* [PATCH 4.19 000/149] 4.19.82-stable review
@ 2019-11-04 21:43 Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 001/149] zram: fix race between backing_dev_show and backing_dev_store Greg Kroah-Hartman
` (153 more replies)
0 siblings, 154 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 4.19.82 release.
There are 149 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.82-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.82-rc1
Justin Song <flyingecar@gmail.com>
ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface
Jussi Laako <jussi@sonarnerd.net>
ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel
Jussi Laako <jussi@sonarnerd.net>
ALSA: usb-audio: DSD auto-detection for Playback Designs
Takashi Iwai <tiwai@suse.de>
ALSA: timer: Fix mutex deadlock at releasing card
Takashi Iwai <tiwai@suse.de>
ALSA: timer: Simplify error path in snd_timer_open()
Eric Dumazet <edumazet@google.com>
sch_netem: fix rcu splat in netem_enqueue()
Valentin Vidic <vvidic@valentin-vidic.from.hr>
net: usb: sr9800: fix uninitialized local variable
Eric Dumazet <edumazet@google.com>
bonding: fix potential NULL deref in bond_update_slave_arr
Johan Hovold <johan@kernel.org>
NFC: pn533: fix use-after-free and memleaks
David Howells <dhowells@redhat.com>
rxrpc: Fix trace-after-put looking at the put peer record
David Howells <dhowells@redhat.com>
rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
David Howells <dhowells@redhat.com>
rxrpc: Fix call ref leak
Eric Biggers <ebiggers@google.com>
llc: fix sk_buff leak in llc_conn_service()
Eric Biggers <ebiggers@google.com>
llc: fix sk_buff leak in llc_sap_state_process()
Sven Eckelmann <sven@narfation.org>
batman-adv: Avoid free/alloc race when handling OGM buffer
Trond Myklebust <trondmy@gmail.com>
NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
Pelle van Gils <pelle@vangils.xyz>
drm/amdgpu/powerplay/vega10: allow undervolting in p7
Tony Lindgren <tony@atomide.com>
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
dmaengine: qcom: bam_dma: Fix resource leak
Laura Abbott <labbott@redhat.com>
rtlwifi: Fix potential overflow on P2P code
Catalin Marinas <catalin.marinas@arm.com>
arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
Heiko Carstens <heiko.carstens@de.ibm.com>
s390/idle: fix cpu idle time calculation
Yihui ZENG <yzeng56@asu.edu>
s390/cmm: fix information leak in cmm_timeout_handler()
Markus Theil <markus.theil@tu-ilmenau.de>
nl80211: fix validation of mesh path nexthop
Michał Mirosław <mirq-linux@rere.qmqm.pl>
HID: fix error message in hid_open_report()
Alan Stern <stern@rowland.harvard.edu>
HID: Fix assumption that devices have inputs
Hans de Goede <hdegoede@redhat.com>
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
Bart Van Assche <bvanassche@acm.org>
scsi: target: cxgbit: Fix cxgbit_fw4_ack()
Johan Hovold <johan@kernel.org>
USB: serial: whiteheat: fix line-speed endianness
Johan Hovold <johan@kernel.org>
USB: serial: whiteheat: fix potential slab corruption
Ben Dooks (Codethink) <ben.dooks@codethink.co.uk>
usb: xhci: fix __le32/__le64 accessors in debugfs code
Johan Hovold <johan@kernel.org>
USB: ldusb: fix control-message timeout
Johan Hovold <johan@kernel.org>
USB: ldusb: fix ring-buffer locking
Alan Stern <stern@rowland.harvard.edu>
usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
Alan Stern <stern@rowland.harvard.edu>
USB: gadget: Reject endpoints with 0 maxpacket value
Alan Stern <stern@rowland.harvard.edu>
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Add support for ALC623
Aaron Ma <aaron.ma@canonical.com>
ALSA: hda/realtek - Fix 2 front mics of codec 0x623
Takashi Sakamoto <o-takashi@sakamocchi.jp>
ALSA: bebob: Fix prototype of helper function to return negative value
Miklos Szeredi <mszeredi@redhat.com>
fuse: truncate pending writes on O_TRUNC
Miklos Szeredi <mszeredi@redhat.com>
fuse: flush dirty data/metadata before non-truncate setattr
Hui Peng <benquike@gmail.com>
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Use 32-bit writes when writing ring producer/consumer
Dan Carpenter <dan.carpenter@oracle.com>
USB: legousbtower: fix a signedness bug in tower_probe()
Mike Christie <mchristi@redhat.com>
nbd: verify socket is supported during setup
Luca Coelho <luciano.coelho@intel.com>
iwlwifi: exclude GEO SAR support for 3168
Kai-Heng Feng <kai.heng.feng@canonical.com>
ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360
Vladimir Murzin <vladimir.murzin@arm.com>
ARM: 8914/1: NOMMU: Fix exc_ret for XIP
Petr Mladek <pmladek@suse.com>
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
Christian Borntraeger <borntraeger@de.ibm.com>
s390/uaccess: avoid (false positive) compiler warnings
Chuck Lever <chuck.lever@oracle.com>
NFSv4: Fix leak of clp->cl_acceptor string
Xiubo Li <xiubli@redhat.com>
nbd: fix possible sysfs duplicate warning
Navid Emamdoost <navid.emamdoost@gmail.com>
virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
Thomas Bogendoerfer <tbogendoerfer@suse.de>
MIPS: fw: sni: Fix out of bounds init of o32 stack
Thomas Bogendoerfer <tbogendoerfer@suse.de>
MIPS: include: Mark __xchg as __always_inline
Navid Emamdoost <navid.emamdoost@gmail.com>
iio: imu: adis16400: release allocated memory on failure
Nirmoy Das <nirmoy.das@amd.com>
drm/amdgpu: fix memory leak
Tom Lendacky <thomas.lendacky@amd.com>
perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
Frederic Weisbecker <frederic@kernel.org>
sched/vtime: Fix guest/system mis-accounting on task switch
Kan Liang <kan.liang@linux.intel.com>
x86/cpu: Add Comet Lake to the Intel CPU models header
Yunfeng Ye <yeyunfeng@huawei.com>
arm64: armv8_deprecated: Checking return value for memory allocation
Jia-Ju Bai <baijiaju1990@gmail.com>
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
Jia-Ju Bai <baijiaju1990@gmail.com>
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
Jia-Ju Bai <baijiaju1990@gmail.com>
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
Jia Guo <guojia12@huawei.com>
ocfs2: clear zero in unaligned direct IO
Boris Ostrovsky <boris.ostrovsky@oracle.com>
x86/xen: Return from panic notifier
Thomas Bogendoerfer <tbogendoerfer@suse.de>
MIPS: include: Mark __cmpxchg as __always_inline
Dave Young <dyoung@redhat.com>
efi/x86: Do not clean dummy variable in kexec path
Lukas Wunner <lukas@wunner.de>
efi/cper: Fix endianness of PCIe class code
Adam Ford <aford173@gmail.com>
serial: mctrl_gpio: Check for NULL pointer
Austin Kim <austindh.kim@gmail.com>
fs: cifs: mute -Wunused-const-variable message
Thierry Reding <treding@nvidia.com>
gpio: max77620: Use correct unit for debounce times
Randy Dunlap <rdunlap@infradead.org>
tty: n_hdlc: fix build on SPARC
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
James Morse <james.morse@arm.com>
arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
ZhangXiaoxu <zhangxiaoxu5@huawei.com>
nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
Dexuan Cui <decui@microsoft.com>
HID: hyperv: Use in-place iterator API in the channel callback
Bart Van Assche <bvanassche@acm.org>
RDMA/iwcm: Fix a lock inversion issue
Navid Emamdoost <navid.emamdoost@gmail.com>
RDMA/hfi1: Prevent memory leak in sdma_init
Connor Kuehl <connor.kuehl@canonical.com>
staging: rtl8188eu: fix null dereference when kzalloc fails
Arnaldo Carvalho de Melo <acme@redhat.com>
perf annotate: Return appropriate error code for allocation failures
Arnaldo Carvalho de Melo <acme@redhat.com>
perf annotate: Propagate the symbol__annotate() error return
Arnaldo Carvalho de Melo <acme@redhat.com>
perf annotate: Fix the signedness of failure returns
Arnaldo Carvalho de Melo <acme@redhat.com>
perf annotate: Propagate perf_env__arch() error
Arnaldo Carvalho de Melo <acme@redhat.com>
perf tools: Propagate get_cpuid() error
Andi Kleen <ak@linux.intel.com>
perf jevents: Fix period for Intel fixed counters
Andi Kleen <ak@linux.intel.com>
perf script brstackinsn: Fix recovery from LBR/binary mismatch
Steve MacLean <Steve.MacLean@microsoft.com>
perf map: Fix overlapped map handling
Ian Rogers <irogers@google.com>
perf tests: Avoid raising SEGV using an obvious NULL dereference
Ian Rogers <irogers@google.com>
libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
Pascal Bouwmann <bouwmann@tau-tec.de>
iio: fix center temperature of bmc150-accel-core
Remi Pommarel <repk@triplefau.lt>
iio: adc: meson_saradc: Fix memory allocation order
Sven Van Asbroeck <thesven73@gmail.com>
power: supply: max14656: fix potential use-after-free
Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
drm/amd/display: fix odm combine pipe reset
Sven Van Asbroeck <thesven73@gmail.com>
PCI/PME: Fix possible use-after-free on remove
Andrew Lunn <andrew@lunn.ch>
net: dsa: mv88e6xxx: Release lock while requesting IRQ
Kees Cook <keescook@chromium.org>
exec: load_script: Do not exec truncated interpreter path
Theodore Ts'o <tytso@mit.edu>
ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT
Lucas A. M. Magalhães <lucmaga@gmail.com>
media: vimc: Remove unused but set variables
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: add credits from unmatched responses/messages
Pavel Shilovsky <pshilov@microsoft.com>
CIFS: Respect SMB2 hdr preamble size in read responses
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Correct localport timeout duration error
Jose Abreu <jose.abreu@synopsys.com>
net: stmmac: Fix NAPI poll in TX path when in multi-queue
Nir Dotan <nird@mellanox.com>
mlxsw: spectrum: Set LAG port collector only when active
Hanjun Guo <hanjun.guo@linaro.org>
arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs
Hanjun Guo <hanjun.guo@linaro.org>
arm64: Add MIDR encoding for HiSilicon Taishan CPUs
Sam Ravnborg <sam@ravnborg.org>
rtc: pcf8523: set xtal load capacitance from DT
Jan-Marek Glogowski <glogow@fbihome.de>
usb: handle warm-reset port requests on hub resume
Jussi Laako <jussi@sonarnerd.net>
ALSA: usb-audio: Cleanup DSD whitelist
Felipe Balbi <felipe.balbi@linux.intel.com>
usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete
Felipe Balbi <felipe.balbi@linux.intel.com>
usb: dwc3: gadget: early giveback if End Transfer already completed
Daniel T. Lee <danieltimlee@gmail.com>
samples: bpf: fix: seg fault with NULL pointer arg
Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
HID: steam: fix deadlock with input devices.
Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
HID: steam: fix boot loop with bluetooth firmware
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Ensure that the state manager exits the loop on SIGKILL
NOGUCHI Hiroshi <drvlabo@gmail.com>
HID: Add ASUS T100CHI keyboard dock battery quirks
Sergio Paracuellos <sergio.paracuellos@gmail.com>
staging: mt7621-pinctrl: use pinconf-generic for 'dt_node_to_map' and 'dt_free_map'
Brian Norris <briannorris@chromium.org>
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
Yi Wang <wang.yi59@zte.com.cn>
clk: boston: unregister clks on failure in clk_boston_setup()
Abhishek Ambure <aambure@codeaurora.org>
ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3
Ville Syrjälä <ville.syrjala@linux.intel.com>
platform/x86: Fix config space access for intel_atomisp2_pm
Ville Syrjälä <ville.syrjala@linux.intel.com>
platform/x86: Add the VLV ISP PCI ID to atomisp2_pm
Hans de Goede <hdegoede@redhat.com>
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
Kai-Heng Feng <kai.heng.feng@canonical.com>
HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels
Kai-Heng Feng <kai.heng.feng@canonical.com>
HID: i2c-hid: Disable runtime PM for LG touchscreen
Stefano Brivio <sbrivio@redhat.com>
netfilter: ipset: Make invalid MAC address checks consistent
Filipe Manana <fdmanana@suse.com>
Btrfs: fix deadlock on tree root leaf when finding free extent
Logan Gunthorpe <logang@deltatee.com>
PCI: Fix Switchtec DMA aliasing quirk dmesg noise
Coly Li <colyli@suse.de>
bcache: fix input overflow to writeback_rate_minimum
Jeykumar Sankaran <jsanka@codeaurora.org>
drm/msm/dpu: handle failures while initializing displays
Kan Liang <kan.liang@linux.intel.com>
x86/cpu: Add Atom Tremont (Jacobsville)
Len Brown <len.brown@intel.com>
tools/power turbostat: fix goldmont C-state limit decoding
Fabrice Gasnier <fabrice.gasnier@st.com>
usb: dwc2: fix unbalanced use of external vbus-supply
Julian Sax <jsbc@gmx.de>
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
Chao Yu <yuchao0@huawei.com>
f2fs: fix to recover inode->i_flags of inode block during POR
Chao Yu <yuchao0@huawei.com>
f2fs: fix to recover inode's i_gc_failures during POR
David Hildenbrand <david@redhat.com>
powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages()
Phil Elwell <phil@raspberrypi.org>
sc16is7xx: Fix for "Unexpected interrupt: 8"
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix a duplicate 0711 log message number.
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: flush quota blocks after turnning it off
Ahmad Masri <amasri@codeaurora.org>
wil6210: fix freeing of rx buffers in EDMA mode
Qu Wenruo <wqu@suse.com>
btrfs: tracepoints: Fix wrong parameter order for qgroup events
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents()
Filipe Manana <fdmanana@suse.com>
Btrfs: fix memory leak due to concurrent append writes with fiemap
Filipe Manana <fdmanana@suse.com>
Btrfs: fix inode cache block reserve leak on failure to allocate data space
Mikulas Patocka <mpatocka@redhat.com>
dm snapshot: rework COW throttling to fix deadlock
Mikulas Patocka <mpatocka@redhat.com>
dm snapshot: introduce account_start_copy() and account_end_copy()
Sasha Levin <sashal@kernel.org>
zram: fix race between backing_dev_show and backing_dev_store
-------------
Diffstat:
Documentation/admin-guide/kernel-parameters.txt | 4 +
Makefile | 4 +-
arch/arm/kernel/head-common.S | 5 +-
arch/arm/kernel/head-nommu.S | 2 +
arch/arm/mm/proc-v7m.S | 5 +-
arch/arm64/include/asm/cputype.h | 4 +
arch/arm64/include/asm/pgtable-prot.h | 15 +--
arch/arm64/kernel/armv8_deprecated.c | 5 +
arch/arm64/kernel/cpufeature.c | 1 +
arch/arm64/kernel/ftrace.c | 12 ++-
arch/mips/fw/sni/sniprom.c | 2 +-
arch/mips/include/asm/cmpxchg.h | 9 +-
arch/powerpc/platforms/powernv/memtrace.c | 4 +-
arch/s390/include/asm/uaccess.h | 4 +-
arch/s390/kernel/idle.c | 29 ++++--
arch/s390/mm/cmm.c | 12 +--
arch/x86/events/amd/core.c | 30 +++---
arch/x86/include/asm/intel-family.h | 6 +-
arch/x86/platform/efi/efi.c | 3 -
arch/x86/xen/enlighten.c | 28 ++++-
drivers/block/nbd.c | 25 ++++-
drivers/block/zram/zram_drv.c | 5 +-
drivers/clk/imgtec/clk-boston.c | 18 +++-
drivers/dma/qcom/bam_dma.c | 19 ++++
drivers/dma/ti/cppi41.c | 21 +++-
drivers/firmware/efi/cper.c | 2 +-
drivers/gpio/gpio-max77620.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 14 +--
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +-
drivers/gpu/drm/amd/powerplay/hwmgr/vega10_hwmgr.c | 4 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 31 +++---
drivers/hid/hid-axff.c | 11 +-
drivers/hid/hid-core.c | 7 +-
drivers/hid/hid-dr.c | 12 ++-
drivers/hid/hid-emsff.c | 12 ++-
drivers/hid/hid-gaff.c | 12 ++-
drivers/hid/hid-holtekff.c | 12 ++-
drivers/hid/hid-hyperv.c | 56 ++--------
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-input.c | 3 +
drivers/hid/hid-lg2ff.c | 12 ++-
drivers/hid/hid-lg3ff.c | 11 +-
drivers/hid/hid-lg4ff.c | 11 +-
drivers/hid/hid-lgff.c | 11 +-
drivers/hid/hid-logitech-hidpp.c | 11 +-
drivers/hid/hid-sony.c | 12 ++-
drivers/hid/hid-steam.c | 60 +++++------
drivers/hid/hid-tmff.c | 12 ++-
drivers/hid/hid-zpff.c | 12 ++-
drivers/hid/i2c-hid/i2c-hid-core.c | 11 ++
drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 35 +++++++
drivers/iio/accel/bmc150-accel-core.c | 2 +-
drivers/iio/adc/meson_saradc.c | 10 +-
drivers/iio/imu/adis_buffer.c | 5 +-
drivers/infiniband/core/cma.c | 3 +-
drivers/infiniband/hw/hfi1/sdma.c | 5 +-
drivers/md/bcache/sysfs.c | 4 +-
drivers/md/dm-snap.c | 90 +++++++++++++---
drivers/media/platform/vimc/vimc-sensor.c | 7 --
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/dsa/mv88e6xxx/chip.c | 2 +
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 62 ++++++++---
drivers/net/ethernet/stmicro/stmmac/stmmac.h | 5 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 115 ++++++++++++---------
drivers/net/usb/sr9800.c | 2 +-
drivers/net/wireless/ath/ath10k/core.c | 2 +-
drivers/net/wireless/ath/ath6kl/usb.c | 8 ++
drivers/net/wireless/ath/wil6210/txrx_edma.c | 44 +++-----
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 16 +--
drivers/net/wireless/realtek/rtlwifi/ps.c | 6 ++
drivers/nfc/pn533/usb.c | 9 +-
drivers/pci/pcie/pme.c | 1 +
drivers/pci/quirks.c | 4 +-
drivers/platform/x86/intel_atomisp2_pm.c | 69 +++++++++----
drivers/power/supply/max14656_charger_detector.c | 17 ++-
drivers/rtc/rtc-pcf8523.c | 28 +++--
drivers/scsi/lpfc/lpfc_nvmet.c | 6 +-
drivers/scsi/lpfc/lpfc_nvmet.h | 2 +
drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
drivers/staging/mt7621-pinctrl/Kconfig | 1 +
drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c | 41 +-------
drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 +-
drivers/target/iscsi/cxgbit/cxgbit_cm.c | 3 +-
drivers/thunderbolt/nhi.c | 22 +++-
drivers/tty/n_hdlc.c | 5 +
drivers/tty/serial/owl-uart.c | 2 +-
drivers/tty/serial/sc16is7xx.c | 28 +++++
drivers/tty/serial/serial_mctrl_gpio.c | 3 +
drivers/usb/core/hub.c | 7 ++
drivers/usb/dwc2/hcd.c | 33 ++++--
drivers/usb/dwc3/gadget.c | 25 ++---
drivers/usb/gadget/udc/core.c | 11 ++
drivers/usb/host/xhci-debugfs.c | 24 ++---
drivers/usb/misc/ldusb.c | 6 +-
drivers/usb/misc/legousbtower.c | 2 +-
drivers/usb/serial/whiteheat.c | 13 ++-
drivers/usb/serial/whiteheat.h | 2 +-
drivers/usb/storage/scsiglue.c | 10 --
drivers/usb/storage/uas.c | 20 ----
drivers/virt/vboxguest/vboxguest_utils.c | 3 +-
fs/binfmt_script.c | 57 ++++++++--
fs/btrfs/ctree.h | 6 +-
fs/btrfs/extent-tree.c | 5 +-
fs/btrfs/file.c | 20 +++-
fs/btrfs/free-space-cache.c | 22 +++-
fs/btrfs/inode-map.c | 5 +-
fs/btrfs/inode.c | 44 +++++---
fs/btrfs/ioctl.c | 6 +-
fs/btrfs/qgroup.c | 4 +-
fs/btrfs/relocation.c | 9 +-
fs/cifs/cifssmb.c | 7 +-
fs/cifs/connect.c | 22 ++++
fs/cifs/netmisc.c | 4 -
fs/cifs/smb2misc.c | 7 --
fs/cifs/smb2ops.c | 6 +-
fs/ext4/ioctl.c | 1 +
fs/f2fs/recovery.c | 3 +
fs/f2fs/super.c | 6 ++
fs/fuse/dir.c | 13 +++
fs/fuse/file.c | 10 +-
fs/nfs/delegation.c | 2 +-
fs/nfs/nfs4proc.c | 1 +
fs/nfs/nfs4state.c | 2 +-
fs/nfs/write.c | 5 +-
fs/ocfs2/aops.c | 25 ++++-
fs/ocfs2/ioctl.c | 2 +-
fs/ocfs2/xattr.c | 56 +++++-----
include/net/llc_conn.h | 2 +-
include/net/sch_generic.h | 5 +
include/trace/events/rxrpc.h | 6 +-
kernel/sched/cputime.c | 6 +-
kernel/trace/trace.c | 1 +
net/batman-adv/bat_iv_ogm.c | 60 +++++++++--
net/batman-adv/hard-interface.c | 2 +
net/batman-adv/types.h | 3 +
net/llc/llc_c_ac.c | 8 +-
net/llc/llc_conn.c | 32 ++----
net/llc/llc_s_ac.c | 12 ++-
net/llc/llc_sap.c | 23 ++---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 3 +
net/netfilter/ipset/ip_set_hash_ipmac.c | 11 +-
net/rxrpc/peer_object.c | 16 +--
net/rxrpc/sendmsg.c | 1 +
net/sched/sch_netem.c | 2 +-
net/wireless/nl80211.c | 3 +-
samples/bpf/bpf_load.c | 4 +-
scripts/setlocalversion | 12 ++-
sound/core/timer.c | 63 ++++++-----
sound/firewire/bebob/bebob_stream.c | 3 +-
sound/pci/hda/patch_realtek.c | 39 ++++++-
sound/usb/quirks.c | 31 ++----
tools/lib/subcmd/Makefile | 8 +-
tools/perf/arch/powerpc/util/header.c | 3 +-
tools/perf/arch/s390/util/header.c | 9 +-
tools/perf/arch/x86/util/header.c | 3 +-
tools/perf/builtin-kvm.c | 7 +-
tools/perf/builtin-script.c | 6 +-
tools/perf/pmu-events/jevents.c | 12 +--
tools/perf/tests/perf-hooks.c | 3 +-
tools/perf/util/annotate.c | 10 +-
tools/perf/util/map.c | 3 +
tools/power/x86/turbostat/turbostat.c | 9 +-
162 files changed, 1450 insertions(+), 775 deletions(-)
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 001/149] zram: fix race between backing_dev_show and backing_dev_store
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 002/149] dm snapshot: introduce account_start_copy() and account_end_copy() Greg Kroah-Hartman
` (152 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chenwandun, Minchan Kim,
Sergey Senozhatsky, Jens Axboe, Andrew Morton, Linus Torvalds,
Sasha Levin
[ Upstream commit f7daefe4231e57381d92c2e2ad905a899c28e402 ]
CPU0: CPU1:
backing_dev_show backing_dev_store
...... ......
file = zram->backing_dev;
down_read(&zram->init_lock); down_read(&zram->init_init_lock)
file_path(file, ...); zram->backing_dev = backing_dev;
up_read(&zram->init_lock); up_read(&zram->init_lock);
gets the value of zram->backing_dev too early in backing_dev_show, which
resultin the value being NULL at the beginning, and not NULL later.
backtrace:
d_path+0xcc/0x174
file_path+0x10/0x18
backing_dev_show+0x40/0xb4
dev_attr_show+0x20/0x54
sysfs_kf_seq_show+0x9c/0x10c
kernfs_seq_show+0x28/0x30
seq_read+0x184/0x488
kernfs_fop_read+0x5c/0x1a4
__vfs_read+0x44/0x128
vfs_read+0xa0/0x138
SyS_read+0x54/0xb4
Link: http://lkml.kernel.org/r/1571046839-16814-1-git-send-email-chenwandun@huawei.com
Signed-off-by: Chenwandun <chenwandun@huawei.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org> [4.14+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/zram/zram_drv.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
index 70cbd0ee1b076..76abe40bfa83b 100644
--- a/drivers/block/zram/zram_drv.c
+++ b/drivers/block/zram/zram_drv.c
@@ -312,13 +312,14 @@ static void reset_bdev(struct zram *zram)
static ssize_t backing_dev_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
+ struct file *file;
struct zram *zram = dev_to_zram(dev);
- struct file *file = zram->backing_dev;
char *p;
ssize_t ret;
down_read(&zram->init_lock);
- if (!zram_wb_enabled(zram)) {
+ file = zram->backing_dev;
+ if (!file) {
memcpy(buf, "none\n", 5);
up_read(&zram->init_lock);
return 5;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 002/149] dm snapshot: introduce account_start_copy() and account_end_copy()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 001/149] zram: fix race between backing_dev_show and backing_dev_store Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 003/149] dm snapshot: rework COW throttling to fix deadlock Greg Kroah-Hartman
` (151 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Nikos Tsironis,
Mike Snitzer, Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit a2f83e8b0c82c9500421a26c49eb198b25fcdea3 ]
This simple refactoring moves code for modifying the semaphore cow_count
into separate functions to prepare for changes that will extend these
methods to provide for a more sophisticated mechanism for COW
throttling.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Nikos Tsironis <ntsironis@arrikto.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-snap.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
index 36805b12661e1..d9216afbd490f 100644
--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -1399,6 +1399,16 @@ static void snapshot_dtr(struct dm_target *ti)
kfree(s);
}
+static void account_start_copy(struct dm_snapshot *s)
+{
+ down(&s->cow_count);
+}
+
+static void account_end_copy(struct dm_snapshot *s)
+{
+ up(&s->cow_count);
+}
+
/*
* Flush a list of buffers.
*/
@@ -1594,7 +1604,7 @@ static void copy_callback(int read_err, unsigned long write_err, void *context)
rb_link_node(&pe->out_of_order_node, parent, p);
rb_insert_color(&pe->out_of_order_node, &s->out_of_order_tree);
}
- up(&s->cow_count);
+ account_end_copy(s);
}
/*
@@ -1618,7 +1628,7 @@ static void start_copy(struct dm_snap_pending_exception *pe)
dest.count = src.count;
/* Hand over to kcopyd */
- down(&s->cow_count);
+ account_start_copy(s);
dm_kcopyd_copy(s->kcopyd_client, &src, 1, &dest, 0, copy_callback, pe);
}
@@ -1638,7 +1648,7 @@ static void start_full_bio(struct dm_snap_pending_exception *pe,
pe->full_bio = bio;
pe->full_bio_end_io = bio->bi_end_io;
- down(&s->cow_count);
+ account_start_copy(s);
callback_data = dm_kcopyd_prepare_callback(s->kcopyd_client,
copy_callback, pe);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 003/149] dm snapshot: rework COW throttling to fix deadlock
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 001/149] zram: fix race between backing_dev_show and backing_dev_store Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 002/149] dm snapshot: introduce account_start_copy() and account_end_copy() Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 004/149] Btrfs: fix inode cache block reserve leak on failure to allocate data space Greg Kroah-Hartman
` (150 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guruswamy Basavaiah, Nikos Tsironis,
Mikulas Patocka, Mike Snitzer, Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit b21555786f18cd77f2311ad89074533109ae3ffa ]
Commit 721b1d98fb517a ("dm snapshot: Fix excessive memory usage and
workqueue stalls") introduced a semaphore to limit the maximum number of
in-flight kcopyd (COW) jobs.
The implementation of this throttling mechanism is prone to a deadlock:
1. One or more threads write to the origin device causing COW, which is
performed by kcopyd.
2. At some point some of these threads might reach the s->cow_count
semaphore limit and block in down(&s->cow_count), holding a read lock
on _origins_lock.
3. Someone tries to acquire a write lock on _origins_lock, e.g.,
snapshot_ctr(), which blocks because the threads at step (2) already
hold a read lock on it.
4. A COW operation completes and kcopyd runs dm-snapshot's completion
callback, which ends up calling pending_complete().
pending_complete() tries to resubmit any deferred origin bios. This
requires acquiring a read lock on _origins_lock, which blocks.
This happens because the read-write semaphore implementation gives
priority to writers, meaning that as soon as a writer tries to enter
the critical section, no readers will be allowed in, until all
writers have completed their work.
So, pending_complete() waits for the writer at step (3) to acquire
and release the lock. This writer waits for the readers at step (2)
to release the read lock and those readers wait for
pending_complete() (the kcopyd thread) to signal the s->cow_count
semaphore: DEADLOCK.
The above was thoroughly analyzed and documented by Nikos Tsironis as
part of his initial proposal for fixing this deadlock, see:
https://www.redhat.com/archives/dm-devel/2019-October/msg00001.html
Fix this deadlock by reworking COW throttling so that it waits without
holding any locks. Add a variable 'in_progress' that counts how many
kcopyd jobs are running. A function wait_for_in_progress() will sleep if
'in_progress' is over the limit. It drops _origins_lock in order to
avoid the deadlock.
Reported-by: Guruswamy Basavaiah <guru2018@gmail.com>
Reported-by: Nikos Tsironis <ntsironis@arrikto.com>
Reviewed-by: Nikos Tsironis <ntsironis@arrikto.com>
Tested-by: Nikos Tsironis <ntsironis@arrikto.com>
Fixes: 721b1d98fb51 ("dm snapshot: Fix excessive memory usage and workqueue stalls")
Cc: stable@vger.kernel.org # v5.0+
Depends-on: 4a3f111a73a8c ("dm snapshot: introduce account_start_copy() and account_end_copy()")
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-snap.c | 78 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 64 insertions(+), 14 deletions(-)
diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
index d9216afbd490f..d3f28a9e3fd95 100644
--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -19,7 +19,6 @@
#include <linux/vmalloc.h>
#include <linux/log2.h>
#include <linux/dm-kcopyd.h>
-#include <linux/semaphore.h>
#include "dm.h"
@@ -106,8 +105,8 @@ struct dm_snapshot {
/* The on disk metadata handler */
struct dm_exception_store *store;
- /* Maximum number of in-flight COW jobs. */
- struct semaphore cow_count;
+ unsigned in_progress;
+ struct wait_queue_head in_progress_wait;
struct dm_kcopyd_client *kcopyd_client;
@@ -158,8 +157,8 @@ struct dm_snapshot {
*/
#define DEFAULT_COW_THRESHOLD 2048
-static int cow_threshold = DEFAULT_COW_THRESHOLD;
-module_param_named(snapshot_cow_threshold, cow_threshold, int, 0644);
+static unsigned cow_threshold = DEFAULT_COW_THRESHOLD;
+module_param_named(snapshot_cow_threshold, cow_threshold, uint, 0644);
MODULE_PARM_DESC(snapshot_cow_threshold, "Maximum number of chunks being copied on write");
DECLARE_DM_KCOPYD_THROTTLE_WITH_MODULE_PARM(snapshot_copy_throttle,
@@ -1207,7 +1206,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
goto bad_hash_tables;
}
- sema_init(&s->cow_count, (cow_threshold > 0) ? cow_threshold : INT_MAX);
+ init_waitqueue_head(&s->in_progress_wait);
s->kcopyd_client = dm_kcopyd_client_create(&dm_kcopyd_throttle);
if (IS_ERR(s->kcopyd_client)) {
@@ -1396,17 +1395,54 @@ static void snapshot_dtr(struct dm_target *ti)
dm_put_device(ti, s->origin);
+ WARN_ON(s->in_progress);
+
kfree(s);
}
static void account_start_copy(struct dm_snapshot *s)
{
- down(&s->cow_count);
+ spin_lock(&s->in_progress_wait.lock);
+ s->in_progress++;
+ spin_unlock(&s->in_progress_wait.lock);
}
static void account_end_copy(struct dm_snapshot *s)
{
- up(&s->cow_count);
+ spin_lock(&s->in_progress_wait.lock);
+ BUG_ON(!s->in_progress);
+ s->in_progress--;
+ if (likely(s->in_progress <= cow_threshold) &&
+ unlikely(waitqueue_active(&s->in_progress_wait)))
+ wake_up_locked(&s->in_progress_wait);
+ spin_unlock(&s->in_progress_wait.lock);
+}
+
+static bool wait_for_in_progress(struct dm_snapshot *s, bool unlock_origins)
+{
+ if (unlikely(s->in_progress > cow_threshold)) {
+ spin_lock(&s->in_progress_wait.lock);
+ if (likely(s->in_progress > cow_threshold)) {
+ /*
+ * NOTE: this throttle doesn't account for whether
+ * the caller is servicing an IO that will trigger a COW
+ * so excess throttling may result for chunks not required
+ * to be COW'd. But if cow_threshold was reached, extra
+ * throttling is unlikely to negatively impact performance.
+ */
+ DECLARE_WAITQUEUE(wait, current);
+ __add_wait_queue(&s->in_progress_wait, &wait);
+ __set_current_state(TASK_UNINTERRUPTIBLE);
+ spin_unlock(&s->in_progress_wait.lock);
+ if (unlock_origins)
+ up_read(&_origins_lock);
+ io_schedule();
+ remove_wait_queue(&s->in_progress_wait, &wait);
+ return false;
+ }
+ spin_unlock(&s->in_progress_wait.lock);
+ }
+ return true;
}
/*
@@ -1424,7 +1460,7 @@ static void flush_bios(struct bio *bio)
}
}
-static int do_origin(struct dm_dev *origin, struct bio *bio);
+static int do_origin(struct dm_dev *origin, struct bio *bio, bool limit);
/*
* Flush a list of buffers.
@@ -1437,7 +1473,7 @@ static void retry_origin_bios(struct dm_snapshot *s, struct bio *bio)
while (bio) {
n = bio->bi_next;
bio->bi_next = NULL;
- r = do_origin(s->origin, bio);
+ r = do_origin(s->origin, bio, false);
if (r == DM_MAPIO_REMAPPED)
generic_make_request(bio);
bio = n;
@@ -1739,6 +1775,11 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio)
if (!s->valid)
return DM_MAPIO_KILL;
+ if (bio_data_dir(bio) == WRITE) {
+ while (unlikely(!wait_for_in_progress(s, false)))
+ ; /* wait_for_in_progress() has slept */
+ }
+
mutex_lock(&s->lock);
if (!s->valid || (unlikely(s->snapshot_overflowed) &&
@@ -1887,7 +1928,7 @@ redirect_to_origin:
if (bio_data_dir(bio) == WRITE) {
mutex_unlock(&s->lock);
- return do_origin(s->origin, bio);
+ return do_origin(s->origin, bio, false);
}
out_unlock:
@@ -2224,15 +2265,24 @@ next_snapshot:
/*
* Called on a write from the origin driver.
*/
-static int do_origin(struct dm_dev *origin, struct bio *bio)
+static int do_origin(struct dm_dev *origin, struct bio *bio, bool limit)
{
struct origin *o;
int r = DM_MAPIO_REMAPPED;
+again:
down_read(&_origins_lock);
o = __lookup_origin(origin->bdev);
- if (o)
+ if (o) {
+ if (limit) {
+ struct dm_snapshot *s;
+ list_for_each_entry(s, &o->snapshots, list)
+ if (unlikely(!wait_for_in_progress(s, true)))
+ goto again;
+ }
+
r = __origin_write(&o->snapshots, bio->bi_iter.bi_sector, bio);
+ }
up_read(&_origins_lock);
return r;
@@ -2345,7 +2395,7 @@ static int origin_map(struct dm_target *ti, struct bio *bio)
dm_accept_partial_bio(bio, available_sectors);
/* Only tell snapshots if this is a write */
- return do_origin(o->dev, bio);
+ return do_origin(o->dev, bio, true);
}
static long origin_dax_direct_access(struct dm_target *ti, pgoff_t pgoff,
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 004/149] Btrfs: fix inode cache block reserve leak on failure to allocate data space
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 003/149] dm snapshot: rework COW throttling to fix deadlock Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 005/149] Btrfs: fix memory leak due to concurrent append writes with fiemap Greg Kroah-Hartman
` (149 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit 29d47d00e0ae61668ee0c5d90bef2893c8abbafa ]
If we failed to allocate the data extent(s) for the inode space cache, we
were bailing out without releasing the previously reserved metadata. This
was triggering the following warnings when unmounting a filesystem:
$ cat -n fs/btrfs/inode.c
(...)
9268 void btrfs_destroy_inode(struct inode *inode)
9269 {
(...)
9276 WARN_ON(BTRFS_I(inode)->block_rsv.reserved);
9277 WARN_ON(BTRFS_I(inode)->block_rsv.size);
(...)
9281 WARN_ON(BTRFS_I(inode)->csum_bytes);
9282 WARN_ON(BTRFS_I(inode)->defrag_bytes);
(...)
Several fstests test cases triggered this often, such as generic/083,
generic/102, generic/172, generic/269 and generic/300 at least, producing
stack traces like the following in dmesg/syslog:
[82039.079546] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9276 btrfs_destroy_inode+0x203/0x270 [btrfs]
(...)
[82039.081543] CPU: 2 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1
[82039.081912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[82039.082673] RIP: 0010:btrfs_destroy_inode+0x203/0x270 [btrfs]
(...)
[82039.083913] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010206
[82039.084320] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002
[82039.084736] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8dde29b34660
[82039.085156] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
[82039.085578] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0
[82039.086000] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000
[82039.086416] FS: 00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000
[82039.086837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[82039.087253] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0
[82039.087672] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[82039.088089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[82039.088504] Call Trace:
[82039.088918] destroy_inode+0x3b/0x70
[82039.089340] btrfs_free_fs_root+0x16/0xa0 [btrfs]
[82039.089768] btrfs_free_fs_roots+0xd8/0x160 [btrfs]
[82039.090183] ? wait_for_completion+0x65/0x1a0
[82039.090607] close_ctree+0x172/0x370 [btrfs]
[82039.091021] generic_shutdown_super+0x6c/0x110
[82039.091427] kill_anon_super+0xe/0x30
[82039.091832] btrfs_kill_super+0x12/0xa0 [btrfs]
[82039.092233] deactivate_locked_super+0x3a/0x70
[82039.092636] cleanup_mnt+0x3b/0x80
[82039.093039] task_work_run+0x93/0xc0
[82039.093457] exit_to_usermode_loop+0xfa/0x100
[82039.093856] do_syscall_64+0x162/0x1d0
[82039.094244] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[82039.094634] RIP: 0033:0x7f8db8fbab37
(...)
[82039.095876] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[82039.096290] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
[82039.096700] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
[82039.097110] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
[82039.097522] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
[82039.097937] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
[82039.098350] irq event stamp: 0
[82039.098750] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[82039.099150] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.099545] softirqs last enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.099925] softirqs last disabled at (0): [<0000000000000000>] 0x0
[82039.100292] ---[ end trace f2521afa616ddccc ]---
[82039.100707] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9277 btrfs_destroy_inode+0x1ac/0x270 [btrfs]
(...)
[82039.103050] CPU: 2 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1
[82039.103428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[82039.104203] RIP: 0010:btrfs_destroy_inode+0x1ac/0x270 [btrfs]
(...)
[82039.105461] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010206
[82039.105866] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002
[82039.106270] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8dde29b34660
[82039.106673] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
[82039.107078] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0
[82039.107487] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000
[82039.107894] FS: 00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000
[82039.108309] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[82039.108723] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0
[82039.109146] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[82039.109567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[82039.109989] Call Trace:
[82039.110405] destroy_inode+0x3b/0x70
[82039.110830] btrfs_free_fs_root+0x16/0xa0 [btrfs]
[82039.111257] btrfs_free_fs_roots+0xd8/0x160 [btrfs]
[82039.111675] ? wait_for_completion+0x65/0x1a0
[82039.112101] close_ctree+0x172/0x370 [btrfs]
[82039.112519] generic_shutdown_super+0x6c/0x110
[82039.112988] kill_anon_super+0xe/0x30
[82039.113439] btrfs_kill_super+0x12/0xa0 [btrfs]
[82039.113861] deactivate_locked_super+0x3a/0x70
[82039.114278] cleanup_mnt+0x3b/0x80
[82039.114685] task_work_run+0x93/0xc0
[82039.115083] exit_to_usermode_loop+0xfa/0x100
[82039.115476] do_syscall_64+0x162/0x1d0
[82039.115863] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[82039.116254] RIP: 0033:0x7f8db8fbab37
(...)
[82039.117463] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[82039.117882] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
[82039.118330] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
[82039.118743] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
[82039.119159] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
[82039.119574] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
[82039.119987] irq event stamp: 0
[82039.120387] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[82039.120787] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.121182] softirqs last enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.121563] softirqs last disabled at (0): [<0000000000000000>] 0x0
[82039.121933] ---[ end trace f2521afa616ddccd ]---
[82039.122353] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9278 btrfs_destroy_inode+0x1bc/0x270 [btrfs]
(...)
[82039.124606] CPU: 2 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1
[82039.125008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[82039.125801] RIP: 0010:btrfs_destroy_inode+0x1bc/0x270 [btrfs]
(...)
[82039.126998] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010202
[82039.127399] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002
[82039.127803] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8dde29b34660
[82039.128206] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
[82039.128611] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0
[82039.129020] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000
[82039.129428] FS: 00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000
[82039.129846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[82039.130261] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0
[82039.130684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[82039.131142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[82039.131561] Call Trace:
[82039.131990] destroy_inode+0x3b/0x70
[82039.132417] btrfs_free_fs_root+0x16/0xa0 [btrfs]
[82039.132844] btrfs_free_fs_roots+0xd8/0x160 [btrfs]
[82039.133262] ? wait_for_completion+0x65/0x1a0
[82039.133688] close_ctree+0x172/0x370 [btrfs]
[82039.134157] generic_shutdown_super+0x6c/0x110
[82039.134575] kill_anon_super+0xe/0x30
[82039.134997] btrfs_kill_super+0x12/0xa0 [btrfs]
[82039.135415] deactivate_locked_super+0x3a/0x70
[82039.135832] cleanup_mnt+0x3b/0x80
[82039.136239] task_work_run+0x93/0xc0
[82039.136637] exit_to_usermode_loop+0xfa/0x100
[82039.137029] do_syscall_64+0x162/0x1d0
[82039.137418] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[82039.137812] RIP: 0033:0x7f8db8fbab37
(...)
[82039.139059] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[82039.139475] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
[82039.139890] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
[82039.140302] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
[82039.140719] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
[82039.141138] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
[82039.141597] irq event stamp: 0
[82039.142043] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[82039.142443] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.142839] softirqs last enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.143220] softirqs last disabled at (0): [<0000000000000000>] 0x0
[82039.143588] ---[ end trace f2521afa616ddcce ]---
[82039.167472] WARNING: CPU: 3 PID: 13167 at fs/btrfs/extent-tree.c:10120 btrfs_free_block_groups+0x30d/0x460 [btrfs]
(...)
[82039.173800] CPU: 3 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1
[82039.174847] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[82039.177031] RIP: 0010:btrfs_free_block_groups+0x30d/0x460 [btrfs]
(...)
[82039.180397] RSP: 0018:ffffac0b426a7dd8 EFLAGS: 00010206
[82039.181574] RAX: ffff8de010a1db40 RBX: ffff8de010a1db40 RCX: 0000000000170014
[82039.182711] RDX: ffff8ddff4380040 RSI: ffff8de010a1da58 RDI: 0000000000000246
[82039.183817] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
[82039.184925] R10: ffff8de036404380 R11: ffffffffb8a5ea00 R12: ffff8de010a1b2b8
[82039.186090] R13: ffff8de010a1b2b8 R14: 0000000000000000 R15: dead000000000100
[82039.187208] FS: 00007f8db96d12c0(0000) GS:ffff8de036b80000(0000) knlGS:0000000000000000
[82039.188345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[82039.189481] CR2: 00007fb044005170 CR3: 00000002315cc006 CR4: 00000000003606e0
[82039.190674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[82039.191829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[82039.192978] Call Trace:
[82039.194160] close_ctree+0x19a/0x370 [btrfs]
[82039.195315] generic_shutdown_super+0x6c/0x110
[82039.196486] kill_anon_super+0xe/0x30
[82039.197645] btrfs_kill_super+0x12/0xa0 [btrfs]
[82039.198696] deactivate_locked_super+0x3a/0x70
[82039.199619] cleanup_mnt+0x3b/0x80
[82039.200559] task_work_run+0x93/0xc0
[82039.201505] exit_to_usermode_loop+0xfa/0x100
[82039.202436] do_syscall_64+0x162/0x1d0
[82039.203339] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[82039.204091] RIP: 0033:0x7f8db8fbab37
(...)
[82039.206360] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[82039.207132] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
[82039.207906] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
[82039.208621] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
[82039.209285] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
[82039.209984] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
[82039.210642] irq event stamp: 0
[82039.211306] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[82039.211971] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.212643] softirqs last enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
[82039.213304] softirqs last disabled at (0): [<0000000000000000>] 0x0
[82039.213875] ---[ end trace f2521afa616ddccf ]---
Fix this by releasing the reserved metadata on failure to allocate data
extent(s) for the inode cache.
Fixes: 69fe2d75dd91d0 ("btrfs: make the delalloc block rsv per inode")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/inode-map.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/btrfs/inode-map.c b/fs/btrfs/inode-map.c
index ffca2abf13d0c..0141fc08d317e 100644
--- a/fs/btrfs/inode-map.c
+++ b/fs/btrfs/inode-map.c
@@ -484,6 +484,7 @@ again:
prealloc, prealloc, &alloc_hint);
if (ret) {
btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc, true);
+ btrfs_delalloc_release_metadata(BTRFS_I(inode), prealloc, true);
goto out_put;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 005/149] Btrfs: fix memory leak due to concurrent append writes with fiemap
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 004/149] Btrfs: fix inode cache block reserve leak on failure to allocate data space Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 006/149] btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() Greg Kroah-Hartman
` (148 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Filipe Manana,
David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit c67d970f0ea8dcc423e112137d34334fa0abb8ec ]
When we have a buffered write that starts at an offset greater than or
equals to the file's size happening concurrently with a full ranged
fiemap, we can end up leaking an extent state structure.
Suppose we have a file with a size of 1Mb, and before the buffered write
and fiemap are performed, it has a single extent state in its io tree
representing the range from 0 to 1Mb, with the EXTENT_DELALLOC bit set.
The following sequence diagram shows how the memory leak happens if a
fiemap a buffered write, starting at offset 1Mb and with a length of
4Kb, are performed concurrently.
CPU 1 CPU 2
extent_fiemap()
--> it's a full ranged fiemap
range from 0 to LLONG_MAX - 1
(9223372036854775807)
--> locks range in the inode's
io tree
--> after this we have 2 extent
states in the io tree:
--> 1 for range [0, 1Mb[ with
the bits EXTENT_LOCKED and
EXTENT_DELALLOC_BITS set
--> 1 for the range
[1Mb, LLONG_MAX[ with
the EXTENT_LOCKED bit set
--> start buffered write at offset
1Mb with a length of 4Kb
btrfs_file_write_iter()
btrfs_buffered_write()
--> cached_state is NULL
lock_and_cleanup_extent_if_need()
--> returns 0 and does not lock
range because it starts
at current i_size / eof
--> cached_state remains NULL
btrfs_dirty_pages()
btrfs_set_extent_delalloc()
(...)
__set_extent_bit()
--> splits extent state for range
[1Mb, LLONG_MAX[ and now we
have 2 extent states:
--> one for the range
[1Mb, 1Mb + 4Kb[ with
EXTENT_LOCKED set
--> another one for the range
[1Mb + 4Kb, LLONG_MAX[ with
EXTENT_LOCKED set as well
--> sets EXTENT_DELALLOC on the
extent state for the range
[1Mb, 1Mb + 4Kb[
--> caches extent state
[1Mb, 1Mb + 4Kb[ into
@cached_state because it has
the bit EXTENT_LOCKED set
--> btrfs_buffered_write() ends up
with a non-NULL cached_state and
never calls anything to release its
reference on it, resulting in a
memory leak
Fix this by calling free_extent_state() on cached_state if the range was
not locked by lock_and_cleanup_extent_if_need().
The same issue can happen if anything else other than fiemap locks a range
that covers eof and beyond.
This could be triggered, sporadically, by test case generic/561 from the
fstests suite, which makes duperemove run concurrently with fsstress, and
duperemove does plenty of calls to fiemap. When CONFIG_BTRFS_DEBUG is set
the leak is reported in dmesg/syslog when removing the btrfs module with
a message like the following:
[77100.039461] BTRFS: state leak: start 6574080 end 6582271 state 16402 in tree 0 refs 1
Otherwise (CONFIG_BTRFS_DEBUG not set) detectable with kmemleak.
CC: stable@vger.kernel.org # 4.16+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/file.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 4870440d6424a..5d036b794e4af 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1591,7 +1591,6 @@ static noinline ssize_t btrfs_buffered_write(struct kiocb *iocb,
struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
struct btrfs_root *root = BTRFS_I(inode)->root;
struct page **pages = NULL;
- struct extent_state *cached_state = NULL;
struct extent_changeset *data_reserved = NULL;
u64 release_bytes = 0;
u64 lockstart;
@@ -1612,6 +1611,7 @@ static noinline ssize_t btrfs_buffered_write(struct kiocb *iocb,
while (iov_iter_count(i) > 0) {
size_t offset = pos & (PAGE_SIZE - 1);
+ struct extent_state *cached_state = NULL;
size_t sector_offset;
size_t write_bytes = min(iov_iter_count(i),
nrptrs * (size_t)PAGE_SIZE -
@@ -1758,9 +1758,20 @@ again:
if (copied > 0)
ret = btrfs_dirty_pages(inode, pages, dirty_pages,
pos, copied, &cached_state);
+
+ /*
+ * If we have not locked the extent range, because the range's
+ * start offset is >= i_size, we might still have a non-NULL
+ * cached extent state, acquired while marking the extent range
+ * as delalloc through btrfs_dirty_pages(). Therefore free any
+ * possible cached extent state to avoid a memory leak.
+ */
if (extents_locked)
unlock_extent_cached(&BTRFS_I(inode)->io_tree,
lockstart, lockend, &cached_state);
+ else
+ free_extent_state(cached_state);
+
btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes,
true);
if (ret) {
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 006/149] btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 005/149] Btrfs: fix memory leak due to concurrent append writes with fiemap Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 007/149] btrfs: tracepoints: Fix wrong parameter order for qgroup events Greg Kroah-Hartman
` (147 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Qu Wenruo,
David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 8702ba9396bf7bbae2ab93c94acd4bd37cfa4f09 ]
[Background]
Btrfs qgroup uses two types of reserved space for METADATA space,
PERTRANS and PREALLOC.
PERTRANS is metadata space reserved for each transaction started by
btrfs_start_transaction().
While PREALLOC is for delalloc, where we reserve space before joining a
transaction, and finally it will be converted to PERTRANS after the
writeback is done.
[Inconsistency]
However there is inconsistency in how we handle PREALLOC metadata space.
The most obvious one is:
In btrfs_buffered_write():
btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes, true);
We always free qgroup PREALLOC meta space.
While in btrfs_truncate_block():
btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, (ret != 0));
We only free qgroup PREALLOC meta space when something went wrong.
[The Correct Behavior]
The correct behavior should be the one in btrfs_buffered_write(), we
should always free PREALLOC metadata space.
The reason is, the btrfs_delalloc_* mechanism works by:
- Reserve metadata first, even it's not necessary
In btrfs_delalloc_reserve_metadata()
- Free the unused metadata space
Normally in:
btrfs_delalloc_release_extents()
|- btrfs_inode_rsv_release()
Here we do calculation on whether we should release or not.
E.g. for 64K buffered write, the metadata rsv works like:
/* The first page */
reserve_meta: num_bytes=calc_inode_reservations()
free_meta: num_bytes=0
total: num_bytes=calc_inode_reservations()
/* The first page caused one outstanding extent, thus needs metadata
rsv */
/* The 2nd page */
reserve_meta: num_bytes=calc_inode_reservations()
free_meta: num_bytes=calc_inode_reservations()
total: not changed
/* The 2nd page doesn't cause new outstanding extent, needs no new meta
rsv, so we free what we have reserved */
/* The 3rd~16th pages */
reserve_meta: num_bytes=calc_inode_reservations()
free_meta: num_bytes=calc_inode_reservations()
total: not changed (still space for one outstanding extent)
This means, if btrfs_delalloc_release_extents() determines to free some
space, then those space should be freed NOW.
So for qgroup, we should call btrfs_qgroup_free_meta_prealloc() other
than btrfs_qgroup_convert_reserved_meta().
The good news is:
- The callers are not that hot
The hottest caller is in btrfs_buffered_write(), which is already
fixed by commit 336a8bb8e36a ("btrfs: Fix wrong
btrfs_delalloc_release_extents parameter"). Thus it's not that
easy to cause false EDQUOT.
- The trans commit in advance for qgroup would hide the bug
Since commit f5fef4593653 ("btrfs: qgroup: Make qgroup async transaction
commit more aggressive"), when btrfs qgroup metadata free space is slow,
it will try to commit transaction and free the wrongly converted
PERTRANS space, so it's not that easy to hit such bug.
[FIX]
So to fix the problem, remove the @qgroup_free parameter for
btrfs_delalloc_release_extents(), and always pass true to
btrfs_inode_rsv_release().
Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 43b18595d660 ("btrfs: qgroup: Use separate meta reservation type for delalloc")
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ctree.h | 3 +--
fs/btrfs/extent-tree.c | 5 ++---
fs/btrfs/file.c | 7 +++----
fs/btrfs/inode-map.c | 4 ++--
fs/btrfs/inode.c | 12 ++++++------
fs/btrfs/ioctl.c | 6 ++----
fs/btrfs/relocation.c | 9 ++++-----
7 files changed, 20 insertions(+), 26 deletions(-)
diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index faca485ccd8f4..ef7a352d72ed8 100644
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -2747,8 +2747,7 @@ int btrfs_subvolume_reserve_metadata(struct btrfs_root *root,
int nitems, bool use_global_rsv);
void btrfs_subvolume_release_metadata(struct btrfs_fs_info *fs_info,
struct btrfs_block_rsv *rsv);
-void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes,
- bool qgroup_free);
+void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes);
int btrfs_delalloc_reserve_metadata(struct btrfs_inode *inode, u64 num_bytes);
void btrfs_delalloc_release_metadata(struct btrfs_inode *inode, u64 num_bytes,
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index 72c745682996f..024dd336b20ae 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -5980,8 +5980,7 @@ void btrfs_delalloc_release_metadata(struct btrfs_inode *inode, u64 num_bytes,
* temporarily tracked outstanding_extents. This _must_ be used in conjunction
* with btrfs_delalloc_reserve_metadata.
*/
-void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes,
- bool qgroup_free)
+void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes)
{
struct btrfs_fs_info *fs_info = inode->root->fs_info;
unsigned num_extents;
@@ -5995,7 +5994,7 @@ void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes,
if (btrfs_is_testing(fs_info))
return;
- btrfs_inode_rsv_release(inode, qgroup_free);
+ btrfs_inode_rsv_release(inode, true);
}
/**
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 5d036b794e4af..a456801e0cd54 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1692,7 +1692,7 @@ again:
force_page_uptodate);
if (ret) {
btrfs_delalloc_release_extents(BTRFS_I(inode),
- reserve_bytes, true);
+ reserve_bytes);
break;
}
@@ -1704,7 +1704,7 @@ again:
if (extents_locked == -EAGAIN)
goto again;
btrfs_delalloc_release_extents(BTRFS_I(inode),
- reserve_bytes, true);
+ reserve_bytes);
ret = extents_locked;
break;
}
@@ -1772,8 +1772,7 @@ again:
else
free_extent_state(cached_state);
- btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes,
- true);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes);
if (ret) {
btrfs_drop_pages(pages, num_pages);
break;
diff --git a/fs/btrfs/inode-map.c b/fs/btrfs/inode-map.c
index 0141fc08d317e..e1b50c62ba650 100644
--- a/fs/btrfs/inode-map.c
+++ b/fs/btrfs/inode-map.c
@@ -483,13 +483,13 @@ again:
ret = btrfs_prealloc_file_range_trans(inode, trans, 0, 0, prealloc,
prealloc, prealloc, &alloc_hint);
if (ret) {
- btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc, true);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc);
btrfs_delalloc_release_metadata(BTRFS_I(inode), prealloc, true);
goto out_put;
}
ret = btrfs_write_out_ino_cache(root, trans, path, inode);
- btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc, false);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc);
out_put:
iput(inode);
out_release:
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 37332f83a3a96..9aea9381ceeb6 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -2166,7 +2166,7 @@ again:
ClearPageChecked(page);
set_page_dirty(page);
- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, false);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE);
out:
unlock_extent_cached(&BTRFS_I(inode)->io_tree, page_start, page_end,
&cached_state);
@@ -4918,7 +4918,7 @@ again:
if (!page) {
btrfs_delalloc_release_space(inode, data_reserved,
block_start, blocksize, true);
- btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, true);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize);
ret = -ENOMEM;
goto out;
}
@@ -4986,7 +4986,7 @@ out_unlock:
if (ret)
btrfs_delalloc_release_space(inode, data_reserved, block_start,
blocksize, true);
- btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, (ret != 0));
+ btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize);
unlock_page(page);
put_page(page);
out:
@@ -8660,7 +8660,7 @@ static ssize_t btrfs_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
} else if (ret >= 0 && (size_t)ret < count)
btrfs_delalloc_release_space(inode, data_reserved,
offset, count - (size_t)ret, true);
- btrfs_delalloc_release_extents(BTRFS_I(inode), count, false);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), count);
}
out:
if (wakeup)
@@ -9013,7 +9013,7 @@ again:
unlock_extent_cached(io_tree, page_start, page_end, &cached_state);
if (!ret2) {
- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, true);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE);
sb_end_pagefault(inode->i_sb);
extent_changeset_free(data_reserved);
return VM_FAULT_LOCKED;
@@ -9022,7 +9022,7 @@ again:
out_unlock:
unlock_page(page);
out:
- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, (ret != 0));
+ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE);
btrfs_delalloc_release_space(inode, data_reserved, page_start,
reserved_space, (ret != 0));
out_noreserve:
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 0eb333c62fe46..7592beb53fc4e 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1359,8 +1359,7 @@ again:
unlock_page(pages[i]);
put_page(pages[i]);
}
- btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT,
- false);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT);
extent_changeset_free(data_reserved);
return i_done;
out:
@@ -1371,8 +1370,7 @@ out:
btrfs_delalloc_release_space(inode, data_reserved,
start_index << PAGE_SHIFT,
page_cnt << PAGE_SHIFT, true);
- btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT,
- true);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT);
extent_changeset_free(data_reserved);
return ret;
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index bccd9dede2af4..b4958f724ce5f 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -3188,7 +3188,7 @@ static int relocate_file_extent_cluster(struct inode *inode,
btrfs_delalloc_release_metadata(BTRFS_I(inode),
PAGE_SIZE, true);
btrfs_delalloc_release_extents(BTRFS_I(inode),
- PAGE_SIZE, true);
+ PAGE_SIZE);
ret = -ENOMEM;
goto out;
}
@@ -3209,7 +3209,7 @@ static int relocate_file_extent_cluster(struct inode *inode,
btrfs_delalloc_release_metadata(BTRFS_I(inode),
PAGE_SIZE, true);
btrfs_delalloc_release_extents(BTRFS_I(inode),
- PAGE_SIZE, true);
+ PAGE_SIZE);
ret = -EIO;
goto out;
}
@@ -3238,7 +3238,7 @@ static int relocate_file_extent_cluster(struct inode *inode,
btrfs_delalloc_release_metadata(BTRFS_I(inode),
PAGE_SIZE, true);
btrfs_delalloc_release_extents(BTRFS_I(inode),
- PAGE_SIZE, true);
+ PAGE_SIZE);
clear_extent_bits(&BTRFS_I(inode)->io_tree,
page_start, page_end,
@@ -3254,8 +3254,7 @@ static int relocate_file_extent_cluster(struct inode *inode,
put_page(page);
index++;
- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE,
- false);
+ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE);
balance_dirty_pages_ratelimited(inode->i_mapping);
btrfs_throttle(fs_info);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 007/149] btrfs: tracepoints: Fix wrong parameter order for qgroup events
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 006/149] btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 008/149] wil6210: fix freeing of rx buffers in EDMA mode Greg Kroah-Hartman
` (146 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo,
David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit fd2b007eaec898564e269d1f478a2da0380ecf51 ]
[BUG]
For btrfs:qgroup_meta_reserve event, the trace event can output garbage:
qgroup_meta_reserve: 9c7f6acc-b342-4037-bc47-7f6e4d2232d7: refroot=5(FS_TREE) type=DATA diff=2
The diff should always be alinged to sector size (4k), so there is
definitely something wrong.
[CAUSE]
For the wrong @diff, it's caused by wrong parameter order.
The correct parameters are:
struct btrfs_root, s64 diff, int type.
However the parameters used are:
struct btrfs_root, int type, s64 diff.
Fixes: 4ee0d8832c2e ("btrfs: qgroup: Update trace events for metadata reservation")
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/qgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index 3ea2008dcde3e..cdd6d50210004 100644
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -3259,7 +3259,7 @@ int __btrfs_qgroup_reserve_meta(struct btrfs_root *root, int num_bytes,
return 0;
BUG_ON(num_bytes != round_down(num_bytes, fs_info->nodesize));
- trace_qgroup_meta_reserve(root, type, (s64)num_bytes);
+ trace_qgroup_meta_reserve(root, (s64)num_bytes, type);
ret = qgroup_reserve(root, num_bytes, enforce, type);
if (ret < 0)
return ret;
@@ -3306,7 +3306,7 @@ void __btrfs_qgroup_free_meta(struct btrfs_root *root, int num_bytes,
*/
num_bytes = sub_root_meta_rsv(root, num_bytes, type);
BUG_ON(num_bytes != round_down(num_bytes, fs_info->nodesize));
- trace_qgroup_meta_reserve(root, type, -(s64)num_bytes);
+ trace_qgroup_meta_reserve(root, -(s64)num_bytes, type);
btrfs_qgroup_free_refroot(fs_info, root->objectid, num_bytes, type);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 008/149] wil6210: fix freeing of rx buffers in EDMA mode
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 007/149] btrfs: tracepoints: Fix wrong parameter order for qgroup events Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 009/149] f2fs: flush quota blocks after turnning it off Greg Kroah-Hartman
` (145 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ahmad Masri, Maya Erez, Kalle Valo,
Sasha Levin
From: Ahmad Masri <amasri@codeaurora.org>
[ Upstream commit 6470f31927b46846d957628b719dcfda05446664 ]
After being associated with some EDMA rx traffic, upon "down" driver
doesn't free all skbs in the rx ring.
Modify wil_move_all_rx_buff_to_free_list to loop on active list of rx
buffers, unmap the physical memory and free the skb.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wil6210/txrx_edma.c | 44 +++++++-------------
1 file changed, 14 insertions(+), 30 deletions(-)
diff --git a/drivers/net/wireless/ath/wil6210/txrx_edma.c b/drivers/net/wireless/ath/wil6210/txrx_edma.c
index 3e7fc2983cbb3..409a6fa8b6c8f 100644
--- a/drivers/net/wireless/ath/wil6210/txrx_edma.c
+++ b/drivers/net/wireless/ath/wil6210/txrx_edma.c
@@ -234,9 +234,10 @@ static int wil_rx_refill_edma(struct wil6210_priv *wil)
struct wil_ring *ring = &wil->ring_rx;
u32 next_head;
int rc = 0;
- u32 swtail = *ring->edma_rx_swtail.va;
+ ring->swtail = *ring->edma_rx_swtail.va;
- for (; next_head = wil_ring_next_head(ring), (next_head != swtail);
+ for (; next_head = wil_ring_next_head(ring),
+ (next_head != ring->swtail);
ring->swhead = next_head) {
rc = wil_ring_alloc_skb_edma(wil, ring, ring->swhead);
if (unlikely(rc)) {
@@ -264,43 +265,26 @@ static void wil_move_all_rx_buff_to_free_list(struct wil6210_priv *wil,
struct wil_ring *ring)
{
struct device *dev = wil_to_dev(wil);
- u32 next_tail;
- u32 swhead = (ring->swhead + 1) % ring->size;
+ struct list_head *active = &wil->rx_buff_mgmt.active;
dma_addr_t pa;
- u16 dmalen;
- for (; next_tail = wil_ring_next_tail(ring), (next_tail != swhead);
- ring->swtail = next_tail) {
- struct wil_rx_enhanced_desc dd, *d = ⅆ
- struct wil_rx_enhanced_desc *_d =
- (struct wil_rx_enhanced_desc *)
- &ring->va[ring->swtail].rx.enhanced;
- struct sk_buff *skb;
- u16 buff_id;
+ while (!list_empty(active)) {
+ struct wil_rx_buff *rx_buff =
+ list_first_entry(active, struct wil_rx_buff, list);
+ struct sk_buff *skb = rx_buff->skb;
- *d = *_d;
-
- /* Extract the SKB from the rx_buff management array */
- buff_id = __le16_to_cpu(d->mac.buff_id);
- if (buff_id >= wil->rx_buff_mgmt.size) {
- wil_err(wil, "invalid buff_id %d\n", buff_id);
- continue;
- }
- skb = wil->rx_buff_mgmt.buff_arr[buff_id].skb;
- wil->rx_buff_mgmt.buff_arr[buff_id].skb = NULL;
if (unlikely(!skb)) {
- wil_err(wil, "No Rx skb at buff_id %d\n", buff_id);
+ wil_err(wil, "No Rx skb at buff_id %d\n", rx_buff->id);
} else {
- pa = wil_rx_desc_get_addr_edma(&d->dma);
- dmalen = le16_to_cpu(d->dma.length);
- dma_unmap_single(dev, pa, dmalen, DMA_FROM_DEVICE);
-
+ rx_buff->skb = NULL;
+ memcpy(&pa, skb->cb, sizeof(pa));
+ dma_unmap_single(dev, pa, wil->rx_buf_len,
+ DMA_FROM_DEVICE);
kfree_skb(skb);
}
/* Move the buffer from the active to the free list */
- list_move(&wil->rx_buff_mgmt.buff_arr[buff_id].list,
- &wil->rx_buff_mgmt.free);
+ list_move(&rx_buff->list, &wil->rx_buff_mgmt.free);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 009/149] f2fs: flush quota blocks after turnning it off
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 008/149] wil6210: fix freeing of rx buffers in EDMA mode Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 010/149] scsi: lpfc: Fix a duplicate 0711 log message number Greg Kroah-Hartman
` (144 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Jaegeuk Kim <jaegeuk@kernel.org>
[ Upstream commit 0e0667b625cf64243df83171bff61f9d350b9ca5 ]
After quota_off, we'll get some dirty blocks. If put_super don't have a chance
to flush them by checkpoint, it causes NULL pointer exception in end_io after
iput(node_inode). (e.g., by checkpoint=disable)
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/super.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 6851afc3bf805..d9106bbe7df63 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1886,6 +1886,12 @@ void f2fs_quota_off_umount(struct super_block *sb)
set_sbi_flag(F2FS_SB(sb), SBI_NEED_FSCK);
}
}
+ /*
+ * In case of checkpoint=disable, we must flush quota blocks.
+ * This can cause NULL exception for node_inode in end_io, since
+ * put_super already dropped it.
+ */
+ sync_filesystem(sb);
}
static void f2fs_truncate_quota_inode_pages(struct super_block *sb)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 010/149] scsi: lpfc: Fix a duplicate 0711 log message number.
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 009/149] f2fs: flush quota blocks after turnning it off Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 011/149] sc16is7xx: Fix for "Unexpected interrupt: 8" Greg Kroah-Hartman
` (143 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 2c4c91415a05677acc5c8131a5eb472d4aa96ae1 ]
Renumber one of the 0711 log messages so there isn't a duplication.
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index 200b5bca1f5f4..666495f21c246 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -4161,7 +4161,7 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *pIocbIn,
/* If pCmd was set to NULL from abort path, do not call scsi_done */
if (xchg(&lpfc_cmd->pCmd, NULL) == NULL) {
lpfc_printf_vlog(vport, KERN_INFO, LOG_FCP,
- "0711 FCP cmd already NULL, sid: 0x%06x, "
+ "5688 FCP cmd already NULL, sid: 0x%06x, "
"did: 0x%06x, oxid: 0x%04x\n",
vport->fc_myDID,
(pnode) ? pnode->nlp_DID : 0,
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 011/149] sc16is7xx: Fix for "Unexpected interrupt: 8"
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 010/149] scsi: lpfc: Fix a duplicate 0711 log message number Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 012/149] powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() Greg Kroah-Hartman
` (142 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Phil Elwell, Sasha Levin
From: Phil Elwell <phil@raspberrypi.org>
[ Upstream commit 30ec514d440cf2c472c8e4b0079af2c731f71a3e ]
The SC16IS752 has an Enhanced Feature Register which is aliased at the
same address as the Interrupt Identification Register; accessing it
requires that a magic value is written to the Line Configuration
Register. If an interrupt is raised while the EFR is mapped in then
the ISR won't be able to access the IIR, leading to the "Unexpected
interrupt" error messages.
Avoid the problem by claiming a mutex around accesses to the EFR
register, also claiming the mutex in the interrupt handler work
item (this is equivalent to disabling interrupts to interlock against
a non-threaded interrupt handler).
See: https://github.com/raspberrypi/linux/issues/2529
Signed-off-by: Phil Elwell <phil@raspberrypi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sc16is7xx.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c
index 372cc7ff228fc..ebea4a9d8e694 100644
--- a/drivers/tty/serial/sc16is7xx.c
+++ b/drivers/tty/serial/sc16is7xx.c
@@ -328,6 +328,7 @@ struct sc16is7xx_port {
struct kthread_worker kworker;
struct task_struct *kworker_task;
struct kthread_work irq_work;
+ struct mutex efr_lock;
struct sc16is7xx_one p[0];
};
@@ -499,6 +500,21 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud)
div /= 4;
}
+ /* In an amazing feat of design, the Enhanced Features Register shares
+ * the address of the Interrupt Identification Register, and is
+ * switched in by writing a magic value (0xbf) to the Line Control
+ * Register. Any interrupt firing during this time will see the EFR
+ * where it expects the IIR to be, leading to "Unexpected interrupt"
+ * messages.
+ *
+ * Prevent this possibility by claiming a mutex while accessing the
+ * EFR, and claiming the same mutex from within the interrupt handler.
+ * This is similar to disabling the interrupt, but that doesn't work
+ * because the bulk of the interrupt processing is run as a workqueue
+ * job in thread context.
+ */
+ mutex_lock(&s->efr_lock);
+
lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG);
/* Open the LCR divisors for configuration */
@@ -514,6 +530,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud)
/* Put LCR back to the normal mode */
sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr);
+ mutex_unlock(&s->efr_lock);
+
sc16is7xx_port_update(port, SC16IS7XX_MCR_REG,
SC16IS7XX_MCR_CLKSEL_BIT,
prescaler);
@@ -696,6 +714,8 @@ static void sc16is7xx_ist(struct kthread_work *ws)
{
struct sc16is7xx_port *s = to_sc16is7xx_port(ws, irq_work);
+ mutex_lock(&s->efr_lock);
+
while (1) {
bool keep_polling = false;
int i;
@@ -705,6 +725,8 @@ static void sc16is7xx_ist(struct kthread_work *ws)
if (!keep_polling)
break;
}
+
+ mutex_unlock(&s->efr_lock);
}
static irqreturn_t sc16is7xx_irq(int irq, void *dev_id)
@@ -899,6 +921,9 @@ static void sc16is7xx_set_termios(struct uart_port *port,
if (!(termios->c_cflag & CREAD))
port->ignore_status_mask |= SC16IS7XX_LSR_BRK_ERROR_MASK;
+ /* As above, claim the mutex while accessing the EFR. */
+ mutex_lock(&s->efr_lock);
+
sc16is7xx_port_write(port, SC16IS7XX_LCR_REG,
SC16IS7XX_LCR_CONF_MODE_B);
@@ -920,6 +945,8 @@ static void sc16is7xx_set_termios(struct uart_port *port,
/* Update LCR register */
sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr);
+ mutex_unlock(&s->efr_lock);
+
/* Get baud rate generator configuration */
baud = uart_get_baud_rate(port, termios, old,
port->uartclk / 16 / 4 / 0xffff,
@@ -1185,6 +1212,7 @@ static int sc16is7xx_probe(struct device *dev,
s->regmap = regmap;
s->devtype = devtype;
dev_set_drvdata(dev, s);
+ mutex_init(&s->efr_lock);
kthread_init_worker(&s->kworker);
kthread_init_work(&s->irq_work, sc16is7xx_ist);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 012/149] powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 011/149] sc16is7xx: Fix for "Unexpected interrupt: 8" Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 013/149] f2fs: fix to recover inodes i_gc_failures during POR Greg Kroah-Hartman
` (141 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Hildenbrand, Pavel Tatashin,
Rashmica Gupta, Balbir Singh, Benjamin Herrenschmidt,
Paul Mackerras, Michael Ellerman, Michael Neuling,
Boris Ostrovsky, Dan Williams, Haiyang Zhang, Heiko Carstens,
John Allen, Jonathan Corbet, Joonsoo Kim, Juergen Gross,
Kate Stewart, K. Y. Srinivasan, Len Brown, Martin Schwidefsky,
Mathieu Malaterre, Michal Hocko, Nathan Fontenot, Oscar Salvador,
Philippe Ombredanne, Rafael J. Wysocki, Rafael J. Wysocki,
Stephen Hemminger, Thomas Gleixner, Vlastimil Babka,
YASUAKI ISHIMATSU, Andrew Morton, Linus Torvalds, Sasha Levin
From: David Hildenbrand <david@redhat.com>
[ Upstream commit 5666848774ef43d3db5151ec518f1deb63515c20 ]
Let's perform all checking + offlining + removing under
device_hotplug_lock, so nobody can mess with these devices via sysfs
concurrently.
[david@redhat.com: take device_hotplug_lock outside of loop]
Link: http://lkml.kernel.org/r/20180927092554.13567-6-david@redhat.com
Link: http://lkml.kernel.org/r/20180925091457.28651-6-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Pavel Tatashin <pavel.tatashin@microsoft.com>
Reviewed-by: Rashmica Gupta <rashmica.g@gmail.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Rashmica Gupta <rashmica.g@gmail.com>
Cc: Michael Neuling <mikey@neuling.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: John Allen <jallen@linux.vnet.ibm.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Len Brown <lenb@kernel.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Mathieu Malaterre <malat@debian.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: YASUAKI ISHIMATSU <yasu.isimatu@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/memtrace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/powernv/memtrace.c b/arch/powerpc/platforms/powernv/memtrace.c
index a29fdf8a2e56e..232bf5987f91d 100644
--- a/arch/powerpc/platforms/powernv/memtrace.c
+++ b/arch/powerpc/platforms/powernv/memtrace.c
@@ -70,6 +70,7 @@ static int change_memblock_state(struct memory_block *mem, void *arg)
return 0;
}
+/* called with device_hotplug_lock held */
static bool memtrace_offline_pages(u32 nid, u64 start_pfn, u64 nr_pages)
{
u64 end_pfn = start_pfn + nr_pages - 1;
@@ -110,6 +111,7 @@ static u64 memtrace_alloc_node(u32 nid, u64 size)
/* Trace memory needs to be aligned to the size */
end_pfn = round_down(end_pfn - nr_pages, nr_pages);
+ lock_device_hotplug();
for (base_pfn = end_pfn; base_pfn > start_pfn; base_pfn -= nr_pages) {
if (memtrace_offline_pages(nid, base_pfn, nr_pages) == true) {
/*
@@ -118,7 +120,6 @@ static u64 memtrace_alloc_node(u32 nid, u64 size)
* we never try to remove memory that spans two iomem
* resources.
*/
- lock_device_hotplug();
end_pfn = base_pfn + nr_pages;
for (pfn = base_pfn; pfn < end_pfn; pfn += bytes>> PAGE_SHIFT) {
remove_memory(nid, pfn << PAGE_SHIFT, bytes);
@@ -127,6 +128,7 @@ static u64 memtrace_alloc_node(u32 nid, u64 size)
return base_pfn << PAGE_SHIFT;
}
}
+ unlock_device_hotplug();
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 013/149] f2fs: fix to recover inodes i_gc_failures during POR
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 012/149] powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 014/149] f2fs: fix to recover inode->i_flags of inode block " Greg Kroah-Hartman
` (140 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 7de36cf3e4087207f42a88992f8cb615a1bd902e ]
inode.i_gc_failures is used to indicate that skip count of migrating
on blocks of inode, we should guarantee it can be recovered in sudden
power-off case.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/recovery.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c
index 0b224f4a4a656..281ba46b5b359 100644
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -226,6 +226,8 @@ static void recover_inode(struct inode *inode, struct page *page)
F2FS_I(inode)->i_advise = raw->i_advise;
F2FS_I(inode)->i_flags = le32_to_cpu(raw->i_flags);
+ F2FS_I(inode)->i_gc_failures[GC_FAILURE_PIN] =
+ le16_to_cpu(raw->i_gc_failures);
recover_inline_flags(inode, raw);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 014/149] f2fs: fix to recover inode->i_flags of inode block during POR
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 013/149] f2fs: fix to recover inodes i_gc_failures during POR Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 015/149] HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override Greg Kroah-Hartman
` (139 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 0c093b590efb5c1ccdc835868dc2ae94bd2e14dc ]
Testcase to reproduce this bug:
1. mkfs.f2fs /dev/sdd
2. mount -t f2fs /dev/sdd /mnt/f2fs
3. touch /mnt/f2fs/file
4. sync
5. chattr +a /mnt/f2fs/file
6. xfs_io -a /mnt/f2fs/file -c "fsync"
7. godown /mnt/f2fs
8. umount /mnt/f2fs
9. mount -t f2fs /dev/sdd /mnt/f2fs
10. xfs_io /mnt/f2fs/file
There is no error when opening this file w/o O_APPEND, but actually,
we expect the correct result should be:
/mnt/f2fs/file: Operation not permitted
The root cause is, in recover_inode(), we recover inode->i_flags more
than F2FS_I(inode)->i_flags, so fix it.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/recovery.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c
index 281ba46b5b359..2c3be4c3c626f 100644
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -226,6 +226,7 @@ static void recover_inode(struct inode *inode, struct page *page)
F2FS_I(inode)->i_advise = raw->i_advise;
F2FS_I(inode)->i_flags = le32_to_cpu(raw->i_flags);
+ f2fs_set_inode_flags(inode);
F2FS_I(inode)->i_gc_failures[GC_FAILURE_PIN] =
le16_to_cpu(raw->i_gc_failures);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 015/149] HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 014/149] f2fs: fix to recover inode->i_flags of inode block " Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 016/149] usb: dwc2: fix unbalanced use of external vbus-supply Greg Kroah-Hartman
` (138 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tim Aldridge, Julian Sax,
Jiri Kosina, Sasha Levin
From: Julian Sax <jsbc@gmx.de>
[ Upstream commit 399474e4c1100bca264ed14fa3ad0d68fab484d8 ]
This device uses the SIPODEV SP1064 touchpad, which does not
supply descriptors, so it has to be added to the override list.
Reported-by: Tim Aldridge <taldridge@mac.com>
Signed-off-by: Julian Sax <jsbc@gmx.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
index cac262a912c12..89f2976f9c534 100644
--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
@@ -330,6 +330,14 @@ static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = {
},
.driver_data = (void *)&sipodev_desc
},
+ {
+ .ident = "Direkt-Tek DTLAPY133-1",
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Direkt-Tek"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "DTLAPY133-1"),
+ },
+ .driver_data = (void *)&sipodev_desc
+ },
{
.ident = "Mediacom Flexbook Edge 11",
.matches = {
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 016/149] usb: dwc2: fix unbalanced use of external vbus-supply
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 015/149] HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 017/149] tools/power turbostat: fix goldmont C-state limit decoding Greg Kroah-Hartman
` (137 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artur Petrosyan, Minas Harutyunyan,
Fabrice Gasnier, Amelie Delaunay, Felipe Balbi, Sasha Levin
From: Fabrice Gasnier <fabrice.gasnier@st.com>
[ Upstream commit cd7cd0e6cedfda8da6668a4af6748f96bbb6fed4 ]
When using external vbus supply regulator, it should be enabled
synchronously with PWR bit in HPRT register. This also fixes
unbalanced use of this optional regulator (This can be reproduced
easily when unbinding the driver).
Fixes: 531ef5ebea96 ("usb: dwc2: add support for host mode external
vbus supply")
Tested-by: Artur Petrosyan <arturp@synopsys.com>
Acked-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc2/hcd.c | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
index aad7edc29bddd..a5c8329fd4625 100644
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -3568,6 +3568,7 @@ static int dwc2_hcd_hub_control(struct dwc2_hsotg *hsotg, u16 typereq,
u32 port_status;
u32 speed;
u32 pcgctl;
+ u32 pwr;
switch (typereq) {
case ClearHubFeature:
@@ -3616,8 +3617,11 @@ static int dwc2_hcd_hub_control(struct dwc2_hsotg *hsotg, u16 typereq,
dev_dbg(hsotg->dev,
"ClearPortFeature USB_PORT_FEAT_POWER\n");
hprt0 = dwc2_read_hprt0(hsotg);
+ pwr = hprt0 & HPRT0_PWR;
hprt0 &= ~HPRT0_PWR;
dwc2_writel(hsotg, hprt0, HPRT0);
+ if (pwr)
+ dwc2_vbus_supply_exit(hsotg);
break;
case USB_PORT_FEAT_INDICATOR:
@@ -3827,8 +3831,11 @@ static int dwc2_hcd_hub_control(struct dwc2_hsotg *hsotg, u16 typereq,
dev_dbg(hsotg->dev,
"SetPortFeature - USB_PORT_FEAT_POWER\n");
hprt0 = dwc2_read_hprt0(hsotg);
+ pwr = hprt0 & HPRT0_PWR;
hprt0 |= HPRT0_PWR;
dwc2_writel(hsotg, hprt0, HPRT0);
+ if (!pwr)
+ dwc2_vbus_supply_init(hsotg);
break;
case USB_PORT_FEAT_RESET:
@@ -3845,6 +3852,7 @@ static int dwc2_hcd_hub_control(struct dwc2_hsotg *hsotg, u16 typereq,
dwc2_writel(hsotg, 0, PCGCTL);
hprt0 = dwc2_read_hprt0(hsotg);
+ pwr = hprt0 & HPRT0_PWR;
/* Clear suspend bit if resetting from suspend state */
hprt0 &= ~HPRT0_SUSP;
@@ -3858,6 +3866,8 @@ static int dwc2_hcd_hub_control(struct dwc2_hsotg *hsotg, u16 typereq,
dev_dbg(hsotg->dev,
"In host mode, hprt0=%08x\n", hprt0);
dwc2_writel(hsotg, hprt0, HPRT0);
+ if (!pwr)
+ dwc2_vbus_supply_init(hsotg);
}
/* Clear reset bit in 10ms (FS/LS) or 50ms (HS) */
@@ -4400,6 +4410,7 @@ static int _dwc2_hcd_start(struct usb_hcd *hcd)
struct dwc2_hsotg *hsotg = dwc2_hcd_to_hsotg(hcd);
struct usb_bus *bus = hcd_to_bus(hcd);
unsigned long flags;
+ u32 hprt0;
int ret;
dev_dbg(hsotg->dev, "DWC OTG HCD START\n");
@@ -4416,12 +4427,16 @@ static int _dwc2_hcd_start(struct usb_hcd *hcd)
dwc2_hcd_reinit(hsotg);
- /* enable external vbus supply before resuming root hub */
- spin_unlock_irqrestore(&hsotg->lock, flags);
- ret = dwc2_vbus_supply_init(hsotg);
- if (ret)
- return ret;
- spin_lock_irqsave(&hsotg->lock, flags);
+ hprt0 = dwc2_read_hprt0(hsotg);
+ /* Has vbus power been turned on in dwc2_core_host_init ? */
+ if (hprt0 & HPRT0_PWR) {
+ /* Enable external vbus supply before resuming root hub */
+ spin_unlock_irqrestore(&hsotg->lock, flags);
+ ret = dwc2_vbus_supply_init(hsotg);
+ if (ret)
+ return ret;
+ spin_lock_irqsave(&hsotg->lock, flags);
+ }
/* Initialize and connect root hub if one is not already attached */
if (bus->root_hub) {
@@ -4443,6 +4458,7 @@ static void _dwc2_hcd_stop(struct usb_hcd *hcd)
{
struct dwc2_hsotg *hsotg = dwc2_hcd_to_hsotg(hcd);
unsigned long flags;
+ u32 hprt0;
/* Turn off all host-specific interrupts */
dwc2_disable_host_interrupts(hsotg);
@@ -4451,6 +4467,7 @@ static void _dwc2_hcd_stop(struct usb_hcd *hcd)
synchronize_irq(hcd->irq);
spin_lock_irqsave(&hsotg->lock, flags);
+ hprt0 = dwc2_read_hprt0(hsotg);
/* Ensure hcd is disconnected */
dwc2_hcd_disconnect(hsotg, true);
dwc2_hcd_stop(hsotg);
@@ -4459,7 +4476,9 @@ static void _dwc2_hcd_stop(struct usb_hcd *hcd)
clear_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags);
spin_unlock_irqrestore(&hsotg->lock, flags);
- dwc2_vbus_supply_exit(hsotg);
+ /* keep balanced supply init/exit by checking HPRT0_PWR */
+ if (hprt0 & HPRT0_PWR)
+ dwc2_vbus_supply_exit(hsotg);
usleep_range(1000, 3000);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 017/149] tools/power turbostat: fix goldmont C-state limit decoding
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 016/149] usb: dwc2: fix unbalanced use of external vbus-supply Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 018/149] x86/cpu: Add Atom Tremont (Jacobsville) Greg Kroah-Hartman
` (136 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Len Brown, Sasha Levin
From: Len Brown <len.brown@intel.com>
[ Upstream commit 445640a563493f28d15f47e151e671281101e7dc ]
When the C-state limit is 8 on Goldmont, PC10 is enabled.
Previously turbostat saw this as "undefined", and thus assumed
it should not show some counters, such as pc3, pc6, pc7.
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index 71cf7e77291ad..823bbc741ad7a 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -1953,11 +1953,12 @@ done:
#define PCL_7S 11 /* PC7 Shrink */
#define PCL__8 12 /* PC8 */
#define PCL__9 13 /* PC9 */
-#define PCLUNL 14 /* Unlimited */
+#define PCL_10 14 /* PC10 */
+#define PCLUNL 15 /* Unlimited */
int pkg_cstate_limit = PCLUKN;
char *pkg_cstate_limit_strings[] = { "reserved", "unknown", "pc0", "pc1", "pc2",
- "pc3", "pc4", "pc6", "pc6n", "pc6r", "pc7", "pc7s", "pc8", "pc9", "unlimited"};
+ "pc3", "pc4", "pc6", "pc6n", "pc6r", "pc7", "pc7s", "pc8", "pc9", "pc10", "unlimited"};
int nhm_pkg_cstate_limits[16] = {PCL__0, PCL__1, PCL__3, PCL__6, PCL__7, PCLRSV, PCLRSV, PCLUNL, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
int snb_pkg_cstate_limits[16] = {PCL__0, PCL__2, PCL_6N, PCL_6R, PCL__7, PCL_7S, PCLRSV, PCLUNL, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
@@ -1965,7 +1966,7 @@ int hsw_pkg_cstate_limits[16] = {PCL__0, PCL__2, PCL__3, PCL__6, PCL__7, PCL_7S,
int slv_pkg_cstate_limits[16] = {PCL__0, PCL__1, PCLRSV, PCLRSV, PCL__4, PCLRSV, PCL__6, PCL__7, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCL__6, PCL__7};
int amt_pkg_cstate_limits[16] = {PCLUNL, PCL__1, PCL__2, PCLRSV, PCLRSV, PCLRSV, PCL__6, PCL__7, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
int phi_pkg_cstate_limits[16] = {PCL__0, PCL__2, PCL_6N, PCL_6R, PCLRSV, PCLRSV, PCLRSV, PCLUNL, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
-int bxt_pkg_cstate_limits[16] = {PCL__0, PCL__2, PCLUNL, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
+int glm_pkg_cstate_limits[16] = {PCLUNL, PCL__1, PCL__3, PCL__6, PCL__7, PCL_7S, PCL__8, PCL__9, PCL_10, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
int skx_pkg_cstate_limits[16] = {PCL__0, PCL__2, PCL_6N, PCL_6R, PCLRSV, PCLRSV, PCLRSV, PCLUNL, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV, PCLRSV};
@@ -3165,7 +3166,7 @@ int probe_nhm_msrs(unsigned int family, unsigned int model)
case INTEL_FAM6_ATOM_GOLDMONT: /* BXT */
case INTEL_FAM6_ATOM_GOLDMONT_PLUS:
case INTEL_FAM6_ATOM_GOLDMONT_X: /* DNV */
- pkg_cstate_limits = bxt_pkg_cstate_limits;
+ pkg_cstate_limits = glm_pkg_cstate_limits;
break;
default:
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 018/149] x86/cpu: Add Atom Tremont (Jacobsville)
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 017/149] tools/power turbostat: fix goldmont C-state limit decoding Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 019/149] drm/msm/dpu: handle failures while initializing displays Greg Kroah-Hartman
` (135 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Qiuxu Zhuo, Tony Luck,
Borislav Petkov, Andy Shevchenko, Aristeu Rozanski,
H. Peter Anvin, Ingo Molnar, linux-edac, Mauro Carvalho Chehab,
Megha Dey, Peter Zijlstra, Rajneesh Bhardwaj, Thomas Gleixner,
x86-ml, Sasha Levin
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit 00ae831dfe4474ef6029558f5eb3ef0332d80043 ]
Add the Atom Tremont model number to the Intel family list.
[ Tony: Also update comment at head of file to say "_X" suffix is
also used for microserver parts. ]
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Aristeu Rozanski <aris@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: Megha Dey <megha.dey@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Cc: Rajneesh Bhardwaj <rajneesh.bhardwaj@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190125195902.17109-4-tony.luck@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/intel-family.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
index 5d0b72f281402..82a57d344b9bc 100644
--- a/arch/x86/include/asm/intel-family.h
+++ b/arch/x86/include/asm/intel-family.h
@@ -6,7 +6,7 @@
* "Big Core" Processors (Branded as Core, Xeon, etc...)
*
* The "_X" parts are generally the EP and EX Xeons, or the
- * "Extreme" ones, like Broadwell-E.
+ * "Extreme" ones, like Broadwell-E, or Atom microserver.
*
* While adding a new CPUID for a new microarchitecture, add a new
* group to keep logically sorted out in chronological order. Within
@@ -80,6 +80,7 @@
#define INTEL_FAM6_ATOM_GOLDMONT 0x5C /* Apollo Lake */
#define INTEL_FAM6_ATOM_GOLDMONT_X 0x5F /* Denverton */
#define INTEL_FAM6_ATOM_GOLDMONT_PLUS 0x7A /* Gemini Lake */
+#define INTEL_FAM6_ATOM_TREMONT_X 0x86 /* Jacobsville */
/* Xeon Phi */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 019/149] drm/msm/dpu: handle failures while initializing displays
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 018/149] x86/cpu: Add Atom Tremont (Jacobsville) Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 020/149] bcache: fix input overflow to writeback_rate_minimum Greg Kroah-Hartman
` (134 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeykumar Sankaran, Sean Paul, Sasha Levin
From: Jeykumar Sankaran <jsanka@codeaurora.org>
[ Upstream commit a802ee99c448ca0496fa307f3e46b834ae2a46a3 ]
Bail out KMS hw init on display initialization failures with
proper error logging.
changes in v3:
- introduced in the series
changes in v4:
- avoid duplicate return on errors (Sean Paul)
- avoid spamming errors on failures (Jordon Crouse)
Signed-off-by: Jeykumar Sankaran <jsanka@codeaurora.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 31 ++++++++++++++-----------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 74cc204b07e80..2d9b7b5fb49c8 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -442,35 +442,38 @@ static void dpu_kms_wait_for_commit_done(struct msm_kms *kms,
}
}
-static void _dpu_kms_initialize_dsi(struct drm_device *dev,
+static int _dpu_kms_initialize_dsi(struct drm_device *dev,
struct msm_drm_private *priv,
struct dpu_kms *dpu_kms)
{
struct drm_encoder *encoder = NULL;
- int i, rc;
+ int i, rc = 0;
+
+ if (!(priv->dsi[0] || priv->dsi[1]))
+ return rc;
/*TODO: Support two independent DSI connectors */
encoder = dpu_encoder_init(dev, DRM_MODE_ENCODER_DSI);
- if (IS_ERR_OR_NULL(encoder)) {
+ if (IS_ERR(encoder)) {
DPU_ERROR("encoder init failed for dsi display\n");
- return;
+ return PTR_ERR(encoder);
}
priv->encoders[priv->num_encoders++] = encoder;
for (i = 0; i < ARRAY_SIZE(priv->dsi); i++) {
- if (!priv->dsi[i]) {
- DPU_DEBUG("invalid msm_dsi for ctrl %d\n", i);
- return;
- }
+ if (!priv->dsi[i])
+ continue;
rc = msm_dsi_modeset_init(priv->dsi[i], dev, encoder);
if (rc) {
DPU_ERROR("modeset_init failed for dsi[%d], rc = %d\n",
i, rc);
- continue;
+ break;
}
}
+
+ return rc;
}
/**
@@ -481,16 +484,16 @@ static void _dpu_kms_initialize_dsi(struct drm_device *dev,
* @dpu_kms: Pointer to dpu kms structure
* Returns: Zero on success
*/
-static void _dpu_kms_setup_displays(struct drm_device *dev,
+static int _dpu_kms_setup_displays(struct drm_device *dev,
struct msm_drm_private *priv,
struct dpu_kms *dpu_kms)
{
- _dpu_kms_initialize_dsi(dev, priv, dpu_kms);
-
/**
* Extend this function to initialize other
* types of displays
*/
+
+ return _dpu_kms_initialize_dsi(dev, priv, dpu_kms);
}
static void _dpu_kms_drm_obj_destroy(struct dpu_kms *dpu_kms)
@@ -552,7 +555,9 @@ static int _dpu_kms_drm_obj_init(struct dpu_kms *dpu_kms)
* Create encoder and query display drivers to create
* bridges and connectors
*/
- _dpu_kms_setup_displays(dev, priv, dpu_kms);
+ ret = _dpu_kms_setup_displays(dev, priv, dpu_kms);
+ if (ret)
+ goto fail;
max_crtc_count = min(catalog->mixer_count, priv->num_encoders);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 020/149] bcache: fix input overflow to writeback_rate_minimum
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 019/149] drm/msm/dpu: handle failures while initializing displays Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 021/149] PCI: Fix Switchtec DMA aliasing quirk dmesg noise Greg Kroah-Hartman
` (133 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe, Sasha Levin
From: Coly Li <colyli@suse.de>
[ Upstream commit dab71b2db98dcdd4657d151b01a7be88ce10f9d1 ]
dc->writeback_rate_minimum is type unsigned integer variable, it is set
via sysfs interface, and converte from input string to unsigned integer
by d_strtoul_nonzero(). When the converted input value is larger than
UINT_MAX, overflow to unsigned integer happens.
This patch fixes the overflow by using sysfs_strotoul_clamp() to
convert input string and limit the value in range [1, UINT_MAX], then
the overflow can be avoided.
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/sysfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
index 5bb81e564ce88..3e8d1f1b562f8 100644
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -289,7 +289,9 @@ STORE(__cached_dev)
sysfs_strtoul_clamp(writeback_rate_p_term_inverse,
dc->writeback_rate_p_term_inverse,
1, UINT_MAX);
- d_strtoul_nonzero(writeback_rate_minimum);
+ sysfs_strtoul_clamp(writeback_rate_minimum,
+ dc->writeback_rate_minimum,
+ 1, UINT_MAX);
sysfs_strtoul_clamp(io_error_limit, dc->error_limit, 0, INT_MAX);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 021/149] PCI: Fix Switchtec DMA aliasing quirk dmesg noise
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 020/149] bcache: fix input overflow to writeback_rate_minimum Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 022/149] Btrfs: fix deadlock on tree root leaf when finding free extent Greg Kroah-Hartman
` (132 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Bates, Logan Gunthorpe,
Bjorn Helgaas, Doug Meyer, Kurt Schwemmer, Sasha Levin
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit 742bbe1ee35b5699c092541f97c7cec326556bb1 ]
Currently the Switchtec quirk runs on all endpoints in the switch,
including all the upstream and downstream ports. These other functions do
not contain BARs, so the quirk fails when trying to map the BAR and prints
the error "Cannot iomap Switchtec device". The user will see a few of
these useless and scary errors, one for each port in the switch.
At most, the quirk should only run on either a management endpoint
(PCI_CLASS_MEMORY_OTHER) or an NTB endpoint (PCI_CLASS_BRIDGE_OTHER).
However, the quirk is useless except in NTB applications, so we will
only run it when the class is PCI_CLASS_BRIDGE_OTHER.
Switch to using DECLARE_PCI_FIXUP_CLASS_FINAL and only match
PCI_CLASS_BRIDGE_OTHER.
Reported-by: Stephen Bates <sbates@raithlin.com>
Fixes: ad281ecf1c7d ("PCI: Add DMA alias quirk for Microsemi Switchtec NTB")
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
[bhelgaas: split SWITCHTEC_QUIRK() introduction to separate patch]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Doug Meyer <dmeyer@gigaio.com>
Cc: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 06be52912dcdb..64933994f7722 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -5083,8 +5083,8 @@ static void quirk_switchtec_ntb_dma_alias(struct pci_dev *pdev)
pci_disable_device(pdev);
}
#define SWITCHTEC_QUIRK(vid) \
- DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_MICROSEMI, vid, \
- quirk_switchtec_ntb_dma_alias)
+ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_MICROSEMI, vid, \
+ PCI_CLASS_BRIDGE_OTHER, 8, quirk_switchtec_ntb_dma_alias)
SWITCHTEC_QUIRK(0x8531); /* PFX 24xG3 */
SWITCHTEC_QUIRK(0x8532); /* PFX 32xG3 */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 022/149] Btrfs: fix deadlock on tree root leaf when finding free extent
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 021/149] PCI: Fix Switchtec DMA aliasing quirk dmesg noise Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 023/149] netfilter: ipset: Make invalid MAC address checks consistent Greg Kroah-Hartman
` (131 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Nelson, Josef Bacik,
Filipe Manana, David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit 4222ea7100c0e37adace2790c8822758bbeee179 ]
When we are writing out a free space cache, during the transaction commit
phase, we can end up in a deadlock which results in a stack trace like the
following:
schedule+0x28/0x80
btrfs_tree_read_lock+0x8e/0x120 [btrfs]
? finish_wait+0x80/0x80
btrfs_read_lock_root_node+0x2f/0x40 [btrfs]
btrfs_search_slot+0xf6/0x9f0 [btrfs]
? evict_refill_and_join+0xd0/0xd0 [btrfs]
? inode_insert5+0x119/0x190
btrfs_lookup_inode+0x3a/0xc0 [btrfs]
? kmem_cache_alloc+0x166/0x1d0
btrfs_iget+0x113/0x690 [btrfs]
__lookup_free_space_inode+0xd8/0x150 [btrfs]
lookup_free_space_inode+0x5b/0xb0 [btrfs]
load_free_space_cache+0x7c/0x170 [btrfs]
? cache_block_group+0x72/0x3b0 [btrfs]
cache_block_group+0x1b3/0x3b0 [btrfs]
? finish_wait+0x80/0x80
find_free_extent+0x799/0x1010 [btrfs]
btrfs_reserve_extent+0x9b/0x180 [btrfs]
btrfs_alloc_tree_block+0x1b3/0x4f0 [btrfs]
__btrfs_cow_block+0x11d/0x500 [btrfs]
btrfs_cow_block+0xdc/0x180 [btrfs]
btrfs_search_slot+0x3bd/0x9f0 [btrfs]
btrfs_lookup_inode+0x3a/0xc0 [btrfs]
? kmem_cache_alloc+0x166/0x1d0
btrfs_update_inode_item+0x46/0x100 [btrfs]
cache_save_setup+0xe4/0x3a0 [btrfs]
btrfs_start_dirty_block_groups+0x1be/0x480 [btrfs]
btrfs_commit_transaction+0xcb/0x8b0 [btrfs]
At cache_save_setup() we need to update the inode item of a block group's
cache which is located in the tree root (fs_info->tree_root), which means
that it may result in COWing a leaf from that tree. If that happens we
need to find a free metadata extent and while looking for one, if we find
a block group which was not cached yet we attempt to load its cache by
calling cache_block_group(). However this function will try to load the
inode of the free space cache, which requires finding the matching inode
item in the tree root - if that inode item is located in the same leaf as
the inode item of the space cache we are updating at cache_save_setup(),
we end up in a deadlock, since we try to obtain a read lock on the same
extent buffer that we previously write locked.
So fix this by using the tree root's commit root when searching for a
block group's free space cache inode item when we are attempting to load
a free space cache. This is safe since block groups once loaded stay in
memory forever, as well as their caches, so after they are first loaded
we will never need to read their inode items again. For new block groups,
once they are created they get their ->cached field set to
BTRFS_CACHE_FINISHED meaning we will not need to read their inode item.
Reported-by: Andrew Nelson <andrew.s.nelson@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CAPTELenq9x5KOWuQ+fa7h1r3nsJG8vyiTH8+ifjURc_duHh2Wg@mail.gmail.com/
Fixes: 9d66e233c704 ("Btrfs: load free space cache if it exists")
Tested-by: Andrew Nelson <andrew.s.nelson@gmail.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ctree.h | 3 +++
fs/btrfs/free-space-cache.c | 22 +++++++++++++++++++++-
fs/btrfs/inode.c | 32 ++++++++++++++++++++++----------
3 files changed, 46 insertions(+), 11 deletions(-)
diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index ef7a352d72ed8..cc2d268e2cd7a 100644
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -3177,6 +3177,9 @@ void btrfs_destroy_inode(struct inode *inode);
int btrfs_drop_inode(struct inode *inode);
int __init btrfs_init_cachep(void);
void __cold btrfs_destroy_cachep(void);
+struct inode *btrfs_iget_path(struct super_block *s, struct btrfs_key *location,
+ struct btrfs_root *root, int *new,
+ struct btrfs_path *path);
struct inode *btrfs_iget(struct super_block *s, struct btrfs_key *location,
struct btrfs_root *root, int *was_new);
struct extent_map *btrfs_get_extent(struct btrfs_inode *inode,
diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
index 4381e0aba8c01..ec01bd38d675c 100644
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -75,7 +75,8 @@ static struct inode *__lookup_free_space_inode(struct btrfs_root *root,
* sure NOFS is set to keep us from deadlocking.
*/
nofs_flag = memalloc_nofs_save();
- inode = btrfs_iget(fs_info->sb, &location, root, NULL);
+ inode = btrfs_iget_path(fs_info->sb, &location, root, NULL, path);
+ btrfs_release_path(path);
memalloc_nofs_restore(nofs_flag);
if (IS_ERR(inode))
return inode;
@@ -839,6 +840,25 @@ int load_free_space_cache(struct btrfs_fs_info *fs_info,
path->search_commit_root = 1;
path->skip_locking = 1;
+ /*
+ * We must pass a path with search_commit_root set to btrfs_iget in
+ * order to avoid a deadlock when allocating extents for the tree root.
+ *
+ * When we are COWing an extent buffer from the tree root, when looking
+ * for a free extent, at extent-tree.c:find_free_extent(), we can find
+ * block group without its free space cache loaded. When we find one
+ * we must load its space cache which requires reading its free space
+ * cache's inode item from the root tree. If this inode item is located
+ * in the same leaf that we started COWing before, then we end up in
+ * deadlock on the extent buffer (trying to read lock it when we
+ * previously write locked it).
+ *
+ * It's safe to read the inode item using the commit root because
+ * block groups, once loaded, stay in memory forever (until they are
+ * removed) as well as their space caches once loaded. New block groups
+ * once created get their ->cached field set to BTRFS_CACHE_FINISHED so
+ * we will never try to read their inode item while the fs is mounted.
+ */
inode = lookup_free_space_inode(fs_info, block_group, path);
if (IS_ERR(inode)) {
btrfs_free_path(path);
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 9aea9381ceeb6..f0f7bc5d2e4a0 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3607,10 +3607,11 @@ static noinline int acls_after_inode_item(struct extent_buffer *leaf,
/*
* read an inode from the btree into the in-memory inode
*/
-static int btrfs_read_locked_inode(struct inode *inode)
+static int btrfs_read_locked_inode(struct inode *inode,
+ struct btrfs_path *in_path)
{
struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
- struct btrfs_path *path;
+ struct btrfs_path *path = in_path;
struct extent_buffer *leaf;
struct btrfs_inode_item *inode_item;
struct btrfs_root *root = BTRFS_I(inode)->root;
@@ -3626,15 +3627,18 @@ static int btrfs_read_locked_inode(struct inode *inode)
if (!ret)
filled = true;
- path = btrfs_alloc_path();
- if (!path)
- return -ENOMEM;
+ if (!path) {
+ path = btrfs_alloc_path();
+ if (!path)
+ return -ENOMEM;
+ }
memcpy(&location, &BTRFS_I(inode)->location, sizeof(location));
ret = btrfs_lookup_inode(NULL, root, path, &location, 0);
if (ret) {
- btrfs_free_path(path);
+ if (path != in_path)
+ btrfs_free_path(path);
return ret;
}
@@ -3774,7 +3778,8 @@ cache_acl:
btrfs_ino(BTRFS_I(inode)),
root->root_key.objectid, ret);
}
- btrfs_free_path(path);
+ if (path != in_path)
+ btrfs_free_path(path);
if (!maybe_acls)
cache_no_acl(inode);
@@ -5716,8 +5721,9 @@ static struct inode *btrfs_iget_locked(struct super_block *s,
/* Get an inode object given its location and corresponding root.
* Returns in *is_new if the inode was read from disk
*/
-struct inode *btrfs_iget(struct super_block *s, struct btrfs_key *location,
- struct btrfs_root *root, int *new)
+struct inode *btrfs_iget_path(struct super_block *s, struct btrfs_key *location,
+ struct btrfs_root *root, int *new,
+ struct btrfs_path *path)
{
struct inode *inode;
@@ -5728,7 +5734,7 @@ struct inode *btrfs_iget(struct super_block *s, struct btrfs_key *location,
if (inode->i_state & I_NEW) {
int ret;
- ret = btrfs_read_locked_inode(inode);
+ ret = btrfs_read_locked_inode(inode, path);
if (!ret) {
inode_tree_add(inode);
unlock_new_inode(inode);
@@ -5750,6 +5756,12 @@ struct inode *btrfs_iget(struct super_block *s, struct btrfs_key *location,
return inode;
}
+struct inode *btrfs_iget(struct super_block *s, struct btrfs_key *location,
+ struct btrfs_root *root, int *new)
+{
+ return btrfs_iget_path(s, location, root, new, NULL);
+}
+
static struct inode *new_simple_dir(struct super_block *s,
struct btrfs_key *key,
struct btrfs_root *root)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 023/149] netfilter: ipset: Make invalid MAC address checks consistent
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 022/149] Btrfs: fix deadlock on tree root leaf when finding free extent Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 024/149] HID: i2c-hid: Disable runtime PM for LG touchscreen Greg Kroah-Hartman
` (130 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Brivio, Jozsef Kadlecsik,
Sasha Levin
From: Stefano Brivio <sbrivio@redhat.com>
[ Upstream commit 29edbc3ebdb0faa934114f14bf12fc0b784d4f1b ]
Set types bitmap:ipmac and hash:ipmac check that MAC addresses
are not all zeroes.
Introduce one missing check, and make the remaining ones
consistent, using is_zero_ether_addr() instead of comparing
against an array containing zeroes.
This was already done for hash:mac sets in commit 26c97c5d8dac
("netfilter: ipset: Use is_zero_ether_addr instead of static and
memcmp").
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipmac.c | 11 ++++-------
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 4f01321e793ce..794e0335a8648 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -235,6 +235,9 @@ bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb,
else
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
+ if (is_zero_ether_addr(e.ether))
+ return -EINVAL;
+
return adtfn(set, &e, &ext, &opt->ext, opt->cmdflags);
}
diff --git a/net/netfilter/ipset/ip_set_hash_ipmac.c b/net/netfilter/ipset/ip_set_hash_ipmac.c
index 16ec822e40447..25560ea742d66 100644
--- a/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -36,9 +36,6 @@ MODULE_ALIAS("ip_set_hash:ip,mac");
/* Type specific function prefix */
#define HTYPE hash_ipmac
-/* Zero valued element is not supported */
-static const unsigned char invalid_ether[ETH_ALEN] = { 0 };
-
/* IPv4 variant */
/* Member elements */
@@ -104,7 +101,7 @@ hash_ipmac4_kadt(struct ip_set *set, const struct sk_buff *skb,
else
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
- if (ether_addr_equal(e.ether, invalid_ether))
+ if (is_zero_ether_addr(e.ether))
return -EINVAL;
ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
@@ -140,7 +137,7 @@ hash_ipmac4_uadt(struct ip_set *set, struct nlattr *tb[],
if (ret)
return ret;
memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
- if (ether_addr_equal(e.ether, invalid_ether))
+ if (is_zero_ether_addr(e.ether))
return -IPSET_ERR_HASH_ELEM;
return adtfn(set, &e, &ext, &ext, flags);
@@ -220,7 +217,7 @@ hash_ipmac6_kadt(struct ip_set *set, const struct sk_buff *skb,
else
ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
- if (ether_addr_equal(e.ether, invalid_ether))
+ if (is_zero_ether_addr(e.ether))
return -EINVAL;
ip6addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip.in6);
@@ -260,7 +257,7 @@ hash_ipmac6_uadt(struct ip_set *set, struct nlattr *tb[],
return ret;
memcpy(e.ether, nla_data(tb[IPSET_ATTR_ETHER]), ETH_ALEN);
- if (ether_addr_equal(e.ether, invalid_ether))
+ if (is_zero_ether_addr(e.ether))
return -IPSET_ERR_HASH_ELEM;
return adtfn(set, &e, &ext, &ext, flags);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 024/149] HID: i2c-hid: Disable runtime PM for LG touchscreen
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 023/149] netfilter: ipset: Make invalid MAC address checks consistent Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 025/149] HID: i2c-hid: Ignore input report if theres no data present on Elan touchpanels Greg Kroah-Hartman
` (129 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Jiri Kosina, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 86c31524b27c7e686841dd4a79eda95cfd989f16 ]
LG touchscreen (1fd2:8001) stops working after reboot:
[ 4.859153] i2c_hid i2c-SAPS2101:00: i2c_hid_get_input: incomplete report (64/66)
[ 4.936070] i2c_hid i2c-SAPS2101:00: i2c_hid_get_input: incomplete report (64/66)
[ 9.948224] i2c_hid i2c-SAPS2101:00: failed to reset device.
The device in question stops working after receives SLEEP, ON, SLEEP
commands in a short period. The scenario is like this:
- Once the desktop session closes, it also closed the hid device, so the
device gets runtime suspended and receives a SLEEP command.
- Before calling shutdown callback, it gets runtime resumed and received
an ON command.
- In the shutdown callback, it receives another SLEEP command.
I failed to find a reliable interval between ON/SLEEP commands that can
make it work, so let's simply disable runtime PM for the device.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/i2c-hid/i2c-hid-core.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
index 0eeb273fb73d2..6b33117ca60e5 100644
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -713,6 +713,7 @@
#define USB_VENDOR_ID_LG 0x1fd2
#define USB_DEVICE_ID_LG_MULTITOUCH 0x0064
#define USB_DEVICE_ID_LG_MELFAS_MT 0x6007
+#define I2C_DEVICE_ID_LG_8001 0x8001
#define USB_VENDOR_ID_LOGITECH 0x046d
#define USB_DEVICE_ID_LOGITECH_AUDIOHUB 0x0a0e
diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c
index 3cde7c1b9c33c..8555ce7e737b3 100644
--- a/drivers/hid/i2c-hid/i2c-hid-core.c
+++ b/drivers/hid/i2c-hid/i2c-hid-core.c
@@ -177,6 +177,8 @@ static const struct i2c_hid_quirks {
I2C_HID_QUIRK_NO_RUNTIME_PM },
{ I2C_VENDOR_ID_RAYDIUM, I2C_PRODUCT_ID_RAYDIUM_4B33,
I2C_HID_QUIRK_DELAY_AFTER_SLEEP },
+ { USB_VENDOR_ID_LG, I2C_DEVICE_ID_LG_8001,
+ I2C_HID_QUIRK_NO_RUNTIME_PM },
{ 0, 0 }
};
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 025/149] HID: i2c-hid: Ignore input report if theres no data present on Elan touchpanels
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 024/149] HID: i2c-hid: Disable runtime PM for LG touchscreen Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 026/149] HID: i2c-hid: Add Odys Winbook 13 to descriptor override Greg Kroah-Hartman
` (128 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Benjamin Tissoires,
Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 1475af255e18f35dc46f8a7acc18354c73d45149 ]
While using Elan touchpads, the message floods:
[ 136.138487] i2c_hid i2c-DELL08D6:00: i2c_hid_get_input: incomplete report (14/65535)
Though the message flood is annoying, the device it self works without
any issue. I suspect that the device in question takes too much time to
pull the IRQ back to high after I2C host has done reading its data.
Since the host receives all useful data, let's ignore the input report
when there's no data.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/i2c-hid/i2c-hid-core.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c
index 8555ce7e737b3..2f940c1de6169 100644
--- a/drivers/hid/i2c-hid/i2c-hid-core.c
+++ b/drivers/hid/i2c-hid/i2c-hid-core.c
@@ -50,6 +50,7 @@
#define I2C_HID_QUIRK_NO_IRQ_AFTER_RESET BIT(1)
#define I2C_HID_QUIRK_NO_RUNTIME_PM BIT(2)
#define I2C_HID_QUIRK_DELAY_AFTER_SLEEP BIT(3)
+#define I2C_HID_QUIRK_BOGUS_IRQ BIT(4)
/* flags */
#define I2C_HID_STARTED 0
@@ -179,6 +180,8 @@ static const struct i2c_hid_quirks {
I2C_HID_QUIRK_DELAY_AFTER_SLEEP },
{ USB_VENDOR_ID_LG, I2C_DEVICE_ID_LG_8001,
I2C_HID_QUIRK_NO_RUNTIME_PM },
+ { USB_VENDOR_ID_ELAN, HID_ANY_ID,
+ I2C_HID_QUIRK_BOGUS_IRQ },
{ 0, 0 }
};
@@ -503,6 +506,12 @@ static void i2c_hid_get_input(struct i2c_hid *ihid)
return;
}
+ if (ihid->quirks & I2C_HID_QUIRK_BOGUS_IRQ && ret_size == 0xffff) {
+ dev_warn_once(&ihid->client->dev, "%s: IRQ triggered but "
+ "there's no data\n", __func__);
+ return;
+ }
+
if ((ret_size > size) || (ret_size < 2)) {
dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n",
__func__, size, ret_size);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 026/149] HID: i2c-hid: Add Odys Winbook 13 to descriptor override
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 025/149] HID: i2c-hid: Ignore input report if theres no data present on Elan touchpanels Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 027/149] platform/x86: Add the VLV ISP PCI ID to atomisp2_pm Greg Kroah-Hartman
` (127 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rene Wagner, Hans de Goede,
Jiri Kosina, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit f8f807441eefddc3c6d8a378421f0ede6361d565 ]
The Odys Winbook 13 uses a SIPODEV SP1064 touchpad, which does not
supply descriptors, add this to the DMI descriptor override list, fixing
the touchpad not working.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1526312
Reported-by: Rene Wagner <redhatbugzilla@callerid.de>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
index 89f2976f9c534..fd1b6eea6d2fd 100644
--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
@@ -346,6 +346,14 @@ static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = {
},
.driver_data = (void *)&sipodev_desc
},
+ {
+ .ident = "Odys Winbook 13",
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "AXDIA International GmbH"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "WINBOOK 13"),
+ },
+ .driver_data = (void *)&sipodev_desc
+ },
{ } /* Terminate list */
};
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 027/149] platform/x86: Add the VLV ISP PCI ID to atomisp2_pm
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 026/149] HID: i2c-hid: Add Odys Winbook 13 to descriptor override Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 028/149] platform/x86: Fix config space access for intel_atomisp2_pm Greg Kroah-Hartman
` (126 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Alan Cox,
Andy Shevchenko, Darren Hart, Ville Syrjälä,
Sasha Levin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
[ Upstream commit 8a7d7141528ad67e465bc6afacc6a3144d1fe320 ]
If the ISP is exposed as a PCI device VLV machines need the
same treatment as CHV machines to power gate the ISP. Otherwise
s0ix will not work.
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Alan Cox <alan@linux.intel.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Darren Hart <dvhart@infradead.org>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel_atomisp2_pm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/platform/x86/intel_atomisp2_pm.c b/drivers/platform/x86/intel_atomisp2_pm.c
index 9371603a0ac90..4a2ec5eeb6d8a 100644
--- a/drivers/platform/x86/intel_atomisp2_pm.c
+++ b/drivers/platform/x86/intel_atomisp2_pm.c
@@ -99,6 +99,7 @@ static UNIVERSAL_DEV_PM_OPS(isp_pm_ops, isp_pci_suspend,
isp_pci_resume, NULL);
static const struct pci_device_id isp_id_table[] = {
+ { PCI_VDEVICE(INTEL, 0x0f38), },
{ PCI_VDEVICE(INTEL, 0x22b8), },
{ 0, }
};
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 028/149] platform/x86: Fix config space access for intel_atomisp2_pm
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 027/149] platform/x86: Add the VLV ISP PCI ID to atomisp2_pm Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 029/149] ath10k: assign n_cipher_suites = 11 for WCN3990 to enable WPA3 Greg Kroah-Hartman
` (125 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Alan Cox,
Andy Shevchenko, Darren Hart, Ville Syrjälä,
Sasha Levin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
[ Upstream commit 6a31061833a52a79c99221b6251db08cf377470e ]
We lose even config space access when we power gate the ISP
via the PUNIT. That makes lspci & co. produce gibberish.
To fix that let's try to implement actual runtime pm hooks
and inform the pci core that the device always goes to
D3cold. That will cause the pci core to resume the device
before attempting config space access.
This introduces another annoyance though. We get the
following error every time we try to resume the device:
intel_atomisp2_pm 0000:00:03.0: Refused to change power state, currently in D3
The reason being that the pci core tries to put the device
back into D0 via the standard PCI PM mechanism before
calling the driver resume hook. To fix this properly
we'd need to infiltrate the platform pm hooks (could
turn ugly real fast), or use pm domains (which don't
seem to exist on x86), or some extra early resume
hook for the driver (which doesn't exist either).
So maybe we just choose to live with the error?
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Alan Cox <alan@linux.intel.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Darren Hart <dvhart@infradead.org>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel_atomisp2_pm.c | 68 +++++++++++++++++-------
1 file changed, 48 insertions(+), 20 deletions(-)
diff --git a/drivers/platform/x86/intel_atomisp2_pm.c b/drivers/platform/x86/intel_atomisp2_pm.c
index 4a2ec5eeb6d8a..b0f421fea2a58 100644
--- a/drivers/platform/x86/intel_atomisp2_pm.c
+++ b/drivers/platform/x86/intel_atomisp2_pm.c
@@ -33,46 +33,45 @@
#define ISPSSPM0_IUNIT_POWER_ON 0x0
#define ISPSSPM0_IUNIT_POWER_OFF 0x3
-static int isp_probe(struct pci_dev *dev, const struct pci_device_id *id)
+static int isp_set_power(struct pci_dev *dev, bool enable)
{
unsigned long timeout;
- u32 val;
-
- pci_write_config_dword(dev, PCI_INTERRUPT_CTRL, 0);
-
- /*
- * MRFLD IUNIT DPHY is located in an always-power-on island
- * MRFLD HW design need all CSI ports are disabled before
- * powering down the IUNIT.
- */
- pci_read_config_dword(dev, PCI_CSI_CONTROL, &val);
- val |= PCI_CSI_CONTROL_PORTS_OFF_MASK;
- pci_write_config_dword(dev, PCI_CSI_CONTROL, val);
+ u32 val = enable ? ISPSSPM0_IUNIT_POWER_ON :
+ ISPSSPM0_IUNIT_POWER_OFF;
- /* Write 0x3 to ISPSSPM0 bit[1:0] to power off the IUNIT */
+ /* Write to ISPSSPM0 bit[1:0] to power on/off the IUNIT */
iosf_mbi_modify(BT_MBI_UNIT_PMC, MBI_REG_READ, ISPSSPM0,
- ISPSSPM0_IUNIT_POWER_OFF, ISPSSPM0_ISPSSC_MASK);
+ val, ISPSSPM0_ISPSSC_MASK);
/*
* There should be no IUNIT access while power-down is
* in progress HW sighting: 4567865
* Wait up to 50 ms for the IUNIT to shut down.
+ * And we do the same for power on.
*/
timeout = jiffies + msecs_to_jiffies(50);
while (1) {
- /* Wait until ISPSSPM0 bit[25:24] shows 0x3 */
- iosf_mbi_read(BT_MBI_UNIT_PMC, MBI_REG_READ, ISPSSPM0, &val);
- val = (val & ISPSSPM0_ISPSSS_MASK) >> ISPSSPM0_ISPSSS_OFFSET;
- if (val == ISPSSPM0_IUNIT_POWER_OFF)
+ u32 tmp;
+
+ /* Wait until ISPSSPM0 bit[25:24] shows the right value */
+ iosf_mbi_read(BT_MBI_UNIT_PMC, MBI_REG_READ, ISPSSPM0, &tmp);
+ tmp = (tmp & ISPSSPM0_ISPSSS_MASK) >> ISPSSPM0_ISPSSS_OFFSET;
+ if (tmp == val)
break;
if (time_after(jiffies, timeout)) {
- dev_err(&dev->dev, "IUNIT power-off timeout.\n");
+ dev_err(&dev->dev, "IUNIT power-%s timeout.\n",
+ enable ? "on" : "off");
return -EBUSY;
}
usleep_range(1000, 2000);
}
+ return 0;
+}
+
+static int isp_probe(struct pci_dev *dev, const struct pci_device_id *id)
+{
pm_runtime_allow(&dev->dev);
pm_runtime_put_sync_suspend(&dev->dev);
@@ -87,11 +86,40 @@ static void isp_remove(struct pci_dev *dev)
static int isp_pci_suspend(struct device *dev)
{
+ struct pci_dev *pdev = to_pci_dev(dev);
+ u32 val;
+
+ pci_write_config_dword(pdev, PCI_INTERRUPT_CTRL, 0);
+
+ /*
+ * MRFLD IUNIT DPHY is located in an always-power-on island
+ * MRFLD HW design need all CSI ports are disabled before
+ * powering down the IUNIT.
+ */
+ pci_read_config_dword(pdev, PCI_CSI_CONTROL, &val);
+ val |= PCI_CSI_CONTROL_PORTS_OFF_MASK;
+ pci_write_config_dword(pdev, PCI_CSI_CONTROL, val);
+
+ /*
+ * We lose config space access when punit power gates
+ * the ISP. Can't use pci_set_power_state() because
+ * pmcsr won't actually change when we write to it.
+ */
+ pci_save_state(pdev);
+ pdev->current_state = PCI_D3cold;
+ isp_set_power(pdev, false);
+
return 0;
}
static int isp_pci_resume(struct device *dev)
{
+ struct pci_dev *pdev = to_pci_dev(dev);
+
+ isp_set_power(pdev, true);
+ pdev->current_state = PCI_D0;
+ pci_restore_state(pdev);
+
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 029/149] ath10k: assign n_cipher_suites = 11 for WCN3990 to enable WPA3
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 028/149] platform/x86: Fix config space access for intel_atomisp2_pm Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 030/149] clk: boston: unregister clks on failure in clk_boston_setup() Greg Kroah-Hartman
` (124 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhishek Ambure, Kalle Valo, Sasha Levin
From: Abhishek Ambure <aambure@codeaurora.org>
[ Upstream commit 7ba31e6e0cdc0cc2e60e1fcbf467f3c95aea948e ]
Hostapd uses CCMP, GCMP & GCMP-256 as 'wpa_pairwise' option to run WPA3.
In WCN3990 firmware cipher suite numbers 9 to 11 are for CCMP,
GCMP & GCMP-256.
To enable CCMP, GCMP & GCMP-256 cipher suites in WCN3990 firmware,
host sets 'n_cipher_suites = 11' while initializing hardware parameters.
Tested HW: WCN3990
Tested FW: WLAN.HL.2.0-01188-QCAHLSWMTPLZ-1
Signed-off-by: Abhishek Ambure <aambure@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath10k/core.c b/drivers/net/wireless/ath/ath10k/core.c
index 5210cffb53440..2791ef2fd716c 100644
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -532,7 +532,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.hw_ops = &wcn3990_ops,
.decap_align_bytes = 1,
.num_peers = TARGET_HL_10_TLV_NUM_PEERS,
- .n_cipher_suites = 8,
+ .n_cipher_suites = 11,
.ast_skid_limit = TARGET_HL_10_TLV_AST_SKID_LIMIT,
.num_wds_entries = TARGET_HL_10_TLV_NUM_WDS_ENTRIES,
.target_64bit = true,
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 030/149] clk: boston: unregister clks on failure in clk_boston_setup()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 029/149] ath10k: assign n_cipher_suites = 11 for WCN3990 to enable WPA3 Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 031/149] scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks Greg Kroah-Hartman
` (123 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Wang, Stephen Boyd, Sasha Levin
From: Yi Wang <wang.yi59@zte.com.cn>
[ Upstream commit 8b627f616ed63dcaf922369fc14a5daf8ad03038 ]
The registered clks should unregister when something wrong happens
before going out in function clk_boston_setup().
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imgtec/clk-boston.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/clk/imgtec/clk-boston.c b/drivers/clk/imgtec/clk-boston.c
index f5d54a64d33c5..dddda45127a80 100644
--- a/drivers/clk/imgtec/clk-boston.c
+++ b/drivers/clk/imgtec/clk-boston.c
@@ -73,31 +73,39 @@ static void __init clk_boston_setup(struct device_node *np)
hw = clk_hw_register_fixed_rate(NULL, "input", NULL, 0, in_freq);
if (IS_ERR(hw)) {
pr_err("failed to register input clock: %ld\n", PTR_ERR(hw));
- goto error;
+ goto fail_input;
}
onecell->hws[BOSTON_CLK_INPUT] = hw;
hw = clk_hw_register_fixed_rate(NULL, "sys", "input", 0, sys_freq);
if (IS_ERR(hw)) {
pr_err("failed to register sys clock: %ld\n", PTR_ERR(hw));
- goto error;
+ goto fail_sys;
}
onecell->hws[BOSTON_CLK_SYS] = hw;
hw = clk_hw_register_fixed_rate(NULL, "cpu", "input", 0, cpu_freq);
if (IS_ERR(hw)) {
pr_err("failed to register cpu clock: %ld\n", PTR_ERR(hw));
- goto error;
+ goto fail_cpu;
}
onecell->hws[BOSTON_CLK_CPU] = hw;
err = of_clk_add_hw_provider(np, of_clk_hw_onecell_get, onecell);
- if (err)
+ if (err) {
pr_err("failed to add DT provider: %d\n", err);
+ goto fail_clk_add;
+ }
return;
-error:
+fail_clk_add:
+ clk_hw_unregister_fixed_rate(onecell->hws[BOSTON_CLK_CPU]);
+fail_cpu:
+ clk_hw_unregister_fixed_rate(onecell->hws[BOSTON_CLK_SYS]);
+fail_sys:
+ clk_hw_unregister_fixed_rate(onecell->hws[BOSTON_CLK_INPUT]);
+fail_input:
kfree(onecell);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 031/149] scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 030/149] clk: boston: unregister clks on failure in clk_boston_setup() Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 032/149] staging: mt7621-pinctrl: use pinconf-generic for dt_node_to_map and dt_free_map Greg Kroah-Hartman
` (122 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Kujau, Guenter Roeck,
Alexander Kapshuk, Brian Norris, Genki Sky, Masahiro Yamada,
Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit ff64dd4857303dd5550faed9fd598ac90f0f2238 ]
git-diff-index does not refresh the index for you, so using it for a
"-dirty" check can give misleading results. Commit 6147b1cf19651
("scripts/setlocalversion: git: Make -dirty check more robust") tried to
fix this by switching to git-status, but it overlooked the fact that
git-status also writes to the .git directory of the source tree, which
is definitely not kosher for an out-of-tree (O=) build. That is getting
reverted.
Fortunately, git-status now supports avoiding writing to the index via
the --no-optional-locks flag, as of git 2.14. It still calculates an
up-to-date index, but it avoids writing it out to the .git directory.
So, let's retry the solution from commit 6147b1cf19651 using this new
flag first, and if it fails, we assume this is an older version of git
and just use the old git-diff-index method.
It's hairy to get the 'grep -vq' (inverted matching) correct by stashing
the output of git-status (you have to be careful about the difference
betwen "empty stdin" and "blank line on stdin"), so just pipe the output
directly to grep and use a regex that's good enough for both the
git-status and git-diff-index version.
Cc: Christian Kujau <lists@nerdbynature.de>
Cc: Guenter Roeck <linux@roeck-us.net>
Suggested-by: Alexander Kapshuk <alexander.kapshuk@gmail.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Tested-by: Genki Sky <sky@genki.is>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/setlocalversion | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/scripts/setlocalversion b/scripts/setlocalversion
index 71f39410691b6..365b3c2b8f431 100755
--- a/scripts/setlocalversion
+++ b/scripts/setlocalversion
@@ -73,8 +73,16 @@ scm_version()
printf -- '-svn%s' "`git svn find-rev $head`"
fi
- # Check for uncommitted changes
- if git diff-index --name-only HEAD | grep -qv "^scripts/package"; then
+ # Check for uncommitted changes.
+ # First, with git-status, but --no-optional-locks is only
+ # supported in git >= 2.14, so fall back to git-diff-index if
+ # it fails. Note that git-diff-index does not refresh the
+ # index, so it may give misleading results. See
+ # git-update-index(1), git-diff-index(1), and git-status(1).
+ if {
+ git --no-optional-locks status -uno --porcelain 2>/dev/null ||
+ git diff-index --name-only HEAD
+ } | grep -qvE '^(.. )?scripts/package'; then
printf '%s' -dirty
fi
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 032/149] staging: mt7621-pinctrl: use pinconf-generic for dt_node_to_map and dt_free_map
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 031/149] scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 033/149] HID: Add ASUS T100CHI keyboard dock battery quirks Greg Kroah-Hartman
` (121 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Sergio Paracuellos, Sasha Levin
From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
[ Upstream commit 0ca1f90861b6d64386261096b42bfc81ce11948a ]
Instead of reimplement afunction to do 'dt_node_to_map' task like
'rt2880_pinctrl_dt_node_to_map' make use of 'pinconf_generic_dt_node_to_map_all'
generic function for this task. Also use its equivalent function for free which
is 'pinconf_generic_dt_free_map'. Remove 'rt2880_pinctrl_dt_node_to_map' function
which is not needed anymore. This decrease a bit driver LOC and make it more
generic. To properly compile this changes 'GENERIC_PINCONF' option is selected
with the driver in its Kconfig file.
This also fix a problem with function 'rt2880_pinctrl_dt_node_to_map' which was
calling internally 'pinctrl_utils_reserve_map' which expects 'num_maps' to be initialized.
It does a memory allocation based on the value, and triggers the following
warning if is not properly set:
if (unlikely(order >= MAX_ORDER)) {
WARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN));
return NULL;
}
Generic function 'pinconf_generic_dt_node_to_map_all' initializes properly
'num_maps' to zero fixing the problem.
Fixes: e12a1a6e087b ("staging: mt7621-pinctrl: refactor rt2880_pinctrl_dt_node_to_map function")
Reported-by: NeilBrown <neil@brown.name>
Tested-by: NeilBrown <neil@brown.name>
Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/mt7621-pinctrl/Kconfig | 1 +
.../staging/mt7621-pinctrl/pinctrl-rt2880.c | 41 ++-----------------
2 files changed, 4 insertions(+), 38 deletions(-)
diff --git a/drivers/staging/mt7621-pinctrl/Kconfig b/drivers/staging/mt7621-pinctrl/Kconfig
index 37cf9c3273beb..fc36127113072 100644
--- a/drivers/staging/mt7621-pinctrl/Kconfig
+++ b/drivers/staging/mt7621-pinctrl/Kconfig
@@ -2,3 +2,4 @@ config PINCTRL_RT2880
bool "RT2800 pinctrl driver for RALINK/Mediatek SOCs"
depends on RALINK
select PINMUX
+ select GENERIC_PINCONF
diff --git a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c
index aa98fbb170139..80e7067cfb797 100644
--- a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c
+++ b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c
@@ -11,6 +11,7 @@
#include <linux/of.h>
#include <linux/pinctrl/pinctrl.h>
#include <linux/pinctrl/pinconf.h>
+#include <linux/pinctrl/pinconf-generic.h>
#include <linux/pinctrl/pinmux.h>
#include <linux/pinctrl/consumer.h>
#include <linux/pinctrl/machine.h>
@@ -73,48 +74,12 @@ static int rt2880_get_group_pins(struct pinctrl_dev *pctrldev,
return 0;
}
-static int rt2880_pinctrl_dt_node_to_map(struct pinctrl_dev *pctrldev,
- struct device_node *np_config,
- struct pinctrl_map **map,
- unsigned int *num_maps)
-{
- struct rt2880_priv *p = pinctrl_dev_get_drvdata(pctrldev);
- struct property *prop;
- const char *function_name, *group_name;
- int ret;
- int ngroups = 0;
- unsigned int reserved_maps = 0;
-
- for_each_node_with_property(np_config, "group")
- ngroups++;
-
- *map = NULL;
- ret = pinctrl_utils_reserve_map(pctrldev, map, &reserved_maps,
- num_maps, ngroups);
- if (ret) {
- dev_err(p->dev, "can't reserve map: %d\n", ret);
- return ret;
- }
-
- of_property_for_each_string(np_config, "group", prop, group_name) {
- ret = pinctrl_utils_add_map_mux(pctrldev, map, &reserved_maps,
- num_maps, group_name,
- function_name);
- if (ret) {
- dev_err(p->dev, "can't add map: %d\n", ret);
- return ret;
- }
- }
-
- return 0;
-}
-
static const struct pinctrl_ops rt2880_pctrl_ops = {
.get_groups_count = rt2880_get_group_count,
.get_group_name = rt2880_get_group_name,
.get_group_pins = rt2880_get_group_pins,
- .dt_node_to_map = rt2880_pinctrl_dt_node_to_map,
- .dt_free_map = pinctrl_utils_free_map,
+ .dt_node_to_map = pinconf_generic_dt_node_to_map_all,
+ .dt_free_map = pinconf_generic_dt_free_map,
};
static int rt2880_pmx_func_count(struct pinctrl_dev *pctrldev)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 033/149] HID: Add ASUS T100CHI keyboard dock battery quirks
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 032/149] staging: mt7621-pinctrl: use pinconf-generic for dt_node_to_map and dt_free_map Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 034/149] NFSv4: Ensure that the state manager exits the loop on SIGKILL Greg Kroah-Hartman
` (120 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NOGUCHI Hiroshi, Jiri Kosina, Sasha Levin
From: NOGUCHI Hiroshi <drvlabo@gmail.com>
[ Upstream commit a767ffea05d2737f6542cd78458a84a157fa216d ]
Add ASUS Transbook T100CHI/T90CHI keyboard dock into battery quirk list, in
order to add specific implementation in hid-asus.
Signed-off-by: NOGUCHI Hiroshi <drvlabo@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-input.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index d988b92b20c82..01bed2f6862ee 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -328,6 +328,9 @@ static const struct hid_device_id hid_battery_quirks[] = {
{ HID_USB_DEVICE(USB_VENDOR_ID_SYMBOL,
USB_DEVICE_ID_SYMBOL_SCANNER_3),
HID_BATTERY_QUIRK_IGNORE },
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_ASUSTEK,
+ USB_DEVICE_ID_ASUSTEK_T100CHI_KEYBOARD),
+ HID_BATTERY_QUIRK_IGNORE },
{}
};
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 034/149] NFSv4: Ensure that the state manager exits the loop on SIGKILL
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 033/149] HID: Add ASUS T100CHI keyboard dock battery quirks Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 035/149] HID: steam: fix boot loop with bluetooth firmware Greg Kroah-Hartman
` (119 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit a1aa09be21fa344d1f5585aab8164bfae55f57e3 ]
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4state.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index c36ef75f2054b..b3086e99420c7 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -2613,7 +2613,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
return;
if (test_and_set_bit(NFS4CLNT_MANAGER_RUNNING, &clp->cl_state) != 0)
return;
- } while (refcount_read(&clp->cl_count) > 1);
+ } while (refcount_read(&clp->cl_count) > 1 && !signalled());
goto out_drain;
out_error:
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 035/149] HID: steam: fix boot loop with bluetooth firmware
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 034/149] NFSv4: Ensure that the state manager exits the loop on SIGKILL Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 036/149] HID: steam: fix deadlock with input devices Greg Kroah-Hartman
` (118 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rodrigo Rivas Costa, Jiri Kosina,
Sasha Levin
From: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
[ Upstream commit cf28aee292e102740e49f74385b4b89c00050763 ]
There is a new firmware for the Steam Controller with support for BLE
connections. When using such a device with a wired connection, it
reboots itself every 10 seconds unless an application has opened it.
Doing hid_hw_open() unconditionally on probe fixes the issue, and the
code becomes simpler.
Signed-off-by: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-steam.c | 34 +++++++++++-----------------------
1 file changed, 11 insertions(+), 23 deletions(-)
diff --git a/drivers/hid/hid-steam.c b/drivers/hid/hid-steam.c
index dc4128bfe2ca9..8141cadfca0e3 100644
--- a/drivers/hid/hid-steam.c
+++ b/drivers/hid/hid-steam.c
@@ -283,11 +283,6 @@ static void steam_set_lizard_mode(struct steam_device *steam, bool enable)
static int steam_input_open(struct input_dev *dev)
{
struct steam_device *steam = input_get_drvdata(dev);
- int ret;
-
- ret = hid_hw_open(steam->hdev);
- if (ret)
- return ret;
mutex_lock(&steam->mutex);
if (!steam->client_opened && lizard_mode)
@@ -304,8 +299,6 @@ static void steam_input_close(struct input_dev *dev)
if (!steam->client_opened && lizard_mode)
steam_set_lizard_mode(steam, true);
mutex_unlock(&steam->mutex);
-
- hid_hw_close(steam->hdev);
}
static enum power_supply_property steam_battery_props[] = {
@@ -623,11 +616,6 @@ static void steam_client_ll_stop(struct hid_device *hdev)
static int steam_client_ll_open(struct hid_device *hdev)
{
struct steam_device *steam = hdev->driver_data;
- int ret;
-
- ret = hid_hw_open(steam->hdev);
- if (ret)
- return ret;
mutex_lock(&steam->mutex);
steam->client_opened = true;
@@ -635,7 +623,7 @@ static int steam_client_ll_open(struct hid_device *hdev)
steam_input_unregister(steam);
- return ret;
+ return 0;
}
static void steam_client_ll_close(struct hid_device *hdev)
@@ -646,7 +634,6 @@ static void steam_client_ll_close(struct hid_device *hdev)
steam->client_opened = false;
mutex_unlock(&steam->mutex);
- hid_hw_close(steam->hdev);
if (steam->connected) {
steam_set_lizard_mode(steam, lizard_mode);
steam_input_register(steam);
@@ -759,14 +746,15 @@ static int steam_probe(struct hid_device *hdev,
if (ret)
goto client_hdev_add_fail;
+ ret = hid_hw_open(hdev);
+ if (ret) {
+ hid_err(hdev,
+ "%s:hid_hw_open\n",
+ __func__);
+ goto hid_hw_open_fail;
+ }
+
if (steam->quirks & STEAM_QUIRK_WIRELESS) {
- ret = hid_hw_open(hdev);
- if (ret) {
- hid_err(hdev,
- "%s:hid_hw_open for wireless\n",
- __func__);
- goto hid_hw_open_fail;
- }
hid_info(hdev, "Steam wireless receiver connected");
steam_request_conn_status(steam);
} else {
@@ -781,8 +769,8 @@ static int steam_probe(struct hid_device *hdev,
return 0;
-hid_hw_open_fail:
input_register_fail:
+hid_hw_open_fail:
client_hdev_add_fail:
hid_hw_stop(hdev);
hid_hw_start_fail:
@@ -809,8 +797,8 @@ static void steam_remove(struct hid_device *hdev)
cancel_work_sync(&steam->work_connect);
if (steam->quirks & STEAM_QUIRK_WIRELESS) {
hid_info(hdev, "Steam wireless receiver disconnected");
- hid_hw_close(hdev);
}
+ hid_hw_close(hdev);
hid_hw_stop(hdev);
steam_unregister(steam);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 036/149] HID: steam: fix deadlock with input devices.
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 035/149] HID: steam: fix boot loop with bluetooth firmware Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 037/149] samples: bpf: fix: seg fault with NULL pointer arg Greg Kroah-Hartman
` (117 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Simon Gene Gottlieb,
Rodrigo Rivas Costa, Jiri Kosina, Sasha Levin
From: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
[ Upstream commit 6b538cc21334b83f09b25dec4aa2d2726bf07ed0 ]
When using this driver with the wireless dongle and some usermode
program that monitors every input device (acpid, for example), while
another usermode client opens and closes the low-level device
repeadedly, the system eventually deadlocks.
The reason is that steam_input_register_device() must not be called with
the mutex held, because the input subsystem has its own synchronization
that clashes with this one: it is possible that steam_input_open() is
called before input_register_device() returns, and since
steam_input_open() needs to lock the mutex, it deadlocks.
However we must hold the mutex when calling any function that sends
commands to the controller. If not, random commands end up falling fail.
Reported-by: Simon Gene Gottlieb <simon@gottliebtfreitag.de>
Signed-off-by: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
Tested-by: Simon Gene Gottlieb <simon@gottliebtfreitag.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-steam.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/drivers/hid/hid-steam.c b/drivers/hid/hid-steam.c
index 8141cadfca0e3..8dae0f9b819e0 100644
--- a/drivers/hid/hid-steam.c
+++ b/drivers/hid/hid-steam.c
@@ -499,6 +499,7 @@ static void steam_battery_unregister(struct steam_device *steam)
static int steam_register(struct steam_device *steam)
{
int ret;
+ bool client_opened;
/*
* This function can be called several times in a row with the
@@ -511,9 +512,11 @@ static int steam_register(struct steam_device *steam)
* Unlikely, but getting the serial could fail, and it is not so
* important, so make up a serial number and go on.
*/
+ mutex_lock(&steam->mutex);
if (steam_get_serial(steam) < 0)
strlcpy(steam->serial_no, "XXXXXXXXXX",
sizeof(steam->serial_no));
+ mutex_unlock(&steam->mutex);
hid_info(steam->hdev, "Steam Controller '%s' connected",
steam->serial_no);
@@ -528,13 +531,15 @@ static int steam_register(struct steam_device *steam)
}
mutex_lock(&steam->mutex);
- if (!steam->client_opened) {
+ client_opened = steam->client_opened;
+ if (!client_opened)
steam_set_lizard_mode(steam, lizard_mode);
+ mutex_unlock(&steam->mutex);
+
+ if (!client_opened)
ret = steam_input_register(steam);
- } else {
+ else
ret = 0;
- }
- mutex_unlock(&steam->mutex);
return ret;
}
@@ -630,14 +635,21 @@ static void steam_client_ll_close(struct hid_device *hdev)
{
struct steam_device *steam = hdev->driver_data;
+ unsigned long flags;
+ bool connected;
+
+ spin_lock_irqsave(&steam->lock, flags);
+ connected = steam->connected;
+ spin_unlock_irqrestore(&steam->lock, flags);
+
mutex_lock(&steam->mutex);
steam->client_opened = false;
+ if (connected)
+ steam_set_lizard_mode(steam, lizard_mode);
mutex_unlock(&steam->mutex);
- if (steam->connected) {
- steam_set_lizard_mode(steam, lizard_mode);
+ if (connected)
steam_input_register(steam);
- }
}
static int steam_client_ll_raw_request(struct hid_device *hdev,
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 037/149] samples: bpf: fix: seg fault with NULL pointer arg
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 036/149] HID: steam: fix deadlock with input devices Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 038/149] usb: dwc3: gadget: early giveback if End Transfer already completed Greg Kroah-Hartman
` (116 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel T. Lee, Song Liu,
Daniel Borkmann, Sasha Levin
From: Daniel T. Lee <danieltimlee@gmail.com>
[ Upstream commit d59dd69d5576d699d7d3f5da0b4738c3a36d0133 ]
When NULL pointer accidentally passed to write_kprobe_events,
due to strlen(NULL), segmentation fault happens.
Changed code returns -1 to deal with this situation.
Bug issued with Smatch, static analysis.
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/bpf/bpf_load.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/samples/bpf/bpf_load.c b/samples/bpf/bpf_load.c
index 5061a2ec45646..176c04a454dc9 100644
--- a/samples/bpf/bpf_load.c
+++ b/samples/bpf/bpf_load.c
@@ -59,7 +59,9 @@ static int write_kprobe_events(const char *val)
{
int fd, ret, flags;
- if ((val != NULL) && (val[0] == '\0'))
+ if (val == NULL)
+ return -1;
+ else if (val[0] == '\0')
flags = O_WRONLY | O_TRUNC;
else
flags = O_WRONLY | O_APPEND;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 038/149] usb: dwc3: gadget: early giveback if End Transfer already completed
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 037/149] samples: bpf: fix: seg fault with NULL pointer arg Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 039/149] usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete Greg Kroah-Hartman
` (115 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Felipe Balbi, Sasha Levin
From: Felipe Balbi <felipe.balbi@linux.intel.com>
[ Upstream commit 9f45581f5eec6786c6eded2b3c85345d82a910c9 ]
There is a rare race condition that may happen during a Disconnect
Interrupt if we have a started request that happens to be
dequeued *after* completion of End Transfer command. If that happens,
that request will be left waiting for completion of an End Transfer
command that will never happen.
If End Transfer command has already completed before, we are safe to
giveback the request straight away.
Tested-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index e7461c995116a..7b0957c530485 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1410,7 +1410,10 @@ static int dwc3_gadget_ep_dequeue(struct usb_ep *ep,
goto out0;
dwc3_gadget_move_cancelled_request(req);
- goto out0;
+ if (dep->flags & DWC3_EP_TRANSFER_STARTED)
+ goto out0;
+ else
+ goto out1;
}
dev_err(dwc->dev, "request %pK was not queued to %s\n",
request, ep->name);
@@ -1418,6 +1421,7 @@ static int dwc3_gadget_ep_dequeue(struct usb_ep *ep,
goto out0;
}
+out1:
dwc3_gadget_giveback(dep, req, -ECONNRESET);
out0:
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 039/149] usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 038/149] usb: dwc3: gadget: early giveback if End Transfer already completed Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 040/149] ALSA: usb-audio: Cleanup DSD whitelist Greg Kroah-Hartman
` (114 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Felipe Balbi, Sasha Levin
From: Felipe Balbi <felipe.balbi@linux.intel.com>
[ Upstream commit acbfa6c26f21a18830ee064b588c92334305b6af ]
We must wait until End Transfer completes in order to clear
DWC3_EP_TRANSFER_STARTED, otherwise we may confuse the driver.
This patch is in preparation to fix a rare race condition that happens
upon Disconnect Interrupt.
Tested-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 19 +++++--------------
1 file changed, 5 insertions(+), 14 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 7b0957c530485..54de732550648 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -375,19 +375,9 @@ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, unsigned cmd,
trace_dwc3_gadget_ep_cmd(dep, cmd, params, cmd_status);
- if (ret == 0) {
- switch (DWC3_DEPCMD_CMD(cmd)) {
- case DWC3_DEPCMD_STARTTRANSFER:
- dep->flags |= DWC3_EP_TRANSFER_STARTED;
- dwc3_gadget_ep_get_transfer_index(dep);
- break;
- case DWC3_DEPCMD_ENDTRANSFER:
- dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
- break;
- default:
- /* nothing */
- break;
- }
+ if (ret == 0 && DWC3_DEPCMD_CMD(cmd) == DWC3_DEPCMD_STARTTRANSFER) {
+ dep->flags |= DWC3_EP_TRANSFER_STARTED;
+ dwc3_gadget_ep_get_transfer_index(dep);
}
if (unlikely(susphy)) {
@@ -2417,7 +2407,8 @@ static void dwc3_endpoint_interrupt(struct dwc3 *dwc,
cmd = DEPEVT_PARAMETER_CMD(event->parameters);
if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
- dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
+ dep->flags &= ~(DWC3_EP_END_TRANSFER_PENDING |
+ DWC3_EP_TRANSFER_STARTED);
dwc3_gadget_ep_cleanup_cancelled_requests(dep);
}
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 040/149] ALSA: usb-audio: Cleanup DSD whitelist
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 039/149] usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 041/149] usb: handle warm-reset port requests on hub resume Greg Kroah-Hartman
` (113 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jussi Laako, Takashi Iwai, Sasha Levin
From: Jussi Laako <jussi@sonarnerd.net>
[ Upstream commit 202e69e645545e8dcec5e239658125276a7a315a ]
XMOS/Thesycon family of USB Audio Class firmware flags DSD altsetting
separate from the PCM ones. Thus the DSD altsetting can be auto-detected
based on the flag and doesn't need maintaining specific altsetting
whitelist.
In addition, static VID:PID-to-altsetting whitelisting causes problems
when firmware update changes the altsetting, or same VID:PID is reused
for another device that has different kind of firmware.
This patch removes existing explicit whitelist mappings for XMOS VID
(0x20b1) and Thesycon VID (0x152a).
Also corrects placement of Hegel HD12 and NuPrime DAC-10 to keep list
sorted based on VID.
Signed-off-by: Jussi Laako <jussi@sonarnerd.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/quirks.c | 18 ++----------------
1 file changed, 2 insertions(+), 16 deletions(-)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 60d00091f64b2..e5dde06c31a6f 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1360,10 +1360,6 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
/* XMOS based USB DACs */
switch (chip->usb_id) {
case USB_ID(0x1511, 0x0037): /* AURALiC VEGA */
- case USB_ID(0x20b1, 0x0002): /* Wyred 4 Sound DAC-2 DSD */
- case USB_ID(0x20b1, 0x2004): /* Matrix Audio X-SPDIF 2 */
- case USB_ID(0x20b1, 0x2008): /* Matrix Audio X-Sabre */
- case USB_ID(0x20b1, 0x300a): /* Matrix Audio Mini-i Pro */
case USB_ID(0x22d9, 0x0416): /* OPPO HA-1 */
case USB_ID(0x22d9, 0x0436): /* OPPO Sonica */
case USB_ID(0x22d9, 0x0461): /* OPPO UDP-205 */
@@ -1373,23 +1369,13 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
return SNDRV_PCM_FMTBIT_DSD_U32_BE;
break;
- case USB_ID(0x10cb, 0x0103): /* The Bit Opus #3; with fp->dsd_raw */
- case USB_ID(0x152a, 0x85de): /* SMSL D1 DAC */
- case USB_ID(0x16d0, 0x09dd): /* Encore mDSD */
case USB_ID(0x0d8c, 0x0316): /* Hegel HD12 DSD */
+ case USB_ID(0x10cb, 0x0103): /* The Bit Opus #3; with fp->dsd_raw */
case USB_ID(0x16b0, 0x06b2): /* NuPrime DAC-10 */
+ case USB_ID(0x16d0, 0x09dd): /* Encore mDSD */
case USB_ID(0x16d0, 0x0733): /* Furutech ADL Stratos */
case USB_ID(0x16d0, 0x09db): /* NuPrime Audio DAC-9 */
case USB_ID(0x1db5, 0x0003): /* Bryston BDA3 */
- case USB_ID(0x20b1, 0x000a): /* Gustard DAC-X20U */
- case USB_ID(0x20b1, 0x2005): /* Denafrips Ares DAC */
- case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */
- case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */
- case USB_ID(0x20b1, 0x3021): /* Eastern El. MiniMax Tube DAC Supreme */
- case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */
- case USB_ID(0x20b1, 0x302d): /* Unison Research Unico CD Due */
- case USB_ID(0x20b1, 0x307b): /* CH Precision C1 DAC */
- case USB_ID(0x20b1, 0x3086): /* Singxer F-1 converter board */
case USB_ID(0x22d9, 0x0426): /* OPPO HA-2 */
case USB_ID(0x22e1, 0xca01): /* HDTA Serenade DSD */
case USB_ID(0x249c, 0x9326): /* M2Tech Young MkIII */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 041/149] usb: handle warm-reset port requests on hub resume
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 040/149] ALSA: usb-audio: Cleanup DSD whitelist Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 042/149] rtc: pcf8523: set xtal load capacitance from DT Greg Kroah-Hartman
` (112 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan-Marek Glogowski, Alan Stern, Sasha Levin
From: Jan-Marek Glogowski <glogow@fbihome.de>
[ Upstream commit 4fdc1790e6a9ef22399c6bc6e63b80f4609f3b7e ]
On plug-in of my USB-C device, its USB_SS_PORT_LS_SS_INACTIVE
link state bit is set. Greping all the kernel for this bit shows
that the port status requests a warm-reset this way.
This just happens, if its the only device on the root hub, the hub
therefore resumes and the HCDs status_urb isn't yet available.
If a warm-reset request is detected, this sets the hubs event_bits,
which will prevent any auto-suspend and allows the hubs workqueue
to warm-reset the port later in port_event.
Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/core/hub.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 8018f813972e0..d5fbd36cf4624 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -107,6 +107,8 @@ EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem);
static void hub_release(struct kref *kref);
static int usb_reset_and_verify_device(struct usb_device *udev);
static int hub_port_disable(struct usb_hub *hub, int port1, int set_state);
+static bool hub_port_warm_reset_required(struct usb_hub *hub, int port1,
+ u16 portstatus);
static inline char *portspeed(struct usb_hub *hub, int portstatus)
{
@@ -1111,6 +1113,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
USB_PORT_FEAT_ENABLE);
}
+ /* Make sure a warm-reset request is handled by port_event */
+ if (type == HUB_RESUME &&
+ hub_port_warm_reset_required(hub, port1, portstatus))
+ set_bit(port1, hub->event_bits);
+
/*
* Add debounce if USB3 link is in polling/link training state.
* Link will automatically transition to Enabled state after
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 042/149] rtc: pcf8523: set xtal load capacitance from DT
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 041/149] usb: handle warm-reset port requests on hub resume Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 043/149] arm64: Add MIDR encoding for HiSilicon Taishan CPUs Greg Kroah-Hartman
` (111 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Ravnborg, Alessandro Zummo,
Alexandre Belloni, Sasha Levin
From: Sam Ravnborg <sam@ravnborg.org>
[ Upstream commit 189927e719e36ceefbb8037f23d3849e47833aef ]
Add support for specifying the xtal load capacitance in the DT node.
The pcf8523 supports xtal load capacitance of 7pF or 12.5pF.
If the rtc has the wrong configuration the time will
drift several hours/week.
The driver use the default value 12.5pF.
The DT may specify either 7000fF or 12500fF.
(The DT uses femto Farad to avoid decimal numbers).
Other values are warned and the driver uses the default value.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-pcf8523.c | 28 ++++++++++++++++++++--------
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/drivers/rtc/rtc-pcf8523.c b/drivers/rtc/rtc-pcf8523.c
index 3fcd2cbafc845..2e03021f15d13 100644
--- a/drivers/rtc/rtc-pcf8523.c
+++ b/drivers/rtc/rtc-pcf8523.c
@@ -97,8 +97,9 @@ static int pcf8523_voltage_low(struct i2c_client *client)
return !!(value & REG_CONTROL3_BLF);
}
-static int pcf8523_select_capacitance(struct i2c_client *client, bool high)
+static int pcf8523_load_capacitance(struct i2c_client *client)
{
+ u32 load;
u8 value;
int err;
@@ -106,14 +107,24 @@ static int pcf8523_select_capacitance(struct i2c_client *client, bool high)
if (err < 0)
return err;
- if (!high)
- value &= ~REG_CONTROL1_CAP_SEL;
- else
+ load = 12500;
+ of_property_read_u32(client->dev.of_node, "quartz-load-femtofarads",
+ &load);
+
+ switch (load) {
+ default:
+ dev_warn(&client->dev, "Unknown quartz-load-femtofarads value: %d. Assuming 12500",
+ load);
+ /* fall through */
+ case 12500:
value |= REG_CONTROL1_CAP_SEL;
+ break;
+ case 7000:
+ value &= ~REG_CONTROL1_CAP_SEL;
+ break;
+ }
err = pcf8523_write(client, REG_CONTROL1, value);
- if (err < 0)
- return err;
return err;
}
@@ -347,9 +358,10 @@ static int pcf8523_probe(struct i2c_client *client,
if (!pcf)
return -ENOMEM;
- err = pcf8523_select_capacitance(client, true);
+ err = pcf8523_load_capacitance(client);
if (err < 0)
- return err;
+ dev_warn(&client->dev, "failed to set xtal load capacitance: %d",
+ err);
err = pcf8523_set_pm(client, 0);
if (err < 0)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 043/149] arm64: Add MIDR encoding for HiSilicon Taishan CPUs
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 042/149] rtc: pcf8523: set xtal load capacitance from DT Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 044/149] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs Greg Kroah-Hartman
` (110 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hanjun Guo, John Garry, Zhangshaokun,
Catalin Marinas
From: Hanjun Guo <hanjun.guo@linaro.org>
commit efd00c722ca855745fcc35a7e6675b5a782a3fc8 upstream.
Adding the MIDR encodings for HiSilicon Taishan v110 CPUs,
which is used in Kunpeng ARM64 server SoCs. TSV110 is the
abbreviation of Taishan v110.
Signed-off-by: Hanjun Guo <hanjun.guo@linaro.org>
Reviewed-by: John Garry <john.garry@huawei.com>
Reviewed-by: Zhangshaokun <zhangshaokun@hisilicon.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/cputype.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -68,6 +68,7 @@
#define ARM_CPU_IMP_BRCM 0x42
#define ARM_CPU_IMP_QCOM 0x51
#define ARM_CPU_IMP_NVIDIA 0x4E
+#define ARM_CPU_IMP_HISI 0x48
#define ARM_CPU_PART_AEM_V8 0xD0F
#define ARM_CPU_PART_FOUNDATION 0xD00
@@ -96,6 +97,8 @@
#define NVIDIA_CPU_PART_DENVER 0x003
#define NVIDIA_CPU_PART_CARMEL 0x004
+#define HISI_CPU_PART_TSV110 0xD01
+
#define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53)
#define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57)
#define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72)
@@ -114,6 +117,7 @@
#define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO)
#define MIDR_NVIDIA_DENVER MIDR_CPU_MODEL(ARM_CPU_IMP_NVIDIA, NVIDIA_CPU_PART_DENVER)
#define MIDR_NVIDIA_CARMEL MIDR_CPU_MODEL(ARM_CPU_IMP_NVIDIA, NVIDIA_CPU_PART_CARMEL)
+#define MIDR_HISI_TSV110 MIDR_CPU_MODEL(ARM_CPU_IMP_HISI, HISI_CPU_PART_TSV110)
#ifndef __ASSEMBLY__
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 044/149] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 043/149] arm64: Add MIDR encoding for HiSilicon Taishan CPUs Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 045/149] mlxsw: spectrum: Set LAG port collector only when active Greg Kroah-Hartman
` (109 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hanjun Guo, John Garry, Zhangshaokun,
Catalin Marinas, Sasha Levin
From: Hanjun Guo <hanjun.guo@linaro.org>
[ Upstream commit 0ecc471a2cb7d4d386089445a727f47b59dc9b6e ]
HiSilicon Taishan v110 CPUs didn't implement CSV3 field of the
ID_AA64PFR0_EL1 and are not susceptible to Meltdown, so whitelist
the MIDR in kpti_safe_list[] table.
Signed-off-by: Hanjun Guo <hanjun.guo@linaro.org>
Reviewed-by: John Garry <john.garry@huawei.com>
Reviewed-by: Zhangshaokun <zhangshaokun@hisilicon.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/cpufeature.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index ff5beb59b3dc3..220ebfa0ece6e 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -906,6 +906,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
+ MIDR_ALL_VERSIONS(MIDR_HISI_TSV110),
{ /* sentinel */ }
};
char const *str = "kpti command line option";
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 045/149] mlxsw: spectrum: Set LAG port collector only when active
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 044/149] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 046/149] net: stmmac: Fix NAPI poll in TX path when in multi-queue Greg Kroah-Hartman
` (108 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nir Dotan, Jiri Pirko, Ido Schimmel,
David S. Miller, Sasha Levin
From: Nir Dotan <nird@mellanox.com>
[ Upstream commit 48ebab31d424fbdb8ede8914923bec671a933246 ]
The LAG port collecting (receive) function was mistakenly set when the
port was registered as a LAG member, while it should be set only when
the port collection state is set to true. Set LAG port to collecting
when it is set to distributing, as described in the IEEE link
aggregation standard coupled control mux machine state diagram.
Signed-off-by: Nir Dotan <nird@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlxsw/spectrum.c | 62 ++++++++++++++-----
1 file changed, 45 insertions(+), 17 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
index ee126bcf7c350..ccd9aca281b37 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
@@ -4410,9 +4410,6 @@ static int mlxsw_sp_port_lag_join(struct mlxsw_sp_port *mlxsw_sp_port,
err = mlxsw_sp_lag_col_port_add(mlxsw_sp_port, lag_id, port_index);
if (err)
goto err_col_port_add;
- err = mlxsw_sp_lag_col_port_enable(mlxsw_sp_port, lag_id);
- if (err)
- goto err_col_port_enable;
mlxsw_core_lag_mapping_set(mlxsw_sp->core, lag_id, port_index,
mlxsw_sp_port->local_port);
@@ -4427,8 +4424,6 @@ static int mlxsw_sp_port_lag_join(struct mlxsw_sp_port *mlxsw_sp_port,
return 0;
-err_col_port_enable:
- mlxsw_sp_lag_col_port_remove(mlxsw_sp_port, lag_id);
err_col_port_add:
if (!lag->ref_count)
mlxsw_sp_lag_destroy(mlxsw_sp, lag_id);
@@ -4447,7 +4442,6 @@ static void mlxsw_sp_port_lag_leave(struct mlxsw_sp_port *mlxsw_sp_port,
lag = mlxsw_sp_lag_get(mlxsw_sp, lag_id);
WARN_ON(lag->ref_count == 0);
- mlxsw_sp_lag_col_port_disable(mlxsw_sp_port, lag_id);
mlxsw_sp_lag_col_port_remove(mlxsw_sp_port, lag_id);
/* Any VLANs configured on the port are no longer valid */
@@ -4492,21 +4486,56 @@ static int mlxsw_sp_lag_dist_port_remove(struct mlxsw_sp_port *mlxsw_sp_port,
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(sldr), sldr_pl);
}
-static int mlxsw_sp_port_lag_tx_en_set(struct mlxsw_sp_port *mlxsw_sp_port,
- bool lag_tx_enabled)
+static int
+mlxsw_sp_port_lag_col_dist_enable(struct mlxsw_sp_port *mlxsw_sp_port)
{
- if (lag_tx_enabled)
- return mlxsw_sp_lag_dist_port_add(mlxsw_sp_port,
- mlxsw_sp_port->lag_id);
- else
- return mlxsw_sp_lag_dist_port_remove(mlxsw_sp_port,
- mlxsw_sp_port->lag_id);
+ int err;
+
+ err = mlxsw_sp_lag_col_port_enable(mlxsw_sp_port,
+ mlxsw_sp_port->lag_id);
+ if (err)
+ return err;
+
+ err = mlxsw_sp_lag_dist_port_add(mlxsw_sp_port, mlxsw_sp_port->lag_id);
+ if (err)
+ goto err_dist_port_add;
+
+ return 0;
+
+err_dist_port_add:
+ mlxsw_sp_lag_col_port_disable(mlxsw_sp_port, mlxsw_sp_port->lag_id);
+ return err;
+}
+
+static int
+mlxsw_sp_port_lag_col_dist_disable(struct mlxsw_sp_port *mlxsw_sp_port)
+{
+ int err;
+
+ err = mlxsw_sp_lag_dist_port_remove(mlxsw_sp_port,
+ mlxsw_sp_port->lag_id);
+ if (err)
+ return err;
+
+ err = mlxsw_sp_lag_col_port_disable(mlxsw_sp_port,
+ mlxsw_sp_port->lag_id);
+ if (err)
+ goto err_col_port_disable;
+
+ return 0;
+
+err_col_port_disable:
+ mlxsw_sp_lag_dist_port_add(mlxsw_sp_port, mlxsw_sp_port->lag_id);
+ return err;
}
static int mlxsw_sp_port_lag_changed(struct mlxsw_sp_port *mlxsw_sp_port,
struct netdev_lag_lower_state_info *info)
{
- return mlxsw_sp_port_lag_tx_en_set(mlxsw_sp_port, info->tx_enabled);
+ if (info->tx_enabled)
+ return mlxsw_sp_port_lag_col_dist_enable(mlxsw_sp_port);
+ else
+ return mlxsw_sp_port_lag_col_dist_disable(mlxsw_sp_port);
}
static int mlxsw_sp_port_stp_set(struct mlxsw_sp_port *mlxsw_sp_port,
@@ -4668,8 +4697,7 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *lower_dev,
err = mlxsw_sp_port_lag_join(mlxsw_sp_port,
upper_dev);
} else {
- mlxsw_sp_port_lag_tx_en_set(mlxsw_sp_port,
- false);
+ mlxsw_sp_port_lag_col_dist_disable(mlxsw_sp_port);
mlxsw_sp_port_lag_leave(mlxsw_sp_port,
upper_dev);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 046/149] net: stmmac: Fix NAPI poll in TX path when in multi-queue
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 045/149] mlxsw: spectrum: Set LAG port collector only when active Greg Kroah-Hartman
@ 2019-11-04 21:43 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 047/149] scsi: lpfc: Correct localport timeout duration error Greg Kroah-Hartman
` (107 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jose Abreu, Florian Fainelli,
Joao Pinto, David S. Miller, Giuseppe Cavallaro,
Alexandre Torgue, Sasha Levin
From: Jose Abreu <jose.abreu@synopsys.com>
[ Upstream commit 4ccb45857c2c0776d0f72e39768295062c1a0de1 ]
Commit 8fce33317023 introduced the concept of NAPI per-channel and
independent cleaning of TX path.
This is currently breaking performance in some cases. The scenario
happens when all packets are being received in Queue 0 but the TX is
performed in Queue != 0.
Fix this by using different NAPI instances per each TX and RX queue, as
suggested by Florian.
Changes from v2:
- Only force restart transmission if there are pending packets
Changes from v1:
- Pass entire ring size to TX clean path (Florian)
Signed-off-by: Jose Abreu <joabreu@synopsys.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Joao Pinto <jpinto@synopsys.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac.h | 5 +-
.../net/ethernet/stmicro/stmmac/stmmac_main.c | 115 ++++++++++--------
2 files changed, 68 insertions(+), 52 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac.h b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
index 63e1064b27a24..e697ecd9b0a64 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac.h
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
@@ -78,11 +78,10 @@ struct stmmac_rx_queue {
};
struct stmmac_channel {
- struct napi_struct napi ____cacheline_aligned_in_smp;
+ struct napi_struct rx_napi ____cacheline_aligned_in_smp;
+ struct napi_struct tx_napi ____cacheline_aligned_in_smp;
struct stmmac_priv *priv_data;
u32 index;
- int has_rx;
- int has_tx;
};
struct stmmac_tc_entry {
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 014fe93ed2d82..f4542ac0852d2 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -155,7 +155,10 @@ static void stmmac_disable_all_queues(struct stmmac_priv *priv)
for (queue = 0; queue < maxq; queue++) {
struct stmmac_channel *ch = &priv->channel[queue];
- napi_disable(&ch->napi);
+ if (queue < rx_queues_cnt)
+ napi_disable(&ch->rx_napi);
+ if (queue < tx_queues_cnt)
+ napi_disable(&ch->tx_napi);
}
}
@@ -173,7 +176,10 @@ static void stmmac_enable_all_queues(struct stmmac_priv *priv)
for (queue = 0; queue < maxq; queue++) {
struct stmmac_channel *ch = &priv->channel[queue];
- napi_enable(&ch->napi);
+ if (queue < rx_queues_cnt)
+ napi_enable(&ch->rx_napi);
+ if (queue < tx_queues_cnt)
+ napi_enable(&ch->tx_napi);
}
}
@@ -1946,6 +1952,10 @@ static int stmmac_tx_clean(struct stmmac_priv *priv, int budget, u32 queue)
mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(eee_timer));
}
+ /* We still have pending packets, let's call for a new scheduling */
+ if (tx_q->dirty_tx != tx_q->cur_tx)
+ mod_timer(&tx_q->txtimer, STMMAC_COAL_TIMER(10));
+
__netif_tx_unlock_bh(netdev_get_tx_queue(priv->dev, queue));
return count;
@@ -2036,23 +2046,15 @@ static int stmmac_napi_check(struct stmmac_priv *priv, u32 chan)
int status = stmmac_dma_interrupt_status(priv, priv->ioaddr,
&priv->xstats, chan);
struct stmmac_channel *ch = &priv->channel[chan];
- bool needs_work = false;
-
- if ((status & handle_rx) && ch->has_rx) {
- needs_work = true;
- } else {
- status &= ~handle_rx;
- }
- if ((status & handle_tx) && ch->has_tx) {
- needs_work = true;
- } else {
- status &= ~handle_tx;
+ if ((status & handle_rx) && (chan < priv->plat->rx_queues_to_use)) {
+ stmmac_disable_dma_irq(priv, priv->ioaddr, chan);
+ napi_schedule_irqoff(&ch->rx_napi);
}
- if (needs_work && napi_schedule_prep(&ch->napi)) {
+ if ((status & handle_tx) && (chan < priv->plat->tx_queues_to_use)) {
stmmac_disable_dma_irq(priv, priv->ioaddr, chan);
- __napi_schedule(&ch->napi);
+ napi_schedule_irqoff(&ch->tx_napi);
}
return status;
@@ -2248,8 +2250,14 @@ static void stmmac_tx_timer(struct timer_list *t)
ch = &priv->channel[tx_q->queue_index];
- if (likely(napi_schedule_prep(&ch->napi)))
- __napi_schedule(&ch->napi);
+ /*
+ * If NAPI is already running we can miss some events. Let's rearm
+ * the timer and try again.
+ */
+ if (likely(napi_schedule_prep(&ch->tx_napi)))
+ __napi_schedule(&ch->tx_napi);
+ else
+ mod_timer(&tx_q->txtimer, STMMAC_COAL_TIMER(10));
}
/**
@@ -3506,7 +3514,7 @@ static int stmmac_rx(struct stmmac_priv *priv, int limit, u32 queue)
else
skb->ip_summed = CHECKSUM_UNNECESSARY;
- napi_gro_receive(&ch->napi, skb);
+ napi_gro_receive(&ch->rx_napi, skb);
priv->dev->stats.rx_packets++;
priv->dev->stats.rx_bytes += frame_len;
@@ -3520,40 +3528,45 @@ static int stmmac_rx(struct stmmac_priv *priv, int limit, u32 queue)
return count;
}
-/**
- * stmmac_poll - stmmac poll method (NAPI)
- * @napi : pointer to the napi structure.
- * @budget : maximum number of packets that the current CPU can receive from
- * all interfaces.
- * Description :
- * To look at the incoming frames and clear the tx resources.
- */
-static int stmmac_napi_poll(struct napi_struct *napi, int budget)
+static int stmmac_napi_poll_rx(struct napi_struct *napi, int budget)
{
struct stmmac_channel *ch =
- container_of(napi, struct stmmac_channel, napi);
+ container_of(napi, struct stmmac_channel, rx_napi);
struct stmmac_priv *priv = ch->priv_data;
- int work_done, rx_done = 0, tx_done = 0;
u32 chan = ch->index;
+ int work_done;
priv->xstats.napi_poll++;
- if (ch->has_tx)
- tx_done = stmmac_tx_clean(priv, budget, chan);
- if (ch->has_rx)
- rx_done = stmmac_rx(priv, budget, chan);
+ work_done = stmmac_rx(priv, budget, chan);
+ if (work_done < budget && napi_complete_done(napi, work_done))
+ stmmac_enable_dma_irq(priv, priv->ioaddr, chan);
+ return work_done;
+}
- work_done = max(rx_done, tx_done);
- work_done = min(work_done, budget);
+static int stmmac_napi_poll_tx(struct napi_struct *napi, int budget)
+{
+ struct stmmac_channel *ch =
+ container_of(napi, struct stmmac_channel, tx_napi);
+ struct stmmac_priv *priv = ch->priv_data;
+ struct stmmac_tx_queue *tx_q;
+ u32 chan = ch->index;
+ int work_done;
- if (work_done < budget && napi_complete_done(napi, work_done)) {
- int stat;
+ priv->xstats.napi_poll++;
+
+ work_done = stmmac_tx_clean(priv, DMA_TX_SIZE, chan);
+ work_done = min(work_done, budget);
+ if (work_done < budget && napi_complete_done(napi, work_done))
stmmac_enable_dma_irq(priv, priv->ioaddr, chan);
- stat = stmmac_dma_interrupt_status(priv, priv->ioaddr,
- &priv->xstats, chan);
- if (stat && napi_reschedule(napi))
- stmmac_disable_dma_irq(priv, priv->ioaddr, chan);
+
+ /* Force transmission restart */
+ tx_q = &priv->tx_queue[chan];
+ if (tx_q->cur_tx != tx_q->dirty_tx) {
+ stmmac_enable_dma_transmission(priv, priv->ioaddr);
+ stmmac_set_tx_tail_ptr(priv, priv->ioaddr, tx_q->tx_tail_addr,
+ chan);
}
return work_done;
@@ -4376,13 +4389,14 @@ int stmmac_dvr_probe(struct device *device,
ch->priv_data = priv;
ch->index = queue;
- if (queue < priv->plat->rx_queues_to_use)
- ch->has_rx = true;
- if (queue < priv->plat->tx_queues_to_use)
- ch->has_tx = true;
-
- netif_napi_add(ndev, &ch->napi, stmmac_napi_poll,
- NAPI_POLL_WEIGHT);
+ if (queue < priv->plat->rx_queues_to_use) {
+ netif_napi_add(ndev, &ch->rx_napi, stmmac_napi_poll_rx,
+ NAPI_POLL_WEIGHT);
+ }
+ if (queue < priv->plat->tx_queues_to_use) {
+ netif_napi_add(ndev, &ch->tx_napi, stmmac_napi_poll_tx,
+ NAPI_POLL_WEIGHT);
+ }
}
mutex_init(&priv->lock);
@@ -4438,7 +4452,10 @@ error_mdio_register:
for (queue = 0; queue < maxq; queue++) {
struct stmmac_channel *ch = &priv->channel[queue];
- netif_napi_del(&ch->napi);
+ if (queue < priv->plat->rx_queues_to_use)
+ netif_napi_del(&ch->rx_napi);
+ if (queue < priv->plat->tx_queues_to_use)
+ netif_napi_del(&ch->tx_napi);
}
error_hw_init:
destroy_workqueue(priv->wq);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 047/149] scsi: lpfc: Correct localport timeout duration error
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2019-11-04 21:43 ` [PATCH 4.19 046/149] net: stmmac: Fix NAPI poll in TX path when in multi-queue Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 048/149] CIFS: Respect SMB2 hdr preamble size in read responses Greg Kroah-Hartman
` (106 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 2a0fb340fcc816975b8b0f2fef913d11999c39cf ]
Current code incorrectly specifies a completion wait timeout duration in 5
jiffies, when it should have been 5 seconds.
Fix the adjust for units for the completion timeout call.
[mkp: manual merge]
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nvmet.c | 6 +++++-
drivers/scsi/lpfc/lpfc_nvmet.h | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
index e2575c8ec93e8..22efefcc6cd84 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -1713,7 +1713,11 @@ lpfc_nvmet_destroy_targetport(struct lpfc_hba *phba)
}
tgtp->tport_unreg_cmp = &tport_unreg_cmp;
nvmet_fc_unregister_targetport(phba->targetport);
- wait_for_completion_timeout(&tport_unreg_cmp, 5);
+ if (!wait_for_completion_timeout(tgtp->tport_unreg_cmp,
+ msecs_to_jiffies(LPFC_NVMET_WAIT_TMO)))
+ lpfc_printf_log(phba, KERN_ERR, LOG_NVME,
+ "6179 Unreg targetport %p timeout "
+ "reached.\n", phba->targetport);
lpfc_nvmet_cleanup_io_context(phba);
}
phba->targetport = NULL;
diff --git a/drivers/scsi/lpfc/lpfc_nvmet.h b/drivers/scsi/lpfc/lpfc_nvmet.h
index 0ec1082ce7ef6..3b170284a0e59 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.h
+++ b/drivers/scsi/lpfc/lpfc_nvmet.h
@@ -31,6 +31,8 @@
#define LPFC_NVMET_MRQ_AUTO 0
#define LPFC_NVMET_MRQ_MAX 16
+#define LPFC_NVMET_WAIT_TMO (5 * MSEC_PER_SEC)
+
/* Used for NVME Target */
struct lpfc_nvmet_tgtport {
struct lpfc_hba *phba;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 048/149] CIFS: Respect SMB2 hdr preamble size in read responses
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 047/149] scsi: lpfc: Correct localport timeout duration error Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 049/149] cifs: add credits from unmatched responses/messages Greg Kroah-Hartman
` (105 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Shilovsky, Steve French, Sasha Levin
From: Pavel Shilovsky <pshilov@microsoft.com>
[ Upstream commit bb1bccb60c2ebd9a6f895507d1d48d5ed773814e ]
There are a couple places where we still account for 4 bytes
in the beginning of SMB2 packet which is not true in the current
code. Fix this to use a header preamble size where possible.
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/cifssmb.c | 7 ++++---
fs/cifs/smb2ops.c | 6 +++---
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 86a54b809c484..8b9471904f67e 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1521,9 +1521,10 @@ cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
/* set up first two iov for signature check and to get credits */
rdata->iov[0].iov_base = buf;
- rdata->iov[0].iov_len = 4;
- rdata->iov[1].iov_base = buf + 4;
- rdata->iov[1].iov_len = server->total_read - 4;
+ rdata->iov[0].iov_len = server->vals->header_preamble_size;
+ rdata->iov[1].iov_base = buf + server->vals->header_preamble_size;
+ rdata->iov[1].iov_len =
+ server->total_read - server->vals->header_preamble_size;
cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
rdata->iov[0].iov_base, rdata->iov[0].iov_len);
cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index f0d966da7f378..6fc16329ceb45 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3000,10 +3000,10 @@ handle_read_data(struct TCP_Server_Info *server, struct mid_q_entry *mid,
/* set up first two iov to get credits */
rdata->iov[0].iov_base = buf;
- rdata->iov[0].iov_len = 4;
- rdata->iov[1].iov_base = buf + 4;
+ rdata->iov[0].iov_len = 0;
+ rdata->iov[1].iov_base = buf;
rdata->iov[1].iov_len =
- min_t(unsigned int, buf_len, server->vals->read_rsp_size) - 4;
+ min_t(unsigned int, buf_len, server->vals->read_rsp_size);
cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
rdata->iov[0].iov_base, rdata->iov[0].iov_len);
cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 049/149] cifs: add credits from unmatched responses/messages
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 048/149] CIFS: Respect SMB2 hdr preamble size in read responses Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 050/149] ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume Greg Kroah-Hartman
` (104 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French,
Pavel Shilovsky, Sasha Levin
From: Ronnie Sahlberg <lsahlber@redhat.com>
[ Upstream commit eca004523811f816bcfca3046ab54e1278e0973b ]
We should add any credits granted to us from unmatched server responses.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/connect.c | 22 ++++++++++++++++++++++
fs/cifs/smb2misc.c | 7 -------
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 966e493c82e57..7e85070d010f4 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -930,6 +930,26 @@ cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
return 0;
}
+static void
+smb2_add_credits_from_hdr(char *buffer, struct TCP_Server_Info *server)
+{
+ struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)buffer;
+
+ /*
+ * SMB1 does not use credits.
+ */
+ if (server->vals->header_preamble_size)
+ return;
+
+ if (shdr->CreditRequest) {
+ spin_lock(&server->req_lock);
+ server->credits += le16_to_cpu(shdr->CreditRequest);
+ spin_unlock(&server->req_lock);
+ wake_up(&server->request_q);
+ }
+}
+
+
static int
cifs_demultiplex_thread(void *p)
{
@@ -1059,6 +1079,7 @@ next_pdu:
} else if (server->ops->is_oplock_break &&
server->ops->is_oplock_break(bufs[i],
server)) {
+ smb2_add_credits_from_hdr(bufs[i], server);
cifs_dbg(FYI, "Received oplock break\n");
} else {
cifs_dbg(VFS, "No task to wake, unknown frame "
@@ -1070,6 +1091,7 @@ next_pdu:
if (server->ops->dump_detail)
server->ops->dump_detail(bufs[i],
server);
+ smb2_add_credits_from_hdr(bufs[i], server);
cifs_dump_mids(server);
#endif /* CIFS_DEBUG2 */
}
diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
index 0a7ed2e3ad4f2..e311f58dc1c82 100644
--- a/fs/cifs/smb2misc.c
+++ b/fs/cifs/smb2misc.c
@@ -659,13 +659,6 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
if (rsp->sync_hdr.Command != SMB2_OPLOCK_BREAK)
return false;
- if (rsp->sync_hdr.CreditRequest) {
- spin_lock(&server->req_lock);
- server->credits += le16_to_cpu(rsp->sync_hdr.CreditRequest);
- spin_unlock(&server->req_lock);
- wake_up(&server->request_q);
- }
-
if (rsp->StructureSize !=
smb2_rsp_struct_sizes[SMB2_OPLOCK_BREAK_HE]) {
if (le16_to_cpu(rsp->StructureSize) == 44)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 050/149] ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 049/149] cifs: add credits from unmatched responses/messages Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 051/149] media: vimc: Remove unused but set variables Greg Kroah-Hartman
` (103 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit f6ef4e0e284251ff795c541db1129c84515ed044 ]
The init sequence for ALC294 headphone stuff is needed not only for
the boot up time but also for the resume from hibernation, where the
device is switched from the boot kernel without sound driver to the
suspended image. Since we record the PM event in the device
power_state field, we can now recognize the call pattern and apply the
sequence conditionally.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index dd46354270d0d..7480218f32ba7 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3458,7 +3458,9 @@ static void alc294_init(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
- if (!spec->done_hp_init) {
+ /* required only at boot or S4 resume time */
+ if (!spec->done_hp_init ||
+ codec->core.dev.power.power_state.event == PM_EVENT_RESTORE) {
alc294_hp_init(codec);
spec->done_hp_init = true;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 051/149] media: vimc: Remove unused but set variables
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 050/149] ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 052/149] ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
` (102 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas A . M . Magalhães,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Lucas A. M. Magalhães <lucmaga@gmail.com>
[ Upstream commit 5515e414f42bf2769caae15b634004d456658284 ]
Remove unused but set variables to clean up the code and avoid
warning.
Signed-off-by: Lucas A. M. Magalhães <lucmaga@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vimc/vimc-sensor.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/media/platform/vimc/vimc-sensor.c b/drivers/media/platform/vimc/vimc-sensor.c
index 9e0d70e9f119c..3f0ffd4915cd2 100644
--- a/drivers/media/platform/vimc/vimc-sensor.c
+++ b/drivers/media/platform/vimc/vimc-sensor.c
@@ -204,13 +204,6 @@ static void *vimc_sen_process_frame(struct vimc_ent_device *ved,
{
struct vimc_sen_device *vsen = container_of(ved, struct vimc_sen_device,
ved);
- const struct vimc_pix_map *vpix;
- unsigned int frame_size;
-
- /* Calculate the frame size */
- vpix = vimc_pix_map_by_code(vsen->mbus_format.code);
- frame_size = vsen->mbus_format.width * vpix->bpp *
- vsen->mbus_format.height;
tpg_fill_plane_buffer(&vsen->tpg, 0, 0, vsen->frame);
return vsen->frame;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 052/149] ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 051/149] media: vimc: Remove unused but set variables Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 053/149] exec: load_script: Do not exec truncated interpreter path Greg Kroah-Hartman
` (101 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Theodore Tso, Sasha Levin
From: Theodore Ts'o <tytso@mit.edu>
[ Upstream commit 6e589291f4b1b700ca12baec5930592a0d51e63c ]
A malicious/clueless root user can use EXT4_IOC_SWAP_BOOT to force a
corner casew which can lead to the file system getting corrupted.
There's no usefulness to allowing this, so just prohibit this case.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ioctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index abb6fcff0a1d3..783c54bb2ce75 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -132,6 +132,7 @@ static long swap_inode_boot_loader(struct super_block *sb,
if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
+ (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
ext4_has_inline_data(inode)) {
err = -EINVAL;
goto journal_err_out;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 053/149] exec: load_script: Do not exec truncated interpreter path
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 052/149] ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 054/149] net: dsa: mv88e6xxx: Release lock while requesting IRQ Greg Kroah-Hartman
` (100 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Andrew Morton,
Oleg Nesterov, Samuel Dionne-Riel, Richard Weinberger,
Graham Christensen, Michal Hocko, Linus Torvalds, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit b5372fe5dc84235dbe04998efdede3c4daa866a9 ]
Commit 8099b047ecc4 ("exec: load_script: don't blindly truncate
shebang string") was trying to protect against a confused exec of a
truncated interpreter path. However, it was overeager and also refused
to truncate arguments as well, which broke userspace, and it was
reverted. This attempts the protection again, but allows arguments to
remain truncated. In an effort to improve readability, helper functions
and comments have been added.
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Samuel Dionne-Riel <samuel@dionne-riel.com>
Cc: Richard Weinberger <richard.weinberger@gmail.com>
Cc: Graham Christensen <graham@grahamc.com>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_script.c | 57 ++++++++++++++++++++++++++++++++++++++--------
1 file changed, 48 insertions(+), 9 deletions(-)
diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c
index 7cde3f46ad263..e996174cbfc02 100644
--- a/fs/binfmt_script.c
+++ b/fs/binfmt_script.c
@@ -14,13 +14,30 @@
#include <linux/err.h>
#include <linux/fs.h>
+static inline bool spacetab(char c) { return c == ' ' || c == '\t'; }
+static inline char *next_non_spacetab(char *first, const char *last)
+{
+ for (; first <= last; first++)
+ if (!spacetab(*first))
+ return first;
+ return NULL;
+}
+static inline char *next_terminator(char *first, const char *last)
+{
+ for (; first <= last; first++)
+ if (spacetab(*first) || !*first)
+ return first;
+ return NULL;
+}
+
static int load_script(struct linux_binprm *bprm)
{
const char *i_arg, *i_name;
- char *cp;
+ char *cp, *buf_end;
struct file *file;
int retval;
+ /* Not ours to exec if we don't start with "#!". */
if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!'))
return -ENOEXEC;
@@ -33,18 +50,40 @@ static int load_script(struct linux_binprm *bprm)
if (bprm->interp_flags & BINPRM_FLAGS_PATH_INACCESSIBLE)
return -ENOENT;
- /*
- * This section does the #! interpretation.
- * Sorta complicated, but hopefully it will work. -TYT
- */
-
+ /* Release since we are not mapping a binary into memory. */
allow_write_access(bprm->file);
fput(bprm->file);
bprm->file = NULL;
- bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
- if ((cp = strchr(bprm->buf, '\n')) == NULL)
- cp = bprm->buf+BINPRM_BUF_SIZE-1;
+ /*
+ * This section handles parsing the #! line into separate
+ * interpreter path and argument strings. We must be careful
+ * because bprm->buf is not yet guaranteed to be NUL-terminated
+ * (though the buffer will have trailing NUL padding when the
+ * file size was smaller than the buffer size).
+ *
+ * We do not want to exec a truncated interpreter path, so either
+ * we find a newline (which indicates nothing is truncated), or
+ * we find a space/tab/NUL after the interpreter path (which
+ * itself may be preceded by spaces/tabs). Truncating the
+ * arguments is fine: the interpreter can re-read the script to
+ * parse them on its own.
+ */
+ buf_end = bprm->buf + sizeof(bprm->buf) - 1;
+ cp = strnchr(bprm->buf, sizeof(bprm->buf), '\n');
+ if (!cp) {
+ cp = next_non_spacetab(bprm->buf + 2, buf_end);
+ if (!cp)
+ return -ENOEXEC; /* Entire buf is spaces/tabs */
+ /*
+ * If there is no later space/tab/NUL we must assume the
+ * interpreter path is truncated.
+ */
+ if (!next_terminator(cp, buf_end))
+ return -ENOEXEC;
+ cp = buf_end;
+ }
+ /* NUL-terminate the buffer and any trailing spaces/tabs. */
*cp = '\0';
while (cp > bprm->buf) {
cp--;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 054/149] net: dsa: mv88e6xxx: Release lock while requesting IRQ
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 053/149] exec: load_script: Do not exec truncated interpreter path Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 055/149] PCI/PME: Fix possible use-after-free on remove Greg Kroah-Hartman
` (99 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King, Andrew Lunn,
David S. Miller, Sasha Levin
From: Andrew Lunn <andrew@lunn.ch>
[ Upstream commit 342a0ee70acbee97fdeb91349420f8744eb291fb ]
There is no need to hold the register lock while requesting the GPIO
interrupt. By not holding it we can also avoid a false positive
lockdep splat.
Reported-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/mv88e6xxx/chip.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index 703e6bdaf0e1f..d075f0f7a3de8 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -456,10 +456,12 @@ static int mv88e6xxx_g1_irq_setup(struct mv88e6xxx_chip *chip)
*/
irq_set_lockdep_class(chip->irq, &lock_key, &request_key);
+ mutex_unlock(&chip->reg_lock);
err = request_threaded_irq(chip->irq, NULL,
mv88e6xxx_g1_irq_thread_fn,
IRQF_ONESHOT,
dev_name(chip->dev), chip);
+ mutex_lock(&chip->reg_lock);
if (err)
mv88e6xxx_g1_irq_free_common(chip);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 055/149] PCI/PME: Fix possible use-after-free on remove
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 054/149] net: dsa: mv88e6xxx: Release lock while requesting IRQ Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 056/149] drm/amd/display: fix odm combine pipe reset Greg Kroah-Hartman
` (98 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Van Asbroeck, Bjorn Helgaas,
Sinan Kaya, Frederick Lawler, Mika Westerberg, Keith Busch,
Rafael J. Wysocki, Sasha Levin
From: Sven Van Asbroeck <thesven73@gmail.com>
[ Upstream commit 7cf58b79b3072029af127ae865ffc6f00f34b1f8 ]
In remove(), ensure that the PME work cannot run after kfree() is called.
Otherwise, this could result in a use-after-free.
This issue was detected with the help of Coccinelle.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Sinan Kaya <okaya@kernel.org>
Cc: Frederick Lawler <fred@fredlawl.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/pme.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c
index e85c5a8206c43..6ac17f0c40775 100644
--- a/drivers/pci/pcie/pme.c
+++ b/drivers/pci/pcie/pme.c
@@ -437,6 +437,7 @@ static void pcie_pme_remove(struct pcie_device *srv)
pcie_pme_disable_interrupt(srv->port, data);
free_irq(srv->irq, srv);
+ cancel_work_sync(&data->work);
kfree(data);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 056/149] drm/amd/display: fix odm combine pipe reset
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 055/149] PCI/PME: Fix possible use-after-free on remove Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 057/149] power: supply: max14656: fix potential use-after-free Greg Kroah-Hartman
` (97 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmytro Laktyushkin, Tony Cheng,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
From: Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
[ Upstream commit f25f06b67ba237b76092a6fc522b1a94e84bfa85 ]
We fail to reset the second odm combine pipe. This change fixes
odm pointer management.
Signed-off-by: Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
Reviewed-by: Tony Cheng <Tony.Cheng@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
index d440b28ee43fb..6896d69b8c240 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -1399,9 +1399,9 @@ bool dc_remove_plane_from_context(
* For head pipe detach surfaces from pipe for tail
* pipe just zero it out
*/
- if (!pipe_ctx->top_pipe ||
- (!pipe_ctx->top_pipe->top_pipe &&
+ if (!pipe_ctx->top_pipe || (!pipe_ctx->top_pipe->top_pipe &&
pipe_ctx->top_pipe->stream_res.opp != pipe_ctx->stream_res.opp)) {
+ pipe_ctx->top_pipe = NULL;
pipe_ctx->plane_state = NULL;
pipe_ctx->bottom_pipe = NULL;
} else {
@@ -1803,8 +1803,6 @@ enum dc_status dc_remove_stream_from_ctx(
dc->res_pool->funcs->remove_stream_from_ctx(dc, new_ctx, stream);
memset(del_pipe, 0, sizeof(*del_pipe));
-
- break;
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 057/149] power: supply: max14656: fix potential use-after-free
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 056/149] drm/amd/display: fix odm combine pipe reset Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 058/149] iio: adc: meson_saradc: Fix memory allocation order Greg Kroah-Hartman
` (96 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Kurz, Sven Van Asbroeck,
Sebastian Reichel, Sasha Levin
From: Sven Van Asbroeck <thesven73@gmail.com>
[ Upstream commit 252fbeb86ceffa549af9842cefca2412d53a7653 ]
Explicitly cancel/sync the irq_work delayed work, otherwise
there's a chance that it will run after the device is removed,
which would result in a use-after-free.
Note that cancel/sync should happen:
- after irq's have been disabled, as the isr re-schedules the work
- before the power supply is unregistered, because the work func
uses the power supply handle.
Cc: Alexander Kurz <akurz@blala.de>
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../power/supply/max14656_charger_detector.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/max14656_charger_detector.c b/drivers/power/supply/max14656_charger_detector.c
index d19307f791c68..9e6472834e373 100644
--- a/drivers/power/supply/max14656_charger_detector.c
+++ b/drivers/power/supply/max14656_charger_detector.c
@@ -240,6 +240,14 @@ static enum power_supply_property max14656_battery_props[] = {
POWER_SUPPLY_PROP_MANUFACTURER,
};
+static void stop_irq_work(void *data)
+{
+ struct max14656_chip *chip = data;
+
+ cancel_delayed_work_sync(&chip->irq_work);
+}
+
+
static int max14656_probe(struct i2c_client *client,
const struct i2c_device_id *id)
{
@@ -278,8 +286,6 @@ static int max14656_probe(struct i2c_client *client,
if (ret)
return -ENODEV;
- INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker);
-
chip->detect_psy = devm_power_supply_register(dev,
&chip->psy_desc, &psy_cfg);
if (IS_ERR(chip->detect_psy)) {
@@ -287,6 +293,13 @@ static int max14656_probe(struct i2c_client *client,
return -EINVAL;
}
+ INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker);
+ ret = devm_add_action(dev, stop_irq_work, chip);
+ if (ret) {
+ dev_err(dev, "devm_add_action %d failed\n", ret);
+ return ret;
+ }
+
ret = devm_request_irq(dev, chip->irq, max14656_irq,
IRQF_TRIGGER_FALLING,
MAX14656_NAME, chip);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 058/149] iio: adc: meson_saradc: Fix memory allocation order
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 057/149] power: supply: max14656: fix potential use-after-free Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core Greg Kroah-Hartman
` (95 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Elie Roudninski, Remi Pommarel,
Martin Blumenstingl, Kevin Hilman, Jonathan Cameron, Sasha Levin
From: Remi Pommarel <repk@triplefau.lt>
[ Upstream commit de10ac47597e7a3596b27631d0d5ce5f48d2c099 ]
meson_saradc's irq handler uses priv->regmap so make sure that it is
allocated before the irq get enabled.
This also fixes crash when CONFIG_DEBUG_SHIRQ is enabled, as device
managed resources are freed in the inverted order they had been
allocated, priv->regmap was freed before the spurious fake irq that
CONFIG_DEBUG_SHIRQ adds called the handler.
Fixes: 3af109131b7eb8 ("iio: adc: meson-saradc: switch from polling to interrupt mode")
Reported-by: Elie Roudninski <xademax@gmail.com>
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Tested-by: Elie ROUDNINSKI <xademax@gmail.com>
Reviewed-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/meson_saradc.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/iio/adc/meson_saradc.c b/drivers/iio/adc/meson_saradc.c
index 5dd104cf0939b..6e0ef9bb2497f 100644
--- a/drivers/iio/adc/meson_saradc.c
+++ b/drivers/iio/adc/meson_saradc.c
@@ -1023,6 +1023,11 @@ static int meson_sar_adc_probe(struct platform_device *pdev)
if (IS_ERR(base))
return PTR_ERR(base);
+ priv->regmap = devm_regmap_init_mmio(&pdev->dev, base,
+ priv->data->param->regmap_config);
+ if (IS_ERR(priv->regmap))
+ return PTR_ERR(priv->regmap);
+
irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
if (!irq)
return -EINVAL;
@@ -1032,11 +1037,6 @@ static int meson_sar_adc_probe(struct platform_device *pdev)
if (ret)
return ret;
- priv->regmap = devm_regmap_init_mmio(&pdev->dev, base,
- priv->data->param->regmap_config);
- if (IS_ERR(priv->regmap))
- return PTR_ERR(priv->regmap);
-
priv->clkin = devm_clk_get(&pdev->dev, "clkin");
if (IS_ERR(priv->clkin)) {
dev_err(&pdev->dev, "failed to get clkin\n");
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 058/149] iio: adc: meson_saradc: Fix memory allocation order Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-06 9:41 ` Pavel Machek
2019-11-04 21:44 ` [PATCH 4.19 060/149] libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature Greg Kroah-Hartman
` (94 subsequent siblings)
153 siblings, 1 reply; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pascal Bouwmann, Jonathan Cameron,
Sasha Levin
From: Pascal Bouwmann <bouwmann@tau-tec.de>
[ Upstream commit 6c59a962e081df6d8fe43325bbfabec57e0d4751 ]
The center temperature of the supported devices stored in the constant
BMC150_ACCEL_TEMP_CENTER_VAL is not 24 degrees but 23 degrees.
It seems that some datasheets were inconsistent on this value leading
to the error. For most usecases will only make minor difference so
not queued for stable.
Signed-off-by: Pascal Bouwmann <bouwmann@tau-tec.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/accel/bmc150-accel-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c
index 383c802eb5b86..cb8c98a440109 100644
--- a/drivers/iio/accel/bmc150-accel-core.c
+++ b/drivers/iio/accel/bmc150-accel-core.c
@@ -125,7 +125,7 @@
#define BMC150_ACCEL_SLEEP_1_SEC 0x0F
#define BMC150_ACCEL_REG_TEMP 0x08
-#define BMC150_ACCEL_TEMP_CENTER_VAL 24
+#define BMC150_ACCEL_TEMP_CENTER_VAL 23
#define BMC150_ACCEL_AXIS_TO_REG(axis) (BMC150_ACCEL_REG_XOUT_L + (axis * 2))
#define BMC150_AUTO_SUSPEND_DELAY_MS 2000
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 060/149] libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 061/149] perf tests: Avoid raising SEGV using an obvious NULL dereference Greg Kroah-Hartman
` (93 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Rogers, Alexander Shishkin,
Andi Kleen, Jiri Olsa, Josh Poimboeuf, Namhyung Kim,
Peter Zijlstra, Stephane Eranian, Arnaldo Carvalho de Melo,
Sasha Levin
From: Ian Rogers <irogers@google.com>
[ Upstream commit 4b0b2b096da9d296e0e5668cdfba8613bd6f5bc8 ]
Unconditionally defining _FORTIFY_SOURCE can break tools that don't work
with it, such as memory sanitizers:
https://github.com/google/sanitizers/wiki/AddressSanitizer#faq
Fixes: 4b6ab94eabe4 ("perf subcmd: Create subcmd library")
Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20190925195924.152834-1-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/subcmd/Makefile | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/lib/subcmd/Makefile b/tools/lib/subcmd/Makefile
index ed61fb3a46c08..5b2cd5e58df09 100644
--- a/tools/lib/subcmd/Makefile
+++ b/tools/lib/subcmd/Makefile
@@ -20,7 +20,13 @@ MAKEFLAGS += --no-print-directory
LIBFILE = $(OUTPUT)libsubcmd.a
CFLAGS := $(EXTRA_WARNINGS) $(EXTRA_CFLAGS)
-CFLAGS += -ggdb3 -Wall -Wextra -std=gnu99 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIC
+CFLAGS += -ggdb3 -Wall -Wextra -std=gnu99 -fPIC
+
+ifeq ($(DEBUG),0)
+ ifeq ($(feature-fortify-source), 1)
+ CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+ endif
+endif
ifeq ($(CC_NO_CLANG), 0)
CFLAGS += -O3
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 061/149] perf tests: Avoid raising SEGV using an obvious NULL dereference
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 060/149] libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 062/149] perf map: Fix overlapped map handling Greg Kroah-Hartman
` (92 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Rogers, Arnaldo Carvalho de Melo,
Alexander Shishkin, Andi Kleen, Jiri Olsa, Namhyung Kim,
Peter Zijlstra, Stephane Eranian, Wang Nan, Sasha Levin
From: Ian Rogers <irogers@google.com>
[ Upstream commit e3e2cf3d5b1fe800b032e14c0fdcd9a6fb20cf3b ]
An optimized build such as:
make -C tools/perf CLANG=1 CC=clang EXTRA_CFLAGS="-O3
will turn the dereference operation into a ud2 instruction, raising a
SIGILL rather than a SIGSEGV. Use raise(..) for correctness and clarity.
Similar issues were addressed in Numfor Mbiziwo-Tiapo's patch:
https://lkml.org/lkml/2019/7/8/1234
Committer testing:
Before:
[root@quaco ~]# perf test hooks
55: perf hooks : Ok
[root@quaco ~]# perf test -v hooks
55: perf hooks :
--- start ---
test child forked, pid 17092
SIGSEGV is observed as expected, try to recover.
Fatal error (SEGFAULT) in perf hook 'test'
test child finished with 0
---- end ----
perf hooks: Ok
[root@quaco ~]#
After:
[root@quaco ~]# perf test hooks
55: perf hooks : Ok
[root@quaco ~]# perf test -v hooks
55: perf hooks :
--- start ---
test child forked, pid 17909
SIGSEGV is observed as expected, try to recover.
Fatal error (SEGFAULT) in perf hook 'test'
test child finished with 0
---- end ----
perf hooks: Ok
[root@quaco ~]#
Fixes: a074865e60ed ("perf tools: Introduce perf hooks")
Signed-off-by: Ian Rogers <irogers@google.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lore.kernel.org/lkml/20190925195924.152834-2-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/tests/perf-hooks.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/perf/tests/perf-hooks.c b/tools/perf/tests/perf-hooks.c
index a693bcf017ea2..44c16fd11bf6e 100644
--- a/tools/perf/tests/perf-hooks.c
+++ b/tools/perf/tests/perf-hooks.c
@@ -20,12 +20,11 @@ static void sigsegv_handler(int sig __maybe_unused)
static void the_hook(void *_hook_flags)
{
int *hook_flags = _hook_flags;
- int *p = NULL;
*hook_flags = 1234;
/* Generate a segfault, test perf_hooks__recover */
- *p = 0;
+ raise(SIGSEGV);
}
int test__perf_hooks(struct test *test __maybe_unused, int subtest __maybe_unused)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 062/149] perf map: Fix overlapped map handling
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 061/149] perf tests: Avoid raising SEGV using an obvious NULL dereference Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 063/149] perf script brstackinsn: Fix recovery from LBR/binary mismatch Greg Kroah-Hartman
` (91 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steve MacLean, Brian Robbins,
Jiri Olsa, Alexander Shishkin, Andi Kleen, Davidlohr Bueso,
Eric Saint-Etienne, John Keeping, John Salem, Leo Yan,
Mark Rutland, Namhyung Kim, Peter Zijlstra, Song Liu,
Stephane Eranian, Tom McDonald, Arnaldo Carvalho de Melo,
Sasha Levin
From: Steve MacLean <Steve.MacLean@microsoft.com>
[ Upstream commit ee212d6ea20887c0ef352be8563ca13dbf965906 ]
Whenever an mmap/mmap2 event occurs, the map tree must be updated to add a new
entry. If a new map overlaps a previous map, the overlapped section of the
previous map is effectively unmapped, but the non-overlapping sections are
still valid.
maps__fixup_overlappings() is responsible for creating any new map entries from
the previously overlapped map. It optionally creates a before and an after map.
When creating the after map the existing code failed to adjust the map.pgoff.
This meant the new after map would incorrectly calculate the file offset
for the ip. This results in incorrect symbol name resolution for any ip in the
after region.
Make maps__fixup_overlappings() correctly populate map.pgoff.
Add an assert that new mapping matches old mapping at the beginning of
the after map.
Committer-testing:
Validated correct parsing of libcoreclr.so symbols from .NET Core 3.0 preview9
(which didn't strip symbols).
Preparation:
~/dotnet3.0-preview9/dotnet new webapi -o perfSymbol
cd perfSymbol
~/dotnet3.0-preview9/dotnet publish
perf record ~/dotnet3.0-preview9/dotnet \
bin/Debug/netcoreapp3.0/publish/perfSymbol.dll
^C
Before:
perf script --show-mmap-events 2>&1 | grep -e MMAP -e unknown |\
grep libcoreclr.so | head -n 4
dotnet 1907 373352.698780: PERF_RECORD_MMAP2 1907/1907: \
[0x7fe615726000(0x768000) @ 0 08:02 5510620 765057155]: \
r-xp .../3.0.0-preview9-19423-09/libcoreclr.so
dotnet 1907 373352.701091: PERF_RECORD_MMAP2 1907/1907: \
[0x7fe615974000(0x1000) @ 0x24e000 08:02 5510620 765057155]: \
rwxp .../3.0.0-preview9-19423-09/libcoreclr.so
dotnet 1907 373352.701241: PERF_RECORD_MMAP2 1907/1907: \
[0x7fe615c42000(0x1000) @ 0x51c000 08:02 5510620 765057155]: \
rwxp .../3.0.0-preview9-19423-09/libcoreclr.so
dotnet 1907 373352.705249: 250000 cpu-clock: \
7fe6159a1f99 [unknown] \
(.../3.0.0-preview9-19423-09/libcoreclr.so)
After:
perf script --show-mmap-events 2>&1 | grep -e MMAP -e unknown |\
grep libcoreclr.so | head -n 4
dotnet 1907 373352.698780: PERF_RECORD_MMAP2 1907/1907: \
[0x7fe615726000(0x768000) @ 0 08:02 5510620 765057155]: \
r-xp .../3.0.0-preview9-19423-09/libcoreclr.so
dotnet 1907 373352.701091: PERF_RECORD_MMAP2 1907/1907: \
[0x7fe615974000(0x1000) @ 0x24e000 08:02 5510620 765057155]: \
rwxp .../3.0.0-preview9-19423-09/libcoreclr.so
dotnet 1907 373352.701241: PERF_RECORD_MMAP2 1907/1907: \
[0x7fe615c42000(0x1000) @ 0x51c000 08:02 5510620 765057155]: \
rwxp .../3.0.0-preview9-19423-09/libcoreclr.so
All the [unknown] symbols were resolved.
Signed-off-by: Steve MacLean <Steve.MacLean@Microsoft.com>
Tested-by: Brian Robbins <brianrob@microsoft.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: John Keeping <john@metanate.com>
Cc: John Salem <josalem@microsoft.com>
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Tom McDonald <thomas.mcdonald@microsoft.com>
Link: http://lore.kernel.org/lkml/BN8PR21MB136270949F22A6A02335C238F7800@BN8PR21MB1362.namprd21.prod.outlook.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/map.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index 6a6929f208b4d..1117ab86ebd34 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -1,5 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include "symbol.h"
+#include <assert.h>
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
@@ -751,6 +752,8 @@ static int maps__fixup_overlappings(struct maps *maps, struct map *map, FILE *fp
}
after->start = map->end;
+ after->pgoff += map->end - pos->start;
+ assert(pos->map_ip(pos, map->end) == after->map_ip(after, map->end));
__map_groups__insert(pos->groups, after);
if (verbose >= 2 && !use_browser)
map__fprintf(after, fp);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 063/149] perf script brstackinsn: Fix recovery from LBR/binary mismatch
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 062/149] perf map: Fix overlapped map handling Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 064/149] perf jevents: Fix period for Intel fixed counters Greg Kroah-Hartman
` (90 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andi Kleen, Jiri Olsa,
Arnaldo Carvalho de Melo, Sasha Levin
From: Andi Kleen <ak@linux.intel.com>
[ Upstream commit e98df280bc2a499fd41d7f9e2d6733884de69902 ]
When the LBR data and the instructions in a binary do not match the loop
printing instructions could get confused and print a long stream of
bogus <bad> instructions.
The problem was that if the instruction decoder cannot decode an
instruction it ilen wasn't initialized, so the loop going through the
basic block would continue with the previous value.
Harden the code to avoid such problems:
- Make sure ilen is always freshly initialized and is 0 for bad
instructions.
- Do not overrun the code buffer while printing instructions
- Print a warning message if the final jump is not on an instruction
boundary.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Link: http://lore.kernel.org/lkml/20190927233546.11533-1-andi@firstfloor.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-script.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c
index 53c11fc0855ee..d20f851796c52 100644
--- a/tools/perf/builtin-script.c
+++ b/tools/perf/builtin-script.c
@@ -1021,7 +1021,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample,
continue;
insn = 0;
- for (off = 0;; off += ilen) {
+ for (off = 0; off < (unsigned)len; off += ilen) {
uint64_t ip = start + off;
printed += ip__fprintf_sym(ip, thread, x.cpumode, x.cpu, &lastsym, attr, fp);
@@ -1029,6 +1029,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample,
printed += ip__fprintf_jump(ip, &br->entries[i], &x, buffer + off, len - off, insn, fp);
break;
} else {
+ ilen = 0;
printed += fprintf(fp, "\t%016" PRIx64 "\t%s\n", ip,
dump_insn(&x, ip, buffer + off, len - off, &ilen));
if (ilen == 0)
@@ -1036,6 +1037,8 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample,
insn++;
}
}
+ if (off != (unsigned)len)
+ printed += fprintf(fp, "\tmismatch of LBR data and executable\n");
}
/*
@@ -1066,6 +1069,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample,
goto out;
}
for (off = 0; off <= end - start; off += ilen) {
+ ilen = 0;
printed += fprintf(fp, "\t%016" PRIx64 "\t%s\n", start + off,
dump_insn(&x, start + off, buffer + off, len - off, &ilen));
if (ilen == 0)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 064/149] perf jevents: Fix period for Intel fixed counters
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 063/149] perf script brstackinsn: Fix recovery from LBR/binary mismatch Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 065/149] perf tools: Propagate get_cpuid() error Greg Kroah-Hartman
` (89 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andi Kleen, Jiri Olsa,
Arnaldo Carvalho de Melo, Sasha Levin
From: Andi Kleen <ak@linux.intel.com>
[ Upstream commit 6bdfd9f118bd59cf0f85d3bf4b72b586adea17c1 ]
The Intel fixed counters use a special table to override the JSON
information.
During this override the period information from the JSON file got
dropped, which results in inst_retired.any and similar running with
frequency mode instead of a period.
Just specify the expected period in the table.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Link: http://lore.kernel.org/lkml/20190927233546.11533-2-andi@firstfloor.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/pmu-events/jevents.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c
index 6b36b71106695..6cd9623ebc93b 100644
--- a/tools/perf/pmu-events/jevents.c
+++ b/tools/perf/pmu-events/jevents.c
@@ -446,12 +446,12 @@ static struct fixed {
const char *name;
const char *event;
} fixed[] = {
- { "inst_retired.any", "event=0xc0" },
- { "inst_retired.any_p", "event=0xc0" },
- { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03" },
- { "cpu_clk_unhalted.thread", "event=0x3c" },
- { "cpu_clk_unhalted.core", "event=0x3c" },
- { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1" },
+ { "inst_retired.any", "event=0xc0,period=2000003" },
+ { "inst_retired.any_p", "event=0xc0,period=2000003" },
+ { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03,period=2000003" },
+ { "cpu_clk_unhalted.thread", "event=0x3c,period=2000003" },
+ { "cpu_clk_unhalted.core", "event=0x3c,period=2000003" },
+ { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1,period=2000003" },
{ NULL, NULL},
};
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 065/149] perf tools: Propagate get_cpuid() error
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 064/149] perf jevents: Fix period for Intel fixed counters Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 066/149] perf annotate: Propagate perf_env__arch() error Greg Kroah-Hartman
` (88 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
Namhyung Kim, Arnaldo Carvalho de Melo, Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit f67001a4a08eb124197ed4376941e1da9cf94b42 ]
For consistency, propagate the exact cause for get_cpuid() to have
failed.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lkml.kernel.org/n/tip-9ig269f7ktnhh99g4l15vpu2@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
| 3 ++-
| 9 +++++----
| 3 ++-
tools/perf/builtin-kvm.c | 7 ++++---
4 files changed, 13 insertions(+), 9 deletions(-)
--git a/tools/perf/arch/powerpc/util/header.c b/tools/perf/arch/powerpc/util/header.c
index 0b242664f5ea7..e46be9ef5a688 100644
--- a/tools/perf/arch/powerpc/util/header.c
+++ b/tools/perf/arch/powerpc/util/header.c
@@ -1,5 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include <sys/types.h>
+#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -31,7 +32,7 @@ get_cpuid(char *buffer, size_t sz)
buffer[nb-1] = '\0';
return 0;
}
- return -1;
+ return ENOBUFS;
}
char *
--git a/tools/perf/arch/s390/util/header.c b/tools/perf/arch/s390/util/header.c
index 163b92f339980..cc72554c362a1 100644
--- a/tools/perf/arch/s390/util/header.c
+++ b/tools/perf/arch/s390/util/header.c
@@ -11,6 +11,7 @@
*/
#include <sys/types.h>
+#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
@@ -56,7 +57,7 @@ int get_cpuid(char *buffer, size_t sz)
sysinfo = fopen(SYSINFO, "r");
if (sysinfo == NULL)
- return -1;
+ return errno;
while ((read = getline(&line, &line_sz, sysinfo)) != -1) {
if (!strncmp(line, SYSINFO_MANU, strlen(SYSINFO_MANU))) {
@@ -91,7 +92,7 @@ int get_cpuid(char *buffer, size_t sz)
/* Missing manufacturer, type or model information should not happen */
if (!manufacturer[0] || !type[0] || !model[0])
- return -1;
+ return EINVAL;
/*
* Scan /proc/service_levels and return the CPU-MF counter facility
@@ -135,14 +136,14 @@ skip_sysinfo:
else
nbytes = snprintf(buffer, sz, "%s,%s,%s", manufacturer, type,
model);
- return (nbytes >= sz) ? -1 : 0;
+ return (nbytes >= sz) ? ENOBUFS : 0;
}
char *get_cpuid_str(struct perf_pmu *pmu __maybe_unused)
{
char *buf = malloc(128);
- if (buf && get_cpuid(buf, 128) < 0)
+ if (buf && get_cpuid(buf, 128))
zfree(&buf);
return buf;
}
--git a/tools/perf/arch/x86/util/header.c b/tools/perf/arch/x86/util/header.c
index fb0d71afee8bb..2a5daec6fb8b0 100644
--- a/tools/perf/arch/x86/util/header.c
+++ b/tools/perf/arch/x86/util/header.c
@@ -1,5 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include <sys/types.h>
+#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -56,7 +57,7 @@ __get_cpuid(char *buffer, size_t sz, const char *fmt)
buffer[nb-1] = '\0';
return 0;
}
- return -1;
+ return ENOBUFS;
}
int
diff --git a/tools/perf/builtin-kvm.c b/tools/perf/builtin-kvm.c
index 2b1ef704169f2..952e2228f6c60 100644
--- a/tools/perf/builtin-kvm.c
+++ b/tools/perf/builtin-kvm.c
@@ -699,14 +699,15 @@ static int process_sample_event(struct perf_tool *tool,
static int cpu_isa_config(struct perf_kvm_stat *kvm)
{
- char buf[64], *cpuid;
+ char buf[128], *cpuid;
int err;
if (kvm->live) {
err = get_cpuid(buf, sizeof(buf));
if (err != 0) {
- pr_err("Failed to look up CPU type\n");
- return err;
+ pr_err("Failed to look up CPU type: %s\n",
+ str_error_r(err, buf, sizeof(buf)));
+ return -err;
}
cpuid = buf;
} else
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 066/149] perf annotate: Propagate perf_env__arch() error
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 065/149] perf tools: Propagate get_cpuid() error Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 067/149] perf annotate: Fix the signedness of failure returns Greg Kroah-Hartman
` (87 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King - ARM Linux admin,
Adrian Hunter, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
Will Deacon, Arnaldo Carvalho de Melo, Sasha Levin,
Peter Zijlstra
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit a66fa0619a0ae3585ef09e9c33ecfb5c7c6cb72b ]
The callers of symbol__annotate2() use symbol__strerror_disassemble() to
convert its failure returns into a human readable string, so
propagate error values from functions it calls, starting with
perf_env__arch() that when fails the right thing to do is to look at
'errno' to see why its possible call to uname() failed.
Reported-by: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Cc: Will Deacon <will@kernel.org>
Link: https://lkml.kernel.org/n/tip-it5d83kyusfhb1q1b0l4pxzs@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/annotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index daea1fdf73856..4ef62bcdc80f0 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1871,7 +1871,7 @@ int symbol__annotate(struct symbol *sym, struct map *map,
int err;
if (!arch_name)
- return -1;
+ return errno;
args.arch = arch = arch__find(arch_name);
if (arch == NULL)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 067/149] perf annotate: Fix the signedness of failure returns
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 066/149] perf annotate: Propagate perf_env__arch() error Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 068/149] perf annotate: Propagate the symbol__annotate() error return Greg Kroah-Hartman
` (86 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King - ARM Linux admin,
Adrian Hunter, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
Will Deacon, Arnaldo Carvalho de Melo, Sasha Levin,
Peter Zijlstra
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 28f4417c3333940b242af03d90214f713bbef232 ]
Callers of symbol__annotate() expect a errno value or some other
extended error value range in symbol__strerror_disassemble() to
convert to a proper error string, fix it when propagating a failure to
find the arch specific annotation routines via arch__find(arch_name).
Reported-by: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Cc: Will Deacon <will@kernel.org>
Link: https://lkml.kernel.org/n/tip-o0k6dw7cas0vvmjjvgsyvu1i@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/annotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index 4ef62bcdc80f0..b4946ef48b621 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1875,7 +1875,7 @@ int symbol__annotate(struct symbol *sym, struct map *map,
args.arch = arch = arch__find(arch_name);
if (arch == NULL)
- return -ENOTSUP;
+ return ENOTSUP;
if (parch)
*parch = arch;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 068/149] perf annotate: Propagate the symbol__annotate() error return
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 067/149] perf annotate: Fix the signedness of failure returns Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 069/149] perf annotate: Return appropriate error code for allocation failures Greg Kroah-Hartman
` (85 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King - ARM Linux admin,
Adrian Hunter, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
Will Deacon, Arnaldo Carvalho de Melo, Sasha Levin,
Peter Zijlstra
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 211f493b611eef012841f795166c38ec7528738d ]
We were just returning -1 in symbol__annotate() when symbol__annotate()
failed, propagate its error as it is used later to pass to
symbol__strerror_disassemble() to present a error message to the user,
that in some cases were getting:
"Invalid -1 error code"
Fix it to propagate the error.
Reported-by: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Cc: Will Deacon <will@kernel.org>
Link: https://lkml.kernel.org/n/tip-0tj89rs9g7nbcyd5skadlvuu@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/annotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index b4946ef48b621..83a3ad4256c5b 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -2757,7 +2757,7 @@ int symbol__annotate2(struct symbol *sym, struct map *map, struct perf_evsel *ev
out_free_offsets:
zfree(¬es->offsets);
- return -1;
+ return err;
}
#define ANNOTATION__CFG(n) \
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 069/149] perf annotate: Return appropriate error code for allocation failures
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 068/149] perf annotate: Propagate the symbol__annotate() error return Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 070/149] staging: rtl8188eu: fix null dereference when kzalloc fails Greg Kroah-Hartman
` (84 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King - ARM Linux admin,
Adrian Hunter, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
Will Deacon, Arnaldo Carvalho de Melo, Sasha Levin,
Peter Zijlstra
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 16ed3c1e91159e28b02f11f71ff4ce4cbc6f99e4 ]
We should return errno or the annotation extra range understood by
symbol__strerror_disassemble() instead of -1, fix it, returning ENOMEM
instead.
Reported-by: Russell King - ARM Linux admin <linux@armlinux.org.uk>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Cc: Will Deacon <will@kernel.org>
Link: https://lkml.kernel.org/n/tip-8of1cmj3rz0mppfcshc9bbqq@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/annotate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index 83a3ad4256c5b..6958d7eed5bed 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1614,7 +1614,7 @@ static int dso__disassemble_filename(struct dso *dso, char *filename, size_t fil
build_id_path = strdup(filename);
if (!build_id_path)
- return -1;
+ return ENOMEM;
/*
* old style build-id cache has name of XX/XXXXXXX.. while
@@ -2732,7 +2732,7 @@ int symbol__annotate2(struct symbol *sym, struct map *map, struct perf_evsel *ev
notes->offsets = zalloc(size * sizeof(struct annotation_line *));
if (notes->offsets == NULL)
- return -1;
+ return ENOMEM;
if (perf_evsel__is_group_event(evsel))
nr_pcnt = evsel->nr_members;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 070/149] staging: rtl8188eu: fix null dereference when kzalloc fails
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 069/149] perf annotate: Return appropriate error code for allocation failures Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 071/149] RDMA/hfi1: Prevent memory leak in sdma_init Greg Kroah-Hartman
` (83 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Connor Kuehl, Sasha Levin
From: Connor Kuehl <connor.kuehl@canonical.com>
[ Upstream commit 955c1532a34305f2f780b47f0c40cc7c65500810 ]
If kzalloc() returns NULL, the error path doesn't stop the flow of
control from entering rtw_hal_read_chip_version() which dereferences the
null pointer. Fix this by adding a 'goto' to the error path to more
gracefully handle the issue and avoid proceeding with initialization
steps that we're no longer prepared to handle.
Also update the debug message to be more consistent with the other debug
messages in this function.
Addresses-Coverity: ("Dereference after null check")
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
Link: https://lore.kernel.org/r/20190927214415.899-1-connor.kuehl@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
index dfee6985efa61..8ef7b44b6abc1 100644
--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
+++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
@@ -348,8 +348,10 @@ static struct adapter *rtw_usb_if1_init(struct dvobj_priv *dvobj,
}
padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL);
- if (!padapter->HalData)
- DBG_88E("cant not alloc memory for HAL DATA\n");
+ if (!padapter->HalData) {
+ DBG_88E("Failed to allocate memory for HAL data\n");
+ goto free_adapter;
+ }
/* step read_chip_version */
rtw_hal_read_chip_version(padapter);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 071/149] RDMA/hfi1: Prevent memory leak in sdma_init
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 070/149] staging: rtl8188eu: fix null dereference when kzalloc fails Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 072/149] RDMA/iwcm: Fix a lock inversion issue Greg Kroah-Hartman
` (82 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Navid Emamdoost, Dennis Dalessandro,
Jason Gunthorpe, Sasha Levin
From: Navid Emamdoost <navid.emamdoost@gmail.com>
[ Upstream commit 34b3be18a04ecdc610aae4c48e5d1b799d8689f6 ]
In sdma_init if rhashtable_init fails the allocated memory for
tmp_sdma_rht should be released.
Fixes: 5a52a7acf7e2 ("IB/hfi1: NULL pointer dereference when freeing rhashtable")
Link: https://lore.kernel.org/r/20190925144543.10141-1-navid.emamdoost@gmail.com
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/sdma.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c
index d648a4167832c..64ab92f8a4a28 100644
--- a/drivers/infiniband/hw/hfi1/sdma.c
+++ b/drivers/infiniband/hw/hfi1/sdma.c
@@ -1518,8 +1518,11 @@ int sdma_init(struct hfi1_devdata *dd, u8 port)
}
ret = rhashtable_init(tmp_sdma_rht, &sdma_rht_params);
- if (ret < 0)
+ if (ret < 0) {
+ kfree(tmp_sdma_rht);
goto bail;
+ }
+
dd->sdma_rht = tmp_sdma_rht;
dd_dev_info(dd, "SDMA num_sdma: %u\n", dd->num_sdma);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 072/149] RDMA/iwcm: Fix a lock inversion issue
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 071/149] RDMA/hfi1: Prevent memory leak in sdma_init Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 073/149] HID: hyperv: Use in-place iterator API in the channel callback Greg Kroah-Hartman
` (81 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Jason Gunthorpe,
Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit b66f31efbdad95ec274345721d99d1d835e6de01 ]
This patch fixes the lock inversion complaint:
============================================
WARNING: possible recursive locking detected
5.3.0-rc7-dbg+ #1 Not tainted
--------------------------------------------
kworker/u16:6/171 is trying to acquire lock:
00000000035c6e6c (&id_priv->handler_mutex){+.+.}, at: rdma_destroy_id+0x78/0x4a0 [rdma_cm]
but task is already holding lock:
00000000bc7c307d (&id_priv->handler_mutex){+.+.}, at: iw_conn_req_handler+0x151/0x680 [rdma_cm]
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&id_priv->handler_mutex);
lock(&id_priv->handler_mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by kworker/u16:6/171:
#0: 00000000e2eaa773 ((wq_completion)iw_cm_wq){+.+.}, at: process_one_work+0x472/0xac0
#1: 000000001efd357b ((work_completion)(&work->work)#3){+.+.}, at: process_one_work+0x476/0xac0
#2: 00000000bc7c307d (&id_priv->handler_mutex){+.+.}, at: iw_conn_req_handler+0x151/0x680 [rdma_cm]
stack backtrace:
CPU: 3 PID: 171 Comm: kworker/u16:6 Not tainted 5.3.0-rc7-dbg+ #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: iw_cm_wq cm_work_handler [iw_cm]
Call Trace:
dump_stack+0x8a/0xd6
__lock_acquire.cold+0xe1/0x24d
lock_acquire+0x106/0x240
__mutex_lock+0x12e/0xcb0
mutex_lock_nested+0x1f/0x30
rdma_destroy_id+0x78/0x4a0 [rdma_cm]
iw_conn_req_handler+0x5c9/0x680 [rdma_cm]
cm_work_handler+0xe62/0x1100 [iw_cm]
process_one_work+0x56d/0xac0
worker_thread+0x7a/0x5d0
kthread+0x1bc/0x210
ret_from_fork+0x24/0x30
This is not a bug as there are actually two lock classes here.
Link: https://lore.kernel.org/r/20190930231707.48259-3-bvanassche@acm.org
Fixes: de910bd92137 ("RDMA/cma: Simplify locking needed for serialization of callbacks")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cma.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 6257be21cbedd..1f373ba573b6d 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -2270,9 +2270,10 @@ static int iw_conn_req_handler(struct iw_cm_id *cm_id,
conn_id->cm_id.iw = NULL;
cma_exch(conn_id, RDMA_CM_DESTROYING);
mutex_unlock(&conn_id->handler_mutex);
+ mutex_unlock(&listen_id->handler_mutex);
cma_deref_id(conn_id);
rdma_destroy_id(&conn_id->id);
- goto out;
+ return ret;
}
mutex_unlock(&conn_id->handler_mutex);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 073/149] HID: hyperv: Use in-place iterator API in the channel callback
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 072/149] RDMA/iwcm: Fix a lock inversion issue Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 074/149] nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request Greg Kroah-Hartman
` (80 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dexuan Cui, Jiri Kosina, Sasha Levin
From: Dexuan Cui <decui@microsoft.com>
[ Upstream commit 6a297c90efa68b2864483193b8bfb0d19478600c ]
Simplify the ring buffer handling with the in-place API.
Also avoid the dynamic allocation and the memory leak in the channel
callback function.
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-hyperv.c | 56 +++++++---------------------------------
1 file changed, 10 insertions(+), 46 deletions(-)
diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c
index 704049e62d58a..4d1496f60071f 100644
--- a/drivers/hid/hid-hyperv.c
+++ b/drivers/hid/hid-hyperv.c
@@ -322,60 +322,24 @@ static void mousevsc_on_receive(struct hv_device *device,
static void mousevsc_on_channel_callback(void *context)
{
- const int packet_size = 0x100;
- int ret;
struct hv_device *device = context;
- u32 bytes_recvd;
- u64 req_id;
struct vmpacket_descriptor *desc;
- unsigned char *buffer;
- int bufferlen = packet_size;
-
- buffer = kmalloc(bufferlen, GFP_ATOMIC);
- if (!buffer)
- return;
-
- do {
- ret = vmbus_recvpacket_raw(device->channel, buffer,
- bufferlen, &bytes_recvd, &req_id);
-
- switch (ret) {
- case 0:
- if (bytes_recvd <= 0) {
- kfree(buffer);
- return;
- }
- desc = (struct vmpacket_descriptor *)buffer;
-
- switch (desc->type) {
- case VM_PKT_COMP:
- break;
-
- case VM_PKT_DATA_INBAND:
- mousevsc_on_receive(device, desc);
- break;
-
- default:
- pr_err("unhandled packet type %d, tid %llx len %d\n",
- desc->type, req_id, bytes_recvd);
- break;
- }
+ foreach_vmbus_pkt(desc, device->channel) {
+ switch (desc->type) {
+ case VM_PKT_COMP:
break;
- case -ENOBUFS:
- kfree(buffer);
- /* Handle large packet */
- bufferlen = bytes_recvd;
- buffer = kmalloc(bytes_recvd, GFP_ATOMIC);
-
- if (!buffer)
- return;
+ case VM_PKT_DATA_INBAND:
+ mousevsc_on_receive(device, desc);
+ break;
+ default:
+ pr_err("Unhandled packet type %d, tid %llx len %d\n",
+ desc->type, desc->trans_id, desc->len8 * 8);
break;
}
- } while (1);
-
+ }
}
static int mousevsc_connect_to_vsp(struct hv_device *device)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 074/149] nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 073/149] HID: hyperv: Use in-place iterator API in the channel callback Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 075/149] arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 Greg Kroah-Hartman
` (79 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, ZhangXiaoxu,
Anna Schumaker, Sasha Levin
From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit 33ea5aaa87cdae0f9af4d6b7ee4f650a1a36fd1d ]
When xfstests testing, there are some WARNING as below:
WARNING: CPU: 0 PID: 6235 at fs/nfs/inode.c:122 nfs_clear_inode+0x9c/0xd8
Modules linked in:
CPU: 0 PID: 6235 Comm: umount.nfs
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO)
pc : nfs_clear_inode+0x9c/0xd8
lr : nfs_evict_inode+0x60/0x78
sp : fffffc000f68fc00
x29: fffffc000f68fc00 x28: fffffe00c53155c0
x27: fffffe00c5315000 x26: fffffc0009a63748
x25: fffffc000f68fd18 x24: fffffc000bfaaf40
x23: fffffc000936d3c0 x22: fffffe00c4ff5e20
x21: fffffc000bfaaf40 x20: fffffe00c4ff5d10
x19: fffffc000c056000 x18: 000000000000003c
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000040 x14: 0000000000000228
x13: fffffc000c3a2000 x12: 0000000000000045
x11: 0000000000000000 x10: 0000000000000000
x9 : 0000000000000000 x8 : 0000000000000000
x7 : 0000000000000000 x6 : fffffc00084b027c
x5 : fffffc0009a64000 x4 : fffffe00c0e77400
x3 : fffffc000c0563a8 x2 : fffffffffffffffb
x1 : 000000000000764e x0 : 0000000000000001
Call trace:
nfs_clear_inode+0x9c/0xd8
nfs_evict_inode+0x60/0x78
evict+0x108/0x380
dispose_list+0x70/0xa0
evict_inodes+0x194/0x210
generic_shutdown_super+0xb0/0x220
nfs_kill_super+0x40/0x88
deactivate_locked_super+0xb4/0x120
deactivate_super+0x144/0x160
cleanup_mnt+0x98/0x148
__cleanup_mnt+0x38/0x50
task_work_run+0x114/0x160
do_notify_resume+0x2f8/0x308
work_pending+0x8/0x14
The nrequest should be increased/decreased only if PG_INODE_REF flag
was setted.
But in the nfs_inode_remove_request function, it maybe decrease when
no PG_INODE_REF flag, this maybe lead nrequests count error.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/write.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 5ab997912d8d5..117ffd90419e2 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -783,7 +783,6 @@ static void nfs_inode_remove_request(struct nfs_page *req)
struct nfs_inode *nfsi = NFS_I(inode);
struct nfs_page *head;
- atomic_long_dec(&nfsi->nrequests);
if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) {
head = req->wb_head;
@@ -796,8 +795,10 @@ static void nfs_inode_remove_request(struct nfs_page *req)
spin_unlock(&mapping->private_lock);
}
- if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags))
+ if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) {
nfs_release_request(req);
+ atomic_long_dec(&nfsi->nrequests);
+ }
}
static void
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 075/149] arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 074/149] nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 076/149] tty: serial: owl: Fix the link time qualifier of owl_uart_exit() Greg Kroah-Hartman
` (78 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Morse, Will Deacon, Sasha Levin
From: James Morse <james.morse@arm.com>
[ Upstream commit dd8a1f13488438c6c220b7cafa500baaf21a6e53 ]
CPUs affected by Neoverse-N1 #1542419 may execute a stale instruction if
it was recently modified. The affected sequence requires freshly written
instructions to be executable before a branch to them is updated.
There are very few places in the kernel that modify executable text,
all but one come with sufficient synchronisation:
* The module loader's flush_module_icache() calls flush_icache_range(),
which does a kick_all_cpus_sync()
* bpf_int_jit_compile() calls flush_icache_range().
* Kprobes calls aarch64_insn_patch_text(), which does its work in
stop_machine().
* static keys and ftrace both patch between nops and branches to
existing kernel code (not generated code).
The affected sequence is the interaction between ftrace and modules.
The module PLT is cleaned using __flush_icache_range() as the trampoline
shouldn't be executable until we update the branch to it.
Drop the double-underscore so that this path runs kick_all_cpus_sync()
too.
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/ftrace.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c
index 7eff8afa035fd..b6618391be8c6 100644
--- a/arch/arm64/kernel/ftrace.c
+++ b/arch/arm64/kernel/ftrace.c
@@ -119,10 +119,16 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
/*
* Ensure updated trampoline is visible to instruction
- * fetch before we patch in the branch.
+ * fetch before we patch in the branch. Although the
+ * architecture doesn't require an IPI in this case,
+ * Neoverse-N1 erratum #1542419 does require one
+ * if the TLB maintenance in module_enable_ro() is
+ * skipped due to rodata_enabled. It doesn't seem worth
+ * it to make it conditional given that this is
+ * certainly not a fast-path.
*/
- __flush_icache_range((unsigned long)&dst[0],
- (unsigned long)&dst[1]);
+ flush_icache_range((unsigned long)&dst[0],
+ (unsigned long)&dst[1]);
}
addr = (unsigned long)dst;
#else /* CONFIG_ARM64_MODULE_PLTS */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 076/149] tty: serial: owl: Fix the link time qualifier of owl_uart_exit()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 075/149] arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 077/149] tty: n_hdlc: fix build on SPARC Greg Kroah-Hartman
` (77 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 6264dab6efd6069f0387efb078a9960b5642377b ]
'exit' functions should be marked as __exit, not __init.
Fixes: fc60a8b675bd ("tty: serial: owl: Implement console driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/20190910041129.6978-1-christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/owl-uart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c
index 29a6dc6a8d23c..73fcc6bdb0312 100644
--- a/drivers/tty/serial/owl-uart.c
+++ b/drivers/tty/serial/owl-uart.c
@@ -742,7 +742,7 @@ static int __init owl_uart_init(void)
return ret;
}
-static void __init owl_uart_exit(void)
+static void __exit owl_uart_exit(void)
{
platform_driver_unregister(&owl_uart_platform_driver);
uart_unregister_driver(&owl_uart_driver);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 077/149] tty: n_hdlc: fix build on SPARC
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 076/149] tty: serial: owl: Fix the link time qualifier of owl_uart_exit() Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 078/149] gpio: max77620: Use correct unit for debounce times Greg Kroah-Hartman
` (76 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Randy Dunlap,
Kees Cook, David S. Miller, Andrew Morton, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 47a7e5e97d4edd7b14974d34f0e5a5560fad2915 ]
Fix tty driver build on SPARC by not using __exitdata.
It appears that SPARC does not support section .exit.data.
Fixes these build errors:
`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o
`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o
`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o
`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o
Reported-by: kbuild test robot <lkp@intel.com>
Fixes: 063246641d4a ("format-security: move static strings to const")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: https://lore.kernel.org/r/675e7bd9-955b-3ff3-1101-a973b58b5b75@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_hdlc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c
index bb63519db7ae4..c943716c019e4 100644
--- a/drivers/tty/n_hdlc.c
+++ b/drivers/tty/n_hdlc.c
@@ -968,6 +968,11 @@ static int __init n_hdlc_init(void)
} /* end of init_module() */
+#ifdef CONFIG_SPARC
+#undef __exitdata
+#define __exitdata
+#endif
+
static const char hdlc_unregister_ok[] __exitdata =
KERN_INFO "N_HDLC: line discipline unregistered\n";
static const char hdlc_unregister_fail[] __exitdata =
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 078/149] gpio: max77620: Use correct unit for debounce times
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 077/149] tty: n_hdlc: fix build on SPARC Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-06 19:01 ` Pavel Machek
2019-11-04 21:44 ` [PATCH 4.19 079/149] fs: cifs: mute -Wunused-const-variable message Greg Kroah-Hartman
` (75 subsequent siblings)
153 siblings, 1 reply; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thierry Reding, Linus Walleij, Sasha Levin
From: Thierry Reding <treding@nvidia.com>
[ Upstream commit fffa6af94894126994a7600c6f6f09b892e89fa9 ]
The gpiod_set_debounce() function takes the debounce time in
microseconds. Adjust the switch/case values in the MAX77620 GPIO to use
the correct unit.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20191002122825.3948322-1-thierry.reding@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-max77620.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpio/gpio-max77620.c b/drivers/gpio/gpio-max77620.c
index 538bce4b5b427..ac6c1c0548b69 100644
--- a/drivers/gpio/gpio-max77620.c
+++ b/drivers/gpio/gpio-max77620.c
@@ -163,13 +163,13 @@ static int max77620_gpio_set_debounce(struct max77620_gpio *mgpio,
case 0:
val = MAX77620_CNFG_GPIO_DBNC_None;
break;
- case 1 ... 8:
+ case 1000 ... 8000:
val = MAX77620_CNFG_GPIO_DBNC_8ms;
break;
- case 9 ... 16:
+ case 9000 ... 16000:
val = MAX77620_CNFG_GPIO_DBNC_16ms;
break;
- case 17 ... 32:
+ case 17000 ... 32000:
val = MAX77620_CNFG_GPIO_DBNC_32ms;
break;
default:
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 079/149] fs: cifs: mute -Wunused-const-variable message
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 078/149] gpio: max77620: Use correct unit for debounce times Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 080/149] serial: mctrl_gpio: Check for NULL pointer Greg Kroah-Hartman
` (74 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Austin Kim, Steve French, Sasha Levin
From: Austin Kim <austindh.kim@gmail.com>
[ Upstream commit dd19c106a36690b47bb1acc68372f2b472b495b8 ]
After 'Initial git repository build' commit,
'mapping_table_ERRHRD' variable has not been used.
So 'mapping_table_ERRHRD' const variable could be removed
to mute below warning message:
fs/cifs/netmisc.c:120:40: warning: unused variable 'mapping_table_ERRHRD' [-Wunused-const-variable]
static const struct smb_to_posix_error mapping_table_ERRHRD[] = {
^
Signed-off-by: Austin Kim <austindh.kim@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/netmisc.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index fdd908e4a26b3..66c10121a6eae 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -130,10 +130,6 @@ static const struct smb_to_posix_error mapping_table_ERRSRV[] = {
{0, 0}
};
-static const struct smb_to_posix_error mapping_table_ERRHRD[] = {
- {0, 0}
-};
-
/*
* Convert a string containing text IPv4 or IPv6 address to binary form.
*
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 080/149] serial: mctrl_gpio: Check for NULL pointer
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 079/149] fs: cifs: mute -Wunused-const-variable message Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 081/149] efi/cper: Fix endianness of PCIe class code Greg Kroah-Hartman
` (73 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Ford, Yegor Yefremov, Sasha Levin
From: Adam Ford <aford173@gmail.com>
[ Upstream commit 37e3ab00e4734acc15d96b2926aab55c894f4d9c ]
When using mctrl_gpio_to_gpiod, it dereferences gpios into a single
requested GPIO. This dereferencing can break if gpios is NULL,
so this patch adds a NULL check before dereferencing it. If
gpios is NULL, this function will also return NULL.
Signed-off-by: Adam Ford <aford173@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Link: https://lore.kernel.org/r/20191006163314.23191-1-aford173@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial_mctrl_gpio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/serial/serial_mctrl_gpio.c b/drivers/tty/serial/serial_mctrl_gpio.c
index 07f318603e740..af0412a784d27 100644
--- a/drivers/tty/serial/serial_mctrl_gpio.c
+++ b/drivers/tty/serial/serial_mctrl_gpio.c
@@ -60,6 +60,9 @@ EXPORT_SYMBOL_GPL(mctrl_gpio_set);
struct gpio_desc *mctrl_gpio_to_gpiod(struct mctrl_gpios *gpios,
enum mctrl_gpio_idx gidx)
{
+ if (gpios == NULL)
+ return NULL;
+
return gpios->gpio[gidx];
}
EXPORT_SYMBOL_GPL(mctrl_gpio_to_gpiod);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 081/149] efi/cper: Fix endianness of PCIe class code
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 080/149] serial: mctrl_gpio: Check for NULL pointer Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 082/149] efi/x86: Do not clean dummy variable in kexec path Greg Kroah-Hartman
` (72 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Ard Biesheuvel,
Ben Dooks, Dave Young, Jarkko Sakkinen, Jerry Snitselaar,
Linus Torvalds, Lyude Paul, Matthew Garrett, Octavian Purdila,
Peter Jones, Peter Zijlstra, Scott Talbert, Thomas Gleixner,
linux-efi, linux-integrity, Ingo Molnar, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 6fb9367a15d1a126d222d738b2702c7958594a5f ]
The CPER parser assumes that the class code is big endian, but at least
on this edk2-derived Intel Purley platform it's little endian:
efi: EFI v2.50 by EDK II BIOS ID:PLYDCRB1.86B.0119.R05.1701181843
DMI: Intel Corporation PURLEY/PURLEY, BIOS PLYDCRB1.86B.0119.R05.1701181843 01/18/2017
{1}[Hardware Error]: device_id: 0000:5d:00.0
{1}[Hardware Error]: slot: 0
{1}[Hardware Error]: secondary_bus: 0x5e
{1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2030
{1}[Hardware Error]: class_code: 000406
^^^^^^ (should be 060400)
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ben Dooks <ben.dooks@codethink.co.uk>
Cc: Dave Young <dyoung@redhat.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Lyude Paul <lyude@redhat.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Octavian Purdila <octavian.purdila@intel.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Scott Talbert <swt@techie.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Link: https://lkml.kernel.org/r/20191002165904.8819-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/cper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
index 4045098ddb860..116989cf3d457 100644
--- a/drivers/firmware/efi/cper.c
+++ b/drivers/firmware/efi/cper.c
@@ -393,7 +393,7 @@ static void cper_print_pcie(const char *pfx, const struct cper_sec_pcie *pcie,
printk("%s""vendor_id: 0x%04x, device_id: 0x%04x\n", pfx,
pcie->device_id.vendor_id, pcie->device_id.device_id);
p = pcie->device_id.class_code;
- printk("%s""class_code: %02x%02x%02x\n", pfx, p[0], p[1], p[2]);
+ printk("%s""class_code: %02x%02x%02x\n", pfx, p[2], p[1], p[0]);
}
if (pcie->validation_bits & CPER_PCIE_VALID_SERIAL_NUMBER)
printk("%s""serial number: 0x%04x, 0x%04x\n", pfx,
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 082/149] efi/x86: Do not clean dummy variable in kexec path
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 081/149] efi/cper: Fix endianness of PCIe class code Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 083/149] MIPS: include: Mark __cmpxchg as __always_inline Greg Kroah-Hartman
` (71 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Young, Ard Biesheuvel,
Matthew Garrett, Ben Dooks, Jarkko Sakkinen, Jerry Snitselaar,
Linus Torvalds, Lukas Wunner, Lyude Paul, Octavian Purdila,
Peter Jones, Peter Zijlstra, Scott Talbert, Thomas Gleixner,
linux-efi, linux-integrity, Ingo Molnar, Sasha Levin
From: Dave Young <dyoung@redhat.com>
[ Upstream commit 2ecb7402cfc7f22764e7bbc80790e66eadb20560 ]
kexec reboot fails randomly in UEFI based KVM guest. The firmware
just resets while calling efi_delete_dummy_variable(); Unfortunately
I don't know how to debug the firmware, it is also possible a potential
problem on real hardware as well although nobody reproduced it.
The intention of the efi_delete_dummy_variable is to trigger garbage collection
when entering virtual mode. But SetVirtualAddressMap can only run once
for each physical reboot, thus kexec_enter_virtual_mode() is not necessarily
a good place to clean a dummy object.
Drop the efi_delete_dummy_variable so that kexec reboot can work.
Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Matthew Garrett <mjg59@google.com>
Cc: Ben Dooks <ben.dooks@codethink.co.uk>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Lukas Wunner <lukas@wunner.de>
Cc: Lyude Paul <lyude@redhat.com>
Cc: Octavian Purdila <octavian.purdila@intel.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Scott Talbert <swt@techie.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Link: https://lkml.kernel.org/r/20191002165904.8819-8-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/platform/efi/efi.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 9061babfbc83d..335a62e74a2e9 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -893,9 +893,6 @@ static void __init kexec_enter_virtual_mode(void)
if (efi_enabled(EFI_OLD_MEMMAP) && (__supported_pte_mask & _PAGE_NX))
runtime_code_page_mkexec();
-
- /* clean DUMMY object */
- efi_delete_dummy_variable();
#endif
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 083/149] MIPS: include: Mark __cmpxchg as __always_inline
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 082/149] efi/x86: Do not clean dummy variable in kexec path Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 084/149] x86/xen: Return from panic notifier Greg Kroah-Hartman
` (70 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Bogendoerfer, Paul Burton,
Ralf Baechle, James Hogan, linux-mips, Sasha Levin
From: Thomas Bogendoerfer <tbogendoerfer@suse.de>
[ Upstream commit 88356d09904bc606182c625575237269aeece22e ]
Commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING
forcibly") allows compiler to uninline functions marked as 'inline'.
In cace of cmpxchg this would cause to reference function
__cmpxchg_called_with_bad_pointer, which is a error case
for catching bugs and will not happen for correct code, if
__cmpxchg is inlined.
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
[paul.burton@mips.com: s/__cmpxchd/__cmpxchg in subject]
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/cmpxchg.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/mips/include/asm/cmpxchg.h b/arch/mips/include/asm/cmpxchg.h
index 89e9fb7976fe6..895f91b9e89c3 100644
--- a/arch/mips/include/asm/cmpxchg.h
+++ b/arch/mips/include/asm/cmpxchg.h
@@ -146,8 +146,9 @@ static inline unsigned long __xchg(volatile void *ptr, unsigned long x,
extern unsigned long __cmpxchg_small(volatile void *ptr, unsigned long old,
unsigned long new, unsigned int size);
-static inline unsigned long __cmpxchg(volatile void *ptr, unsigned long old,
- unsigned long new, unsigned int size)
+static __always_inline
+unsigned long __cmpxchg(volatile void *ptr, unsigned long old,
+ unsigned long new, unsigned int size)
{
switch (size) {
case 1:
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 084/149] x86/xen: Return from panic notifier
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 083/149] MIPS: include: Mark __cmpxchg as __always_inline Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 085/149] ocfs2: clear zero in unaligned direct IO Greg Kroah-Hartman
` (69 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Dingwall, Boris Ostrovsky,
Juergen Gross, Sasha Levin
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
[ Upstream commit c6875f3aacf2a5a913205accddabf0bfb75cac76 ]
Currently execution of panic() continues until Xen's panic notifier
(xen_panic_event()) is called at which point we make a hypercall that
never returns.
This means that any notifier that is supposed to be called later as
well as significant part of panic() code (such as pstore writes from
kmsg_dump()) is never executed.
There is no reason for xen_panic_event() to be this last point in
execution since panic()'s emergency_restart() will call into
xen_emergency_restart() from where we can perform our hypercall.
Nevertheless, we will provide xen_legacy_crash boot option that will
preserve original behavior during crash. This option could be used,
for example, if running kernel dumper (which happens after panic
notifiers) is undesirable.
Reported-by: James Dingwall <james@dingwall.me.uk>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../admin-guide/kernel-parameters.txt | 4 +++
arch/x86/xen/enlighten.c | 28 +++++++++++++++++--
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 16607b178b474..a855f83defa6c 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5117,6 +5117,10 @@
the unplug protocol
never -- do not unplug even if version check succeeds
+ xen_legacy_crash [X86,XEN]
+ Crash from Xen panic notifier, without executing late
+ panic() code such as dumping handler.
+
xen_nopvspin [X86,XEN]
Disables the ticketlock slowpath using Xen PV
optimizations.
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index c6c7c9b7b5c19..2483ff345bbcd 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -266,19 +266,41 @@ void xen_reboot(int reason)
BUG();
}
+static int reboot_reason = SHUTDOWN_reboot;
+static bool xen_legacy_crash;
void xen_emergency_restart(void)
{
- xen_reboot(SHUTDOWN_reboot);
+ xen_reboot(reboot_reason);
}
static int
xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr)
{
- if (!kexec_crash_loaded())
- xen_reboot(SHUTDOWN_crash);
+ if (!kexec_crash_loaded()) {
+ if (xen_legacy_crash)
+ xen_reboot(SHUTDOWN_crash);
+
+ reboot_reason = SHUTDOWN_crash;
+
+ /*
+ * If panic_timeout==0 then we are supposed to wait forever.
+ * However, to preserve original dom0 behavior we have to drop
+ * into hypervisor. (domU behavior is controlled by its
+ * config file)
+ */
+ if (panic_timeout == 0)
+ panic_timeout = -1;
+ }
return NOTIFY_DONE;
}
+static int __init parse_xen_legacy_crash(char *arg)
+{
+ xen_legacy_crash = true;
+ return 0;
+}
+early_param("xen_legacy_crash", parse_xen_legacy_crash);
+
static struct notifier_block xen_panic_block = {
.notifier_call = xen_panic_event,
.priority = INT_MIN
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 085/149] ocfs2: clear zero in unaligned direct IO
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 084/149] x86/xen: Return from panic notifier Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 086/149] fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Greg Kroah-Hartman
` (68 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia Guo, Yiwen Jiang, Mark Fasheh,
Joel Becker, Junxiao Bi, Joseph Qi, Andrew Morton,
Linus Torvalds, Sasha Levin
From: Jia Guo <guojia12@huawei.com>
[ Upstream commit 7a243c82ea527cd1da47381ad9cd646844f3b693 ]
Unused portion of a part-written fs-block-sized block is not set to zero
in unaligned append direct write.This can lead to serious data
inconsistencies.
Ocfs2 manage disk with cluster size(for example, 1M), part-written in
one cluster will change the cluster state from UN-WRITTEN to WRITTEN,
VFS(function dio_zero_block) doesn't do the cleaning because bh's state
is not set to NEW in function ocfs2_dio_wr_get_block when we write a
WRITTEN cluster. For example, the cluster size is 1M, file size is 8k
and we direct write from 14k to 15k, then 12k~14k and 15k~16k will
contain dirty data.
We have to deal with two cases:
1.The starting position of direct write is outside the file.
2.The starting position of direct write is located in the file.
We need set bh's state to NEW in the first case. In the second case, we
need mapped twice because bh's state of area out file should be set to
NEW while area in file not.
[akpm@linux-foundation.org: coding style fixes]
Link: http://lkml.kernel.org/r/5292e287-8f1a-fd4a-1a14-661e555e0bed@huawei.com
Signed-off-by: Jia Guo <guojia12@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <joseph.qi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/aops.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index 7578bd507c70b..dc773e163132c 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -2153,13 +2153,30 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock,
struct ocfs2_dio_write_ctxt *dwc = NULL;
struct buffer_head *di_bh = NULL;
u64 p_blkno;
- loff_t pos = iblock << inode->i_sb->s_blocksize_bits;
+ unsigned int i_blkbits = inode->i_sb->s_blocksize_bits;
+ loff_t pos = iblock << i_blkbits;
+ sector_t endblk = (i_size_read(inode) - 1) >> i_blkbits;
unsigned len, total_len = bh_result->b_size;
int ret = 0, first_get_block = 0;
len = osb->s_clustersize - (pos & (osb->s_clustersize - 1));
len = min(total_len, len);
+ /*
+ * bh_result->b_size is count in get_more_blocks according to write
+ * "pos" and "end", we need map twice to return different buffer state:
+ * 1. area in file size, not set NEW;
+ * 2. area out file size, set NEW.
+ *
+ * iblock endblk
+ * |--------|---------|---------|---------
+ * |<-------area in file------->|
+ */
+
+ if ((iblock <= endblk) &&
+ ((iblock + ((len - 1) >> i_blkbits)) > endblk))
+ len = (endblk - iblock + 1) << i_blkbits;
+
mlog(0, "get block of %lu at %llu:%u req %u\n",
inode->i_ino, pos, len, total_len);
@@ -2243,6 +2260,9 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock,
if (desc->c_needs_zero)
set_buffer_new(bh_result);
+ if (iblock > endblk)
+ set_buffer_new(bh_result);
+
/* May sleep in end_io. It should not happen in a irq context. So defer
* it to dio work queue. */
set_buffer_defer_completion(bh_result);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 086/149] fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 085/149] ocfs2: clear zero in unaligned direct IO Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 087/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() Greg Kroah-Hartman
` (67 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, Joseph Qi, Mark Fasheh,
Joel Becker, Junxiao Bi, Changwei Ge, Gang He, Jun Piao,
Stephen Rothwell, Andrew Morton, Linus Torvalds, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 56e94ea132bb5c2c1d0b60a6aeb34dcb7d71a53d ]
In ocfs2_xa_prepare_entry(), there is an if statement on line 2136 to
check whether loc->xl_entry is NULL:
if (loc->xl_entry)
When loc->xl_entry is NULL, it is used on line 2158:
ocfs2_xa_add_entry(loc, name_hash);
loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash);
loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size);
and line 2164:
ocfs2_xa_add_namevalue(loc, xi);
loc->xl_entry->xe_value_size = cpu_to_le64(xi->xi_value_len);
loc->xl_entry->xe_name_len = xi->xi_name_len;
Thus, possible null-pointer dereferences may occur.
To fix these bugs, if loc-xl_entry is NULL, ocfs2_xa_prepare_entry()
abnormally returns with -EINVAL.
These bugs are found by a static analysis tool STCheck written by us.
[akpm@linux-foundation.org: remove now-unused ocfs2_xa_add_entry()]
Link: http://lkml.kernel.org/r/20190726101447.9153-1-baijiaju1990@gmail.com
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/xattr.c | 56 ++++++++++++++++++++----------------------------
1 file changed, 23 insertions(+), 33 deletions(-)
diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
index c146e12a8601f..0d80e0df6c241 100644
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -1498,18 +1498,6 @@ static int ocfs2_xa_check_space(struct ocfs2_xa_loc *loc,
return loc->xl_ops->xlo_check_space(loc, xi);
}
-static void ocfs2_xa_add_entry(struct ocfs2_xa_loc *loc, u32 name_hash)
-{
- loc->xl_ops->xlo_add_entry(loc, name_hash);
- loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash);
- /*
- * We can't leave the new entry's xe_name_offset at zero or
- * add_namevalue() will go nuts. We set it to the size of our
- * storage so that it can never be less than any other entry.
- */
- loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size);
-}
-
static void ocfs2_xa_add_namevalue(struct ocfs2_xa_loc *loc,
struct ocfs2_xattr_info *xi)
{
@@ -2141,29 +2129,31 @@ static int ocfs2_xa_prepare_entry(struct ocfs2_xa_loc *loc,
if (rc)
goto out;
- if (loc->xl_entry) {
- if (ocfs2_xa_can_reuse_entry(loc, xi)) {
- orig_value_size = loc->xl_entry->xe_value_size;
- rc = ocfs2_xa_reuse_entry(loc, xi, ctxt);
- if (rc)
- goto out;
- goto alloc_value;
- }
+ if (!loc->xl_entry) {
+ rc = -EINVAL;
+ goto out;
+ }
- if (!ocfs2_xattr_is_local(loc->xl_entry)) {
- orig_clusters = ocfs2_xa_value_clusters(loc);
- rc = ocfs2_xa_value_truncate(loc, 0, ctxt);
- if (rc) {
- mlog_errno(rc);
- ocfs2_xa_cleanup_value_truncate(loc,
- "overwriting",
- orig_clusters);
- goto out;
- }
+ if (ocfs2_xa_can_reuse_entry(loc, xi)) {
+ orig_value_size = loc->xl_entry->xe_value_size;
+ rc = ocfs2_xa_reuse_entry(loc, xi, ctxt);
+ if (rc)
+ goto out;
+ goto alloc_value;
+ }
+
+ if (!ocfs2_xattr_is_local(loc->xl_entry)) {
+ orig_clusters = ocfs2_xa_value_clusters(loc);
+ rc = ocfs2_xa_value_truncate(loc, 0, ctxt);
+ if (rc) {
+ mlog_errno(rc);
+ ocfs2_xa_cleanup_value_truncate(loc,
+ "overwriting",
+ orig_clusters);
+ goto out;
}
- ocfs2_xa_wipe_namevalue(loc);
- } else
- ocfs2_xa_add_entry(loc, name_hash);
+ }
+ ocfs2_xa_wipe_namevalue(loc);
/*
* If we get here, we have a blank entry. Fill it. We grow our
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 087/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 086/149] fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 088/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Greg Kroah-Hartman
` (66 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, Joseph Qi, Mark Fasheh,
Joel Becker, Junxiao Bi, Changwei Ge, Gang He, Jun Piao,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 583fee3e12df0e6f1f66f063b989d8e7fed0e65a ]
In ocfs2_write_end_nolock(), there are an if statement on lines 1976,
2047 and 2058, to check whether handle is NULL:
if (handle)
When handle is NULL, it is used on line 2045:
ocfs2_update_inode_fsync_trans(handle, inode, 1);
oi->i_sync_tid = handle->h_transaction->t_tid;
Thus, a possible null-pointer dereference may occur.
To fix this bug, handle is checked before calling
ocfs2_update_inode_fsync_trans().
This bug is found by a static analysis tool STCheck written by us.
Link: http://lkml.kernel.org/r/20190726033705.32307-1-baijiaju1990@gmail.com
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/aops.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index dc773e163132c..543efa3e5655f 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -2056,7 +2056,8 @@ out_write_size:
inode->i_mtime = inode->i_ctime = current_time(inode);
di->i_mtime = di->i_ctime = cpu_to_le64(inode->i_mtime.tv_sec);
di->i_mtime_nsec = di->i_ctime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec);
- ocfs2_update_inode_fsync_trans(handle, inode, 1);
+ if (handle)
+ ocfs2_update_inode_fsync_trans(handle, inode, 1);
}
if (handle)
ocfs2_journal_dirty(handle, wc->w_di_bh);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 088/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 087/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 089/149] arm64: armv8_deprecated: Checking return value for memory allocation Greg Kroah-Hartman
` (65 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, Joseph Qi, Mark Fasheh,
Joel Becker, Junxiao Bi, Changwei Ge, Gang He, Jun Piao,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 2abb7d3b12d007c30193f48bebed781009bebdd2 ]
In ocfs2_info_scan_inode_alloc(), there is an if statement on line 283
to check whether inode_alloc is NULL:
if (inode_alloc)
When inode_alloc is NULL, it is used on line 287:
ocfs2_inode_lock(inode_alloc, &bh, 0);
ocfs2_inode_lock_full_nested(inode, ...)
struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
Thus, a possible null-pointer dereference may occur.
To fix this bug, inode_alloc is checked on line 286.
This bug is found by a static analysis tool STCheck written by us.
Link: http://lkml.kernel.org/r/20190726033717.32359-1-baijiaju1990@gmail.com
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c
index 994726ada857c..a6c328211dccd 100644
--- a/fs/ocfs2/ioctl.c
+++ b/fs/ocfs2/ioctl.c
@@ -290,7 +290,7 @@ static int ocfs2_info_scan_inode_alloc(struct ocfs2_super *osb,
if (inode_alloc)
inode_lock(inode_alloc);
- if (o2info_coherent(&fi->ifi_req)) {
+ if (inode_alloc && o2info_coherent(&fi->ifi_req)) {
status = ocfs2_inode_lock(inode_alloc, &bh, 0);
if (status < 0) {
mlog_errno(status);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 089/149] arm64: armv8_deprecated: Checking return value for memory allocation
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 088/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 090/149] x86/cpu: Add Comet Lake to the Intel CPU models header Greg Kroah-Hartman
` (64 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunfeng Ye, Will Deacon, Sasha Levin
From: Yunfeng Ye <yeyunfeng@huawei.com>
[ Upstream commit 3e7c93bd04edfb0cae7dad1215544c9350254b8f ]
There are no return value checking when using kzalloc() and kcalloc() for
memory allocation. so add it.
Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/armv8_deprecated.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c
index 92be1d12d5908..39dc98dd78ebf 100644
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -177,6 +177,9 @@ static void __init register_insn_emulation(struct insn_emulation_ops *ops)
struct insn_emulation *insn;
insn = kzalloc(sizeof(*insn), GFP_KERNEL);
+ if (!insn)
+ return;
+
insn->ops = ops;
insn->min = INSN_UNDEF;
@@ -236,6 +239,8 @@ static void __init register_insn_emulation_sysctl(void)
insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
GFP_KERNEL);
+ if (!insns_sysctl)
+ return;
raw_spin_lock_irqsave(&insn_emulation_lock, flags);
list_for_each_entry(insn, &insn_emulation, node) {
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 090/149] x86/cpu: Add Comet Lake to the Intel CPU models header
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 089/149] arm64: armv8_deprecated: Checking return value for memory allocation Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 091/149] sched/vtime: Fix guest/system mis-accounting on task switch Greg Kroah-Hartman
` (63 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Borislav Petkov,
Tony Luck, ak, H. Peter Anvin, Ingo Molnar, Peter Zijlstra,
Thomas Gleixner, x86-ml, Sasha Levin
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit 8d7c6ac3b2371eb1cbc9925a88f4d10efff374de ]
Comet Lake is the new 10th Gen Intel processor. Add two new CPU model
numbers to the Intel family list.
The CPU model numbers are not published in the SDM yet but they come
from an authoritative internal source.
[ bp: Touch up commit message. ]
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: ak@linux.intel.com
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/1570549810-25049-2-git-send-email-kan.liang@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/intel-family.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
index 82a57d344b9bc..2a8e5f78e23c4 100644
--- a/arch/x86/include/asm/intel-family.h
+++ b/arch/x86/include/asm/intel-family.h
@@ -61,6 +61,9 @@
#define INTEL_FAM6_TIGERLAKE_L 0x8C
#define INTEL_FAM6_TIGERLAKE 0x8D
+#define INTEL_FAM6_COMETLAKE 0xA5
+#define INTEL_FAM6_COMETLAKE_L 0xA6
+
/* "Small Core" Processors (Atom) */
#define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 091/149] sched/vtime: Fix guest/system mis-accounting on task switch
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 090/149] x86/cpu: Add Comet Lake to the Intel CPU models header Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 092/149] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp Greg Kroah-Hartman
` (62 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frederic Weisbecker,
Peter Zijlstra (Intel),
Linus Torvalds, Rik van Riel, Thomas Gleixner, Wanpeng Li,
Ingo Molnar, Sasha Levin
From: Frederic Weisbecker <frederic@kernel.org>
[ Upstream commit 68e7a4d66b0ce04bf18ff2ffded5596ab3618585 ]
vtime_account_system() assumes that the target task to account cputime
to is always the current task. This is most often true indeed except on
task switch where we call:
vtime_common_task_switch(prev)
vtime_account_system(prev)
Here prev is the scheduling-out task where we account the cputime to. It
doesn't match current that is already the scheduling-in task at this
stage of the context switch.
So we end up checking the wrong task flags to determine if we are
accounting guest or system time to the previous task.
As a result the wrong task is used to check if the target is running in
guest mode. We may then spuriously account or leak either system or
guest time on task switch.
Fix this assumption and also turn vtime_guest_enter/exit() to use the
task passed in parameter as well to avoid future similar issues.
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wanpeng Li <wanpengli@tencent.com>
Fixes: 2a42eb9594a1 ("sched/cputime: Accumulate vtime on top of nsec clocksource")
Link: https://lkml.kernel.org/r/20190925214242.21873-1-frederic@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/cputime.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c
index 0796f938c4f0d..54eb9457b21d3 100644
--- a/kernel/sched/cputime.c
+++ b/kernel/sched/cputime.c
@@ -739,7 +739,7 @@ void vtime_account_system(struct task_struct *tsk)
write_seqcount_begin(&vtime->seqcount);
/* We might have scheduled out from guest path */
- if (current->flags & PF_VCPU)
+ if (tsk->flags & PF_VCPU)
vtime_account_guest(tsk, vtime);
else
__vtime_account_system(tsk, vtime);
@@ -782,7 +782,7 @@ void vtime_guest_enter(struct task_struct *tsk)
*/
write_seqcount_begin(&vtime->seqcount);
__vtime_account_system(tsk, vtime);
- current->flags |= PF_VCPU;
+ tsk->flags |= PF_VCPU;
write_seqcount_end(&vtime->seqcount);
}
EXPORT_SYMBOL_GPL(vtime_guest_enter);
@@ -793,7 +793,7 @@ void vtime_guest_exit(struct task_struct *tsk)
write_seqcount_begin(&vtime->seqcount);
vtime_account_guest(tsk, vtime);
- current->flags &= ~PF_VCPU;
+ tsk->flags &= ~PF_VCPU;
write_seqcount_end(&vtime->seqcount);
}
EXPORT_SYMBOL_GPL(vtime_guest_exit);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 092/149] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 091/149] sched/vtime: Fix guest/system mis-accounting on task switch Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 093/149] drm/amdgpu: fix memory leak Greg Kroah-Hartman
` (61 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Lendacky, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Borislav Petkov,
Jerry Hoemann, Jiri Olsa, Linus Torvalds, Namhyung Kim,
Thomas Gleixner, Ingo Molnar, Sasha Levin
From: Tom Lendacky <thomas.lendacky@amd.com>
[ Upstream commit df4d29732fdad43a51284f826bec3e6ded177540 ]
It turns out that the NMI latency workaround from commit:
6d3edaae16c6 ("x86/perf/amd: Resolve NMI latency issues for active PMCs")
ends up being too conservative and results in the perf NMI handler claiming
NMIs too easily on AMD hardware when the NMI watchdog is active.
This has an impact, for example, on the hpwdt (HPE watchdog timer) module.
This module can produce an NMI that is used to reset the system. It
registers an NMI handler for the NMI_UNKNOWN type and relies on the fact
that nothing has claimed an NMI so that its handler will be invoked when
the watchdog device produces an NMI. After the referenced commit, the
hpwdt module is unable to process its generated NMI if the NMI watchdog is
active, because the current NMI latency mitigation results in the NMI
being claimed by the perf NMI handler.
Update the AMD perf NMI latency mitigation workaround to, instead, use a
window of time. Whenever a PMC is handled in the perf NMI handler, set a
timestamp which will act as a perf NMI window. Any NMIs arriving within
that window will be claimed by perf. Anything outside that window will
not be claimed by perf. The value for the NMI window is set to 100 msecs.
This is a conservative value that easily covers any NMI latency in the
hardware. While this still results in a window in which the hpwdt module
will not receive its NMI, the window is now much, much smaller.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Jerry Hoemann <jerry.hoemann@hpe.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 6d3edaae16c6 ("x86/perf/amd: Resolve NMI latency issues for active PMCs")
Link: https://lkml.kernel.org/r/Message-ID:
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/core.c | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c
index 27ade3cb6482c..defb536aebce2 100644
--- a/arch/x86/events/amd/core.c
+++ b/arch/x86/events/amd/core.c
@@ -4,12 +4,14 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/delay.h>
+#include <linux/jiffies.h>
#include <asm/apicdef.h>
#include <asm/nmi.h>
#include "../perf_event.h"
-static DEFINE_PER_CPU(unsigned int, perf_nmi_counter);
+static DEFINE_PER_CPU(unsigned long, perf_nmi_tstamp);
+static unsigned long perf_nmi_window;
static __initconst const u64 amd_hw_cache_event_ids
[PERF_COUNT_HW_CACHE_MAX]
@@ -640,11 +642,12 @@ static void amd_pmu_disable_event(struct perf_event *event)
* handler when multiple PMCs are active or PMC overflow while handling some
* other source of an NMI.
*
- * Attempt to mitigate this by using the number of active PMCs to determine
- * whether to return NMI_HANDLED if the perf NMI handler did not handle/reset
- * any PMCs. The per-CPU perf_nmi_counter variable is set to a minimum of the
- * number of active PMCs or 2. The value of 2 is used in case an NMI does not
- * arrive at the LAPIC in time to be collapsed into an already pending NMI.
+ * Attempt to mitigate this by creating an NMI window in which un-handled NMIs
+ * received during this window will be claimed. This prevents extending the
+ * window past when it is possible that latent NMIs should be received. The
+ * per-CPU perf_nmi_tstamp will be set to the window end time whenever perf has
+ * handled a counter. When an un-handled NMI is received, it will be claimed
+ * only if arriving within that window.
*/
static int amd_pmu_handle_irq(struct pt_regs *regs)
{
@@ -662,21 +665,19 @@ static int amd_pmu_handle_irq(struct pt_regs *regs)
handled = x86_pmu_handle_irq(regs);
/*
- * If a counter was handled, record the number of possible remaining
- * NMIs that can occur.
+ * If a counter was handled, record a timestamp such that un-handled
+ * NMIs will be claimed if arriving within that window.
*/
if (handled) {
- this_cpu_write(perf_nmi_counter,
- min_t(unsigned int, 2, active));
+ this_cpu_write(perf_nmi_tstamp,
+ jiffies + perf_nmi_window);
return handled;
}
- if (!this_cpu_read(perf_nmi_counter))
+ if (time_after(jiffies, this_cpu_read(perf_nmi_tstamp)))
return NMI_DONE;
- this_cpu_dec(perf_nmi_counter);
-
return NMI_HANDLED;
}
@@ -908,6 +909,9 @@ static int __init amd_core_pmu_init(void)
if (!boot_cpu_has(X86_FEATURE_PERFCTR_CORE))
return 0;
+ /* Avoid calulating the value each time in the NMI handler */
+ perf_nmi_window = msecs_to_jiffies(100);
+
switch (boot_cpu_data.x86) {
case 0x15:
pr_cont("Fam15h ");
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 093/149] drm/amdgpu: fix memory leak
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 092/149] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 094/149] iio: imu: adis16400: release allocated memory on failure Greg Kroah-Hartman
` (60 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nirmoy Das, Christian König,
Alex Deucher, Sasha Levin
From: Nirmoy Das <nirmoy.das@amd.com>
[ Upstream commit 083164dbdb17c5ea4ad92c1782b59c9d75567790 ]
cleanup error handling code and make sure temporary info array
with the handles are freed by amdgpu_bo_list_put() on
idr_replace()'s failure.
Signed-off-by: Nirmoy Das <nirmoy.das@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c
index b80243d3972e4..ce7f18c5ccb26 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c
@@ -264,7 +264,7 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data,
r = amdgpu_bo_create_list_entry_array(&args->in, &info);
if (r)
- goto error_free;
+ return r;
switch (args->in.operation) {
case AMDGPU_BO_LIST_OP_CREATE:
@@ -277,8 +277,7 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data,
r = idr_alloc(&fpriv->bo_list_handles, list, 1, 0, GFP_KERNEL);
mutex_unlock(&fpriv->bo_list_lock);
if (r < 0) {
- amdgpu_bo_list_put(list);
- return r;
+ goto error_put_list;
}
handle = r;
@@ -300,9 +299,8 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data,
mutex_unlock(&fpriv->bo_list_lock);
if (IS_ERR(old)) {
- amdgpu_bo_list_put(list);
r = PTR_ERR(old);
- goto error_free;
+ goto error_put_list;
}
amdgpu_bo_list_put(old);
@@ -319,8 +317,10 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data,
return 0;
+error_put_list:
+ amdgpu_bo_list_put(list);
+
error_free:
- if (info)
- kvfree(info);
+ kvfree(info);
return r;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 094/149] iio: imu: adis16400: release allocated memory on failure
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 093/149] drm/amdgpu: fix memory leak Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 095/149] MIPS: include: Mark __xchg as __always_inline Greg Kroah-Hartman
` (59 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Navid Emamdoost, Alexandru Ardelean,
Jonathan Cameron, Sasha Levin
From: Navid Emamdoost <navid.emamdoost@gmail.com>
[ Upstream commit ab612b1daf415b62c58e130cb3d0f30b255a14d0 ]
In adis_update_scan_mode, if allocation for adis->buffer fails,
previously allocated adis->xfer needs to be released.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/imu/adis_buffer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/imu/adis_buffer.c b/drivers/iio/imu/adis_buffer.c
index 76643c5571aa8..e59d0438de732 100644
--- a/drivers/iio/imu/adis_buffer.c
+++ b/drivers/iio/imu/adis_buffer.c
@@ -39,8 +39,11 @@ int adis_update_scan_mode(struct iio_dev *indio_dev,
return -ENOMEM;
adis->buffer = kcalloc(indio_dev->scan_bytes, 2, GFP_KERNEL);
- if (!adis->buffer)
+ if (!adis->buffer) {
+ kfree(adis->xfer);
+ adis->xfer = NULL;
return -ENOMEM;
+ }
rx = adis->buffer;
tx = rx + scan_count;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 095/149] MIPS: include: Mark __xchg as __always_inline
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 094/149] iio: imu: adis16400: release allocated memory on failure Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 096/149] MIPS: fw: sni: Fix out of bounds init of o32 stack Greg Kroah-Hartman
` (58 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Bogendoerfer,
Philippe Mathieu-Daudé,
Paul Burton, Ralf Baechle, James Hogan, linux-mips, Sasha Levin
From: Thomas Bogendoerfer <tbogendoerfer@suse.de>
[ Upstream commit 46f1619500d022501a4f0389f9f4c349ab46bb86 ]
Commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING
forcibly") allows compiler to uninline functions marked as 'inline'.
In cace of __xchg this would cause to reference function
__xchg_called_with_bad_pointer, which is an error case
for catching bugs and will not happen for correct code, if
__xchg is inlined.
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/cmpxchg.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/include/asm/cmpxchg.h b/arch/mips/include/asm/cmpxchg.h
index 895f91b9e89c3..520ca166cbed5 100644
--- a/arch/mips/include/asm/cmpxchg.h
+++ b/arch/mips/include/asm/cmpxchg.h
@@ -73,8 +73,8 @@ extern unsigned long __xchg_called_with_bad_pointer(void)
extern unsigned long __xchg_small(volatile void *ptr, unsigned long val,
unsigned int size);
-static inline unsigned long __xchg(volatile void *ptr, unsigned long x,
- int size)
+static __always_inline
+unsigned long __xchg(volatile void *ptr, unsigned long x, int size)
{
switch (size) {
case 1:
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 096/149] MIPS: fw: sni: Fix out of bounds init of o32 stack
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 095/149] MIPS: include: Mark __xchg as __always_inline Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 097/149] virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr Greg Kroah-Hartman
` (57 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Bogendoerfer, Paul Burton,
Ralf Baechle, James Hogan, linux-mips, Sasha Levin
From: Thomas Bogendoerfer <tbogendoerfer@suse.de>
[ Upstream commit efcb529694c3b707dc0471b312944337ba16e4dd ]
Use ARRAY_SIZE to caluculate the top of the o32 stack.
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/fw/sni/sniprom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/fw/sni/sniprom.c b/arch/mips/fw/sni/sniprom.c
index 8772617b64cef..80112f2298b68 100644
--- a/arch/mips/fw/sni/sniprom.c
+++ b/arch/mips/fw/sni/sniprom.c
@@ -43,7 +43,7 @@
/* O32 stack has to be 8-byte aligned. */
static u64 o32_stk[4096];
-#define O32_STK &o32_stk[sizeof(o32_stk)]
+#define O32_STK (&o32_stk[ARRAY_SIZE(o32_stk)])
#define __PROM_O32(fun, arg) fun arg __asm__(#fun); \
__asm__(#fun " = call_o32")
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 097/149] virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 096/149] MIPS: fw: sni: Fix out of bounds init of o32 stack Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 098/149] nbd: fix possible sysfs duplicate warning Greg Kroah-Hartman
` (56 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Navid Emamdoost, Hans de Goede, Sasha Levin
From: Navid Emamdoost <navid.emamdoost@gmail.com>
[ Upstream commit e0b0cb9388642c104838fac100a4af32745621e2 ]
In hgcm_call_preprocess_linaddr memory is allocated for bounce_buf but
is not released if copy_form_user fails. In order to prevent memory leak
in case of failure, the assignment to bounce_buf_ret is moved before the
error check. This way the allocated bounce_buf will be released by the
caller.
Fixes: 579db9d45cb4 ("virt: Add vboxguest VMMDEV communication code")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20190930204223.3660-1-navid.emamdoost@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virt/vboxguest/vboxguest_utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c
index bf4474214b4d3..92091006589a9 100644
--- a/drivers/virt/vboxguest/vboxguest_utils.c
+++ b/drivers/virt/vboxguest/vboxguest_utils.c
@@ -217,6 +217,8 @@ static int hgcm_call_preprocess_linaddr(
if (!bounce_buf)
return -ENOMEM;
+ *bounce_buf_ret = bounce_buf;
+
if (copy_in) {
ret = copy_from_user(bounce_buf, (void __user *)buf, len);
if (ret)
@@ -225,7 +227,6 @@ static int hgcm_call_preprocess_linaddr(
memset(bounce_buf, 0, len);
}
- *bounce_buf_ret = bounce_buf;
hgcm_call_add_pagelist_size(bounce_buf, len, extra);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 098/149] nbd: fix possible sysfs duplicate warning
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 097/149] virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 099/149] NFSv4: Fix leak of clp->cl_acceptor string Greg Kroah-Hartman
` (55 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Christie, Josef Bacik, Xiubo Li,
Jens Axboe, Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 862488105b84ca744b3d8ff131e0fcfe10644be1 ]
1. nbd_put takes the mutex and drops nbd->ref to 0. It then does
idr_remove and drops the mutex.
2. nbd_genl_connect takes the mutex. idr_find/idr_for_each fails
to find an existing device, so it does nbd_dev_add.
3. just before the nbd_put could call nbd_dev_remove or not finished
totally, but if nbd_dev_add try to add_disk, we can hit:
debugfs: Directory 'nbd1' with parent 'block' already present!
This patch will make sure all the disk add/remove stuff are done
by holding the nbd_index_mutex lock.
Reported-by: Mike Christie <mchristi@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index bc2fa4e85f0ca..d445195945618 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -228,8 +228,8 @@ static void nbd_put(struct nbd_device *nbd)
if (refcount_dec_and_mutex_lock(&nbd->refs,
&nbd_index_mutex)) {
idr_remove(&nbd_index_idr, nbd->index);
- mutex_unlock(&nbd_index_mutex);
nbd_dev_remove(nbd);
+ mutex_unlock(&nbd_index_mutex);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 099/149] NFSv4: Fix leak of clp->cl_acceptor string
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 098/149] nbd: fix possible sysfs duplicate warning Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 100/149] s390/uaccess: avoid (false positive) compiler warnings Greg Kroah-Hartman
` (54 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuck Lever, Anna Schumaker, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 1047ec868332034d1fbcb2fae19fe6d4cb869ff2 ]
Our client can issue multiple SETCLIENTID operations to the same
server in some circumstances. Ensure that calls to
nfs4_proc_setclientid() after the first one do not overwrite the
previously allocated cl_acceptor string.
unreferenced object 0xffff888461031800 (size 32):
comm "mount.nfs", pid 2227, jiffies 4294822467 (age 1407.749s)
hex dump (first 32 bytes):
6e 66 73 40 6b 6c 69 6d 74 2e 69 62 2e 31 30 31 nfs@klimt.ib.101
35 67 72 61 6e 67 65 72 2e 6e 65 74 00 00 00 00 5granger.net....
backtrace:
[<00000000ab820188>] __kmalloc+0x128/0x176
[<00000000eeaf4ec8>] gss_stringify_acceptor+0xbd/0x1a7 [auth_rpcgss]
[<00000000e85e3382>] nfs4_proc_setclientid+0x34e/0x46c [nfsv4]
[<000000003d9cf1fa>] nfs40_discover_server_trunking+0x7a/0xed [nfsv4]
[<00000000b81c3787>] nfs4_discover_server_trunking+0x81/0x244 [nfsv4]
[<000000000801b55f>] nfs4_init_client+0x1b0/0x238 [nfsv4]
[<00000000977daf7f>] nfs4_set_client+0xfe/0x14d [nfsv4]
[<0000000053a68a2a>] nfs4_create_server+0x107/0x1db [nfsv4]
[<0000000088262019>] nfs4_remote_mount+0x2c/0x59 [nfsv4]
[<00000000e84a2fd0>] legacy_get_tree+0x2d/0x4c
[<00000000797e947c>] vfs_get_tree+0x20/0xc7
[<00000000ecabaaa8>] fc_mount+0xe/0x36
[<00000000f15fafc2>] vfs_kern_mount+0x74/0x8d
[<00000000a3ff4e26>] nfs_do_root_mount+0x8a/0xa3 [nfsv4]
[<00000000d1c2b337>] nfs4_try_mount+0x58/0xad [nfsv4]
[<000000004c9bddee>] nfs_fs_mount+0x820/0x869 [nfs]
Fixes: f11b2a1cfbf5 ("nfs4: copy acceptor name from context ... ")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 621e3cf90f4eb..75faef7af22d3 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -5943,6 +5943,7 @@ int nfs4_proc_setclientid(struct nfs_client *clp, u32 program,
}
status = task->tk_status;
if (setclientid.sc_cred) {
+ kfree(clp->cl_acceptor);
clp->cl_acceptor = rpcauth_stringify_acceptor(setclientid.sc_cred);
put_rpccred(setclientid.sc_cred);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 100/149] s390/uaccess: avoid (false positive) compiler warnings
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 099/149] NFSv4: Fix leak of clp->cl_acceptor string Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 101/149] tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Greg Kroah-Hartman
` (53 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Borntraeger, Vasily Gorbik,
Sasha Levin
From: Christian Borntraeger <borntraeger@de.ibm.com>
[ Upstream commit 062795fcdcb2d22822fb42644b1d76a8ad8439b3 ]
Depending on inlining decisions by the compiler, __get/put_user_fn
might become out of line. Then the compiler is no longer able to tell
that size can only be 1,2,4 or 8 due to the check in __get/put_user
resulting in false positives like
./arch/s390/include/asm/uaccess.h: In function ‘__put_user_fn’:
./arch/s390/include/asm/uaccess.h:113:9: warning: ‘rc’ may be used uninitialized in this function [-Wmaybe-uninitialized]
113 | return rc;
| ^~
./arch/s390/include/asm/uaccess.h: In function ‘__get_user_fn’:
./arch/s390/include/asm/uaccess.h:143:9: warning: ‘rc’ may be used uninitialized in this function [-Wmaybe-uninitialized]
143 | return rc;
| ^~
These functions are supposed to be always inlined. Mark it as such.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/uaccess.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
index 5332f628c1edc..40194f8c772a0 100644
--- a/arch/s390/include/asm/uaccess.h
+++ b/arch/s390/include/asm/uaccess.h
@@ -84,7 +84,7 @@ raw_copy_to_user(void __user *to, const void *from, unsigned long n);
__rc; \
})
-static inline int __put_user_fn(void *x, void __user *ptr, unsigned long size)
+static __always_inline int __put_user_fn(void *x, void __user *ptr, unsigned long size)
{
unsigned long spec = 0x010000UL;
int rc;
@@ -114,7 +114,7 @@ static inline int __put_user_fn(void *x, void __user *ptr, unsigned long size)
return rc;
}
-static inline int __get_user_fn(void *x, const void __user *ptr, unsigned long size)
+static __always_inline int __get_user_fn(void *x, const void __user *ptr, unsigned long size)
{
unsigned long spec = 0x01UL;
int rc;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 101/149] tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 100/149] s390/uaccess: avoid (false positive) compiler warnings Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 102/149] ARM: 8914/1: NOMMU: Fix exc_ret for XIP Greg Kroah-Hartman
` (52 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Petr Mladek, Steven Rostedt (VMware),
Sasha Levin
From: Petr Mladek <pmladek@suse.com>
[ Upstream commit d303de1fcf344ff7c15ed64c3f48a991c9958775 ]
A customer reported the following softlockup:
[899688.160002] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [test.sh:16464]
[899688.160002] CPU: 0 PID: 16464 Comm: test.sh Not tainted 4.12.14-6.23-azure #1 SLE12-SP4
[899688.160002] RIP: 0010:up_write+0x1a/0x30
[899688.160002] Kernel panic - not syncing: softlockup: hung tasks
[899688.160002] RIP: 0010:up_write+0x1a/0x30
[899688.160002] RSP: 0018:ffffa86784d4fde8 EFLAGS: 00000257 ORIG_RAX: ffffffffffffff12
[899688.160002] RAX: ffffffff970fea00 RBX: 0000000000000001 RCX: 0000000000000000
[899688.160002] RDX: ffffffff00000001 RSI: 0000000000000080 RDI: ffffffff970fea00
[899688.160002] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000
[899688.160002] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b59014720d8
[899688.160002] R13: ffff8b59014720c0 R14: ffff8b5901471090 R15: ffff8b5901470000
[899688.160002] tracing_read_pipe+0x336/0x3c0
[899688.160002] __vfs_read+0x26/0x140
[899688.160002] vfs_read+0x87/0x130
[899688.160002] SyS_read+0x42/0x90
[899688.160002] do_syscall_64+0x74/0x160
It caught the process in the middle of trace_access_unlock(). There is
no loop. So, it must be looping in the caller tracing_read_pipe()
via the "waitagain" label.
Crashdump analyze uncovered that iter->seq was completely zeroed
at this point, including iter->seq.seq.size. It means that
print_trace_line() was never able to print anything and
there was no forward progress.
The culprit seems to be in the code:
/* reset all but tr, trace, and overruns */
memset(&iter->seq, 0,
sizeof(struct trace_iterator) -
offsetof(struct trace_iterator, seq));
It was added by the commit 53d0aa773053ab182877 ("ftrace:
add logic to record overruns"). It was v2.6.27-rc1.
It was the time when iter->seq looked like:
struct trace_seq {
unsigned char buffer[PAGE_SIZE];
unsigned int len;
};
There was no "size" variable and zeroing was perfectly fine.
The solution is to reinitialize the structure after or without
zeroing.
Link: http://lkml.kernel.org/r/20191011142134.11997-1-pmladek@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 27b17ea44f745..bdd7f3d78724e 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5766,6 +5766,7 @@ waitagain:
sizeof(struct trace_iterator) -
offsetof(struct trace_iterator, seq));
cpumask_clear(iter->started);
+ trace_seq_init(&iter->seq);
iter->pos = -1;
trace_event_read_lock();
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 102/149] ARM: 8914/1: NOMMU: Fix exc_ret for XIP
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 101/149] tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 103/149] ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 Greg Kroah-Hartman
` (51 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, afzal mohammed, Vladimir Murzin,
Russell King, Sasha Levin
From: Vladimir Murzin <vladimir.murzin@arm.com>
[ Upstream commit 4c0742f65b4ee466546fd24b71b56516cacd4613 ]
It was reported that 72cd4064fcca "NOMMU: Toggle only bits in
EXC_RETURN we are really care of" breaks NOMMU+XIP combination.
It happens because saved EXC_RETURN gets overwritten when data
section is relocated.
The fix is to propagate EXC_RETURN via register and let relocation
code to commit that value into memory.
Fixes: 72cd4064fcca ("ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of")
Reported-by: afzal mohammed <afzal.mohd.ma@gmail.com>
Tested-by: afzal mohammed <afzal.mohd.ma@gmail.com>
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/head-common.S | 5 +++--
arch/arm/kernel/head-nommu.S | 2 ++
arch/arm/mm/proc-v7m.S | 5 ++---
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/arm/kernel/head-common.S b/arch/arm/kernel/head-common.S
index 997b02302c314..9328f2010bc19 100644
--- a/arch/arm/kernel/head-common.S
+++ b/arch/arm/kernel/head-common.S
@@ -72,7 +72,7 @@ ENDPROC(__vet_atags)
* The following fragment of code is executed with the MMU on in MMU mode,
* and uses absolute addresses; this is not position independent.
*
- * r0 = cp#15 control register
+ * r0 = cp#15 control register (exc_ret for M-class)
* r1 = machine ID
* r2 = atags/dtb pointer
* r9 = processor ID
@@ -141,7 +141,8 @@ __mmap_switched_data:
#ifdef CONFIG_CPU_CP15
.long cr_alignment @ r3
#else
- .long 0 @ r3
+M_CLASS(.long exc_ret) @ r3
+AR_CLASS(.long 0) @ r3
#endif
.size __mmap_switched_data, . - __mmap_switched_data
diff --git a/arch/arm/kernel/head-nommu.S b/arch/arm/kernel/head-nommu.S
index cab89479d15ef..326a97aa3ea0c 100644
--- a/arch/arm/kernel/head-nommu.S
+++ b/arch/arm/kernel/head-nommu.S
@@ -205,6 +205,8 @@ M_CLASS(streq r3, [r12, #PMSAv8_MAIR1])
bic r0, r0, #V7M_SCB_CCR_IC
#endif
str r0, [r12, V7M_SCB_CCR]
+ /* Pass exc_ret to __mmap_switched */
+ mov r0, r10
#endif /* CONFIG_CPU_CP15 elif CONFIG_CPU_V7M */
ret lr
ENDPROC(__after_proc_init)
diff --git a/arch/arm/mm/proc-v7m.S b/arch/arm/mm/proc-v7m.S
index 92e84181933ad..59d82864c134b 100644
--- a/arch/arm/mm/proc-v7m.S
+++ b/arch/arm/mm/proc-v7m.S
@@ -139,9 +139,8 @@ __v7m_setup_cont:
cpsie i
svc #0
1: cpsid i
- ldr r0, =exc_ret
- orr lr, lr, #EXC_RET_THREADMODE_PROCESSSTACK
- str lr, [r0]
+ /* Calculate exc_ret */
+ orr r10, lr, #EXC_RET_THREADMODE_PROCESSSTACK
ldmia sp, {r0-r3, r12}
str r5, [r12, #11 * 4] @ restore the original SVC vector entry
mov lr, r6 @ restore LR
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 103/149] ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 102/149] ARM: 8914/1: NOMMU: Fix exc_ret for XIP Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 104/149] iwlwifi: exclude GEO SAR support for 3168 Greg Kroah-Hartman
` (50 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Takashi Iwai, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 1099f48457d06b816359fb43ac32a4a07e33219b ]
Headphone on XPS 9350/9360 produces a background white noise. The The
noise level somehow correlates with "Headphone Mic Boost", when it sets
to 1 the noise disappears. However, doing this has a side effect, which
also decreases the overall headphone volume so I didn't send the patch
upstream.
The noise was bearable back then, but after commit 717f43d81afc ("ALSA:
hda/realtek - Update headset mode for ALC256") the noise exacerbates to
a point it starts hurting ears.
So let's use the workaround to set "Headphone Mic Boost" to 1 and lock
it so it's not touchable by userspace.
Fixes: 717f43d81afc ("ALSA: hda/realtek - Update headset mode for ALC256")
BugLink: https://bugs.launchpad.net/bugs/1654448
BugLink: https://bugs.launchpad.net/bugs/1845810
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Link: https://lore.kernel.org/r/20191003043919.10960-1-kai.heng.feng@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 7480218f32ba7..45eebfea1d883 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5253,6 +5253,17 @@ static void alc271_hp_gate_mic_jack(struct hda_codec *codec,
}
}
+static void alc256_fixup_dell_xps_13_headphone_noise2(struct hda_codec *codec,
+ const struct hda_fixup *fix,
+ int action)
+{
+ if (action != HDA_FIXUP_ACT_PRE_PROBE)
+ return;
+
+ snd_hda_codec_amp_stereo(codec, 0x1a, HDA_INPUT, 0, HDA_AMP_VOLMASK, 1);
+ snd_hda_override_wcaps(codec, 0x1a, get_wcaps(codec, 0x1a) & ~AC_WCAP_IN_AMP);
+}
+
static void alc269_fixup_limit_int_mic_boost(struct hda_codec *codec,
const struct hda_fixup *fix,
int action)
@@ -5635,6 +5646,7 @@ enum {
ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE,
ALC275_FIXUP_DELL_XPS,
ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE,
+ ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE2,
ALC293_FIXUP_LENOVO_SPK_NOISE,
ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY,
ALC255_FIXUP_DELL_SPK_NOISE,
@@ -6352,6 +6364,12 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC255_FIXUP_DELL1_MIC_NO_PRESENCE
},
+ [ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE2] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc256_fixup_dell_xps_13_headphone_noise2,
+ .chained = true,
+ .chain_id = ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE
+ },
[ALC293_FIXUP_LENOVO_SPK_NOISE] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_disable_aamix,
@@ -6794,17 +6812,17 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
- SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13 9350", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
+ SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13 9350", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE2),
SND_PCI_QUIRK(0x1028, 0x0706, "Dell Inspiron 7559", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER),
SND_PCI_QUIRK(0x1028, 0x0725, "Dell Inspiron 3162", ALC255_FIXUP_DELL_SPK_NOISE),
SND_PCI_QUIRK(0x1028, 0x0738, "Dell Precision 5820", ALC269_FIXUP_NO_SHUTUP),
- SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
+ SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE2),
SND_PCI_QUIRK(0x1028, 0x075c, "Dell XPS 27 7760", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x1028, 0x07b0, "Dell Precision 7520", ALC295_FIXUP_DISABLE_DAC3),
SND_PCI_QUIRK(0x1028, 0x0798, "Dell Inspiron 17 7000 Gaming", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER),
SND_PCI_QUIRK(0x1028, 0x080c, "Dell WYSE", ALC225_FIXUP_DELL_WYSE_MIC_NO_PRESENCE),
- SND_PCI_QUIRK(0x1028, 0x082a, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
+ SND_PCI_QUIRK(0x1028, 0x082a, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE2),
SND_PCI_QUIRK(0x1028, 0x084b, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
SND_PCI_QUIRK(0x1028, 0x084e, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
SND_PCI_QUIRK(0x1028, 0x0871, "Dell Precision 3630", ALC255_FIXUP_DELL_HEADSET_MIC),
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 104/149] iwlwifi: exclude GEO SAR support for 3168
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 103/149] ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 105/149] nbd: verify socket is supported during setup Greg Kroah-Hartman
` (49 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luca Coelho, Sasha Levin
From: Luca Coelho <luciano.coelho@intel.com>
[ Upstream commit 12e36d98d3e5acf5fc57774e0a15906d55f30cb9 ]
We currently support two NICs in FW version 29, namely 7265D and 3168.
Out of these, only 7265D supports GEO SAR, so adjust the function that
checks for it accordingly.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Fixes: f5a47fae6aa3 ("iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
index 9cb9f0544c9b1..2eba6d6f367f8 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -843,15 +843,17 @@ static bool iwl_mvm_sar_geo_support(struct iwl_mvm *mvm)
* firmware versions. Unfortunately, we don't have a TLV API
* flag to rely on, so rely on the major version which is in
* the first byte of ucode_ver. This was implemented
- * initially on version 38 and then backported to29 and 17.
- * The intention was to have it in 36 as well, but not all
- * 8000 family got this feature enabled. The 8000 family is
- * the only one using version 36, so skip this version
- * entirely.
+ * initially on version 38 and then backported to 17. It was
+ * also backported to 29, but only for 7265D devices. The
+ * intention was to have it in 36 as well, but not all 8000
+ * family got this feature enabled. The 8000 family is the
+ * only one using version 36, so skip this version entirely.
*/
return IWL_UCODE_SERIAL(mvm->fw->ucode_ver) >= 38 ||
- IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 29 ||
- IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 17;
+ IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 17 ||
+ (IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 29 &&
+ ((mvm->trans->hw_rev & CSR_HW_REV_TYPE_MSK) ==
+ CSR_HW_REV_TYPE_7265D));
}
int iwl_mvm_get_sar_geo_profile(struct iwl_mvm *mvm)
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 105/149] nbd: verify socket is supported during setup
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 104/149] iwlwifi: exclude GEO SAR support for 3168 Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 106/149] USB: legousbtower: fix a signedness bug in tower_probe() Greg Kroah-Hartman
` (48 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+24c12fa8d218ed26011a,
Richard W.M. Jones, Mike Christie, Jens Axboe, Sasha Levin
From: Mike Christie <mchristi@redhat.com>
[ Upstream commit cf1b2326b734896734c6e167e41766f9cee7686a ]
nbd requires socket families to support the shutdown method so the nbd
recv workqueue can be woken up from its sock_recvmsg call. If the socket
does not support the callout we will leave recv works running or get hangs
later when the device or module is removed.
This adds a check during socket connection/reconnection to make sure the
socket being passed in supports the needed callout.
Reported-by: syzbot+24c12fa8d218ed26011a@syzkaller.appspotmail.com
Fixes: e9e006f5fcf2 ("nbd: fix max number of supported devs")
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index d445195945618..bd9aafe86c2fc 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -924,6 +924,25 @@ static blk_status_t nbd_queue_rq(struct blk_mq_hw_ctx *hctx,
return ret;
}
+static struct socket *nbd_get_socket(struct nbd_device *nbd, unsigned long fd,
+ int *err)
+{
+ struct socket *sock;
+
+ *err = 0;
+ sock = sockfd_lookup(fd, err);
+ if (!sock)
+ return NULL;
+
+ if (sock->ops->shutdown == sock_no_shutdown) {
+ dev_err(disk_to_dev(nbd->disk), "Unsupported socket: shutdown callout must be supported.\n");
+ *err = -EINVAL;
+ return NULL;
+ }
+
+ return sock;
+}
+
static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
bool netlink)
{
@@ -933,7 +952,7 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
struct nbd_sock *nsock;
int err;
- sock = sockfd_lookup(arg, &err);
+ sock = nbd_get_socket(nbd, arg, &err);
if (!sock)
return err;
@@ -985,7 +1004,7 @@ static int nbd_reconnect_socket(struct nbd_device *nbd, unsigned long arg)
int i;
int err;
- sock = sockfd_lookup(arg, &err);
+ sock = nbd_get_socket(nbd, arg, &err);
if (!sock)
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 106/149] USB: legousbtower: fix a signedness bug in tower_probe()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 105/149] nbd: verify socket is supported during setup Greg Kroah-Hartman
@ 2019-11-04 21:44 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 107/149] thunderbolt: Use 32-bit writes when writing ring producer/consumer Greg Kroah-Hartman
` (47 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Johan Hovold, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit fd47a417e75e2506eb3672ae569b1c87e3774155 ]
The problem is that sizeof() is unsigned long so negative error codes
are type promoted to high positive values and the condition becomes
false.
Fixes: 1d427be4a39d ("USB: legousbtower: fix slab info leak at probe")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191011141115.GA4521@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/legousbtower.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/misc/legousbtower.c b/drivers/usb/misc/legousbtower.c
index 62dab2441ec4f..23061f1526b4e 100644
--- a/drivers/usb/misc/legousbtower.c
+++ b/drivers/usb/misc/legousbtower.c
@@ -878,7 +878,7 @@ static int tower_probe (struct usb_interface *interface, const struct usb_device
get_version_reply,
sizeof(*get_version_reply),
1000);
- if (result < sizeof(*get_version_reply)) {
+ if (result != sizeof(*get_version_reply)) {
if (result >= 0)
result = -EIO;
dev_err(idev, "get version request failed: %d\n", result);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 107/149] thunderbolt: Use 32-bit writes when writing ring producer/consumer
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2019-11-04 21:44 ` [PATCH 4.19 106/149] USB: legousbtower: fix a signedness bug in tower_probe() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 108/149] ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Greg Kroah-Hartman
` (46 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mika Westerberg, Yehezkel Bernat,
Mario Limonciello, Sasha Levin
From: Mika Westerberg <mika.westerberg@linux.intel.com>
[ Upstream commit 943795219d3cb9f8ce6ce51cad3ffe1f61e95c6b ]
The register access should be using 32-bit reads/writes according to the
datasheet. With the previous generation hardware 16-bit writes have been
working but starting with ICL this is not the case anymore so fix
producer/consumer register update to use correct width register address.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <YehezkelShB@gmail.com>
Tested-by: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/nhi.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/drivers/thunderbolt/nhi.c b/drivers/thunderbolt/nhi.c
index 5cd6bdfa068f9..d436a1534fc2b 100644
--- a/drivers/thunderbolt/nhi.c
+++ b/drivers/thunderbolt/nhi.c
@@ -142,9 +142,20 @@ static void __iomem *ring_options_base(struct tb_ring *ring)
return io;
}
-static void ring_iowrite16desc(struct tb_ring *ring, u32 value, u32 offset)
+static void ring_iowrite_cons(struct tb_ring *ring, u16 cons)
{
- iowrite16(value, ring_desc_base(ring) + offset);
+ /*
+ * The other 16-bits in the register is read-only and writes to it
+ * are ignored by the hardware so we can save one ioread32() by
+ * filling the read-only bits with zeroes.
+ */
+ iowrite32(cons, ring_desc_base(ring) + 8);
+}
+
+static void ring_iowrite_prod(struct tb_ring *ring, u16 prod)
+{
+ /* See ring_iowrite_cons() above for explanation */
+ iowrite32(prod << 16, ring_desc_base(ring) + 8);
}
static void ring_iowrite32desc(struct tb_ring *ring, u32 value, u32 offset)
@@ -196,7 +207,10 @@ static void ring_write_descriptors(struct tb_ring *ring)
descriptor->sof = frame->sof;
}
ring->head = (ring->head + 1) % ring->size;
- ring_iowrite16desc(ring, ring->head, ring->is_tx ? 10 : 8);
+ if (ring->is_tx)
+ ring_iowrite_prod(ring, ring->head);
+ else
+ ring_iowrite_cons(ring, ring->head);
}
}
@@ -660,7 +674,7 @@ void tb_ring_stop(struct tb_ring *ring)
ring_iowrite32options(ring, 0, 0);
ring_iowrite64desc(ring, 0, 0);
- ring_iowrite16desc(ring, 0, ring->is_tx ? 10 : 8);
+ ring_iowrite32desc(ring, 0, 8);
ring_iowrite32desc(ring, 0, 12);
ring->head = 0;
ring->tail = 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 108/149] ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 107/149] thunderbolt: Use 32-bit writes when writing ring producer/consumer Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 109/149] fuse: flush dirty data/metadata before non-truncate setattr Greg Kroah-Hartman
` (45 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hui Peng, Mathias Payer, Kalle Valo,
Sasha Levin
From: Hui Peng <benquike@gmail.com>
[ Upstream commit 39d170b3cb62ba98567f5c4f40c27b5864b304e5 ]
The `ar_usb` field of `ath6kl_usb_pipe_usb_pipe` objects
are initialized to point to the containing `ath6kl_usb` object
according to endpoint descriptors read from the device side, as shown
below in `ath6kl_usb_setup_pipe_resources`:
for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
endpoint = &iface_desc->endpoint[i].desc;
// get the address from endpoint descriptor
pipe_num = ath6kl_usb_get_logical_pipe_num(ar_usb,
endpoint->bEndpointAddress,
&urbcount);
......
// select the pipe object
pipe = &ar_usb->pipes[pipe_num];
// initialize the ar_usb field
pipe->ar_usb = ar_usb;
}
The driver assumes that the addresses reported in endpoint
descriptors from device side to be complete. If a device is
malicious and does not report complete addresses, it may trigger
NULL-ptr-deref `ath6kl_usb_alloc_urb_from_pipe` and
`ath6kl_usb_free_urb_to_pipe`.
This patch fixes the bug by preventing potential NULL-ptr-deref
(CVE-2019-15098).
Signed-off-by: Hui Peng <benquike@gmail.com>
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath6kl/usb.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/wireless/ath/ath6kl/usb.c b/drivers/net/wireless/ath/ath6kl/usb.c
index 4defb7a0330f4..53b66e9434c99 100644
--- a/drivers/net/wireless/ath/ath6kl/usb.c
+++ b/drivers/net/wireless/ath/ath6kl/usb.c
@@ -132,6 +132,10 @@ ath6kl_usb_alloc_urb_from_pipe(struct ath6kl_usb_pipe *pipe)
struct ath6kl_urb_context *urb_context = NULL;
unsigned long flags;
+ /* bail if this pipe is not initialized */
+ if (!pipe->ar_usb)
+ return NULL;
+
spin_lock_irqsave(&pipe->ar_usb->cs_lock, flags);
if (!list_empty(&pipe->urb_list_head)) {
urb_context =
@@ -150,6 +154,10 @@ static void ath6kl_usb_free_urb_to_pipe(struct ath6kl_usb_pipe *pipe,
{
unsigned long flags;
+ /* bail if this pipe is not initialized */
+ if (!pipe->ar_usb)
+ return;
+
spin_lock_irqsave(&pipe->ar_usb->cs_lock, flags);
pipe->urb_cnt++;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 109/149] fuse: flush dirty data/metadata before non-truncate setattr
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 108/149] ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 110/149] fuse: truncate pending writes on O_TRUNC Greg Kroah-Hartman
` (44 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Giuseppe Scrivano, Miklos Szeredi
From: Miklos Szeredi <mszeredi@redhat.com>
commit b24e7598db62386a95a3c8b9c75630c5d56fe077 upstream.
If writeback cache is enabled, then writes might get reordered with
chmod/chown/utimes. The problem with this is that performing the write in
the fuse daemon might itself change some of these attributes. In such case
the following sequence of operations will result in file ending up with the
wrong mode, for example:
int fd = open ("suid", O_WRONLY|O_CREAT|O_EXCL);
write (fd, "1", 1);
fchown (fd, 0, 0);
fchmod (fd, 04755);
close (fd);
This patch fixes this by flushing pending writes before performing
chown/chmod/utimes.
Reported-by: Giuseppe Scrivano <gscrivan@redhat.com>
Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fixes: 4d99ff8f12eb ("fuse: Turn writeback cache on")
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/dir.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1665,6 +1665,19 @@ int fuse_do_setattr(struct dentry *dentr
if (attr->ia_valid & ATTR_SIZE)
is_truncate = true;
+ /* Flush dirty data/metadata before non-truncate SETATTR */
+ if (is_wb && S_ISREG(inode->i_mode) &&
+ attr->ia_valid &
+ (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
+ ATTR_TIMES_SET)) {
+ err = write_inode_now(inode, true);
+ if (err)
+ return err;
+
+ fuse_set_nowrite(inode);
+ fuse_release_nowrite(inode);
+ }
+
if (is_truncate) {
fuse_set_nowrite(inode);
set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 110/149] fuse: truncate pending writes on O_TRUNC
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 109/149] fuse: flush dirty data/metadata before non-truncate setattr Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 111/149] ALSA: bebob: Fix prototype of helper function to return negative value Greg Kroah-Hartman
` (43 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miklos Szeredi
From: Miklos Szeredi <mszeredi@redhat.com>
commit e4648309b85a78f8c787457832269a8712a8673e upstream.
Make sure cached writes are not reordered around open(..., O_TRUNC), with
the obvious wrong results.
Fixes: 4d99ff8f12eb ("fuse: Turn writeback cache on")
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/file.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -202,7 +202,7 @@ int fuse_open_common(struct inode *inode
{
struct fuse_conn *fc = get_fuse_conn(inode);
int err;
- bool lock_inode = (file->f_flags & O_TRUNC) &&
+ bool is_wb_truncate = (file->f_flags & O_TRUNC) &&
fc->atomic_o_trunc &&
fc->writeback_cache;
@@ -210,16 +210,20 @@ int fuse_open_common(struct inode *inode
if (err)
return err;
- if (lock_inode)
+ if (is_wb_truncate) {
inode_lock(inode);
+ fuse_set_nowrite(inode);
+ }
err = fuse_do_open(fc, get_node_id(inode), file, isdir);
if (!err)
fuse_finish_open(inode, file);
- if (lock_inode)
+ if (is_wb_truncate) {
+ fuse_release_nowrite(inode);
inode_unlock(inode);
+ }
return err;
}
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 111/149] ALSA: bebob: Fix prototype of helper function to return negative value
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 110/149] fuse: truncate pending writes on O_TRUNC Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 112/149] ALSA: hda/realtek - Fix 2 front mics of codec 0x623 Greg Kroah-Hartman
` (42 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Sakamoto, Takashi Iwai
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit f2bbdbcb075f3977a53da3bdcb7cd460bc8ae5f2 upstream.
A helper function of ALSA bebob driver returns negative value in a
function which has a prototype to return unsigned value.
This commit fixes it by changing the prototype.
Fixes: eb7b3a056cd8 ("ALSA: bebob: Add commands and connections/streams management")
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20191026030620.12077-1-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/firewire/bebob/bebob_stream.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/sound/firewire/bebob/bebob_stream.c
+++ b/sound/firewire/bebob/bebob_stream.c
@@ -253,8 +253,7 @@ end:
return err;
}
-static unsigned int
-map_data_channels(struct snd_bebob *bebob, struct amdtp_stream *s)
+static int map_data_channels(struct snd_bebob *bebob, struct amdtp_stream *s)
{
unsigned int sec, sections, ch, channels;
unsigned int pcm, midi, location;
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 112/149] ALSA: hda/realtek - Fix 2 front mics of codec 0x623
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 111/149] ALSA: bebob: Fix prototype of helper function to return negative value Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 113/149] ALSA: hda/realtek - Add support for ALC623 Greg Kroah-Hartman
` (41 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aaron Ma, Takashi Iwai
From: Aaron Ma <aaron.ma@canonical.com>
commit 8a6c55d0f883e9a7e7c91841434f3b6bbf932bb2 upstream.
These 2 ThinkCentres installed a new realtek codec ID 0x623,
it has 2 front mics with the same location on pin 0x18 and 0x19.
Apply fixup ALC283_FIXUP_HEADSET_MIC to change 1 front mic
location to right, then pulseaudio can handle them.
One "Front Mic" and one "Mic" will be shown, and audio output works
fine.
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191024114439.31522-1-aaron.ma@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6998,6 +6998,8 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
SND_PCI_QUIRK(0x17aa, 0x3151, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC),
+ SND_PCI_QUIRK(0x17aa, 0x3176, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC),
+ SND_PCI_QUIRK(0x17aa, 0x3178, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC),
SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "Lenovo B50-70", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 113/149] ALSA: hda/realtek - Add support for ALC623
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 112/149] ALSA: hda/realtek - Fix 2 front mics of codec 0x623 Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Greg Kroah-Hartman
` (40 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kailang Yang, Takashi Iwai
From: Kailang Yang <kailang@realtek.com>
commit f0778871a13889b86a65d4ad34bef8340af9d082 upstream.
Support new codec ALC623.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/ed97b6a8bd9445ecb48bc763d9aaba7a@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -421,6 +421,9 @@ static void alc_fill_eapd_coef(struct hd
case 0x10ec0672:
alc_update_coef_idx(codec, 0xd, 0, 1<<14); /* EAPD Ctrl */
break;
+ case 0x10ec0623:
+ alc_update_coef_idx(codec, 0x19, 1<<13, 0);
+ break;
case 0x10ec0668:
alc_update_coef_idx(codec, 0x7, 3<<13, 0);
break;
@@ -2908,6 +2911,7 @@ enum {
ALC269_TYPE_ALC225,
ALC269_TYPE_ALC294,
ALC269_TYPE_ALC300,
+ ALC269_TYPE_ALC623,
ALC269_TYPE_ALC700,
};
@@ -2943,6 +2947,7 @@ static int alc269_parse_auto_config(stru
case ALC269_TYPE_ALC225:
case ALC269_TYPE_ALC294:
case ALC269_TYPE_ALC300:
+ case ALC269_TYPE_ALC623:
case ALC269_TYPE_ALC700:
ssids = alc269_ssids;
break;
@@ -7783,6 +7788,9 @@ static int patch_alc269(struct hda_codec
spec->codec_variant = ALC269_TYPE_ALC300;
spec->gen.mixer_nid = 0; /* no loopback on ALC300 */
break;
+ case 0x10ec0623:
+ spec->codec_variant = ALC269_TYPE_ALC623;
+ break;
case 0x10ec0700:
case 0x10ec0701:
case 0x10ec0703:
@@ -8901,6 +8909,7 @@ static const struct hda_device_id snd_hd
HDA_CODEC_ENTRY(0x10ec0298, "ALC298", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0299, "ALC299", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0300, "ALC300", patch_alc269),
+ HDA_CODEC_ENTRY(0x10ec0623, "ALC623", patch_alc269),
HDA_CODEC_REV_ENTRY(0x10ec0861, 0x100340, "ALC660", patch_alc861),
HDA_CODEC_ENTRY(0x10ec0660, "ALC660-VD", patch_alc861vd),
HDA_CODEC_ENTRY(0x10ec0861, "ALC861", patch_alc861),
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 113/149] ALSA: hda/realtek - Add support for ALC623 Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-05 14:36 ` Oliver Neukum
2019-11-04 21:45 ` [PATCH 4.19 115/149] USB: gadget: Reject endpoints with 0 maxpacket value Greg Kroah-Hartman
` (39 subsequent siblings)
153 siblings, 1 reply; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Oliver Neukum, Christoph Hellwig
From: Alan Stern <stern@rowland.harvard.edu>
commit 1186f86a71130a7635a20843e355bb880c7349b2 upstream.
Commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments"),
copying a similar commit for usb-storage, attempted to solve a problem
involving scatter-gather I/O and USB/IP by setting the
virt_boundary_mask for mass-storage devices.
However, it now turns out that the analogous change in usb-storage
interacted badly with commit 09324d32d2a0 ("block: force an unlimited
segment size on queues with a virt boundary"), which was added later.
A typical error message is:
ehci-pci 0000:00:13.2: swiotlb buffer is full (sz: 327680 bytes),
total 32768 (slots), used 97 (slots)
There is no longer any reason to keep the virt_boundary_mask setting
in the uas driver. It was needed in the first place only for
handling devices with a block size smaller than the maxpacket size and
where the host controller was not capable of fully general
scatter-gather operation (that is, able to merge two SG segments into
a single USB packet). But:
High-speed or slower connections never use a bulk maxpacket
value larger than 512;
The SCSI layer does not handle block devices with a block size
smaller than 512 bytes;
All the host controllers capable of SuperSpeed operation can
handle fully general SG;
Since commit ea44d190764b ("usbip: Implement SG support to
vhci-hcd and stub driver") was merged, the USB/IP driver can
also handle SG.
Therefore all supported device/controller combinations should be okay
with no need for any special virt_boundary_mask. So in order to head
off potential problems similar to those affecting usb-storage, this
patch reverts commit 3ae62a42090f.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Oliver Neukum <oneukum@suse.com>
CC: <stable@vger.kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Fixes: 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1910231132470.1878-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/uas.c | 20 --------------------
1 file changed, 20 deletions(-)
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -796,30 +796,10 @@ static int uas_slave_alloc(struct scsi_d
{
struct uas_dev_info *devinfo =
(struct uas_dev_info *)sdev->host->hostdata;
- int maxp;
sdev->hostdata = devinfo;
/*
- * We have two requirements here. We must satisfy the requirements
- * of the physical HC and the demands of the protocol, as we
- * definitely want no additional memory allocation in this path
- * ruling out using bounce buffers.
- *
- * For a transmission on USB to continue we must never send
- * a package that is smaller than maxpacket. Hence the length of each
- * scatterlist element except the last must be divisible by the
- * Bulk maxpacket value.
- * If the HC does not ensure that through SG,
- * the upper layer must do that. We must assume nothing
- * about the capabilities off the HC, so we use the most
- * pessimistic requirement.
- */
-
- maxp = usb_maxpacket(devinfo->udev, devinfo->data_in_pipe, 0);
- blk_queue_virt_boundary(sdev->request_queue, maxp - 1);
-
- /*
* The protocol has no requirements on alignment in the strict sense.
* Controllers may or may not have alignment restrictions.
* As this is not exported, we use an extremely conservative guess.
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 115/149] USB: gadget: Reject endpoints with 0 maxpacket value
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 116/149] usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") Greg Kroah-Hartman
` (38 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Felipe Balbi,
syzbot+8ab8bf161038a8768553
From: Alan Stern <stern@rowland.harvard.edu>
commit 54f83b8c8ea9b22082a496deadf90447a326954e upstream.
Endpoints with a maxpacket length of 0 are probably useless. They
can't transfer any data, and it's not at all unlikely that a UDC will
crash or hang when trying to handle a non-zero-length usb_request for
such an endpoint. Indeed, dummy-hcd gets a divide error when trying
to calculate the remainder of a transfer length by the maxpacket
value, as discovered by the syzbot fuzzer.
Currently the gadget core does not check for endpoints having a
maxpacket value of 0. This patch adds a check to usb_ep_enable(),
preventing such endpoints from being used.
As far as I know, none of the gadget drivers in the kernel tries to
create an endpoint with maxpacket = 0, but until now there has been
nothing to prevent userspace programs under gadgetfs or configfs from
doing it.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+8ab8bf161038a8768553@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Acked-by: Felipe Balbi <balbi@kernel.org>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1910281052370.1485-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/core.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/usb/gadget/udc/core.c
+++ b/drivers/usb/gadget/udc/core.c
@@ -98,6 +98,17 @@ int usb_ep_enable(struct usb_ep *ep)
if (ep->enabled)
goto out;
+ /* UDC drivers can't handle endpoints with maxpacket size 0 */
+ if (usb_endpoint_maxp(ep->desc) == 0) {
+ /*
+ * We should log an error message here, but we can't call
+ * dev_err() because there's no way to find the gadget
+ * given only ep.
+ */
+ ret = -EINVAL;
+ goto out;
+ }
+
ret = ep->ops->enable(ep, ep->desc);
if (ret)
goto out;
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 116/149] usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 115/149] USB: gadget: Reject endpoints with 0 maxpacket value Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 117/149] USB: ldusb: fix ring-buffer locking Greg Kroah-Hartman
` (37 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Seth Bollinger,
Christoph Hellwig, Piergiorgio Sartor
From: Alan Stern <stern@rowland.harvard.edu>
commit 9a976949613132977098fc49510b46fa8678d864 upstream.
Commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG
overflows") attempted to solve a problem involving scatter-gather I/O
and USB/IP by setting the virt_boundary_mask for mass-storage devices.
However, it now turns out that this interacts badly with commit
09324d32d2a0 ("block: force an unlimited segment size on queues with a
virt boundary"), which was added later. A typical error message is:
ehci-pci 0000:00:13.2: swiotlb buffer is full (sz: 327680 bytes),
total 32768 (slots), used 97 (slots)
There is no longer any reason to keep the virt_boundary_mask setting
for usb-storage. It was needed in the first place only for handling
devices with a block size smaller than the maxpacket size and where
the host controller was not capable of fully general scatter-gather
operation (that is, able to merge two SG segments into a single USB
packet). But:
High-speed or slower connections never use a bulk maxpacket
value larger than 512;
The SCSI layer does not handle block devices with a block size
smaller than 512 bytes;
All the host controllers capable of SuperSpeed operation can
handle fully general SG;
Since commit ea44d190764b ("usbip: Implement SG support to
vhci-hcd and stub driver") was merged, the USB/IP driver can
also handle SG.
Therefore all supported device/controller combinations should be okay
with no need for any special virt_boundary_mask. So in order to fix
the swiotlb problem, this patch reverts commit 747668dbc061.
Reported-and-tested-by: Piergiorgio Sartor <piergiorgio.sartor@nexgo.de>
Link: https://marc.info/?l=linux-usb&m=157134199501202&w=2
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Seth Bollinger <Seth.Bollinger@digi.com>
CC: <stable@vger.kernel.org>
Fixes: 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
Acked-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1910211145520.1673-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/scsiglue.c | 10 ----------
1 file changed, 10 deletions(-)
--- a/drivers/usb/storage/scsiglue.c
+++ b/drivers/usb/storage/scsiglue.c
@@ -65,7 +65,6 @@ static const char* host_info(struct Scsi
static int slave_alloc (struct scsi_device *sdev)
{
struct us_data *us = host_to_us(sdev->host);
- int maxp;
/*
* Set the INQUIRY transfer length to 36. We don't use any of
@@ -75,15 +74,6 @@ static int slave_alloc (struct scsi_devi
sdev->inquiry_len = 36;
/*
- * USB has unusual scatter-gather requirements: the length of each
- * scatterlist element except the last must be divisible by the
- * Bulk maxpacket value. Fortunately this value is always a
- * power of 2. Inform the block layer about this requirement.
- */
- maxp = usb_maxpacket(us->pusb_dev, us->recv_bulk_pipe, 0);
- blk_queue_virt_boundary(sdev->request_queue, maxp - 1);
-
- /*
* Some host controllers may have alignment requirements.
* We'll play it safe by requiring 512-byte alignment always.
*/
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 117/149] USB: ldusb: fix ring-buffer locking
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 116/149] usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 118/149] USB: ldusb: fix control-message timeout Greg Kroah-Hartman
` (36 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit d98ee2a19c3334e9343df3ce254b496f1fc428eb upstream.
The custom ring-buffer implementation was merged without any locking or
explicit memory barriers, but a spinlock was later added by commit
9d33efd9a791 ("USB: ldusb bugfix").
The lock did not cover the update of the tail index once the entry had
been processed, something which could lead to memory corruption on
weakly ordered architectures or due to compiler optimisations.
Specifically, a completion handler running on another CPU might observe
the incremented tail index and update the entry before ld_usb_read() is
done with it.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Fixes: 9d33efd9a791 ("USB: ldusb bugfix")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191022143203.5260-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/misc/ldusb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/misc/ldusb.c
+++ b/drivers/usb/misc/ldusb.c
@@ -495,11 +495,11 @@ static ssize_t ld_usb_read(struct file *
retval = -EFAULT;
goto unlock_exit;
}
- dev->ring_tail = (dev->ring_tail+1) % ring_buffer_size;
-
retval = bytes_to_read;
spin_lock_irq(&dev->rbsl);
+ dev->ring_tail = (dev->ring_tail + 1) % ring_buffer_size;
+
if (dev->buffer_overflow) {
dev->buffer_overflow = 0;
spin_unlock_irq(&dev->rbsl);
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 118/149] USB: ldusb: fix control-message timeout
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 117/149] USB: ldusb: fix ring-buffer locking Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 119/149] usb: xhci: fix __le32/__le64 accessors in debugfs code Greg Kroah-Hartman
` (35 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+a4fbb3bb76cda0ea4e58, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit 52403cfbc635d28195167618690595013776ebde upstream.
USB control-message timeouts are specified in milliseconds, not jiffies.
Waiting 83 minutes for a transfer to complete is a bit excessive.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Reported-by: syzbot+a4fbb3bb76cda0ea4e58@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191022153127.22295-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/misc/ldusb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/misc/ldusb.c
+++ b/drivers/usb/misc/ldusb.c
@@ -580,7 +580,7 @@ static ssize_t ld_usb_write(struct file
1 << 8, 0,
dev->interrupt_out_buffer,
bytes_to_write,
- USB_CTRL_SET_TIMEOUT * HZ);
+ USB_CTRL_SET_TIMEOUT);
if (retval < 0)
dev_err(&dev->intf->dev,
"Couldn't submit HID_REQ_SET_REPORT %d\n",
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 119/149] usb: xhci: fix __le32/__le64 accessors in debugfs code
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 118/149] USB: ldusb: fix control-message timeout Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 120/149] USB: serial: whiteheat: fix potential slab corruption Greg Kroah-Hartman
` (34 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Dooks, Mathias Nyman
From: Ben Dooks (Codethink) <ben.dooks@codethink.co.uk>
commit d5501d5c29a2e684640507cfee428178d6fd82ca upstream.
It looks like some of the xhci debug code is passing u32 to functions
directly from __le32/__le64 fields.
Fix this by using le{32,64}_to_cpu() on these to fix the following
sparse warnings;
xhci-debugfs.c:205:62: warning: incorrect type in argument 1 (different base types)
xhci-debugfs.c:205:62: expected unsigned int [usertype] field0
xhci-debugfs.c:205:62: got restricted __le32
xhci-debugfs.c:206:62: warning: incorrect type in argument 2 (different base types)
xhci-debugfs.c:206:62: expected unsigned int [usertype] field1
xhci-debugfs.c:206:62: got restricted __le32
...
[Trim down commit message, sparse warnings were similar -Mathias]
Cc: <stable@vger.kernel.org> # 4.15+
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/1572013829-14044-4-git-send-email-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-debugfs.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/drivers/usb/host/xhci-debugfs.c
+++ b/drivers/usb/host/xhci-debugfs.c
@@ -202,10 +202,10 @@ static void xhci_ring_dump_segment(struc
trb = &seg->trbs[i];
dma = seg->dma + i * sizeof(*trb);
seq_printf(s, "%pad: %s\n", &dma,
- xhci_decode_trb(trb->generic.field[0],
- trb->generic.field[1],
- trb->generic.field[2],
- trb->generic.field[3]));
+ xhci_decode_trb(le32_to_cpu(trb->generic.field[0]),
+ le32_to_cpu(trb->generic.field[1]),
+ le32_to_cpu(trb->generic.field[2]),
+ le32_to_cpu(trb->generic.field[3])));
}
}
@@ -263,10 +263,10 @@ static int xhci_slot_context_show(struct
xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus));
slot_ctx = xhci_get_slot_ctx(xhci, dev->out_ctx);
seq_printf(s, "%pad: %s\n", &dev->out_ctx->dma,
- xhci_decode_slot_context(slot_ctx->dev_info,
- slot_ctx->dev_info2,
- slot_ctx->tt_info,
- slot_ctx->dev_state));
+ xhci_decode_slot_context(le32_to_cpu(slot_ctx->dev_info),
+ le32_to_cpu(slot_ctx->dev_info2),
+ le32_to_cpu(slot_ctx->tt_info),
+ le32_to_cpu(slot_ctx->dev_state)));
return 0;
}
@@ -286,10 +286,10 @@ static int xhci_endpoint_context_show(st
ep_ctx = xhci_get_ep_ctx(xhci, dev->out_ctx, dci);
dma = dev->out_ctx->dma + dci * CTX_SIZE(xhci->hcc_params);
seq_printf(s, "%pad: %s\n", &dma,
- xhci_decode_ep_context(ep_ctx->ep_info,
- ep_ctx->ep_info2,
- ep_ctx->deq,
- ep_ctx->tx_info));
+ xhci_decode_ep_context(le32_to_cpu(ep_ctx->ep_info),
+ le32_to_cpu(ep_ctx->ep_info2),
+ le64_to_cpu(ep_ctx->deq),
+ le32_to_cpu(ep_ctx->tx_info)));
}
return 0;
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 120/149] USB: serial: whiteheat: fix potential slab corruption
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 119/149] usb: xhci: fix __le32/__le64 accessors in debugfs code Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 121/149] USB: serial: whiteheat: fix line-speed endianness Greg Kroah-Hartman
` (33 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit 1251dab9e0a2c4d0d2d48370ba5baa095a5e8774 upstream.
Fix a user-controlled slab buffer overflow due to a missing sanity check
on the bulk-out transfer buffer used for control requests.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191029102354.2733-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/whiteheat.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/serial/whiteheat.c
+++ b/drivers/usb/serial/whiteheat.c
@@ -571,6 +571,10 @@ static int firm_send_command(struct usb_
command_port = port->serial->port[COMMAND_PORT];
command_info = usb_get_serial_port_data(command_port);
+
+ if (command_port->bulk_out_size < datasize + 1)
+ return -EIO;
+
mutex_lock(&command_info->mutex);
command_info->command_finished = false;
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 121/149] USB: serial: whiteheat: fix line-speed endianness
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 120/149] USB: serial: whiteheat: fix potential slab corruption Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 122/149] scsi: target: cxgbit: Fix cxgbit_fw4_ack() Greg Kroah-Hartman
` (32 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit 84968291d7924261c6a0624b9a72f952398e258b upstream.
Add missing endianness conversion when setting the line speed so that
this driver might work also on big-endian machines.
Also use an unsigned format specifier in the corresponding debug
message.
Signed-off-by: Johan Hovold <johan@kernel.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191029102354.2733-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/whiteheat.c | 9 ++++++---
drivers/usb/serial/whiteheat.h | 2 +-
2 files changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/usb/serial/whiteheat.c
+++ b/drivers/usb/serial/whiteheat.c
@@ -648,6 +648,7 @@ static void firm_setup_port(struct tty_s
struct device *dev = &port->dev;
struct whiteheat_port_settings port_settings;
unsigned int cflag = tty->termios.c_cflag;
+ speed_t baud;
port_settings.port = port->port_number + 1;
@@ -708,11 +709,13 @@ static void firm_setup_port(struct tty_s
dev_dbg(dev, "%s - XON = %2x, XOFF = %2x\n", __func__, port_settings.xon, port_settings.xoff);
/* get the baud rate wanted */
- port_settings.baud = tty_get_baud_rate(tty);
- dev_dbg(dev, "%s - baud rate = %d\n", __func__, port_settings.baud);
+ baud = tty_get_baud_rate(tty);
+ port_settings.baud = cpu_to_le32(baud);
+ dev_dbg(dev, "%s - baud rate = %u\n", __func__, baud);
/* fixme: should set validated settings */
- tty_encode_baud_rate(tty, port_settings.baud, port_settings.baud);
+ tty_encode_baud_rate(tty, baud, baud);
+
/* handle any settings that aren't specified in the tty structure */
port_settings.lloop = 0;
--- a/drivers/usb/serial/whiteheat.h
+++ b/drivers/usb/serial/whiteheat.h
@@ -87,7 +87,7 @@ struct whiteheat_simple {
struct whiteheat_port_settings {
__u8 port; /* port number (1 to N) */
- __u32 baud; /* any value 7 - 460800, firmware calculates
+ __le32 baud; /* any value 7 - 460800, firmware calculates
best fit; arrives little endian */
__u8 bits; /* 5, 6, 7, or 8 */
__u8 stop; /* 1 or 2, default 1 (2 = 1.5 if bits = 5) */
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 122/149] scsi: target: cxgbit: Fix cxgbit_fw4_ack()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 121/149] USB: serial: whiteheat: fix line-speed endianness Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 123/149] HID: i2c-hid: add Trekstor Primebook C11B to descriptor override Greg Kroah-Hartman
` (31 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Varun Prakash, Nicholas Bellinger,
Dan Carpenter, Bart Van Assche, Martin K. Petersen
From: Bart Van Assche <bvanassche@acm.org>
commit fc5b220b2dcf8b512d9bd46fd17f82257e49bf89 upstream.
Use the pointer 'p' after having tested that pointer instead of before.
Fixes: 5cadafb236df ("target/cxgbit: Fix endianness annotations")
Cc: Varun Prakash <varun@chelsio.com>
Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191023202150.22173-1-bvanassche@acm.org
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/iscsi/cxgbit/cxgbit_cm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/target/iscsi/cxgbit/cxgbit_cm.c
+++ b/drivers/target/iscsi/cxgbit/cxgbit_cm.c
@@ -1832,7 +1832,7 @@ static void cxgbit_fw4_ack(struct cxgbit
while (credits) {
struct sk_buff *p = cxgbit_sock_peek_wr(csk);
- const u32 csum = (__force u32)p->csum;
+ u32 csum;
if (unlikely(!p)) {
pr_err("csk 0x%p,%u, cr %u,%u+%u, empty.\n",
@@ -1841,6 +1841,7 @@ static void cxgbit_fw4_ack(struct cxgbit
break;
}
+ csum = (__force u32)p->csum;
if (unlikely(credits < csum)) {
pr_warn("csk 0x%p,%u, cr %u,%u+%u, < %u.\n",
csk, csk->tid,
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 123/149] HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 122/149] scsi: target: cxgbit: Fix cxgbit_fw4_ack() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 124/149] HID: Fix assumption that devices have inputs Greg Kroah-Hartman
` (30 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Benjamin Tissoires
From: Hans de Goede <hdegoede@redhat.com>
commit 09f3dbe474735df13dd8a66d3d1231048d9b373f upstream.
The Primebook C11B uses the SIPODEV SP1064 touchpad. There are 2 versions
of this 2-in-1 and the touchpad in the older version does not supply
descriptors, so it has to be added to the override list.
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
@@ -323,6 +323,25 @@ static const struct dmi_system_id i2c_hi
.driver_data = (void *)&sipodev_desc
},
{
+ /*
+ * There are at least 2 Primebook C11B versions, the older
+ * version has a product-name of "Primebook C11B", and a
+ * bios version / release / firmware revision of:
+ * V2.1.2 / 05/03/2018 / 18.2
+ * The new version has "PRIMEBOOK C11B" as product-name and a
+ * bios version / release / firmware revision of:
+ * CFALKSW05_BIOS_V1.1.2 / 11/19/2018 / 19.2
+ * Only the older version needs this quirk, note the newer
+ * version will not match as it has a different product-name.
+ */
+ .ident = "Trekstor Primebook C11B",
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "TREKSTOR"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Primebook C11B"),
+ },
+ .driver_data = (void *)&sipodev_desc
+ },
+ {
.ident = "Direkt-Tek DTLAPY116-2",
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Direkt-Tek"),
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 124/149] HID: Fix assumption that devices have inputs
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 123/149] HID: i2c-hid: add Trekstor Primebook C11B to descriptor override Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 125/149] HID: fix error message in hid_open_report() Greg Kroah-Hartman
` (29 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Benjamin Tissoires,
syzbot+403741a091bf41d4ae79
From: Alan Stern <stern@rowland.harvard.edu>
commit d9d4b1e46d9543a82c23f6df03f4ad697dab361b upstream.
The syzbot fuzzer found a slab-out-of-bounds write bug in the hid-gaff
driver. The problem is caused by the driver's assumption that the
device must have an input report. While this will be true for all
normal HID input devices, a suitably malicious device can violate the
assumption.
The same assumption is present in over a dozen other HID drivers.
This patch fixes them by checking that the list of hid_inputs for the
hid_device is nonempty before allowing it to be used.
Reported-and-tested-by: syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-axff.c | 11 +++++++++--
drivers/hid/hid-dr.c | 12 +++++++++---
drivers/hid/hid-emsff.c | 12 +++++++++---
drivers/hid/hid-gaff.c | 12 +++++++++---
drivers/hid/hid-holtekff.c | 12 +++++++++---
drivers/hid/hid-lg2ff.c | 12 +++++++++---
drivers/hid/hid-lg3ff.c | 11 +++++++++--
drivers/hid/hid-lg4ff.c | 11 +++++++++--
drivers/hid/hid-lgff.c | 11 +++++++++--
drivers/hid/hid-logitech-hidpp.c | 11 +++++++++--
drivers/hid/hid-sony.c | 12 +++++++++---
drivers/hid/hid-tmff.c | 12 +++++++++---
drivers/hid/hid-zpff.c | 12 +++++++++---
13 files changed, 117 insertions(+), 34 deletions(-)
--- a/drivers/hid/hid-axff.c
+++ b/drivers/hid/hid-axff.c
@@ -75,13 +75,20 @@ static int axff_init(struct hid_device *
{
struct axff_device *axff;
struct hid_report *report;
- struct hid_input *hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
+ struct hid_input *hidinput;
struct list_head *report_list =&hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
+ struct input_dev *dev;
int field_count = 0;
int i, j;
int error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
+ dev = hidinput->input;
+
if (list_empty(report_list)) {
hid_err(hid, "no output reports found\n");
return -ENODEV;
--- a/drivers/hid/hid-dr.c
+++ b/drivers/hid/hid-dr.c
@@ -87,13 +87,19 @@ static int drff_init(struct hid_device *
{
struct drff_device *drff;
struct hid_report *report;
- struct hid_input *hidinput = list_first_entry(&hid->inputs,
- struct hid_input, list);
+ struct hid_input *hidinput;
struct list_head *report_list =
&hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
+ struct input_dev *dev;
int error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
+ dev = hidinput->input;
+
if (list_empty(report_list)) {
hid_err(hid, "no output reports found\n");
return -ENODEV;
--- a/drivers/hid/hid-emsff.c
+++ b/drivers/hid/hid-emsff.c
@@ -59,13 +59,19 @@ static int emsff_init(struct hid_device
{
struct emsff_device *emsff;
struct hid_report *report;
- struct hid_input *hidinput = list_first_entry(&hid->inputs,
- struct hid_input, list);
+ struct hid_input *hidinput;
struct list_head *report_list =
&hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
+ struct input_dev *dev;
int error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
+ dev = hidinput->input;
+
if (list_empty(report_list)) {
hid_err(hid, "no output reports found\n");
return -ENODEV;
--- a/drivers/hid/hid-gaff.c
+++ b/drivers/hid/hid-gaff.c
@@ -77,14 +77,20 @@ static int gaff_init(struct hid_device *
{
struct gaff_device *gaff;
struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
+ struct hid_input *hidinput;
struct list_head *report_list =
&hid->report_enum[HID_OUTPUT_REPORT].report_list;
struct list_head *report_ptr = report_list;
- struct input_dev *dev = hidinput->input;
+ struct input_dev *dev;
int error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
if (list_empty(report_list)) {
hid_err(hid, "no output reports found\n");
return -ENODEV;
--- a/drivers/hid/hid-holtekff.c
+++ b/drivers/hid/hid-holtekff.c
@@ -136,13 +136,19 @@ static int holtekff_init(struct hid_devi
{
struct holtekff_device *holtekff;
struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
+ struct hid_input *hidinput;
struct list_head *report_list =
&hid->report_enum[HID_OUTPUT_REPORT].report_list;
- struct input_dev *dev = hidinput->input;
+ struct input_dev *dev;
int error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
if (list_empty(report_list)) {
hid_err(hid, "no output report found\n");
return -ENODEV;
--- a/drivers/hid/hid-lg2ff.c
+++ b/drivers/hid/hid-lg2ff.c
@@ -62,11 +62,17 @@ int lg2ff_init(struct hid_device *hid)
{
struct lg2ff_device *lg2ff;
struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
- struct input_dev *dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *dev;
int error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
/* Check that the report looks ok */
report = hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 7);
if (!report)
--- a/drivers/hid/hid-lg3ff.c
+++ b/drivers/hid/hid-lg3ff.c
@@ -129,12 +129,19 @@ static const signed short ff3_joystick_a
int lg3ff_init(struct hid_device *hid)
{
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
- struct input_dev *dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *dev;
const signed short *ff_bits = ff3_joystick_ac;
int error;
int i;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
/* Check that the report looks ok */
if (!hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 35))
return -ENODEV;
--- a/drivers/hid/hid-lg4ff.c
+++ b/drivers/hid/hid-lg4ff.c
@@ -1259,8 +1259,8 @@ static int lg4ff_handle_multimode_wheel(
int lg4ff_init(struct hid_device *hid)
{
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
- struct input_dev *dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *dev;
struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list;
struct hid_report *report = list_entry(report_list->next, struct hid_report, list);
const struct usb_device_descriptor *udesc = &(hid_to_usb_dev(hid)->descriptor);
@@ -1272,6 +1272,13 @@ int lg4ff_init(struct hid_device *hid)
int mmode_ret, mmode_idx = -1;
u16 real_product_id;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
/* Check that the report looks ok */
if (!hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 7))
return -1;
--- a/drivers/hid/hid-lgff.c
+++ b/drivers/hid/hid-lgff.c
@@ -127,12 +127,19 @@ static void hid_lgff_set_autocenter(stru
int lgff_init(struct hid_device* hid)
{
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
- struct input_dev *dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *dev;
const signed short *ff_bits = ff_joystick;
int error;
int i;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
/* Check that the report looks ok */
if (!hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 7))
return -ENODEV;
--- a/drivers/hid/hid-logitech-hidpp.c
+++ b/drivers/hid/hid-logitech-hidpp.c
@@ -1867,8 +1867,8 @@ static void hidpp_ff_destroy(struct ff_d
static int hidpp_ff_init(struct hidpp_device *hidpp, u8 feature_index)
{
struct hid_device *hid = hidpp->hid_dev;
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list);
- struct input_dev *dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *dev;
const struct usb_device_descriptor *udesc = &(hid_to_usb_dev(hid)->descriptor);
const u16 bcdDevice = le16_to_cpu(udesc->bcdDevice);
struct ff_device *ff;
@@ -1877,6 +1877,13 @@ static int hidpp_ff_init(struct hidpp_de
int error, j, num_slots;
u8 version;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
if (!dev) {
hid_err(hid, "Struct input_dev not set!\n");
return -EINVAL;
--- a/drivers/hid/hid-sony.c
+++ b/drivers/hid/hid-sony.c
@@ -2249,9 +2249,15 @@ static int sony_play_effect(struct input
static int sony_init_ff(struct sony_sc *sc)
{
- struct hid_input *hidinput = list_entry(sc->hdev->inputs.next,
- struct hid_input, list);
- struct input_dev *input_dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *input_dev;
+
+ if (list_empty(&sc->hdev->inputs)) {
+ hid_err(sc->hdev, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(sc->hdev->inputs.next, struct hid_input, list);
+ input_dev = hidinput->input;
input_set_capability(input_dev, EV_FF, FF_RUMBLE);
return input_ff_create_memless(input_dev, NULL, sony_play_effect);
--- a/drivers/hid/hid-tmff.c
+++ b/drivers/hid/hid-tmff.c
@@ -136,12 +136,18 @@ static int tmff_init(struct hid_device *
struct tmff_device *tmff;
struct hid_report *report;
struct list_head *report_list;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
- struct input_dev *input_dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *input_dev;
int error;
int i;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ input_dev = hidinput->input;
+
tmff = kzalloc(sizeof(struct tmff_device), GFP_KERNEL);
if (!tmff)
return -ENOMEM;
--- a/drivers/hid/hid-zpff.c
+++ b/drivers/hid/hid-zpff.c
@@ -66,11 +66,17 @@ static int zpff_init(struct hid_device *
{
struct zpff_device *zpff;
struct hid_report *report;
- struct hid_input *hidinput = list_entry(hid->inputs.next,
- struct hid_input, list);
- struct input_dev *dev = hidinput->input;
+ struct hid_input *hidinput;
+ struct input_dev *dev;
int i, error;
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ return -ENODEV;
+ }
+ hidinput = list_entry(hid->inputs.next, struct hid_input, list);
+ dev = hidinput->input;
+
for (i = 0; i < 4; i++) {
report = hid_validate_values(hid, HID_OUTPUT_REPORT, 0, i, 1);
if (!report)
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 125/149] HID: fix error message in hid_open_report()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 124/149] HID: Fix assumption that devices have inputs Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 126/149] nl80211: fix validation of mesh path nexthop Greg Kroah-Hartman
` (28 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michał Mirosław, Jiri Kosina
From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
commit b3a81c777dcb093020680490ab970d85e2f6f04f upstream.
On HID report descriptor parsing error the code displays bogus
pointer instead of error offset (subtracts start=NULL from end).
Make the message more useful by displaying correct error offset
and include total buffer size for reference.
This was carried over from ancient times - "Fixed" commit just
promoted the message from DEBUG to ERROR.
Cc: stable@vger.kernel.org
Fixes: 8c3d52fc393b ("HID: make parser more verbose about parsing errors by default")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -975,6 +975,7 @@ int hid_open_report(struct hid_device *d
__u8 *start;
__u8 *buf;
__u8 *end;
+ __u8 *next;
int ret;
static int (*dispatch_type[])(struct hid_parser *parser,
struct hid_item *item) = {
@@ -1028,7 +1029,8 @@ int hid_open_report(struct hid_device *d
device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
ret = -EINVAL;
- while ((start = fetch_item(start, end, &item)) != NULL) {
+ while ((next = fetch_item(start, end, &item)) != NULL) {
+ start = next;
if (item.format != HID_ITEM_FORMAT_SHORT) {
hid_err(device, "unexpected long global item\n");
@@ -1058,7 +1060,8 @@ int hid_open_report(struct hid_device *d
}
}
- hid_err(device, "item fetching failed at offset %d\n", (int)(end - start));
+ hid_err(device, "item fetching failed at offset %u/%u\n",
+ size - (unsigned int)(end - start), size);
err:
kfree(parser->collection_stack);
alloc_err:
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 126/149] nl80211: fix validation of mesh path nexthop
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 125/149] HID: fix error message in hid_open_report() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 127/149] s390/cmm: fix information leak in cmm_timeout_handler() Greg Kroah-Hartman
` (27 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Markus Theil, Johannes Berg
From: Markus Theil <markus.theil@tu-ilmenau.de>
commit 1fab1b89e2e8f01204a9c05a39fd0b6411a48593 upstream.
Mesh path nexthop should be a ethernet address, but current validation
checks against 4 byte integers.
Cc: stable@vger.kernel.org
Fixes: 2ec600d672e74 ("nl80211/cfg80211: support for mesh, sta dumping")
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Link: https://lore.kernel.org/r/20191029093003.10355-1-markus.theil@tu-ilmenau.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/nl80211.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -284,7 +284,8 @@ static const struct nla_policy nl80211_p
[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
.len = IEEE80211_MAX_MESH_ID_LEN },
- [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
+ [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_BINARY,
+ .len = ETH_ALEN },
[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 127/149] s390/cmm: fix information leak in cmm_timeout_handler()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 126/149] nl80211: fix validation of mesh path nexthop Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 128/149] s390/idle: fix cpu idle time calculation Greg Kroah-Hartman
` (26 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yihui Zeng, Dan Carpenter,
Heiko Carstens, Vasily Gorbik
From: Yihui ZENG <yzeng56@asu.edu>
commit b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f upstream.
The problem is that we were putting the NUL terminator too far:
buf[sizeof(buf) - 1] = '\0';
If the user input isn't NUL terminated and they haven't initialized the
whole buffer then it leads to an info leak. The NUL terminator should
be:
buf[len - 1] = '\0';
Signed-off-by: Yihui Zeng <yzeng56@asu.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[heiko.carstens@de.ibm.com: keep semantics of how *lenp and *ppos are handled]
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/mm/cmm.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/arch/s390/mm/cmm.c
+++ b/arch/s390/mm/cmm.c
@@ -298,16 +298,16 @@ static int cmm_timeout_handler(struct ct
}
if (write) {
- len = *lenp;
- if (copy_from_user(buf, buffer,
- len > sizeof(buf) ? sizeof(buf) : len))
+ len = min(*lenp, sizeof(buf));
+ if (copy_from_user(buf, buffer, len))
return -EFAULT;
- buf[sizeof(buf) - 1] = '\0';
+ buf[len - 1] = '\0';
cmm_skip_blanks(buf, &p);
nr = simple_strtoul(p, &p, 0);
cmm_skip_blanks(p, &p);
seconds = simple_strtoul(p, &p, 0);
cmm_set_timeout(nr, seconds);
+ *ppos += *lenp;
} else {
len = sprintf(buf, "%ld %ld\n",
cmm_timeout_pages, cmm_timeout_seconds);
@@ -315,9 +315,9 @@ static int cmm_timeout_handler(struct ct
len = *lenp;
if (copy_to_user(buffer, buf, len))
return -EFAULT;
+ *lenp = len;
+ *ppos += len;
}
- *lenp = len;
- *ppos += len;
return 0;
}
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 128/149] s390/idle: fix cpu idle time calculation
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 127/149] s390/cmm: fix information leak in cmm_timeout_handler() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 129/149] arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default Greg Kroah-Hartman
` (25 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heiko Carstens, Vasily Gorbik
From: Heiko Carstens <heiko.carstens@de.ibm.com>
commit 3d7efa4edd07be5c5c3ffa95ba63e97e070e1f3f upstream.
The idle time reported in /proc/stat sometimes incorrectly contains
huge values on s390. This is caused by a bug in arch_cpu_idle_time().
The kernel tries to figure out when a different cpu entered idle by
accessing its per-cpu data structure. There is an ordering problem: if
the remote cpu has an idle_enter value which is not zero, and an
idle_exit value which is zero, it is assumed it is idle since
"now". The "now" timestamp however is taken before the idle_enter
value is read.
Which in turn means that "now" can be smaller than idle_enter of the
remote cpu. Unconditionally subtracting idle_enter from "now" can thus
lead to a negative value (aka large unsigned value).
Fix this by moving the get_tod_clock() invocation out of the
loop. While at it also make the code a bit more readable.
A similar bug also exists for show_idle_time(). Fix this is as well.
Cc: <stable@vger.kernel.org>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/idle.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
--- a/arch/s390/kernel/idle.c
+++ b/arch/s390/kernel/idle.c
@@ -69,18 +69,26 @@ DEVICE_ATTR(idle_count, 0444, show_idle_
static ssize_t show_idle_time(struct device *dev,
struct device_attribute *attr, char *buf)
{
+ unsigned long long now, idle_time, idle_enter, idle_exit, in_idle;
struct s390_idle_data *idle = &per_cpu(s390_idle, dev->id);
- unsigned long long now, idle_time, idle_enter, idle_exit;
unsigned int seq;
do {
- now = get_tod_clock();
seq = read_seqcount_begin(&idle->seqcount);
idle_time = READ_ONCE(idle->idle_time);
idle_enter = READ_ONCE(idle->clock_idle_enter);
idle_exit = READ_ONCE(idle->clock_idle_exit);
} while (read_seqcount_retry(&idle->seqcount, seq));
- idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0;
+ in_idle = 0;
+ now = get_tod_clock();
+ if (idle_enter) {
+ if (idle_exit) {
+ in_idle = idle_exit - idle_enter;
+ } else if (now > idle_enter) {
+ in_idle = now - idle_enter;
+ }
+ }
+ idle_time += in_idle;
return sprintf(buf, "%llu\n", idle_time >> 12);
}
DEVICE_ATTR(idle_time_us, 0444, show_idle_time, NULL);
@@ -88,17 +96,24 @@ DEVICE_ATTR(idle_time_us, 0444, show_idl
u64 arch_cpu_idle_time(int cpu)
{
struct s390_idle_data *idle = &per_cpu(s390_idle, cpu);
- unsigned long long now, idle_enter, idle_exit;
+ unsigned long long now, idle_enter, idle_exit, in_idle;
unsigned int seq;
do {
- now = get_tod_clock();
seq = read_seqcount_begin(&idle->seqcount);
idle_enter = READ_ONCE(idle->clock_idle_enter);
idle_exit = READ_ONCE(idle->clock_idle_exit);
} while (read_seqcount_retry(&idle->seqcount, seq));
-
- return cputime_to_nsecs(idle_enter ? ((idle_exit ?: now) - idle_enter) : 0);
+ in_idle = 0;
+ now = get_tod_clock();
+ if (idle_enter) {
+ if (idle_exit) {
+ in_idle = idle_exit - idle_enter;
+ } else if (now > idle_enter) {
+ in_idle = now - idle_enter;
+ }
+ }
+ return cputime_to_nsecs(in_idle);
}
void arch_cpu_idle_enter(void)
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 129/149] arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 128/149] s390/idle: fix cpu idle time calculation Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 130/149] rtlwifi: Fix potential overflow on P2P code Greg Kroah-Hartman
` (24 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Will Deacon, Catalin Marinas
From: Catalin Marinas <catalin.marinas@arm.com>
commit aa57157be69fb599bd4c38a4b75c5aad74a60ec0 upstream.
Shared and writable mappings (__S.1.) should be clean (!dirty) initially
and made dirty on a subsequent write either through the hardware DBM
(dirty bit management) mechanism or through a write page fault. A clean
pte for the arm64 kernel is one that has PTE_RDONLY set and PTE_DIRTY
clear.
The PAGE_SHARED{,_EXEC} attributes have PTE_WRITE set (PTE_DBM) and
PTE_DIRTY clear. Prior to commit 73e86cb03cf2 ("arm64: Move PTE_RDONLY
bit handling out of set_pte_at()"), it was the responsibility of
set_pte_at() to set the PTE_RDONLY bit and mark the pte clean if the
software PTE_DIRTY bit was not set. However, the above commit removed
the pte_sw_dirty() check and the subsequent setting of PTE_RDONLY in
set_pte_at() while leaving the PAGE_SHARED{,_EXEC} definitions
unchanged. The result is that shared+writable mappings are now dirty by
default
Fix the above by explicitly setting PTE_RDONLY in PAGE_SHARED{,_EXEC}.
In addition, remove the superfluous PTE_DIRTY bit from the kernel PROT_*
attributes.
Fixes: 73e86cb03cf2 ("arm64: Move PTE_RDONLY bit handling out of set_pte_at()")
Cc: <stable@vger.kernel.org> # 4.14.x-
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/pgtable-prot.h | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h
@@ -43,11 +43,11 @@
#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG)
#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG)
-#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE))
-#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE))
-#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC))
-#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT))
-#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL))
+#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE))
+#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE))
+#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC))
+#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT))
+#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL))
#define PROT_SECT_DEVICE_nGnRE (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_DEVICE_nGnRE))
#define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
@@ -91,8 +91,9 @@
#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PAGE_S2_MEMATTR(DEVICE_nGnRE) | PTE_S2_RDONLY | PAGE_S2_XN)
#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
-#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
-#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE)
+/* shared+writable pages are clean by default, hence PTE_RDONLY|PTE_WRITE */
+#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
+#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_WRITE)
#define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
#define PAGE_READONLY_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN)
#define PAGE_EXECONLY __pgprot(_PAGE_DEFAULT | PTE_RDONLY | PTE_NG | PTE_PXN)
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 130/149] rtlwifi: Fix potential overflow on P2P code
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 129/149] arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 131/149] dmaengine: qcom: bam_dma: Fix resource leak Greg Kroah-Hartman
` (23 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Waisman, Laura Abbott,
Ping-Ke Shih, Kalle Valo
From: Laura Abbott <labbott@redhat.com>
commit 8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 upstream.
Nicolas Waisman noticed that even though noa_len is checked for
a compatible length it's still possible to overrun the buffers
of p2pinfo since there's no check on the upper bound of noa_num.
Bound noa_num against P2P_MAX_NOA_NUM.
Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtlwifi/ps.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/wireless/realtek/rtlwifi/ps.c
+++ b/drivers/net/wireless/realtek/rtlwifi/ps.c
@@ -775,6 +775,9 @@ static void rtl_p2p_noa_ie(struct ieee80
return;
} else {
noa_num = (noa_len - 2) / 13;
+ if (noa_num > P2P_MAX_NOA_NUM)
+ noa_num = P2P_MAX_NOA_NUM;
+
}
noa_index = ie[3];
if (rtlpriv->psc.p2p_ps_info.p2p_ps_mode ==
@@ -869,6 +872,9 @@ static void rtl_p2p_action_ie(struct iee
return;
} else {
noa_num = (noa_len - 2) / 13;
+ if (noa_num > P2P_MAX_NOA_NUM)
+ noa_num = P2P_MAX_NOA_NUM;
+
}
noa_index = ie[3];
if (rtlpriv->psc.p2p_ps_info.p2p_ps_mode ==
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 131/149] dmaengine: qcom: bam_dma: Fix resource leak
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 130/149] rtlwifi: Fix potential overflow on P2P code Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 132/149] dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle Greg Kroah-Hartman
` (22 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeffrey Hugo, Vinod Koul
From: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
commit 7667819385457b4aeb5fac94f67f52ab52cc10d5 upstream.
bam_dma_terminate_all() will leak resources if any of the transactions are
committed to the hardware (present in the desc fifo), and not complete.
Since bam_dma_terminate_all() does not cause the hardware to be updated,
the hardware will still operate on any previously committed transactions.
This can cause memory corruption if the memory for the transaction has been
reassigned, and will cause a sync issue between the BAM and its client(s).
Fix this by properly updating the hardware in bam_dma_terminate_all().
Fixes: e7c0fe2a5c84 ("dmaengine: add Qualcomm BAM dma driver")
Signed-off-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20191017152606.34120-1-jeffrey.l.hugo@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/qcom/bam_dma.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/drivers/dma/qcom/bam_dma.c
+++ b/drivers/dma/qcom/bam_dma.c
@@ -703,6 +703,25 @@ static int bam_dma_terminate_all(struct
/* remove all transactions, including active transaction */
spin_lock_irqsave(&bchan->vc.lock, flag);
+ /*
+ * If we have transactions queued, then some might be committed to the
+ * hardware in the desc fifo. The only way to reset the desc fifo is
+ * to do a hardware reset (either by pipe or the entire block).
+ * bam_chan_init_hw() will trigger a pipe reset, and also reinit the
+ * pipe. If the pipe is left disabled (default state after pipe reset)
+ * and is accessed by a connected hardware engine, a fatal error in
+ * the BAM will occur. There is a small window where this could happen
+ * with bam_chan_init_hw(), but it is assumed that the caller has
+ * stopped activity on any attached hardware engine. Make sure to do
+ * this first so that the BAM hardware doesn't cause memory corruption
+ * by accessing freed resources.
+ */
+ if (!list_empty(&bchan->desc_list)) {
+ async_desc = list_first_entry(&bchan->desc_list,
+ struct bam_async_desc, desc_node);
+ bam_chan_init_hw(bchan, async_desc->dir);
+ }
+
list_for_each_entry_safe(async_desc, tmp,
&bchan->desc_list, desc_node) {
list_add(&async_desc->vd.node, &bchan->vc.desc_issued);
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 132/149] dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 131/149] dmaengine: qcom: bam_dma: Fix resource leak Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 133/149] drm/amdgpu/powerplay/vega10: allow undervolting in p7 Greg Kroah-Hartman
` (21 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yegor Yefremov, Tony Lindgren, Vinod Koul
From: Tony Lindgren <tony@atomide.com>
commit bacdcb6675e170bb2e8d3824da220e10274f42a7 upstream.
Yegor Yefremov <yegorslists@googlemail.com> reported that musb and ftdi
uart can fail for the first open of the uart unless connected using
a hub.
This is because the first dma call done by musb_ep_program() must wait
if cppi41 is PM runtime suspended. Otherwise musb_ep_program() continues
with other non-dma packets before the DMA transfer is started causing at
least ftdi uarts to fail to receive data.
Let's fix the issue by waking up cppi41 with PM runtime calls added to
cppi41_dma_prep_slave_sg() and return NULL if still idled. This way we
have musb_ep_program() continue with PIO until cppi41 is awake.
Fixes: fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support")
Reported-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Cc: stable@vger.kernel.org # v4.9+
Link: https://lore.kernel.org/r/20191023153138.23442-1-tony@atomide.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/ti/cppi41.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
--- a/drivers/dma/ti/cppi41.c
+++ b/drivers/dma/ti/cppi41.c
@@ -585,9 +585,22 @@ static struct dma_async_tx_descriptor *c
enum dma_transfer_direction dir, unsigned long tx_flags, void *context)
{
struct cppi41_channel *c = to_cpp41_chan(chan);
+ struct dma_async_tx_descriptor *txd = NULL;
+ struct cppi41_dd *cdd = c->cdd;
struct cppi41_desc *d;
struct scatterlist *sg;
unsigned int i;
+ int error;
+
+ error = pm_runtime_get(cdd->ddev.dev);
+ if (error < 0) {
+ pm_runtime_put_noidle(cdd->ddev.dev);
+
+ return NULL;
+ }
+
+ if (cdd->is_suspended)
+ goto err_out_not_ready;
d = c->desc;
for_each_sg(sgl, sg, sg_len, i) {
@@ -610,7 +623,13 @@ static struct dma_async_tx_descriptor *c
d++;
}
- return &c->txd;
+ txd = &c->txd;
+
+err_out_not_ready:
+ pm_runtime_mark_last_busy(cdd->ddev.dev);
+ pm_runtime_put_autosuspend(cdd->ddev.dev);
+
+ return txd;
}
static void cppi41_compute_td_desc(struct cppi41_desc *d)
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 133/149] drm/amdgpu/powerplay/vega10: allow undervolting in p7
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 132/149] dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 134/149] NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() Greg Kroah-Hartman
` (20 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pelle van Gils, Alex Deucher
From: Pelle van Gils <pelle@vangils.xyz>
commit e6f4e274c1e52d1f0bfe293fb44ddf59de6c0374 upstream.
The vega10_odn_update_soc_table() function does not allow the SCLK
dependent voltage to be set for power-state 7 to a value below the default
in pptable. Change the for-loop condition to allow undervolting in the
highest state.
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=205277
Signed-off-by: Pelle van Gils <pelle@vangils.xyz>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/powerplay/hwmgr/vega10_hwmgr.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_hwmgr.c
+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_hwmgr.c
@@ -4751,9 +4751,7 @@ static void vega10_odn_update_soc_table(
if (type == PP_OD_EDIT_SCLK_VDDC_TABLE) {
podn_vdd_dep = &data->odn_dpm_table.vdd_dep_on_sclk;
- for (i = 0; i < podn_vdd_dep->count - 1; i++)
- od_vddc_lookup_table->entries[i].us_vdd = podn_vdd_dep->entries[i].vddc;
- if (od_vddc_lookup_table->entries[i].us_vdd < podn_vdd_dep->entries[i].vddc)
+ for (i = 0; i < podn_vdd_dep->count; i++)
od_vddc_lookup_table->entries[i].us_vdd = podn_vdd_dep->entries[i].vddc;
} else if (type == PP_OD_EDIT_MCLK_VDDC_TABLE) {
podn_vdd_dep = &data->odn_dpm_table.vdd_dep_on_mclk;
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 134/149] NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 133/149] drm/amdgpu/powerplay/vega10: allow undervolting in p7 Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 135/149] batman-adv: Avoid free/alloc race when handling OGM buffer Greg Kroah-Hartman
` (19 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker
From: Trond Myklebust <trondmy@gmail.com>
commit 79cc55422ce99be5964bde208ba8557174720893 upstream.
A typo in nfs4_refresh_delegation_stateid() means we're leaking an
RCU lock, and always returning a value of 'false'. As the function
description states, we were always supposed to return 'true' if a
matching delegation was found.
Fixes: 12f275cdd163 ("NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID.")
Cc: stable@vger.kernel.org # v4.15+
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/delegation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -1154,7 +1154,7 @@ bool nfs4_refresh_delegation_stateid(nfs
if (delegation != NULL &&
nfs4_stateid_match_other(dst, &delegation->stateid)) {
dst->seqid = delegation->stateid.seqid;
- return ret;
+ ret = true;
}
rcu_read_unlock();
out:
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 135/149] batman-adv: Avoid free/alloc race when handling OGM buffer
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 134/149] NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 136/149] llc: fix sk_buff leak in llc_sap_state_process() Greg Kroah-Hartman
` (18 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+0cc629f19ccb8534935b,
Sven Eckelmann, Simon Wunderlich
From: Sven Eckelmann <sven@narfation.org>
commit 40e220b4218bb3d278e5e8cc04ccdfd1c7ff8307 upstream.
Each slave interface of an B.A.T.M.A.N. IV virtual interface has an OGM
packet buffer which is initialized using data from netdevice notifier and
other rtnetlink related hooks. It is sent regularly via various slave
interfaces of the batadv virtual interface and in this process also
modified (realloced) to integrate additional state information via TVLV
containers.
It must be avoided that the worker item is executed without a common lock
with the netdevice notifier/rtnetlink helpers. Otherwise it can either
happen that half modified/freed data is sent out or functions modifying the
OGM buffer try to access already freed memory regions.
Reported-by: syzbot+0cc629f19ccb8534935b@syzkaller.appspotmail.com
Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_iv_ogm.c | 60 ++++++++++++++++++++++++++++++++++------
net/batman-adv/hard-interface.c | 2 +
net/batman-adv/types.h | 3 ++
3 files changed, 56 insertions(+), 9 deletions(-)
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -35,6 +35,7 @@
#include <linux/kref.h>
#include <linux/list.h>
#include <linux/lockdep.h>
+#include <linux/mutex.h>
#include <linux/netdevice.h>
#include <linux/netlink.h>
#include <linux/pkt_sched.h>
@@ -379,14 +380,18 @@ static int batadv_iv_ogm_iface_enable(st
unsigned char *ogm_buff;
u32 random_seqno;
+ mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+
/* randomize initial seqno to avoid collision */
get_random_bytes(&random_seqno, sizeof(random_seqno));
atomic_set(&hard_iface->bat_iv.ogm_seqno, random_seqno);
hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
- if (!ogm_buff)
+ if (!ogm_buff) {
+ mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
return -ENOMEM;
+ }
hard_iface->bat_iv.ogm_buff = ogm_buff;
@@ -398,35 +403,59 @@ static int batadv_iv_ogm_iface_enable(st
batadv_ogm_packet->reserved = 0;
batadv_ogm_packet->tq = BATADV_TQ_MAX_VALUE;
+ mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
+
return 0;
}
static void batadv_iv_ogm_iface_disable(struct batadv_hard_iface *hard_iface)
{
+ mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+
kfree(hard_iface->bat_iv.ogm_buff);
hard_iface->bat_iv.ogm_buff = NULL;
+
+ mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
}
static void batadv_iv_ogm_iface_update_mac(struct batadv_hard_iface *hard_iface)
{
struct batadv_ogm_packet *batadv_ogm_packet;
- unsigned char *ogm_buff = hard_iface->bat_iv.ogm_buff;
+ void *ogm_buff;
- batadv_ogm_packet = (struct batadv_ogm_packet *)ogm_buff;
+ mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+
+ ogm_buff = hard_iface->bat_iv.ogm_buff;
+ if (!ogm_buff)
+ goto unlock;
+
+ batadv_ogm_packet = ogm_buff;
ether_addr_copy(batadv_ogm_packet->orig,
hard_iface->net_dev->dev_addr);
ether_addr_copy(batadv_ogm_packet->prev_sender,
hard_iface->net_dev->dev_addr);
+
+unlock:
+ mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
}
static void
batadv_iv_ogm_primary_iface_set(struct batadv_hard_iface *hard_iface)
{
struct batadv_ogm_packet *batadv_ogm_packet;
- unsigned char *ogm_buff = hard_iface->bat_iv.ogm_buff;
+ void *ogm_buff;
- batadv_ogm_packet = (struct batadv_ogm_packet *)ogm_buff;
+ mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+
+ ogm_buff = hard_iface->bat_iv.ogm_buff;
+ if (!ogm_buff)
+ goto unlock;
+
+ batadv_ogm_packet = ogm_buff;
batadv_ogm_packet->ttl = BATADV_TTL;
+
+unlock:
+ mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
}
/* when do we schedule our own ogm to be sent */
@@ -924,7 +953,11 @@ batadv_iv_ogm_slide_own_bcast_window(str
}
}
-static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+/**
+ * batadv_iv_ogm_schedule_buff() - schedule submission of hardif ogm buffer
+ * @hard_iface: interface whose ogm buffer should be transmitted
+ */
+static void batadv_iv_ogm_schedule_buff(struct batadv_hard_iface *hard_iface)
{
struct batadv_priv *bat_priv = netdev_priv(hard_iface->soft_iface);
unsigned char **ogm_buff = &hard_iface->bat_iv.ogm_buff;
@@ -935,9 +968,7 @@ static void batadv_iv_ogm_schedule(struc
u16 tvlv_len = 0;
unsigned long send_time;
- if (hard_iface->if_status == BATADV_IF_NOT_IN_USE ||
- hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)
- return;
+ lockdep_assert_held(&hard_iface->bat_iv.ogm_buff_mutex);
/* the interface gets activated here to avoid race conditions between
* the moment of activating the interface in
@@ -1005,6 +1036,17 @@ out:
batadv_hardif_put(primary_if);
}
+static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+{
+ if (hard_iface->if_status == BATADV_IF_NOT_IN_USE ||
+ hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)
+ return;
+
+ mutex_lock(&hard_iface->bat_iv.ogm_buff_mutex);
+ batadv_iv_ogm_schedule_buff(hard_iface);
+ mutex_unlock(&hard_iface->bat_iv.ogm_buff_mutex);
+}
+
/**
* batadv_iv_ogm_orig_update() - use OGM to update corresponding data in an
* originator
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -29,6 +29,7 @@
#include <linux/kernel.h>
#include <linux/kref.h>
#include <linux/list.h>
+#include <linux/mutex.h>
#include <linux/netdevice.h>
#include <linux/printk.h>
#include <linux/rculist.h>
@@ -933,6 +934,7 @@ batadv_hardif_add_interface(struct net_d
INIT_LIST_HEAD(&hard_iface->list);
INIT_HLIST_HEAD(&hard_iface->neigh_list);
+ mutex_init(&hard_iface->bat_iv.ogm_buff_mutex);
spin_lock_init(&hard_iface->neigh_list_lock);
kref_init(&hard_iface->refcount);
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -91,6 +91,9 @@ struct batadv_hard_iface_bat_iv {
/** @ogm_seqno: OGM sequence number - used to identify each OGM */
atomic_t ogm_seqno;
+
+ /** @ogm_buff_mutex: lock protecting ogm_buff and ogm_buff_len */
+ struct mutex ogm_buff_mutex;
};
/**
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 136/149] llc: fix sk_buff leak in llc_sap_state_process()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 135/149] batman-adv: Avoid free/alloc race when handling OGM buffer Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 137/149] llc: fix sk_buff leak in llc_conn_service() Greg Kroah-Hartman
` (17 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6bf095f9becf5efef645,
syzbot+31c16aa4202dace3812e, Eric Biggers, Jakub Kicinski
From: Eric Biggers <ebiggers@google.com>
commit c6ee11c39fcc1fb55130748990a8f199e76263b4 upstream.
syzbot reported:
BUG: memory leak
unreferenced object 0xffff888116270800 (size 224):
comm "syz-executor641", pid 7047, jiffies 4294947360 (age 13.860s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 20 e1 2a 81 88 ff ff 00 40 3d 2a 81 88 ff ff . .*.....@=*....
backtrace:
[<000000004d41b4cc>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<000000004d41b4cc>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<000000004d41b4cc>] slab_alloc_node mm/slab.c:3269 [inline]
[<000000004d41b4cc>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
[<00000000506a5965>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:198
[<000000001ba5a161>] alloc_skb include/linux/skbuff.h:1058 [inline]
[<000000001ba5a161>] alloc_skb_with_frags+0x5f/0x250 net/core/skbuff.c:5327
[<0000000047d9c78b>] sock_alloc_send_pskb+0x269/0x2a0 net/core/sock.c:2225
[<000000003828fe54>] sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2242
[<00000000e34d94f9>] llc_ui_sendmsg+0x10a/0x540 net/llc/af_llc.c:933
[<00000000de2de3fb>] sock_sendmsg_nosec net/socket.c:652 [inline]
[<00000000de2de3fb>] sock_sendmsg+0x54/0x70 net/socket.c:671
[<000000008fe16e7a>] __sys_sendto+0x148/0x1f0 net/socket.c:1964
[...]
The bug is that llc_sap_state_process() always takes an extra reference
to the skb, but sometimes neither llc_sap_next_state() nor
llc_sap_state_process() itself drops this reference.
Fix it by changing llc_sap_next_state() to never consume a reference to
the skb, rather than sometimes do so and sometimes not. Then remove the
extra skb_get() and kfree_skb() from llc_sap_state_process().
Reported-by: syzbot+6bf095f9becf5efef645@syzkaller.appspotmail.com
Reported-by: syzbot+31c16aa4202dace3812e@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/llc/llc_s_ac.c | 12 +++++++++---
net/llc/llc_sap.c | 23 ++++++++---------------
2 files changed, 17 insertions(+), 18 deletions(-)
--- a/net/llc/llc_s_ac.c
+++ b/net/llc/llc_s_ac.c
@@ -58,8 +58,10 @@ int llc_sap_action_send_ui(struct llc_sa
ev->daddr.lsap, LLC_PDU_CMD);
llc_pdu_init_as_ui_cmd(skb);
rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac);
- if (likely(!rc))
+ if (likely(!rc)) {
+ skb_get(skb);
rc = dev_queue_xmit(skb);
+ }
return rc;
}
@@ -81,8 +83,10 @@ int llc_sap_action_send_xid_c(struct llc
ev->daddr.lsap, LLC_PDU_CMD);
llc_pdu_init_as_xid_cmd(skb, LLC_XID_NULL_CLASS_2, 0);
rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac);
- if (likely(!rc))
+ if (likely(!rc)) {
+ skb_get(skb);
rc = dev_queue_xmit(skb);
+ }
return rc;
}
@@ -135,8 +139,10 @@ int llc_sap_action_send_test_c(struct ll
ev->daddr.lsap, LLC_PDU_CMD);
llc_pdu_init_as_test_cmd(skb);
rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac);
- if (likely(!rc))
+ if (likely(!rc)) {
+ skb_get(skb);
rc = dev_queue_xmit(skb);
+ }
return rc;
}
--- a/net/llc/llc_sap.c
+++ b/net/llc/llc_sap.c
@@ -197,29 +197,22 @@ out:
* After executing actions of the event, upper layer will be indicated
* if needed(on receiving an UI frame). sk can be null for the
* datalink_proto case.
+ *
+ * This function always consumes a reference to the skb.
*/
static void llc_sap_state_process(struct llc_sap *sap, struct sk_buff *skb)
{
struct llc_sap_state_ev *ev = llc_sap_ev(skb);
- /*
- * We have to hold the skb, because llc_sap_next_state
- * will kfree it in the sending path and we need to
- * look at the skb->cb, where we encode llc_sap_state_ev.
- */
- skb_get(skb);
ev->ind_cfm_flag = 0;
llc_sap_next_state(sap, skb);
- if (ev->ind_cfm_flag == LLC_IND) {
- if (skb->sk->sk_state == TCP_LISTEN)
- kfree_skb(skb);
- else {
- llc_save_primitive(skb->sk, skb, ev->prim);
- /* queue skb to the user. */
- if (sock_queue_rcv_skb(skb->sk, skb))
- kfree_skb(skb);
- }
+ if (ev->ind_cfm_flag == LLC_IND && skb->sk->sk_state != TCP_LISTEN) {
+ llc_save_primitive(skb->sk, skb, ev->prim);
+
+ /* queue skb to the user. */
+ if (sock_queue_rcv_skb(skb->sk, skb) == 0)
+ return;
}
kfree_skb(skb);
}
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 137/149] llc: fix sk_buff leak in llc_conn_service()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 136/149] llc: fix sk_buff leak in llc_sap_state_process() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 138/149] rxrpc: Fix call ref leak Greg Kroah-Hartman
` (16 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6b825a6494a04cc0e3f7,
Eric Biggers, Jakub Kicinski
From: Eric Biggers <ebiggers@google.com>
commit b74555de21acd791f12c4a1aeaf653dd7ac21133 upstream.
syzbot reported:
BUG: memory leak
unreferenced object 0xffff88811eb3de00 (size 224):
comm "syz-executor559", pid 7315, jiffies 4294943019 (age 10.300s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 a0 38 24 81 88 ff ff 00 c0 f2 15 81 88 ff ff ..8$............
backtrace:
[<000000008d1c66a1>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<000000008d1c66a1>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<000000008d1c66a1>] slab_alloc_node mm/slab.c:3269 [inline]
[<000000008d1c66a1>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
[<00000000447d9496>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:198
[<000000000cdbf82f>] alloc_skb include/linux/skbuff.h:1058 [inline]
[<000000000cdbf82f>] llc_alloc_frame+0x66/0x110 net/llc/llc_sap.c:54
[<000000002418b52e>] llc_conn_ac_send_sabme_cmd_p_set_x+0x2f/0x140 net/llc/llc_c_ac.c:777
[<000000001372ae17>] llc_exec_conn_trans_actions net/llc/llc_conn.c:475 [inline]
[<000000001372ae17>] llc_conn_service net/llc/llc_conn.c:400 [inline]
[<000000001372ae17>] llc_conn_state_process+0x1ac/0x640 net/llc/llc_conn.c:75
[<00000000f27e53c1>] llc_establish_connection+0x110/0x170 net/llc/llc_if.c:109
[<00000000291b2ca0>] llc_ui_connect+0x10e/0x370 net/llc/af_llc.c:477
[<000000000f9c740b>] __sys_connect+0x11d/0x170 net/socket.c:1840
[...]
The bug is that most callers of llc_conn_send_pdu() assume it consumes a
reference to the skb, when actually due to commit b85ab56c3f81 ("llc:
properly handle dev_queue_xmit() return value") it doesn't.
Revert most of that commit, and instead make the few places that need
llc_conn_send_pdu() to *not* consume a reference call skb_get() before.
Fixes: b85ab56c3f81 ("llc: properly handle dev_queue_xmit() return value")
Reported-by: syzbot+6b825a6494a04cc0e3f7@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/llc_conn.h | 2 +-
net/llc/llc_c_ac.c | 8 ++++++--
net/llc/llc_conn.c | 32 +++++++++-----------------------
3 files changed, 16 insertions(+), 26 deletions(-)
--- a/include/net/llc_conn.h
+++ b/include/net/llc_conn.h
@@ -104,7 +104,7 @@ void llc_sk_reset(struct sock *sk);
/* Access to a connection */
int llc_conn_state_process(struct sock *sk, struct sk_buff *skb);
-int llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb);
+void llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb);
void llc_conn_rtn_pdu(struct sock *sk, struct sk_buff *skb);
void llc_conn_resend_i_pdu_as_cmd(struct sock *sk, u8 nr, u8 first_p_bit);
void llc_conn_resend_i_pdu_as_rsp(struct sock *sk, u8 nr, u8 first_f_bit);
--- a/net/llc/llc_c_ac.c
+++ b/net/llc/llc_c_ac.c
@@ -372,6 +372,7 @@ int llc_conn_ac_send_i_cmd_p_set_1(struc
llc_pdu_init_as_i_cmd(skb, 1, llc->vS, llc->vR);
rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
if (likely(!rc)) {
+ skb_get(skb);
llc_conn_send_pdu(sk, skb);
llc_conn_ac_inc_vs_by_1(sk, skb);
}
@@ -389,7 +390,8 @@ static int llc_conn_ac_send_i_cmd_p_set_
llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);
rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
if (likely(!rc)) {
- rc = llc_conn_send_pdu(sk, skb);
+ skb_get(skb);
+ llc_conn_send_pdu(sk, skb);
llc_conn_ac_inc_vs_by_1(sk, skb);
}
return rc;
@@ -406,6 +408,7 @@ int llc_conn_ac_send_i_xxx_x_set_0(struc
llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);
rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
if (likely(!rc)) {
+ skb_get(skb);
llc_conn_send_pdu(sk, skb);
llc_conn_ac_inc_vs_by_1(sk, skb);
}
@@ -916,7 +919,8 @@ static int llc_conn_ac_send_i_rsp_f_set_
llc_pdu_init_as_i_cmd(skb, llc->ack_pf, llc->vS, llc->vR);
rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
if (likely(!rc)) {
- rc = llc_conn_send_pdu(sk, skb);
+ skb_get(skb);
+ llc_conn_send_pdu(sk, skb);
llc_conn_ac_inc_vs_by_1(sk, skb);
}
return rc;
--- a/net/llc/llc_conn.c
+++ b/net/llc/llc_conn.c
@@ -30,7 +30,7 @@
#endif
static int llc_find_offset(int state, int ev_type);
-static int llc_conn_send_pdus(struct sock *sk, struct sk_buff *skb);
+static void llc_conn_send_pdus(struct sock *sk);
static int llc_conn_service(struct sock *sk, struct sk_buff *skb);
static int llc_exec_conn_trans_actions(struct sock *sk,
struct llc_conn_state_trans *trans,
@@ -193,11 +193,11 @@ out_skb_put:
return rc;
}
-int llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb)
+void llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb)
{
/* queue PDU to send to MAC layer */
skb_queue_tail(&sk->sk_write_queue, skb);
- return llc_conn_send_pdus(sk, skb);
+ llc_conn_send_pdus(sk);
}
/**
@@ -255,7 +255,7 @@ void llc_conn_resend_i_pdu_as_cmd(struct
if (howmany_resend > 0)
llc->vS = (llc->vS + 1) % LLC_2_SEQ_NBR_MODULO;
/* any PDUs to re-send are queued up; start sending to MAC */
- llc_conn_send_pdus(sk, NULL);
+ llc_conn_send_pdus(sk);
out:;
}
@@ -296,7 +296,7 @@ void llc_conn_resend_i_pdu_as_rsp(struct
if (howmany_resend > 0)
llc->vS = (llc->vS + 1) % LLC_2_SEQ_NBR_MODULO;
/* any PDUs to re-send are queued up; start sending to MAC */
- llc_conn_send_pdus(sk, NULL);
+ llc_conn_send_pdus(sk);
out:;
}
@@ -340,16 +340,12 @@ out:
/**
* llc_conn_send_pdus - Sends queued PDUs
* @sk: active connection
- * @hold_skb: the skb held by caller, or NULL if does not care
*
- * Sends queued pdus to MAC layer for transmission. When @hold_skb is
- * NULL, always return 0. Otherwise, return 0 if @hold_skb is sent
- * successfully, or 1 for failure.
+ * Sends queued pdus to MAC layer for transmission.
*/
-static int llc_conn_send_pdus(struct sock *sk, struct sk_buff *hold_skb)
+static void llc_conn_send_pdus(struct sock *sk)
{
struct sk_buff *skb;
- int ret = 0;
while ((skb = skb_dequeue(&sk->sk_write_queue)) != NULL) {
struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
@@ -361,20 +357,10 @@ static int llc_conn_send_pdus(struct soc
skb_queue_tail(&llc_sk(sk)->pdu_unack_q, skb);
if (!skb2)
break;
- dev_queue_xmit(skb2);
- } else {
- bool is_target = skb == hold_skb;
- int rc;
-
- if (is_target)
- skb_get(skb);
- rc = dev_queue_xmit(skb);
- if (is_target)
- ret = rc;
+ skb = skb2;
}
+ dev_queue_xmit(skb);
}
-
- return ret;
}
/**
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 138/149] rxrpc: Fix call ref leak
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 137/149] llc: fix sk_buff leak in llc_conn_service() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 139/149] rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record Greg Kroah-Hartman
` (15 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+d850c266e3df14da1d31, David Howells
From: David Howells <dhowells@redhat.com>
commit c48fc11b69e95007109206311b0187a3090591f3 upstream.
When sendmsg() finds a call to continue on with, if the call is in an
inappropriate state, it doesn't release the ref it just got on that call
before returning an error.
This causes the following symptom to show up with kasan:
BUG: KASAN: use-after-free in rxrpc_send_keepalive+0x8a2/0x940
net/rxrpc/output.c:635
Read of size 8 at addr ffff888064219698 by task kworker/0:3/11077
where line 635 is:
whdr.epoch = htonl(peer->local->rxnet->epoch);
The local endpoint (which cannot be pinned by the call) has been released,
but not the peer (which is pinned by the call).
Fix this by releasing the call in the error path.
Fixes: 37411cad633f ("rxrpc: Fix potential NULL-pointer exception")
Reported-by: syzbot+d850c266e3df14da1d31@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rxrpc/sendmsg.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -661,6 +661,7 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *
case RXRPC_CALL_SERVER_PREALLOC:
case RXRPC_CALL_SERVER_SECURING:
case RXRPC_CALL_SERVER_ACCEPTING:
+ rxrpc_put_call(call, rxrpc_call_put);
ret = -EBUSY;
goto error_release_sock;
default:
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 139/149] rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 138/149] rxrpc: Fix call ref leak Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 140/149] rxrpc: Fix trace-after-put looking at the put peer record Greg Kroah-Hartman
` (14 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+b9be979c55f2bea8ed30, David Howells
From: David Howells <dhowells@redhat.com>
commit 9ebeddef58c41bd700419cdcece24cf64ce32276 upstream.
The rxrpc_peer record needs to hold a reference on the rxrpc_local record
it points as the peer is used as a base to access information in the
rxrpc_local record.
This can cause problems in __rxrpc_put_peer(), where we need the network
namespace pointer, and in rxrpc_send_keepalive(), where we need to access
the UDP socket, leading to symptoms like:
BUG: KASAN: use-after-free in __rxrpc_put_peer net/rxrpc/peer_object.c:411
[inline]
BUG: KASAN: use-after-free in rxrpc_put_peer+0x685/0x6a0
net/rxrpc/peer_object.c:435
Read of size 8 at addr ffff888097ec0058 by task syz-executor823/24216
Fix this by taking a ref on the local record for the peer record.
Fixes: ace45bec6d77 ("rxrpc: Fix firewall route keepalive")
Fixes: 2baec2c3f854 ("rxrpc: Support network namespacing")
Reported-by: syzbot+b9be979c55f2bea8ed30@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rxrpc/peer_object.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/rxrpc/peer_object.c
+++ b/net/rxrpc/peer_object.c
@@ -220,7 +220,7 @@ struct rxrpc_peer *rxrpc_alloc_peer(stru
peer = kzalloc(sizeof(struct rxrpc_peer), gfp);
if (peer) {
atomic_set(&peer->usage, 1);
- peer->local = local;
+ peer->local = rxrpc_get_local(local);
INIT_HLIST_HEAD(&peer->error_targets);
peer->service_conns = RB_ROOT;
seqlock_init(&peer->service_conn_lock);
@@ -311,7 +311,6 @@ void rxrpc_new_incoming_peer(struct rxrp
unsigned long hash_key;
hash_key = rxrpc_peer_hash_key(local, &peer->srx);
- peer->local = local;
rxrpc_init_peer(rx, peer, hash_key);
spin_lock(&rxnet->peer_hash_lock);
@@ -421,6 +420,7 @@ static void __rxrpc_put_peer(struct rxrp
list_del_init(&peer->keepalive_link);
spin_unlock_bh(&rxnet->peer_hash_lock);
+ rxrpc_put_local(peer->local);
kfree_rcu(peer, rcu);
}
@@ -454,6 +454,7 @@ void rxrpc_put_peer_locked(struct rxrpc_
if (n == 0) {
hash_del_rcu(&peer->hash_link);
list_del_init(&peer->keepalive_link);
+ rxrpc_put_local(peer->local);
kfree_rcu(peer, rcu);
}
}
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 140/149] rxrpc: Fix trace-after-put looking at the put peer record
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 139/149] rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 141/149] NFC: pn533: fix use-after-free and memleaks Greg Kroah-Hartman
` (13 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+b9be979c55f2bea8ed30, David Howells
From: David Howells <dhowells@redhat.com>
commit 55f6c98e3674ce16038a1949c3f9ca5a9a99f289 upstream.
rxrpc_put_peer() calls trace_rxrpc_peer() after it has done the decrement
of the refcount - which looks at the debug_id in the peer record. But
unless the refcount was reduced to zero, we no longer have the right to
look in the record and, indeed, it may be deleted by some other thread.
Fix this by getting the debug_id out before decrementing the refcount and
then passing that into the tracepoint.
This can cause the following symptoms:
BUG: KASAN: use-after-free in __rxrpc_put_peer net/rxrpc/peer_object.c:411
[inline]
BUG: KASAN: use-after-free in rxrpc_put_peer+0x685/0x6a0
net/rxrpc/peer_object.c:435
Read of size 8 at addr ffff888097ec0058 by task syz-executor823/24216
Fixes: 1159d4b496f5 ("rxrpc: Add a tracepoint to track rxrpc_peer refcounting")
Reported-by: syzbot+b9be979c55f2bea8ed30@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/trace/events/rxrpc.h | 6 +++---
net/rxrpc/peer_object.c | 11 +++++++----
2 files changed, 10 insertions(+), 7 deletions(-)
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -527,10 +527,10 @@ TRACE_EVENT(rxrpc_local,
);
TRACE_EVENT(rxrpc_peer,
- TP_PROTO(struct rxrpc_peer *peer, enum rxrpc_peer_trace op,
+ TP_PROTO(unsigned int peer_debug_id, enum rxrpc_peer_trace op,
int usage, const void *where),
- TP_ARGS(peer, op, usage, where),
+ TP_ARGS(peer_debug_id, op, usage, where),
TP_STRUCT__entry(
__field(unsigned int, peer )
@@ -540,7 +540,7 @@ TRACE_EVENT(rxrpc_peer,
),
TP_fast_assign(
- __entry->peer = peer->debug_id;
+ __entry->peer = peer_debug_id;
__entry->op = op;
__entry->usage = usage;
__entry->where = where;
--- a/net/rxrpc/peer_object.c
+++ b/net/rxrpc/peer_object.c
@@ -385,7 +385,7 @@ struct rxrpc_peer *rxrpc_get_peer(struct
int n;
n = atomic_inc_return(&peer->usage);
- trace_rxrpc_peer(peer, rxrpc_peer_got, n, here);
+ trace_rxrpc_peer(peer->debug_id, rxrpc_peer_got, n, here);
return peer;
}
@@ -399,7 +399,7 @@ struct rxrpc_peer *rxrpc_get_peer_maybe(
if (peer) {
int n = atomic_fetch_add_unless(&peer->usage, 1, 0);
if (n > 0)
- trace_rxrpc_peer(peer, rxrpc_peer_got, n + 1, here);
+ trace_rxrpc_peer(peer->debug_id, rxrpc_peer_got, n + 1, here);
else
peer = NULL;
}
@@ -430,11 +430,13 @@ static void __rxrpc_put_peer(struct rxrp
void rxrpc_put_peer(struct rxrpc_peer *peer)
{
const void *here = __builtin_return_address(0);
+ unsigned int debug_id;
int n;
if (peer) {
+ debug_id = peer->debug_id;
n = atomic_dec_return(&peer->usage);
- trace_rxrpc_peer(peer, rxrpc_peer_put, n, here);
+ trace_rxrpc_peer(debug_id, rxrpc_peer_put, n, here);
if (n == 0)
__rxrpc_put_peer(peer);
}
@@ -447,10 +449,11 @@ void rxrpc_put_peer(struct rxrpc_peer *p
void rxrpc_put_peer_locked(struct rxrpc_peer *peer)
{
const void *here = __builtin_return_address(0);
+ unsigned int debug_id = peer->debug_id;
int n;
n = atomic_dec_return(&peer->usage);
- trace_rxrpc_peer(peer, rxrpc_peer_put, n, here);
+ trace_rxrpc_peer(debug_id, rxrpc_peer_put, n, here);
if (n == 0) {
hash_del_rcu(&peer->hash_link);
list_del_init(&peer->keepalive_link);
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 141/149] NFC: pn533: fix use-after-free and memleaks
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 140/149] rxrpc: Fix trace-after-put looking at the put peer record Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 142/149] bonding: fix potential NULL deref in bond_update_slave_arr Greg Kroah-Hartman
` (12 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+cb035c75c03dbe34b796,
Johan Hovold, Jakub Kicinski
From: Johan Hovold <johan@kernel.org>
commit 6af3aa57a0984e061f61308fe181a9a12359fecc upstream.
The driver would fail to deregister and its class device and free
related resources on late probe errors.
Reported-by: syzbot+cb035c75c03dbe34b796@syzkaller.appspotmail.com
Fixes: 32ecc75ded72 ("NFC: pn533: change order operations in dev registation")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/pn533/usb.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/nfc/pn533/usb.c
+++ b/drivers/nfc/pn533/usb.c
@@ -559,18 +559,25 @@ static int pn533_usb_probe(struct usb_in
rc = pn533_finalize_setup(priv);
if (rc)
- goto error;
+ goto err_deregister;
usb_set_intfdata(interface, phy);
return 0;
+err_deregister:
+ pn533_unregister_device(phy->priv);
error:
+ usb_kill_urb(phy->in_urb);
+ usb_kill_urb(phy->out_urb);
+ usb_kill_urb(phy->ack_urb);
+
usb_free_urb(phy->in_urb);
usb_free_urb(phy->out_urb);
usb_free_urb(phy->ack_urb);
usb_put_dev(phy->udev);
kfree(in_buf);
+ kfree(phy->ack_buffer);
return rc;
}
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 142/149] bonding: fix potential NULL deref in bond_update_slave_arr
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 141/149] NFC: pn533: fix use-after-free and memleaks Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 143/149] net: usb: sr9800: fix uninitialized local variable Greg Kroah-Hartman
` (11 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot,
Mahesh Bandewar, Jakub Kicinski
From: Eric Dumazet <edumazet@google.com>
commit a7137534b597b7c303203e6bc3ed87e87a273bb8 upstream.
syzbot got a NULL dereference in bond_update_slave_arr() [1],
happening after a failure to allocate bond->slave_arr
A workqueue (bond_slave_arr_handler) is supposed to retry
the allocation later, but if the slave is removed before
the workqueue had a chance to complete, bond->slave_arr
can still be NULL.
[1]
Failed to build slave-array.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:bond_update_slave_arr.cold+0xc6/0x198 drivers/net/bonding/bond_main.c:4039
RSP: 0018:ffff88018fe33678 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000290b000
RDX: 0000000000000000 RSI: ffffffff82b63037 RDI: ffff88019745ea20
RBP: ffff88018fe33760 R08: ffff880170754280 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88019745ea00 R14: 0000000000000000 R15: ffff88018fe338b0
FS: 00007febd837d700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004540a0 CR3: 00000001c242e005 CR4: 00000000001626f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
[<ffffffff82b5b45e>] __bond_release_one+0x43e/0x500 drivers/net/bonding/bond_main.c:1923
[<ffffffff82b5b966>] bond_release drivers/net/bonding/bond_main.c:2039 [inline]
[<ffffffff82b5b966>] bond_do_ioctl+0x416/0x870 drivers/net/bonding/bond_main.c:3562
[<ffffffff83ae25f4>] dev_ifsioc+0x6f4/0x940 net/core/dev_ioctl.c:328
[<ffffffff83ae2e58>] dev_ioctl+0x1b8/0xc70 net/core/dev_ioctl.c:495
[<ffffffff83995ffd>] sock_do_ioctl+0x1bd/0x300 net/socket.c:1088
[<ffffffff83996a80>] sock_ioctl+0x300/0x5d0 net/socket.c:1196
[<ffffffff81b124db>] vfs_ioctl fs/ioctl.c:47 [inline]
[<ffffffff81b124db>] file_ioctl fs/ioctl.c:501 [inline]
[<ffffffff81b124db>] do_vfs_ioctl+0xacb/0x1300 fs/ioctl.c:688
[<ffffffff81b12dc6>] SYSC_ioctl fs/ioctl.c:705 [inline]
[<ffffffff81b12dc6>] SyS_ioctl+0xb6/0xe0 fs/ioctl.c:696
[<ffffffff8101ccc8>] do_syscall_64+0x528/0x770 arch/x86/entry/common.c:305
[<ffffffff84400091>] entry_SYSCALL_64_after_hwframe+0x42/0xb7
Fixes: ee6377147409 ("bonding: Simplify the xmit function for modes that use xmit_hash")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/bonding/bond_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -4033,7 +4033,7 @@ out:
* this to-be-skipped slave to send a packet out.
*/
old_arr = rtnl_dereference(bond->slave_arr);
- for (idx = 0; idx < old_arr->count; idx++) {
+ for (idx = 0; old_arr != NULL && idx < old_arr->count; idx++) {
if (skipslave == old_arr->arr[idx]) {
old_arr->arr[idx] =
old_arr->arr[old_arr->count-1];
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 143/149] net: usb: sr9800: fix uninitialized local variable
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 142/149] bonding: fix potential NULL deref in bond_update_slave_arr Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 144/149] sch_netem: fix rcu splat in netem_enqueue() Greg Kroah-Hartman
` (10 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+f1842130bbcfb335bac1,
Valentin Vidic, David S. Miller
From: Valentin Vidic <vvidic@valentin-vidic.from.hr>
commit 77b6d09f4ae66d42cd63b121af67780ae3d1a5e9 upstream.
Make sure res does not contain random value if the call to
sr_read_cmd fails for some reason.
Reported-by: syzbot+f1842130bbcfb335bac1@syzkaller.appspotmail.com
Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/sr9800.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/usb/sr9800.c
+++ b/drivers/net/usb/sr9800.c
@@ -336,7 +336,7 @@ static void sr_set_multicast(struct net_
static int sr_mdio_read(struct net_device *net, int phy_id, int loc)
{
struct usbnet *dev = netdev_priv(net);
- __le16 res;
+ __le16 res = 0;
mutex_lock(&dev->phy_mutex);
sr_set_sw_mii(dev);
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 144/149] sch_netem: fix rcu splat in netem_enqueue()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 143/149] net: usb: sr9800: fix uninitialized local variable Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 145/149] ALSA: timer: Simplify error path in snd_timer_open() Greg Kroah-Hartman
` (9 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 159d2c7d8106177bd9a986fd005a311fe0d11285 upstream.
qdisc_root() use from netem_enqueue() triggers a lockdep warning.
__dev_queue_xmit() uses rcu_read_lock_bh() which is
not equivalent to rcu_read_lock() + local_bh_disable_bh as far
as lockdep is concerned.
WARNING: suspicious RCU usage
5.3.0-rc7+ #0 Not tainted
-----------------------------
include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by syz-executor427/8855:
#0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2dc/0x2570 net/ipv4/ip_output.c:214
#1: 00000000b5525c01 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x3650 net/core/dev.c:3804
#2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
#2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_xmit_skb net/core/dev.c:3502 [inline]
#2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838
stack backtrace:
CPU: 0 PID: 8855 Comm: syz-executor427 Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5357
qdisc_root include/net/sch_generic.h:492 [inline]
netem_enqueue+0x1cfb/0x2d80 net/sched/sch_netem.c:479
__dev_xmit_skb net/core/dev.c:3527 [inline]
__dev_queue_xmit+0x15d2/0x3650 net/core/dev.c:3838
dev_queue_xmit+0x18/0x20 net/core/dev.c:3902
neigh_hh_output include/net/neighbour.h:500 [inline]
neigh_output include/net/neighbour.h:509 [inline]
ip_finish_output2+0x1726/0x2570 net/ipv4/ip_output.c:228
__ip_finish_output net/ipv4/ip_output.c:308 [inline]
__ip_finish_output+0x5fc/0xb90 net/ipv4/ip_output.c:290
ip_finish_output+0x38/0x1f0 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:294 [inline]
ip_mc_output+0x292/0xf40 net/ipv4/ip_output.c:417
dst_output include/net/dst.h:436 [inline]
ip_local_out+0xbb/0x190 net/ipv4/ip_output.c:125
ip_send_skb+0x42/0xf0 net/ipv4/ip_output.c:1555
udp_send_skb.isra.0+0x6b2/0x1160 net/ipv4/udp.c:887
udp_sendmsg+0x1e96/0x2820 net/ipv4/udp.c:1174
inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:657
___sys_sendmsg+0x3e2/0x920 net/socket.c:2311
__sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413
__do_sys_sendmmsg net/socket.c:2442 [inline]
__se_sys_sendmmsg net/socket.c:2439 [inline]
__x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2439
do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/sch_generic.h | 5 +++++
net/sched/sch_netem.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -421,6 +421,11 @@ static inline struct Qdisc *qdisc_root(c
return q;
}
+static inline struct Qdisc *qdisc_root_bh(const struct Qdisc *qdisc)
+{
+ return rcu_dereference_bh(qdisc->dev_queue->qdisc);
+}
+
static inline struct Qdisc *qdisc_root_sleeping(const struct Qdisc *qdisc)
{
return qdisc->dev_queue->qdisc_sleeping;
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -474,7 +474,7 @@ static int netem_enqueue(struct sk_buff
* skb will be queued.
*/
if (count > 1 && (skb2 = skb_clone(skb, GFP_ATOMIC)) != NULL) {
- struct Qdisc *rootq = qdisc_root(sch);
+ struct Qdisc *rootq = qdisc_root_bh(sch);
u32 dupsave = q->duplicate; /* prevent duplicating a dup... */
q->duplicate = 0;
^ permalink raw reply [flat|nested] 170+ messages in thread
* [PATCH 4.19 145/149] ALSA: timer: Simplify error path in snd_timer_open()
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 144/149] sch_netem: fix rcu splat in netem_enqueue() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 146/149] ALSA: timer: Fix mutex deadlock at releasing card Greg Kroah-Hartman
` (8 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 41672c0c24a62699d20aab53b98d843b16483053 ]
Just a minor refactoring to use the standard goto for error paths in
snd_timer_open() instead of open code. The first mutex_lock() is
moved to the beginning of the function to make the code clearer.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/timer.c | 39 ++++++++++++++++++++-------------------
1 file changed, 20 insertions(+), 19 deletions(-)
diff --git a/sound/core/timer.c b/sound/core/timer.c
index 61a0cec6e1f66..316794eb44017 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -254,19 +254,20 @@ int snd_timer_open(struct snd_timer_instance **ti,
struct snd_timer_instance *timeri = NULL;
int err;
+ mutex_lock(®ister_mutex);
if (tid->dev_class == SNDRV_TIMER_CLASS_SLAVE) {
/* open a slave instance */
if (tid->dev_sclass <= SNDRV_TIMER_SCLASS_NONE ||
tid->dev_sclass > SNDRV_TIMER_SCLASS_OSS_SEQUENCER) {
pr_debug("ALSA: timer: invalid slave class %i\n",
tid->dev_sclass);
- return -EINVAL;
+ err = -EINVAL;
+ goto unlock;
}
- mutex_lock(®ister_mutex);
timeri = snd_timer_instance_new(owner, NULL);
if (!timeri) {
- mutex_unlock(®ister_mutex);
- return -ENOMEM;
+ err = -ENOMEM;
+ goto unlock;
}
timeri->slave_class = tid->dev_sclass;
timeri->slave_id = tid->device;
@@ -277,13 +278,10 @@ int snd_timer_open(struct snd_timer_instance **ti,
snd_timer_close_locked(timeri);
timeri = NULL;
}
- mutex_unlock(®ister_mutex);
- *ti = timeri;
- return err;
+ goto unlock;
}
/* open a master instance */
- mutex_lock(®ister_mutex);
timer = snd_timer_find(tid);
#ifdef CONFIG_MODULES
if (!timer) {
@@ -294,25 +292,26 @@ int snd_timer_open(struct snd_timer_instance **ti,
}
#endif
if (!timer) {
- mutex_unlock(®ister_mutex);
- return -ENODEV;
+ err = -ENODEV;
+ goto unlock;
}
if (!list_empty(&timer->open_list_head)) {
timeri = list_entry(timer->open_list_head.next,
struct snd_timer_instance, open_list);
if (timeri->flags & SNDRV_TIMER_IFLG_EXCLUSIVE) {
- mutex_unlock(®ister_mutex);
- return -EBUSY;
+ err = -EBUSY;
+ timeri = NULL;
+ goto unlock;
}
}
if (timer->num_instances >= timer->max_instances) {
- mutex_unlock(®ister_mutex);
- return -EBUSY;
+ err = -EBUSY;
+ goto unlock;
}
timeri = snd_timer_instance_new(owner, timer);
if (!timeri) {
- mutex_unlock(®ister_mutex);
- return -ENOMEM;
+ err = -ENOMEM;
+ goto unlock;
}
/* take a card refcount for safe disconnection */
if (timer->card)
@@ -321,16 +320,16 @@ int snd_timer_open(struct snd_timer_instance **ti,
timeri->slave_id = slave_id;
if (list_empty(&timer->open_list_head) && timer->hw.open) {
- int err = timer->hw.open(timer);
+ err = timer->hw.open(timer);
if (err) {
kfree(timeri->owner);
kfree(timeri);
+ timeri = NULL;
if (timer->card)
put_device(&timer->card->card_dev);
module_put(timer->module);
- mutex_unlock(®ister_mutex);
- return err;
+ goto unlock;
}
}
@@ -341,6 +340,8 @@ int snd_timer_open(struct snd_timer_instance **ti,
snd_timer_close_locked(timeri);
timeri = NULL;
}
+
+ unlock:
mutex_unlock(®ister_mutex);
*ti = timeri;
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 146/149] ALSA: timer: Fix mutex deadlock at releasing card
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 145/149] ALSA: timer: Simplify error path in snd_timer_open() Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 147/149] ALSA: usb-audio: DSD auto-detection for Playback Designs Greg Kroah-Hartman
` (7 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin,
Kirill A . Shutemov
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit a39331867335d4a94b6165e306265c9e24aca073 ]
When a card is disconnected while in use, the system waits until all
opened files are closed then releases the card. This is done via
put_device() of the card device in each device release code.
The recently reported mutex deadlock bug happens in this code path;
snd_timer_close() for the timer device deals with the global
register_mutex and it calls put_device() there. When this timer
device is the last one, the card gets freed and it eventually calls
snd_timer_free(), which has again the protection with the global
register_mutex -- boom.
Basically put_device() call itself is race-free, so a relative simple
workaround is to move this put_device() call out of the mutex. For
achieving that, in this patch, snd_timer_close_locked() got a new
argument to store the card device pointer in return, and each caller
invokes put_device() with the returned object after the mutex unlock.
Reported-and-tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/timer.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/sound/core/timer.c b/sound/core/timer.c
index 316794eb44017..ec74705f003b8 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -240,7 +240,8 @@ static int snd_timer_check_master(struct snd_timer_instance *master)
return 0;
}
-static int snd_timer_close_locked(struct snd_timer_instance *timeri);
+static int snd_timer_close_locked(struct snd_timer_instance *timeri,
+ struct device **card_devp_to_put);
/*
* open a timer instance
@@ -252,6 +253,7 @@ int snd_timer_open(struct snd_timer_instance **ti,
{
struct snd_timer *timer;
struct snd_timer_instance *timeri = NULL;
+ struct device *card_dev_to_put = NULL;
int err;
mutex_lock(®ister_mutex);
@@ -275,7 +277,7 @@ int snd_timer_open(struct snd_timer_instance **ti,
list_add_tail(&timeri->open_list, &snd_timer_slave_list);
err = snd_timer_check_slave(timeri);
if (err < 0) {
- snd_timer_close_locked(timeri);
+ snd_timer_close_locked(timeri, &card_dev_to_put);
timeri = NULL;
}
goto unlock;
@@ -327,7 +329,7 @@ int snd_timer_open(struct snd_timer_instance **ti,
timeri = NULL;
if (timer->card)
- put_device(&timer->card->card_dev);
+ card_dev_to_put = &timer->card->card_dev;
module_put(timer->module);
goto unlock;
}
@@ -337,12 +339,15 @@ int snd_timer_open(struct snd_timer_instance **ti,
timer->num_instances++;
err = snd_timer_check_master(timeri);
if (err < 0) {
- snd_timer_close_locked(timeri);
+ snd_timer_close_locked(timeri, &card_dev_to_put);
timeri = NULL;
}
unlock:
mutex_unlock(®ister_mutex);
+ /* put_device() is called after unlock for avoiding deadlock */
+ if (card_dev_to_put)
+ put_device(card_dev_to_put);
*ti = timeri;
return err;
}
@@ -352,7 +357,8 @@ EXPORT_SYMBOL(snd_timer_open);
* close a timer instance
* call this with register_mutex down.
*/
-static int snd_timer_close_locked(struct snd_timer_instance *timeri)
+static int snd_timer_close_locked(struct snd_timer_instance *timeri,
+ struct device **card_devp_to_put)
{
struct snd_timer *timer = NULL;
struct snd_timer_instance *slave, *tmp;
@@ -404,7 +410,7 @@ static int snd_timer_close_locked(struct snd_timer_instance *timeri)
timer->hw.close(timer);
/* release a card refcount for safe disconnection */
if (timer->card)
- put_device(&timer->card->card_dev);
+ *card_devp_to_put = &timer->card->card_dev;
module_put(timer->module);
}
@@ -416,14 +422,18 @@ static int snd_timer_close_locked(struct snd_timer_instance *timeri)
*/
int snd_timer_close(struct snd_timer_instance *timeri)
{
+ struct device *card_dev_to_put = NULL;
int err;
if (snd_BUG_ON(!timeri))
return -ENXIO;
mutex_lock(®ister_mutex);
- err = snd_timer_close_locked(timeri);
+ err = snd_timer_close_locked(timeri, &card_dev_to_put);
mutex_unlock(®ister_mutex);
+ /* put_device() is called after unlock for avoiding deadlock */
+ if (card_dev_to_put)
+ put_device(card_dev_to_put);
return err;
}
EXPORT_SYMBOL(snd_timer_close);
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 147/149] ALSA: usb-audio: DSD auto-detection for Playback Designs
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 146/149] ALSA: timer: Fix mutex deadlock at releasing card Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 148/149] ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel Greg Kroah-Hartman
` (6 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jussi Laako, Takashi Iwai, Sasha Levin
From: Jussi Laako <jussi@sonarnerd.net>
[ Upstream commit eb7505d52a2f8b0cfc3fd7146d8cb2dab5a73f0d ]
Add DSD support auto-detection for newer Playback Designs devices. Older
device generations have a different USB interface implementation.
Keep the auto-detection VID whitelist sorted.
Signed-off-by: Jussi Laako <jussi@sonarnerd.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/quirks.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index e5dde06c31a6f..0a8a0978a2dba 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1343,7 +1343,8 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
struct usb_interface *iface;
/* Playback Designs */
- if (USB_ID_VENDOR(chip->usb_id) == 0x23ba) {
+ if (USB_ID_VENDOR(chip->usb_id) == 0x23ba &&
+ USB_ID_PRODUCT(chip->usb_id) < 0x0110) {
switch (fp->altsetting) {
case 1:
fp->dsd_dop = true;
@@ -1431,8 +1432,9 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
* from XMOS/Thesycon
*/
switch (USB_ID_VENDOR(chip->usb_id)) {
- case 0x20b1: /* XMOS based devices */
case 0x152a: /* Thesycon devices */
+ case 0x20b1: /* XMOS based devices */
+ case 0x23ba: /* Playback Designs */
case 0x25ce: /* Mytek devices */
case 0x2ab6: /* T+A devices */
case 0x3842: /* EVGA */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 148/149] ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 147/149] ALSA: usb-audio: DSD auto-detection for Playback Designs Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 149/149] ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface Greg Kroah-Hartman
` (5 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jussi Laako, Takashi Iwai, Sasha Levin
From: Jussi Laako <jussi@sonarnerd.net>
[ Upstream commit 0067e154b11e236d62a7a8205f321b097c21a35b ]
Oppo has issued firmware updates that change alt setting used for DSD
support. However, these devices seem to support auto-detection, so
support is moved from explicit whitelisting to auto-detection.
Also Rotel devices have USB interfaces that support DSD with
auto-detection.
Signed-off-by: Jussi Laako <jussi@sonarnerd.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/quirks.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 0a8a0978a2dba..28035c59cb37c 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1361,9 +1361,6 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
/* XMOS based USB DACs */
switch (chip->usb_id) {
case USB_ID(0x1511, 0x0037): /* AURALiC VEGA */
- case USB_ID(0x22d9, 0x0416): /* OPPO HA-1 */
- case USB_ID(0x22d9, 0x0436): /* OPPO Sonica */
- case USB_ID(0x22d9, 0x0461): /* OPPO UDP-205 */
case USB_ID(0x2522, 0x0012): /* LH Labs VI DAC Infinity */
case USB_ID(0x2772, 0x0230): /* Pro-Ject Pre Box S2 Digital */
if (fp->altsetting == 2)
@@ -1377,7 +1374,6 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
case USB_ID(0x16d0, 0x0733): /* Furutech ADL Stratos */
case USB_ID(0x16d0, 0x09db): /* NuPrime Audio DAC-9 */
case USB_ID(0x1db5, 0x0003): /* Bryston BDA3 */
- case USB_ID(0x22d9, 0x0426): /* OPPO HA-2 */
case USB_ID(0x22e1, 0xca01): /* HDTA Serenade DSD */
case USB_ID(0x249c, 0x9326): /* M2Tech Young MkIII */
case USB_ID(0x2616, 0x0106): /* PS Audio NuWave DAC */
@@ -1434,8 +1430,10 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
switch (USB_ID_VENDOR(chip->usb_id)) {
case 0x152a: /* Thesycon devices */
case 0x20b1: /* XMOS based devices */
+ case 0x22d9: /* Oppo */
case 0x23ba: /* Playback Designs */
case 0x25ce: /* Mytek devices */
+ case 0x278b: /* Rotel? */
case 0x2ab6: /* T+A devices */
case 0x3842: /* EVGA */
case 0xc502: /* HiBy devices */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* [PATCH 4.19 149/149] ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 148/149] ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel Greg Kroah-Hartman
@ 2019-11-04 21:45 ` Greg Kroah-Hartman
2019-11-05 5:36 ` [PATCH 4.19 000/149] 4.19.82-stable review kernelci.org bot
` (4 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-04 21:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Song, Takashi Iwai, Sasha Levin
From: Justin Song <flyingecar@gmail.com>
[ Upstream commit e2995b95a914bbc6b5352be27d5d5f33ec802d2c ]
This patch adds native DSD support for Gustard U16/X26 USB Interface.
Tested using VID and fp->dsd_raw method.
Signed-off-by: Justin Song <flyingecar@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/CA+9XP1ipsFn+r3bCBKRinQv-JrJ+EHOGBdZWZoMwxFv0R8Y1MQ@mail.gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/quirks.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 28035c59cb37c..c102c0377ad91 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1434,6 +1434,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
case 0x23ba: /* Playback Designs */
case 0x25ce: /* Mytek devices */
case 0x278b: /* Rotel? */
+ case 0x292b: /* Gustard/Ess based devices */
case 0x2ab6: /* T+A devices */
case 0x3842: /* EVGA */
case 0xc502: /* HiBy devices */
--
2.20.1
^ permalink raw reply related [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2019-11-04 21:45 ` [PATCH 4.19 149/149] ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface Greg Kroah-Hartman
@ 2019-11-05 5:36 ` kernelci.org bot
2019-11-05 6:14 ` Naresh Kamboju
` (3 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: kernelci.org bot @ 2019-11-05 5:36 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
stable-rc/linux-4.19.y boot: 118 boots: 0 failed, 111 passed with 7 offline (v4.19.81-150-g3d3728a67bfc)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.19.y/kernel/v4.19.81-150-g3d3728a67bfc/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.19.y/kernel/v4.19.81-150-g3d3728a67bfc/
Tree: stable-rc
Branch: linux-4.19.y
Git Describe: v4.19.81-150-g3d3728a67bfc
Git Commit: 3d3728a67bfcb7460a6f7c5417a2d9a4ff180c58
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 69 unique boards, 23 SoC families, 14 builds out of 206
Offline Platforms:
arm:
sunxi_defconfig:
gcc-8
sun5i-r8-chip: 1 offline lab
sun7i-a20-bananapi: 1 offline lab
multi_v7_defconfig:
gcc-8
qcom-apq8064-cm-qs600: 1 offline lab
sun5i-r8-chip: 1 offline lab
sun7i-a20-bananapi: 1 offline lab
davinci_all_defconfig:
gcc-8
dm365evm,legacy: 1 offline lab
qcom_defconfig:
gcc-8
qcom-apq8064-cm-qs600: 1 offline lab
---
For more info write to <info@kernelci.org>
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2019-11-05 5:36 ` [PATCH 4.19 000/149] 4.19.82-stable review kernelci.org bot
@ 2019-11-05 6:14 ` Naresh Kamboju
2019-11-05 14:25 ` Guenter Roeck
` (2 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Naresh Kamboju @ 2019-11-05 6:14 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: open list, Shuah Khan, patches, lkft-triage, Ben Hutchings,
linux- stable, Andrew Morton, Linus Torvalds, Guenter Roeck
On Tue, 5 Nov 2019 at 03:28, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.82 release.
> There are 149 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.82-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 4.19.82-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: 3d3728a67bfcb7460a6f7c5417a2d9a4ff180c58
git describe: v4.19.81-150-g3d3728a67bfc
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.81-150-g3d3728a67bfc
No regressions (compared to build v4.19.81)
No fixes (compared to build v4.19.81)
Ran 23947 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* ltp-fs-tests
* network-basic-tests
* ltp-open-posix-tests
* kvm-unit-tests
* ssuite
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2019-11-05 6:14 ` Naresh Kamboju
@ 2019-11-05 14:25 ` Guenter Roeck
2019-11-05 16:52 ` shuah
2019-11-05 23:46 ` Jon Hunter
153 siblings, 0 replies; 170+ messages in thread
From: Guenter Roeck @ 2019-11-05 14:25 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, shuah, patches, ben.hutchings, lkft-triage, stable
On 11/4/19 1:43 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.82 release.
> There are 149 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
> Anything received after that time might be too late.
>
Build results:
total: 156 pass: 156 fail: 0
Qemu test results:
total: 390 pass: 390 fail: 0
Guenter
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-04 21:45 ` [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Greg Kroah-Hartman
@ 2019-11-05 14:36 ` Oliver Neukum
2019-11-05 15:09 ` Alan Stern
0 siblings, 1 reply; 170+ messages in thread
From: Oliver Neukum @ 2019-11-05 14:36 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel; +Cc: stable, Alan Stern, Christoph Hellwig
Am Montag, den 04.11.2019, 22:45 +0100 schrieb Greg Kroah-Hartman:
> Since commit ea44d190764b ("usbip: Implement SG support to
> vhci-hcd and stub driver") was merged, the USB/IP driver can
> also handle SG.
Hi,
same story as 4.4.x
Regards
Oliver
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-05 14:36 ` Oliver Neukum
@ 2019-11-05 15:09 ` Alan Stern
2019-11-05 15:41 ` Oliver Neukum
0 siblings, 1 reply; 170+ messages in thread
From: Alan Stern @ 2019-11-05 15:09 UTC (permalink / raw)
To: Oliver Neukum; +Cc: Greg Kroah-Hartman, linux-kernel, stable, Christoph Hellwig
On Tue, 5 Nov 2019, Oliver Neukum wrote:
> Am Montag, den 04.11.2019, 22:45 +0100 schrieb Greg Kroah-Hartman:
> > Since commit ea44d190764b ("usbip: Implement SG support to
> > vhci-hcd and stub driver") was merged, the USB/IP driver can
> > also handle SG.
>
> Hi,
>
> same story as 4.4.x
I'm not sure about uas, but it was reported just yesterday that the
corresponding commit for usb-storage caused a 30% speed degradation:
https://marc.info/?l=linux-usb&m=157293660212040&w=2
Given this information, perhaps you will decide that the revert is
worthwhile.
Alan Stern
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-05 15:09 ` Alan Stern
@ 2019-11-05 15:41 ` Oliver Neukum
2019-11-05 16:38 ` Greg Kroah-Hartman
0 siblings, 1 reply; 170+ messages in thread
From: Oliver Neukum @ 2019-11-05 15:41 UTC (permalink / raw)
To: Alan Stern; +Cc: Greg Kroah-Hartman, linux-kernel, stable, Christoph Hellwig
Am Dienstag, den 05.11.2019, 10:09 -0500 schrieb Alan Stern:
> On Tue, 5 Nov 2019, Oliver Neukum wrote:
>
> > Am Montag, den 04.11.2019, 22:45 +0100 schrieb Greg Kroah-Hartman:
> > > Since commit ea44d190764b ("usbip: Implement SG support to
> > > vhci-hcd and stub driver") was merged, the USB/IP driver can
> > > also handle SG.
> >
> > Hi,
> >
> > same story as 4.4.x
>
> I'm not sure about uas, but it was reported just yesterday that the
> corresponding commit for usb-storage caused a 30% speed degradation:
>
> https://marc.info/?l=linux-usb&m=157293660212040&w=2
>
> Given this information, perhaps you will decide that the revert is
> worthwhile.
Damned if I do, damned if I do not.
Check for usbip and special case it?
Regards
Oliver
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-05 15:41 ` Oliver Neukum
@ 2019-11-05 16:38 ` Greg Kroah-Hartman
2019-11-07 11:32 ` Oliver Neukum
0 siblings, 1 reply; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-05 16:38 UTC (permalink / raw)
To: Oliver Neukum; +Cc: Alan Stern, linux-kernel, stable, Christoph Hellwig
On Tue, Nov 05, 2019 at 04:41:07PM +0100, Oliver Neukum wrote:
> Am Dienstag, den 05.11.2019, 10:09 -0500 schrieb Alan Stern:
> > On Tue, 5 Nov 2019, Oliver Neukum wrote:
> >
> > > Am Montag, den 04.11.2019, 22:45 +0100 schrieb Greg Kroah-Hartman:
> > > > Since commit ea44d190764b ("usbip: Implement SG support to
> > > > vhci-hcd and stub driver") was merged, the USB/IP driver can
> > > > also handle SG.
> > >
> > > Hi,
> > >
> > > same story as 4.4.x
> >
> > I'm not sure about uas, but it was reported just yesterday that the
> > corresponding commit for usb-storage caused a 30% speed degradation:
> >
> > https://marc.info/?l=linux-usb&m=157293660212040&w=2
> >
> > Given this information, perhaps you will decide that the revert is
> > worthwhile.
>
> Damned if I do, damned if I do not.
> Check for usbip and special case it?
We should be able to do that in the host controller driver for usbip,
right? What is the symptom if you use a UAS device with usbip and this
commit?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2019-11-05 14:25 ` Guenter Roeck
@ 2019-11-05 16:52 ` shuah
2019-11-05 23:46 ` Jon Hunter
153 siblings, 0 replies; 170+ messages in thread
From: shuah @ 2019-11-05 16:52 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
stable, shuah
On 11/4/19 2:43 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.82 release.
> There are 149 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.82-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
@ 2019-11-05 23:46 ` Jon Hunter
2019-11-04 21:43 ` [PATCH 4.19 002/149] dm snapshot: introduce account_start_copy() and account_end_copy() Greg Kroah-Hartman
` (152 subsequent siblings)
153 siblings, 0 replies; 170+ messages in thread
From: Jon Hunter @ 2019-11-05 23:46 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
lkft-triage, stable, linux-tegra
On 04/11/2019 21:43, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.82 release.
> There are 149 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.82-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
...
> Jose Abreu <jose.abreu@synopsys.com>
> net: stmmac: Fix NAPI poll in TX path when in multi-queue
The above commit is causing a boot regression on Tegra186. Bisect points
to this commit and reverting fixes the issue.
Regards,
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
@ 2019-11-05 23:46 ` Jon Hunter
0 siblings, 0 replies; 170+ messages in thread
From: Jon Hunter @ 2019-11-05 23:46 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
lkft-triage, stable, linux-tegra
On 04/11/2019 21:43, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.82 release.
> There are 149 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.82-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
...
> Jose Abreu <jose.abreu@synopsys.com>
> net: stmmac: Fix NAPI poll in TX path when in multi-queue
The above commit is causing a boot regression on Tegra186. Bisect points
to this commit and reverting fixes the issue.
Regards,
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core
2019-11-04 21:44 ` [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core Greg Kroah-Hartman
@ 2019-11-06 9:41 ` Pavel Machek
2019-11-06 10:44 ` Greg Kroah-Hartman
0 siblings, 1 reply; 170+ messages in thread
From: Pavel Machek @ 2019-11-06 9:41 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Pascal Bouwmann, Jonathan Cameron, Sasha Levin
> From: Pascal Bouwmann <bouwmann@tau-tec.de>
>
> [ Upstream commit 6c59a962e081df6d8fe43325bbfabec57e0d4751 ]
>
> The center temperature of the supported devices stored in the constant
> BMC150_ACCEL_TEMP_CENTER_VAL is not 24 degrees but 23 degrees.
>
> It seems that some datasheets were inconsistent on this value leading
> to the error. For most usecases will only make minor difference so
> not queued for stable.
>
> Signed-off-by: Pascal Bouwmann <bouwmann@tau-tec.de>
> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
Minor miscalibration, and author specifically states it should not be
queued for stable. Yet, Sasha goes and queues it for stable. Why?
Pavel
> +++ b/drivers/iio/accel/bmc150-accel-core.c
> @@ -125,7 +125,7 @@
> #define BMC150_ACCEL_SLEEP_1_SEC 0x0F
>
> #define BMC150_ACCEL_REG_TEMP 0x08
> -#define BMC150_ACCEL_TEMP_CENTER_VAL 24
> +#define BMC150_ACCEL_TEMP_CENTER_VAL 23
>
> #define BMC150_ACCEL_AXIS_TO_REG(axis) (BMC150_ACCEL_REG_XOUT_L + (axis * 2))
> #define BMC150_AUTO_SUSPEND_DELAY_MS 2000
> --
> 2.20.1
>
>
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core
2019-11-06 9:41 ` Pavel Machek
@ 2019-11-06 10:44 ` Greg Kroah-Hartman
0 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-06 10:44 UTC (permalink / raw)
To: Pavel Machek
Cc: linux-kernel, stable, Pascal Bouwmann, Jonathan Cameron, Sasha Levin
On Wed, Nov 06, 2019 at 10:41:38AM +0100, Pavel Machek wrote:
> > From: Pascal Bouwmann <bouwmann@tau-tec.de>
> >
> > [ Upstream commit 6c59a962e081df6d8fe43325bbfabec57e0d4751 ]
> >
> > The center temperature of the supported devices stored in the constant
> > BMC150_ACCEL_TEMP_CENTER_VAL is not 24 degrees but 23 degrees.
> >
> > It seems that some datasheets were inconsistent on this value leading
> > to the error. For most usecases will only make minor difference so
> > not queued for stable.
> >
> > Signed-off-by: Pascal Bouwmann <bouwmann@tau-tec.de>
> > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
>
> Minor miscalibration, and author specifically states it should not be
> queued for stable. Yet, Sasha goes and queues it for stable. Why?
Because it really does fix an issue.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 000/149] 4.19.82-stable review
2019-11-05 23:46 ` Jon Hunter
(?)
@ 2019-11-06 10:49 ` Greg Kroah-Hartman
-1 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-06 10:49 UTC (permalink / raw)
To: Jon Hunter
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable, linux-tegra
On Tue, Nov 05, 2019 at 11:46:05PM +0000, Jon Hunter wrote:
>
> On 04/11/2019 21:43, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.19.82 release.
> > There are 149 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.82-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> >
> > -------------
> > Pseudo-Shortlog of commits:
>
> ...
>
> > Jose Abreu <jose.abreu@synopsys.com>
> > net: stmmac: Fix NAPI poll in TX path when in multi-queue
>
> The above commit is causing a boot regression on Tegra186. Bisect points
> to this commit and reverting fixes the issue.
Thanks for testing this. I've dropped this patch now, so all shoudl be
good.
greg k-h
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 078/149] gpio: max77620: Use correct unit for debounce times
2019-11-04 21:44 ` [PATCH 4.19 078/149] gpio: max77620: Use correct unit for debounce times Greg Kroah-Hartman
@ 2019-11-06 19:01 ` Pavel Machek
0 siblings, 0 replies; 170+ messages in thread
From: Pavel Machek @ 2019-11-06 19:01 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Thierry Reding, Linus Walleij, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 936 bytes --]
Hi!
> The gpiod_set_debounce() function takes the debounce time in
> microseconds. Adjust the switch/case values in the MAX77620 GPIO to use
> the correct unit.
> +++ b/drivers/gpio/gpio-max77620.c
> @@ -163,13 +163,13 @@ static int max77620_gpio_set_debounce(struct max77620_gpio *mgpio,
> case 0:
> val = MAX77620_CNFG_GPIO_DBNC_None;
> break;
> - case 1 ... 8:
> + case 1000 ... 8000:
> val = MAX77620_CNFG_GPIO_DBNC_8ms;
> break;
AFAICT the range should be 1 ... 8000, then 8001 ... 16000 etc below...
> - case 9 ... 16:
> + case 9000 ... 16000:
> val = MAX77620_CNFG_GPIO_DBNC_16ms;
> break;
> - case 17 ... 32:
> + case 17000 ... 32000:
> val = MAX77620_CNFG_GPIO_DBNC_32ms;
> break;
> default:
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-05 16:38 ` Greg Kroah-Hartman
@ 2019-11-07 11:32 ` Oliver Neukum
2019-11-08 7:23 ` Greg Kroah-Hartman
0 siblings, 1 reply; 170+ messages in thread
From: Oliver Neukum @ 2019-11-07 11:32 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: Alan Stern, linux-kernel, stable, Christoph Hellwig
Am Dienstag, den 05.11.2019, 17:38 +0100 schrieb Greg Kroah-Hartman:
> > > Given this information, perhaps you will decide that the revert is
> > > worthwhile.
> >
> > Damned if I do, damned if I do not.
> > Check for usbip and special case it?
>
> We should be able to do that in the host controller driver for usbip,
> right? What is the symptom if you use a UAS device with usbip and this
> commit?
Yes, that patch should then also be applied. Then it will work.
Without it, commands will fail, as transfers will end prematurely.
Regards
Oliver
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-07 11:32 ` Oliver Neukum
@ 2019-11-08 7:23 ` Greg Kroah-Hartman
2019-11-08 15:35 ` Alan Stern
0 siblings, 1 reply; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-08 7:23 UTC (permalink / raw)
To: Oliver Neukum; +Cc: Alan Stern, linux-kernel, stable, Christoph Hellwig
On Thu, Nov 07, 2019 at 12:32:45PM +0100, Oliver Neukum wrote:
> Am Dienstag, den 05.11.2019, 17:38 +0100 schrieb Greg Kroah-Hartman:
> > > > Given this information, perhaps you will decide that the revert is
> > > > worthwhile.
> > >
> > > Damned if I do, damned if I do not.
> > > Check for usbip and special case it?
> >
> > We should be able to do that in the host controller driver for usbip,
> > right? What is the symptom if you use a UAS device with usbip and this
> > commit?
>
> Yes, that patch should then also be applied. Then it will work.
> Without it, commands will fail, as transfers will end prematurely.
Ok, I'm confused now. I just checked, and I really have no idea what
needs to be backported anymore. 3ae62a42090f ("UAS: fix alignment of
scatter/gather segments") was backported to all of the stable kernels,
and now we reverted it.
So what else needs to be done here?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-08 7:23 ` Greg Kroah-Hartman
@ 2019-11-08 15:35 ` Alan Stern
2019-11-10 14:27 ` Oliver Neukum
0 siblings, 1 reply; 170+ messages in thread
From: Alan Stern @ 2019-11-08 15:35 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: Oliver Neukum, linux-kernel, stable, Christoph Hellwig
On Fri, 8 Nov 2019, Greg Kroah-Hartman wrote:
> On Thu, Nov 07, 2019 at 12:32:45PM +0100, Oliver Neukum wrote:
> > Am Dienstag, den 05.11.2019, 17:38 +0100 schrieb Greg Kroah-Hartman:
> > > > > Given this information, perhaps you will decide that the revert is
> > > > > worthwhile.
> > > >
> > > > Damned if I do, damned if I do not.
> > > > Check for usbip and special case it?
> > >
> > > We should be able to do that in the host controller driver for usbip,
> > > right? What is the symptom if you use a UAS device with usbip and this
> > > commit?
> >
> > Yes, that patch should then also be applied. Then it will work.
> > Without it, commands will fail, as transfers will end prematurely.
>
> Ok, I'm confused now. I just checked, and I really have no idea what
> needs to be backported anymore. 3ae62a42090f ("UAS: fix alignment of
> scatter/gather segments") was backported to all of the stable kernels,
> and now we reverted it.
>
> So what else needs to be done here?
In one sense, nothing needs to be done. 3ae62a42090f was intended to
fix a long-standing problem with USBIP, but people reported a
regression in performance. (Admittedly, the report was about the
correponding change to usb-storage, not the change to uas, but it's
reasonable to think the effect would be the same.) So in line with the
no-regressions policy, we only need to revert the commit -- which you
have already done.
On the other hand, the long-standing problem in USBIP can be fixed by
back-porting commit ea44d190764b. But since that commit isn't a
bug-fix (and since it's rather large), you may question whether it is
appropriate for the -stable kernel series.
Alan Stern
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-08 15:35 ` Alan Stern
@ 2019-11-10 14:27 ` Oliver Neukum
2019-11-10 15:34 ` Alan Stern
0 siblings, 1 reply; 170+ messages in thread
From: Oliver Neukum @ 2019-11-10 14:27 UTC (permalink / raw)
To: Alan Stern, Greg Kroah-Hartman; +Cc: linux-kernel, stable, Christoph Hellwig
Am Freitag, den 08.11.2019, 10:35 -0500 schrieb Alan Stern:
> On Fri, 8 Nov 2019, Greg Kroah-Hartman wrote:
>
> > On Thu, Nov 07, 2019 at 12:32:45PM +0100, Oliver Neukum wrote:
> > > Am Dienstag, den 05.11.2019, 17:38 +0100 schrieb Greg Kroah-Hartman:
> > > > > > Given this information, perhaps you will decide that the revert is
> > > > > > worthwhile.
> > > > >
> > > > > Damned if I do, damned if I do not.
> > > > > Check for usbip and special case it?
> > > >
> > > > We should be able to do that in the host controller driver for usbip,
> > > > right? What is the symptom if you use a UAS device with usbip and this
> > > > commit?
> > >
> > > Yes, that patch should then also be applied. Then it will work.
> > > Without it, commands will fail, as transfers will end prematurely.
> >
> > Ok, I'm confused now. I just checked, and I really have no idea what
> > needs to be backported anymore. 3ae62a42090f ("UAS: fix alignment of
> > scatter/gather segments") was backported to all of the stable kernels,
> > and now we reverted it.
> >
> > So what else needs to be done here?
>
> In one sense, nothing needs to be done. 3ae62a42090f was intended to
> fix a long-standing problem with USBIP, but people reported a
OK, now I am a bit confused. AFAICT 3ae62a42090f actually did fix the
issue. So if you simply revert it, the issue will reappear.
> regression in performance. (Admittedly, the report was about the
> correponding change to usb-storage, not the change to uas, but it's
> reasonable to think the effect would be the same.) So in line with the
Yes.
> no-regressions policy, we only need to revert the commit -- which you
> have already done.
But that breaks UAS over USBIP, doesn't it?
> On the other hand, the long-standing problem in USBIP can be fixed by
> back-porting commit ea44d190764b. But since that commit isn't a
> bug-fix (and since it's rather large), you may question whether it is
> appropriate for the -stable kernel series.
It certainly is large. But without it UAS won't work over USBIP, will
it? I think that is the central question we need to answer here.
Regards
Oliver
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-10 14:27 ` Oliver Neukum
@ 2019-11-10 15:34 ` Alan Stern
2019-11-11 9:36 ` Greg Kroah-Hartman
0 siblings, 1 reply; 170+ messages in thread
From: Alan Stern @ 2019-11-10 15:34 UTC (permalink / raw)
To: Oliver Neukum; +Cc: Greg Kroah-Hartman, linux-kernel, stable, Christoph Hellwig
On Sun, 10 Nov 2019, Oliver Neukum wrote:
> Am Freitag, den 08.11.2019, 10:35 -0500 schrieb Alan Stern:
> > On Fri, 8 Nov 2019, Greg Kroah-Hartman wrote:
> >
> > > On Thu, Nov 07, 2019 at 12:32:45PM +0100, Oliver Neukum wrote:
> > > > Am Dienstag, den 05.11.2019, 17:38 +0100 schrieb Greg Kroah-Hartman:
> > > > > > > Given this information, perhaps you will decide that the revert is
> > > > > > > worthwhile.
> > > > > >
> > > > > > Damned if I do, damned if I do not.
> > > > > > Check for usbip and special case it?
> > > > >
> > > > > We should be able to do that in the host controller driver for usbip,
> > > > > right? What is the symptom if you use a UAS device with usbip and this
> > > > > commit?
> > > >
> > > > Yes, that patch should then also be applied. Then it will work.
> > > > Without it, commands will fail, as transfers will end prematurely.
> > >
> > > Ok, I'm confused now. I just checked, and I really have no idea what
> > > needs to be backported anymore. 3ae62a42090f ("UAS: fix alignment of
> > > scatter/gather segments") was backported to all of the stable kernels,
> > > and now we reverted it.
> > >
> > > So what else needs to be done here?
> >
> > In one sense, nothing needs to be done. 3ae62a42090f was intended to
> > fix a long-standing problem with USBIP, but people reported a
>
> OK, now I am a bit confused. AFAICT 3ae62a42090f actually did fix the
> issue. So if you simply revert it, the issue will reappear.
Correct. I think.
> > regression in performance. (Admittedly, the report was about the
> > correponding change to usb-storage, not the change to uas, but it's
> > reasonable to think the effect would be the same.) So in line with the
>
> Yes.
>
> > no-regressions policy, we only need to revert the commit -- which you
> > have already done.
>
> But that breaks UAS over USBIP, doesn't it?
It was already broken to start with. The attempted fix caused a
regression, so the fix must be reverted.
> > On the other hand, the long-standing problem in USBIP can be fixed by
> > back-porting commit ea44d190764b. But since that commit isn't a
> > bug-fix (and since it's rather large), you may question whether it is
> > appropriate for the -stable kernel series.
>
> It certainly is large. But without it UAS won't work over USBIP, will
> it? I think that is the central question we need to answer here.
You are right. If Greg is okay with porting ea44d190764b to the stable
kernels, I won't object.
Alan Stern
^ permalink raw reply [flat|nested] 170+ messages in thread
* Re: [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
2019-11-10 15:34 ` Alan Stern
@ 2019-11-11 9:36 ` Greg Kroah-Hartman
0 siblings, 0 replies; 170+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-11 9:36 UTC (permalink / raw)
To: Alan Stern; +Cc: Oliver Neukum, linux-kernel, stable, Christoph Hellwig
On Sun, Nov 10, 2019 at 10:34:02AM -0500, Alan Stern wrote:
> On Sun, 10 Nov 2019, Oliver Neukum wrote:
>
> > Am Freitag, den 08.11.2019, 10:35 -0500 schrieb Alan Stern:
> > > On Fri, 8 Nov 2019, Greg Kroah-Hartman wrote:
> > >
> > > > On Thu, Nov 07, 2019 at 12:32:45PM +0100, Oliver Neukum wrote:
> > > > > Am Dienstag, den 05.11.2019, 17:38 +0100 schrieb Greg Kroah-Hartman:
> > > > > > > > Given this information, perhaps you will decide that the revert is
> > > > > > > > worthwhile.
> > > > > > >
> > > > > > > Damned if I do, damned if I do not.
> > > > > > > Check for usbip and special case it?
> > > > > >
> > > > > > We should be able to do that in the host controller driver for usbip,
> > > > > > right? What is the symptom if you use a UAS device with usbip and this
> > > > > > commit?
> > > > >
> > > > > Yes, that patch should then also be applied. Then it will work.
> > > > > Without it, commands will fail, as transfers will end prematurely.
> > > >
> > > > Ok, I'm confused now. I just checked, and I really have no idea what
> > > > needs to be backported anymore. 3ae62a42090f ("UAS: fix alignment of
> > > > scatter/gather segments") was backported to all of the stable kernels,
> > > > and now we reverted it.
> > > >
> > > > So what else needs to be done here?
> > >
> > > In one sense, nothing needs to be done. 3ae62a42090f was intended to
> > > fix a long-standing problem with USBIP, but people reported a
> >
> > OK, now I am a bit confused. AFAICT 3ae62a42090f actually did fix the
> > issue. So if you simply revert it, the issue will reappear.
>
> Correct. I think.
>
> > > regression in performance. (Admittedly, the report was about the
> > > correponding change to usb-storage, not the change to uas, but it's
> > > reasonable to think the effect would be the same.) So in line with the
> >
> > Yes.
> >
> > > no-regressions policy, we only need to revert the commit -- which you
> > > have already done.
> >
> > But that breaks UAS over USBIP, doesn't it?
>
> It was already broken to start with. The attempted fix caused a
> regression, so the fix must be reverted.
>
> > > On the other hand, the long-standing problem in USBIP can be fixed by
> > > back-porting commit ea44d190764b. But since that commit isn't a
> > > bug-fix (and since it's rather large), you may question whether it is
> > > appropriate for the -stable kernel series.
> >
> > It certainly is large. But without it UAS won't work over USBIP, will
> > it? I think that is the central question we need to answer here.
>
> You are right. If Greg is okay with porting ea44d190764b to the stable
> kernels, I won't object.
Ok, I've backported this to 4.14.y, 4.19.y, and 5.3.y. As superspeed
support was not added to vhci until the 4.13 release, I don't think that
UAS will be an issue on those older kernels.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 170+ messages in thread
end of thread, other threads:[~2019-11-11 9:36 UTC | newest]
Thread overview: 170+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-04 21:43 [PATCH 4.19 000/149] 4.19.82-stable review Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 001/149] zram: fix race between backing_dev_show and backing_dev_store Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 002/149] dm snapshot: introduce account_start_copy() and account_end_copy() Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 003/149] dm snapshot: rework COW throttling to fix deadlock Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 004/149] Btrfs: fix inode cache block reserve leak on failure to allocate data space Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 005/149] Btrfs: fix memory leak due to concurrent append writes with fiemap Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 006/149] btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 007/149] btrfs: tracepoints: Fix wrong parameter order for qgroup events Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 008/149] wil6210: fix freeing of rx buffers in EDMA mode Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 009/149] f2fs: flush quota blocks after turnning it off Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 010/149] scsi: lpfc: Fix a duplicate 0711 log message number Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 011/149] sc16is7xx: Fix for "Unexpected interrupt: 8" Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 012/149] powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 013/149] f2fs: fix to recover inodes i_gc_failures during POR Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 014/149] f2fs: fix to recover inode->i_flags of inode block " Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 015/149] HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 016/149] usb: dwc2: fix unbalanced use of external vbus-supply Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 017/149] tools/power turbostat: fix goldmont C-state limit decoding Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 018/149] x86/cpu: Add Atom Tremont (Jacobsville) Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 019/149] drm/msm/dpu: handle failures while initializing displays Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 020/149] bcache: fix input overflow to writeback_rate_minimum Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 021/149] PCI: Fix Switchtec DMA aliasing quirk dmesg noise Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 022/149] Btrfs: fix deadlock on tree root leaf when finding free extent Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 023/149] netfilter: ipset: Make invalid MAC address checks consistent Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 024/149] HID: i2c-hid: Disable runtime PM for LG touchscreen Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 025/149] HID: i2c-hid: Ignore input report if theres no data present on Elan touchpanels Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 026/149] HID: i2c-hid: Add Odys Winbook 13 to descriptor override Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 027/149] platform/x86: Add the VLV ISP PCI ID to atomisp2_pm Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 028/149] platform/x86: Fix config space access for intel_atomisp2_pm Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 029/149] ath10k: assign n_cipher_suites = 11 for WCN3990 to enable WPA3 Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 030/149] clk: boston: unregister clks on failure in clk_boston_setup() Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 031/149] scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 032/149] staging: mt7621-pinctrl: use pinconf-generic for dt_node_to_map and dt_free_map Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 033/149] HID: Add ASUS T100CHI keyboard dock battery quirks Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 034/149] NFSv4: Ensure that the state manager exits the loop on SIGKILL Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 035/149] HID: steam: fix boot loop with bluetooth firmware Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 036/149] HID: steam: fix deadlock with input devices Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 037/149] samples: bpf: fix: seg fault with NULL pointer arg Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 038/149] usb: dwc3: gadget: early giveback if End Transfer already completed Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 039/149] usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 040/149] ALSA: usb-audio: Cleanup DSD whitelist Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 041/149] usb: handle warm-reset port requests on hub resume Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 042/149] rtc: pcf8523: set xtal load capacitance from DT Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 043/149] arm64: Add MIDR encoding for HiSilicon Taishan CPUs Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 044/149] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 045/149] mlxsw: spectrum: Set LAG port collector only when active Greg Kroah-Hartman
2019-11-04 21:43 ` [PATCH 4.19 046/149] net: stmmac: Fix NAPI poll in TX path when in multi-queue Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 047/149] scsi: lpfc: Correct localport timeout duration error Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 048/149] CIFS: Respect SMB2 hdr preamble size in read responses Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 049/149] cifs: add credits from unmatched responses/messages Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 050/149] ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 051/149] media: vimc: Remove unused but set variables Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 052/149] ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 053/149] exec: load_script: Do not exec truncated interpreter path Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 054/149] net: dsa: mv88e6xxx: Release lock while requesting IRQ Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 055/149] PCI/PME: Fix possible use-after-free on remove Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 056/149] drm/amd/display: fix odm combine pipe reset Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 057/149] power: supply: max14656: fix potential use-after-free Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 058/149] iio: adc: meson_saradc: Fix memory allocation order Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 059/149] iio: fix center temperature of bmc150-accel-core Greg Kroah-Hartman
2019-11-06 9:41 ` Pavel Machek
2019-11-06 10:44 ` Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 060/149] libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 061/149] perf tests: Avoid raising SEGV using an obvious NULL dereference Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 062/149] perf map: Fix overlapped map handling Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 063/149] perf script brstackinsn: Fix recovery from LBR/binary mismatch Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 064/149] perf jevents: Fix period for Intel fixed counters Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 065/149] perf tools: Propagate get_cpuid() error Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 066/149] perf annotate: Propagate perf_env__arch() error Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 067/149] perf annotate: Fix the signedness of failure returns Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 068/149] perf annotate: Propagate the symbol__annotate() error return Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 069/149] perf annotate: Return appropriate error code for allocation failures Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 070/149] staging: rtl8188eu: fix null dereference when kzalloc fails Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 071/149] RDMA/hfi1: Prevent memory leak in sdma_init Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 072/149] RDMA/iwcm: Fix a lock inversion issue Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 073/149] HID: hyperv: Use in-place iterator API in the channel callback Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 074/149] nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 075/149] arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 076/149] tty: serial: owl: Fix the link time qualifier of owl_uart_exit() Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 077/149] tty: n_hdlc: fix build on SPARC Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 078/149] gpio: max77620: Use correct unit for debounce times Greg Kroah-Hartman
2019-11-06 19:01 ` Pavel Machek
2019-11-04 21:44 ` [PATCH 4.19 079/149] fs: cifs: mute -Wunused-const-variable message Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 080/149] serial: mctrl_gpio: Check for NULL pointer Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 081/149] efi/cper: Fix endianness of PCIe class code Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 082/149] efi/x86: Do not clean dummy variable in kexec path Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 083/149] MIPS: include: Mark __cmpxchg as __always_inline Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 084/149] x86/xen: Return from panic notifier Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 085/149] ocfs2: clear zero in unaligned direct IO Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 086/149] fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 087/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 088/149] fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 089/149] arm64: armv8_deprecated: Checking return value for memory allocation Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 090/149] x86/cpu: Add Comet Lake to the Intel CPU models header Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 091/149] sched/vtime: Fix guest/system mis-accounting on task switch Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 092/149] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 093/149] drm/amdgpu: fix memory leak Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 094/149] iio: imu: adis16400: release allocated memory on failure Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 095/149] MIPS: include: Mark __xchg as __always_inline Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 096/149] MIPS: fw: sni: Fix out of bounds init of o32 stack Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 097/149] virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 098/149] nbd: fix possible sysfs duplicate warning Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 099/149] NFSv4: Fix leak of clp->cl_acceptor string Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 100/149] s390/uaccess: avoid (false positive) compiler warnings Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 101/149] tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 102/149] ARM: 8914/1: NOMMU: Fix exc_ret for XIP Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 103/149] ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 104/149] iwlwifi: exclude GEO SAR support for 3168 Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 105/149] nbd: verify socket is supported during setup Greg Kroah-Hartman
2019-11-04 21:44 ` [PATCH 4.19 106/149] USB: legousbtower: fix a signedness bug in tower_probe() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 107/149] thunderbolt: Use 32-bit writes when writing ring producer/consumer Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 108/149] ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 109/149] fuse: flush dirty data/metadata before non-truncate setattr Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 110/149] fuse: truncate pending writes on O_TRUNC Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 111/149] ALSA: bebob: Fix prototype of helper function to return negative value Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 112/149] ALSA: hda/realtek - Fix 2 front mics of codec 0x623 Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 113/149] ALSA: hda/realtek - Add support for ALC623 Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 114/149] UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Greg Kroah-Hartman
2019-11-05 14:36 ` Oliver Neukum
2019-11-05 15:09 ` Alan Stern
2019-11-05 15:41 ` Oliver Neukum
2019-11-05 16:38 ` Greg Kroah-Hartman
2019-11-07 11:32 ` Oliver Neukum
2019-11-08 7:23 ` Greg Kroah-Hartman
2019-11-08 15:35 ` Alan Stern
2019-11-10 14:27 ` Oliver Neukum
2019-11-10 15:34 ` Alan Stern
2019-11-11 9:36 ` Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 115/149] USB: gadget: Reject endpoints with 0 maxpacket value Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 116/149] usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 117/149] USB: ldusb: fix ring-buffer locking Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 118/149] USB: ldusb: fix control-message timeout Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 119/149] usb: xhci: fix __le32/__le64 accessors in debugfs code Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 120/149] USB: serial: whiteheat: fix potential slab corruption Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 121/149] USB: serial: whiteheat: fix line-speed endianness Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 122/149] scsi: target: cxgbit: Fix cxgbit_fw4_ack() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 123/149] HID: i2c-hid: add Trekstor Primebook C11B to descriptor override Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 124/149] HID: Fix assumption that devices have inputs Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 125/149] HID: fix error message in hid_open_report() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 126/149] nl80211: fix validation of mesh path nexthop Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 127/149] s390/cmm: fix information leak in cmm_timeout_handler() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 128/149] s390/idle: fix cpu idle time calculation Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 129/149] arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 130/149] rtlwifi: Fix potential overflow on P2P code Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 131/149] dmaengine: qcom: bam_dma: Fix resource leak Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 132/149] dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 133/149] drm/amdgpu/powerplay/vega10: allow undervolting in p7 Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 134/149] NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 135/149] batman-adv: Avoid free/alloc race when handling OGM buffer Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 136/149] llc: fix sk_buff leak in llc_sap_state_process() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 137/149] llc: fix sk_buff leak in llc_conn_service() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 138/149] rxrpc: Fix call ref leak Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 139/149] rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 140/149] rxrpc: Fix trace-after-put looking at the put peer record Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 141/149] NFC: pn533: fix use-after-free and memleaks Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 142/149] bonding: fix potential NULL deref in bond_update_slave_arr Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 143/149] net: usb: sr9800: fix uninitialized local variable Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 144/149] sch_netem: fix rcu splat in netem_enqueue() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 145/149] ALSA: timer: Simplify error path in snd_timer_open() Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 146/149] ALSA: timer: Fix mutex deadlock at releasing card Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 147/149] ALSA: usb-audio: DSD auto-detection for Playback Designs Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 148/149] ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel Greg Kroah-Hartman
2019-11-04 21:45 ` [PATCH 4.19 149/149] ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface Greg Kroah-Hartman
2019-11-05 5:36 ` [PATCH 4.19 000/149] 4.19.82-stable review kernelci.org bot
2019-11-05 6:14 ` Naresh Kamboju
2019-11-05 14:25 ` Guenter Roeck
2019-11-05 16:52 ` shuah
2019-11-05 23:46 ` Jon Hunter
2019-11-05 23:46 ` Jon Hunter
2019-11-06 10:49 ` Greg Kroah-Hartman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.