc: avoid removing non-removable hosts during suspend Logan Gunthorpe <logang(a)deltatee.com> drm/tilcdc: ensure nonatomic iowrite64 is not used Kedareswara rao Appana <appana.durga.rao(a)xilinx.com> dmaengine: zynqmp_dma: Fix race condition in the probe Shawn Nematbakhsh <shawnn(a)chromium.org> platform/chrome: Use proper protocol transfer function Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix kref imbalance seen if handle_boot_enabled=0 Guenter Roeck <linux(a)roeck-us.net> watchdog: Fix potential kref imbalance when opening watchdog Arnd Bergmann <arnd(a)arndb.de> cros_ec: fix nul-termination for firmware build info Stefan Potyra <Stefan.Potyra(a)elektrobit.com> serial: 8250_dw: Disable clock on error Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> tty: goldfish: Enable 'earlycon' only if built-in Bjørn Mork <bjorn(a)mork.no> qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Ron Economos <w6rz(a)comcast.net> media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> ath10k: handling qos at STA side based on AP WMM enable/disable Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: bt8xx: Fix err 'bt878_probe()' Nicolas Iooss <nicolas.iooss_linux(a)m4x.org> rtlwifi: always initialize variables given to RT_TRACE() Tsang-Shian Lin <thlin(a)realtek.com> rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. Roman Gushchin <guro(a)fb.com> libbpf: prefer global symbols as bpf program name source Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Avoid writing to registers from spi_master.setup() Neal Cardwell <ncardwell(a)google.com> tcp: allow TLP in ECN CWR Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the TX/RX buffer default sizes Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix the receive buffer size limit Geert Uytterhoeven <geert(a)linux-m68k.org> RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Yuval Shaia <yuval.shaia(a)oracle.com> IB/ipoib: Warn when one port fails to initialize Richard Leitner <richard.leitner(a)skidata.com> net: fec: add phy_reset_after_clk_enable() support Prakash Kamliya <pkamliya(a)codeaurora.org> drm/msm: fix leak in failed get_pages Gustavo A. R. Silva <garsilva(a)embeddedor.com> media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: longhaul: Revert transition_delay_us to 200 ms Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: btqcomsmd: Fix skb double free corruption Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: hci_qca: Avoid setup failure on missing rampatch Pixel Ding <Pixel.Ding(a)amd.com> drm/amdgpu: use polling mem to set SDMA3 wptr for VF Yisheng Xie <xieyisheng1(a)huawei.com> staging: android: ashmem: Fix possible deadlock in ashmem_ioctl Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers ------------- Diffstat: .../display/panel/toshiba,lt089ac29000.txt | 2 +- .../{toppoly,td028ttec1.txt => tpo,td028ttec1.txt} | 4 +- Makefile | 4 +- arch/alpha/kernel/console.c | 1 + arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- drivers/bluetooth/btqcomsmd.c | 3 +- drivers/bluetooth/hci_qca.c | 3 + drivers/char/hw_random/core.c | 4 ++ drivers/char/mem.c | 27 ++++++-- drivers/clk/at91/pmc.c | 24 +++++--- drivers/clk/clk-axi-clkgen.c | 29 +++++++-- drivers/clk/clk-si5351.c | 2 +- drivers/clk/clk.c | 64 ++++++++++++++----- drivers/cpufreq/longhaul.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 5 +- drivers/dma/ti-dma-crossbar.c | 10 ++- drivers/dma/xilinx/zynqmp_dma.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 1 + drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 27 +++++--- drivers/gpu/drm/msm/msm_gem.c | 14 +++-- .../drm/omapdrm/displays/panel-tpo-td028ttec1.c | 3 + drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 5 ++ drivers/gpu/drm/tilcdc/tilcdc_regs.h | 2 +- drivers/hwtracing/coresight/coresight-tpiu.c | 13 +++- drivers/infiniband/core/cma.c | 17 ++++-- drivers/infiniband/core/iwpm_util.c | 1 + drivers/infiniband/core/ucma.c | 8 ++- drivers/infiniband/core/umem.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 23 ++++--- drivers/infiniband/hw/mlx5/srq.c | 15 +++-- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 4 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_srq.c | 4 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c | 4 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 23 ++++++- drivers/infiniband/ulp/isert/ib_isert.c | 7 +++ drivers/infiniband/ulp/isert/ib_isert.h | 1 + drivers/iommu/intel-svm.c | 9 ++- drivers/media/dvb-frontends/si2168.c | 3 + drivers/media/pci/bt8xx/bt878.c | 3 +- drivers/media/platform/davinci/vpif_capture.c | 4 +- drivers/media/platform/s5p-mfc/s5p_mfc.c | 6 ++ drivers/media/platform/s5p-mfc/s5p_mfc_common.h | 3 + drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c | 5 ++ .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 4 +- drivers/mmc/core/block.c | 1 + drivers/mmc/core/core.c | 8 +++ drivers/mmc/host/sdhci-xenon.c | 7 +++ drivers/net/ethernet/freescale/fec_main.c | 20 ++++++ drivers/net/hyperv/hyperv_net.h | 19 +++++- drivers/net/hyperv/netvsc.c | 5 ++ drivers/net/hyperv/netvsc_drv.c | 4 -- drivers/net/phy/meson-gxl.c | 50 +++++++++++---- drivers/net/phy/sfp.c | 15 +++-- drivers/net/usb/qmi_wwan.c | 4 +- drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/realtek/rtlwifi/base.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 7 +++ drivers/pci/dwc/pcie-designware-ep.c | 12 +--- drivers/pci/dwc/pcie-designware.h | 1 + drivers/pci/endpoint/pci-ep-cfs.c | 5 +- drivers/pci/host/pcie-rcar.c | 5 +- drivers/pci/pcie/aspm.c | 71 ++++++++++++++-------- drivers/pinctrl/core.c | 24 +++++--- drivers/pinctrl/pinctrl-rockchip.c | 8 +++ drivers/platform/chrome/cros_ec_proto.c | 8 ++- drivers/platform/chrome/cros_ec_sysfs.c | 2 +- drivers/rtc/rtc-ac100.c | 19 +++--- drivers/scsi/lpfc/lpfc_ct.c | 1 + drivers/scsi/lpfc/lpfc_els.c | 30 ++++++--- drivers/scsi/lpfc/lpfc_nportdisc.c | 34 +++++------ drivers/scsi/megaraid/megaraid_sas_fusion.c | 42 +++++-------- drivers/soc/qcom/smsm.c | 6 +- drivers/spi/spi-sh-msiof.c | 35 +++++++---- drivers/staging/android/ashmem.c | 8 +-- drivers/tty/Kconfig | 6 +- drivers/tty/goldfish.c | 2 + drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/serial/8250/8250_pci.c | 10 ++- drivers/tty/tty_io.c | 2 + drivers/video/console/vgacon.c | 34 ++++++++--- .../omap2/omapfb/displays/panel-tpo-td028ttec1.c | 3 + drivers/watchdog/watchdog_dev.c | 17 +++--- fs/nfsd/nfs4proc.c | 6 +- include/linux/mlx5/driver.h | 4 +- include/uapi/linux/bpf.h | 3 +- kernel/bpf/cgroup.c | 15 ++++- net/ipv4/ip_gre.c | 6 +- net/ipv4/tcp_output.c | 9 +-- net/ipv6/ip6_vti.c | 20 ++++++ security/Kconfig | 1 + tools/lib/bpf/libbpf.c | 2 + 92 files changed, 708 insertions(+), 292 deletions(-)

7 years, 7 months

4
88
0 0

[PATCH 1/4] tracing: probeevent: Fix to support minus offset from symbol

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> In Documentation/trace/kprobetrace.txt, it says @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol) However, the parser doesn't parse minus offset correctly, since commit 2fba0c8867af ("tracing/kprobes: Fix probe offset to be unsigned") drops minus ("-") offset support for kprobe probe address usage. This fixes the traceprobe_split_symbol_offset() to parse minus offset again with checking the offset range, and add a minus offset check in kprobe probe address usage. Link: http://lkml.kernel.org/r/152129028983.31874.13419301530285775521.stgit@devb… Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme(a)kernel.org> Cc: Ravi Bangoria <ravi.bangoria(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org Fixes: 2fba0c8867af ("tracing/kprobes: Fix probe offset to be unsigned") Acked-by: Namhyung Kim <namhyung(a)kernel.org> Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_kprobe.c | 4 ++-- kernel/trace/trace_probe.c | 8 +++----- kernel/trace/trace_probe.h | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 1fad24acd444..ae4147eaebd4 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -659,7 +659,7 @@ static int create_trace_kprobe(int argc, char **argv) char *symbol = NULL, *event = NULL, *group = NULL; int maxactive = 0; char *arg; - unsigned long offset = 0; + long offset = 0; void *addr = NULL; char buf[MAX_EVENT_NAME_LEN]; @@ -747,7 +747,7 @@ static int create_trace_kprobe(int argc, char **argv) symbol = argv[1]; /* TODO: support .init module functions */ ret = traceprobe_split_symbol_offset(symbol, &offset); - if (ret) { + if (ret || offset < 0 || offset > UINT_MAX) { pr_info("Failed to parse either an address or a symbol.\n"); return ret; } diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index d59357308677..daf54bda4dc8 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -320,7 +320,7 @@ static fetch_func_t get_fetch_size_function(const struct fetch_type *type, } /* Split symbol and offset. */ -int traceprobe_split_symbol_offset(char *symbol, unsigned long *offset) +int traceprobe_split_symbol_offset(char *symbol, long *offset) { char *tmp; int ret; @@ -328,13 +328,11 @@ int traceprobe_split_symbol_offset(char *symbol, unsigned long *offset) if (!offset) return -EINVAL; - tmp = strchr(symbol, '+'); + tmp = strpbrk(symbol, "+-"); if (tmp) { - /* skip sign because kstrtoul doesn't accept '+' */ - ret = kstrtoul(tmp + 1, 0, offset); + ret = kstrtol(tmp, 0, offset); if (ret) return ret; - *tmp = '\0'; } else *offset = 0; diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index e101c5bb9eda..6a4d3fa94042 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -365,7 +365,7 @@ extern int traceprobe_conflict_field_name(const char *name, extern void traceprobe_update_arg(struct probe_arg *arg); extern void traceprobe_free_probe_arg(struct probe_arg *arg); -extern int traceprobe_split_symbol_offset(char *symbol, unsigned long *offset); +extern int traceprobe_split_symbol_offset(char *symbol, long *offset); /* Sum up total data length for dynamic arraies (strings) */ static nokprobe_inline int -- 2.15.1

7 years, 7 months

1
0
0 0

[PATCH V3] ZBOOT: fix stack protector in compressed boot phase

by Huacai Chen

Call __stack_chk_guard_setup() in decompress_kernel() is too late that stack checking always fails for decompress_kernel() itself. So remove __stack_chk_guard_setup() and initialize __stack_chk_guard before we call decompress_kernel(). Original code comes from ARM but also used for MIPS and SH, so fix them together. If without this fix, compressed booting of these archs will fail because stack checking is enabled by default (>=4.16). V2: Fix build on ARM. V3: Fix build on SuperH. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/arm/boot/compressed/head.S | 4 ++++ arch/arm/boot/compressed/misc.c | 7 ------- arch/mips/boot/compressed/decompress.c | 7 ------- arch/mips/boot/compressed/head.S | 4 ++++ arch/sh/boot/compressed/head_32.S | 8 ++++++++ arch/sh/boot/compressed/head_64.S | 4 ++++ arch/sh/boot/compressed/misc.c | 7 ------- 7 files changed, 20 insertions(+), 21 deletions(-) diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S index 45c8823..bae1fc6 100644 --- a/arch/arm/boot/compressed/head.S +++ b/arch/arm/boot/compressed/head.S @@ -547,6 +547,10 @@ not_relocated: mov r0, #0 bic r4, r4, #1 blne cache_on + ldr r0, =__stack_chk_guard + ldr r1, =0x000a0dff + str r1, [r0] + /* * The C runtime environment should now be setup sufficiently. * Set up some pointers, and start decompressing. diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 16a8a80..e518ef5 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -130,11 +130,6 @@ asmlinkage void __div0(void) unsigned long __stack_chk_guard; -void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} - void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n"); @@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, { int ret; - __stack_chk_guard_setup(); - output_data = (unsigned char *)output_start; free_mem_ptr = free_mem_ptr_p; free_mem_end_ptr = free_mem_ptr_end_p; diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c index fdf99e9..5ba431c 100644 --- a/arch/mips/boot/compressed/decompress.c +++ b/arch/mips/boot/compressed/decompress.c @@ -78,11 +78,6 @@ void error(char *x) unsigned long __stack_chk_guard; -void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} - void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n"); @@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start) { unsigned long zimage_start, zimage_size; - __stack_chk_guard_setup(); - zimage_start = (unsigned long)(&__image_begin); zimage_size = (unsigned long)(&__image_end) - (unsigned long)(&__image_begin); diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S index 409cb48..00d0ee0 100644 --- a/arch/mips/boot/compressed/head.S +++ b/arch/mips/boot/compressed/head.S @@ -32,6 +32,10 @@ start: bne a2, a0, 1b addiu a0, a0, 4 + PTR_LA a0, __stack_chk_guard + PTR_LI a1, 0x000a0dff + sw a1, 0(a0) + PTR_LA a0, (.heap) /* heap address */ PTR_LA sp, (.stack + 8192) /* stack address */ diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S index 7bb1681..e84237d 100644 --- a/arch/sh/boot/compressed/head_32.S +++ b/arch/sh/boot/compressed/head_32.S @@ -76,6 +76,10 @@ l1: mov.l init_stack_addr, r0 mov.l @r0, r15 + mov.l __stack_chk_guard_addr, r0 + mov.l __stack_chk_guard_val, r1 + mov.l r1, @r0 + /* Decompress the kernel */ mov.l decompress_kernel_addr, r0 jsr @r0 @@ -97,6 +101,10 @@ kexec_magic: .long 0x400000F0 /* magic used by kexec to parse zImage format */ init_stack_addr: .long stack_start +__stack_chk_guard_val: + .long 0x000A0DFF +__stack_chk_guard_addr: + .long __stack_chk_guard decompress_kernel_addr: .long decompress_kernel kernel_start_addr: diff --git a/arch/sh/boot/compressed/head_64.S b/arch/sh/boot/compressed/head_64.S index 9993113..8b4d540 100644 --- a/arch/sh/boot/compressed/head_64.S +++ b/arch/sh/boot/compressed/head_64.S @@ -132,6 +132,10 @@ startup: addi r22, 4, r22 bne r22, r23, tr1 + movi datalabel __stack_chk_guard, r0 + movi 0x000a0dff, r1 + st.l r0, 0, r1 + /* * Decompress the kernel. */ diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c index 627ce8e..fe4c079 100644 --- a/arch/sh/boot/compressed/misc.c +++ b/arch/sh/boot/compressed/misc.c @@ -106,11 +106,6 @@ static void error(char *x) unsigned long __stack_chk_guard; -void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} - void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n"); @@ -130,8 +125,6 @@ void decompress_kernel(void) { unsigned long output_addr; - __stack_chk_guard_setup(); - #ifdef CONFIG_SUPERH64 output_addr = (CONFIG_MEMORY_START + 0x2000); #else -- 2.7.0

7 years, 7 months

6
6
0 0

[PATCH 1/5] Bluetooth: hci_bcm: Add irq_polarity module option

by Hans de Goede

Add irq_polarity module option for easier troubleshooting of irq-polarity issues. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/bluetooth/hci_bcm.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 5e3aba3c3185..bb6cd1623132 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -126,6 +126,10 @@ struct bcm_data { static DEFINE_MUTEX(bcm_device_lock); static LIST_HEAD(bcm_device_list); +static int irq_polarity = -1; +module_param(irq_polarity, int, 0444); +MODULE_PARM_DESC(irq_polarity, "IRQ polarity 0: active-high 1: active-low"); + static inline void host_set_baudrate(struct hci_uart *hu, unsigned int speed) { if (hu->serdev) @@ -988,11 +992,17 @@ static int bcm_acpi_probe(struct bcm_device *dev) } acpi_dev_free_resource_list(&resources); - dmi_id = dmi_first_match(bcm_active_low_irq_dmi_table); - if (dmi_id) { - dev_warn(dev->dev, "%s: Overwriting IRQ polarity to active low", - dmi_id->ident); - dev->irq_active_low = true; + if (irq_polarity != -1) { + dev->irq_active_low = irq_polarity; + dev_warn(dev->dev, "Overwriting IRQ polarity to active %s by module-param\n", + dev->irq_active_low ? "low" : "high"); + } else { + dmi_id = dmi_first_match(bcm_active_low_irq_dmi_table); + if (dmi_id) { + dev_warn(dev->dev, "%s: Overwriting IRQ polarity to active low", + dmi_id->ident); + dev->irq_active_low = true; + } } return 0; -- 2.14.3

7 years, 7 months

2
8
0 0

+ mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hmm: hmm_pfns_bad() was accessing wrong struct has been added to the -mm tree. Its filename is mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-hmm-hmm_pfns_bad-was-accessing-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-hmm-hmm_pfns_bad-was-accessing-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/hmm: hmm_pfns_bad() was accessing wrong struct The private field of mm_walk struct point to an hmm_vma_walk struct and not to the hmm_range struct desired. Fix to get proper struct pointer. Link: http://lkml.kernel.org/r/20180323005527.758-6-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Mark Hairgrove <mhairgrove(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hmm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN mm/hmm.c~mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct mm/hmm.c --- a/mm/hmm.c~mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct +++ a/mm/hmm.c @@ -336,7 +336,8 @@ static int hmm_pfns_bad(unsigned long ad unsigned long end, struct mm_walk *walk) { - struct hmm_range *range = walk->private; + struct hmm_vma_walk *hmm_vma_walk = walk->private; + struct hmm_range *range = hmm_vma_walk->range; hmm_pfn_t *pfns = range->pfns; unsigned long i; _ Patches currently in -mm which might be from jglisse(a)redhat.com are mm-hmm-fix-header-file-if-else-endif-maze-v2.patch mm-hmm-unregister-mmu_notifier-when-last-hmm-client-quit-v3.patch mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct.patch mm-hmm-use-struct-for-hmm_vma_fault-hmm_vma_get_pfns-parameters-v2.patch mm-hmm-remove-hmm_pfn_read-flag-and-ignore-peculiar-architecture-v2.patch mm-hmm-use-uint64_t-for-hmm-pfn-instead-of-defining-hmm_pfn_t-to-ulong-v2.patch mm-hmm-cleanup-special-vma-handling-vm_special.patch mm-hmm-do-not-differentiate-between-empty-entry-or-missing-directory-v3.patch mm-hmm-rename-hmm_pfn_device_unaddressable-to-hmm_pfn_device_private.patch mm-hmm-move-hmm_pfns_clear-closer-to-where-it-is-use.patch mm-hmm-factor-out-pte-and-pmd-handling-to-simplify-hmm_vma_walk_pmd-v2.patch mm-hmm-change-hmm_vma_fault-to-allow-write-fault-on-page-basis.patch mm-hmm-use-device-driver-encoding-for-hmm-pfn-v2.patch

7 years, 7 months

1
0
0 0

+ mm-hmm-fix-header-file-if-else-endif-maze-v2.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hmm: fix header file if/else/endif maze has been added to the -mm tree. Its filename is mm-hmm-fix-header-file-if-else-endif-maze-v2.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-hmm-fix-header-file-if-else-end… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-hmm-fix-header-file-if-else-end… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/hmm: fix header file if/else/endif maze The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. Because of this after multiple include there was multiple definition of both hmm_mm_init() and hmm_mm_destroy() leading to build failure if HMM was enabled (CONFIG_HMM set). Link: http://lkml.kernel.org/r/20180323005527.758-3-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Acked-by: Balbir Singh <bsingharora(a)gmail.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hmm.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff -puN include/linux/hmm.h~mm-hmm-fix-header-file-if-else-endif-maze-v2 include/linux/hmm.h --- a/include/linux/hmm.h~mm-hmm-fix-header-file-if-else-endif-maze-v2 +++ a/include/linux/hmm.h @@ -498,23 +498,16 @@ struct hmm_device { struct hmm_device *hmm_device_new(void *drvdata); void hmm_device_put(struct hmm_device *hmm_device); #endif /* CONFIG_DEVICE_PRIVATE || CONFIG_DEVICE_PUBLIC */ -#endif /* IS_ENABLED(CONFIG_HMM) */ /* Below are for HMM internal use only! Not to be used by device driver! */ -#if IS_ENABLED(CONFIG_HMM_MIRROR) void hmm_mm_destroy(struct mm_struct *mm); static inline void hmm_mm_init(struct mm_struct *mm) { mm->hmm = NULL; } -#else /* IS_ENABLED(CONFIG_HMM_MIRROR) */ -static inline void hmm_mm_destroy(struct mm_struct *mm) {} -static inline void hmm_mm_init(struct mm_struct *mm) {} -#endif /* IS_ENABLED(CONFIG_HMM_MIRROR) */ - - #else /* IS_ENABLED(CONFIG_HMM) */ static inline void hmm_mm_destroy(struct mm_struct *mm) {} static inline void hmm_mm_init(struct mm_struct *mm) {} +#endif /* IS_ENABLED(CONFIG_HMM) */ #endif /* LINUX_HMM_H */ _ Patches currently in -mm which might be from jglisse(a)redhat.com are mm-hmm-fix-header-file-if-else-endif-maze-v2.patch mm-hmm-unregister-mmu_notifier-when-last-hmm-client-quit-v3.patch mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct.patch mm-hmm-use-struct-for-hmm_vma_fault-hmm_vma_get_pfns-parameters-v2.patch mm-hmm-remove-hmm_pfn_read-flag-and-ignore-peculiar-architecture-v2.patch mm-hmm-use-uint64_t-for-hmm-pfn-instead-of-defining-hmm_pfn_t-to-ulong-v2.patch mm-hmm-cleanup-special-vma-handling-vm_special.patch mm-hmm-do-not-differentiate-between-empty-entry-or-missing-directory-v3.patch mm-hmm-rename-hmm_pfn_device_unaddressable-to-hmm_pfn_device_private.patch mm-hmm-move-hmm_pfns_clear-closer-to-where-it-is-use.patch mm-hmm-factor-out-pte-and-pmd-handling-to-simplify-hmm_vma_walk_pmd-v2.patch mm-hmm-change-hmm_vma_fault-to-allow-write-fault-on-page-basis.patch mm-hmm-use-device-driver-encoding-for-hmm-pfn-v2.patch

7 years, 7 months

1
0
0 0

[patch 06/13] mm/vmalloc: add interfaces to free unmapped page table

by akpm＠linux-foundation.org

From: Toshi Kani <toshi.kani(a)hpe.com> Subject: mm/vmalloc: add interfaces to free unmapped page table On architectures with CONFIG_HAVE_ARCH_HUGE_VMAP set, ioremap() may create pud/pmd mappings. Kernel panic was observed on arm64 systems with Cortex-A75 in the following steps as described by Hanjun Guo. 1. ioremap a 4K size, valid page table will build, 2. iounmap it, pte0 will set to 0; 3. ioremap the same address with 2M size, pgd/pmd is unchanged, then set the a new value for pmd; 4. pte0 is leaked; 5. CPU may meet exception because the old pmd is still in TLB, which will lead to kernel panic. This panic is not reproducible on x86. INVLPG, called from iounmap, purges all levels of entries associated with purged address on x86. x86 still has memory leak. The patch changes the ioremap path to free unmapped page table(s) since doing so in the unmap path has the following issues: - The iounmap() path is shared with vunmap(). Since vmap() only supports pte mappings, making vunmap() to free a pte page is an overhead for regular vmap users as they do not need a pte page freed up. - Checking if all entries in a pte page are cleared in the unmap path is racy, and serializing this check is expensive. - The unmap path calls free_vmap_area_noflush() to do lazy TLB purges. Clearing a pud/pmd entry before the lazy TLB purges needs extra TLB purge. Add two interfaces, pud_free_pmd_page() and pmd_free_pte_page(), which clear a given pud/pmd entry and free up a page for the lower level entries. This patch implements their stub functions on x86 and arm64, which work as workaround. [akpm(a)linux-foundation.org: fix typo in pmd_free_pte_page() stub] Link: http://lkml.kernel.org/r/20180314180155.19492-2-toshi.kani@hpe.com Fixes: e61ce6ade404e ("mm: change ioremap to set up huge I/O mappings") Reported-by: Lei Li <lious.lilei(a)hisilicon.com> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Wang Xuefeng <wxf.wang(a)hisilicon.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Hanjun Guo <guohanjun(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Borislav Petkov <bp(a)suse.de> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Chintan Pandya <cpandya(a)codeaurora.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <> --- arch/arm64/mm/mmu.c | 10 ++++++++++ arch/x86/mm/pgtable.c | 24 ++++++++++++++++++++++++ include/asm-generic/pgtable.h | 10 ++++++++++ lib/ioremap.c | 6 ++++-- 4 files changed, 48 insertions(+), 2 deletions(-) diff -puN arch/arm64/mm/mmu.c~mm-vmalloc-add-interfaces-to-free-unmapped-page-table arch/arm64/mm/mmu.c --- a/arch/arm64/mm/mmu.c~mm-vmalloc-add-interfaces-to-free-unmapped-page-table +++ a/arch/arm64/mm/mmu.c @@ -972,3 +972,13 @@ int pmd_clear_huge(pmd_t *pmdp) pmd_clear(pmdp); return 1; } + +int pud_free_pmd_page(pud_t *pud) +{ + return pud_none(*pud); +} + +int pmd_free_pte_page(pmd_t *pmd) +{ + return pmd_none(*pmd); +} diff -puN arch/x86/mm/pgtable.c~mm-vmalloc-add-interfaces-to-free-unmapped-page-table arch/x86/mm/pgtable.c --- a/arch/x86/mm/pgtable.c~mm-vmalloc-add-interfaces-to-free-unmapped-page-table +++ a/arch/x86/mm/pgtable.c @@ -702,4 +702,28 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } + +/** + * pud_free_pmd_page - Clear pud entry and free pmd page. + * @pud: Pointer to a PUD. + * + * Context: The pud range has been unmaped and TLB purged. + * Return: 1 if clearing the entry succeeded. 0 otherwise. + */ +int pud_free_pmd_page(pud_t *pud) +{ + return pud_none(*pud); +} + +/** + * pmd_free_pte_page - Clear pmd entry and free pte page. + * @pmd: Pointer to a PMD. + * + * Context: The pmd range has been unmaped and TLB purged. + * Return: 1 if clearing the entry succeeded. 0 otherwise. + */ +int pmd_free_pte_page(pmd_t *pmd) +{ + return pmd_none(*pmd); +} #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */ diff -puN include/asm-generic/pgtable.h~mm-vmalloc-add-interfaces-to-free-unmapped-page-table include/asm-generic/pgtable.h --- a/include/asm-generic/pgtable.h~mm-vmalloc-add-interfaces-to-free-unmapped-page-table +++ a/include/asm-generic/pgtable.h @@ -983,6 +983,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud); +int pmd_free_pte_page(pmd_t *pmd); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1008,6 +1010,14 @@ static inline int pmd_clear_huge(pmd_t * { return 0; } +static inline int pud_free_pmd_page(pud_t *pud) +{ + return 0; +} +static inline int pmd_free_pte_page(pmd_t *pmd) +{ + return 0; +} #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */ #ifndef __HAVE_ARCH_FLUSH_PMD_TLB_RANGE diff -puN lib/ioremap.c~mm-vmalloc-add-interfaces-to-free-unmapped-page-table lib/ioremap.c --- a/lib/ioremap.c~mm-vmalloc-add-interfaces-to-free-unmapped-page-table +++ a/lib/ioremap.c @@ -91,7 +91,8 @@ static inline int ioremap_pmd_range(pud_ if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && - IS_ALIGNED(phys_addr + addr, PMD_SIZE)) { + IS_ALIGNED(phys_addr + addr, PMD_SIZE) && + pmd_free_pte_page(pmd)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -117,7 +118,8 @@ static inline int ioremap_pud_range(p4d_ if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && - IS_ALIGNED(phys_addr + addr, PUD_SIZE)) { + IS_ALIGNED(phys_addr + addr, PUD_SIZE) && + pud_free_pmd_page(pud)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; } _

7 years, 7 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror