* [PATCH 4.9 000/329] 4.9.104-stable review
@ 2018-05-28 9:58 Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 001/329] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
` (309 more replies)
0 siblings, 310 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 4.9.104 release.
There are 329 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed May 30 10:00:51 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.104-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.9.104-rc1
Randy Dunlap <rdunlap@infradead.org>
kdb: make "mdr" command repeat
Bjorn Andersson <bjorn.andersson@linaro.org>
pinctrl: msm: Use dynamic GPIO numbering
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
ARM: dts: porter: Fix HDMI output routing
Aapo Vienamo <aapo@tuxera.com>
ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
Charles Keepax <ckeepax@opensource.cirrus.com>
regmap: Correct comparison in regmap_cached
Richard Haines <richard_c_haines@btinternet.com>
netlabel: If PF_INET6, check sk_buff ip header version
Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
selftests/net: fixes psock_fanout eBPF test case
Jiri Olsa <jolsa@redhat.com>
perf report: Fix memory corruption in --branch-history mode --branch-history
Jiri Olsa <jolsa@kernel.org>
perf tests: Use arch__compare_symbol_names to compare symbols
Baoquan He <bhe@redhat.com>
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
Ørjan Eide <orjan.eide@arm.com>
drm/rockchip: Respect page offset for PRIME mmap calls
Joe Perches <joe@perches.com>
MIPS: Octeon: Fix logging messages with spurious periods after newlines
Takeshi Kihara <takeshi.kihara.df@renesas.com>
pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group
Tejun Heo <tj@kernel.org>
rcu: Call touch_nmi_watchdog() while printing stall warnings
Richard Guy Briggs <rgb@redhat.com>
audit: return on memory error to avoid null pointer dereference
Stefan Wahren <stefan.wahren@i2se.com>
ARM: dts: bcm283x: Fix probing of bcm2835-i2s
Jan Kara <jack@suse.cz>
udf: Provide saner default for invalid uid / gid
Thomas Vincent-Cross <me@tvc.id.au>
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: Reorder cpufreq_online() error code path
Niklas Cassel <niklas.cassel@axis.com>
net: stmmac: ensure that the MSS desc is the last desc to set the own bit
Niklas Cassel <niklas.cassel@axis.com>
net: stmmac: ensure that the device has released ownership before reading data
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
lionel.debieve@st.com <lionel.debieve@st.com>
hwrng: stm32 - add reset during probe
Govindarajulu Varadarajan <gvaradar@cisco.com>
enic: enable rq before updating rq descriptors
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
Qi Hou <qi.hou@windriver.com>
dmaengine: pl330: fix a race condition in case of threaded irqs
Takashi Iwai <tiwai@suse.de>
ALSA: vmaster: Propagate slave error
Ivan Gorinov <ivan.gorinov@intel.com>
x86/devicetree: Fix device IRQ settings in DT
Ivan Gorinov <ivan.gorinov@intel.com>
x86/devicetree: Initialize device tree before using it
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Fix fallocate chunk size
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: wcnss_ctrl: Fix increment in NV upload
Ilia Lin <ilialin@codeaurora.org>
arm64: dts: qcom: Fix SPI5 config on MSM8996
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix event update for auto-reload
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix large period handling on Broadwell CPUs
Maurizio Lombardi <mlombard@redhat.com>
cdrom: do not call check_disk_change() inside cdrom_open()
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Properly save/restore the PMU state in the NMI handler
Guenter Roeck <linux@roeck-us.net>
hwmon: (pmbus/adm1275) Accept negative page register values
Guenter Roeck <linux@roeck-us.net>
hwmon: (pmbus/max8688) Accept negative page register values
Eric Anholt <eric@anholt.net>
drm/panel: simple: Fix the bus format for the Ontat panel
Peter Zijlstra <peterz@infradead.org>
perf/core: Fix perf_output_read_group()
Chao Yu <yuchao0@huawei.com>
f2fs: fix to check extent cache in f2fs_drop_extent_tree
Mathieu Malaterre <malat@debian.org>
powerpc: Add missing prototype for arch_irq_work_raise()
Kamlakant Patel <kamlakant.patel@cavium.com>
ipmi_ssif: Fix kernel panic at msg_done_handler
Rafael J. Wysocki <rjw@rjwysocki.net>
PCI: Restore config space on runtime resume despite being unbound
Mathias Kresin <dev@kresin.me>
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
Christophe Jaillet <christophe.jaillet@wanadoo.fr>
spi: bcm-qspi: fIX some error handling paths
Christophe Jaillet <christophe.jaillet@wanadoo.fr>
regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
Parav Pandit <parav@mellanox.com>
IB/core: Honor port_num while resolving GID for IB link layer
Thomas Richter <tmricht@linux.vnet.ibm.com>
perf stat: Fix core dump when flag T is used
Yisheng Xie <xieyisheng1@huawei.com>
perf top: Fix top.call-graph config option reading
Vitaly Kuznetsov <vkuznets@redhat.com>
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
Gregory CLEMENT <gregory.clement@bootlin.com>
i2c: mv64xxx: Apply errata delay only in standard mode
Arjun Vynipadath <arjun@chelsio.com>
cxgb4: Fix queue free path of ULD drivers
Seunghun Han <kkamagui@gmail.com>
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
Erik Schmauss <erik.schmauss@intel.com>
ACPICA: Events: add a return on failure from acpi_hw_register_read
Coly Li <colyli@suse.de>
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
Michael Schmitz <schmitzmic@gmail.com>
zorro: Set up z->dev.dma_mask for the DMA API
Chunyu Hu <chuhu@redhat.com>
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
Philipp Puschmann <pp@emlix.com>
arm: dts: socfpga: fix GIC PPI warning
Jay Vosburgh <jay.vosburgh@canonical.com>
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
Petr Vorel <pvorel@suse.cz>
ima: Fallback to the builtin hash algorithm
Arjun Vynipadath <arjun@chelsio.com>
cxgb4: Setup FW queues before registering netdev
Karthikeyan Periyasamy <periyasa@codeaurora.org>
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
Leon Romanovsky <leonro@mellanox.com>
net/mlx5: Protect from command bit overflow
Michael Ellerman <mpe@ellerman.id.au>
selftests: Print the test we're running to /dev/kmsg
Frank Asseg <frank.asseg@objecthunter.net>
tools/thermal: tmon: fix for segfault
Michael Ellerman <mpe@ellerman.id.au>
powerpc/perf: Fix kernel address leak via sampling registers
Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
Guenter Roeck <linux@roeck-us.net>
hwmon: (nct6775) Fix writing pwmX_mode
Helge Deller <deller@gmx.de>
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
Greg Ungerer <gerg@linux-m68k.org>
m68k: set dma and coherent masks for platform FEC ethernets
Michael Ellerman <mpe@ellerman.id.au>
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
Lenny Szubowicz <lszubowi@redhat.com>
ACPI: acpi_pad: Fix memory leak in power saving threads
Aaro Koskinen <aaro.koskinen@iki.fi>
drivers: macintosh: rack-meter: really fix bogus memsets
Dan Carpenter <dan.carpenter@oracle.com>
xen/acpi: off by one in read_acpi_id()
David Howells <dhowells@redhat.com>
rxrpc: Don't treat call aborts as conn aborts
David Howells <dhowells@redhat.com>
rxrpc: Fix Tx ring annotation after initial Tx failure
Jeff Mahoney <jeffm@suse.com>
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
Filipe Manana <fdmanana@suse.com>
Btrfs: fix copy_items() return value when logging an inode
Qu Wenruo <wqu@suse.com>
btrfs: tests/qgroup: Fix wrong tree backref level
Florian Fainelli <f.fainelli@gmail.com>
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
David S. Miller <davem@davemloft.net>
sparc64: Make atomic_xchg() an inline function rather than a macro.
David Howells <dhowells@redhat.com>
fscache: Fix hanging wait on page discarded by writeback
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: VMX: raise internal error for exception during invalid protected mode state
Davidlohr Bueso <dave@stgolabs.net>
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
Jun Piao <piaojun@huawei.com>
ocfs2/dlm: don't handle migrate lockres if already in shutdown
Nikolay Borisov <nborisov@suse.com>
btrfs: Fix possible softlock on single core machines
Liu Bo <bo.liu@linux.alibaba.com>
Btrfs: fix NULL pointer dereference in log_dir_items
Liu Bo <bo.liu@linux.alibaba.com>
Btrfs: bail out on error during replay_dir_deletes
Huang Ying <ying.huang@intel.com>
mm: fix races between address_space dereference and free in page_evicatable
Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
mm/ksm: fix interaction with THP
Esben Haabendal <eha@deif.com>
dp83640: Ensure against premature access to PHY registers after reset
Shunyong Yang <shunyong.yang@hxt-semitech.com>
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
Carlos Maiolino <cmaiolino@redhat.com>
Force log to disk before reading the AGF during a fstrim
Jens Axboe <axboe@kernel.dk>
sr: get/drop reference to device in revalidate and check_events
Tom Abraham <tabraham@suse.com>
swap: divide-by-zero when zero length swap file on ssd
Danilo Krummrich <danilokrummrich@dk-develop.de>
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
Dave Hansen <dave.hansen@linux.intel.com>
x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
Joerg Roedel <joro@8bytes.org>
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
Johannes Thumshirn <jthumshirn@suse.de>
nvme: don't send keep-alives to the discovery controller
Rich Felker <dalias@libc.org>
sh: fix debug trap failure to process signals before return to user
Yelena Krivosheev <yelena@marvell.com>
net: mvneta: fix enable of all initialized RXQs
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
net: Fix untag for vlan packets without ethernet header
Vinayak Menon <vinmenon@codeaurora.org>
mm/kmemleak.c: wait for scan completion before disabling free
Jan Kiszka <jan.kiszka@siemens.com>
builddeb: Fix header package regarding dtc source links
Cong Wang <xiyou.wangcong@gmail.com>
llc: properly handle dev_queue_xmit() return value
Stephane Eranian <eranian@google.com>
perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
Pawel Dembicki <paweldembicki@gmail.com>
net: qmi_wwan: add BroadMobi BM806U 2020:2033
Jinbum Park <jinb.park7@gmail.com>
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: fix packet loss for broadcasted DHCP packets to a server
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: fix multicast-via-unicast transmission with AP isolation
Masami Hiramatsu <mhiramat@kernel.org>
selftests: ftrace: Add a testcase for probepoint
Masami Hiramatsu <mhiramat@kernel.org>
selftests: ftrace: Add a testcase for string type with kprobe_event
Masami Hiramatsu <mhiramat@kernel.org>
selftests: ftrace: Add probe event argument syntax testcase
David Rientjes <rientjes@google.com>
mm, thp: do not cause memcg oom for thp
Yisheng Xie <xieyisheng1@huawei.com>
mm/mempolicy.c: avoid use uninitialized preferred_node
Dan Carpenter <dan.carpenter@oracle.com>
macsec: missing dev_put() on error in macsec_newlink()
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix rc initialization on CNQ allocation failure
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: fix QP's ack timeout configuration
Chien Tin Tung <chien.tin.tung@intel.com>
RDMA/ucma: Correct option size check using optlen
Nicolas Pitre <nicolas.pitre@linaro.org>
kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
Stefan Wahren <stefan.wahren@i2se.com>
brcmfmac: Fix check for ISO3166 code
Song Liu <songliubraving@fb.com>
perf/cgroup: Fix child event counting bug
Stefano Brivio <sbrivio@redhat.com>
vti4: Don't override MTU passed on link creation via IFLA_MTU
Stefano Brivio <sbrivio@redhat.com>
vti4: Don't count header length twice on tunnel setup
Sven Eckelmann <sven@narfation.org>
batman-adv: Fix skbuff rcsum on packet reroute
Matthias Schiffer <mschiffer@universe-factory.net>
batman-adv: fix header size check in batadv_dbg_arp()
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
Rob Herring <robh@kernel.org>
microblaze: switch to NO_BOOTMEM
Lucas Stach <l.stach@pengutronix.de>
drm/imx: move arming of the vblank event to atomic_flush
Cathy Zhou <Cathy.Zhou@Oracle.COM>
sunvnet: does not support GSO for sctp
Sabrina Dubroca <sd@queasysnail.net>
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
Arvind Yadav <arvind.yadav.cs@gmail.com>
workqueue: use put_device() instead of kfree()
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
Florian Westphal <fw@strlen.de>
netfilter: ebtables: fix erroneous reject of last rule
Gregory CLEMENT <gregory.clement@bootlin.com>
dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
Marc Zyngier <marc.zyngier@arm.com>
arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
Arvind Yadav <arvind.yadav.cs@gmail.com>
xen: xenbus: use put_device() instead of kfree()
Parav Pandit <parav@mellanox.com>
IB/core: Fix possible crash to access NULL netdev
Jeremy Linton <jeremy.linton@arm.com>
net: smsc911x: Fix unload crash when link is up
Hemanth Puranik <hpuranik@codeaurora.org>
net: qcom/emac: Use proper free methods during TX
Denis Kirjanov <kda@linux-powerpc.org>
fsl/fman: avoid sleeping in atomic context while adding an address
Peter Malone <peter.malone@gmail.com>
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
Dan Carpenter <dan.carpenter@oracle.com>
IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
Jack M <jackm@dev.mellanox.co.il>
IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
Jack Morgenstein <jackm@dev.mellanox.co.il>
IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix iWARP write and send with immediate
Kalderon, Michal <Michal.Kalderon@cavium.com>
RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
Davidlohr Bueso <dave@stgolabs.net>
ia64/err-inject: Use get_user_pages_fast()
Pierre-Yves Kerbrat <pkerbrat@kalray.eu>
e1000e: allocate ring descriptors with dma_zalloc_coherent
Benjamin Poirier <bpoirier@suse.com>
e1000e: Fix check_for_link return value with autoneg off
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
Jayachandran C <jnair@caviumnetworks.com>
watchdog: sbsa: use 32-bit read for WCV
Igor Pylypiv <igor.pylypiv@gmail.com>
watchdog: f71808e_wdt: Fix magic close handling
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix TX of CCMP 256
Paul Mackerras <paulus@ozlabs.org>
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
Michael Ellerman <mpe@ellerman.id.au>
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
Filipe Manana <fdmanana@suse.com>
Btrfs: send, fix issuing write op when processing hole in no data mode
Giulio Benetti <giulio.benetti@micronovasrl.com>
drm/sun4i: Fix dclk_set_phase
Roger Pau Monne <roger.pau@citrix.com>
xen/pirq: fix error path cleanup when binding MSIs
Max Gurtovoy <maxg@mellanox.com>
nvmet: fix PSDT field check in command format
Joey Pabalinas <joeypabalinas@gmail.com>
net/tcp/illinois: replace broken algorithm reference link
Claudiu Manoil <claudiu.manoil@nxp.com>
gianfar: Fix Rx byte accounting for ndev stats
Guenter Roeck <linux@roeck-us.net>
powerpc/boot: Fix random libfdt related build errors
Florian Fainelli <f.fainelli@gmail.com>
ARM: dts: NSP: Fix amount of RAM on BCM958625HR
Xin Long <lucien.xin@gmail.com>
sit: fix IFLA_MTU ignored on NEWLINK
Xin Long <lucien.xin@gmail.com>
ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
Tang Junhui <tang.junhui@zte.com.cn>
bcache: fix kcrashes with fio in RAID5 backend dev
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
Dave Airlie <airlied@redhat.com>
virtio-gpu: fix ioctl and expose the fixed status to userspace.
Eric Dumazet <edumazet@google.com>
r8152: fix tx packets accounting
Ramon Fried <rfried@codeaurora.org>
qrtr: add MODULE_ALIAS macro to smd
David S. Miller <davem@davemloft.net>
ARM: orion5x: Revert commit 4904dbda41c8.
Chengguang Xu <cgxu519@icloud.com>
ceph: fix dentry leak when failing to init debugfs
Colin Ian King <colin.king@canonical.com>
clocksource/drivers/fsl_ftm_timer: Fix error return checking
Jianchao Wang <jianchao.w.wang@oracle.com>
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
Sven Eckelmann <sven@narfation.org>
batman-adv: Fix netlink dumping of BLA backbones
Sven Eckelmann <sven@narfation.org>
batman-adv: Fix netlink dumping of BLA claims
Sven Eckelmann <sven.eckelmann@openmesh.com>
batman-adv: Ignore invalid batadv_v_gw during netlink send
Sven Eckelmann <sven.eckelmann@openmesh.com>
batman-adv: Ignore invalid batadv_iv_gw during netlink send
Florian Westphal <fw@strlen.de>
netfilter: ebtables: convert BUG_ONs to WARN_ONs
Matthias Schiffer <mschiffer@universe-factory.net>
batman-adv: invalidate checksum on fragment reassembly
Matthias Schiffer <mschiffer@universe-factory.net>
batman-adv: fix packet checksum in receive path
Yufen Yu <yuyufen@huawei.com>
md/raid1: fix NULL pointer dereference
BingJing Chang <bingjingc@synology.com>
md: fix a potential deadlock of raid5/raid10 reshape
Will Deacon <will.deacon@arm.com>
fs: dcache: Use READ_ONCE when accessing i_dir_seq
Will Deacon <will.deacon@arm.com>
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
Sebastian Ott <sebott@linux.vnet.ibm.com>
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
Alexey Kodanev <alexey.kodanev@oracle.com>
macvlan: fix use-after-free in macvlan_common_newlink()
Pratyush Anand <panand@redhat.com>
arm64: fix unwind_frame() for filtered out fn for function graph tracing
Felix Fietkau <nbd@nbd.name>
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
Samuel Neves <sneves@dei.uc.pt>
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
Andrea Parri <parri.andrea@gmail.com>
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
Randy Dunlap <rdunlap@infradead.org>
integrity/security: fix digsig.c build error with header file
Johannes Berg <johannes.berg@intel.com>
regulatory: add NUL to request alpha2
Eric Dumazet <edumazet@google.com>
smsc75xx: fix smsc75xx_set_features()
Tony Lindgren <tony@atomide.com>
ARM: OMAP: Fix dmtimer init for omap1
Eric Biggers <ebiggers@google.com>
PKCS#7: fix direct verification of SignerInfo signature
Sebastian Ott <sebott@linux.vnet.ibm.com>
s390/cio: clear timer when terminating driver I/O
Sebastian Ott <sebott@linux.vnet.ibm.com>
s390/cio: fix return code after missing interrupt
Sebastian Ott <sebott@linux.vnet.ibm.com>
s390/cio: fix ccw_device_start_timeout API
Mark Lord <mlord@pobox.com>
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
David Rientjes <rientjes@google.com>
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
Arnd Bergmann <arnd@arndb.de>
md: raid5: avoid string overflow warning
Andrea Parri <parri.andrea@gmail.com>
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
Markus Elfring <elfring@users.sourceforge.net>
drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions
Wolfram Sang <wsa+renesas@sang-engineering.com>
drm/exynos: fix comparison to bitshift when dealing with a mask
Arnd Bergmann <arnd@arndb.de>
drm/exynos: g2d: use monotonic timestamps
Yufen Yu <yuyufen@huawei.com>
md raid10: fix NULL deference in handle_write_completed()
Ilan Peer <ilan.peer@intel.com>
mac80211: Do not disconnect on invalid operating class
Sara Sharon <sara.sharon@intel.com>
mac80211: fix calling sleeping function in atomic context
Sara Sharon <sara.sharon@intel.com>
mac80211: fix a possible leak of station stats
Felix Fietkau <nbd@nbd.name>
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
David Howells <dhowells@redhat.com>
rxrpc: Work around usercopy check
Kees Cook <keescook@chromium.org>
NFC: llcp: Limit size of SDP URI
Naftali Goldstein <naftali.goldstein@intel.com>
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
Sara Sharon <sara.sharon@intel.com>
iwlwifi: mvm: fix security bug in PN checking
Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
ibmvnic: Free RX socket buffer in case of adapter error
Geert Uytterhoeven <geert+renesas@glider.be>
ARM: OMAP1: clock: Fix debugfs_create_*() usage
Tony Lindgren <tony@atomide.com>
ARM: OMAP3: Fix prm wake interrupt for resume
Qi Hou <qi.hou@windriver.com>
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
Anders Roxell <anders.roxell@linaro.org>
selftests: memfd: add config fragment for fuse
Naresh Kamboju <naresh.kamboju@linaro.org>
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
Dong Bo <dongbo4@huawei.com>
libata: Fix compile warning with ATA_DEBUG enabled
Jason Wang <jasowang@redhat.com>
ptr_ring: prevent integer overflow when calculating size
Ulf Magnusson <ulfalizer@gmail.com>
ARC: Fix malformed ARC_EMUL_UNALIGNED default
Mark Salter <msalter@redhat.com>
irqchip/gic-v3: Change pr_debug message to pr_devel
Michael Kelley <mhkelley@outlook.com>
cpumask: Make for_each_cpu_wrap() available on UP as well
Stephen Boyd <sboyd@codeaurora.org>
irqchip/gic-v3: Ignore disabled ITS nodes
Will Deacon <will.deacon@arm.com>
locking/qspinlock: Ensure node->count is updated before initialising node
Jia Zhang <zhang.jia@linux.alibaba.com>
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
Daniel Borkmann <daniel@iogearbox.net>
bpf: fix rlimit in reuseport net selftest
Jesper Dangaard Brouer <brouer@redhat.com>
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
Tang Junhui <tang.junhui@zte.com.cn>
bcache: return attach error when no cache set exist
Tang Junhui <tang.junhui@zte.com.cn>
bcache: fix for data collapse after re-attaching an attached device
Tang Junhui <tang.junhui@zte.com.cn>
bcache: fix for allocator and register thread race
Coly Li <colyli@suse.de>
bcache: properly set task state in bch_writeback_thread()
Arnd Bergmann <arnd@arndb.de>
cifs: silence compiler warnings showing up with gcc-8.0.0
Alexey Dobriyan <adobriyan@gmail.com>
proc: fix /proc/*/map_files lookup
Will Deacon <will.deacon@arm.com>
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
Guanglei Li <guanglei.li@oracle.com>
RDS: IB: Fix null pointer issue
Ross Lagerwall <ross.lagerwall@citrix.com>
xen/grant-table: Use put_page instead of free_page
Ross Lagerwall <ross.lagerwall@citrix.com>
xen-netfront: Fix race between device setup and open
Matt Redfearn <matt.redfearn@mips.com>
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
James Hogan <jhogan@kernel.org>
MIPS: generic: Fix machine compatible matching
Yonghong Song <yhs@fb.com>
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
Hans de Goede <hdegoede@redhat.com>
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
Chen Yu <yu.c.chen@intel.com>
ACPI: processor_perflib: Do not send _PPC change notification if not ready
Jean Delvare <jdelvare@suse.de>
firmware: dmi_scan: Fix handling of empty DMI strings
Arnd Bergmann <arnd@arndb.de>
x86/power: Fix swsusp_arch_resume prototype
Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
Karol Herbst <kherbst@redhat.com>
drm/nouveau/pmu/fuc: don't use movw directly anymore
Alex Estrin <alex.estrin@intel.com>
IB/ipoib: Fix for potential no-carrier state
Ed Swierk <eswierk@skyportsystems.com>
openvswitch: Remove padding from packet before L3+ conntrack processing
shidao.ytt <shidao.ytt@alibaba-inc.com>
mm/fadvise: discard partial page if endbyte is also EOF
Mel Gorman <mgorman@techsingularity.net>
mm: pin address_space before dereferencing it while isolating an LRU page
Yang Shi <yang.s@alibaba-inc.com>
mm: thp: use down_read_trylock() in khugepaged to avoid long block
Nitin Gupta <nitin.m.gupta@oracle.com>
sparc64: update pmdp_invalidate() to return old pmd value
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
asm-generic: provide generic_pmdp_establish()
Yisheng Xie <xieyisheng1@huawei.com>
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
Yisheng Xie <xieyisheng1@huawei.com>
mm/mempolicy: fix the check of nodemask from user
piaojun <piaojun@huawei.com>
ocfs2: return error when we attempt to access a dirty bh in jbd2
piaojun <piaojun@huawei.com>
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
piaojun <piaojun@huawei.com>
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
KarimAllah Ahmed <karahmed@amazon.de>
kvm: Map PFN-type memory regions as writable (if possible)
Gustavo A. R. Silva <gustavo@embeddedor.com>
tcp_nv: fix potential integer overflow in tcpnv_acked
Andy Spencer <aspencer@spacex.com>
gianfar: prevent integer wrapping in the rx handler
Logan Gunthorpe <logang@deltatee.com>
ntb_transport: Fix bug with max_mw_size parameter
Leon Romanovsky <leonro@mellanox.com>
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
Michael Bringmann <mwb@linux.vnet.ibm.com>
powerpc/numa: Ensure nodes initialized for hotplug
Michael Bringmann <mwb@linux.vnet.ibm.com>
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
Jake Daryll Obina <jake.obina@gmail.com>
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
device property: Define type of PROPERTY_ENRTY_*() macros
Ngai-Mint Kwan <ngai-mint.kwan@intel.com>
fm10k: fix "failed to kill vid" message for VF
Dan Carpenter <dan.carpenter@oracle.com>
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
Anand Jain <Anand.Jain@oracle.com>
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
Liu Bo <bo.li.liu@oracle.com>
Btrfs: fix scrub to repair raid6 corruption
Nikolay Borisov <nborisov@suse.com>
btrfs: Fix out of bounds access in btrfs_search_slot
Liu Bo <bo.li.liu@oracle.com>
Btrfs: set plug for fsync
Wei Yongjun <weiyongjun1@huawei.com>
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
weiyongjun (A) <weiyongjun1@huawei.com>
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
Ulf Magnusson <ulfalizer@gmail.com>
kconfig: Fix expr_free() E_NOT leak
Ulf Magnusson <ulfalizer@gmail.com>
kconfig: Fix automatic menu creation mem leak
Ulf Magnusson <ulfalizer@gmail.com>
kconfig: Don't leak main menus during parsing
Guenter Roeck <linux@roeck-us.net>
watchdog: sp5100_tco: Fix watchdog disable bit
Jan Chochol <jan@chochol.info>
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
mulhern <amulhern@redhat.com>
dm thin: fix documentation relative to low water mark threshold
Peter Xu <peterx@redhat.com>
iommu/vt-d: Use domain instead of cache fetching
Thomas Richter <tmricht@linux.vnet.ibm.com>
perf record: Fix failed memory allocation for get_cpuid_str
Steven Rostedt (VMware) <rostedt@goodmis.org>
tools lib traceevent: Fix get_field_str() for dynamic strings
Arnaldo Carvalho de Melo <acme@redhat.com>
perf callchain: Fix attr.sample_max_stack setting
Steven Rostedt (VMware) <rostedt@goodmis.org>
tools lib traceevent: Simplify pointer print logic and fix %pF
Shiraz Saleem <shiraz.saleem@intel.com>
i40iw: Zero-out consumer key on allocate stag for FMR
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Input: psmouse - fix Synaptics detection when protocol is disabled
Alex Williamson <alex.williamson@redhat.com>
PCI: Add function 1 DMA alias quirk for Marvell 9128
Anna-Maria Gleixner <anna-maria@linutronix.de>
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
Paolo Bonzini <pbonzini@redhat.com>
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Use IS_REACHABLE() for dependency on input
NeilBrown <neilb@suse.com>
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
Peter Zijlstra <peterz@infradead.org>
x86/tsc: Allow TSC calibration without PIT
Hector Martin <marcan@marcan.st>
firewire-ohci: work around oversized DMA reads on JMicron controllers
Jim Mattson <jmattson@google.com>
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
Wei Huang <wei@redhat.com>
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
David Hildenbrand <david@redhat.com>
KVM: s390: vsie: fix < 8k check for the itdba
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
KVM/VMX: Expose SSBD properly to guests
zhongjiang <zhongjiang@huawei.com>
kernel/signal.c: avoid undefined behaviour in kill_something_info
Gustavo A. R. Silva <gustavo@embeddedor.com>
kernel/sys.c: fix potential Spectre v1 issue
David Hildenbrand <david@redhat.com>
kasan: fix memory hotplug during boot
Davidlohr Bueso <dave@stgolabs.net>
ipc/shm: fix shmat() nil address after round-down when remapping
Davidlohr Bueso <dave@stgolabs.net>
Revert "ipc/shm: Fix shmat mmap nil-page protection"
Michael J. Ruhl <michael.j.ruhl@intel.com>
IB/hfi1: Use after free race condition in send context error path
Thomas Hellstrom <thellstrom@vmware.com>
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
Joe Jin <joe.jin@oracle.com>
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
Sudip Mukherjee <sudipm.mukherjee@gmail.com>
libata: blacklist Micron 500IT SSD with MU01 firmware
Tejun Heo <tj@kernel.org>
libata: Blacklist some Sandisk SSDs for NCQ
Corneliu Doban <corneliu.doban@broadcom.com>
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
Srinath Mannam <srinath.mannam@broadcom.com>
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
Al Viro <viro@zeniv.linux.org.uk>
do d_instantiate/unlock_new_inode combinations safely
Ben Hutchings <ben.hutchings@codethink.co.uk>
ALSA: timer: Fix pause event notification
Al Viro <viro@zeniv.linux.org.uk>
aio: fix io_destroy(2) vs. lookup_ioctx() race
Al Viro <viro@zeniv.linux.org.uk>
affs_lookup(): close a race with affs_remove_link()
Colin Ian King <colin.king@canonical.com>
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
Maciej W. Rozycki <macro@mips.com>
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
Maciej W. Rozycki <macro@mips.com>
MIPS: ptrace: Expose FIR register through FP regset
NeilBrown <neil@brown.name>
MIPS: c-r4k: Fix data corruption related to cache coherence
-------------
Diffstat:
Documentation/device-mapper/thin-provisioning.txt | 8 +-
.../devicetree/bindings/dma/mv-xor-v2.txt | 6 +-
Makefile | 4 +-
arch/alpha/include/asm/xchg.h | 30 +-
arch/arc/Kconfig | 1 -
arch/arm/boot/dts/bcm283x.dtsi | 4 +-
arch/arm/boot/dts/bcm958625hr.dts | 2 +-
arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 52 +-
arch/arm/boot/dts/r8a7791-porter.dts | 2 +-
arch/arm/boot/dts/socfpga.dtsi | 2 +-
arch/arm/include/asm/vdso.h | 2 -
arch/arm/kernel/vdso.c | 12 +-
arch/arm/mach-omap1/clock.c | 6 +-
arch/arm/mach-omap2/pm.c | 4 +-
arch/arm/mach-omap2/timer.c | 19 +-
arch/arm/mach-orion5x/Kconfig | 3 -
arch/arm/mach-orion5x/dns323-setup.c | 53 +-
arch/arm/mach-orion5x/tsx09-common.c | 49 +-
arch/arm/plat-omap/dmtimer.c | 7 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 +-
arch/arm64/include/asm/spinlock.h | 4 +-
arch/arm64/include/asm/stacktrace.h | 2 +-
arch/arm64/kernel/cpu_errata.c | 4 +-
arch/arm64/kernel/stacktrace.c | 5 +
arch/arm64/kernel/time.c | 2 +-
arch/ia64/kernel/err_inject.c | 2 +-
arch/m68k/coldfire/device.c | 12 +-
arch/microblaze/Kconfig | 1 +
arch/microblaze/mm/init.c | 56 +-
arch/mips/cavium-octeon/octeon-irq.c | 10 +-
arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +-
arch/mips/include/asm/machine.h | 2 +-
arch/mips/kernel/ptrace.c | 22 +-
arch/mips/kernel/ptrace32.c | 4 +-
arch/mips/kvm/mips.c | 2 +-
arch/mips/mm/c-r4k.c | 9 +-
arch/mips/txx9/rbtx4939/setup.c | 4 +-
arch/powerpc/boot/Makefile | 3 +-
arch/powerpc/include/asm/irq_work.h | 1 +
arch/powerpc/kvm/book3s_hv.c | 12 +-
arch/powerpc/mm/numa.c | 78 +-
arch/powerpc/net/bpf_jit_comp.c | 3 +
arch/powerpc/perf/core-book3s.c | 25 +
arch/powerpc/sysdev/mpic.c | 2 +-
arch/s390/kvm/vsie.c | 2 +-
arch/sh/kernel/entry-common.S | 2 +-
arch/sparc/include/asm/atomic_64.h | 6 +-
arch/sparc/include/asm/pgtable_64.h | 2 +-
arch/sparc/mm/tlb.c | 23 +-
arch/x86/events/core.c | 15 +-
arch/x86/events/intel/core.c | 12 +-
arch/x86/events/intel/ds.c | 117 ++-
arch/x86/events/perf_event.h | 2 +-
arch/x86/include/asm/i8259.h | 5 +
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/devicetree.c | 21 +-
arch/x86/kernel/smpboot.c | 1 +
arch/x86/kernel/tsc.c | 18 +
arch/x86/kvm/cpuid.c | 7 +-
arch/x86/kvm/lapic.c | 10 +-
arch/x86/kvm/vmx.c | 20 +-
arch/x86/kvm/x86.c | 12 +-
arch/x86/mm/init_64.c | 3 +-
arch/x86/mm/pageattr.c | 6 +-
arch/x86/mm/pgtable.c | 9 +
arch/x86/power/hibernate_32.c | 2 +-
arch/x86/power/hibernate_64.c | 2 +-
crypto/asymmetric_keys/pkcs7_trust.c | 1 +
drivers/acpi/acpi_pad.c | 3 +
drivers/acpi/acpica/evevent.c | 9 +-
drivers/acpi/acpica/nseval.c | 8 +
drivers/acpi/processor_perflib.c | 2 +-
drivers/acpi/scan.c | 20 +-
drivers/ata/libata-core.c | 6 +
drivers/ata/libata-scsi.c | 2 +-
drivers/base/regmap/regmap.c | 2 +-
drivers/block/paride/pcd.c | 2 +
drivers/cdrom/cdrom.c | 3 -
drivers/cdrom/gdrom.c | 3 +
drivers/char/hw_random/stm32-rng.c | 9 +
drivers/char/ipmi/ipmi_powernv.c | 5 +-
drivers/char/ipmi/ipmi_ssif.c | 4 +-
drivers/clocksource/fsl_ftm_timer.c | 2 +-
drivers/cpufreq/cppc_cpufreq.c | 23 +-
drivers/cpufreq/cpufreq.c | 6 +-
drivers/dma/mv_xor_v2.c | 25 +-
drivers/dma/pl330.c | 6 +-
drivers/dma/qcom/bam_dma.c | 27 +-
drivers/dma/sh/rcar-dmac.c | 11 +-
drivers/firewire/ohci.c | 8 +-
drivers/firmware/dmi_scan.c | 22 +-
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 12 +-
drivers/gpu/drm/exynos/regs-fimc.h | 2 +-
drivers/gpu/drm/imx/ipuv3-crtc.c | 5 +
.../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++--------
.../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++--------
.../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++----------
.../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +-
drivers/gpu/drm/panel/panel-simple.c | 2 +-
drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 7 +-
drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 +-
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +-
drivers/gpu/drm/vmwgfx/vmwgfx_msg.h | 25 +-
drivers/hid/hid-roccat-kovaplus.c | 2 +
drivers/hwmon/nct6775.c | 10 +-
drivers/hwmon/pmbus/adm1275.c | 4 +-
drivers/hwmon/pmbus/max8688.c | 2 +-
drivers/i2c/busses/i2c-mv64xxx.c | 8 +-
drivers/ide/ide-cd.c | 2 +
drivers/infiniband/core/multicast.c | 26 +-
drivers/infiniband/core/sa_query.c | 7 +-
drivers/infiniband/core/ucma.c | 2 +-
drivers/infiniband/hw/hfi1/chip.c | 4 +
drivers/infiniband/hw/i40iw/i40iw_verbs.c | 1 +
drivers/infiniband/hw/mlx4/main.c | 11 +-
drivers/infiniband/hw/mlx5/qp.c | 9 +-
drivers/infiniband/hw/qedr/main.c | 3 +-
drivers/infiniband/hw/qedr/verbs.c | 38 +-
drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +
drivers/input/mouse/psmouse-base.c | 34 +-
drivers/iommu/intel-iommu.c | 3 +-
drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 +
drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 +
drivers/irqchip/irq-gic-v3-its.c | 2 +
drivers/irqchip/irq-gic-v3.c | 2 +-
drivers/macintosh/rack-meter.c | 4 +-
drivers/md/bcache/alloc.c | 4 +-
drivers/md/bcache/bcache.h | 2 +-
drivers/md/bcache/btree.c | 9 +-
drivers/md/bcache/request.c | 2 +-
drivers/md/bcache/super.c | 23 +-
drivers/md/bcache/sysfs.c | 11 +-
drivers/md/bcache/writeback.c | 27 +-
drivers/md/md.c | 13 +
drivers/md/raid1.c | 11 +
drivers/md/raid10.c | 14 +-
drivers/md/raid5.c | 15 +-
drivers/mmc/host/sdhci-iproc.c | 31 +-
drivers/net/ethernet/broadcom/bgmac.c | 3 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 11 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 1 +
drivers/net/ethernet/cisco/enic/enic_main.c | 10 +-
drivers/net/ethernet/freescale/fman/fman_dtsec.c | 2 +-
drivers/net/ethernet/freescale/gianfar.c | 16 +-
drivers/net/ethernet/ibm/ibmvnic.c | 1 +
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +-
drivers/net/ethernet/intel/e1000e/mac.c | 2 +-
drivers/net/ethernet/intel/e1000e/netdev.c | 4 +-
drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +-
drivers/net/ethernet/marvell/mvneta.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +-
drivers/net/ethernet/qualcomm/emac/emac-mac.c | 23 +-
drivers/net/ethernet/smsc/smsc911x.c | 4 +-
.../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 +-
drivers/net/ethernet/sun/sunvnet.c | 2 +-
drivers/net/macsec.c | 5 +-
drivers/net/macvlan.c | 2 +-
drivers/net/phy/dp83640.c | 18 +
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/usb/r8152.c | 2 +-
drivers/net/usb/smsc75xx.c | 7 +-
drivers/net/virtio_net.c | 2 +-
drivers/net/wireless/ath/ath10k/mac.c | 10 +
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +
drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 28 +-
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 39 +-
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 7 +-
drivers/net/wireless/mac80211_hwsim.c | 4 +-
drivers/net/xen-netfront.c | 46 +-
drivers/ntb/ntb_transport.c | 3 +
drivers/nvme/host/fabrics.c | 4 +-
drivers/nvme/host/pci.c | 5 +-
drivers/nvme/target/core.c | 9 +-
drivers/parisc/lba_pci.c | 20 +-
drivers/pci/pci-driver.c | 17 +-
drivers/pci/quirks.c | 5 +
drivers/pinctrl/qcom/pinctrl-msm.c | 2 +-
drivers/pinctrl/sh-pfc/pfc-r8a7796.c | 40 +-
drivers/regulator/gpio-regulator.c | 16 +-
drivers/regulator/of_regulator.c | 1 +
drivers/s390/cio/device_fsm.c | 7 +-
drivers/s390/cio/device_ops.c | 72 +-
drivers/s390/cio/io_sch.h | 1 +
drivers/scsi/sr.c | 21 +-
drivers/soc/qcom/wcnss_ctrl.c | 2 +-
drivers/spi/spi-bcm-qspi.c | 4 +-
.../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 +
drivers/video/fbdev/sbuslib.c | 4 +-
drivers/watchdog/f71808e_wdt.c | 3 +-
drivers/watchdog/sbsa_gwdt.c | 3 +-
drivers/watchdog/sp5100_tco.h | 2 +-
drivers/xen/events/events_base.c | 4 +-
drivers/xen/grant-table.c | 4 +-
drivers/xen/swiotlb-xen.c | 2 +-
drivers/xen/xen-acpi-processor.c | 6 +-
drivers/xen/xenbus/xenbus_probe.c | 5 +-
drivers/zorro/zorro.c | 12 +
fs/affs/namei.c | 10 +-
fs/aio.c | 4 +-
fs/btrfs/ctree.c | 12 +-
fs/btrfs/disk-io.c | 8 +-
fs/btrfs/extent-tree.c | 1 +
fs/btrfs/file.c | 9 +
fs/btrfs/inode.c | 16 +-
fs/btrfs/raid56.c | 18 +-
fs/btrfs/send.c | 3 +
fs/btrfs/tests/qgroup-tests.c | 2 +-
fs/btrfs/tree-log.c | 12 +-
fs/btrfs/volumes.c | 9 +-
fs/ceph/super.c | 16 +-
fs/cifs/cifssmb.c | 4 +-
fs/dcache.c | 32 +-
fs/ecryptfs/inode.c | 3 +-
fs/ext2/namei.c | 6 +-
fs/ext4/namei.c | 6 +-
fs/f2fs/extent_cache.c | 3 +
fs/f2fs/namei.c | 12 +-
fs/fscache/page.c | 13 +-
fs/gfs2/file.c | 5 +-
fs/gfs2/quota.h | 2 +
fs/jffs2/dir.c | 12 +-
fs/jffs2/fs.c | 1 -
fs/jfs/namei.c | 12 +-
fs/nfs/nfs4proc.c | 12 +-
fs/nfs/nfs4state.c | 5 +-
fs/nfs/nfs4sysctl.c | 2 +-
fs/nilfs2/namei.c | 6 +-
fs/ocfs2/acl.c | 6 +
fs/ocfs2/dlm/dlmdomain.c | 14 -
fs/ocfs2/dlm/dlmdomain.h | 25 +-
fs/ocfs2/dlm/dlmrecovery.c | 9 +
fs/ocfs2/journal.c | 23 +-
fs/ocfs2/super.c | 5 +-
fs/ocfs2/xattr.c | 2 +
fs/orangefs/namei.c | 9 +-
fs/proc/base.c | 29 +-
fs/proc/kcore.c | 4 +
fs/proc/proc_sysctl.c | 3 +
fs/reiserfs/namei.c | 12 +-
fs/udf/namei.c | 6 +-
fs/udf/super.c | 5 +-
fs/ufs/namei.c | 6 +-
fs/xfs/xfs_discard.c | 14 +-
include/asm-generic/pgtable.h | 15 +
include/linux/cpumask.h | 2 +
include/linux/dcache.h | 1 +
include/linux/kcore.h | 1 +
include/linux/kvm_host.h | 3 +-
include/linux/property.h | 10 +-
include/linux/ptr_ring.h | 2 +-
include/linux/suspend.h | 2 +
include/net/ip.h | 11 +-
include/net/ip_fib.h | 1 +
include/net/llc_conn.h | 2 +-
include/net/mac80211.h | 2 +-
include/net/regulatory.h | 2 +-
include/net/route.h | 3 +-
include/trace/events/timer.h | 20 +-
include/uapi/drm/virtgpu_drm.h | 1 +
include/uapi/linux/if_ether.h | 1 +
ipc/shm.c | 19 +-
kernel/audit.c | 2 +
kernel/debug/kdb/kdb_main.c | 27 +-
kernel/events/core.c | 24 +-
kernel/locking/qspinlock.c | 8 +
kernel/power/power.h | 3 -
kernel/rcu/tree_plugin.h | 14 +-
kernel/relay.c | 2 +-
kernel/sched/rt.c | 2 +
kernel/signal.c | 4 +
kernel/sys.c | 1 +
kernel/workqueue.c | 2 +-
lib/test_bpf.c | 31 +-
mm/fadvise.c | 10 +-
mm/huge_memory.c | 5 +-
mm/kasan/kasan.c | 2 +-
mm/khugepaged.c | 20 +-
mm/kmemleak.c | 12 +-
mm/ksm.c | 28 +
mm/mempolicy.c | 36 +-
mm/swapfile.c | 4 +
mm/vmscan.c | 22 +-
net/batman-adv/bat_iv_ogm.c | 2 +-
net/batman-adv/bat_v.c | 2 +-
net/batman-adv/bridge_loop_avoidance.c | 22 +-
net/batman-adv/distributed-arp-table.c | 2 +-
net/batman-adv/fragmentation.c | 3 +-
net/batman-adv/gateway_client.c | 3 +
net/batman-adv/multicast.c | 8 +-
net/batman-adv/routing.c | 15 +-
net/batman-adv/soft-interface.c | 8 +-
net/bridge/netfilter/ebtables.c | 33 +-
net/core/skbuff.c | 9 +-
net/ipv4/ip_vti.c | 2 -
net/ipv4/route.c | 26 +-
net/ipv4/tcp_illinois.c | 2 +-
net/ipv4/tcp_nv.c | 2 +-
net/ipv4/xfrm4_policy.c | 1 +
net/ipv6/ip6_tunnel.c | 12 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +-
net/ipv6/sit.c | 7 +
net/llc/llc_c_ac.c | 15 +-
net/llc/llc_conn.c | 32 +-
net/mac80211/rx.c | 2 +-
net/mac80211/spectmgmt.c | 7 +-
net/mac80211/sta_info.c | 3 +-
net/netlabel/netlabel_unlabeled.c | 10 +
net/nfc/llcp_commands.c | 4 +
net/nfc/netlink.c | 3 +-
net/openvswitch/conntrack.c | 34 +
net/qrtr/smd.c | 1 +
net/rds/ib.c | 3 +-
net/rxrpc/input.c | 15 +-
net/rxrpc/recvmsg.c | 5 +-
net/rxrpc/sendmsg.c | 4 +-
scripts/adjust_autoksyms.sh | 7 +
scripts/kconfig/expr.c | 2 +-
scripts/kconfig/menu.c | 1 +
scripts/kconfig/zconf.y | 33 +-
scripts/package/builddeb | 2 +-
security/integrity/digsig.c | 1 +
security/integrity/ima/ima_crypto.c | 2 +
security/integrity/ima/ima_main.c | 13 +
sound/core/timer.c | 4 +-
sound/core/vmaster.c | 5 +-
sound/pci/hda/Kconfig | 1 -
sound/pci/hda/patch_realtek.c | 5 +
tools/lib/bpf/libbpf.c | 26 +
tools/lib/traceevent/event-parse.c | 17 +-
tools/lib/traceevent/parse-filter.c | 10 +-
tools/perf/arch/x86/util/header.c | 2 +-
tools/perf/builtin-stat.c | 9 +-
tools/perf/builtin-top.c | 6 +-
tools/perf/tests/vmlinux-kallsyms.c | 2 +-
tools/perf/util/evsel.c | 8 +-
tools/perf/util/hist.c | 4 +-
tools/perf/util/hist.h | 1 -
tools/testing/selftests/Makefile | 1 +
.../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 +
.../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++
.../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 +
tools/testing/selftests/memfd/config | 1 +
tools/testing/selftests/net/psock_fanout.c | 3 +-
tools/testing/selftests/net/reuseport_bpf.c | 21 +-
tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 +
tools/testing/selftests/pstore/config | 1 +
tools/thermal/tmon/sysfs.c | 12 +-
tools/thermal/tmon/tmon.c | 1 -
virt/kvm/kvm_main.c | 7 +-
352 files changed, 3835 insertions(+), 2292 deletions(-)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 001/329] MIPS: c-r4k: Fix data corruption related to cache coherence
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 002/329] MIPS: ptrace: Expose FIR register through FP regset Greg Kroah-Hartman
` (308 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Ralf Baechle, Paul Burton,
linux-mips, James Hogan
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neil@brown.name>
commit 55a2aa08b3af519a9693f99cdf7fa6d8b62d9f65 upstream.
When DMA will be performed to a MIPS32 1004K CPS, the L1-cache for the
range needs to be flushed and invalidated first.
The code currently takes one of two approaches.
1/ If the range is less than the size of the dcache, then HIT type
requests flush/invalidate cache lines for the particular addresses.
HIT-type requests a globalised by the CPS so this is safe on SMP.
2/ If the range is larger than the size of dcache, then INDEX type
requests flush/invalidate the whole cache. INDEX type requests affect
the local cache only. CPS does not propagate them in any way. So this
invalidation is not safe on SMP CPS systems.
Data corruption due to '2' can quite easily be demonstrated by
repeatedly "echo 3 > /proc/sys/vm/drop_caches" and then sha1sum a file
that is several times the size of available memory. Dropping caches
means that large contiguous extents (large than dcache) are more likely.
This was not a problem before Linux-4.8 because option 2 was never used
if CONFIG_MIPS_CPS was defined. The commit which removed that apparently
didn't appreciate the full consequence of the change.
We could, in theory, globalize the INDEX based flush by sending an IPI
to other cores. These cache invalidation routines can be called with
interrupts disabled and synchronous IPI require interrupts to be
enabled. Asynchronous IPI may not trigger writeback soon enough. So we
cannot use IPI in practice.
We can already test if IPI would be needed for an INDEX operation with
r4k_op_needs_ipi(R4K_INDEX). If this is true then we mustn't try the
INDEX approach as we cannot use IPI. If this is false (e.g. when there
is only one core and hence one L1 cache) then it is safe to use the
INDEX approach without IPI.
This patch avoids options 2 if r4k_op_needs_ipi(R4K_INDEX), and so
eliminates the corruption.
Fixes: c00ab4896ed5 ("MIPS: Remove cpu_has_safe_index_cacheops")
Signed-off-by: NeilBrown <neil@brown.name>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 4.8+
Patchwork: https://patchwork.linux-mips.org/patch/19259/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/mm/c-r4k.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/arch/mips/mm/c-r4k.c
+++ b/arch/mips/mm/c-r4k.c
@@ -851,9 +851,12 @@ static void r4k_dma_cache_wback_inv(unsi
/*
* Either no secondary cache or the available caches don't have the
* subset property so we have to flush the primary caches
- * explicitly
+ * explicitly.
+ * If we would need IPI to perform an INDEX-type operation, then
+ * we have to use the HIT-type alternative as IPI cannot be used
+ * here due to interrupts possibly being disabled.
*/
- if (size >= dcache_size) {
+ if (!r4k_op_needs_ipi(R4K_INDEX) && size >= dcache_size) {
r4k_blast_dcache();
} else {
R4600_HIT_CACHEOP_WAR_IMPL;
@@ -890,7 +893,7 @@ static void r4k_dma_cache_inv(unsigned l
return;
}
- if (size >= dcache_size) {
+ if (!r4k_op_needs_ipi(R4K_INDEX) && size >= dcache_size) {
r4k_blast_dcache();
} else {
R4600_HIT_CACHEOP_WAR_IMPL;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 002/329] MIPS: ptrace: Expose FIR register through FP regset
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 001/329] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 003/329] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Greg Kroah-Hartman
` (307 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hogan, Maciej W. Rozycki,
Ralf Baechle, linux-mips
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@mips.com>
commit 71e909c0cdad28a1df1fa14442929e68615dee45 upstream.
Correct commit 7aeb753b5353 ("MIPS: Implement task_user_regset_view.")
and expose the FIR register using the unused 4 bytes at the end of the
NT_PRFPREG regset. Without that register included clients cannot use
the PTRACE_GETREGSET request to retrieve the complete FPU register set
and have to resort to one of the older interfaces, either PTRACE_PEEKUSR
or PTRACE_GETFPREGS, to retrieve the missing piece of data. Also the
register is irreversibly missing from core dumps.
This register is architecturally hardwired and read-only so the write
path does not matter. Ignore data supplied on writes then.
Fixes: 7aeb753b5353 ("MIPS: Implement task_user_regset_view.")
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Maciej W. Rozycki <macro@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 3.13+
Patchwork: https://patchwork.linux-mips.org/patch/19273/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/ptrace.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -483,7 +483,7 @@ static int fpr_get_msa(struct task_struc
/*
* Copy the floating-point context to the supplied NT_PRFPREG buffer.
* Choose the appropriate helper for general registers, and then copy
- * the FCSR register separately.
+ * the FCSR and FIR registers separately.
*/
static int fpr_get(struct task_struct *target,
const struct user_regset *regset,
@@ -491,6 +491,7 @@ static int fpr_get(struct task_struct *t
void *kbuf, void __user *ubuf)
{
const int fcr31_pos = NUM_FPU_REGS * sizeof(elf_fpreg_t);
+ const int fir_pos = fcr31_pos + sizeof(u32);
int err;
if (sizeof(target->thread.fpu.fpr[0]) == sizeof(elf_fpreg_t))
@@ -503,6 +504,12 @@ static int fpr_get(struct task_struct *t
err = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
&target->thread.fpu.fcr31,
fcr31_pos, fcr31_pos + sizeof(u32));
+ if (err)
+ return err;
+
+ err = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ &boot_cpu_data.fpu_id,
+ fir_pos, fir_pos + sizeof(u32));
return err;
}
@@ -551,7 +558,8 @@ static int fpr_set_msa(struct task_struc
/*
* Copy the supplied NT_PRFPREG buffer to the floating-point context.
* Choose the appropriate helper for general registers, and then copy
- * the FCSR register separately.
+ * the FCSR register separately. Ignore the incoming FIR register
+ * contents though, as the register is read-only.
*
* We optimize for the case where `count % sizeof(elf_fpreg_t) == 0',
* which is supposed to have been guaranteed by the kernel before
@@ -565,6 +573,7 @@ static int fpr_set(struct task_struct *t
const void *kbuf, const void __user *ubuf)
{
const int fcr31_pos = NUM_FPU_REGS * sizeof(elf_fpreg_t);
+ const int fir_pos = fcr31_pos + sizeof(u32);
u32 fcr31;
int err;
@@ -592,6 +601,11 @@ static int fpr_set(struct task_struct *t
ptrace_setfcr31(target, fcr31);
}
+ if (count > 0)
+ err = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
+ fir_pos,
+ fir_pos + sizeof(u32));
+
return err;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 003/329] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 001/329] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 002/329] MIPS: ptrace: Expose FIR register through FP regset Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 004/329] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" Greg Kroah-Hartman
` (306 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Ralf Baechle,
linux-mips, James Hogan
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maciej W. Rozycki <macro@mips.com>
commit 9a3a92ccfe3620743d4ae57c987dc8e9c5f88996 upstream.
Check the TIF_32BIT_FPREGS task setting of the tracee rather than the
tracer in determining the layout of floating-point general registers in
the floating-point context, correcting access to odd-numbered registers
for o32 tracees where the setting disagrees between the two processes.
Fixes: 597ce1723e0f ("MIPS: Support for 64-bit FP with O32 binaries")
Signed-off-by: Maciej W. Rozycki <macro@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 3.14+
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/ptrace.c | 4 ++--
arch/mips/kernel/ptrace32.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -827,7 +827,7 @@ long arch_ptrace(struct task_struct *chi
fregs = get_fpu_regs(child);
#ifdef CONFIG_32BIT
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
@@ -916,7 +916,7 @@ long arch_ptrace(struct task_struct *chi
init_fp_ctx(child);
#ifdef CONFIG_32BIT
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
--- a/arch/mips/kernel/ptrace32.c
+++ b/arch/mips/kernel/ptrace32.c
@@ -97,7 +97,7 @@ long compat_arch_ptrace(struct task_stru
break;
}
fregs = get_fpu_regs(child);
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
@@ -204,7 +204,7 @@ long compat_arch_ptrace(struct task_stru
sizeof(child->thread.fpu));
child->thread.fpu.fcr31 = 0;
}
- if (test_thread_flag(TIF_32BIT_FPREGS)) {
+ if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
/*
* The odd registers are actually the high
* order bits of the values stored in the even
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 004/329] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 003/329] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 005/329] affs_lookup(): close a race with affs_remove_link() Greg Kroah-Hartman
` (305 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Ralf Baechle,
linux-mips, kernel-janitors, James Hogan
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.king@canonical.com>
commit ba3696e94d9d590d9a7e55f68e81c25dba515191 upstream.
Trivial fix to spelling mistake in debugfs_entries text.
Fixes: 669e846e6c4e ("KVM/MIPS32: MIPS arch specific APIs for KVM")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kernel-janitors@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kvm/mips.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
@@ -42,7 +42,7 @@ struct kvm_stats_debugfs_item debugfs_en
{ "cache", VCPU_STAT(cache_exits), KVM_STAT_VCPU },
{ "signal", VCPU_STAT(signal_exits), KVM_STAT_VCPU },
{ "interrupt", VCPU_STAT(int_exits), KVM_STAT_VCPU },
- { "cop_unsuable", VCPU_STAT(cop_unusable_exits), KVM_STAT_VCPU },
+ { "cop_unusable", VCPU_STAT(cop_unusable_exits), KVM_STAT_VCPU },
{ "tlbmod", VCPU_STAT(tlbmod_exits), KVM_STAT_VCPU },
{ "tlbmiss_ld", VCPU_STAT(tlbmiss_ld_exits), KVM_STAT_VCPU },
{ "tlbmiss_st", VCPU_STAT(tlbmiss_st_exits), KVM_STAT_VCPU },
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 005/329] affs_lookup(): close a race with affs_remove_link()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 004/329] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 006/329] aio: fix io_destroy(2) vs. lookup_ioctx() race Greg Kroah-Hartman
` (304 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Sterba, Al Viro
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 30da870ce4a4e007c901858a96e9e394a1daa74a upstream.
we unlock the directory hash too early - if we are looking at secondary
link and primary (in another directory) gets removed just as we unlock,
we could have the old primary moved in place of the secondary, leaving
us to look into freed entry (and leaving our dentry with ->d_fsdata
pointing to a freed entry).
Cc: stable@vger.kernel.org # 2.4.4+
Acked-by: David Sterba <dsterba@suse.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/affs/namei.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -224,9 +224,10 @@ affs_lookup(struct inode *dir, struct de
affs_lock_dir(dir);
bh = affs_find_entry(dir, dentry);
- affs_unlock_dir(dir);
- if (IS_ERR(bh))
+ if (IS_ERR(bh)) {
+ affs_unlock_dir(dir);
return ERR_CAST(bh);
+ }
if (bh) {
u32 ino = bh->b_blocknr;
@@ -240,10 +241,13 @@ affs_lookup(struct inode *dir, struct de
}
affs_brelse(bh);
inode = affs_iget(sb, ino);
- if (IS_ERR(inode))
+ if (IS_ERR(inode)) {
+ affs_unlock_dir(dir);
return ERR_CAST(inode);
+ }
}
d_add(dentry, inode);
+ affs_unlock_dir(dir);
return NULL;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 006/329] aio: fix io_destroy(2) vs. lookup_ioctx() race
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 005/329] affs_lookup(): close a race with affs_remove_link() Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 007/329] ALSA: timer: Fix pause event notification Greg Kroah-Hartman
` (303 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit baf10564fbb66ea222cae66fbff11c444590ffd9 upstream.
kill_ioctx() used to have an explicit RCU delay between removing the
reference from ->ioctx_table and percpu_ref_kill() dropping the refcount.
At some point that delay had been removed, on the theory that
percpu_ref_kill() itself contained an RCU delay. Unfortunately, that was
the wrong kind of RCU delay and it didn't care about rcu_read_lock() used
by lookup_ioctx(). As the result, we could get ctx freed right under
lookup_ioctx(). Tejun has fixed that in a6d7cff472e ("fs/aio: Add explicit
RCU grace period when freeing kioctx"); however, that fix is not enough.
Suppose io_destroy() from one thread races with e.g. io_setup() from another;
CPU1 removes the reference from current->mm->ioctx_table[...] just as CPU2
has picked it (under rcu_read_lock()). Then CPU1 proceeds to drop the
refcount, getting it to 0 and triggering a call of free_ioctx_users(),
which proceeds to drop the secondary refcount and once that reaches zero
calls free_ioctx_reqs(). That does
INIT_RCU_WORK(&ctx->free_rwork, free_ioctx);
queue_rcu_work(system_wq, &ctx->free_rwork);
and schedules freeing the whole thing after RCU delay.
In the meanwhile CPU2 has gotten around to percpu_ref_get(), bumping the
refcount from 0 to 1 and returned the reference to io_setup().
Tejun's fix (that queue_rcu_work() in there) guarantees that ctx won't get
freed until after percpu_ref_get(). Sure, we'd increment the counter before
ctx can be freed. Now we are out of rcu_read_lock() and there's nothing to
stop freeing of the whole thing. Unfortunately, CPU2 assumes that since it
has grabbed the reference, ctx is *NOT* going away until it gets around to
dropping that reference.
The fix is obvious - use percpu_ref_tryget_live() and treat failure as miss.
It's not costlier than what we currently do in normal case, it's safe to
call since freeing *is* delayed and it closes the race window - either
lookup_ioctx() comes before percpu_ref_kill() (in which case ctx->users
won't reach 0 until the caller of lookup_ioctx() drops it) or lookup_ioctx()
fails, ctx->users is unaffected and caller of lookup_ioctx() doesn't see
the object in question at all.
Cc: stable@kernel.org
Fixes: a6d7cff472e "fs/aio: Add explicit RCU grace period when freeing kioctx"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/aio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1074,8 +1074,8 @@ static struct kioctx *lookup_ioctx(unsig
ctx = rcu_dereference(table->table[id]);
if (ctx && ctx->user_id == ctx_id) {
- percpu_ref_get(&ctx->users);
- ret = ctx;
+ if (percpu_ref_tryget_live(&ctx->users))
+ ret = ctx;
}
out:
rcu_read_unlock();
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 007/329] ALSA: timer: Fix pause event notification
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 006/329] aio: fix io_destroy(2) vs. lookup_ioctx() race Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 008/329] do d_instantiate/unlock_new_inode combinations safely Greg Kroah-Hartman
` (302 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Hutchings, Takashi Iwai
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben.hutchings@codethink.co.uk>
commit 3ae180972564846e6d794e3615e1ab0a1e6c4ef9 upstream.
Commit f65e0d299807 ("ALSA: timer: Call notifier in the same spinlock")
combined the start/continue and stop/pause functions, and in doing so
changed the event code for the pause case to SNDRV_TIMER_EVENT_CONTINUE.
Change it back to SNDRV_TIMER_EVENT_PAUSE.
Fixes: f65e0d299807 ("ALSA: timer: Call notifier in the same spinlock")
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/timer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -547,7 +547,7 @@ static int snd_timer_stop1(struct snd_ti
else
timeri->flags |= SNDRV_TIMER_IFLG_PAUSED;
snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
- SNDRV_TIMER_EVENT_CONTINUE);
+ SNDRV_TIMER_EVENT_PAUSE);
unlock:
spin_unlock_irqrestore(&timer->lock, flags);
return result;
@@ -569,7 +569,7 @@ static int snd_timer_stop_slave(struct s
list_del_init(&timeri->ack_list);
list_del_init(&timeri->active_list);
snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
- SNDRV_TIMER_EVENT_CONTINUE);
+ SNDRV_TIMER_EVENT_PAUSE);
spin_unlock(&timeri->timer->lock);
}
spin_unlock_irqrestore(&slave_active_lock, flags);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 008/329] do d_instantiate/unlock_new_inode combinations safely
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 007/329] ALSA: timer: Fix pause event notification Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 009/329] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v Greg Kroah-Hartman
` (301 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marshall, Andreas Dilger, Al Viro
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Al Viro <viro@zeniv.linux.org.uk>
commit 1e2e547a93a00ebc21582c06ca3c6cfea2a309ee upstream.
For anything NFS-exported we do _not_ want to unlock new inode
before it has grown an alias; original set of fixes got the
ordering right, but missed the nasty complication in case of
lockdep being enabled - unlock_new_inode() does
lockdep_annotate_inode_mutex_key(inode)
which can only be done before anyone gets a chance to touch
->i_mutex. Unfortunately, flipping the order and doing
unlock_new_inode() before d_instantiate() opens a window when
mkdir can race with open-by-fhandle on a guessed fhandle, leading
to multiple aliases for a directory inode and all the breakage
that follows from that.
Correct solution: a new primitive (d_instantiate_new())
combining these two in the right order - lockdep annotate, then
d_instantiate(), then the rest of unlock_new_inode(). All
combinations of d_instantiate() with unlock_new_inode() should
be converted to that.
Cc: stable@kernel.org # 2.6.29 and later
Tested-by: Mike Marshall <hubcap@omnibond.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 16 ++++------------
fs/dcache.c | 22 ++++++++++++++++++++++
fs/ecryptfs/inode.c | 3 +--
fs/ext2/namei.c | 6 ++----
fs/ext4/namei.c | 6 ++----
fs/f2fs/namei.c | 12 ++++--------
fs/jffs2/dir.c | 12 ++++--------
fs/jfs/namei.c | 12 ++++--------
fs/nilfs2/namei.c | 6 ++----
fs/orangefs/namei.c | 9 +++------
fs/reiserfs/namei.c | 12 ++++--------
fs/udf/namei.c | 6 ++----
fs/ufs/namei.c | 6 ++----
include/linux/dcache.h | 1 +
14 files changed, 57 insertions(+), 72 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -6491,8 +6491,7 @@ static int btrfs_mknod(struct inode *dir
goto out_unlock_inode;
} else {
btrfs_update_inode(trans, root, inode);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
}
out_unlock:
@@ -6567,8 +6566,7 @@ static int btrfs_create(struct inode *di
goto out_unlock_inode;
BTRFS_I(inode)->io_tree.ops = &btrfs_extent_io_ops;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
out_unlock:
btrfs_end_transaction(trans, root);
@@ -6711,12 +6709,7 @@ static int btrfs_mkdir(struct inode *dir
if (err)
goto out_fail_inode;
- d_instantiate(dentry, inode);
- /*
- * mkdir is special. We're unlocking after we call d_instantiate
- * to avoid a race with nfsd calling d_instantiate.
- */
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
drop_on_err = 0;
out_fail:
@@ -10354,8 +10347,7 @@ static int btrfs_symlink(struct inode *d
goto out_unlock_inode;
}
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
out_unlock:
btrfs_end_transaction(trans, root);
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1859,6 +1859,28 @@ void d_instantiate(struct dentry *entry,
}
EXPORT_SYMBOL(d_instantiate);
+/*
+ * This should be equivalent to d_instantiate() + unlock_new_inode(),
+ * with lockdep-related part of unlock_new_inode() done before
+ * anything else. Use that instead of open-coding d_instantiate()/
+ * unlock_new_inode() combinations.
+ */
+void d_instantiate_new(struct dentry *entry, struct inode *inode)
+{
+ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
+ BUG_ON(!inode);
+ lockdep_annotate_inode_mutex_key(inode);
+ security_d_instantiate(entry, inode);
+ spin_lock(&inode->i_lock);
+ __d_instantiate(entry, inode);
+ WARN_ON(!(inode->i_state & I_NEW));
+ inode->i_state &= ~I_NEW;
+ smp_mb();
+ wake_up_bit(&inode->i_state, __I_NEW);
+ spin_unlock(&inode->i_lock);
+}
+EXPORT_SYMBOL(d_instantiate_new);
+
/**
* d_instantiate_no_diralias - instantiate a non-aliased dentry
* @entry: dentry to complete
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -284,8 +284,7 @@ ecryptfs_create(struct inode *directory_
iget_failed(ecryptfs_inode);
goto out;
}
- unlock_new_inode(ecryptfs_inode);
- d_instantiate(ecryptfs_dentry, ecryptfs_inode);
+ d_instantiate_new(ecryptfs_dentry, ecryptfs_inode);
out:
return rc;
}
--- a/fs/ext2/namei.c
+++ b/fs/ext2/namei.c
@@ -40,8 +40,7 @@ static inline int ext2_add_nondir(struct
{
int err = ext2_add_link(dentry, inode);
if (!err) {
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
inode_dec_link_count(inode);
@@ -268,8 +267,7 @@ static int ext2_mkdir(struct inode * dir
if (err)
goto out_fail;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
out:
return err;
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2442,8 +2442,7 @@ static int ext4_add_nondir(handle_t *han
int err = ext4_add_entry(handle, dentry, inode);
if (!err) {
ext4_mark_inode_dirty(handle, inode);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
drop_nlink(inode);
@@ -2682,8 +2681,7 @@ out_clear_inode:
err = ext4_mark_inode_dirty(handle, dir);
if (err)
goto out_clear_inode;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
ext4_handle_sync(handle);
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -158,8 +158,7 @@ static int f2fs_create(struct inode *dir
alloc_nid_done(sbi, ino);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
f2fs_sync_fs(sbi->sb, 1);
@@ -464,8 +463,7 @@ static int f2fs_symlink(struct inode *di
err = page_symlink(inode, disk_link.name, disk_link.len);
err_out:
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
/*
* Let's flush symlink data in order to avoid broken symlink as much as
@@ -519,8 +517,7 @@ static int f2fs_mkdir(struct inode *dir,
alloc_nid_done(sbi, inode->i_ino);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
f2fs_sync_fs(sbi->sb, 1);
@@ -564,8 +561,7 @@ static int f2fs_mknod(struct inode *dir,
alloc_nid_done(sbi, inode->i_ino);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
if (IS_DIRSYNC(dir))
f2fs_sync_fs(sbi->sb, 1);
--- a/fs/jffs2/dir.c
+++ b/fs/jffs2/dir.c
@@ -209,8 +209,7 @@ static int jffs2_create(struct inode *di
__func__, inode->i_ino, inode->i_mode, inode->i_nlink,
f->inocache->pino_nlink, inode->i_mapping->nrpages);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
@@ -430,8 +429,7 @@ static int jffs2_symlink (struct inode *
mutex_unlock(&dir_f->sem);
jffs2_complete_reservation(c);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
@@ -575,8 +573,7 @@ static int jffs2_mkdir (struct inode *di
mutex_unlock(&dir_f->sem);
jffs2_complete_reservation(c);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
@@ -747,8 +744,7 @@ static int jffs2_mknod (struct inode *di
mutex_unlock(&dir_f->sem);
jffs2_complete_reservation(c);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
fail:
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -178,8 +178,7 @@ static int jfs_create(struct inode *dip,
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out2:
@@ -313,8 +312,7 @@ static int jfs_mkdir(struct inode *dip,
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out2:
@@ -1059,8 +1057,7 @@ static int jfs_symlink(struct inode *dip
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out2:
@@ -1447,8 +1444,7 @@ static int jfs_mknod(struct inode *dir,
unlock_new_inode(ip);
iput(ip);
} else {
- unlock_new_inode(ip);
- d_instantiate(dentry, ip);
+ d_instantiate_new(dentry, ip);
}
out1:
--- a/fs/nilfs2/namei.c
+++ b/fs/nilfs2/namei.c
@@ -46,8 +46,7 @@ static inline int nilfs_add_nondir(struc
int err = nilfs_add_link(dentry, inode);
if (!err) {
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
inode_dec_link_count(inode);
@@ -243,8 +242,7 @@ static int nilfs_mkdir(struct inode *dir
goto out_fail;
nilfs_mark_inode_dirty(inode);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
out:
if (!err)
err = nilfs_transaction_commit(dir->i_sb);
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -70,8 +70,7 @@ static int orangefs_create(struct inode
get_khandle_from_ino(inode),
dentry);
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
orangefs_set_timeout(dentry);
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
@@ -318,8 +317,7 @@ static int orangefs_symlink(struct inode
"Assigned symlink inode new number of %pU\n",
get_khandle_from_ino(inode));
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
orangefs_set_timeout(dentry);
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
@@ -382,8 +380,7 @@ static int orangefs_mkdir(struct inode *
"Assigned dir inode new number of %pU\n",
get_khandle_from_ino(inode));
- d_instantiate(dentry, inode);
- unlock_new_inode(inode);
+ d_instantiate_new(dentry, inode);
orangefs_set_timeout(dentry);
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -687,8 +687,7 @@ static int reiserfs_create(struct inode
reiserfs_update_inode_transaction(inode);
reiserfs_update_inode_transaction(dir);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
@@ -771,8 +770,7 @@ static int reiserfs_mknod(struct inode *
goto out_failed;
}
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
@@ -871,8 +869,7 @@ static int reiserfs_mkdir(struct inode *
/* the above add_entry did not update dir's stat data */
reiserfs_update_sd(&th, dir);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
reiserfs_write_unlock(dir->i_sb);
@@ -1187,8 +1184,7 @@ static int reiserfs_symlink(struct inode
goto out_failed;
}
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
retval = journal_end(&th);
out_failed:
reiserfs_write_unlock(parent_dir->i_sb);
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -621,8 +621,7 @@ static int udf_add_nondir(struct dentry
if (fibh.sbh != fibh.ebh)
brelse(fibh.ebh);
brelse(fibh.sbh);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
@@ -732,8 +731,7 @@ static int udf_mkdir(struct inode *dir,
inc_nlink(dir);
dir->i_ctime = dir->i_mtime = current_time(dir);
mark_inode_dirty(dir);
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
if (fibh.sbh != fibh.ebh)
brelse(fibh.ebh);
brelse(fibh.sbh);
--- a/fs/ufs/namei.c
+++ b/fs/ufs/namei.c
@@ -38,8 +38,7 @@ static inline int ufs_add_nondir(struct
{
int err = ufs_add_link(dentry, inode);
if (!err) {
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
}
inode_dec_link_count(inode);
@@ -192,8 +191,7 @@ static int ufs_mkdir(struct inode * dir,
if (err)
goto out_fail;
- unlock_new_inode(inode);
- d_instantiate(dentry, inode);
+ d_instantiate_new(dentry, inode);
return 0;
out_fail:
--- a/include/linux/dcache.h
+++ b/include/linux/dcache.h
@@ -219,6 +219,7 @@ extern seqlock_t rename_lock;
* These are the low-level FS interfaces to the dcache..
*/
extern void d_instantiate(struct dentry *, struct inode *);
+extern void d_instantiate_new(struct dentry *, struct inode *);
extern struct dentry * d_instantiate_unique(struct dentry *, struct inode *);
extern int d_instantiate_no_diralias(struct dentry *, struct inode *);
extern void __d_drop(struct dentry *dentry);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 009/329] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 008/329] do d_instantiate/unlock_new_inode combinations safely Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 010/329] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register Greg Kroah-Hartman
` (300 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinath Mannam, Scott Branden,
Ray Jui, Ulf Hansson
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinath Mannam <srinath.mannam@broadcom.com>
commit 4c94238f37af87a2165c3fb491b4a8b50e90649c upstream.
Remove hard coded mmc cap 1.8v from platform data as it is board specific.
The 1.8v DDR mmc caps can be enabled using DTS property for those
boards that support it.
Fixes: b17b4ab8ce38 ("mmc: sdhci-iproc: define MMC caps in platform data")
Signed-off-by: Srinath Mannam <srinath.mannam@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Cc: stable@vger.kernel.org # v4.8+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -176,7 +176,6 @@ static const struct sdhci_iproc_data ipr
.caps1 = SDHCI_DRIVER_TYPE_C |
SDHCI_DRIVER_TYPE_D |
SDHCI_SUPPORT_DDR50,
- .mmc_caps = MMC_CAP_1_8V_DDR,
};
static const struct sdhci_pltfm_data sdhci_bcm2835_pltfm_data = {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 010/329] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 009/329] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v Greg Kroah-Hartman
@ 2018-05-28 9:58 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 011/329] libata: Blacklist some Sandisk SSDs for NCQ Greg Kroah-Hartman
` (299 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corneliu Doban, Scott Branden, Ulf Hansson
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Corneliu Doban <corneliu.doban@broadcom.com>
commit 5f651b870485ee60f5abbbd85195a6852978894a upstream.
When the host controller accepts only 32bit writes, the value of the
16bit TRANSFER_MODE register, that has the same 32bit address as the
16bit COMMAND register, needs to be saved and it will be written
in a 32bit write together with the command as this will trigger the
host to send the command on the SD interface.
When sending the tuning command, TRANSFER_MODE is written and then
sdhci_set_transfer_mode reads it back to clear AUTO_CMD12 bit and
write it again resulting in wrong value to be written because the
initial write value was saved in a shadow and the read-back returned
a wrong value, from the register.
Fix sdhci_iproc_readw to return the saved value of TRANSFER_MODE
when a saved value exist.
Same fix for read of BLOCK_SIZE and BLOCK_COUNT registers, that are
saved for a different reason, although a scenario that will cause the
mentioned problem on this registers is not probable.
Fixes: b580c52d58d9 ("mmc: sdhci-iproc: add IPROC SDHCI driver")
Signed-off-by: Corneliu Doban <corneliu.doban@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-iproc.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
--- a/drivers/mmc/host/sdhci-iproc.c
+++ b/drivers/mmc/host/sdhci-iproc.c
@@ -33,6 +33,8 @@ struct sdhci_iproc_host {
const struct sdhci_iproc_data *data;
u32 shadow_cmd;
u32 shadow_blk;
+ bool is_cmd_shadowed;
+ bool is_blk_shadowed;
};
#define REG_OFFSET_IN_BITS(reg) ((reg) << 3 & 0x18)
@@ -48,8 +50,22 @@ static inline u32 sdhci_iproc_readl(stru
static u16 sdhci_iproc_readw(struct sdhci_host *host, int reg)
{
- u32 val = sdhci_iproc_readl(host, (reg & ~3));
- u16 word = val >> REG_OFFSET_IN_BITS(reg) & 0xffff;
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_iproc_host *iproc_host = sdhci_pltfm_priv(pltfm_host);
+ u32 val;
+ u16 word;
+
+ if ((reg == SDHCI_TRANSFER_MODE) && iproc_host->is_cmd_shadowed) {
+ /* Get the saved transfer mode */
+ val = iproc_host->shadow_cmd;
+ } else if ((reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) &&
+ iproc_host->is_blk_shadowed) {
+ /* Get the saved block info */
+ val = iproc_host->shadow_blk;
+ } else {
+ val = sdhci_iproc_readl(host, (reg & ~3));
+ }
+ word = val >> REG_OFFSET_IN_BITS(reg) & 0xffff;
return word;
}
@@ -105,13 +121,15 @@ static void sdhci_iproc_writew(struct sd
if (reg == SDHCI_COMMAND) {
/* Write the block now as we are issuing a command */
- if (iproc_host->shadow_blk != 0) {
+ if (iproc_host->is_blk_shadowed) {
sdhci_iproc_writel(host, iproc_host->shadow_blk,
SDHCI_BLOCK_SIZE);
- iproc_host->shadow_blk = 0;
+ iproc_host->is_blk_shadowed = false;
}
oldval = iproc_host->shadow_cmd;
- } else if (reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) {
+ iproc_host->is_cmd_shadowed = false;
+ } else if ((reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) &&
+ iproc_host->is_blk_shadowed) {
/* Block size and count are stored in shadow reg */
oldval = iproc_host->shadow_blk;
} else {
@@ -123,9 +141,11 @@ static void sdhci_iproc_writew(struct sd
if (reg == SDHCI_TRANSFER_MODE) {
/* Save the transfer mode until the command is issued */
iproc_host->shadow_cmd = newval;
+ iproc_host->is_cmd_shadowed = true;
} else if (reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) {
/* Save the block info until the command is issued */
iproc_host->shadow_blk = newval;
+ iproc_host->is_blk_shadowed = true;
} else {
/* Command or other regular 32-bit write */
sdhci_iproc_writel(host, newval, reg & ~3);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 011/329] libata: Blacklist some Sandisk SSDs for NCQ
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2018-05-28 9:58 ` [PATCH 4.9 010/329] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 012/329] libata: blacklist Micron 500IT SSD with MU01 firmware Greg Kroah-Hartman
` (298 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tejun Heo, Dave Jones
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 322579dcc865b94b47345ad1b6002ad167f85405 upstream.
Sandisk SSDs SD7SN6S256G and SD8SN8U256G are regularly locking up
regularly under sustained moderate load with NCQ enabled. Blacklist
for now.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4366,6 +4366,10 @@ static const struct ata_blacklist_entry
/* https://bugzilla.kernel.org/show_bug.cgi?id=15573 */
{ "C300-CTFDDAC128MAG", "0001", ATA_HORKAGE_NONCQ, },
+ /* Some Sandisk SSDs lock up hard with NCQ enabled. Reported on
+ SD7SN6S256G and SD8SN8U256G */
+ { "SanDisk SD[78]SN*G", NULL, ATA_HORKAGE_NONCQ, },
+
/* devices which puke on READ_NATIVE_MAX */
{ "HDS724040KLSA80", "KFAOA20N", ATA_HORKAGE_BROKEN_HPA, },
{ "WDC WD3200JD-00KLB0", "WD-WCAMR1130137", ATA_HORKAGE_BROKEN_HPA },
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 012/329] libata: blacklist Micron 500IT SSD with MU01 firmware
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 011/329] libata: Blacklist some Sandisk SSDs for NCQ Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 013/329] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Greg Kroah-Hartman
` (297 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin K. Petersen, Sudip Mukherjee,
Tejun Heo
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
commit 136d769e0b3475d71350aa3648a116a6ee7a8f6c upstream.
While whitelisting Micron M500DC drives, the tweaked blacklist entry
enabled queued TRIM from M500IT variants also. But these do not support
queued TRIM. And while using those SSDs with the latest kernel we have
seen errors and even the partition table getting corrupted.
Some part from the dmesg:
[ 6.727384] ata1.00: ATA-9: Micron_M500IT_MTFDDAK060MBD, MU01, max UDMA/133
[ 6.727390] ata1.00: 117231408 sectors, multi 16: LBA48 NCQ (depth 31/32), AA
[ 6.741026] ata1.00: supports DRM functions and may not be fully accessible
[ 6.759887] ata1.00: configured for UDMA/133
[ 6.762256] scsi 0:0:0:0: Direct-Access ATA Micron_M500IT_MT MU01 PQ: 0 ANSI: 5
and then for the error:
[ 120.860334] ata1.00: exception Emask 0x1 SAct 0x7ffc0007 SErr 0x0 action 0x6 frozen
[ 120.860338] ata1.00: irq_stat 0x40000008
[ 120.860342] ata1.00: failed command: SEND FPDMA QUEUED
[ 120.860351] ata1.00: cmd 64/01:00:00:00:00/00:00:00:00:00/a0 tag 0 ncq dma 512 out
res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x5 (timeout)
[ 120.860353] ata1.00: status: { DRDY }
[ 120.860543] ata1: hard resetting link
[ 121.166128] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 121.166376] ata1.00: supports DRM functions and may not be fully accessible
[ 121.186238] ata1.00: supports DRM functions and may not be fully accessible
[ 121.204445] ata1.00: configured for UDMA/133
[ 121.204454] ata1.00: device reported invalid CHS sector 0
[ 121.204541] sd 0:0:0:0: [sda] tag#18 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08
[ 121.204546] sd 0:0:0:0: [sda] tag#18 Sense Key : 0x5 [current]
[ 121.204550] sd 0:0:0:0: [sda] tag#18 ASC=0x21 ASCQ=0x4
[ 121.204555] sd 0:0:0:0: [sda] tag#18 CDB: opcode=0x93 93 08 00 00 00 00 00 04 28 80 00 00 00 30 00 00
[ 121.204559] print_req_error: I/O error, dev sda, sector 272512
After few reboots with these errors, and the SSD is corrupted.
After blacklisting it, the errors are not seen and the SSD does not get
corrupted any more.
Fixes: 243918be6393 ("libata: Do not blacklist Micron M500DC")
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4430,6 +4430,8 @@ static const struct ata_blacklist_entry
{ "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, },
/* devices that don't properly handle queued TRIM commands */
+ { "Micron_M500IT_*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
{ "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
ATA_HORKAGE_ZERO_AFTER_TRIM, },
{ "Crucial_CT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 013/329] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 012/329] libata: blacklist Micron 500IT SSD with MU01 firmware Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 014/329] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros Greg Kroah-Hartman
` (296 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Jin, John Sobecki, Rzeszutek Wilk
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Jin <joe.jin@oracle.com>
commit 4855c92dbb7b3b85c23e88ab7ca04f99b9677b41 upstream.
When run raidconfig from Dom0 we found that the Xen DMA heap is reduced,
but Dom Heap is increased by the same size. Tracing raidconfig we found
that the related ioctl() in megaraid_sas will call dma_alloc_coherent()
to apply memory. If the memory allocated by Dom0 is not in the DMA area,
it will exchange memory with Xen to meet the requiment. Later drivers
call dma_free_coherent() to free the memory, on xen_swiotlb_free_coherent()
the check condition (dev_addr + size - 1 <= dma_mask) is always false,
it prevents calling xen_destroy_contiguous_region() to return the memory
to the Xen DMA heap.
This issue introduced by commit 6810df88dcfc2 "xen-swiotlb: When doing
coherent alloc/dealloc check before swizzling the MFNs.".
Signed-off-by: Joe Jin <joe.jin@oracle.com>
Tested-by: John Sobecki <john.sobecki@oracle.com>
Reviewed-by: Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/swiotlb-xen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/xen/swiotlb-xen.c
+++ b/drivers/xen/swiotlb-xen.c
@@ -359,7 +359,7 @@ xen_swiotlb_free_coherent(struct device
* physical address */
phys = xen_bus_to_phys(dev_addr);
- if (((dev_addr + size - 1 > dma_mask)) ||
+ if (((dev_addr + size - 1 <= dma_mask)) ||
range_straddles_page_boundary(phys, size))
xen_destroy_contiguous_region(phys, order);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 014/329] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 013/329] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 015/329] IB/hfi1: Use after free race condition in send context error path Greg Kroah-Hartman
` (295 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Hellstrom, Brian Paul, Sinclair Yeh
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Hellstrom <thellstrom@vmware.com>
commit 938ae7259c908ad031da35d551da297640bb640c upstream.
Depending on whether the kernel is compiled with frame-pointer or not,
the temporary memory location used for the bp parameter in these macros
is referenced relative to the stack pointer or the frame pointer.
Hence we can never reference that parameter when we've modified either
the stack pointer or the frame pointer, because then the compiler would
generate an incorrect stack reference.
Fix this by pushing the temporary memory parameter on a known location on
the stack before modifying the stack- and frame pointers.
Cc: <stable@vger.kernel.org>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
Reviewed-by: Sinclair Yeh <syeh@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_msg.h | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.h
@@ -135,17 +135,24 @@
#else
-/* In the 32-bit version of this macro, we use "m" because there is no
- * more register left for bp
+/*
+ * In the 32-bit version of this macro, we store bp in a memory location
+ * because we've ran out of registers.
+ * Now we can't reference that memory location while we've modified
+ * %esp or %ebp, so we first push it on the stack, just before we push
+ * %ebp, and then when we need it we read it from the stack where we
+ * just pushed it.
*/
#define VMW_PORT_HB_OUT(cmd, in_ecx, in_si, in_di, \
port_num, magic, bp, \
eax, ebx, ecx, edx, si, di) \
({ \
- asm volatile ("push %%ebp;" \
- "mov %12, %%ebp;" \
+ asm volatile ("push %12;" \
+ "push %%ebp;" \
+ "mov 0x04(%%esp), %%ebp;" \
"rep outsb;" \
- "pop %%ebp;" : \
+ "pop %%ebp;" \
+ "add $0x04, %%esp;" : \
"=a"(eax), \
"=b"(ebx), \
"=c"(ecx), \
@@ -167,10 +174,12 @@
port_num, magic, bp, \
eax, ebx, ecx, edx, si, di) \
({ \
- asm volatile ("push %%ebp;" \
- "mov %12, %%ebp;" \
+ asm volatile ("push %12;" \
+ "push %%ebp;" \
+ "mov 0x04(%%esp), %%ebp;" \
"rep insb;" \
- "pop %%ebp" : \
+ "pop %%ebp;" \
+ "add $0x04, %%esp;" : \
"=a"(eax), \
"=b"(ebx), \
"=c"(ecx), \
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 015/329] IB/hfi1: Use after free race condition in send context error path
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 014/329] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 016/329] Revert "ipc/shm: Fix shmat mmap nil-page protection" Greg Kroah-Hartman
` (294 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Dennis Dalessandro,
Michael J. Ruhl, Doug Ledford
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael J. Ruhl <michael.j.ruhl@intel.com>
commit f9e76ca3771bf23d2142a81a88ddd8f31f5c4c03 upstream.
A pio send egress error can occur when the PSM library attempts to
to send a bad packet. That issue is still being investigated.
The pio error interrupt handler then attempts to progress the recovery
of the errored pio send context.
Code inspection reveals that the handling lacks the necessary locking
if that recovery interleaves with a PSM close of the "context" object
contains the pio send context.
The lack of the locking can cause the recovery to access the already
freed pio send context object and incorrectly deduce that the pio
send context is actually a kernel pio send context as shown by the
NULL deref stack below:
[<ffffffff8143d78c>] _dev_info+0x6c/0x90
[<ffffffffc0613230>] sc_restart+0x70/0x1f0 [hfi1]
[<ffffffff816ab124>] ? __schedule+0x424/0x9b0
[<ffffffffc06133c5>] sc_halted+0x15/0x20 [hfi1]
[<ffffffff810aa3ba>] process_one_work+0x17a/0x440
[<ffffffff810ab086>] worker_thread+0x126/0x3c0
[<ffffffff810aaf60>] ? manage_workers.isra.24+0x2a0/0x2a0
[<ffffffff810b252f>] kthread+0xcf/0xe0
[<ffffffff810b2460>] ? insert_kthread_work+0x40/0x40
[<ffffffff816b8798>] ret_from_fork+0x58/0x90
[<ffffffff810b2460>] ? insert_kthread_work+0x40/0x40
This is the best case scenario and other scenarios can corrupt the
already freed memory.
Fix by adding the necessary locking in the pio send context error
handler.
Cc: <stable@vger.kernel.org> # 4.9.x
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/chip.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/infiniband/hw/hfi1/chip.c
+++ b/drivers/infiniband/hw/hfi1/chip.c
@@ -5860,6 +5860,7 @@ static void is_sendctxt_err_int(struct h
u64 status;
u32 sw_index;
int i = 0;
+ unsigned long irq_flags;
sw_index = dd->hw_to_sw[hw_context];
if (sw_index >= dd->num_send_contexts) {
@@ -5869,10 +5870,12 @@ static void is_sendctxt_err_int(struct h
return;
}
sci = &dd->send_contexts[sw_index];
+ spin_lock_irqsave(&dd->sc_lock, irq_flags);
sc = sci->sc;
if (!sc) {
dd_dev_err(dd, "%s: context %u(%u): no sc?\n", __func__,
sw_index, hw_context);
+ spin_unlock_irqrestore(&dd->sc_lock, irq_flags);
return;
}
@@ -5894,6 +5897,7 @@ static void is_sendctxt_err_int(struct h
*/
if (sc->type != SC_USER)
queue_work(dd->pport->hfi1_wq, &sc->halt_work);
+ spin_unlock_irqrestore(&dd->sc_lock, irq_flags);
/*
* Update the counters for the corresponding status bits.
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 016/329] Revert "ipc/shm: Fix shmat mmap nil-page protection"
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 015/329] IB/hfi1: Use after free race condition in send context error path Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 017/329] ipc/shm: fix shmat() nil address after round-down when remapping Greg Kroah-Hartman
` (293 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Joe Lawrence,
Andrea Arcangeli, Manfred Spraul, Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
commit a73ab244f0dad8fffb3291b905f73e2d3eaa7c00 upstream.
Patch series "ipc/shm: shmat() fixes around nil-page".
These patches fix two issues reported[1] a while back by Joe and Andrea
around how shmat(2) behaves with nil-page.
The first reverts a commit that it was incorrectly thought that mapping
nil-page (address=0) was a no no with MAP_FIXED. This is not the case,
with the exception of SHM_REMAP; which is address in the second patch.
I chose two patches because it is easier to backport and it explicitly
reverts bogus behaviour. Both patches ought to be in -stable and ltp
testcases need updated (the added testcase around the cve can be
modified to just test for SHM_RND|SHM_REMAP).
[1] lkml.kernel.org/r/20180430172152.nfa564pvgpk3ut7p@linux-n805
This patch (of 2):
Commit 95e91b831f87 ("ipc/shm: Fix shmat mmap nil-page protection")
worked on the idea that we should not be mapping as root addr=0 and
MAP_FIXED. However, it was reported that this scenario is in fact
valid, thus making the patch both bogus and breaks userspace as well.
For example X11's libint10.so relies on shmat(1, SHM_RND) for lowmem
initialization[1].
[1] https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/os-support/linux/int10/linux.c#n347
Link: http://lkml.kernel.org/r/20180503203243.15045-2-dave@stgolabs.net
Fixes: 95e91b831f87 ("ipc/shm: Fix shmat mmap nil-page protection")
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
ipc/shm.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1127,13 +1127,8 @@ long do_shmat(int shmid, char __user *sh
goto out;
else if ((addr = (ulong)shmaddr)) {
if (addr & (shmlba - 1)) {
- /*
- * Round down to the nearest multiple of shmlba.
- * For sane do_mmap_pgoff() parameters, avoid
- * round downs that trigger nil-page and MAP_FIXED.
- */
- if ((shmflg & SHM_RND) && addr >= shmlba)
- addr &= ~(shmlba - 1);
+ if (shmflg & SHM_RND)
+ addr &= ~(shmlba - 1); /* round down */
else
#ifndef __ARCH_FORCE_SHMLBA
if (addr & ~PAGE_MASK)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 017/329] ipc/shm: fix shmat() nil address after round-down when remapping
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 016/329] Revert "ipc/shm: Fix shmat mmap nil-page protection" Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 018/329] kasan: fix memory hotplug during boot Greg Kroah-Hartman
` (292 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Andrea Arcangeli,
Joe Lawrence, Manfred Spraul, Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
commit 8f89c007b6dec16a1793cb88de88fcc02117bbbc upstream.
shmat()'s SHM_REMAP option forbids passing a nil address for; this is in
fact the very first thing we check for. Andrea reported that for
SHM_RND|SHM_REMAP cases we can end up bypassing the initial addr check,
but we need to check again if the address was rounded down to nil. As
of this patch, such cases will return -EINVAL.
Link: http://lkml.kernel.org/r/20180503204934.kk63josdu6u53fbd@linux-n805
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
ipc/shm.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1127,9 +1127,17 @@ long do_shmat(int shmid, char __user *sh
goto out;
else if ((addr = (ulong)shmaddr)) {
if (addr & (shmlba - 1)) {
- if (shmflg & SHM_RND)
+ if (shmflg & SHM_RND) {
addr &= ~(shmlba - 1); /* round down */
- else
+
+ /*
+ * Ensure that the round-down is non-nil
+ * when remapping. This can happen for
+ * cases when addr < shmlba.
+ */
+ if (!addr && (shmflg & SHM_REMAP))
+ goto out;
+ } else
#ifndef __ARCH_FORCE_SHMLBA
if (addr & ~PAGE_MASK)
#endif
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 018/329] kasan: fix memory hotplug during boot
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 017/329] ipc/shm: fix shmat() nil address after round-down when remapping Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 019/329] kernel/sys.c: fix potential Spectre v1 issue Greg Kroah-Hartman
` (291 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Hildenbrand, Andrey Ryabinin,
Alexander Potapenko, Dmitry Vyukov, Andrew Morton,
Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
commit 3f1959721558a976aaf9c2024d5bc884e6411bf7 upstream.
Using module_init() is wrong. E.g. ACPI adds and onlines memory before
our memory notifier gets registered.
This makes sure that ACPI memory detected during boot up will not result
in a kernel crash.
Easily reproducible with QEMU, just specify a DIMM when starting up.
Link: http://lkml.kernel.org/r/20180522100756.18478-3-david@redhat.com
Fixes: 786a8959912e ("kasan: disable memory hotplug")
Signed-off-by: David Hildenbrand <david@redhat.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kasan/kasan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -800,5 +800,5 @@ static int __init kasan_memhotplug_init(
return 0;
}
-module_init(kasan_memhotplug_init);
+core_initcall(kasan_memhotplug_init);
#endif
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 019/329] kernel/sys.c: fix potential Spectre v1 issue
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 018/329] kasan: fix memory hotplug during boot Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 020/329] kernel/signal.c: avoid undefined behaviour in kill_something_info Greg Kroah-Hartman
` (290 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Andrew Morton,
Alexei Starovoitov, Dan Williams, Thomas Gleixner,
Peter Zijlstra, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavo@embeddedor.com>
commit 23d6aef74da86a33fa6bb75f79565e0a16ee97c2 upstream.
`resource' can be controlled by user-space, hence leading to a potential
exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
kernel/sys.c:1474 __do_compat_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap)
kernel/sys.c:1455 __do_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap)
Fix this by sanitizing *resource* before using it to index
current->signal->rlim
Notice that given that speculation windows are large, the policy is to
kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Link: http://lkml.kernel.org/r/20180515030038.GA11822@embeddedor.com
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sys.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1313,6 +1313,7 @@ SYSCALL_DEFINE2(old_getrlimit, unsigned
if (resource >= RLIM_NLIMITS)
return -EINVAL;
+ resource = array_index_nospec(resource, RLIM_NLIMITS);
task_lock(current->group_leader);
x = current->signal->rlim[resource];
task_unlock(current->group_leader);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 020/329] kernel/signal.c: avoid undefined behaviour in kill_something_info
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 019/329] kernel/sys.c: fix potential Spectre v1 issue Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 022/329] KVM: s390: vsie: fix < 8k check for the itdba Greg Kroah-Hartman
` (289 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, zhongjiang, Oleg Nesterov,
Michal Hocko, Vlastimil Babka, Xishi Qiu, Andrew Morton,
Linus Torvalds, Guenter Roeck
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: zhongjiang <zhongjiang@huawei.com>
commit 4ea77014af0d6205b05503d1c7aac6eace11d473 upstream.
When running kill(72057458746458112, 0) in userspace I hit the following
issue.
UBSAN: Undefined behaviour in kernel/signal.c:1462:11
negation of -2147483648 cannot be represented in type 'int':
CPU: 226 PID: 9849 Comm: test Tainted: G B ---- ------- 3.10.0-327.53.58.70.x86_64_ubsan+ #116
Hardware name: Huawei Technologies Co., Ltd. RH8100 V3/BC61PBIA, BIOS BLHSV028 11/11/2014
Call Trace:
dump_stack+0x19/0x1b
ubsan_epilogue+0xd/0x50
__ubsan_handle_negate_overflow+0x109/0x14e
SYSC_kill+0x43e/0x4d0
SyS_kill+0xe/0x10
system_call_fastpath+0x16/0x1b
Add code to avoid the UBSAN detection.
[akpm@linux-foundation.org: tweak comment]
Link: http://lkml.kernel.org/r/1496670008-59084-1-git-send-email-zhongjiang@huawei.com
Signed-off-by: zhongjiang <zhongjiang@huawei.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/signal.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1392,6 +1392,10 @@ static int kill_something_info(int sig,
return ret;
}
+ /* -INT_MIN is undefined. Exclude this case to avoid a UBSAN warning */
+ if (pid == INT_MIN)
+ return -ESRCH;
+
read_lock(&tasklist_lock);
if (pid != -1) {
ret = __kill_pgrp_info(sig, info,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 022/329] KVM: s390: vsie: fix < 8k check for the itdba
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 020/329] kernel/signal.c: avoid undefined behaviour in kill_something_info Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 025/329] firewire-ohci: work around oversized DMA reads on JMicron controllers Greg Kroah-Hartman
` (288 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Christian Borntraeger,
Janosch Frank, Cornelia Huck, David Hildenbrand
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
commit f4a551b72358facbbe5714248dff78404272feee upstream.
By missing an "L", we might detect some addresses to be <8k,
although they are not.
e.g. for itdba = 100001fff
!(gpa & ~0x1fffU) -> 1
!(gpa & ~0x1fffUL) -> 0
So we would report a SIE validity intercept although everything is fine.
Fixes: 166ecb3 ("KVM: s390: vsie: support transactional execution")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Cc: stable@vger.kernel.org # v4.8+
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kvm/vsie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -549,7 +549,7 @@ static int pin_blocks(struct kvm_vcpu *v
gpa = scb_o->itdba & ~0xffUL;
if (gpa && (scb_s->ecb & 0x10U)) {
- if (!(gpa & ~0x1fffU)) {
+ if (!(gpa & ~0x1fffUL)) {
rc = set_validity_icpt(scb_s, 0x0080U);
goto unpin;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 025/329] firewire-ohci: work around oversized DMA reads on JMicron controllers
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 022/329] KVM: s390: vsie: fix < 8k check for the itdba Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 026/329] x86/tsc: Allow TSC calibration without PIT Greg Kroah-Hartman
` (287 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hector Martin, Clemens Ladisch,
Stefan Richter, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hector Martin <marcan@marcan.st>
[ Upstream commit 188775181bc05f29372b305ef96485840e351fde ]
At least some JMicron controllers issue buggy oversized DMA reads when
fetching context descriptors, always fetching 0x20 bytes at once for
descriptors which are only 0x10 bytes long. This is often harmless, but
can cause page faults on modern systems with IOMMUs:
DMAR: [DMA Read] Request device [05:00.0] fault addr fff56000 [fault reason 06] PTE Read access is not set
firewire_ohci 0000:05:00.0: DMA context IT0 has stopped, error code: evt_descriptor_read
This works around the problem by always leaving 0x10 padding bytes at
the end of descriptor buffer pages, which should be harmless to do
unconditionally for controllers in case others have the same behavior.
Signed-off-by: Hector Martin <marcan@marcan.st>
Reviewed-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firewire/ohci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -1130,7 +1130,13 @@ static int context_add_buffer(struct con
return -ENOMEM;
offset = (void *)&desc->buffer - (void *)desc;
- desc->buffer_size = PAGE_SIZE - offset;
+ /*
+ * Some controllers, like JMicron ones, always issue 0x20-byte DMA reads
+ * for descriptors, even 0x10-byte ones. This can cause page faults when
+ * an IOMMU is in use and the oversized read crosses a page boundary.
+ * Work around this by always leaving at least 0x10 bytes of padding.
+ */
+ desc->buffer_size = PAGE_SIZE - offset - 0x10;
desc->buffer_bus = bus_addr + offset;
desc->used = 0;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 026/329] x86/tsc: Allow TSC calibration without PIT
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 025/329] firewire-ohci: work around oversized DMA reads on JMicron controllers Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 027/329] NFSv4: always set NFS_LOCK_LOST when a lock is lost Greg Kroah-Hartman
` (286 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Thomas Gleixner, len.brown, rui.zhang, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 30c7e5b123673d5e570e238dbada2fb68a87212c ]
Zhang Rui reported that a Surface Pro 4 will fail to boot with
lapic=notscdeadline. Part of the problem is that that machine doesn't have
a PIT.
If, for some reason, the TSC init has to fall back to TSC calibration, it
relies on the PIT to be present.
Allow TSC calibration to reliably fall back to HPET.
The below results in an accurate TSC measurement when forced on a IVB:
tsc: Unable to calibrate against PIT
tsc: No reference (HPET/PMTIMER) available
tsc: Unable to calibrate against PIT
tsc: using HPET reference calibration
tsc: Detected 2792.451 MHz processor
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: len.brown@intel.com
Cc: rui.zhang@intel.com
Link: https://lkml.kernel.org/r/20171222092243.333145937@infradead.org
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/i8259.h | 5 +++++
arch/x86/kernel/tsc.c | 18 ++++++++++++++++++
2 files changed, 23 insertions(+)
--- a/arch/x86/include/asm/i8259.h
+++ b/arch/x86/include/asm/i8259.h
@@ -68,6 +68,11 @@ struct legacy_pic {
extern struct legacy_pic *legacy_pic;
extern struct legacy_pic null_legacy_pic;
+static inline bool has_legacy_pic(void)
+{
+ return legacy_pic != &null_legacy_pic;
+}
+
static inline int nr_legacy_irqs(void)
{
return legacy_pic->nr_legacy_irqs;
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -24,6 +24,7 @@
#include <asm/geode.h>
#include <asm/apic.h>
#include <asm/intel-family.h>
+#include <asm/i8259.h>
unsigned int __read_mostly cpu_khz; /* TSC clocks / usec, not used here */
EXPORT_SYMBOL(cpu_khz);
@@ -456,6 +457,20 @@ static unsigned long pit_calibrate_tsc(u
unsigned long tscmin, tscmax;
int pitcnt;
+ if (!has_legacy_pic()) {
+ /*
+ * Relies on tsc_early_delay_calibrate() to have given us semi
+ * usable udelay(), wait for the same 50ms we would have with
+ * the PIT loop below.
+ */
+ udelay(10 * USEC_PER_MSEC);
+ udelay(10 * USEC_PER_MSEC);
+ udelay(10 * USEC_PER_MSEC);
+ udelay(10 * USEC_PER_MSEC);
+ udelay(10 * USEC_PER_MSEC);
+ return ULONG_MAX;
+ }
+
/* Set the Gate high, disable speaker */
outb((inb(0x61) & ~0x02) | 0x01, 0x61);
@@ -580,6 +595,9 @@ static unsigned long quick_pit_calibrate
u64 tsc, delta;
unsigned long d1, d2;
+ if (!has_legacy_pic())
+ return 0;
+
/* Set the Gate high, disable speaker */
outb((inb(0x61) & ~0x02) | 0x01, 0x61);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 027/329] NFSv4: always set NFS_LOCK_LOST when a lock is lost.
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 026/329] x86/tsc: Allow TSC calibration without PIT Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 028/329] ALSA: hda - Use IS_REACHABLE() for dependency on input Greg Kroah-Hartman
` (285 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Trond Myklebust, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.com>
[ Upstream commit dce2630c7da73b0634686bca557cc8945cc450c8 ]
There are 2 comments in the NFSv4 code which suggest that
SIGLOST should possibly be sent to a process. In these
cases a lock has been lost.
The current practice is to set NFS_LOCK_LOST so that
read/write returns EIO when a lock is lost.
So change these comments to code when sets NFS_LOCK_LOST.
One case is when lock recovery after apparent server restart
fails with NFS4ERR_DENIED, NFS4ERR_RECLAIM_BAD, or
NFS4ERRO_RECLAIM_CONFLICT. The other case is when a lock
attempt as part of lease recovery fails with NFS4ERR_DENIED.
In an ideal world, these should not happen. However I have
a packet trace showing an NFSv4.1 session getting
NFS4ERR_BADSESSION after an extended network parition. The
NFSv4.1 client treats this like server reboot until/unless
it get NFS4ERR_NO_GRACE, in which case it switches over to
"nograce" recovery mode. In this network trace, the client
attempts to recover a lock and the server (incorrectly)
reports NFS4ERR_DENIED rather than NFS4ERR_NO_GRACE. This
leads to the ineffective comment and the client then
continues to write using the OPEN stateid.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4proc.c | 12 ++++++++----
fs/nfs/nfs4state.c | 5 ++++-
2 files changed, 12 insertions(+), 5 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1934,7 +1934,7 @@ static int nfs4_open_reclaim(struct nfs4
return ret;
}
-static int nfs4_handle_delegation_recall_error(struct nfs_server *server, struct nfs4_state *state, const nfs4_stateid *stateid, int err)
+static int nfs4_handle_delegation_recall_error(struct nfs_server *server, struct nfs4_state *state, const nfs4_stateid *stateid, struct file_lock *fl, int err)
{
switch (err) {
default:
@@ -1981,7 +1981,11 @@ static int nfs4_handle_delegation_recall
return -EAGAIN;
case -ENOMEM:
case -NFS4ERR_DENIED:
- /* kill_proc(fl->fl_pid, SIGLOST, 1); */
+ if (fl) {
+ struct nfs4_lock_state *lsp = fl->fl_u.nfs4_fl.owner;
+ if (lsp)
+ set_bit(NFS_LOCK_LOST, &lsp->ls_flags);
+ }
return 0;
}
return err;
@@ -2017,7 +2021,7 @@ int nfs4_open_delegation_recall(struct n
err = nfs4_open_recover_helper(opendata, FMODE_READ);
}
nfs4_opendata_put(opendata);
- return nfs4_handle_delegation_recall_error(server, state, stateid, err);
+ return nfs4_handle_delegation_recall_error(server, state, stateid, NULL, err);
}
static void nfs4_open_confirm_prepare(struct rpc_task *task, void *calldata)
@@ -6499,7 +6503,7 @@ int nfs4_lock_delegation_recall(struct f
if (err != 0)
return err;
err = _nfs4_do_setlk(state, F_SETLK, fl, NFS_LOCK_NEW);
- return nfs4_handle_delegation_recall_error(server, state, stateid, err);
+ return nfs4_handle_delegation_recall_error(server, state, stateid, fl, err);
}
struct nfs_release_lockowner_data {
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1429,6 +1429,7 @@ static int nfs4_reclaim_locks(struct nfs
struct inode *inode = state->inode;
struct nfs_inode *nfsi = NFS_I(inode);
struct file_lock *fl;
+ struct nfs4_lock_state *lsp;
int status = 0;
struct file_lock_context *flctx = inode->i_flctx;
struct list_head *list;
@@ -1469,7 +1470,9 @@ restart:
case -NFS4ERR_DENIED:
case -NFS4ERR_RECLAIM_BAD:
case -NFS4ERR_RECLAIM_CONFLICT:
- /* kill_proc(fl->fl_pid, SIGLOST, 1); */
+ lsp = fl->fl_u.nfs4_fl.owner;
+ if (lsp)
+ set_bit(NFS_LOCK_LOST, &lsp->ls_flags);
status = 0;
}
spin_lock(&flctx->flc_lock);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 028/329] ALSA: hda - Use IS_REACHABLE() for dependency on input
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 027/329] NFSv4: always set NFS_LOCK_LOST when a lock is lost Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 030/329] netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 Greg Kroah-Hartman
` (284 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Takashi Iwai, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit c469652bb5e8fb715db7d152f46d33b3740c9b87 ]
The commit ffcd28d88e4f ("ALSA: hda - Select INPUT for Realtek
HD-audio codec") introduced the reverse-selection of CONFIG_INPUT for
Realtek codec in order to avoid the mess with dependency between
built-in and modules. Later on, we obtained IS_REACHABLE() macro
exactly for this kind of problems, and now we can remove th INPUT
selection in Kconfig and put IS_REACHABLE(INPUT) to the appropriate
places in the code, so that the driver doesn't need to select other
subsystem forcibly.
Fixes: ffcd28d88e4f ("ALSA: hda - Select INPUT for Realtek HD-audio codec")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # and build-tested
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/Kconfig | 1 -
sound/pci/hda/patch_realtek.c | 5 +++++
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/Kconfig
+++ b/sound/pci/hda/Kconfig
@@ -88,7 +88,6 @@ config SND_HDA_PATCH_LOADER
config SND_HDA_CODEC_REALTEK
tristate "Build Realtek HD-audio codec support"
select SND_HDA_GENERIC
- select INPUT
help
Say Y or M here to include Realtek HD-audio codec support in
snd-hda-intel driver, such as ALC880.
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3495,6 +3495,7 @@ static void alc280_fixup_hp_gpio4(struct
}
}
+#if IS_REACHABLE(INPUT)
static void gpio2_mic_hotkey_event(struct hda_codec *codec,
struct hda_jack_callback *event)
{
@@ -3627,6 +3628,10 @@ static void alc233_fixup_lenovo_line2_mi
spec->kb_dev = NULL;
}
}
+#else /* INPUT */
+#define alc280_fixup_hp_gpio2_mic_hotkey NULL
+#define alc233_fixup_lenovo_line2_mic_hotkey NULL
+#endif /* INPUT */
static void alc269_fixup_hp_line1_mic1_led(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 030/329] netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 028/329] ALSA: hda - Use IS_REACHABLE() for dependency on input Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 031/329] tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Greg Kroah-Hartman
` (283 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Subash Abhinov Kasiviswanathan,
Pablo Neira Ayuso, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
[ Upstream commit 83f1999caeb14e15df205e80d210699951733287 ]
ipv6_defrag pulls network headers before fragment header. In case of
an error, the netfilter layer is currently dropping these packets.
This results in failure of some IPv6 standards tests which passed on
older kernels due to the netfilter framework using cloning.
The test case run here is a check for ICMPv6 error message replies
when some invalid IPv6 fragments are sent. This specific test case is
listed in https://www.ipv6ready.org/docs/Core_Conformance_Latest.pdf
in the Extension Header Processing Order section.
A packet with unrecognized option Type 11 is sent and the test expects
an ICMP error in line with RFC2460 section 4.2 -
11 - discard the packet and, only if the packet's Destination
Address was not a multicast address, send an ICMP Parameter
Problem, Code 2, message to the packet's Source Address,
pointing to the unrecognized Option Type.
Since netfilter layer now drops all invalid IPv6 frag packets, we no
longer see the ICMP error message and fail the test case.
To fix this, save the transport header. If defrag is unable to process
the packet due to RFC2460, restore the transport header and allow packet
to be processed by stack. There is no change for other packet
processing paths.
Tested by confirming that stack sends an ICMP error when it receives
these packets. Also tested that fragmented ICMP pings succeed.
v1->v2: Instead of cloning always, save the transport_header and
restore it in case of this specific error. Update the title and
commit message accordingly.
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -230,7 +230,7 @@ static int nf_ct_frag6_queue(struct frag
if ((unsigned int)end > IPV6_MAXPLEN) {
pr_debug("offset is too large.\n");
- return -1;
+ return -EINVAL;
}
ecn = ip6_frag_ecn(ipv6_hdr(skb));
@@ -263,7 +263,7 @@ static int nf_ct_frag6_queue(struct frag
* this case. -DaveM
*/
pr_debug("end of fragment not rounded to 8 bytes.\n");
- return -1;
+ return -EPROTO;
}
if (end > fq->q.len) {
/* Some bits beyond end -> corruption. */
@@ -357,7 +357,7 @@ found:
discard_fq:
inet_frag_kill(&fq->q, &nf_frags);
err:
- return -1;
+ return -EINVAL;
}
/*
@@ -566,6 +566,7 @@ find_prev_fhdr(struct sk_buff *skb, u8 *
int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
{
+ u16 savethdr = skb->transport_header;
struct net_device *dev = skb->dev;
int fhoff, nhoff, ret;
struct frag_hdr *fhdr;
@@ -599,8 +600,12 @@ int nf_ct_frag6_gather(struct net *net,
spin_lock_bh(&fq->q.lock);
- if (nf_ct_frag6_queue(fq, skb, fhdr, nhoff) < 0) {
- ret = -EINVAL;
+ ret = nf_ct_frag6_queue(fq, skb, fhdr, nhoff);
+ if (ret < 0) {
+ if (ret == -EPROTO) {
+ skb->transport_header = savethdr;
+ ret = 0;
+ }
goto out_unlock;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 031/329] tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 030/329] netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 032/329] PCI: Add function 1 DMA alias quirk for Marvell 9128 Greg Kroah-Hartman
` (282 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anna-Maria Gleixner,
Christoph Hellwig, John Stultz, Linus Torvalds, Peter Zijlstra,
Thomas Gleixner, keescook, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anna-Maria Gleixner <anna-maria@linutronix.de>
[ Upstream commit 91633eed73a3ac37aaece5c8c1f93a18bae616a9 ]
So far only CLOCK_MONOTONIC and CLOCK_REALTIME were taken into account as
well as HRTIMER_MODE_ABS/REL in the hrtimer_init tracepoint. The query for
detecting the ABS or REL timer modes is not valid anymore, it got broken
by the introduction of HRTIMER_MODE_PINNED.
HRTIMER_MODE_PINNED is not evaluated in the hrtimer_init() call, but for the
sake of completeness print all given modes.
Signed-off-by: Anna-Maria Gleixner <anna-maria@linutronix.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: keescook@chromium.org
Link: http://lkml.kernel.org/r/20171221104205.7269-9-anna-maria@linutronix.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/trace/events/timer.h | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/include/trace/events/timer.h
+++ b/include/trace/events/timer.h
@@ -125,6 +125,20 @@ DEFINE_EVENT(timer_class, timer_cancel,
TP_ARGS(timer)
);
+#define decode_clockid(type) \
+ __print_symbolic(type, \
+ { CLOCK_REALTIME, "CLOCK_REALTIME" }, \
+ { CLOCK_MONOTONIC, "CLOCK_MONOTONIC" }, \
+ { CLOCK_BOOTTIME, "CLOCK_BOOTTIME" }, \
+ { CLOCK_TAI, "CLOCK_TAI" })
+
+#define decode_hrtimer_mode(mode) \
+ __print_symbolic(mode, \
+ { HRTIMER_MODE_ABS, "ABS" }, \
+ { HRTIMER_MODE_REL, "REL" }, \
+ { HRTIMER_MODE_ABS_PINNED, "ABS|PINNED" }, \
+ { HRTIMER_MODE_REL_PINNED, "REL|PINNED" })
+
/**
* hrtimer_init - called when the hrtimer is initialized
* @hrtimer: pointer to struct hrtimer
@@ -151,10 +165,8 @@ TRACE_EVENT(hrtimer_init,
),
TP_printk("hrtimer=%p clockid=%s mode=%s", __entry->hrtimer,
- __entry->clockid == CLOCK_REALTIME ?
- "CLOCK_REALTIME" : "CLOCK_MONOTONIC",
- __entry->mode == HRTIMER_MODE_ABS ?
- "HRTIMER_MODE_ABS" : "HRTIMER_MODE_REL")
+ decode_clockid(__entry->clockid),
+ decode_hrtimer_mode(__entry->mode))
);
/**
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 032/329] PCI: Add function 1 DMA alias quirk for Marvell 9128
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 031/329] tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 033/329] Input: psmouse - fix Synaptics detection when protocol is disabled Greg Kroah-Hartman
` (281 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Binarus, Alex Williamson,
Bjorn Helgaas, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
[ Upstream commit aa008206634363ef800fbd5f0262016c9ff81dea ]
The Marvell 9128 is the original device generating bug 42679, from which
many other Marvell DMA alias quirks have been sourced, but we didn't have
positive confirmation of the fix on 9128 until now.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=42679
Link: https://www.spinics.net/lists/kvm/msg161459.html
Reported-by: Binarus <lists@binarus.de>
Tested-by: Binarus <lists@binarus.de>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3857,6 +3857,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_M
quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9123,
quirk_dma_func1_alias);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128,
+ quirk_dma_func1_alias);
/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9130,
quirk_dma_func1_alias);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 033/329] Input: psmouse - fix Synaptics detection when protocol is disabled
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 032/329] PCI: Add function 1 DMA alias quirk for Marvell 9128 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 034/329] i40iw: Zero-out consumer key on allocate stag for FMR Greg Kroah-Hartman
` (280 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matteo Croce, Dmitry Torokhov, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 2bc4298f59d2f15175bb568e2d356b5912d0cdd9 ]
When Synaptics protocol is disabled, we still need to try and detect the
hardware, so we can switch to SMBus device if SMbus is detected, or we know
that it is Synaptics device and reset it properly for the bare PS/2
protocol.
Fixes: c378b5119eb0 ("Input: psmouse - factor out common protocol probing code")
Reported-by: Matteo Croce <mcroce@redhat.com>
Tested-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/psmouse-base.c | 34 +++++++++++++++++++++-------------
1 file changed, 21 insertions(+), 13 deletions(-)
--- a/drivers/input/mouse/psmouse-base.c
+++ b/drivers/input/mouse/psmouse-base.c
@@ -937,6 +937,21 @@ static void psmouse_apply_defaults(struc
psmouse->pt_deactivate = NULL;
}
+static bool psmouse_do_detect(int (*detect)(struct psmouse *, bool),
+ struct psmouse *psmouse, bool allow_passthrough,
+ bool set_properties)
+{
+ if (psmouse->ps2dev.serio->id.type == SERIO_PS_PSTHRU &&
+ !allow_passthrough) {
+ return false;
+ }
+
+ if (set_properties)
+ psmouse_apply_defaults(psmouse);
+
+ return detect(psmouse, set_properties) == 0;
+}
+
static bool psmouse_try_protocol(struct psmouse *psmouse,
enum psmouse_type type,
unsigned int *max_proto,
@@ -948,15 +963,8 @@ static bool psmouse_try_protocol(struct
if (!proto)
return false;
- if (psmouse->ps2dev.serio->id.type == SERIO_PS_PSTHRU &&
- !proto->try_passthru) {
- return false;
- }
-
- if (set_properties)
- psmouse_apply_defaults(psmouse);
-
- if (proto->detect(psmouse, set_properties) != 0)
+ if (!psmouse_do_detect(proto->detect, psmouse, proto->try_passthru,
+ set_properties))
return false;
if (set_properties && proto->init && init_allowed) {
@@ -988,8 +996,8 @@ static int psmouse_extensions(struct psm
* Always check for focaltech, this is safe as it uses pnp-id
* matching.
*/
- if (psmouse_try_protocol(psmouse, PSMOUSE_FOCALTECH,
- &max_proto, set_properties, false)) {
+ if (psmouse_do_detect(focaltech_detect,
+ psmouse, false, set_properties)) {
if (max_proto > PSMOUSE_IMEX &&
IS_ENABLED(CONFIG_MOUSE_PS2_FOCALTECH) &&
(!set_properties || focaltech_init(psmouse) == 0)) {
@@ -1035,8 +1043,8 @@ static int psmouse_extensions(struct psm
* probing for IntelliMouse.
*/
if (max_proto > PSMOUSE_PS2 &&
- psmouse_try_protocol(psmouse, PSMOUSE_SYNAPTICS, &max_proto,
- set_properties, false)) {
+ psmouse_do_detect(synaptics_detect,
+ psmouse, false, set_properties)) {
synaptics_hardware = true;
if (max_proto > PSMOUSE_IMEX) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 034/329] i40iw: Zero-out consumer key on allocate stag for FMR
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 033/329] Input: psmouse - fix Synaptics detection when protocol is disabled Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 035/329] tools lib traceevent: Simplify pointer print logic and fix %pF Greg Kroah-Hartman
` (279 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shiraz Saleem, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shiraz Saleem <shiraz.saleem@intel.com>
[ Upstream commit 6376e926af1a8661dd1b2e6d0896e07f84a35844 ]
If the application invalidates the MR before the FMR WR, HW parses the
consumer key portion of the stag and returns an invalid stag key
Asynchronous Event (AE) that tears down the QP.
Fix this by zeroing-out the consumer key portion of the allocated stag
returned to application for FMR.
Fixes: ee855d3b93f3 ("RDMA/i40iw: Add base memory management extensions")
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/i40iw/i40iw_verbs.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
@@ -1515,6 +1515,7 @@ static struct ib_mr *i40iw_alloc_mr(stru
err_code = -EOVERFLOW;
goto err;
}
+ stag &= ~I40IW_CQPSQ_STAG_KEY_MASK;
iwmr->stag = stag;
iwmr->ibmr.rkey = stag;
iwmr->ibmr.lkey = stag;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 035/329] tools lib traceevent: Simplify pointer print logic and fix %pF
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 034/329] i40iw: Zero-out consumer key on allocate stag for FMR Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 036/329] perf callchain: Fix attr.sample_max_stack setting Greg Kroah-Hartman
` (278 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Rostedt, Namhyung Kim,
Andrew Morton, Arnaldo Carvalho de Melo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
[ Upstream commit 38d70b7ca1769f26c0b79f3c08ff2cc949712b59 ]
When processing %pX in pretty_print(), simplify the logic slightly by
incrementing the ptr to the format string if isalnum(ptr[1]) is true.
This follows the logic a bit more closely to what is in the kernel.
Also, this fixes a small bug where %pF was not giving the offset of the
function.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: http://lkml.kernel.org/r/20180112004822.260262257@goodmis.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/lib/traceevent/event-parse.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -4927,21 +4927,22 @@ static void pretty_print(struct trace_se
else
ls = 2;
- if (*(ptr+1) == 'F' || *(ptr+1) == 'f' ||
- *(ptr+1) == 'S' || *(ptr+1) == 's') {
+ if (isalnum(ptr[1]))
ptr++;
+
+ if (*ptr == 'F' || *ptr == 'f' ||
+ *ptr == 'S' || *ptr == 's') {
show_func = *ptr;
- } else if (*(ptr+1) == 'M' || *(ptr+1) == 'm') {
- print_mac_arg(s, *(ptr+1), data, size, event, arg);
- ptr++;
+ } else if (*ptr == 'M' || *ptr == 'm') {
+ print_mac_arg(s, *ptr, data, size, event, arg);
arg = arg->next;
break;
- } else if (*(ptr+1) == 'I' || *(ptr+1) == 'i') {
+ } else if (*ptr == 'I' || *ptr == 'i') {
int n;
- n = print_ip_arg(s, ptr+1, data, size, event, arg);
+ n = print_ip_arg(s, ptr, data, size, event, arg);
if (n > 0) {
- ptr += n;
+ ptr += n - 1;
arg = arg->next;
break;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 036/329] perf callchain: Fix attr.sample_max_stack setting
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 035/329] tools lib traceevent: Simplify pointer print logic and fix %pF Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 037/329] tools lib traceevent: Fix get_field_str() for dynamic strings Greg Kroah-Hartman
` (277 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, David Ahern,
Hendrick Brueckner, Jiri Olsa, Namhyung Kim, Thomas Richter,
Wang Nan, Arnaldo Carvalho de Melo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 249d98e567e25dd03e015e2d31e1b7b9648f34df ]
When setting the "dwarf" unwinder for a specific event and not
specifying the max-stack, the attr.sample_max_stack ended up using an
uninitialized callchain_param.max_stack, fix it by using designated
initializers for that callchain_param variable, zeroing all non
explicitely initialized struct members.
Here is what happened:
# perf trace -vv --no-syscalls --max-stack 4 -e probe_libc:inet_pton/call-graph=dwarf/ ping -6 -c 1 ::1
callchain: type DWARF
callchain: stack dump size 8192
perf_event_attr:
type 2
size 112
config 0x730
{ sample_period, sample_freq } 1
sample_type IP|TID|TIME|ADDR|CALLCHAIN|CPU|PERIOD|RAW|REGS_USER|STACK_USER|DATA_SRC
exclude_callchain_user 1
{ wakeup_events, wakeup_watermark } 1
sample_regs_user 0xff0fff
sample_stack_user 8192
sample_max_stack 50656
sys_perf_event_open failed, error -75
Value too large for defined data type
# perf trace -vv --no-syscalls --max-stack 4 -e probe_libc:inet_pton/call-graph=dwarf/ ping -6 -c 1 ::1
callchain: type DWARF
callchain: stack dump size 8192
perf_event_attr:
type 2
size 112
config 0x730
sample_type IP|TID|TIME|ADDR|CALLCHAIN|CPU|PERIOD|RAW|REGS_USER|STACK_USER|DATA_SRC
exclude_callchain_user 1
sample_regs_user 0xff0fff
sample_stack_user 8192
sample_max_stack 30448
sys_perf_event_open failed, error -75
Value too large for defined data type
#
Now the attr.sample_max_stack is set to zero and the above works as
expected:
# perf trace --no-syscalls --max-stack 4 -e probe_libc:inet_pton/call-graph=dwarf/ ping -6 -c 1 ::1
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.072 ms
--- ::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms
0.000 probe_libc:inet_pton:(7feb7a998350))
__inet_pton (inlined)
gaih_inet.constprop.7 (/usr/lib64/libc-2.26.so)
__GI_getaddrinfo (inlined)
[0xffffaa39b6108f3f] (/usr/bin/ping)
#
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Hendrick Brueckner <brueckner@linux.vnet.ibm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Thomas Richter <tmricht@linux.vnet.ibm.com>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-is9tramondqa9jlxxsgcm9iz@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/evsel.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -681,14 +681,14 @@ static void apply_config_terms(struct pe
struct perf_evsel_config_term *term;
struct list_head *config_terms = &evsel->config_terms;
struct perf_event_attr *attr = &evsel->attr;
- struct callchain_param param;
+ /* callgraph default */
+ struct callchain_param param = {
+ .record_mode = callchain_param.record_mode,
+ };
u32 dump_size = 0;
int max_stack = 0;
const char *callgraph_buf = NULL;
- /* callgraph default */
- param.record_mode = callchain_param.record_mode;
-
list_for_each_entry(term, config_terms, list) {
switch (term->type) {
case PERF_EVSEL__CONFIG_TERM_PERIOD:
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 037/329] tools lib traceevent: Fix get_field_str() for dynamic strings
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 036/329] perf callchain: Fix attr.sample_max_stack setting Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 038/329] perf record: Fix failed memory allocation for get_cpuid_str Greg Kroah-Hartman
` (276 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gopanapalli Pradeep, Steven Rostedt,
Namhyung Kim, Andrew Morton, Arnaldo Carvalho de Melo,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
[ Upstream commit d777f8de99b05d399c0e4e51cdce016f26bd971b ]
If a field is a dynamic string, get_field_str() returned just the
offset/size value and not the string. Have it parse the offset/size
correctly to return the actual string. Otherwise filtering fails when
trying to filter fields that are dynamic strings.
Reported-by: Gopanapalli Pradeep <prap_hai@yahoo.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: http://lkml.kernel.org/r/20180112004823.146333275@goodmis.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/lib/traceevent/parse-filter.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/tools/lib/traceevent/parse-filter.c
+++ b/tools/lib/traceevent/parse-filter.c
@@ -1879,17 +1879,25 @@ static const char *get_field_str(struct
struct pevent *pevent;
unsigned long long addr;
const char *val = NULL;
+ unsigned int size;
char hex[64];
/* If the field is not a string convert it */
if (arg->str.field->flags & FIELD_IS_STRING) {
val = record->data + arg->str.field->offset;
+ size = arg->str.field->size;
+
+ if (arg->str.field->flags & FIELD_IS_DYNAMIC) {
+ addr = *(unsigned int *)val;
+ val = record->data + (addr & 0xffff);
+ size = addr >> 16;
+ }
/*
* We need to copy the data since we can't be sure the field
* is null terminated.
*/
- if (*(val + arg->str.field->size - 1)) {
+ if (*(val + size - 1)) {
/* copy it */
memcpy(arg->str.buffer, val, arg->str.field->size);
/* the buffer is already NULL terminated */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 038/329] perf record: Fix failed memory allocation for get_cpuid_str
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 037/329] tools lib traceevent: Fix get_field_str() for dynamic strings Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 039/329] iommu/vt-d: Use domain instead of cache fetching Greg Kroah-Hartman
` (275 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Richter, Heiko Carstens,
Hendrik Brueckner, Martin Schwidefsky, Arnaldo Carvalho de Melo,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Richter <tmricht@linux.vnet.ibm.com>
[ Upstream commit 81fccd6ca507d3b2012eaf1edeb9b1dbf4bd22db ]
In x86 architecture dependend part function get_cpuid_str() mallocs a
128 byte buffer, but does not check if the memory allocation succeeded
or not.
When the memory allocation fails, function __get_cpuid() is called with
first parameter being a NULL pointer. However this function references
its first parameter and operates on a NULL pointer which might cause
core dumps.
Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Link: http://lkml.kernel.org/r/20180117131611.34319-1-tmricht@linux.vnet.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/arch/x86/util/header.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/arch/x86/util/header.c
+++ b/tools/perf/arch/x86/util/header.c
@@ -69,7 +69,7 @@ get_cpuid_str(void)
{
char *buf = malloc(128);
- if (__get_cpuid(buf, 128, "%s-%u-%X$") < 0) {
+ if (buf && __get_cpuid(buf, 128, "%s-%u-%X$") < 0) {
free(buf);
return NULL;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 039/329] iommu/vt-d: Use domain instead of cache fetching
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 038/329] perf record: Fix failed memory allocation for get_cpuid_str Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 040/329] dm thin: fix documentation relative to low water mark threshold Greg Kroah-Hartman
` (274 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Williamson, Peter Xu,
Joerg Roedel, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Xu <peterx@redhat.com>
[ Upstream commit 9d2e6505f6d6934e681aed502f566198cb25c74a ]
after commit a1ddcbe93010 ("iommu/vt-d: Pass dmar_domain directly into
iommu_flush_iotlb_psi", 2015-08-12), we have domain pointer as parameter
to iommu_flush_iotlb_psi(), so no need to fetch it from cache again.
More importantly, a NULL reference pointer bug is reported on RHEL7 (and
it can be reproduced on some old upstream kernels too, e.g., v4.13) by
unplugging an 40g nic from a VM (hard to test unplug on real host, but
it should be the same):
https://bugzilla.redhat.com/show_bug.cgi?id=1531367
[ 24.391863] pciehp 0000:00:03.0:pcie004: Slot(0): Attention button pressed
[ 24.393442] pciehp 0000:00:03.0:pcie004: Slot(0): Powering off due to button press
[ 29.721068] i40evf 0000:01:00.0: Unable to send opcode 2 to PF, err I40E_ERR_QUEUE_EMPTY, aq_err OK
[ 29.783557] iommu: Removing device 0000:01:00.0 from group 3
[ 29.784662] BUG: unable to handle kernel NULL pointer dereference at 0000000000000304
[ 29.785817] IP: iommu_flush_iotlb_psi+0xcf/0x120
[ 29.786486] PGD 0
[ 29.786487] P4D 0
[ 29.786812]
[ 29.787390] Oops: 0000 [#1] SMP
[ 29.787876] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_ng
[ 29.795371] CPU: 0 PID: 156 Comm: kworker/0:2 Not tainted 4.13.0 #14
[ 29.796366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.11.0-1.el7 04/01/2014
[ 29.797593] Workqueue: pciehp-0 pciehp_power_thread
[ 29.798328] task: ffff94f5745b4a00 task.stack: ffffb326805ac000
[ 29.799178] RIP: 0010:iommu_flush_iotlb_psi+0xcf/0x120
[ 29.799919] RSP: 0018:ffffb326805afbd0 EFLAGS: 00010086
[ 29.800666] RAX: ffff94f5bc56e800 RBX: 0000000000000000 RCX: 0000000200000025
[ 29.801667] RDX: ffff94f5bc56e000 RSI: 0000000000000082 RDI: 0000000000000000
[ 29.802755] RBP: ffffb326805afbf8 R08: 0000000000000000 R09: ffff94f5bc86bbf0
[ 29.803772] R10: ffffb326805afba8 R11: 00000000000ffdc4 R12: ffff94f5bc86a400
[ 29.804789] R13: 0000000000000000 R14: 00000000ffdc4000 R15: 0000000000000000
[ 29.805792] FS: 0000000000000000(0000) GS:ffff94f5bfc00000(0000) knlGS:0000000000000000
[ 29.806923] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.807736] CR2: 0000000000000304 CR3: 000000003499d000 CR4: 00000000000006f0
[ 29.808747] Call Trace:
[ 29.809156] flush_unmaps_timeout+0x126/0x1c0
[ 29.809800] domain_exit+0xd6/0x100
[ 29.810322] device_notifier+0x6b/0x70
[ 29.810902] notifier_call_chain+0x4a/0x70
[ 29.812822] __blocking_notifier_call_chain+0x47/0x60
[ 29.814499] blocking_notifier_call_chain+0x16/0x20
[ 29.816137] device_del+0x233/0x320
[ 29.817588] pci_remove_bus_device+0x6f/0x110
[ 29.819133] pci_stop_and_remove_bus_device+0x1a/0x20
[ 29.820817] pciehp_unconfigure_device+0x7a/0x1d0
[ 29.822434] pciehp_disable_slot+0x52/0xe0
[ 29.823931] pciehp_power_thread+0x8a/0xa0
[ 29.825411] process_one_work+0x18c/0x3a0
[ 29.826875] worker_thread+0x4e/0x3b0
[ 29.828263] kthread+0x109/0x140
[ 29.829564] ? process_one_work+0x3a0/0x3a0
[ 29.831081] ? kthread_park+0x60/0x60
[ 29.832464] ret_from_fork+0x25/0x30
[ 29.833794] Code: 85 ed 74 0b 5b 41 5c 41 5d 41 5e 41 5f 5d c3 49 8b 54 24 60 44 89 f8 0f b6 c4 48 8b 04 c2 48 85 c0 74 49 45 0f b6 ff 4a 8b 3c f8 <80> bf
[ 29.838514] RIP: iommu_flush_iotlb_psi+0xcf/0x120 RSP: ffffb326805afbd0
[ 29.840362] CR2: 0000000000000304
[ 29.841716] ---[ end trace b10ec0d6900868d3 ]---
This patch fixes that problem if applied to v4.13 kernel.
The bug does not exist on latest upstream kernel since it's fixed as a
side effect of commit 13cf01744608 ("iommu/vt-d: Make use of iova
deferred flushing", 2017-08-15). But IMHO it's still good to have this
patch upstream.
CC: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Fixes: a1ddcbe93010 ("iommu/vt-d: Pass dmar_domain directly into iommu_flush_iotlb_psi")
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/intel-iommu.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -1612,8 +1612,7 @@ static void iommu_flush_iotlb_psi(struct
* flush. However, device IOTLB doesn't need to be flushed in this case.
*/
if (!cap_caching_mode(iommu->cap) || !map)
- iommu_flush_dev_iotlb(get_iommu_domain(iommu, did),
- addr, mask);
+ iommu_flush_dev_iotlb(domain, addr, mask);
}
static void iommu_disable_protect_mem_regions(struct intel_iommu *iommu)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 040/329] dm thin: fix documentation relative to low water mark threshold
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 039/329] iommu/vt-d: Use domain instead of cache fetching Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 041/329] net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b Greg Kroah-Hartman
` (273 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, mulhern, Mike Snitzer, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: mulhern <amulhern@redhat.com>
[ Upstream commit 9b28a1102efc75d81298198166ead87d643a29ce ]
Fixes:
1. The use of "exceeds" when the opposite of exceeds, falls below,
was meant.
2. Properly speaking, a table can not exceed a threshold.
It emphasizes the important point, which is that it is the userspace
daemon's responsibility to check for low free space when a device
is resumed, since it won't get a special event indicating low free
space in that situation.
Signed-off-by: mulhern <amulhern@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/device-mapper/thin-provisioning.txt | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/Documentation/device-mapper/thin-provisioning.txt
+++ b/Documentation/device-mapper/thin-provisioning.txt
@@ -112,9 +112,11 @@ $low_water_mark is expressed in blocks o
free space on the data device drops below this level then a dm event
will be triggered which a userspace daemon should catch allowing it to
extend the pool device. Only one such event will be sent.
-Resuming a device with a new table itself triggers an event so the
-userspace daemon can use this to detect a situation where a new table
-already exceeds the threshold.
+
+No special event is triggered if a just resumed device's free space is below
+the low water mark. However, resuming a device always triggers an
+event; a userspace daemon should verify that free space exceeds the low
+water mark when handling this event.
A low water mark for the metadata device is maintained in the kernel and
will trigger a dm event if free space on the metadata device drops below
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 041/329] net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 040/329] dm thin: fix documentation relative to low water mark threshold Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 042/329] net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Greg Kroah-Hartman
` (272 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emiliano Ingrassia,
Martin Blumenstingl, Jerome Brunet, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit 433c6cab9d298687c097f6ee82e49157044dc7c6 ]
Meson8b only supports MPLL2 as clock input. The rate of the MPLL2 clock
set by Odroid-C1's u-boot is close to (but not exactly) 500MHz. The
exact rate is 500002394Hz, which is calculated in
drivers/clk/meson/clk-mpll.c using the following formula:
DIV_ROUND_UP_ULL((u64)parent_rate * SDM_DEN, (SDM_DEN * n2) + sdm)
Odroid-C1's u-boot configures MPLL2 with the following values:
- SDM_DEN = 16384
- SDM = 1638
- N2 = 5
The 250MHz clock (m250_div) inside dwmac-meson8b driver is derived from
the MPLL2 clock. Due to MPLL2 running slightly faster than 500MHz the
common clock framework chooses a divider which is too big to generate
the 250MHz clock (a divider of 2 would be needed, but this is rounded up
to a divider of 3). This breaks the RTL8211F RGMII PHY on Odroid-C1
because it requires a (close to) 125MHz RGMII TX clock (on Gbit speeds,
the IP block internally divides that down to 25MHz on 100Mbit/s
connections and 2.5MHz on 10Mbit/s connections - we don't need any
special configuration for that).
Round the divider to the closest value to prevent this issue on Meson8b.
This means we'll now end up with a clock rate for the RGMII TX clock of
125001197Hz (= 125MHz plus 1197Hz), which is close-enough to 125MHz.
This has no effect on the Meson GX SoCs since there fclk_div2 is used as
input clock, which has a rate of 1000MHz (and thus is divisible cleanly
to 250MHz and 125MHz).
Fixes: 566e8251625304 ("net: stmmac: add a glue driver for the Amlogic Meson 8b / GXBB DWMAC")
Reported-by: Emiliano Ingrassia <ingrassia@epigenesys.com>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Tested-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
@@ -146,7 +146,9 @@ static int meson8b_init_clk(struct meson
dwmac->m250_div.shift = PRG_ETH0_CLK_M250_DIV_SHIFT;
dwmac->m250_div.width = PRG_ETH0_CLK_M250_DIV_WIDTH;
dwmac->m250_div.hw.init = &init;
- dwmac->m250_div.flags = CLK_DIVIDER_ONE_BASED | CLK_DIVIDER_ALLOW_ZERO;
+ dwmac->m250_div.flags = CLK_DIVIDER_ONE_BASED |
+ CLK_DIVIDER_ALLOW_ZERO |
+ CLK_DIVIDER_ROUND_CLOSEST;
dwmac->m250_div_clk = devm_clk_register(dev, &dwmac->m250_div.hw);
if (WARN_ON(IS_ERR(dwmac->m250_div_clk)))
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 042/329] net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 041/329] net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 043/329] nfs: Do not convert nfs_idmap_cache_timeout to jiffies Greg Kroah-Hartman
` (271 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jerome Brunet, Martin Blumenstingl,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit fb7d38a70e1d8ffd54f7a7464dcc4889d7e490ad ]
On Meson8b the only valid input clock is MPLL2. The bootloader
configures that to run at 500002394Hz which cannot be divided evenly
down to 125MHz using the m250_div clock. Currently the common clock
framework chooses a m250_div of 2 - with the internal fixed
"divide by 10" this results in a RGMII TX clock of 125001197Hz (120Hz
above the requested 125MHz).
Letting the common clock framework propagate the rate changes up to the
parent of m250_mux allows us to get the best possible clock rate. With
this patch the common clock framework calculates a rate of
very-close-to-250MHz (249999701Hz to be exact) for the MPLL2 clock
(which is the mux input). Dividing that by 2 (which is an internal,
fixed divider for the RGMII TX clock) gives us an RGMII TX clock of
124999850Hz (which is only 150Hz off the requested 125MHz, compared to
1197Hz based on the MPLL2 rate set by u-boot and the Amlogic GPL kernel
sources).
SoCs from the Meson GX series are not affected by this change because
the input clock is FCLK_DIV2 whose rate cannot be changed (which is fine
since it's running at 1GHz, so it's already a multiple of 250MHz and
125MHz).
Fixes: 566e8251625304 ("net: stmmac: add a glue driver for the Amlogic Meson 8b / GXBB DWMAC")
Suggested-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Tested-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
@@ -118,7 +118,7 @@ static int meson8b_init_clk(struct meson
snprintf(clk_name, sizeof(clk_name), "%s#m250_sel", dev_name(dev));
init.name = clk_name;
init.ops = &clk_mux_ops;
- init.flags = 0;
+ init.flags = CLK_SET_RATE_PARENT;
init.parent_names = mux_parent_names;
init.num_parents = MUX_CLK_NUM_PARENTS;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 043/329] nfs: Do not convert nfs_idmap_cache_timeout to jiffies
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 042/329] net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 045/329] kconfig: Dont leak main menus during parsing Greg Kroah-Hartman
` (270 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Chochol, Trond Myklebust, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Chochol <jan@chochol.info>
[ Upstream commit cbebc6ef4fc830f4040d4140bf53484812d5d5d9 ]
Since commit 57e62324e469 ("NFS: Store the legacy idmapper result in the
keyring") nfs_idmap_cache_timeout changed units from jiffies to seconds.
Unfortunately sysctl interface was not updated accordingly.
As a effect updating /proc/sys/fs/nfs/idmap_cache_timeout with some
value will incorrectly multiply this value by HZ.
Also reading /proc/sys/fs/nfs/idmap_cache_timeout will show real value
divided by HZ.
Fixes: 57e62324e469 ("NFS: Store the legacy idmapper result in the keyring")
Signed-off-by: Jan Chochol <jan@chochol.info>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4sysctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfs/nfs4sysctl.c
+++ b/fs/nfs/nfs4sysctl.c
@@ -31,7 +31,7 @@ static struct ctl_table nfs4_cb_sysctls[
.data = &nfs_idmap_cache_timeout,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec_jiffies,
+ .proc_handler = proc_dointvec,
},
{ }
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 045/329] kconfig: Dont leak main menus during parsing
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 043/329] nfs: Do not convert nfs_idmap_cache_timeout to jiffies Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 046/329] kconfig: Fix automatic menu creation mem leak Greg Kroah-Hartman
` (269 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulf Magnusson, Masahiro Yamada, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulf Magnusson <ulfalizer@gmail.com>
[ Upstream commit 0724a7c32a54e3e50d28e19e30c59014f61d4e2c ]
If a 'mainmenu' entry appeared in the Kconfig files, two things would
leak:
- The 'struct property' allocated for the default "Linux Kernel
Configuration" prompt.
- The string for the T_WORD/T_WORD_QUOTE prompt after the
T_MAINMENU token, allocated on the heap in zconf.l.
To fix it, introduce a new 'no_mainmenu_stmt' nonterminal that matches
if there's no 'mainmenu' and adds the default prompt. That means the
prompt only gets allocated once regardless of whether there's a
'mainmenu' statement or not, and managing it becomes simple.
Summary from Valgrind on 'menuconfig' (ARCH=x86) before the fix:
LEAK SUMMARY:
definitely lost: 344,568 bytes in 14,352 blocks
...
Summary after the fix:
LEAK SUMMARY:
definitely lost: 344,440 bytes in 14,350 blocks
...
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/kconfig/zconf.y | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
--- a/scripts/kconfig/zconf.y
+++ b/scripts/kconfig/zconf.y
@@ -107,7 +107,27 @@ static struct menu *current_menu, *curre
%%
input: nl start | start;
-start: mainmenu_stmt stmt_list | stmt_list;
+start: mainmenu_stmt stmt_list | no_mainmenu_stmt stmt_list;
+
+/* mainmenu entry */
+
+mainmenu_stmt: T_MAINMENU prompt nl
+{
+ menu_add_prompt(P_MENU, $2, NULL);
+};
+
+/* Default main menu, if there's no mainmenu entry */
+
+no_mainmenu_stmt: /* empty */
+{
+ /*
+ * Hack: Keep the main menu title on the heap so we can safely free it
+ * later regardless of whether it comes from the 'prompt' in
+ * mainmenu_stmt or here
+ */
+ menu_add_prompt(P_MENU, strdup("Linux Kernel Configuration"), NULL);
+};
+
stmt_list:
/* empty */
@@ -344,13 +364,6 @@ if_block:
| if_block choice_stmt
;
-/* mainmenu entry */
-
-mainmenu_stmt: T_MAINMENU prompt nl
-{
- menu_add_prompt(P_MENU, $2, NULL);
-};
-
/* menu entry */
menu: T_MENU prompt T_EOL
@@ -495,6 +508,7 @@ word_opt: /* empty */ { $$ = NULL; }
void conf_parse(const char *name)
{
+ const char *tmp;
struct symbol *sym;
int i;
@@ -502,7 +516,6 @@ void conf_parse(const char *name)
sym_init();
_menu_init();
- rootmenu.prompt = menu_add_prompt(P_MENU, "Linux Kernel Configuration", NULL);
if (getenv("ZCONF_DEBUG"))
zconfdebug = 1;
@@ -512,8 +525,10 @@ void conf_parse(const char *name)
if (!modules_sym)
modules_sym = sym_find( "n" );
+ tmp = rootmenu.prompt->text;
rootmenu.prompt->text = _(rootmenu.prompt->text);
rootmenu.prompt->text = sym_expand_string_value(rootmenu.prompt->text);
+ free((char*)tmp);
menu_finalize(&rootmenu);
for_all_symbols(i, sym) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 046/329] kconfig: Fix automatic menu creation mem leak
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 045/329] kconfig: Dont leak main menus during parsing Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 047/329] kconfig: Fix expr_free() E_NOT leak Greg Kroah-Hartman
` (268 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulf Magnusson, Masahiro Yamada, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulf Magnusson <ulfalizer@gmail.com>
[ Upstream commit ae7440ef0c8013d68c00dad6900e7cce5311bb1c ]
expr_trans_compare() always allocates and returns a new expression,
giving the following leak outline:
...
*Allocate*
basedep = expr_trans_compare(basedep, E_UNEQUAL, &symbol_no);
...
for (menu = parent->next; menu; menu = menu->next) {
...
*Copy*
dep2 = expr_copy(basedep);
...
*Free copy*
expr_free(dep2);
}
*basedep lost!*
Fix by freeing 'basedep' after the loop.
Summary from Valgrind on 'menuconfig' (ARCH=x86) before the fix:
LEAK SUMMARY:
definitely lost: 344,376 bytes in 14,349 blocks
...
Summary after the fix:
LEAK SUMMARY:
definitely lost: 44,448 bytes in 1,852 blocks
...
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/kconfig/menu.c | 1 +
1 file changed, 1 insertion(+)
--- a/scripts/kconfig/menu.c
+++ b/scripts/kconfig/menu.c
@@ -364,6 +364,7 @@ void menu_finalize(struct menu *parent)
menu->parent = parent;
last_menu = menu;
}
+ expr_free(basedep);
if (last_menu) {
parent->list = parent->next;
parent->next = last_menu->next;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 047/329] kconfig: Fix expr_free() E_NOT leak
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 046/329] kconfig: Fix automatic menu creation mem leak Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 048/329] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Greg Kroah-Hartman
` (267 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulf Magnusson, Masahiro Yamada, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulf Magnusson <ulfalizer@gmail.com>
[ Upstream commit 5b1374b3b3c2fc4f63a398adfa446fb8eff791a4 ]
Only the E_NOT operand and not the E_NOT node itself was freed, due to
accidentally returning too early in expr_free(). Outline of leak:
switch (e->type) {
...
case E_NOT:
expr_free(e->left.expr);
return;
...
}
*Never reached, 'e' leaked*
free(e);
Fix by changing the 'return' to a 'break'.
Summary from Valgrind on 'menuconfig' (ARCH=x86) before the fix:
LEAK SUMMARY:
definitely lost: 44,448 bytes in 1,852 blocks
...
Summary after the fix:
LEAK SUMMARY:
definitely lost: 1,608 bytes in 67 blocks
...
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/kconfig/expr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/scripts/kconfig/expr.c
+++ b/scripts/kconfig/expr.c
@@ -113,7 +113,7 @@ void expr_free(struct expr *e)
break;
case E_NOT:
expr_free(e->left.expr);
- return;
+ break;
case E_EQUAL:
case E_GEQ:
case E_GTH:
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 048/329] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 047/329] kconfig: Fix expr_free() E_NOT leak Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 049/329] ipmi/powernv: Fix error return code in ipmi_powernv_probe() Greg Kroah-Hartman
` (266 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Ben Hutchings,
Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "weiyongjun (A)" <weiyongjun1@huawei.com>
[ Upstream commit 0ddcff49b672239dda94d70d0fcf50317a9f4b51 ]
'hwname' is malloced in hwsim_new_radio_nl() and should be freed
before leaving from the error handling cases, otherwise it will cause
memory leak.
Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mac80211_hwsim.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3084,8 +3084,10 @@ static int hwsim_new_radio_nl(struct sk_
if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
- if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
+ if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) {
+ kfree(hwname);
return -EINVAL;
+ }
param.regd = hwsim_world_regdom_custom[idx];
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 049/329] ipmi/powernv: Fix error return code in ipmi_powernv_probe()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 048/329] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 050/329] Btrfs: set plug for fsync Greg Kroah-Hartman
` (265 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Alexey Kardashevskiy,
Corey Minyard, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit e749d328b0b450aa78d562fa26a0cd8872325dd9 ]
Fix to return a negative error code from the request_irq() error
handling case instead of 0, as done elsewhere in this function.
Fixes: dce143c3381c ("ipmi/powernv: Convert to irq event interface")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_powernv.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/char/ipmi/ipmi_powernv.c
+++ b/drivers/char/ipmi/ipmi_powernv.c
@@ -251,8 +251,9 @@ static int ipmi_powernv_probe(struct pla
ipmi->irq = opal_event_request(prop);
}
- if (request_irq(ipmi->irq, ipmi_opal_event, IRQ_TYPE_LEVEL_HIGH,
- "opal-ipmi", ipmi)) {
+ rc = request_irq(ipmi->irq, ipmi_opal_event, IRQ_TYPE_LEVEL_HIGH,
+ "opal-ipmi", ipmi);
+ if (rc) {
dev_warn(dev, "Unable to request irq\n");
goto err_dispose;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 050/329] Btrfs: set plug for fsync
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 049/329] ipmi/powernv: Fix error return code in ipmi_powernv_probe() Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 051/329] btrfs: Fix out of bounds access in btrfs_search_slot Greg Kroah-Hartman
` (264 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Bo, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Bo <bo.li.liu@oracle.com>
[ Upstream commit 343e4fc1c60971b0734de26dbbd475d433950982 ]
Setting plug can merge adjacent IOs before dispatching IOs to the disk
driver.
Without plug, it'd not be a problem for single disk usecases, but for
multiple disks using raid profile, a large IO can be split to several
IOs of stripe length, and plug can be helpful to bring them together
for each disk so that we can save several disk access.
Moreover, fsync issues synchronous writes, so plug can really take
effect.
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1912,10 +1912,19 @@ int btrfs_release_file(struct inode *ino
static int start_ordered_ops(struct inode *inode, loff_t start, loff_t end)
{
int ret;
+ struct blk_plug plug;
+ /*
+ * This is only called in fsync, which would do synchronous writes, so
+ * a plug can merge adjacent IOs as much as possible. Esp. in case of
+ * multiple disks using raid profile, a large IO can be split to
+ * several segments of stripe length (currently 64K).
+ */
+ blk_start_plug(&plug);
atomic_inc(&BTRFS_I(inode)->sync_writers);
ret = btrfs_fdatawrite_range(inode, start, end);
atomic_dec(&BTRFS_I(inode)->sync_writers);
+ blk_finish_plug(&plug);
return ret;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 051/329] btrfs: Fix out of bounds access in btrfs_search_slot
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 050/329] Btrfs: set plug for fsync Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 052/329] Btrfs: fix scrub to repair raid6 corruption Greg Kroah-Hartman
` (263 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikolay Borisov <nborisov@suse.com>
[ Upstream commit 9ea2c7c9da13c9073e371c046cbbc45481ecb459 ]
When modifying a tree where the root is at BTRFS_MAX_LEVEL - 1 then
the level variable is going to be 7 (this is the max height of the
tree). On the other hand btrfs_cow_block is always called with
"level + 1" as an index into the nodes and slots arrays. This leads to
an out of bounds access. Admittdely this will be benign since an OOB
access of the nodes array will likely read the 0th element from the
slots array, which in this case is going to be 0 (since we start CoW at
the top of the tree). The OOB access into the slots array in turn will
read the 0th and 1st values of the locks array, which would both be 0
at the time. However, this benign behavior relies on the fact that the
path being passed hasn't been initialised, if it has already been used to
query a btree then it could potentially have populated the nodes/slots arrays.
Fix it by explicitly checking if we are at level 7 (the maximum allowed
index in nodes/slots arrays) and explicitly call the CoW routine with
NULL for parent's node/slot.
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Fixes-coverity-id: 711515
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2760,6 +2760,8 @@ again:
* contention with the cow code
*/
if (cow) {
+ bool last_level = (level == (BTRFS_MAX_LEVEL - 1));
+
/*
* if we don't really need to cow this block
* then we don't want to set the path blocking,
@@ -2784,9 +2786,13 @@ again:
}
btrfs_set_path_blocking(p);
- err = btrfs_cow_block(trans, root, b,
- p->nodes[level + 1],
- p->slots[level + 1], &b);
+ if (last_level)
+ err = btrfs_cow_block(trans, root, b, NULL, 0,
+ &b);
+ else
+ err = btrfs_cow_block(trans, root, b,
+ p->nodes[level + 1],
+ p->slots[level + 1], &b);
if (err) {
ret = err;
goto done;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 052/329] Btrfs: fix scrub to repair raid6 corruption
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 051/329] btrfs: Fix out of bounds access in btrfs_search_slot Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 053/329] btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Greg Kroah-Hartman
` (262 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Bo, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Bo <bo.li.liu@oracle.com>
[ Upstream commit 762221f095e3932669093466aaf4b85ed9ad2ac1 ]
The raid6 corruption is that,
suppose that all disks can be read without problems and if the content
that was read out doesn't match its checksum, currently for raid6
btrfs at most retries twice,
- the 1st retry is to rebuild with all other stripes, it'll eventually
be a raid5 xor rebuild,
- if the 1st fails, the 2nd retry will deliberately fail parity p so
that it will do raid6 style rebuild,
however, the chances are that another non-parity stripe content also
has something corrupted, so that the above retries are not able to
return correct content.
We've fixed normal reads to rebuild raid6 correctly with more retries
in Patch "Btrfs: make raid6 rebuild retry more"[1], this is to fix
scrub to do the exactly same rebuild process.
[1]: https://patchwork.kernel.org/patch/10091755/
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/raid56.c | 18 ++++++++++++++----
fs/btrfs/volumes.c | 9 ++++++++-
2 files changed, 22 insertions(+), 5 deletions(-)
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2161,11 +2161,21 @@ int raid56_parity_recover(struct btrfs_r
}
/*
- * reconstruct from the q stripe if they are
- * asking for mirror 3
+ * Loop retry:
+ * for 'mirror == 2', reconstruct from all other stripes.
+ * for 'mirror_num > 2', select a stripe to fail on every retry.
*/
- if (mirror_num == 3)
- rbio->failb = rbio->real_stripes - 2;
+ if (mirror_num > 2) {
+ /*
+ * 'mirror == 3' is to fail the p stripe and
+ * reconstruct from the q stripe. 'mirror > 3' is to
+ * fail a data stripe and reconstruct from p+q stripe.
+ */
+ rbio->failb = rbio->real_stripes - (mirror_num - 1);
+ ASSERT(rbio->failb > 0);
+ if (rbio->failb <= rbio->faila)
+ rbio->failb--;
+ }
ret = lock_stripe_add(rbio);
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -5186,7 +5186,14 @@ int btrfs_num_copies(struct btrfs_fs_inf
else if (map->type & BTRFS_BLOCK_GROUP_RAID5)
ret = 2;
else if (map->type & BTRFS_BLOCK_GROUP_RAID6)
- ret = 3;
+ /*
+ * There could be two corrupted data stripes, we need
+ * to loop retry in order to rebuild the correct data.
+ *
+ * Fail a stripe at a time on every retry except the
+ * stripe under reconstruction.
+ */
+ ret = map->num_stripes;
else
ret = 1;
free_extent_map(em);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 053/329] btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 052/329] Btrfs: fix scrub to repair raid6 corruption Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 054/329] HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Greg Kroah-Hartman
` (261 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anand Jain, Qu Wenruo, David Sterba,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anand Jain <Anand.Jain@oracle.com>
[ Upstream commit 6f794e3c5c8f8fdd3b5bb20d9ded894e685b5bbe ]
It appears from the original commit [1] that there isn't any design
specific reason not to fail the mount instead of just warning. This
patch will change it to fail.
[1]
commit 319e4d0661e5323c9f9945f0f8fb5905e5fe74c3
btrfs: Enhance super validation check
Fixes: 319e4d0661e5323 ("btrfs: Enhance super validation check")
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -4142,9 +4142,11 @@ static int btrfs_check_super_valid(struc
btrfs_err(fs_info, "no valid FS found");
ret = -EINVAL;
}
- if (btrfs_super_flags(sb) & ~BTRFS_SUPER_FLAG_SUPP)
- btrfs_warn(fs_info, "unrecognized super flag: %llu",
+ if (btrfs_super_flags(sb) & ~BTRFS_SUPER_FLAG_SUPP) {
+ btrfs_err(fs_info, "unrecognized or unsupported super flag: %llu",
btrfs_super_flags(sb) & ~BTRFS_SUPER_FLAG_SUPP);
+ ret = -EINVAL;
+ }
if (btrfs_super_root_level(sb) >= BTRFS_MAX_LEVEL) {
btrfs_err(fs_info, "tree_root level too big: %d >= %d",
btrfs_super_root_level(sb), BTRFS_MAX_LEVEL);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 054/329] HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 053/329] btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 055/329] fm10k: fix "failed to kill vid" message for VF Greg Kroah-Hartman
` (260 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Silvan Jegen,
Jiri Kosina, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 7ad81482cad67cbe1ec808490d1ddfc420c42008 ]
We get the "new_profile_index" value from the mouse device when we're
handling raw events. Smatch taints it as untrusted data and complains
that we need a bounds check. This seems like a reasonable warning
otherwise there is a small read beyond the end of the array.
Fixes: 0e70f97f257e ("HID: roccat: Add support for Kova[+] mouse")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Silvan Jegen <s.jegen@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-roccat-kovaplus.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/hid/hid-roccat-kovaplus.c
+++ b/drivers/hid/hid-roccat-kovaplus.c
@@ -37,6 +37,8 @@ static uint kovaplus_convert_event_cpi(u
static void kovaplus_profile_activated(struct kovaplus_device *kovaplus,
uint new_profile_index)
{
+ if (new_profile_index >= ARRAY_SIZE(kovaplus->profile_settings))
+ return;
kovaplus->actual_profile = new_profile_index;
kovaplus->actual_cpi = kovaplus->profile_settings[new_profile_index].cpi_startup_level;
kovaplus->actual_x_sensitivity = kovaplus->profile_settings[new_profile_index].sensitivity_x;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 055/329] fm10k: fix "failed to kill vid" message for VF
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 054/329] HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 056/329] device property: Define type of PROPERTY_ENRTY_*() macros Greg Kroah-Hartman
` (259 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ngai-Mint Kwan, Jacob Keller,
Krishneil Singh, Jeff Kirsher, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ngai-Mint Kwan <ngai-mint.kwan@intel.com>
[ Upstream commit cf315ea596ec26d7aa542a9ce354990875a920c0 ]
When a VF is under PF VLAN assignment:
ip link set <pf> vf <#> vlan <vid>
This will remove all previous entries in the VLAN table including those
generated by VLAN interfaces created on the VF. The issue arises when
the VF is under PF VLAN assignment and one or more of these VLAN
interfaces of the VF are deleted. When deleting these VLAN interfaces,
the following message will be generated in "dmesg":
failed to kill vid 0081/<vid> for device <vf>
This is due to the fact that "ndo_vlan_rx_kill_vid" exits with an error.
The handler for this ndo is "fm10k_update_vid". Any calls to this
function while under PF VLAN management will exit prematurely and, thus,
it will generate the failure message.
Additionally, since "fm10k_update_vid" exits prematurely, none of the
VLAN update is performed. So, even though the actual VLAN interfaces of
the VF will be deleted, the active_vlans bitmask is not cleared. When
the VF is no longer under PF VLAN assignment, the driver mistakenly
restores the previous entries of the VLAN table based on an
unsynchronized list of active VLANs.
The solution to this issue involves checking the VLAN update action type
before exiting "fm10k_update_vid". If the VLAN update action type is to
"add", this action will not be permitted while the VF is under PF VLAN
assignment and the VLAN update is abandoned like before.
However, if the VLAN update action type is to "kill", then we need to
also clear the active_vlans bitmask. However, we don't need to actually
queue any messages to the PF, because the MAC and VLAN tables have
already been cleared, and the PF would silently ignore these requests
anyways.
Signed-off-by: Ngai-Mint Kwan <ngai-mint.kwan@intel.com>
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Krishneil Singh <krishneil.k.singh@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/fm10k/fm10k_netdev.c
+++ b/drivers/net/ethernet/intel/fm10k/fm10k_netdev.c
@@ -803,8 +803,12 @@ static int fm10k_update_vid(struct net_d
if (vid >= VLAN_N_VID)
return -EINVAL;
- /* Verify we have permission to add VLANs */
- if (hw->mac.vlan_override)
+ /* Verify that we have permission to add VLANs. If this is a request
+ * to remove a VLAN, we still want to allow the user to remove the
+ * VLAN device. In that case, we need to clear the bit in the
+ * active_vlans bitmask.
+ */
+ if (set && hw->mac.vlan_override)
return -EACCES;
/* update active_vlans bitmask */
@@ -823,6 +827,12 @@ static int fm10k_update_vid(struct net_d
rx_ring->vid &= ~FM10K_VLAN_CLEAR;
}
+ /* If our VLAN has been overridden, there is no reason to send VLAN
+ * removal requests as they will be silently ignored.
+ */
+ if (hw->mac.vlan_override)
+ return 0;
+
/* Do not remove default VLAN ID related entries from VLAN and MAC
* tables
*/
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 056/329] device property: Define type of PROPERTY_ENRTY_*() macros
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 055/329] fm10k: fix "failed to kill vid" message for VF Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 057/329] jffs2: Fix use-after-free bug in jffs2_iget()s error handling path Greg Kroah-Hartman
` (258 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corey Minyard, Corey Minyard,
Andy Shevchenko, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit c505cbd45f6e9c539d57dd171d95ec7e5e9f9cd0 ]
Some of the drivers may use the macro at runtime flow, like
struct property_entry p[10];
...
p[index++] = PROPERTY_ENTRY_U8("u8 property", u8_data);
In that case and absence of the data type compiler fails the build:
drivers/char/ipmi/ipmi_dmi.c:79:29: error: Expected ; at end of statement
drivers/char/ipmi/ipmi_dmi.c:79:29: error: got {
Acked-by: Corey Minyard <cminyard@mvista.com>
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/property.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/include/linux/property.h
+++ b/include/linux/property.h
@@ -187,7 +187,7 @@ struct property_entry {
*/
#define PROPERTY_ENTRY_INTEGER_ARRAY(_name_, _type_, _val_) \
-{ \
+(struct property_entry) { \
.name = _name_, \
.length = ARRAY_SIZE(_val_) * sizeof(_type_), \
.is_array = true, \
@@ -205,7 +205,7 @@ struct property_entry {
PROPERTY_ENTRY_INTEGER_ARRAY(_name_, u64, _val_)
#define PROPERTY_ENTRY_STRING_ARRAY(_name_, _val_) \
-{ \
+(struct property_entry) { \
.name = _name_, \
.length = ARRAY_SIZE(_val_) * sizeof(const char *), \
.is_array = true, \
@@ -214,7 +214,7 @@ struct property_entry {
}
#define PROPERTY_ENTRY_INTEGER(_name_, _type_, _val_) \
-{ \
+(struct property_entry) { \
.name = _name_, \
.length = sizeof(_type_), \
.is_string = false, \
@@ -231,7 +231,7 @@ struct property_entry {
PROPERTY_ENTRY_INTEGER(_name_, u64, _val_)
#define PROPERTY_ENTRY_STRING(_name_, _val_) \
-{ \
+(struct property_entry) { \
.name = _name_, \
.length = sizeof(_val_), \
.is_string = true, \
@@ -239,7 +239,7 @@ struct property_entry {
}
#define PROPERTY_ENTRY_BOOL(_name_) \
-{ \
+(struct property_entry) { \
.name = _name_, \
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 057/329] jffs2: Fix use-after-free bug in jffs2_iget()s error handling path
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 056/329] device property: Define type of PROPERTY_ENRTY_*() macros Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 058/329] powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes Greg Kroah-Hartman
` (257 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Weinberger,
Jake Daryll Obina, Al Viro, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jake Daryll Obina <jake.obina@gmail.com>
[ Upstream commit 5bdd0c6f89fba430e18d636493398389dadc3b17 ]
If jffs2_iget() fails for a newly-allocated inode, jffs2_do_clear_inode()
can get called twice in the error handling path, the first call in
jffs2_iget() itself and the second through iget_failed(). This can result
to a use-after-free error in the second jffs2_do_clear_inode() call, such
as shown by the oops below wherein the second jffs2_do_clear_inode() call
was trying to free node fragments that were already freed in the first
jffs2_do_clear_inode() call.
[ 78.178860] jffs2: error: (1904) jffs2_do_read_inode_internal: CRC failed for read_inode of inode 24 at physical location 0x1fc00c
[ 78.178914] Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b6b7b
[ 78.185871] pgd = ffffffc03a567000
[ 78.188794] [6b6b6b6b6b6b6b7b] *pgd=0000000000000000, *pud=0000000000000000
[ 78.194968] Internal error: Oops: 96000004 [#1] PREEMPT SMP
...
[ 78.513147] PC is at rb_first_postorder+0xc/0x28
[ 78.516503] LR is at jffs2_kill_fragtree+0x28/0x90 [jffs2]
[ 78.520672] pc : [<ffffff8008323d28>] lr : [<ffffff8000eb1cc8>] pstate: 60000105
[ 78.526757] sp : ffffff800cea38f0
[ 78.528753] x29: ffffff800cea38f0 x28: ffffffc01f3f8e80
[ 78.532754] x27: 0000000000000000 x26: ffffff800cea3c70
[ 78.536756] x25: 00000000dc67c8ae x24: ffffffc033d6945d
[ 78.540759] x23: ffffffc036811740 x22: ffffff800891a5b8
[ 78.544760] x21: 0000000000000000 x20: 0000000000000000
[ 78.548762] x19: ffffffc037d48910 x18: ffffff800891a588
[ 78.552764] x17: 0000000000000800 x16: 0000000000000c00
[ 78.556766] x15: 0000000000000010 x14: 6f2065646f6e695f
[ 78.560767] x13: 6461657220726f66 x12: 2064656c69616620
[ 78.564769] x11: 435243203a6c616e x10: 7265746e695f6564
[ 78.568771] x9 : 6f6e695f64616572 x8 : ffffffc037974038
[ 78.572774] x7 : bbbbbbbbbbbbbbbb x6 : 0000000000000008
[ 78.576775] x5 : 002f91d85bd44a2f x4 : 0000000000000000
[ 78.580777] x3 : 0000000000000000 x2 : 000000403755e000
[ 78.584779] x1 : 6b6b6b6b6b6b6b6b x0 : 6b6b6b6b6b6b6b6b
...
[ 79.038551] [<ffffff8008323d28>] rb_first_postorder+0xc/0x28
[ 79.042962] [<ffffff8000eb5578>] jffs2_do_clear_inode+0x88/0x100 [jffs2]
[ 79.048395] [<ffffff8000eb9ddc>] jffs2_evict_inode+0x3c/0x48 [jffs2]
[ 79.053443] [<ffffff8008201ca8>] evict+0xb0/0x168
[ 79.056835] [<ffffff8008202650>] iput+0x1c0/0x200
[ 79.060228] [<ffffff800820408c>] iget_failed+0x30/0x3c
[ 79.064097] [<ffffff8000eba0c0>] jffs2_iget+0x2d8/0x360 [jffs2]
[ 79.068740] [<ffffff8000eb0a60>] jffs2_lookup+0xe8/0x130 [jffs2]
[ 79.073434] [<ffffff80081f1a28>] lookup_slow+0x118/0x190
[ 79.077435] [<ffffff80081f4708>] walk_component+0xfc/0x28c
[ 79.081610] [<ffffff80081f4dd0>] path_lookupat+0x84/0x108
[ 79.085699] [<ffffff80081f5578>] filename_lookup+0x88/0x100
[ 79.089960] [<ffffff80081f572c>] user_path_at_empty+0x58/0x6c
[ 79.094396] [<ffffff80081ebe14>] vfs_statx+0xa4/0x114
[ 79.098138] [<ffffff80081ec44c>] SyS_newfstatat+0x58/0x98
[ 79.102227] [<ffffff800808354c>] __sys_trace_return+0x0/0x4
[ 79.106489] Code: d65f03c0 f9400001 b40000e1 aa0103e0 (f9400821)
The jffs2_do_clear_inode() call in jffs2_iget() is unnecessary since
iget_failed() will eventually call jffs2_do_clear_inode() if needed, so
just remove it.
Fixes: 5451f79f5f81 ("iget: stop JFFS2 from using iget() and read_inode()")
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Jake Daryll Obina <jake.obina@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/fs.c | 1 -
1 file changed, 1 deletion(-)
--- a/fs/jffs2/fs.c
+++ b/fs/jffs2/fs.c
@@ -361,7 +361,6 @@ error_io:
ret = -EIO;
error:
mutex_unlock(&f->sem);
- jffs2_do_clear_inode(c, f);
iget_failed(inode);
return ERR_PTR(ret);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 058/329] powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 057/329] jffs2: Fix use-after-free bug in jffs2_iget()s error handling path Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 059/329] powerpc/numa: Ensure nodes initialized for hotplug Greg Kroah-Hartman
` (256 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Bringmann, Nathan Fontenot,
Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Bringmann <mwb@linux.vnet.ibm.com>
[ Upstream commit a346137e9142b039fd13af2e59696e3d40c487ef ]
On powerpc systems which allow 'hot-add' of CPU or memory resources,
it may occur that the new resources are to be inserted into nodes that
were not used for these resources at bootup. In the kernel, any node
that is used must be defined and initialized. These empty nodes may
occur when,
* Dedicated vs. shared resources. Shared resources require information
such as the VPHN hcall for CPU assignment to nodes. Associativity
decisions made based on dedicated resource rules, such as
associativity properties in the device tree, may vary from decisions
made using the values returned by the VPHN hcall.
* memoryless nodes at boot. Nodes need to be defined as 'possible' at
boot for operation with other code modules. Previously, the powerpc
code would limit the set of possible nodes to those which have
memory assigned at boot, and were thus online. Subsequent add/remove
of CPUs or memory would only work with this subset of possible
nodes.
* memoryless nodes with CPUs at boot. Due to the previous restriction
on nodes, nodes that had CPUs but no memory were being collapsed
into other nodes that did have memory at boot. In practice this
meant that the node assignment presented by the runtime kernel
differed from the affinity and associativity attributes presented by
the device tree or VPHN hcalls. Nodes that might be known to the
pHyp were not 'possible' in the runtime kernel because they did not
have memory at boot.
This patch ensures that sufficient nodes are defined to support
configuration requirements after boot, as well as at boot. This patch
set fixes a couple of problems.
* Nodes known to powerpc to be memoryless at boot, but to have CPUs in
them are allowed to be 'possible' and 'online'. Memory allocations
for those nodes are taken from another node that does have memory
until and if memory is hot-added to the node. * Nodes which have no
resources assigned at boot, but which may still be referenced
subsequently by affinity or associativity attributes, are kept in
the list of 'possible' nodes for powerpc. Hot-add of memory or CPUs
to the system can reference these nodes and bring them online
instead of redirecting to one of the set of nodes that were known to
have memory at boot.
This patch extracts the value of the lowest domain level (number of
allocable resources) from the device tree property
"ibm,max-associativity-domains" to use as the maximum number of nodes
to setup as possibly available in the system. This new setting will
override the instruction:
nodes_and(node_possible_map, node_possible_map, node_online_map);
presently seen in the function arch/powerpc/mm/numa.c:initmem_init().
If the "ibm,max-associativity-domains" property is not present at
boot, no operation will be performed to define or enable additional
nodes, or enable the above 'nodes_and()'.
Signed-off-by: Michael Bringmann <mwb@linux.vnet.ibm.com>
Reviewed-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/mm/numa.c | 37 ++++++++++++++++++++++++++++++++++---
1 file changed, 34 insertions(+), 3 deletions(-)
--- a/arch/powerpc/mm/numa.c
+++ b/arch/powerpc/mm/numa.c
@@ -904,6 +904,34 @@ static void __init setup_node_data(int n
NODE_DATA(nid)->node_spanned_pages = spanned_pages;
}
+static void __init find_possible_nodes(void)
+{
+ struct device_node *rtas;
+ u32 numnodes, i;
+
+ if (min_common_depth <= 0)
+ return;
+
+ rtas = of_find_node_by_path("/rtas");
+ if (!rtas)
+ return;
+
+ if (of_property_read_u32_index(rtas,
+ "ibm,max-associativity-domains",
+ min_common_depth, &numnodes))
+ goto out;
+
+ for (i = 0; i < numnodes; i++) {
+ if (!node_possible(i)) {
+ setup_node_data(i, 0, 0);
+ node_set(i, node_possible_map);
+ }
+ }
+
+out:
+ of_node_put(rtas);
+}
+
void __init initmem_init(void)
{
int nid, cpu;
@@ -917,12 +945,15 @@ void __init initmem_init(void)
memblock_dump_all();
/*
- * Reduce the possible NUMA nodes to the online NUMA nodes,
- * since we do not support node hotplug. This ensures that we
- * lower the maximum NUMA node ID to what is actually present.
+ * Modify the set of possible NUMA nodes to reflect information
+ * available about the set of online nodes, and the set of nodes
+ * that we expect to make use of for this platform's affinity
+ * calculations.
*/
nodes_and(node_possible_map, node_possible_map, node_online_map);
+ find_possible_nodes();
+
for_each_online_node(nid) {
unsigned long start_pfn, end_pfn;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 059/329] powerpc/numa: Ensure nodes initialized for hotplug
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 058/329] powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 060/329] RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Greg Kroah-Hartman
` (255 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Bringmann, Nathan Fontenot,
Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Bringmann <mwb@linux.vnet.ibm.com>
[ Upstream commit ea05ba7c559c8e5a5946c3a94a2a266e9a6680a6 ]
This patch fixes some problems encountered at runtime with
configurations that support memory-less nodes, or that hot-add CPUs
into nodes that are memoryless during system execution after boot. The
problems of interest include:
* Nodes known to powerpc to be memoryless at boot, but to have CPUs in
them are allowed to be 'possible' and 'online'. Memory allocations
for those nodes are taken from another node that does have memory
until and if memory is hot-added to the node.
* Nodes which have no resources assigned at boot, but which may still
be referenced subsequently by affinity or associativity attributes,
are kept in the list of 'possible' nodes for powerpc. Hot-add of
memory or CPUs to the system can reference these nodes and bring
them online instead of redirecting the references to one of the set
of nodes known to have memory at boot.
Note that this software operates under the context of CPU hotplug. We
are not doing memory hotplug in this code, but rather updating the
kernel's CPU topology (i.e. arch_update_cpu_topology /
numa_update_cpu_topology). We are initializing a node that may be used
by CPUs or memory before it can be referenced as invalid by a CPU
hotplug operation. CPU hotplug operations are protected by a range of
APIs including cpu_maps_update_begin/cpu_maps_update_done,
cpus_read/write_lock / cpus_read/write_unlock, device locks, and more.
Memory hotplug operations, including try_online_node, are protected by
mem_hotplug_begin/mem_hotplug_done, device locks, and more. In the
case of CPUs being hot-added to a previously memoryless node, the
try_online_node operation occurs wholly within the CPU locks with no
overlap. Using HMC hot-add/hot-remove operations, we have been able to
add and remove CPUs to any possible node without failures. HMC
operations involve a degree self-serialization, though.
Signed-off-by: Michael Bringmann <mwb@linux.vnet.ibm.com>
Reviewed-by: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/mm/numa.c | 47 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 37 insertions(+), 10 deletions(-)
--- a/arch/powerpc/mm/numa.c
+++ b/arch/powerpc/mm/numa.c
@@ -551,7 +551,7 @@ static int numa_setup_cpu(unsigned long
nid = of_node_to_nid_single(cpu);
out_present:
- if (nid < 0 || !node_online(nid))
+ if (nid < 0 || !node_possible(nid))
nid = first_online_node;
map_cpu_to_node(lcpu, nid);
@@ -922,10 +922,8 @@ static void __init find_possible_nodes(v
goto out;
for (i = 0; i < numnodes; i++) {
- if (!node_possible(i)) {
- setup_node_data(i, 0, 0);
+ if (!node_possible(i))
node_set(i, node_possible_map);
- }
}
out:
@@ -1305,6 +1303,40 @@ static long vphn_get_associativity(unsig
return rc;
}
+static inline int find_and_online_cpu_nid(int cpu)
+{
+ __be32 associativity[VPHN_ASSOC_BUFSIZE] = {0};
+ int new_nid;
+
+ /* Use associativity from first thread for all siblings */
+ vphn_get_associativity(cpu, associativity);
+ new_nid = associativity_to_nid(associativity);
+ if (new_nid < 0 || !node_possible(new_nid))
+ new_nid = first_online_node;
+
+ if (NODE_DATA(new_nid) == NULL) {
+#ifdef CONFIG_MEMORY_HOTPLUG
+ /*
+ * Need to ensure that NODE_DATA is initialized for a node from
+ * available memory (see memblock_alloc_try_nid). If unable to
+ * init the node, then default to nearest node that has memory
+ * installed.
+ */
+ if (try_online_node(new_nid))
+ new_nid = first_online_node;
+#else
+ /*
+ * Default to using the nearest node that has memory installed.
+ * Otherwise, it would be necessary to patch the kernel MM code
+ * to deal with more memoryless-node error conditions.
+ */
+ new_nid = first_online_node;
+#endif
+ }
+
+ return new_nid;
+}
+
/*
* Update the CPU maps and sysfs entries for a single CPU when its NUMA
* characteristics change. This function doesn't perform any locking and is
@@ -1370,7 +1402,6 @@ int arch_update_cpu_topology(void)
{
unsigned int cpu, sibling, changed = 0;
struct topology_update_data *updates, *ud;
- __be32 associativity[VPHN_ASSOC_BUFSIZE] = {0};
cpumask_t updated_cpus;
struct device *dev;
int weight, new_nid, i = 0;
@@ -1405,11 +1436,7 @@ int arch_update_cpu_topology(void)
continue;
}
- /* Use associativity from first thread for all siblings */
- vphn_get_associativity(cpu, associativity);
- new_nid = associativity_to_nid(associativity);
- if (new_nid < 0 || !node_online(new_nid))
- new_nid = first_online_node;
+ new_nid = find_and_online_cpu_nid(cpu);
if (new_nid == numa_cpu_lookup_table[cpu]) {
cpumask_andnot(&cpu_associativity_changes_mask,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 060/329] RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 059/329] powerpc/numa: Ensure nodes initialized for hotplug Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 061/329] ntb_transport: Fix bug with max_mw_size parameter Greg Kroah-Hartman
` (254 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Majd Dibbiny, Leon Romanovsky,
Yuval Shaia, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Romanovsky <leonro@mellanox.com>
[ Upstream commit b081808a66345ba725b77ecd8d759bee874cd937 ]
Failure in XRCD FW deallocation command leaves memory leaked and
returns error to the user which he can't do anything about it.
This patch changes behavior to always free memory and always return
success to the user.
Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Reviewed-by: Majd Dibbiny <majd@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/qp.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -4610,13 +4610,10 @@ int mlx5_ib_dealloc_xrcd(struct ib_xrcd
int err;
err = mlx5_core_xrcd_dealloc(dev->mdev, xrcdn);
- if (err) {
+ if (err)
mlx5_ib_warn(dev, "failed to dealloc xrcdn 0x%x\n", xrcdn);
- return err;
- }
kfree(xrcd);
-
return 0;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 061/329] ntb_transport: Fix bug with max_mw_size parameter
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 060/329] RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 062/329] gianfar: prevent integer wrapping in the rx handler Greg Kroah-Hartman
` (253 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Logan Gunthorpe, Allen Hubbe,
Dave Jiang, Jon Mason, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit cbd27448faff4843ac4b66cc71445a10623ff48d ]
When using the max_mw_size parameter of ntb_transport to limit the size of
the Memory windows, communication cannot be established and the queues
freeze.
This is because the mw_size that's reported to the peer is correctly
limited but the size used locally is not. So the MW is initialized
with a buffer smaller than the window but the TX side is using the
full window. This means the TX side will be writing to a region of the
window that points nowhere.
This is easily fixed by applying the same limit to tx_size in
ntb_transport_init_queue().
Fixes: e26a5843f7f5 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ntb/ntb_transport.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -996,6 +996,9 @@ static int ntb_transport_init_queue(stru
mw_base = nt->mw_vec[mw_num].phys_addr;
mw_size = nt->mw_vec[mw_num].phys_size;
+ if (max_mw_size && mw_size > max_mw_size)
+ mw_size = max_mw_size;
+
tx_size = (unsigned int)mw_size / num_qps_mw;
qp_offset = tx_size * (qp_num / mw_count);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 062/329] gianfar: prevent integer wrapping in the rx handler
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 061/329] ntb_transport: Fix bug with max_mw_size parameter Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 063/329] tcp_nv: fix potential integer overflow in tcpnv_acked Greg Kroah-Hartman
` (252 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Spencer, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Spencer <aspencer@spacex.com>
[ Upstream commit 202a0a70e445caee1d0ec7aae814e64b1189fa4d ]
When the frame check sequence (FCS) is split across the last two frames
of a fragmented packet, part of the FCS gets counted twice, once when
subtracting the FCS, and again when subtracting the previously received
data.
For example, if 1602 bytes are received, and the first fragment contains
the first 1600 bytes (including the first two bytes of the FCS), and the
second fragment contains the last two bytes of the FCS:
'skb->len == 1600' from the first fragment
size = lstatus & BD_LENGTH_MASK; # 1602
size -= ETH_FCS_LEN; # 1598
size -= skb->len; # -2
Since the size is unsigned, it wraps around and causes a BUG later in
the packet handling, as shown below:
kernel BUG at ./include/linux/skbuff.h:2068!
Oops: Exception in kernel mode, sig: 5 [#1]
...
NIP [c021ec60] skb_pull+0x24/0x44
LR [c01e2fbc] gfar_clean_rx_ring+0x498/0x690
Call Trace:
[df7edeb0] [c01e2c1c] gfar_clean_rx_ring+0xf8/0x690 (unreliable)
[df7edf20] [c01e33a8] gfar_poll_rx_sq+0x3c/0x9c
[df7edf40] [c023352c] net_rx_action+0x21c/0x274
[df7edf90] [c0329000] __do_softirq+0xd8/0x240
[df7edff0] [c000c108] call_do_irq+0x24/0x3c
[c0597e90] [c00041dc] do_IRQ+0x64/0xc4
[c0597eb0] [c000d920] ret_from_except+0x0/0x18
--- interrupt: 501 at arch_cpu_idle+0x24/0x5c
Change the size to a signed integer and then trim off any part of the
FCS that was received prior to the last fragment.
Fixes: 6c389fc931bc ("gianfar: fix size of scatter-gathered frames")
Signed-off-by: Andy Spencer <aspencer@spacex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/gianfar.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -2935,7 +2935,7 @@ static irqreturn_t gfar_transmit(int irq
static bool gfar_add_rx_frag(struct gfar_rx_buff *rxb, u32 lstatus,
struct sk_buff *skb, bool first)
{
- unsigned int size = lstatus & BD_LENGTH_MASK;
+ int size = lstatus & BD_LENGTH_MASK;
struct page *page = rxb->page;
bool last = !!(lstatus & BD_LFLAG(RXBD_LAST));
@@ -2950,11 +2950,16 @@ static bool gfar_add_rx_frag(struct gfar
if (last)
size -= skb->len;
- /* in case the last fragment consisted only of the FCS */
+ /* Add the last fragment if it contains something other than
+ * the FCS, otherwise drop it and trim off any part of the FCS
+ * that was already received.
+ */
if (size > 0)
skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page,
rxb->page_offset + RXBUF_ALIGNMENT,
size, GFAR_RXB_TRUESIZE);
+ else if (size < 0)
+ pskb_trim(skb, skb->len + size);
}
/* try reuse page */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 063/329] tcp_nv: fix potential integer overflow in tcpnv_acked
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 062/329] gianfar: prevent integer wrapping in the rx handler Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 065/329] ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid Greg Kroah-Hartman
` (251 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, David S. Miller,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
[ Upstream commit e4823fbd229bfbba368b40cdadb8f4eeb20604cc ]
Add suffix ULL to constant 80000 in order to avoid a potential integer
overflow and give the compiler complete information about the proper
arithmetic to use. Notice that this constant is used in a context that
expects an expression of type u64.
The current cast to u64 effectively applies to the whole expression
as an argument of type u64 to be passed to div64_u64, but it does
not prevent it from being evaluated using 32-bit arithmetic instead
of 64-bit arithmetic.
Also, once the expression is properly evaluated using 64-bit arithmentic,
there is no need for the parentheses and the external cast to u64.
Addresses-Coverity-ID: 1357588 ("Unintentional integer overflow")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_nv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/tcp_nv.c
+++ b/net/ipv4/tcp_nv.c
@@ -338,7 +338,7 @@ static void tcpnv_acked(struct sock *sk,
*/
cwnd_by_slope = (u32)
div64_u64(((u64)ca->nv_rtt_max_rate) * ca->nv_min_rtt,
- (u64)(80000 * tp->mss_cache));
+ 80000ULL * tp->mss_cache);
max_win = cwnd_by_slope + nv_pad;
/* If cwnd > max_win, decrease cwnd
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 065/329] ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 063/329] tcp_nv: fix potential integer overflow in tcpnv_acked Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 066/329] ocfs2/acl: use ip_xattr_sem to protect getting extended attribute Greg Kroah-Hartman
` (250 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jun Piao, Alex Chen, Joseph Qi,
Changwei Ge, Gang He, Mark Fasheh, Joel Becker, Junxiao Bi,
Andrew Morton, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: piaojun <piaojun@huawei.com>
[ Upstream commit 025bcbde3634b2c9b316f227fed13ad6ad6817fb ]
If metadata is corrupted such as 'invalid inode block', we will get
failed by calling 'mount()' and then set filesystem readonly as below:
ocfs2_mount
ocfs2_initialize_super
ocfs2_init_global_system_inodes
ocfs2_iget
ocfs2_read_locked_inode
ocfs2_validate_inode_block
ocfs2_error
ocfs2_handle_error
ocfs2_set_ro_flag(osb, 0); // set readonly
In this situation we need return -EROFS to 'mount.ocfs2', so that user
can fix it by fsck. And then mount again. In addition, 'mount.ocfs2'
should be updated correspondingly as it only return 1 for all errno.
And I will post a patch for 'mount.ocfs2' too.
Link: http://lkml.kernel.org/r/5A4302FA.2010606@huawei.com
Signed-off-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Alex Chen <alex.chen@huawei.com>
Reviewed-by: Joseph Qi <jiangqi903@gmail.com>
Reviewed-by: Changwei Ge <ge.changwei@h3c.com>
Reviewed-by: Gang He <ghe@suse.com>
Cc: Mark Fasheh <mfasheh@versity.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/super.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -473,9 +473,8 @@ static int ocfs2_init_global_system_inod
new = ocfs2_get_system_file_inode(osb, i, osb->slot_num);
if (!new) {
ocfs2_release_system_inodes(osb);
- status = -EINVAL;
+ status = ocfs2_is_soft_readonly(osb) ? -EROFS : -EINVAL;
mlog_errno(status);
- /* FIXME: Should ERROR_RO_FS */
mlog(ML_ERROR, "Unable to load system inode %d, "
"possibly corrupt fs?", i);
goto bail;
@@ -504,7 +503,7 @@ static int ocfs2_init_local_system_inode
new = ocfs2_get_system_file_inode(osb, i, osb->slot_num);
if (!new) {
ocfs2_release_system_inodes(osb);
- status = -EINVAL;
+ status = ocfs2_is_soft_readonly(osb) ? -EROFS : -EINVAL;
mlog(ML_ERROR, "status=%d, sysfile=%d, slot=%d\n",
status, i, osb->slot_num);
goto bail;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 066/329] ocfs2/acl: use ip_xattr_sem to protect getting extended attribute
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 065/329] ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 067/329] ocfs2: return error when we attempt to access a dirty bh in jbd2 Greg Kroah-Hartman
` (249 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jun Piao, Alex Chen, Mark Fasheh,
Joel Becker, Junxiao Bi, Joseph Qi, Changwei Ge, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: piaojun <piaojun@huawei.com>
[ Upstream commit 16c8d569f5704a84164f30ff01b29879f3438065 ]
The race between *set_acl and *get_acl will cause getting incomplete
xattr data as below:
processA processB
ocfs2_set_acl
ocfs2_xattr_set
__ocfs2_xattr_set_handle
ocfs2_get_acl_nolock
ocfs2_xattr_get_nolock:
processB may get incomplete xattr data if processA hasn't set_acl done.
So we should use 'ip_xattr_sem' to protect getting extended attribute in
ocfs2_get_acl_nolock(), as other processes could be changing it
concurrently.
Link: http://lkml.kernel.org/r/5A5DDCFF.7030001@huawei.com
Signed-off-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Alex Chen <alex.chen@huawei.com>
Cc: Mark Fasheh <mfasheh@versity.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <ge.changwei@h3c.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/acl.c | 6 ++++++
fs/ocfs2/xattr.c | 2 ++
2 files changed, 8 insertions(+)
--- a/fs/ocfs2/acl.c
+++ b/fs/ocfs2/acl.c
@@ -314,7 +314,9 @@ struct posix_acl *ocfs2_iop_get_acl(stru
return ERR_PTR(ret);
}
+ down_read(&OCFS2_I(inode)->ip_xattr_sem);
acl = ocfs2_get_acl_nolock(inode, type, di_bh);
+ up_read(&OCFS2_I(inode)->ip_xattr_sem);
ocfs2_inode_unlock(inode, 0);
brelse(di_bh);
@@ -333,7 +335,9 @@ int ocfs2_acl_chmod(struct inode *inode,
if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
return 0;
+ down_read(&OCFS2_I(inode)->ip_xattr_sem);
acl = ocfs2_get_acl_nolock(inode, ACL_TYPE_ACCESS, bh);
+ up_read(&OCFS2_I(inode)->ip_xattr_sem);
if (IS_ERR(acl) || !acl)
return PTR_ERR(acl);
ret = __posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode);
@@ -364,8 +368,10 @@ int ocfs2_init_acl(handle_t *handle,
if (!S_ISLNK(inode->i_mode)) {
if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) {
+ down_read(&OCFS2_I(dir)->ip_xattr_sem);
acl = ocfs2_get_acl_nolock(dir, ACL_TYPE_DEFAULT,
dir_bh);
+ up_read(&OCFS2_I(dir)->ip_xattr_sem);
if (IS_ERR(acl))
return PTR_ERR(acl);
}
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -638,9 +638,11 @@ int ocfs2_calc_xattr_init(struct inode *
si->value_len);
if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) {
+ down_read(&OCFS2_I(dir)->ip_xattr_sem);
acl_len = ocfs2_xattr_get_nolock(dir, dir_bh,
OCFS2_XATTR_INDEX_POSIX_ACL_DEFAULT,
"", NULL, 0);
+ up_read(&OCFS2_I(dir)->ip_xattr_sem);
if (acl_len > 0) {
a_size = ocfs2_xattr_entry_real_size(0, acl_len);
if (S_ISDIR(mode))
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 067/329] ocfs2: return error when we attempt to access a dirty bh in jbd2
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 066/329] ocfs2/acl: use ip_xattr_sem to protect getting extended attribute Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 068/329] mm/mempolicy: fix the check of nodemask from user Greg Kroah-Hartman
` (248 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jun Piao, Yiwen Jiang, Changwei Ge,
Mark Fasheh, Joel Becker, Junxiao Bi, Joseph Qi, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: piaojun <piaojun@huawei.com>
[ Upstream commit d984187e3a1ad7d12447a7ab2c43ce3717a2b5b3 ]
We should not reuse the dirty bh in jbd2 directly due to the following
situation:
1. When removing extent rec, we will dirty the bhs of extent rec and
truncate log at the same time, and hand them over to jbd2.
2. The bhs are submitted to jbd2 area successfully.
3. The write-back thread of device help flush the bhs to disk but
encounter write error due to abnormal storage link.
4. After a while the storage link become normal. Truncate log flush
worker triggered by the next space reclaiming found the dirty bh of
truncate log and clear its 'BH_Write_EIO' and then set it uptodate in
__ocfs2_journal_access():
ocfs2_truncate_log_worker
ocfs2_flush_truncate_log
__ocfs2_flush_truncate_log
ocfs2_replay_truncate_records
ocfs2_journal_access_di
__ocfs2_journal_access // here we clear io_error and set 'tl_bh' uptodata.
5. Then jbd2 will flush the bh of truncate log to disk, but the bh of
extent rec is still in error state, and unfortunately nobody will
take care of it.
6. At last the space of extent rec was not reduced, but truncate log
flush worker have given it back to globalalloc. That will cause
duplicate cluster problem which could be identified by fsck.ocfs2.
Sadly we can hardly revert this but set fs read-only in case of ruining
atomicity and consistency of space reclaim.
Link: http://lkml.kernel.org/r/5A6E8092.8090701@huawei.com
Fixes: acf8fdbe6afb ("ocfs2: do not BUG if buffer not uptodate in __ocfs2_journal_access")
Signed-off-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Reviewed-by: Changwei Ge <ge.changwei@h3c.com>
Cc: Mark Fasheh <mfasheh@versity.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/journal.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
--- a/fs/ocfs2/journal.c
+++ b/fs/ocfs2/journal.c
@@ -666,23 +666,24 @@ static int __ocfs2_journal_access(handle
/* we can safely remove this assertion after testing. */
if (!buffer_uptodate(bh)) {
mlog(ML_ERROR, "giving me a buffer that's not uptodate!\n");
- mlog(ML_ERROR, "b_blocknr=%llu\n",
- (unsigned long long)bh->b_blocknr);
+ mlog(ML_ERROR, "b_blocknr=%llu, b_state=0x%lx\n",
+ (unsigned long long)bh->b_blocknr, bh->b_state);
lock_buffer(bh);
/*
- * A previous attempt to write this buffer head failed.
- * Nothing we can do but to retry the write and hope for
- * the best.
+ * A previous transaction with a couple of buffer heads fail
+ * to checkpoint, so all the bhs are marked as BH_Write_EIO.
+ * For current transaction, the bh is just among those error
+ * bhs which previous transaction handle. We can't just clear
+ * its BH_Write_EIO and reuse directly, since other bhs are
+ * not written to disk yet and that will cause metadata
+ * inconsistency. So we should set fs read-only to avoid
+ * further damage.
*/
if (buffer_write_io_error(bh) && !buffer_uptodate(bh)) {
- clear_buffer_write_io_error(bh);
- set_buffer_uptodate(bh);
- }
-
- if (!buffer_uptodate(bh)) {
unlock_buffer(bh);
- return -EIO;
+ return ocfs2_error(osb->sb, "A previous attempt to "
+ "write this buffer head failed\n");
}
unlock_buffer(bh);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 068/329] mm/mempolicy: fix the check of nodemask from user
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 067/329] ocfs2: return error when we attempt to access a dirty bh in jbd2 Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 069/329] mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Greg Kroah-Hartman
` (247 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yisheng Xie, Tan Xiaojun,
Vlastimil Babka, Andi Kleen, Chris Salls, Christopher Lameter,
David Rientjes, Ingo Molnar, Naoya Horiguchi, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yisheng Xie <xieyisheng1@huawei.com>
[ Upstream commit 56521e7a02b7b84a5e72691a1fb15570e6055545 ]
As Xiaojun reported the ltp of migrate_pages01 will fail on arm64 system
which has 4 nodes[0...3], all have memory and CONFIG_NODES_SHIFT=2:
migrate_pages01 0 TINFO : test_invalid_nodes
migrate_pages01 14 TFAIL : migrate_pages_common.c:45: unexpected failure - returned value = 0, expected: -1
migrate_pages01 15 TFAIL : migrate_pages_common.c:55: call succeeded unexpectedly
In this case the test_invalid_nodes of migrate_pages01 will call:
SYSC_migrate_pages as:
migrate_pages(0, , {0x0000000000000001}, 64, , {0x0000000000000010}, 64) = 0
The new nodes specifies one or more node IDs that are greater than the
maximum supported node ID, however, the errno is not set to EINVAL as
expected.
As man pages of set_mempolicy[1], mbind[2], and migrate_pages[3]
mentioned, when nodemask specifies one or more node IDs that are greater
than the maximum supported node ID, the errno should set to EINVAL.
However, get_nodes only check whether the part of bits
[BITS_PER_LONG*BITS_TO_LONGS(MAX_NUMNODES), maxnode) is zero or not, and
remain [MAX_NUMNODES, BITS_PER_LONG*BITS_TO_LONGS(MAX_NUMNODES)
unchecked.
This patch is to check the bits of [MAX_NUMNODES, maxnode) in get_nodes
to let migrate_pages set the errno to EINVAL when nodemask specifies one
or more node IDs that are greater than the maximum supported node ID,
which follows the manpage's guide.
[1] http://man7.org/linux/man-pages/man2/set_mempolicy.2.html
[2] http://man7.org/linux/man-pages/man2/mbind.2.html
[3] http://man7.org/linux/man-pages/man2/migrate_pages.2.html
Link: http://lkml.kernel.org/r/1510882624-44342-3-git-send-email-xieyisheng1@huawei.com
Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
Reported-by: Tan Xiaojun <tanxiaojun@huawei.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Chris Salls <salls@cs.ucsb.edu>
Cc: Christopher Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mempolicy.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1264,6 +1264,7 @@ static int get_nodes(nodemask_t *nodes,
unsigned long maxnode)
{
unsigned long k;
+ unsigned long t;
unsigned long nlongs;
unsigned long endmask;
@@ -1280,13 +1281,19 @@ static int get_nodes(nodemask_t *nodes,
else
endmask = (1UL << (maxnode % BITS_PER_LONG)) - 1;
- /* When the user specified more nodes than supported just check
- if the non supported part is all zero. */
+ /*
+ * When the user specified more nodes than supported just check
+ * if the non supported part is all zero.
+ *
+ * If maxnode have more longs than MAX_NUMNODES, check
+ * the bits in that area first. And then go through to
+ * check the rest bits which equal or bigger than MAX_NUMNODES.
+ * Otherwise, just check bits [MAX_NUMNODES, maxnode).
+ */
if (nlongs > BITS_TO_LONGS(MAX_NUMNODES)) {
if (nlongs > PAGE_SIZE/sizeof(long))
return -EINVAL;
for (k = BITS_TO_LONGS(MAX_NUMNODES); k < nlongs; k++) {
- unsigned long t;
if (get_user(t, nmask + k))
return -EFAULT;
if (k == nlongs - 1) {
@@ -1299,6 +1306,16 @@ static int get_nodes(nodemask_t *nodes,
endmask = ~0UL;
}
+ if (maxnode > MAX_NUMNODES && MAX_NUMNODES % BITS_PER_LONG != 0) {
+ unsigned long valid_mask = endmask;
+
+ valid_mask &= ~((1UL << (MAX_NUMNODES % BITS_PER_LONG)) - 1);
+ if (get_user(t, nmask + nlongs - 1))
+ return -EFAULT;
+ if (t & valid_mask)
+ return -EINVAL;
+ }
+
if (copy_from_user(nodes_addr(*nodes), nmask, nlongs*sizeof(unsigned long)))
return -EFAULT;
nodes_addr(*nodes)[nlongs-1] &= endmask;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 069/329] mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 068/329] mm/mempolicy: fix the check of nodemask from user Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 070/329] asm-generic: provide generic_pmdp_establish() Greg Kroah-Hartman
` (246 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yisheng Xie, Vlastimil Babka,
Andi Kleen, Chris Salls, Christopher Lameter, David Rientjes,
Ingo Molnar, Naoya Horiguchi, Tan Xiaojun, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yisheng Xie <xieyisheng1@huawei.com>
[ Upstream commit 0486a38bcc4749808edbc848f1bcf232042770fc ]
As in manpage of migrate_pages, the errno should be set to EINVAL when
none of the node IDs specified by new_nodes are on-line and allowed by
the process's current cpuset context, or none of the specified nodes
contain memory. However, when test by following case:
new_nodes = 0;
old_nodes = 0xf;
ret = migrate_pages(pid, old_nodes, new_nodes, MAX);
The ret will be 0 and no errno is set. As the new_nodes is empty, we
should expect EINVAL as documented.
To fix the case like above, this patch check whether target nodes AND
current task_nodes is empty, and then check whether AND
node_states[N_MEMORY] is empty.
Link: http://lkml.kernel.org/r/1510882624-44342-4-git-send-email-xieyisheng1@huawei.com
Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Chris Salls <salls@cs.ucsb.edu>
Cc: Christopher Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Tan Xiaojun <tanxiaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mempolicy.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1442,10 +1442,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pi
goto out_put;
}
- if (!nodes_subset(*new, node_states[N_MEMORY])) {
- err = -EINVAL;
+ task_nodes = cpuset_mems_allowed(current);
+ nodes_and(*new, *new, task_nodes);
+ if (nodes_empty(*new))
+ goto out_put;
+
+ nodes_and(*new, *new, node_states[N_MEMORY]);
+ if (nodes_empty(*new))
goto out_put;
- }
err = security_task_movememory(task);
if (err)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 070/329] asm-generic: provide generic_pmdp_establish()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 069/329] mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Greg Kroah-Hartman
@ 2018-05-28 9:59 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 071/329] sparc64: update pmdp_invalidate() to return old pmd value Greg Kroah-Hartman
` (245 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 9:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov, Vlastimil Babka,
Andrea Arcangeli, Michal Hocko, Aneesh Kumar K.V,
Catalin Marinas, David Daney, David Miller, H. Peter Anvin,
Hugh Dickins, Ingo Molnar, Martin Schwidefsky, Nitin Gupta,
Ralf Baechle, Thomas Gleixner, Vineet Gupta, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
[ Upstream commit c58f0bb77ed8bf93dfdde762b01cb67eebbdfc29 ]
Patch series "Do not lose dirty bit on THP pages", v4.
Vlastimil noted that pmdp_invalidate() is not atomic and we can lose
dirty and access bits if CPU sets them after pmdp dereference, but
before set_pmd_at().
The bug can lead to data loss, but the race window is tiny and I haven't
seen any reports that suggested that it happens in reality. So I don't
think it worth sending it to stable.
Unfortunately, there's no way to address the issue in a generic way. We
need to fix all architectures that support THP one-by-one.
All architectures that have THP supported have to provide atomic
pmdp_invalidate() that returns previous value.
If generic implementation of pmdp_invalidate() is used, architecture
needs to provide atomic pmdp_estabish().
pmdp_estabish() is not used out-side generic implementation of
pmdp_invalidate() so far, but I think this can change in the future.
This patch (of 12):
This is an implementation of pmdp_establish() that is only suitable for
an architecture that doesn't have hardware dirty/accessed bits. In this
case we can't race with CPU which sets these bits and non-atomic
approach is fine.
Link: http://lkml.kernel.org/r/20171213105756.69879-2-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: David Daney <david.daney@cavium.com>
Cc: David Miller <davem@davemloft.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Nitin Gupta <nitin.m.gupta@oracle.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/asm-generic/pgtable.h | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
@@ -234,6 +234,21 @@ extern void pgtable_trans_huge_deposit(s
extern pgtable_t pgtable_trans_huge_withdraw(struct mm_struct *mm, pmd_t *pmdp);
#endif
+#ifdef CONFIG_TRANSPARENT_HUGEPAGE
+/*
+ * This is an implementation of pmdp_establish() that is only suitable for an
+ * architecture that doesn't have hardware dirty/accessed bits. In this case we
+ * can't race with CPU which sets these bits and non-atomic aproach is fine.
+ */
+static inline pmd_t generic_pmdp_establish(struct vm_area_struct *vma,
+ unsigned long address, pmd_t *pmdp, pmd_t pmd)
+{
+ pmd_t old_pmd = *pmdp;
+ set_pmd_at(vma->vm_mm, address, pmdp, pmd);
+ return old_pmd;
+}
+#endif
+
#ifndef __HAVE_ARCH_PMDP_INVALIDATE
extern void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
pmd_t *pmdp);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 071/329] sparc64: update pmdp_invalidate() to return old pmd value
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2018-05-28 9:59 ` [PATCH 4.9 070/329] asm-generic: provide generic_pmdp_establish() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 073/329] mm: pin address_space before dereferencing it while isolating an LRU page Greg Kroah-Hartman
` (244 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nitin Gupta, Kirill A. Shutemov,
David Miller, Vlastimil Babka, Andrea Arcangeli, Michal Hocko,
Andrew Morton, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nitin Gupta <nitin.m.gupta@oracle.com>
[ Upstream commit a8e654f01cb725d0bfd741ebca1bf4c9337969cc ]
It's required to avoid losing dirty and accessed bits.
[akpm@linux-foundation.org: add a `do' to the do-while loop]
Link: http://lkml.kernel.org/r/20171213105756.69879-9-kirill.shutemov@linux.intel.com
Signed-off-by: Nitin Gupta <nitin.m.gupta@oracle.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: David Miller <davem@davemloft.net>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/sparc/include/asm/pgtable_64.h | 2 +-
arch/sparc/mm/tlb.c | 23 ++++++++++++++++++-----
2 files changed, 19 insertions(+), 6 deletions(-)
--- a/arch/sparc/include/asm/pgtable_64.h
+++ b/arch/sparc/include/asm/pgtable_64.h
@@ -952,7 +952,7 @@ void update_mmu_cache_pmd(struct vm_area
pmd_t *pmd);
#define __HAVE_ARCH_PMDP_INVALIDATE
-extern void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
+extern pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
pmd_t *pmdp);
#define __HAVE_ARCH_PGTABLE_DEPOSIT
--- a/arch/sparc/mm/tlb.c
+++ b/arch/sparc/mm/tlb.c
@@ -219,17 +219,28 @@ void set_pmd_at(struct mm_struct *mm, un
}
}
+static inline pmd_t pmdp_establish(struct vm_area_struct *vma,
+ unsigned long address, pmd_t *pmdp, pmd_t pmd)
+{
+ pmd_t old;
+
+ do {
+ old = *pmdp;
+ } while (cmpxchg64(&pmdp->pmd, old.pmd, pmd.pmd) != old.pmd);
+
+ return old;
+}
+
/*
* This routine is only called when splitting a THP
*/
-void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
+pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
pmd_t *pmdp)
{
- pmd_t entry = *pmdp;
-
- pmd_val(entry) &= ~_PAGE_VALID;
+ pmd_t old, entry;
- set_pmd_at(vma->vm_mm, address, pmdp, entry);
+ entry = __pmd(pmd_val(*pmdp) & ~_PAGE_VALID);
+ old = pmdp_establish(vma, address, pmdp, entry);
flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
/*
@@ -240,6 +251,8 @@ void pmdp_invalidate(struct vm_area_stru
if ((pmd_val(entry) & _PAGE_PMD_HUGE) &&
!is_huge_zero_page(pmd_page(entry)))
(vma->vm_mm)->context.thp_pte_count--;
+
+ return old;
}
void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 073/329] mm: pin address_space before dereferencing it while isolating an LRU page
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 071/329] sparc64: update pmdp_invalidate() to return old pmd value Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 074/329] mm/fadvise: discard partial page if endbyte is also EOF Greg Kroah-Hartman
` (243 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mel Gorman, Minchan Kim, Huang, Ying,
Jan Kara, Andrew Morton, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mel Gorman <mgorman@techsingularity.net>
[ Upstream commit 69d763fc6d3aee787a3e8c8c35092b4f4960fa5d ]
Minchan Kim asked the following question -- what locks protects
address_space destroying when race happens between inode trauncation and
__isolate_lru_page? Jan Kara clarified by describing the race as follows
CPU1 CPU2
truncate(inode) __isolate_lru_page()
...
truncate_inode_page(mapping, page);
delete_from_page_cache(page)
spin_lock_irqsave(&mapping->tree_lock, flags);
__delete_from_page_cache(page, NULL)
page_cache_tree_delete(..)
... mapping = page_mapping(page);
page->mapping = NULL;
...
spin_unlock_irqrestore(&mapping->tree_lock, flags);
page_cache_free_page(mapping, page)
put_page(page)
if (put_page_testzero(page)) -> false
- inode now has no pages and can be freed including embedded address_space
if (mapping && !mapping->a_ops->migratepage)
- we've dereferenced mapping which is potentially already free.
The race is theoretically possible but unlikely. Before the
delete_from_page_cache, truncate_cleanup_page is called so the page is
likely to be !PageDirty or PageWriteback which gets skipped by the only
caller that checks the mappping in __isolate_lru_page. Even if the race
occurs, a substantial amount of work has to happen during a tiny window
with no preemption but it could potentially be done using a virtual
machine to artifically slow one CPU or halt it during the critical
window.
This patch should eliminate the race with truncation by try-locking the
page before derefencing mapping and aborting if the lock was not
acquired. There was a suggestion from Huang Ying to use RCU as a
side-effect to prevent mapping being freed. However, I do not like the
solution as it's an unconventional means of preserving a mapping and
it's not a context where rcu_read_lock is obviously protecting rcu data.
Link: http://lkml.kernel.org/r/20180104102512.2qos3h5vqzeisrek@techsingularity.net
Fixes: c82449352854 ("mm: compaction: make isolate_lru_page() filter-aware again")
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/vmscan.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -1374,6 +1374,7 @@ int __isolate_lru_page(struct page *page
if (PageDirty(page)) {
struct address_space *mapping;
+ bool migrate_dirty;
/* ISOLATE_CLEAN means only clean pages */
if (mode & ISOLATE_CLEAN)
@@ -1382,10 +1383,19 @@ int __isolate_lru_page(struct page *page
/*
* Only pages without mappings or that have a
* ->migratepage callback are possible to migrate
- * without blocking
+ * without blocking. However, we can be racing with
+ * truncation so it's necessary to lock the page
+ * to stabilise the mapping as truncation holds
+ * the page lock until after the page is removed
+ * from the page cache.
*/
+ if (!trylock_page(page))
+ return ret;
+
mapping = page_mapping(page);
- if (mapping && !mapping->a_ops->migratepage)
+ migrate_dirty = mapping && mapping->a_ops->migratepage;
+ unlock_page(page);
+ if (!migrate_dirty)
return ret;
}
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 074/329] mm/fadvise: discard partial page if endbyte is also EOF
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 073/329] mm: pin address_space before dereferencing it while isolating an LRU page Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 075/329] openvswitch: Remove padding from packet before L3+ conntrack processing Greg Kroah-Hartman
` (242 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, shidao.ytt, Caspar Zhang,
Oliver Yang, Mel Gorman, Andrew Morton, Linus Torvalds,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "shidao.ytt" <shidao.ytt@alibaba-inc.com>
[ Upstream commit a7ab400d6fe73d0119fdc234e9982a6f80faea9f ]
During our recent testing with fadvise(FADV_DONTNEED), we find that if
given offset/length is not page-aligned, the last page will not be
discarded. The tool we use is vmtouch (https://hoytech.com/vmtouch/),
we map a 10KB-sized file into memory and then try to run this tool to
evict the whole file mapping, but the last single page always remains
staying in the memory:
$./vmtouch -e test_10K
Files: 1
Directories: 0
Evicted Pages: 3 (12K)
Elapsed: 2.1e-05 seconds
$./vmtouch test_10K
Files: 1
Directories: 0
Resident Pages: 1/3 4K/12K 33.3%
Elapsed: 5.5e-05 seconds
However when we test with an older kernel, say 3.10, this problem is
gone. So we wonder if this is a regression:
$./vmtouch -e test_10K
Files: 1
Directories: 0
Evicted Pages: 3 (12K)
Elapsed: 8.2e-05 seconds
$./vmtouch test_10K
Files: 1
Directories: 0
Resident Pages: 0/3 0/12K 0% <-- partial page also discarded
Elapsed: 5e-05 seconds
After digging a little bit into this problem, we find it seems not a
regression. Not discarding partial page is likely to be on purpose
according to commit 441c228f817f ("mm: fadvise: document the
fadvise(FADV_DONTNEED) behaviour for partial pages") written by Mel
Gorman. He explained why partial pages should be preserved instead of
being discarded when using fadvise(FADV_DONTNEED).
However, the interesting part is that the actual code did NOT work as
the same as it was described, the partial page was still discarded
anyway, due to a calculation mistake of `end_index' passed to
invalidate_mapping_pages(). This mistake has not been fixed until
recently, that's why we fail to reproduce our problem in old kernels.
The fix is done in commit 18aba41cbf ("mm/fadvise.c: do not discard
partial pages with POSIX_FADV_DONTNEED") by Oleg Drokin.
Back to the original testing, our problem becomes that there is a
special case that, if the page-unaligned `endbyte' is also the end of
file, it is not necessary at all to preserve the last partial page, as
we all know no one else will use the rest of it. It should be safe
enough if we just discard the whole page. So we add an EOF check in
this patch.
We also find a poosbile real world issue in mainline kernel. Assume
such scenario: A userspace backup application want to backup a huge
amount of small files (<4k) at once, the developer might (I guess) want
to use fadvise(FADV_DONTNEED) to save memory. However, FADV_DONTNEED
won't really happen since the only page mapped is a partial page, and
kernel will preserve it. Our patch also fixes this problem, since we
know the endbyte is EOF, so we discard it.
Here is a simple reproducer to reproduce and verify each scenario we
described above:
test_fadvise.c
==============================
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
int main(int argc, char **argv)
{
int i, fd, ret, len;
struct stat buf;
void *addr;
unsigned char *vec;
char *strbuf;
ssize_t pagesize = getpagesize();
ssize_t filesize;
fd = open(argv[1], O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
if (fd < 0)
return -1;
filesize = strtoul(argv[2], NULL, 10);
strbuf = malloc(filesize);
memset(strbuf, 42, filesize);
write(fd, strbuf, filesize);
free(strbuf);
fsync(fd);
len = (filesize + pagesize - 1) / pagesize;
printf("length of pages: %d\n", len);
addr = mmap(NULL, filesize, PROT_READ, MAP_SHARED, fd, 0);
if (addr == MAP_FAILED)
return -1;
ret = posix_fadvise(fd, 0, filesize, POSIX_FADV_DONTNEED);
if (ret < 0)
return -1;
vec = malloc(len);
ret = mincore(addr, filesize, (void *)vec);
if (ret < 0)
return -1;
for (i = 0; i < len; i++)
printf("pages[%d]: %x\n", i, vec[i] & 0x1);
free(vec);
close(fd);
return 0;
}
==============================
Test 1: running on kernel with commit 18aba41cbf reverted:
[root@caspar ~]# uname -r
4.15.0-rc6.revert+
[root@caspar ~]# ./test_fadvise file1 1024
length of pages: 1
pages[0]: 0 # <-- partial page discarded
[root@caspar ~]# ./test_fadvise file2 8192
length of pages: 2
pages[0]: 0
pages[1]: 0
[root@caspar ~]# ./test_fadvise file3 10240
length of pages: 3
pages[0]: 0
pages[1]: 0
pages[2]: 0 # <-- partial page discarded
Test 2: running on mainline kernel:
[root@caspar ~]# uname -r
4.15.0-rc6+
[root@caspar ~]# ./test_fadvise test1 1024
length of pages: 1
pages[0]: 1 # <-- partial and the only page not discarded
[root@caspar ~]# ./test_fadvise test2 8192
length of pages: 2
pages[0]: 0
pages[1]: 0
[root@caspar ~]# ./test_fadvise test3 10240
length of pages: 3
pages[0]: 0
pages[1]: 0
pages[2]: 1 # <-- partial page not discarded
Test 3: running on kernel with this patch:
[root@caspar ~]# uname -r
4.15.0-rc6.patched+
[root@caspar ~]# ./test_fadvise test1 1024
length of pages: 1
pages[0]: 0 # <-- partial page and EOF, discarded
[root@caspar ~]# ./test_fadvise test2 8192
length of pages: 2
pages[0]: 0
pages[1]: 0
[root@caspar ~]# ./test_fadvise test3 10240
length of pages: 3
pages[0]: 0
pages[1]: 0
pages[2]: 0 # <-- partial page and EOF, discarded
[akpm@linux-foundation.org: tweak code comment]
Link: http://lkml.kernel.org/r/5222da9ee20e1695eaabb69f631f200d6e6b8876.1515132470.git.jinli.zjl@alibaba-inc.com
Signed-off-by: shidao.ytt <shidao.ytt@alibaba-inc.com>
Signed-off-by: Caspar Zhang <jinli.zjl@alibaba-inc.com>
Reviewed-by: Oliver Yang <zhiche.yy@alibaba-inc.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/fadvise.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/mm/fadvise.c
+++ b/mm/fadvise.c
@@ -126,7 +126,15 @@ SYSCALL_DEFINE4(fadvise64_64, int, fd, l
*/
start_index = (offset+(PAGE_SIZE-1)) >> PAGE_SHIFT;
end_index = (endbyte >> PAGE_SHIFT);
- if ((endbyte & ~PAGE_MASK) != ~PAGE_MASK) {
+ /*
+ * The page at end_index will be inclusively discarded according
+ * by invalidate_mapping_pages(), so subtracting 1 from
+ * end_index means we will skip the last page. But if endbyte
+ * is page aligned or is at the end of file, we should not skip
+ * that page - discarding the last page is safe enough.
+ */
+ if ((endbyte & ~PAGE_MASK) != ~PAGE_MASK &&
+ endbyte != inode->i_size - 1) {
/* First page is tricky as 0 - 1 = -1, but pgoff_t
* is unsigned, so the end_index >= start_index
* check below would be true and we'll discard the whole
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 075/329] openvswitch: Remove padding from packet before L3+ conntrack processing
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 074/329] mm/fadvise: discard partial page if endbyte is also EOF Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 076/329] IB/ipoib: Fix for potential no-carrier state Greg Kroah-Hartman
` (241 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ed Swierk, Pravin B Shelar,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ed Swierk <eswierk@skyportsystems.com>
[ Upstream commit 9382fe71c0058465e942a633869629929102843d ]
IPv4 and IPv6 packets may arrive with lower-layer padding that is not
included in the L3 length. For example, a short IPv4 packet may have
up to 6 bytes of padding following the IP payload when received on an
Ethernet device with a minimum packet length of 64 bytes.
Higher-layer processing functions in netfilter (e.g. nf_ip_checksum(),
and help() in nf_conntrack_ftp) assume skb->len reflects the length of
the L3 header and payload, rather than referring back to
ip_hdr->tot_len or ipv6_hdr->payload_len, and get confused by
lower-layer padding.
In the normal IPv4 receive path, ip_rcv() trims the packet to
ip_hdr->tot_len before invoking netfilter hooks. In the IPv6 receive
path, ip6_rcv() does the same using ipv6_hdr->payload_len. Similarly
in the br_netfilter receive path, br_validate_ipv4() and
br_validate_ipv6() trim the packet to the L3 length before invoking
netfilter hooks.
Currently in the OVS conntrack receive path, ovs_ct_execute() pulls
the skb to the L3 header but does not trim it to the L3 length before
calling nf_conntrack_in(NF_INET_PRE_ROUTING). When
nf_conntrack_proto_tcp encounters a packet with lower-layer padding,
nf_ip_checksum() fails causing a "nf_ct_tcp: bad TCP checksum" log
message. While extra zero bytes don't affect the checksum, the length
in the IP pseudoheader does. That length is based on skb->len, and
without trimming, it doesn't match the length the sender used when
computing the checksum.
In ovs_ct_execute(), trim the skb to the L3 length before higher-layer
processing.
Signed-off-by: Ed Swierk <eswierk@skyportsystems.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/openvswitch/conntrack.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -906,6 +906,36 @@ static int ovs_ct_commit(struct net *net
return 0;
}
+/* Trim the skb to the length specified by the IP/IPv6 header,
+ * removing any trailing lower-layer padding. This prepares the skb
+ * for higher-layer processing that assumes skb->len excludes padding
+ * (such as nf_ip_checksum). The caller needs to pull the skb to the
+ * network header, and ensure ip_hdr/ipv6_hdr points to valid data.
+ */
+static int ovs_skb_network_trim(struct sk_buff *skb)
+{
+ unsigned int len;
+ int err;
+
+ switch (skb->protocol) {
+ case htons(ETH_P_IP):
+ len = ntohs(ip_hdr(skb)->tot_len);
+ break;
+ case htons(ETH_P_IPV6):
+ len = sizeof(struct ipv6hdr)
+ + ntohs(ipv6_hdr(skb)->payload_len);
+ break;
+ default:
+ len = skb->len;
+ }
+
+ err = pskb_trim_rcsum(skb, len);
+ if (err)
+ kfree_skb(skb);
+
+ return err;
+}
+
/* Returns 0 on success, -EINPROGRESS if 'skb' is stolen, or other nonzero
* value if 'skb' is freed.
*/
@@ -920,6 +950,10 @@ int ovs_ct_execute(struct net *net, stru
nh_ofs = skb_network_offset(skb);
skb_pull_rcsum(skb, nh_ofs);
+ err = ovs_skb_network_trim(skb);
+ if (err)
+ return err;
+
if (key->ip.frag != OVS_FRAG_TYPE_NONE) {
err = handle_fragments(net, key, info->zone.id, skb);
if (err)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 076/329] IB/ipoib: Fix for potential no-carrier state
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 075/329] openvswitch: Remove padding from packet before L3+ conntrack processing Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 077/329] drm/nouveau/pmu/fuc: dont use movw directly anymore Greg Kroah-Hartman
` (240 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Ira Weiny,
Alex Estrin, Dennis Dalessandro, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Estrin <alex.estrin@intel.com>
[ Upstream commit 1029361084d18cc270f64dfd39529fafa10cfe01 ]
On reboot SM can program port pkey table before ipoib registered its
event handler, which could result in missing pkey event and leave root
interface with initial pkey value from index 0.
Since OPA port starts with invalid pkey in index 0, root interface will
fail to initialize and stay down with no-carrier flag.
For IB ipoib interface may end up with pkey different from value
opensm put in pkey table idx 0, resulting in connectivity issues
(different mcast groups, for example).
Close the window by calling event handler after registration
to make sure ipoib pkey is in sync with port pkey table.
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Alex Estrin <alex.estrin@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -2119,6 +2119,9 @@ static struct net_device *ipoib_add_port
goto event_failed;
}
+ /* call event handler to ensure pkey in sync */
+ queue_work(ipoib_workqueue, &priv->flush_heavy);
+
result = register_netdev(priv->dev);
if (result) {
printk(KERN_WARNING "%s: couldn't register ipoib port %d; error %d\n",
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 077/329] drm/nouveau/pmu/fuc: dont use movw directly anymore
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 076/329] IB/ipoib: Fix for potential no-carrier state Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 078/329] netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Greg Kroah-Hartman
` (239 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Karol Herbst, Ben Skeggs, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karol Herbst <kherbst@redhat.com>
[ Upstream commit fe9748b7b41cee11f8db57fb8b20bc540a33102a ]
Fixes failure to compile with recent envyas as a result of the 'movw'
alias being removed for v5.
A bit of history:
v3 only has a 16-bit sign-extended immediate mov op. In order to set
the high bits, there's a separate 'sethi' op. envyas validates that
the value passed to mov(imm) is between -0x8000 and 0x7fff. In order
to simplify macros that load both the low and high word, a 'movw'
alias was added which takes an unsigned 16-bit immediate. However the
actual hardware op still sign extends.
v5 has a full 32-bit immediate mov op. The v3 16-bit immediate mov op
is gone (loads 0 into the dst reg). However due to a bug in envyas,
the movw alias still existed, and selected the no-longer-present v3
16-bit immediate mov op. As a result usage of movw on v5 is the same
as mov with a 0x0 argument.
The proper fix throughout is to only ever use the 'movw' alias in
combination with 'sethi'. Anything else should get the sign-extended
validation to ensure that the intended value ends up in the
destination register.
Changes in fuc3 binaries is the result of a different encoding being
selected for a mov with an 8-bit value.
v2: added commit message written by Ilia, thanks for that!
v3: messed up rebasing, now it should apply
Signed-off-by: Karol Herbst <kherbst@redhat.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++------
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 +++++------
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 +++++++--------
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30
4 files changed, 1292 insertions(+), 1292 deletions(-)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h
@@ -46,8 +46,8 @@ uint32_t gf100_pmu_data[] = {
0x00000000,
0x00000000,
0x584d454d,
- 0x00000756,
- 0x00000748,
+ 0x00000754,
+ 0x00000746,
0x00000000,
0x00000000,
0x00000000,
@@ -68,8 +68,8 @@ uint32_t gf100_pmu_data[] = {
0x00000000,
0x00000000,
0x46524550,
- 0x0000075a,
0x00000758,
+ 0x00000756,
0x00000000,
0x00000000,
0x00000000,
@@ -90,8 +90,8 @@ uint32_t gf100_pmu_data[] = {
0x00000000,
0x00000000,
0x5f433249,
- 0x00000b8a,
- 0x00000a2d,
+ 0x00000b88,
+ 0x00000a2b,
0x00000000,
0x00000000,
0x00000000,
@@ -112,8 +112,8 @@ uint32_t gf100_pmu_data[] = {
0x00000000,
0x00000000,
0x54534554,
- 0x00000bb3,
- 0x00000b8c,
+ 0x00000bb1,
+ 0x00000b8a,
0x00000000,
0x00000000,
0x00000000,
@@ -134,8 +134,8 @@ uint32_t gf100_pmu_data[] = {
0x00000000,
0x00000000,
0x454c4449,
- 0x00000bbf,
0x00000bbd,
+ 0x00000bbb,
0x00000000,
0x00000000,
0x00000000,
@@ -236,19 +236,19 @@ uint32_t gf100_pmu_data[] = {
0x000005d3,
0x00000003,
0x00000002,
- 0x0000069d,
+ 0x0000069b,
0x00040004,
0x00000000,
- 0x000006b9,
+ 0x000006b7,
0x00010005,
0x00000000,
- 0x000006d6,
+ 0x000006d4,
0x00010006,
0x00000000,
0x0000065b,
0x00000007,
0x00000000,
- 0x000006e1,
+ 0x000006df,
/* 0x03c4: memx_func_tail */
/* 0x03c4: memx_ts_start */
0x00000000,
@@ -1372,432 +1372,432 @@ uint32_t gf100_pmu_code[] = {
/* 0x065b: memx_func_wait_vblank */
0x9800f840,
0x66b00016,
- 0x130bf400,
+ 0x120bf400,
0xf40166b0,
0x0ef4060b,
/* 0x066d: memx_func_wait_vblank_head1 */
- 0x2077f12e,
- 0x070ef400,
-/* 0x0674: memx_func_wait_vblank_head0 */
- 0x000877f1,
-/* 0x0678: memx_func_wait_vblank_0 */
- 0x07c467f1,
- 0xcf0664b6,
- 0x67fd0066,
- 0xf31bf404,
-/* 0x0688: memx_func_wait_vblank_1 */
- 0x07c467f1,
- 0xcf0664b6,
- 0x67fd0066,
- 0xf30bf404,
-/* 0x0698: memx_func_wait_vblank_fini */
- 0xf80410b6,
-/* 0x069d: memx_func_wr32 */
- 0x00169800,
- 0xb6011598,
- 0x60f90810,
- 0xd0fc50f9,
- 0x21f4e0fc,
- 0x0242b640,
- 0xf8e91bf4,
-/* 0x06b9: memx_func_wait */
- 0x2c87f000,
- 0xcf0684b6,
- 0x1e980088,
- 0x011d9800,
- 0x98021c98,
- 0x10b6031b,
- 0xa321f410,
-/* 0x06d6: memx_func_delay */
- 0x1e9800f8,
- 0x0410b600,
- 0xf87e21f4,
-/* 0x06e1: memx_func_train */
-/* 0x06e3: memx_exec */
- 0xf900f800,
- 0xb9d0f9e0,
- 0xb2b902c1,
-/* 0x06ed: memx_exec_next */
- 0x00139802,
- 0xe70410b6,
- 0xe701f034,
- 0xb601e033,
- 0x30f00132,
- 0xde35980c,
- 0x12b855f9,
- 0xe41ef406,
- 0x98f10b98,
- 0xcbbbf20c,
- 0xc4b7f102,
- 0x06b4b607,
- 0xfc00bbcf,
- 0xf5e0fcd0,
- 0xf8033621,
-/* 0x0729: memx_info */
- 0x01c67000,
-/* 0x072f: memx_info_data */
- 0xf10e0bf4,
- 0xf103ccc7,
- 0xf40800b7,
-/* 0x073a: memx_info_train */
- 0xc7f10b0e,
- 0xb7f10bcc,
-/* 0x0742: memx_info_send */
- 0x21f50100,
- 0x00f80336,
-/* 0x0748: memx_recv */
- 0xf401d6b0,
- 0xd6b0980b,
- 0xd80bf400,
-/* 0x0756: memx_init */
- 0x00f800f8,
-/* 0x0758: perf_recv */
-/* 0x075a: perf_init */
+ 0x2077f02c,
+/* 0x0673: memx_func_wait_vblank_head0 */
+ 0xf0060ef4,
+/* 0x0676: memx_func_wait_vblank_0 */
+ 0x67f10877,
+ 0x64b607c4,
+ 0x0066cf06,
+ 0xf40467fd,
+/* 0x0686: memx_func_wait_vblank_1 */
+ 0x67f1f31b,
+ 0x64b607c4,
+ 0x0066cf06,
+ 0xf40467fd,
+/* 0x0696: memx_func_wait_vblank_fini */
+ 0x10b6f30b,
+/* 0x069b: memx_func_wr32 */
+ 0x9800f804,
+ 0x15980016,
+ 0x0810b601,
+ 0x50f960f9,
+ 0xe0fcd0fc,
+ 0xb64021f4,
+ 0x1bf40242,
+/* 0x06b7: memx_func_wait */
+ 0xf000f8e9,
+ 0x84b62c87,
+ 0x0088cf06,
+ 0x98001e98,
+ 0x1c98011d,
+ 0x031b9802,
+ 0xf41010b6,
+ 0x00f8a321,
+/* 0x06d4: memx_func_delay */
+ 0xb6001e98,
+ 0x21f40410,
+/* 0x06df: memx_func_train */
+ 0xf800f87e,
+/* 0x06e1: memx_exec */
+ 0xf9e0f900,
+ 0x02c1b9d0,
+/* 0x06eb: memx_exec_next */
+ 0x9802b2b9,
+ 0x10b60013,
+ 0xf034e704,
+ 0xe033e701,
+ 0x0132b601,
+ 0x980c30f0,
+ 0x55f9de35,
+ 0xf40612b8,
+ 0x0b98e41e,
+ 0xf20c98f1,
+ 0xf102cbbb,
+ 0xb607c4b7,
+ 0xbbcf06b4,
+ 0xfcd0fc00,
+ 0x3621f5e0,
+/* 0x0727: memx_info */
+ 0x7000f803,
+ 0x0bf401c6,
+/* 0x072d: memx_info_data */
+ 0xccc7f10e,
+ 0x00b7f103,
+ 0x0b0ef408,
+/* 0x0738: memx_info_train */
+ 0x0bccc7f1,
+ 0x0100b7f1,
+/* 0x0740: memx_info_send */
+ 0x033621f5,
+/* 0x0746: memx_recv */
+ 0xd6b000f8,
+ 0x980bf401,
+ 0xf400d6b0,
+ 0x00f8d80b,
+/* 0x0754: memx_init */
+/* 0x0756: perf_recv */
0x00f800f8,
-/* 0x075c: i2c_drive_scl */
- 0xf40036b0,
- 0x07f1110b,
- 0x04b607e0,
- 0x0001d006,
- 0x00f804bd,
-/* 0x0770: i2c_drive_scl_lo */
- 0x07e407f1,
- 0xd00604b6,
- 0x04bd0001,
-/* 0x077e: i2c_drive_sda */
+/* 0x0758: perf_init */
+/* 0x075a: i2c_drive_scl */
0x36b000f8,
0x110bf400,
0x07e007f1,
0xd00604b6,
- 0x04bd0002,
-/* 0x0792: i2c_drive_sda_lo */
+ 0x04bd0001,
+/* 0x076e: i2c_drive_scl_lo */
0x07f100f8,
0x04b607e4,
+ 0x0001d006,
+ 0x00f804bd,
+/* 0x077c: i2c_drive_sda */
+ 0xf40036b0,
+ 0x07f1110b,
+ 0x04b607e0,
0x0002d006,
0x00f804bd,
-/* 0x07a0: i2c_sense_scl */
- 0xf10132f4,
- 0xb607c437,
- 0x33cf0634,
- 0x0431fd00,
- 0xf4060bf4,
-/* 0x07b6: i2c_sense_scl_done */
- 0x00f80131,
-/* 0x07b8: i2c_sense_sda */
- 0xf10132f4,
- 0xb607c437,
- 0x33cf0634,
- 0x0432fd00,
- 0xf4060bf4,
-/* 0x07ce: i2c_sense_sda_done */
- 0x00f80131,
-/* 0x07d0: i2c_raise_scl */
- 0x47f140f9,
- 0x37f00898,
- 0x5c21f501,
-/* 0x07dd: i2c_raise_scl_wait */
- 0xe8e7f107,
- 0x7e21f403,
- 0x07a021f5,
- 0xb60901f4,
- 0x1bf40142,
-/* 0x07f1: i2c_raise_scl_done */
- 0xf840fcef,
-/* 0x07f5: i2c_start */
- 0xa021f500,
- 0x0d11f407,
- 0x07b821f5,
- 0xf40611f4,
-/* 0x0806: i2c_start_rep */
- 0x37f0300e,
- 0x5c21f500,
- 0x0137f007,
- 0x077e21f5,
- 0xb60076bb,
- 0x50f90465,
- 0xbb046594,
- 0x50bd0256,
- 0xfc0475fd,
- 0xd021f550,
- 0x0464b607,
-/* 0x0833: i2c_start_send */
- 0xf01f11f4,
+/* 0x0790: i2c_drive_sda_lo */
+ 0x07e407f1,
+ 0xd00604b6,
+ 0x04bd0002,
+/* 0x079e: i2c_sense_scl */
+ 0x32f400f8,
+ 0xc437f101,
+ 0x0634b607,
+ 0xfd0033cf,
+ 0x0bf40431,
+ 0x0131f406,
+/* 0x07b4: i2c_sense_scl_done */
+/* 0x07b6: i2c_sense_sda */
+ 0x32f400f8,
+ 0xc437f101,
+ 0x0634b607,
+ 0xfd0033cf,
+ 0x0bf40432,
+ 0x0131f406,
+/* 0x07cc: i2c_sense_sda_done */
+/* 0x07ce: i2c_raise_scl */
+ 0x40f900f8,
+ 0x089847f1,
+ 0xf50137f0,
+/* 0x07db: i2c_raise_scl_wait */
+ 0xf1075a21,
+ 0xf403e8e7,
+ 0x21f57e21,
+ 0x01f4079e,
+ 0x0142b609,
+/* 0x07ef: i2c_raise_scl_done */
+ 0xfcef1bf4,
+/* 0x07f3: i2c_start */
+ 0xf500f840,
+ 0xf4079e21,
+ 0x21f50d11,
+ 0x11f407b6,
+ 0x300ef406,
+/* 0x0804: i2c_start_rep */
+ 0xf50037f0,
+ 0xf0075a21,
+ 0x21f50137,
+ 0x76bb077c,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0xf550fc04,
+ 0xb607ce21,
+ 0x11f40464,
+/* 0x0831: i2c_start_send */
+ 0x0037f01f,
+ 0x077c21f5,
+ 0x1388e7f1,
+ 0xf07e21f4,
0x21f50037,
- 0xe7f1077e,
+ 0xe7f1075a,
0x21f41388,
- 0x0037f07e,
- 0x075c21f5,
- 0x1388e7f1,
-/* 0x084f: i2c_start_out */
- 0xf87e21f4,
-/* 0x0851: i2c_stop */
- 0x0037f000,
- 0x075c21f5,
- 0xf50037f0,
- 0xf1077e21,
- 0xf403e8e7,
- 0x37f07e21,
- 0x5c21f501,
- 0x88e7f107,
- 0x7e21f413,
+/* 0x084d: i2c_start_out */
+/* 0x084f: i2c_stop */
+ 0xf000f87e,
+ 0x21f50037,
+ 0x37f0075a,
+ 0x7c21f500,
+ 0xe8e7f107,
+ 0x7e21f403,
0xf50137f0,
- 0xf1077e21,
+ 0xf1075a21,
0xf41388e7,
- 0x00f87e21,
-/* 0x0884: i2c_bitw */
- 0x077e21f5,
- 0x03e8e7f1,
- 0xbb7e21f4,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x07d021f5,
- 0xf40464b6,
- 0xe7f11811,
- 0x21f41388,
- 0x0037f07e,
- 0x075c21f5,
- 0x1388e7f1,
-/* 0x08c3: i2c_bitw_out */
- 0xf87e21f4,
-/* 0x08c5: i2c_bitr */
- 0x0137f000,
- 0x077e21f5,
- 0x03e8e7f1,
- 0xbb7e21f4,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x07d021f5,
- 0xf40464b6,
- 0x21f51b11,
- 0x37f007b8,
- 0x5c21f500,
+ 0x37f07e21,
+ 0x7c21f501,
0x88e7f107,
0x7e21f413,
- 0xf4013cf0,
-/* 0x090a: i2c_bitr_done */
- 0x00f80131,
-/* 0x090c: i2c_get_byte */
- 0xf00057f0,
-/* 0x0912: i2c_get_byte_next */
- 0x54b60847,
- 0x0076bb01,
+/* 0x0882: i2c_bitw */
+ 0x21f500f8,
+ 0xe7f1077c,
+ 0x21f403e8,
+ 0x0076bb7e,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
0x21f550fc,
- 0x64b608c5,
- 0x2b11f404,
- 0xb60553fd,
- 0x1bf40142,
- 0x0137f0d8,
- 0xb60076bb,
- 0x50f90465,
- 0xbb046594,
- 0x50bd0256,
- 0xfc0475fd,
- 0x8421f550,
- 0x0464b608,
-/* 0x095c: i2c_get_byte_done */
-/* 0x095e: i2c_put_byte */
- 0x47f000f8,
-/* 0x0961: i2c_put_byte_next */
- 0x0142b608,
- 0xbb3854ff,
+ 0x64b607ce,
+ 0x1811f404,
+ 0x1388e7f1,
+ 0xf07e21f4,
+ 0x21f50037,
+ 0xe7f1075a,
+ 0x21f41388,
+/* 0x08c1: i2c_bitw_out */
+/* 0x08c3: i2c_bitr */
+ 0xf000f87e,
+ 0x21f50137,
+ 0xe7f1077c,
+ 0x21f403e8,
+ 0x0076bb7e,
+ 0xf90465b6,
+ 0x04659450,
+ 0xbd0256bb,
+ 0x0475fd50,
+ 0x21f550fc,
+ 0x64b607ce,
+ 0x1b11f404,
+ 0x07b621f5,
+ 0xf50037f0,
+ 0xf1075a21,
+ 0xf41388e7,
+ 0x3cf07e21,
+ 0x0131f401,
+/* 0x0908: i2c_bitr_done */
+/* 0x090a: i2c_get_byte */
+ 0x57f000f8,
+ 0x0847f000,
+/* 0x0910: i2c_get_byte_next */
+ 0xbb0154b6,
0x65b60076,
0x9450f904,
0x56bb0465,
0xfd50bd02,
0x50fc0475,
- 0x088421f5,
+ 0x08c321f5,
0xf40464b6,
- 0x46b03411,
- 0xd81bf400,
- 0xb60076bb,
- 0x50f90465,
- 0xbb046594,
- 0x50bd0256,
- 0xfc0475fd,
- 0xc521f550,
- 0x0464b608,
- 0xbb0f11f4,
- 0x36b00076,
- 0x061bf401,
-/* 0x09b7: i2c_put_byte_done */
- 0xf80132f4,
-/* 0x09b9: i2c_addr */
- 0x0076bb00,
+ 0x53fd2b11,
+ 0x0142b605,
+ 0xf0d81bf4,
+ 0x76bb0137,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0xf550fc04,
+ 0xb6088221,
+/* 0x095a: i2c_get_byte_done */
+ 0x00f80464,
+/* 0x095c: i2c_put_byte */
+/* 0x095f: i2c_put_byte_next */
+ 0xb60847f0,
+ 0x54ff0142,
+ 0x0076bb38,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
0x21f550fc,
- 0x64b607f5,
- 0x2911f404,
- 0x012ec3e7,
- 0xfd0134b6,
- 0x76bb0553,
+ 0x64b60882,
+ 0x3411f404,
+ 0xf40046b0,
+ 0x76bbd81b,
0x0465b600,
0x659450f9,
0x0256bb04,
0x75fd50bd,
0xf550fc04,
- 0xb6095e21,
-/* 0x09fe: i2c_addr_done */
- 0x00f80464,
-/* 0x0a00: i2c_acquire_addr */
- 0xb6f8cec7,
- 0xe0b702e4,
- 0xee980d1c,
-/* 0x0a0f: i2c_acquire */
- 0xf500f800,
- 0xf40a0021,
- 0xd9f00421,
- 0x4021f403,
-/* 0x0a1e: i2c_release */
- 0x21f500f8,
- 0x21f40a00,
- 0x03daf004,
- 0xf84021f4,
-/* 0x0a2d: i2c_recv */
- 0x0132f400,
- 0xb6f8c1c7,
- 0x16b00214,
- 0x3a1ff528,
- 0xf413a001,
- 0x0032980c,
- 0x0ccc13a0,
- 0xf4003198,
- 0xd0f90231,
- 0xd0f9e0f9,
- 0x000067f1,
- 0x100063f1,
- 0xbb016792,
+ 0xb608c321,
+ 0x11f40464,
+ 0x0076bb0f,
+ 0xf40136b0,
+ 0x32f4061b,
+/* 0x09b5: i2c_put_byte_done */
+/* 0x09b7: i2c_addr */
+ 0xbb00f801,
0x65b60076,
0x9450f904,
0x56bb0465,
0xfd50bd02,
0x50fc0475,
- 0x0a0f21f5,
- 0xfc0464b6,
- 0x00d6b0d0,
- 0x00b31bf5,
- 0xbb0057f0,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x09b921f5,
- 0xf50464b6,
- 0xc700d011,
- 0x76bbe0c5,
- 0x0465b600,
- 0x659450f9,
- 0x0256bb04,
- 0x75fd50bd,
- 0xf550fc04,
- 0xb6095e21,
- 0x11f50464,
- 0x57f000ad,
+ 0x07f321f5,
+ 0xf40464b6,
+ 0xc3e72911,
+ 0x34b6012e,
+ 0x0553fd01,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x5c21f550,
+ 0x0464b609,
+/* 0x09fc: i2c_addr_done */
+/* 0x09fe: i2c_acquire_addr */
+ 0xcec700f8,
+ 0x02e4b6f8,
+ 0x0d1ce0b7,
+ 0xf800ee98,
+/* 0x0a0d: i2c_acquire */
+ 0xfe21f500,
+ 0x0421f409,
+ 0xf403d9f0,
+ 0x00f84021,
+/* 0x0a1c: i2c_release */
+ 0x09fe21f5,
+ 0xf00421f4,
+ 0x21f403da,
+/* 0x0a2b: i2c_recv */
+ 0xf400f840,
+ 0xc1c70132,
+ 0x0214b6f8,
+ 0xf52816b0,
+ 0xa0013a1f,
+ 0x980cf413,
+ 0x13a00032,
+ 0x31980ccc,
+ 0x0231f400,
+ 0xe0f9d0f9,
+ 0x67f1d0f9,
+ 0x63f10000,
+ 0x67921000,
0x0076bb01,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
0x21f550fc,
- 0x64b609b9,
- 0x8a11f504,
+ 0x64b60a0d,
+ 0xb0d0fc04,
+ 0x1bf500d6,
+ 0x57f000b3,
0x0076bb00,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
0x21f550fc,
- 0x64b6090c,
- 0x6a11f404,
- 0xbbe05bcb,
+ 0x64b609b7,
+ 0xd011f504,
+ 0xe0c5c700,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x5c21f550,
+ 0x0464b609,
+ 0x00ad11f5,
+ 0xbb0157f0,
0x65b60076,
0x9450f904,
0x56bb0465,
0xfd50bd02,
0x50fc0475,
- 0x085121f5,
- 0xb90464b6,
- 0x74bd025b,
-/* 0x0b33: i2c_recv_not_rd08 */
- 0xb0430ef4,
- 0x1bf401d6,
- 0x0057f03d,
- 0x09b921f5,
- 0xc73311f4,
- 0x21f5e0c5,
- 0x11f4095e,
- 0x0057f029,
- 0x09b921f5,
- 0xc71f11f4,
- 0x21f5e0b5,
- 0x11f4095e,
- 0x5121f515,
- 0xc774bd08,
- 0x1bf408c5,
- 0x0232f409,
-/* 0x0b73: i2c_recv_not_wr08 */
-/* 0x0b73: i2c_recv_done */
- 0xc7030ef4,
- 0x21f5f8ce,
- 0xe0fc0a1e,
- 0x12f4d0fc,
- 0x027cb90a,
- 0x033621f5,
-/* 0x0b88: i2c_recv_exit */
-/* 0x0b8a: i2c_init */
- 0x00f800f8,
-/* 0x0b8c: test_recv */
- 0x05d817f1,
+ 0x09b721f5,
+ 0xf50464b6,
+ 0xbb008a11,
+ 0x65b60076,
+ 0x9450f904,
+ 0x56bb0465,
+ 0xfd50bd02,
+ 0x50fc0475,
+ 0x090a21f5,
+ 0xf40464b6,
+ 0x5bcb6a11,
+ 0x0076bbe0,
+ 0xf90465b6,
+ 0x04659450,
+ 0xbd0256bb,
+ 0x0475fd50,
+ 0x21f550fc,
+ 0x64b6084f,
+ 0x025bb904,
+ 0x0ef474bd,
+/* 0x0b31: i2c_recv_not_rd08 */
+ 0x01d6b043,
+ 0xf03d1bf4,
+ 0x21f50057,
+ 0x11f409b7,
+ 0xe0c5c733,
+ 0x095c21f5,
+ 0xf02911f4,
+ 0x21f50057,
+ 0x11f409b7,
+ 0xe0b5c71f,
+ 0x095c21f5,
+ 0xf51511f4,
+ 0xbd084f21,
+ 0x08c5c774,
+ 0xf4091bf4,
+ 0x0ef40232,
+/* 0x0b71: i2c_recv_not_wr08 */
+/* 0x0b71: i2c_recv_done */
+ 0xf8cec703,
+ 0x0a1c21f5,
+ 0xd0fce0fc,
+ 0xb90a12f4,
+ 0x21f5027c,
+/* 0x0b86: i2c_recv_exit */
+ 0x00f80336,
+/* 0x0b88: i2c_init */
+/* 0x0b8a: test_recv */
+ 0x17f100f8,
+ 0x14b605d8,
+ 0x0011cf06,
+ 0xf10110b6,
+ 0xb605d807,
+ 0x01d00604,
+ 0xf104bd00,
+ 0xf1d900e7,
+ 0xf5134fe3,
+ 0xf8025621,
+/* 0x0bb1: test_init */
+ 0x00e7f100,
+ 0x5621f508,
+/* 0x0bbb: idle_recv */
+ 0xf800f802,
+/* 0x0bbd: idle */
+ 0x0031f400,
+ 0x05d417f1,
0xcf0614b6,
0x10b60011,
- 0xd807f101,
+ 0xd407f101,
0x0604b605,
0xbd0001d0,
- 0x00e7f104,
- 0x4fe3f1d9,
- 0x5621f513,
-/* 0x0bb3: test_init */
- 0xf100f802,
- 0xf50800e7,
- 0xf8025621,
-/* 0x0bbd: idle_recv */
-/* 0x0bbf: idle */
- 0xf400f800,
- 0x17f10031,
- 0x14b605d4,
- 0x0011cf06,
- 0xf10110b6,
- 0xb605d407,
- 0x01d00604,
-/* 0x0bdb: idle_loop */
- 0xf004bd00,
- 0x32f45817,
-/* 0x0be1: idle_proc */
-/* 0x0be1: idle_proc_exec */
- 0xb910f902,
- 0x21f5021e,
- 0x10fc033f,
- 0xf40911f4,
- 0x0ef40231,
-/* 0x0bf5: idle_proc_next */
- 0x5810b6ef,
- 0xf4061fb8,
- 0x02f4e61b,
- 0x0028f4dd,
- 0x00bb0ef4,
+/* 0x0bd9: idle_loop */
+ 0x5817f004,
+/* 0x0bdf: idle_proc */
+/* 0x0bdf: idle_proc_exec */
+ 0xf90232f4,
+ 0x021eb910,
+ 0x033f21f5,
+ 0x11f410fc,
+ 0x0231f409,
+/* 0x0bf3: idle_proc_next */
+ 0xb6ef0ef4,
+ 0x1fb85810,
+ 0xe61bf406,
+ 0xf4dd02f4,
+ 0x0ef40028,
+ 0x000000bb,
0x00000000,
0x00000000,
0x00000000,
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h
@@ -46,8 +46,8 @@ uint32_t gk208_pmu_data[] = {
0x00000000,
0x00000000,
0x584d454d,
- 0x000005f3,
- 0x000005e5,
+ 0x000005ee,
+ 0x000005e0,
0x00000000,
0x00000000,
0x00000000,
@@ -68,8 +68,8 @@ uint32_t gk208_pmu_data[] = {
0x00000000,
0x00000000,
0x46524550,
- 0x000005f7,
- 0x000005f5,
+ 0x000005f2,
+ 0x000005f0,
0x00000000,
0x00000000,
0x00000000,
@@ -90,8 +90,8 @@ uint32_t gk208_pmu_data[] = {
0x00000000,
0x00000000,
0x5f433249,
- 0x000009f8,
- 0x000008a2,
+ 0x000009f3,
+ 0x0000089d,
0x00000000,
0x00000000,
0x00000000,
@@ -112,8 +112,8 @@ uint32_t gk208_pmu_data[] = {
0x00000000,
0x00000000,
0x54534554,
- 0x00000a16,
- 0x000009fa,
+ 0x00000a11,
+ 0x000009f5,
0x00000000,
0x00000000,
0x00000000,
@@ -134,8 +134,8 @@ uint32_t gk208_pmu_data[] = {
0x00000000,
0x00000000,
0x454c4449,
- 0x00000a21,
- 0x00000a1f,
+ 0x00000a1c,
+ 0x00000a1a,
0x00000000,
0x00000000,
0x00000000,
@@ -233,22 +233,22 @@ uint32_t gk208_pmu_data[] = {
/* 0x037c: memx_func_next */
0x00000002,
0x00000000,
- 0x000004cf,
+ 0x000004cc,
0x00000003,
0x00000002,
- 0x00000546,
+ 0x00000541,
0x00040004,
0x00000000,
- 0x00000563,
+ 0x0000055e,
0x00010005,
0x00000000,
- 0x0000057d,
+ 0x00000578,
0x00010006,
0x00000000,
- 0x00000541,
+ 0x0000053c,
0x00000007,
0x00000000,
- 0x00000589,
+ 0x00000584,
/* 0x03c4: memx_func_tail */
/* 0x03c4: memx_ts_start */
0x00000000,
@@ -1238,454 +1238,454 @@ uint32_t gk208_pmu_code[] = {
0x0001f604,
0x00f804bd,
/* 0x045c: memx_func_enter */
- 0x162067f1,
- 0xf55d77f1,
- 0x047e6eb2,
- 0xd8b20000,
- 0xf90487fd,
- 0xfc80f960,
- 0x7ee0fcd0,
- 0x0700002d,
- 0x7e6eb2fe,
+ 0x47162046,
+ 0x6eb2f55d,
+ 0x0000047e,
+ 0x87fdd8b2,
+ 0xf960f904,
+ 0xfcd0fc80,
+ 0x002d7ee0,
+ 0xb2fe0700,
+ 0x00047e6e,
+ 0xfdd8b200,
+ 0x60f90487,
+ 0xd0fc80f9,
+ 0x2d7ee0fc,
+ 0xf0460000,
+ 0x7e6eb226,
0xb2000004,
0x0487fdd8,
0x80f960f9,
0xe0fcd0fc,
0x00002d7e,
- 0x26f067f1,
- 0x047e6eb2,
- 0xd8b20000,
- 0xf90487fd,
- 0xfc80f960,
- 0x7ee0fcd0,
- 0x0600002d,
- 0x07e04004,
- 0xbd0006f6,
-/* 0x04b9: memx_func_enter_wait */
- 0x07c04604,
- 0xf00066cf,
- 0x0bf40464,
- 0xcf2c06f7,
- 0x06b50066,
-/* 0x04cf: memx_func_leave */
- 0x0600f8f1,
- 0x0066cf2c,
- 0x06f206b5,
- 0x07e44004,
- 0xbd0006f6,
-/* 0x04e1: memx_func_leave_wait */
- 0x07c04604,
- 0xf00066cf,
- 0x1bf40464,
- 0xf067f1f7,
+ 0xe0400406,
+ 0x0006f607,
+/* 0x04b6: memx_func_enter_wait */
+ 0xc04604bd,
+ 0x0066cf07,
+ 0xf40464f0,
+ 0x2c06f70b,
+ 0xb50066cf,
+ 0x00f8f106,
+/* 0x04cc: memx_func_leave */
+ 0x66cf2c06,
+ 0xf206b500,
+ 0xe4400406,
+ 0x0006f607,
+/* 0x04de: memx_func_leave_wait */
+ 0xc04604bd,
+ 0x0066cf07,
+ 0xf40464f0,
+ 0xf046f71b,
0xb2010726,
0x00047e6e,
0xfdd8b200,
0x60f90587,
0xd0fc80f9,
0x2d7ee0fc,
- 0x67f10000,
- 0x6eb21620,
- 0x0000047e,
- 0x87fdd8b2,
- 0xf960f905,
- 0xfcd0fc80,
- 0x002d7ee0,
- 0x0aa24700,
- 0x047e6eb2,
- 0xd8b20000,
- 0xf90587fd,
- 0xfc80f960,
- 0x7ee0fcd0,
- 0xf800002d,
-/* 0x0541: memx_func_wait_vblank */
+ 0x20460000,
+ 0x7e6eb216,
+ 0xb2000004,
+ 0x0587fdd8,
+ 0x80f960f9,
+ 0xe0fcd0fc,
+ 0x00002d7e,
+ 0xb20aa247,
+ 0x00047e6e,
+ 0xfdd8b200,
+ 0x60f90587,
+ 0xd0fc80f9,
+ 0x2d7ee0fc,
+ 0x00f80000,
+/* 0x053c: memx_func_wait_vblank */
+ 0xf80410b6,
+/* 0x0541: memx_func_wr32 */
+ 0x00169800,
+ 0xb6011598,
+ 0x60f90810,
+ 0xd0fc50f9,
+ 0x2d7ee0fc,
+ 0x42b60000,
+ 0xe81bf402,
+/* 0x055e: memx_func_wait */
+ 0x2c0800f8,
+ 0x980088cf,
+ 0x1d98001e,
+ 0x021c9801,
+ 0xb6031b98,
+ 0x747e1010,
+ 0x00f80000,
+/* 0x0578: memx_func_delay */
+ 0xb6001e98,
+ 0x587e0410,
+ 0x00f80000,
+/* 0x0584: memx_func_train */
+/* 0x0586: memx_exec */
+ 0xe0f900f8,
+ 0xc1b2d0f9,
+/* 0x058e: memx_exec_next */
+ 0x1398b2b2,
0x0410b600,
-/* 0x0546: memx_func_wr32 */
- 0x169800f8,
- 0x01159800,
- 0xf90810b6,
- 0xfc50f960,
+ 0x01f034e7,
+ 0x01e033e7,
+ 0xf00132b6,
+ 0x35980c30,
+ 0xa655f9de,
+ 0xe51ef412,
+ 0x98f10b98,
+ 0xcbbbf20c,
+ 0x07c44b02,
+ 0xfc00bbcf,
0x7ee0fcd0,
- 0xb600002d,
- 0x1bf40242,
-/* 0x0563: memx_func_wait */
- 0x0800f8e8,
- 0x0088cf2c,
- 0x98001e98,
- 0x1c98011d,
- 0x031b9802,
- 0x7e1010b6,
- 0xf8000074,
-/* 0x057d: memx_func_delay */
- 0x001e9800,
- 0x7e0410b6,
- 0xf8000058,
-/* 0x0589: memx_func_train */
-/* 0x058b: memx_exec */
- 0xf900f800,
- 0xb2d0f9e0,
-/* 0x0593: memx_exec_next */
- 0x98b2b2c1,
- 0x10b60013,
- 0xf034e704,
- 0xe033e701,
- 0x0132b601,
- 0x980c30f0,
- 0x55f9de35,
- 0x1ef412a6,
- 0xf10b98e5,
- 0xbbf20c98,
- 0xc44b02cb,
- 0x00bbcf07,
- 0xe0fcd0fc,
- 0x00029f7e,
-/* 0x05ca: memx_info */
- 0xc67000f8,
- 0x0c0bf401,
-/* 0x05d0: memx_info_data */
- 0x4b03cc4c,
- 0x0ef40800,
-/* 0x05d9: memx_info_train */
- 0x0bcc4c09,
-/* 0x05df: memx_info_send */
- 0x7e01004b,
0xf800029f,
-/* 0x05e5: memx_recv */
- 0x01d6b000,
- 0xb0a30bf4,
- 0x0bf400d6,
-/* 0x05f3: memx_init */
- 0xf800f8dc,
-/* 0x05f5: perf_recv */
-/* 0x05f7: perf_init */
- 0xf800f800,
-/* 0x05f9: i2c_drive_scl */
- 0x0036b000,
- 0x400d0bf4,
- 0x01f607e0,
- 0xf804bd00,
-/* 0x0609: i2c_drive_scl_lo */
- 0x07e44000,
- 0xbd0001f6,
-/* 0x0613: i2c_drive_sda */
- 0xb000f804,
- 0x0bf40036,
- 0x07e0400d,
- 0xbd0002f6,
-/* 0x0623: i2c_drive_sda_lo */
- 0x4000f804,
- 0x02f607e4,
- 0xf804bd00,
-/* 0x062d: i2c_sense_scl */
- 0x0132f400,
- 0xcf07c443,
- 0x31fd0033,
- 0x060bf404,
-/* 0x063f: i2c_sense_scl_done */
- 0xf80131f4,
-/* 0x0641: i2c_sense_sda */
- 0x0132f400,
- 0xcf07c443,
- 0x32fd0033,
- 0x060bf404,
-/* 0x0653: i2c_sense_sda_done */
- 0xf80131f4,
-/* 0x0655: i2c_raise_scl */
- 0x4440f900,
- 0x01030898,
- 0x0005f97e,
-/* 0x0660: i2c_raise_scl_wait */
- 0x7e03e84e,
- 0x7e000058,
- 0xf400062d,
- 0x42b60901,
- 0xef1bf401,
-/* 0x0674: i2c_raise_scl_done */
- 0x00f840fc,
-/* 0x0678: i2c_start */
- 0x00062d7e,
- 0x7e0d11f4,
- 0xf4000641,
- 0x0ef40611,
-/* 0x0689: i2c_start_rep */
- 0x7e00032e,
- 0x030005f9,
- 0x06137e01,
+/* 0x05c5: memx_info */
+ 0x01c67000,
+/* 0x05cb: memx_info_data */
+ 0x4c0c0bf4,
+ 0x004b03cc,
+ 0x090ef408,
+/* 0x05d4: memx_info_train */
+ 0x4b0bcc4c,
+/* 0x05da: memx_info_send */
+ 0x9f7e0100,
+ 0x00f80002,
+/* 0x05e0: memx_recv */
+ 0xf401d6b0,
+ 0xd6b0a30b,
+ 0xdc0bf400,
+/* 0x05ee: memx_init */
+ 0x00f800f8,
+/* 0x05f0: perf_recv */
+/* 0x05f2: perf_init */
+ 0x00f800f8,
+/* 0x05f4: i2c_drive_scl */
+ 0xf40036b0,
+ 0xe0400d0b,
+ 0x0001f607,
+ 0x00f804bd,
+/* 0x0604: i2c_drive_scl_lo */
+ 0xf607e440,
+ 0x04bd0001,
+/* 0x060e: i2c_drive_sda */
+ 0x36b000f8,
+ 0x0d0bf400,
+ 0xf607e040,
+ 0x04bd0002,
+/* 0x061e: i2c_drive_sda_lo */
+ 0xe44000f8,
+ 0x0002f607,
+ 0x00f804bd,
+/* 0x0628: i2c_sense_scl */
+ 0x430132f4,
+ 0x33cf07c4,
+ 0x0431fd00,
+ 0xf4060bf4,
+/* 0x063a: i2c_sense_scl_done */
+ 0x00f80131,
+/* 0x063c: i2c_sense_sda */
+ 0x430132f4,
+ 0x33cf07c4,
+ 0x0432fd00,
+ 0xf4060bf4,
+/* 0x064e: i2c_sense_sda_done */
+ 0x00f80131,
+/* 0x0650: i2c_raise_scl */
+ 0x984440f9,
+ 0x7e010308,
+/* 0x065b: i2c_raise_scl_wait */
+ 0x4e0005f4,
+ 0x587e03e8,
+ 0x287e0000,
+ 0x01f40006,
+ 0x0142b609,
+/* 0x066f: i2c_raise_scl_done */
+ 0xfcef1bf4,
+/* 0x0673: i2c_start */
+ 0x7e00f840,
+ 0xf4000628,
+ 0x3c7e0d11,
+ 0x11f40006,
+ 0x2e0ef406,
+/* 0x0684: i2c_start_rep */
+ 0xf47e0003,
+ 0x01030005,
+ 0x00060e7e,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x06507e50,
+ 0x0464b600,
+/* 0x06af: i2c_start_send */
+ 0x031d11f4,
+ 0x060e7e00,
+ 0x13884e00,
+ 0x0000587e,
+ 0xf47e0003,
+ 0x884e0005,
+ 0x00587e13,
+/* 0x06c9: i2c_start_out */
+/* 0x06cb: i2c_stop */
+ 0x0300f800,
+ 0x05f47e00,
+ 0x7e000300,
+ 0x4e00060e,
+ 0x587e03e8,
+ 0x01030000,
+ 0x0005f47e,
+ 0x7e13884e,
+ 0x03000058,
+ 0x060e7e01,
+ 0x13884e00,
+ 0x0000587e,
+/* 0x06fa: i2c_bitw */
+ 0x0e7e00f8,
+ 0xe84e0006,
+ 0x00587e03,
0x0076bb00,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
- 0x557e50fc,
+ 0x507e50fc,
0x64b60006,
- 0x1d11f404,
-/* 0x06b4: i2c_start_send */
- 0x137e0003,
- 0x884e0006,
- 0x00587e13,
- 0x7e000300,
- 0x4e0005f9,
- 0x587e1388,
-/* 0x06ce: i2c_start_out */
- 0x00f80000,
-/* 0x06d0: i2c_stop */
- 0xf97e0003,
- 0x00030005,
- 0x0006137e,
- 0x7e03e84e,
+ 0x1711f404,
+ 0x7e13884e,
0x03000058,
- 0x05f97e01,
+ 0x05f47e00,
0x13884e00,
0x0000587e,
- 0x137e0103,
- 0x884e0006,
- 0x00587e13,
-/* 0x06ff: i2c_bitw */
- 0x7e00f800,
- 0x4e000613,
- 0x587e03e8,
- 0x76bb0000,
+/* 0x0738: i2c_bitw_out */
+/* 0x073a: i2c_bitr */
+ 0x010300f8,
+ 0x00060e7e,
+ 0x7e03e84e,
+ 0xbb000058,
+ 0x65b60076,
+ 0x9450f904,
+ 0x56bb0465,
+ 0xfd50bd02,
+ 0x50fc0475,
+ 0x0006507e,
+ 0xf40464b6,
+ 0x3c7e1a11,
+ 0x00030006,
+ 0x0005f47e,
+ 0x7e13884e,
+ 0xf0000058,
+ 0x31f4013c,
+/* 0x077d: i2c_bitr_done */
+/* 0x077f: i2c_get_byte */
+ 0x0500f801,
+/* 0x0783: i2c_get_byte_next */
+ 0xb6080400,
+ 0x76bb0154,
0x0465b600,
0x659450f9,
0x0256bb04,
0x75fd50bd,
0x7e50fc04,
- 0xb6000655,
+ 0xb600073a,
0x11f40464,
- 0x13884e17,
- 0x0000587e,
- 0xf97e0003,
- 0x884e0005,
- 0x00587e13,
-/* 0x073d: i2c_bitw_out */
-/* 0x073f: i2c_bitr */
- 0x0300f800,
- 0x06137e01,
- 0x03e84e00,
- 0x0000587e,
+ 0x0553fd2a,
+ 0xf40142b6,
+ 0x0103d81b,
0xb60076bb,
0x50f90465,
0xbb046594,
0x50bd0256,
0xfc0475fd,
- 0x06557e50,
+ 0x06fa7e50,
0x0464b600,
- 0x7e1a11f4,
- 0x03000641,
- 0x05f97e00,
- 0x13884e00,
- 0x0000587e,
- 0xf4013cf0,
-/* 0x0782: i2c_bitr_done */
- 0x00f80131,
-/* 0x0784: i2c_get_byte */
- 0x08040005,
-/* 0x0788: i2c_get_byte_next */
- 0xbb0154b6,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x00073f7e,
- 0xf40464b6,
- 0x53fd2a11,
- 0x0142b605,
- 0x03d81bf4,
- 0x0076bb01,
- 0xf90465b6,
- 0x04659450,
- 0xbd0256bb,
- 0x0475fd50,
- 0xff7e50fc,
- 0x64b60006,
-/* 0x07d1: i2c_get_byte_done */
-/* 0x07d3: i2c_put_byte */
- 0x0400f804,
-/* 0x07d5: i2c_put_byte_next */
- 0x0142b608,
- 0xbb3854ff,
+/* 0x07cc: i2c_get_byte_done */
+/* 0x07ce: i2c_put_byte */
+ 0x080400f8,
+/* 0x07d0: i2c_put_byte_next */
+ 0xff0142b6,
+ 0x76bb3854,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0x7e50fc04,
+ 0xb60006fa,
+ 0x11f40464,
+ 0x0046b034,
+ 0xbbd81bf4,
0x65b60076,
0x9450f904,
0x56bb0465,
0xfd50bd02,
0x50fc0475,
- 0x0006ff7e,
+ 0x00073a7e,
0xf40464b6,
- 0x46b03411,
- 0xd81bf400,
+ 0x76bb0f11,
+ 0x0136b000,
+ 0xf4061bf4,
+/* 0x0826: i2c_put_byte_done */
+ 0x00f80132,
+/* 0x0828: i2c_addr */
0xb60076bb,
0x50f90465,
0xbb046594,
0x50bd0256,
0xfc0475fd,
- 0x073f7e50,
+ 0x06737e50,
0x0464b600,
- 0xbb0f11f4,
- 0x36b00076,
- 0x061bf401,
-/* 0x082b: i2c_put_byte_done */
- 0xf80132f4,
-/* 0x082d: i2c_addr */
- 0x0076bb00,
+ 0xe72911f4,
+ 0xb6012ec3,
+ 0x53fd0134,
+ 0x0076bb05,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
- 0x787e50fc,
- 0x64b60006,
- 0x2911f404,
- 0x012ec3e7,
- 0xfd0134b6,
- 0x76bb0553,
- 0x0465b600,
- 0x659450f9,
- 0x0256bb04,
- 0x75fd50bd,
- 0x7e50fc04,
- 0xb60007d3,
-/* 0x0872: i2c_addr_done */
- 0x00f80464,
-/* 0x0874: i2c_acquire_addr */
- 0xb6f8cec7,
- 0xe0b705e4,
- 0x00f8d014,
-/* 0x0880: i2c_acquire */
- 0x0008747e,
+ 0xce7e50fc,
+ 0x64b60007,
+/* 0x086d: i2c_addr_done */
+/* 0x086f: i2c_acquire_addr */
+ 0xc700f804,
+ 0xe4b6f8ce,
+ 0x14e0b705,
+/* 0x087b: i2c_acquire */
+ 0x7e00f8d0,
+ 0x7e00086f,
+ 0xf0000004,
+ 0x2d7e03d9,
+ 0x00f80000,
+/* 0x088c: i2c_release */
+ 0x00086f7e,
0x0000047e,
- 0x7e03d9f0,
+ 0x7e03daf0,
0xf800002d,
-/* 0x0891: i2c_release */
- 0x08747e00,
- 0x00047e00,
- 0x03daf000,
- 0x00002d7e,
-/* 0x08a2: i2c_recv */
- 0x32f400f8,
- 0xf8c1c701,
- 0xb00214b6,
- 0x1ff52816,
- 0x13b80134,
- 0x98000cf4,
- 0x13b80032,
- 0x98000ccc,
- 0x31f40031,
- 0xf9d0f902,
- 0xd6d0f9e0,
- 0x10000000,
- 0xbb016792,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x0008807e,
- 0xfc0464b6,
- 0x00d6b0d0,
- 0x00b01bf5,
- 0x76bb0005,
+/* 0x089d: i2c_recv */
+ 0x0132f400,
+ 0xb6f8c1c7,
+ 0x16b00214,
+ 0x341ff528,
+ 0xf413b801,
+ 0x3298000c,
+ 0xcc13b800,
+ 0x3198000c,
+ 0x0231f400,
+ 0xe0f9d0f9,
+ 0x00d6d0f9,
+ 0x92100000,
+ 0x76bb0167,
0x0465b600,
0x659450f9,
0x0256bb04,
0x75fd50bd,
0x7e50fc04,
- 0xb600082d,
- 0x11f50464,
- 0xc5c700cc,
- 0x0076bbe0,
- 0xf90465b6,
- 0x04659450,
- 0xbd0256bb,
- 0x0475fd50,
- 0xd37e50fc,
- 0x64b60007,
- 0xa911f504,
- 0xbb010500,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x00082d7e,
- 0xf50464b6,
- 0xbb008711,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x0007847e,
- 0xf40464b6,
- 0x5bcb6711,
- 0x0076bbe0,
+ 0xb600087b,
+ 0xd0fc0464,
+ 0xf500d6b0,
+ 0x0500b01b,
+ 0x0076bb00,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
- 0xd07e50fc,
- 0x64b60006,
- 0xbd5bb204,
- 0x410ef474,
-/* 0x09a4: i2c_recv_not_rd08 */
- 0xf401d6b0,
- 0x00053b1b,
- 0x00082d7e,
- 0xc73211f4,
- 0xd37ee0c5,
- 0x11f40007,
- 0x7e000528,
- 0xf400082d,
- 0xb5c71f11,
- 0x07d37ee0,
- 0x1511f400,
- 0x0006d07e,
- 0xc5c774bd,
- 0x091bf408,
- 0xf40232f4,
-/* 0x09e2: i2c_recv_not_wr08 */
-/* 0x09e2: i2c_recv_done */
- 0xcec7030e,
- 0x08917ef8,
- 0xfce0fc00,
- 0x0912f4d0,
- 0x9f7e7cb2,
-/* 0x09f6: i2c_recv_exit */
- 0x00f80002,
-/* 0x09f8: i2c_init */
-/* 0x09fa: test_recv */
- 0x584100f8,
- 0x0011cf04,
- 0x400110b6,
- 0x01f60458,
- 0xde04bd00,
- 0x134fd900,
- 0x0001de7e,
-/* 0x0a16: test_init */
- 0x004e00f8,
- 0x01de7e08,
-/* 0x0a1f: idle_recv */
+ 0x287e50fc,
+ 0x64b60008,
+ 0xcc11f504,
+ 0xe0c5c700,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x07ce7e50,
+ 0x0464b600,
+ 0x00a911f5,
+ 0x76bb0105,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0x7e50fc04,
+ 0xb6000828,
+ 0x11f50464,
+ 0x76bb0087,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0x7e50fc04,
+ 0xb600077f,
+ 0x11f40464,
+ 0xe05bcb67,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x06cb7e50,
+ 0x0464b600,
+ 0x74bd5bb2,
+/* 0x099f: i2c_recv_not_rd08 */
+ 0xb0410ef4,
+ 0x1bf401d6,
+ 0x7e00053b,
+ 0xf4000828,
+ 0xc5c73211,
+ 0x07ce7ee0,
+ 0x2811f400,
+ 0x287e0005,
+ 0x11f40008,
+ 0xe0b5c71f,
+ 0x0007ce7e,
+ 0x7e1511f4,
+ 0xbd0006cb,
+ 0x08c5c774,
+ 0xf4091bf4,
+ 0x0ef40232,
+/* 0x09dd: i2c_recv_not_wr08 */
+/* 0x09dd: i2c_recv_done */
+ 0xf8cec703,
+ 0x00088c7e,
+ 0xd0fce0fc,
+ 0xb20912f4,
+ 0x029f7e7c,
+/* 0x09f1: i2c_recv_exit */
+/* 0x09f3: i2c_init */
0xf800f800,
-/* 0x0a21: idle */
- 0x0031f400,
- 0xcf045441,
- 0x10b60011,
- 0x04544001,
- 0xbd0001f6,
-/* 0x0a35: idle_loop */
- 0xf4580104,
-/* 0x0a3a: idle_proc */
-/* 0x0a3a: idle_proc_exec */
- 0x10f90232,
- 0xa87e1eb2,
- 0x10fc0002,
- 0xf40911f4,
- 0x0ef40231,
-/* 0x0a4d: idle_proc_next */
- 0x5810b6f0,
- 0x1bf41fa6,
- 0xe002f4e8,
- 0xf40028f4,
- 0x0000c60e,
+/* 0x09f5: test_recv */
+ 0x04584100,
+ 0xb60011cf,
+ 0x58400110,
+ 0x0001f604,
+ 0x00de04bd,
+ 0x7e134fd9,
+ 0xf80001de,
+/* 0x0a11: test_init */
+ 0x08004e00,
+ 0x0001de7e,
+/* 0x0a1a: idle_recv */
+ 0x00f800f8,
+/* 0x0a1c: idle */
+ 0x410031f4,
+ 0x11cf0454,
+ 0x0110b600,
+ 0xf6045440,
+ 0x04bd0001,
+/* 0x0a30: idle_loop */
+ 0x32f45801,
+/* 0x0a35: idle_proc */
+/* 0x0a35: idle_proc_exec */
+ 0xb210f902,
+ 0x02a87e1e,
+ 0xf410fc00,
+ 0x31f40911,
+ 0xf00ef402,
+/* 0x0a48: idle_proc_next */
+ 0xa65810b6,
+ 0xe81bf41f,
+ 0xf4e002f4,
+ 0x0ef40028,
+ 0x000000c6,
+ 0x00000000,
0x00000000,
0x00000000,
0x00000000,
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h
@@ -46,8 +46,8 @@ uint32_t gt215_pmu_data[] = {
0x00000000,
0x00000000,
0x584d454d,
- 0x0000083a,
- 0x0000082c,
+ 0x00000833,
+ 0x00000825,
0x00000000,
0x00000000,
0x00000000,
@@ -68,8 +68,8 @@ uint32_t gt215_pmu_data[] = {
0x00000000,
0x00000000,
0x46524550,
- 0x0000083e,
- 0x0000083c,
+ 0x00000837,
+ 0x00000835,
0x00000000,
0x00000000,
0x00000000,
@@ -90,8 +90,8 @@ uint32_t gt215_pmu_data[] = {
0x00000000,
0x00000000,
0x5f433249,
- 0x00000c6e,
- 0x00000b11,
+ 0x00000c67,
+ 0x00000b0a,
0x00000000,
0x00000000,
0x00000000,
@@ -112,8 +112,8 @@ uint32_t gt215_pmu_data[] = {
0x00000000,
0x00000000,
0x54534554,
- 0x00000c97,
- 0x00000c70,
+ 0x00000c90,
+ 0x00000c69,
0x00000000,
0x00000000,
0x00000000,
@@ -134,8 +134,8 @@ uint32_t gt215_pmu_data[] = {
0x00000000,
0x00000000,
0x454c4449,
- 0x00000ca3,
- 0x00000ca1,
+ 0x00000c9c,
+ 0x00000c9a,
0x00000000,
0x00000000,
0x00000000,
@@ -233,22 +233,22 @@ uint32_t gt215_pmu_data[] = {
/* 0x037c: memx_func_next */
0x00000002,
0x00000000,
- 0x000005a0,
+ 0x0000059f,
0x00000003,
0x00000002,
- 0x00000632,
+ 0x0000062f,
0x00040004,
0x00000000,
- 0x0000064e,
+ 0x0000064b,
0x00010005,
0x00000000,
- 0x0000066b,
+ 0x00000668,
0x00010006,
0x00000000,
- 0x000005f0,
+ 0x000005ef,
0x00000007,
0x00000000,
- 0x00000676,
+ 0x00000673,
/* 0x03c4: memx_func_tail */
/* 0x03c4: memx_ts_start */
0x00000000,
@@ -1304,560 +1304,560 @@ uint32_t gt215_pmu_code[] = {
0x67f102d7,
0x63f1fffc,
0x76fdffff,
- 0x0267f104,
- 0x0576fd00,
- 0x70f980f9,
- 0xe0fcd0fc,
- 0xf04021f4,
+ 0x0267f004,
+ 0xf90576fd,
+ 0xfc70f980,
+ 0xf4e0fcd0,
+ 0x67f04021,
+ 0xe007f104,
+ 0x0604b607,
+ 0xbd0006d0,
+/* 0x0581: memx_func_enter_wait */
+ 0xc067f104,
+ 0x0664b607,
+ 0xf00066cf,
+ 0x0bf40464,
+ 0x2c67f0f3,
+ 0xcf0664b6,
+ 0x06800066,
+/* 0x059f: memx_func_leave */
+ 0xf000f8f1,
+ 0x64b62c67,
+ 0x0066cf06,
+ 0xf0f20680,
0x07f10467,
- 0x04b607e0,
+ 0x04b607e4,
0x0006d006,
-/* 0x0582: memx_func_enter_wait */
+/* 0x05ba: memx_func_leave_wait */
0x67f104bd,
0x64b607c0,
0x0066cf06,
0xf40464f0,
- 0x67f0f30b,
- 0x0664b62c,
- 0x800066cf,
- 0x00f8f106,
-/* 0x05a0: memx_func_leave */
- 0xb62c67f0,
- 0x66cf0664,
- 0xf2068000,
- 0xf10467f0,
- 0xb607e407,
- 0x06d00604,
-/* 0x05bb: memx_func_leave_wait */
- 0xf104bd00,
- 0xb607c067,
- 0x66cf0664,
- 0x0464f000,
- 0xf1f31bf4,
- 0xb9161087,
- 0x21f4028e,
- 0x02d7b904,
- 0xffcc67f1,
- 0xffff63f1,
- 0xf90476fd,
- 0xfc70f980,
- 0xf4e0fcd0,
- 0x00f84021,
-/* 0x05f0: memx_func_wait_vblank */
- 0xb0001698,
- 0x0bf40066,
- 0x0166b013,
- 0xf4060bf4,
-/* 0x0602: memx_func_wait_vblank_head1 */
- 0x77f12e0e,
- 0x0ef40020,
-/* 0x0609: memx_func_wait_vblank_head0 */
- 0x0877f107,
-/* 0x060d: memx_func_wait_vblank_0 */
- 0xc467f100,
- 0x0664b607,
- 0xfd0066cf,
- 0x1bf40467,
-/* 0x061d: memx_func_wait_vblank_1 */
- 0xc467f1f3,
- 0x0664b607,
- 0xfd0066cf,
- 0x0bf40467,
-/* 0x062d: memx_func_wait_vblank_fini */
- 0x0410b6f3,
-/* 0x0632: memx_func_wr32 */
- 0x169800f8,
- 0x01159800,
- 0xf90810b6,
- 0xfc50f960,
- 0xf4e0fcd0,
- 0x42b64021,
- 0xe91bf402,
-/* 0x064e: memx_func_wait */
- 0x87f000f8,
- 0x0684b62c,
- 0x980088cf,
- 0x1d98001e,
- 0x021c9801,
- 0xb6031b98,
- 0x21f41010,
-/* 0x066b: memx_func_delay */
- 0x9800f8a3,
- 0x10b6001e,
- 0x7e21f404,
-/* 0x0676: memx_func_train */
- 0x57f100f8,
- 0x77f10003,
- 0x97f10000,
- 0x93f00000,
- 0x029eb970,
- 0xb90421f4,
- 0xe7f102d8,
- 0x21f42710,
-/* 0x0695: memx_func_train_loop_outer */
- 0x0158e07e,
- 0x0083f101,
- 0xe097f102,
- 0x1193f011,
- 0x80f990f9,
+ 0x87f1f31b,
+ 0x8eb91610,
+ 0x0421f402,
+ 0xf102d7b9,
+ 0xf1ffcc67,
+ 0xfdffff63,
+ 0x80f90476,
+ 0xd0fc70f9,
+ 0x21f4e0fc,
+/* 0x05ef: memx_func_wait_vblank */
+ 0x9800f840,
+ 0x66b00016,
+ 0x120bf400,
+ 0xf40166b0,
+ 0x0ef4060b,
+/* 0x0601: memx_func_wait_vblank_head1 */
+ 0x2077f02c,
+/* 0x0607: memx_func_wait_vblank_head0 */
+ 0xf0060ef4,
+/* 0x060a: memx_func_wait_vblank_0 */
+ 0x67f10877,
+ 0x64b607c4,
+ 0x0066cf06,
+ 0xf40467fd,
+/* 0x061a: memx_func_wait_vblank_1 */
+ 0x67f1f31b,
+ 0x64b607c4,
+ 0x0066cf06,
+ 0xf40467fd,
+/* 0x062a: memx_func_wait_vblank_fini */
+ 0x10b6f30b,
+/* 0x062f: memx_func_wr32 */
+ 0x9800f804,
+ 0x15980016,
+ 0x0810b601,
+ 0x50f960f9,
0xe0fcd0fc,
- 0xf94021f4,
- 0x0067f150,
-/* 0x06b5: memx_func_train_loop_inner */
- 0x1187f100,
- 0x9068ff11,
- 0xfd109894,
- 0x97f10589,
- 0x93f00720,
- 0xf990f910,
- 0xfcd0fc80,
- 0x4021f4e0,
- 0x008097f1,
- 0xb91093f0,
- 0x21f4029e,
- 0x02d8b904,
- 0xf92088c5,
+ 0xb64021f4,
+ 0x1bf40242,
+/* 0x064b: memx_func_wait */
+ 0xf000f8e9,
+ 0x84b62c87,
+ 0x0088cf06,
+ 0x98001e98,
+ 0x1c98011d,
+ 0x031b9802,
+ 0xf41010b6,
+ 0x00f8a321,
+/* 0x0668: memx_func_delay */
+ 0xb6001e98,
+ 0x21f40410,
+/* 0x0673: memx_func_train */
+ 0xf000f87e,
+ 0x77f00357,
+ 0x0097f100,
+ 0x7093f000,
+ 0xf4029eb9,
+ 0xd8b90421,
+ 0x10e7f102,
+ 0x7e21f427,
+/* 0x0690: memx_func_train_loop_outer */
+ 0x010158e0,
+ 0x020083f1,
+ 0x11e097f1,
+ 0xf91193f0,
+ 0xfc80f990,
+ 0xf4e0fcd0,
+ 0x50f94021,
+/* 0x06af: memx_func_train_loop_inner */
+ 0xf10067f0,
+ 0xff111187,
+ 0x98949068,
+ 0x0589fd10,
+ 0x072097f1,
+ 0xf91093f0,
0xfc80f990,
0xf4e0fcd0,
0x97f14021,
- 0x93f0053c,
- 0x0287f110,
- 0x0083f130,
- 0xf990f980,
+ 0x93f00080,
+ 0x029eb910,
+ 0xb90421f4,
+ 0x88c502d8,
+ 0xf990f920,
0xfcd0fc80,
0x4021f4e0,
- 0x0560e7f1,
- 0xf110e3f0,
- 0xf10000d7,
- 0x908000d3,
- 0xb7f100dc,
- 0xb3f08480,
- 0xa321f41e,
- 0x000057f1,
- 0xffff97f1,
- 0x830093f1,
-/* 0x0734: memx_func_train_loop_4x */
- 0x0080a7f1,
- 0xb910a3f0,
- 0x21f402ae,
- 0x02d8b904,
- 0xffdfb7f1,
- 0xffffb3f1,
- 0xf9048bfd,
- 0xfc80f9a0,
+ 0x053c97f1,
+ 0xf11093f0,
+ 0xf1300287,
+ 0xf9800083,
+ 0xfc80f990,
0xf4e0fcd0,
- 0xa7f14021,
- 0xa3f0053c,
- 0x0287f110,
- 0x0083f130,
- 0xf9a0f980,
- 0xfcd0fc80,
- 0x4021f4e0,
- 0x0560e7f1,
- 0xf110e3f0,
- 0xf10000d7,
- 0xb98000d3,
- 0xb7f102dc,
- 0xb3f02710,
- 0xa321f400,
- 0xf402eeb9,
- 0xddb90421,
- 0x949dff02,
+ 0xe7f14021,
+ 0xe3f00560,
+ 0x00d7f110,
+ 0x00d3f100,
+ 0x00dc9080,
+ 0x8480b7f1,
+ 0xf41eb3f0,
+ 0x57f0a321,
+ 0xff97f100,
+ 0x0093f1ff,
+/* 0x072d: memx_func_train_loop_4x */
+ 0x80a7f183,
+ 0x10a3f000,
+ 0xf402aeb9,
+ 0xd8b90421,
+ 0xdfb7f102,
+ 0xffb3f1ff,
+ 0x048bfdff,
+ 0x80f9a0f9,
+ 0xe0fcd0fc,
+ 0xf14021f4,
+ 0xf0053ca7,
+ 0x87f110a3,
+ 0x83f13002,
+ 0xa0f98000,
+ 0xd0fc80f9,
+ 0x21f4e0fc,
+ 0x60e7f140,
+ 0x10e3f005,
+ 0x0000d7f1,
+ 0x8000d3f1,
+ 0xf102dcb9,
+ 0xf02710b7,
+ 0x21f400b3,
+ 0x02eeb9a3,
+ 0xb90421f4,
+ 0x9dff02dd,
+ 0x0150b694,
+ 0xf4045670,
+ 0x7aa0921e,
+ 0xa9800bcc,
+ 0x0160b600,
+ 0x700470b6,
+ 0x1ef51066,
+ 0x50fcff01,
0x700150b6,
- 0x1ef40456,
- 0xcc7aa092,
- 0x00a9800b,
- 0xb60160b6,
- 0x66700470,
- 0x001ef510,
- 0xb650fcff,
- 0x56700150,
- 0xd41ef507,
-/* 0x07c7: memx_exec */
- 0xf900f8fe,
- 0xb9d0f9e0,
- 0xb2b902c1,
-/* 0x07d1: memx_exec_next */
- 0x00139802,
- 0xe70410b6,
- 0xe701f034,
- 0xb601e033,
- 0x30f00132,
- 0xde35980c,
- 0x12b855f9,
- 0xe41ef406,
- 0x98f10b98,
- 0xcbbbf20c,
- 0xc4b7f102,
- 0x06b4b607,
- 0xfc00bbcf,
- 0xf5e0fcd0,
+ 0x1ef50756,
+ 0x00f8fed6,
+/* 0x07c0: memx_exec */
+ 0xd0f9e0f9,
+ 0xb902c1b9,
+/* 0x07ca: memx_exec_next */
+ 0x139802b2,
+ 0x0410b600,
+ 0x01f034e7,
+ 0x01e033e7,
+ 0xf00132b6,
+ 0x35980c30,
+ 0xb855f9de,
+ 0x1ef40612,
+ 0xf10b98e4,
+ 0xbbf20c98,
+ 0xb7f102cb,
+ 0xb4b607c4,
+ 0x00bbcf06,
+ 0xe0fcd0fc,
+ 0x033621f5,
+/* 0x0806: memx_info */
+ 0xc67000f8,
+ 0x0e0bf401,
+/* 0x080c: memx_info_data */
+ 0x03ccc7f1,
+ 0x0800b7f1,
+/* 0x0817: memx_info_train */
+ 0xf10b0ef4,
+ 0xf10bccc7,
+/* 0x081f: memx_info_send */
+ 0xf50100b7,
0xf8033621,
-/* 0x080d: memx_info */
- 0x01c67000,
-/* 0x0813: memx_info_data */
- 0xf10e0bf4,
- 0xf103ccc7,
- 0xf40800b7,
-/* 0x081e: memx_info_train */
- 0xc7f10b0e,
- 0xb7f10bcc,
-/* 0x0826: memx_info_send */
- 0x21f50100,
- 0x00f80336,
-/* 0x082c: memx_recv */
- 0xf401d6b0,
- 0xd6b0980b,
- 0xd80bf400,
-/* 0x083a: memx_init */
- 0x00f800f8,
-/* 0x083c: perf_recv */
-/* 0x083e: perf_init */
- 0x00f800f8,
-/* 0x0840: i2c_drive_scl */
- 0xf40036b0,
- 0x07f1110b,
- 0x04b607e0,
- 0x0001d006,
- 0x00f804bd,
-/* 0x0854: i2c_drive_scl_lo */
- 0x07e407f1,
- 0xd00604b6,
- 0x04bd0001,
-/* 0x0862: i2c_drive_sda */
- 0x36b000f8,
- 0x110bf400,
- 0x07e007f1,
- 0xd00604b6,
- 0x04bd0002,
-/* 0x0876: i2c_drive_sda_lo */
- 0x07f100f8,
- 0x04b607e4,
- 0x0002d006,
- 0x00f804bd,
-/* 0x0884: i2c_sense_scl */
- 0xf10132f4,
- 0xb607c437,
- 0x33cf0634,
- 0x0431fd00,
- 0xf4060bf4,
-/* 0x089a: i2c_sense_scl_done */
- 0x00f80131,
-/* 0x089c: i2c_sense_sda */
- 0xf10132f4,
- 0xb607c437,
- 0x33cf0634,
- 0x0432fd00,
- 0xf4060bf4,
-/* 0x08b2: i2c_sense_sda_done */
- 0x00f80131,
-/* 0x08b4: i2c_raise_scl */
- 0x47f140f9,
- 0x37f00898,
- 0x4021f501,
-/* 0x08c1: i2c_raise_scl_wait */
+/* 0x0825: memx_recv */
+ 0x01d6b000,
+ 0xb0980bf4,
+ 0x0bf400d6,
+/* 0x0833: memx_init */
+ 0xf800f8d8,
+/* 0x0835: perf_recv */
+/* 0x0837: perf_init */
+ 0xf800f800,
+/* 0x0839: i2c_drive_scl */
+ 0x0036b000,
+ 0xf1110bf4,
+ 0xb607e007,
+ 0x01d00604,
+ 0xf804bd00,
+/* 0x084d: i2c_drive_scl_lo */
+ 0xe407f100,
+ 0x0604b607,
+ 0xbd0001d0,
+/* 0x085b: i2c_drive_sda */
+ 0xb000f804,
+ 0x0bf40036,
+ 0xe007f111,
+ 0x0604b607,
+ 0xbd0002d0,
+/* 0x086f: i2c_drive_sda_lo */
+ 0xf100f804,
+ 0xb607e407,
+ 0x02d00604,
+ 0xf804bd00,
+/* 0x087d: i2c_sense_scl */
+ 0x0132f400,
+ 0x07c437f1,
+ 0xcf0634b6,
+ 0x31fd0033,
+ 0x060bf404,
+/* 0x0893: i2c_sense_scl_done */
+ 0xf80131f4,
+/* 0x0895: i2c_sense_sda */
+ 0x0132f400,
+ 0x07c437f1,
+ 0xcf0634b6,
+ 0x32fd0033,
+ 0x060bf404,
+/* 0x08ab: i2c_sense_sda_done */
+ 0xf80131f4,
+/* 0x08ad: i2c_raise_scl */
+ 0xf140f900,
+ 0xf0089847,
+ 0x21f50137,
+/* 0x08ba: i2c_raise_scl_wait */
+ 0xe7f10839,
+ 0x21f403e8,
+ 0x7d21f57e,
+ 0x0901f408,
+ 0xf40142b6,
+/* 0x08ce: i2c_raise_scl_done */
+ 0x40fcef1b,
+/* 0x08d2: i2c_start */
+ 0x21f500f8,
+ 0x11f4087d,
+ 0x9521f50d,
+ 0x0611f408,
+/* 0x08e3: i2c_start_rep */
+ 0xf0300ef4,
+ 0x21f50037,
+ 0x37f00839,
+ 0x5b21f501,
+ 0x0076bb08,
+ 0xf90465b6,
+ 0x04659450,
+ 0xbd0256bb,
+ 0x0475fd50,
+ 0x21f550fc,
+ 0x64b608ad,
+ 0x1f11f404,
+/* 0x0910: i2c_start_send */
+ 0xf50037f0,
+ 0xf1085b21,
+ 0xf41388e7,
+ 0x37f07e21,
+ 0x3921f500,
+ 0x88e7f108,
+ 0x7e21f413,
+/* 0x092c: i2c_start_out */
+/* 0x092e: i2c_stop */
+ 0x37f000f8,
+ 0x3921f500,
+ 0x0037f008,
+ 0x085b21f5,
+ 0x03e8e7f1,
+ 0xf07e21f4,
+ 0x21f50137,
+ 0xe7f10839,
+ 0x21f41388,
+ 0x0137f07e,
+ 0x085b21f5,
+ 0x1388e7f1,
+ 0xf87e21f4,
+/* 0x0961: i2c_bitw */
+ 0x5b21f500,
0xe8e7f108,
0x7e21f403,
- 0x088421f5,
- 0xb60901f4,
- 0x1bf40142,
-/* 0x08d5: i2c_raise_scl_done */
- 0xf840fcef,
-/* 0x08d9: i2c_start */
- 0x8421f500,
- 0x0d11f408,
- 0x089c21f5,
- 0xf40611f4,
-/* 0x08ea: i2c_start_rep */
- 0x37f0300e,
- 0x4021f500,
- 0x0137f008,
- 0x086221f5,
0xb60076bb,
0x50f90465,
0xbb046594,
0x50bd0256,
0xfc0475fd,
- 0xb421f550,
+ 0xad21f550,
0x0464b608,
-/* 0x0917: i2c_start_send */
- 0xf01f11f4,
- 0x21f50037,
- 0xe7f10862,
- 0x21f41388,
- 0x0037f07e,
- 0x084021f5,
- 0x1388e7f1,
-/* 0x0933: i2c_start_out */
- 0xf87e21f4,
-/* 0x0935: i2c_stop */
- 0x0037f000,
- 0x084021f5,
- 0xf50037f0,
- 0xf1086221,
- 0xf403e8e7,
+ 0xf11811f4,
+ 0xf41388e7,
0x37f07e21,
- 0x4021f501,
+ 0x3921f500,
0x88e7f108,
0x7e21f413,
- 0xf50137f0,
- 0xf1086221,
- 0xf41388e7,
- 0x00f87e21,
-/* 0x0968: i2c_bitw */
- 0x086221f5,
- 0x03e8e7f1,
- 0xbb7e21f4,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x08b421f5,
- 0xf40464b6,
- 0xe7f11811,
+/* 0x09a0: i2c_bitw_out */
+/* 0x09a2: i2c_bitr */
+ 0x37f000f8,
+ 0x5b21f501,
+ 0xe8e7f108,
+ 0x7e21f403,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0xad21f550,
+ 0x0464b608,
+ 0xf51b11f4,
+ 0xf0089521,
+ 0x21f50037,
+ 0xe7f10839,
0x21f41388,
- 0x0037f07e,
- 0x084021f5,
- 0x1388e7f1,
-/* 0x09a7: i2c_bitw_out */
- 0xf87e21f4,
-/* 0x09a9: i2c_bitr */
- 0x0137f000,
- 0x086221f5,
- 0x03e8e7f1,
- 0xbb7e21f4,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x08b421f5,
- 0xf40464b6,
- 0x21f51b11,
- 0x37f0089c,
- 0x4021f500,
- 0x88e7f108,
- 0x7e21f413,
- 0xf4013cf0,
-/* 0x09ee: i2c_bitr_done */
- 0x00f80131,
-/* 0x09f0: i2c_get_byte */
- 0xf00057f0,
-/* 0x09f6: i2c_get_byte_next */
- 0x54b60847,
+ 0x013cf07e,
+/* 0x09e7: i2c_bitr_done */
+ 0xf80131f4,
+/* 0x09e9: i2c_get_byte */
+ 0x0057f000,
+/* 0x09ef: i2c_get_byte_next */
+ 0xb60847f0,
+ 0x76bb0154,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0xf550fc04,
+ 0xb609a221,
+ 0x11f40464,
+ 0x0553fd2b,
+ 0xf40142b6,
+ 0x37f0d81b,
0x0076bb01,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
0x21f550fc,
- 0x64b609a9,
- 0x2b11f404,
- 0xb60553fd,
- 0x1bf40142,
- 0x0137f0d8,
- 0xb60076bb,
- 0x50f90465,
- 0xbb046594,
- 0x50bd0256,
- 0xfc0475fd,
- 0x6821f550,
- 0x0464b609,
-/* 0x0a40: i2c_get_byte_done */
-/* 0x0a42: i2c_put_byte */
- 0x47f000f8,
-/* 0x0a45: i2c_put_byte_next */
- 0x0142b608,
- 0xbb3854ff,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x096821f5,
- 0xf40464b6,
- 0x46b03411,
- 0xd81bf400,
+ 0x64b60961,
+/* 0x0a39: i2c_get_byte_done */
+/* 0x0a3b: i2c_put_byte */
+ 0xf000f804,
+/* 0x0a3e: i2c_put_byte_next */
+ 0x42b60847,
+ 0x3854ff01,
0xb60076bb,
0x50f90465,
0xbb046594,
0x50bd0256,
0xfc0475fd,
- 0xa921f550,
+ 0x6121f550,
0x0464b609,
- 0xbb0f11f4,
- 0x36b00076,
- 0x061bf401,
-/* 0x0a9b: i2c_put_byte_done */
- 0xf80132f4,
-/* 0x0a9d: i2c_addr */
- 0x0076bb00,
+ 0xb03411f4,
+ 0x1bf40046,
+ 0x0076bbd8,
0xf90465b6,
0x04659450,
0xbd0256bb,
0x0475fd50,
0x21f550fc,
- 0x64b608d9,
- 0x2911f404,
- 0x012ec3e7,
- 0xfd0134b6,
- 0x76bb0553,
+ 0x64b609a2,
+ 0x0f11f404,
+ 0xb00076bb,
+ 0x1bf40136,
+ 0x0132f406,
+/* 0x0a94: i2c_put_byte_done */
+/* 0x0a96: i2c_addr */
+ 0x76bb00f8,
0x0465b600,
0x659450f9,
0x0256bb04,
0x75fd50bd,
0xf550fc04,
- 0xb60a4221,
-/* 0x0ae2: i2c_addr_done */
- 0x00f80464,
-/* 0x0ae4: i2c_acquire_addr */
- 0xb6f8cec7,
- 0xe0b702e4,
- 0xee980d1c,
-/* 0x0af3: i2c_acquire */
- 0xf500f800,
- 0xf40ae421,
- 0xd9f00421,
- 0x4021f403,
-/* 0x0b02: i2c_release */
- 0x21f500f8,
- 0x21f40ae4,
- 0x03daf004,
- 0xf84021f4,
-/* 0x0b11: i2c_recv */
- 0x0132f400,
- 0xb6f8c1c7,
- 0x16b00214,
- 0x3a1ff528,
- 0xf413a001,
- 0x0032980c,
- 0x0ccc13a0,
- 0xf4003198,
- 0xd0f90231,
- 0xd0f9e0f9,
- 0x000067f1,
- 0x100063f1,
- 0xbb016792,
+ 0xb608d221,
+ 0x11f40464,
+ 0x2ec3e729,
+ 0x0134b601,
+ 0xbb0553fd,
0x65b60076,
0x9450f904,
0x56bb0465,
0xfd50bd02,
0x50fc0475,
- 0x0af321f5,
- 0xfc0464b6,
- 0x00d6b0d0,
- 0x00b31bf5,
- 0xbb0057f0,
+ 0x0a3b21f5,
+/* 0x0adb: i2c_addr_done */
+ 0xf80464b6,
+/* 0x0add: i2c_acquire_addr */
+ 0xf8cec700,
+ 0xb702e4b6,
+ 0x980d1ce0,
+ 0x00f800ee,
+/* 0x0aec: i2c_acquire */
+ 0x0add21f5,
+ 0xf00421f4,
+ 0x21f403d9,
+/* 0x0afb: i2c_release */
+ 0xf500f840,
+ 0xf40add21,
+ 0xdaf00421,
+ 0x4021f403,
+/* 0x0b0a: i2c_recv */
+ 0x32f400f8,
+ 0xf8c1c701,
+ 0xb00214b6,
+ 0x1ff52816,
+ 0x13a0013a,
+ 0x32980cf4,
+ 0xcc13a000,
+ 0x0031980c,
+ 0xf90231f4,
+ 0xf9e0f9d0,
+ 0x0067f1d0,
+ 0x0063f100,
+ 0x01679210,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0xec21f550,
+ 0x0464b60a,
+ 0xd6b0d0fc,
+ 0xb31bf500,
+ 0x0057f000,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x9621f550,
+ 0x0464b60a,
+ 0x00d011f5,
+ 0xbbe0c5c7,
0x65b60076,
0x9450f904,
0x56bb0465,
0xfd50bd02,
0x50fc0475,
- 0x0a9d21f5,
+ 0x0a3b21f5,
0xf50464b6,
- 0xc700d011,
- 0x76bbe0c5,
+ 0xf000ad11,
+ 0x76bb0157,
0x0465b600,
0x659450f9,
0x0256bb04,
0x75fd50bd,
0xf550fc04,
- 0xb60a4221,
+ 0xb60a9621,
0x11f50464,
- 0x57f000ad,
- 0x0076bb01,
- 0xf90465b6,
- 0x04659450,
- 0xbd0256bb,
- 0x0475fd50,
- 0x21f550fc,
- 0x64b60a9d,
- 0x8a11f504,
- 0x0076bb00,
- 0xf90465b6,
- 0x04659450,
- 0xbd0256bb,
- 0x0475fd50,
- 0x21f550fc,
- 0x64b609f0,
- 0x6a11f404,
- 0xbbe05bcb,
- 0x65b60076,
- 0x9450f904,
- 0x56bb0465,
- 0xfd50bd02,
- 0x50fc0475,
- 0x093521f5,
- 0xb90464b6,
- 0x74bd025b,
-/* 0x0c17: i2c_recv_not_rd08 */
- 0xb0430ef4,
- 0x1bf401d6,
- 0x0057f03d,
- 0x0a9d21f5,
- 0xc73311f4,
- 0x21f5e0c5,
- 0x11f40a42,
- 0x0057f029,
- 0x0a9d21f5,
- 0xc71f11f4,
- 0x21f5e0b5,
- 0x11f40a42,
- 0x3521f515,
- 0xc774bd09,
- 0x1bf408c5,
- 0x0232f409,
-/* 0x0c57: i2c_recv_not_wr08 */
-/* 0x0c57: i2c_recv_done */
- 0xc7030ef4,
- 0x21f5f8ce,
- 0xe0fc0b02,
- 0x12f4d0fc,
- 0x027cb90a,
- 0x033621f5,
-/* 0x0c6c: i2c_recv_exit */
-/* 0x0c6e: i2c_init */
+ 0x76bb008a,
+ 0x0465b600,
+ 0x659450f9,
+ 0x0256bb04,
+ 0x75fd50bd,
+ 0xf550fc04,
+ 0xb609e921,
+ 0x11f40464,
+ 0xe05bcb6a,
+ 0xb60076bb,
+ 0x50f90465,
+ 0xbb046594,
+ 0x50bd0256,
+ 0xfc0475fd,
+ 0x2e21f550,
+ 0x0464b609,
+ 0xbd025bb9,
+ 0x430ef474,
+/* 0x0c10: i2c_recv_not_rd08 */
+ 0xf401d6b0,
+ 0x57f03d1b,
+ 0x9621f500,
+ 0x3311f40a,
+ 0xf5e0c5c7,
+ 0xf40a3b21,
+ 0x57f02911,
+ 0x9621f500,
+ 0x1f11f40a,
+ 0xf5e0b5c7,
+ 0xf40a3b21,
+ 0x21f51511,
+ 0x74bd092e,
+ 0xf408c5c7,
+ 0x32f4091b,
+ 0x030ef402,
+/* 0x0c50: i2c_recv_not_wr08 */
+/* 0x0c50: i2c_recv_done */
+ 0xf5f8cec7,
+ 0xfc0afb21,
+ 0xf4d0fce0,
+ 0x7cb90a12,
+ 0x3621f502,
+/* 0x0c65: i2c_recv_exit */
+/* 0x0c67: i2c_init */
+ 0xf800f803,
+/* 0x0c69: test_recv */
+ 0xd817f100,
+ 0x0614b605,
+ 0xb60011cf,
+ 0x07f10110,
+ 0x04b605d8,
+ 0x0001d006,
+ 0xe7f104bd,
+ 0xe3f1d900,
+ 0x21f5134f,
+ 0x00f80256,
+/* 0x0c90: test_init */
+ 0x0800e7f1,
+ 0x025621f5,
+/* 0x0c9a: idle_recv */
0x00f800f8,
-/* 0x0c70: test_recv */
- 0x05d817f1,
- 0xcf0614b6,
- 0x10b60011,
- 0xd807f101,
- 0x0604b605,
- 0xbd0001d0,
- 0x00e7f104,
- 0x4fe3f1d9,
- 0x5621f513,
-/* 0x0c97: test_init */
- 0xf100f802,
- 0xf50800e7,
- 0xf8025621,
-/* 0x0ca1: idle_recv */
-/* 0x0ca3: idle */
- 0xf400f800,
- 0x17f10031,
- 0x14b605d4,
- 0x0011cf06,
- 0xf10110b6,
- 0xb605d407,
- 0x01d00604,
-/* 0x0cbf: idle_loop */
- 0xf004bd00,
- 0x32f45817,
-/* 0x0cc5: idle_proc */
-/* 0x0cc5: idle_proc_exec */
- 0xb910f902,
- 0x21f5021e,
- 0x10fc033f,
- 0xf40911f4,
- 0x0ef40231,
-/* 0x0cd9: idle_proc_next */
- 0x5810b6ef,
- 0xf4061fb8,
- 0x02f4e61b,
- 0x0028f4dd,
- 0x00bb0ef4,
+/* 0x0c9c: idle */
+ 0xf10031f4,
+ 0xb605d417,
+ 0x11cf0614,
+ 0x0110b600,
+ 0x05d407f1,
+ 0xd00604b6,
+ 0x04bd0001,
+/* 0x0cb8: idle_loop */
+ 0xf45817f0,
+/* 0x0cbe: idle_proc */
+/* 0x0cbe: idle_proc_exec */
+ 0x10f90232,
+ 0xf5021eb9,
+ 0xfc033f21,
+ 0x0911f410,
+ 0xf40231f4,
+/* 0x0cd2: idle_proc_next */
+ 0x10b6ef0e,
+ 0x061fb858,
+ 0xf4e61bf4,
+ 0x28f4dd02,
+ 0xbb0ef400,
+ 0x00000000,
+ 0x00000000,
0x00000000,
0x00000000,
0x00000000,
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc
@@ -82,15 +82,15 @@ memx_train_tail:
// $r0 - zero
memx_func_enter:
#if NVKM_PPWR_CHIPSET == GT215
- movw $r8 0x1610
+ mov $r8 0x1610
nv_rd32($r7, $r8)
imm32($r6, 0xfffffffc)
and $r7 $r6
- movw $r6 0x2
+ mov $r6 0x2
or $r7 $r6
nv_wr32($r8, $r7)
#else
- movw $r6 0x001620
+ mov $r6 0x001620
imm32($r7, ~0x00000aa2);
nv_rd32($r8, $r6)
and $r8 $r7
@@ -101,7 +101,7 @@ memx_func_enter:
and $r8 $r7
nv_wr32($r6, $r8)
- movw $r6 0x0026f0
+ mov $r6 0x0026f0
nv_rd32($r8, $r6)
and $r8 $r7
nv_wr32($r6, $r8)
@@ -136,19 +136,19 @@ memx_func_leave:
bra nz #memx_func_leave_wait
#if NVKM_PPWR_CHIPSET == GT215
- movw $r8 0x1610
+ mov $r8 0x1610
nv_rd32($r7, $r8)
imm32($r6, 0xffffffcc)
and $r7 $r6
nv_wr32($r8, $r7)
#else
- movw $r6 0x0026f0
+ mov $r6 0x0026f0
imm32($r7, 0x00000001)
nv_rd32($r8, $r6)
or $r8 $r7
nv_wr32($r6, $r8)
- movw $r6 0x001620
+ mov $r6 0x001620
nv_rd32($r8, $r6)
or $r8 $r7
nv_wr32($r6, $r8)
@@ -177,11 +177,11 @@ memx_func_wait_vblank:
bra #memx_func_wait_vblank_fini
memx_func_wait_vblank_head1:
- movw $r7 0x20
+ mov $r7 0x20
bra #memx_func_wait_vblank_0
memx_func_wait_vblank_head0:
- movw $r7 0x8
+ mov $r7 0x8
memx_func_wait_vblank_0:
nv_iord($r6, NV_PPWR_INPUT)
@@ -273,13 +273,13 @@ memx_func_train:
// $r5 - outer loop counter
// $r6 - inner loop counter
// $r7 - entry counter (#memx_train_head + $r7)
- movw $r5 0x3
- movw $r7 0x0
+ mov $r5 0x3
+ mov $r7 0x0
// Read random memory to wake up... things
imm32($r9, 0x700000)
nv_rd32($r8,$r9)
- movw $r14 0x2710
+ mov $r14 0x2710
call(nsec)
memx_func_train_loop_outer:
@@ -289,9 +289,9 @@ memx_func_train:
nv_wr32($r9, $r8)
push $r5
- movw $r6 0x0
+ mov $r6 0x0
memx_func_train_loop_inner:
- movw $r8 0x1111
+ mov $r8 0x1111
mulu $r9 $r6 $r8
shl b32 $r8 $r9 0x10
or $r8 $r9
@@ -315,7 +315,7 @@ memx_func_train:
// $r5 - inner inner loop counter
// $r9 - result
- movw $r5 0
+ mov $r5 0
imm32($r9, 0x8300ffff)
memx_func_train_loop_4x:
imm32($r10, 0x100080)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 078/329] netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 077/329] drm/nouveau/pmu/fuc: dont use movw directly anymore Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 079/329] x86/power: Fix swsusp_arch_resume prototype Greg Kroah-Hartman
` (238 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Subash Abhinov Kasiviswanathan,
Pablo Neira Ayuso, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
[ Upstream commit ea23d5e3bf340e413b8e05c13da233c99c64142b ]
Failures were seen in ICMPv6 fragmentation timeout tests if they were
run after the RFC2460 failure tests. Kernel was not sending out the
ICMPv6 fragment reassembly time exceeded packet after the fragmentation
reassembly timeout of 1 minute had elapsed.
This happened because the frag queue was not released if an error in
IPv6 fragmentation header was detected by RFC2460.
Fixes: 83f1999caeb1 ("netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460")
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/netfilter/nf_conntrack_reasm.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -263,6 +263,7 @@ static int nf_ct_frag6_queue(struct frag
* this case. -DaveM
*/
pr_debug("end of fragment not rounded to 8 bytes.\n");
+ inet_frag_kill(&fq->q, &nf_frags);
return -EPROTO;
}
if (end > fq->q.len) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 079/329] x86/power: Fix swsusp_arch_resume prototype
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 078/329] netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 080/329] firmware: dmi_scan: Fix handling of empty DMI strings Greg Kroah-Hartman
` (237 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Thomas Gleixner,
Len Brown, Andi Kleen, Nicolas Pitre, linux-pm,
Rafael J. Wysocki, Pavel Machek, Bart Van Assche, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 328008a72d38b5bde6491e463405c34a81a65d3e ]
The declaration for swsusp_arch_resume marks it as 'asmlinkage', but the
definition in x86-32 does not, and it fails to include the header with the
declaration. This leads to a warning when building with
link-time-optimizations:
kernel/power/power.h:108:23: error: type of 'swsusp_arch_resume' does not match original declaration [-Werror=lto-type-mismatch]
extern asmlinkage int swsusp_arch_resume(void);
^
arch/x86/power/hibernate_32.c:148:0: note: 'swsusp_arch_resume' was previously declared here
int swsusp_arch_resume(void)
This moves the declaration into a globally visible header file and fixes up
both x86 definitions to match it.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Len Brown <len.brown@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Nicolas Pitre <nico@linaro.org>
Cc: linux-pm@vger.kernel.org
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Link: https://lkml.kernel.org/r/20180202145634.200291-2-arnd@arndb.de
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/power/hibernate_32.c | 2 +-
arch/x86/power/hibernate_64.c | 2 +-
include/linux/suspend.h | 2 ++
kernel/power/power.h | 3 ---
4 files changed, 4 insertions(+), 5 deletions(-)
--- a/arch/x86/power/hibernate_32.c
+++ b/arch/x86/power/hibernate_32.c
@@ -142,7 +142,7 @@ static inline void resume_init_first_lev
#endif
}
-int swsusp_arch_resume(void)
+asmlinkage int swsusp_arch_resume(void)
{
int error;
--- a/arch/x86/power/hibernate_64.c
+++ b/arch/x86/power/hibernate_64.c
@@ -149,7 +149,7 @@ static int relocate_restore_code(void)
return 0;
}
-int swsusp_arch_resume(void)
+asmlinkage int swsusp_arch_resume(void)
{
int error;
--- a/include/linux/suspend.h
+++ b/include/linux/suspend.h
@@ -378,6 +378,8 @@ extern int swsusp_page_is_forbidden(stru
extern void swsusp_set_page_free(struct page *);
extern void swsusp_unset_page_free(struct page *);
extern unsigned long get_safe_page(gfp_t gfp_mask);
+extern asmlinkage int swsusp_arch_suspend(void);
+extern asmlinkage int swsusp_arch_resume(void);
extern void hibernation_set_ops(const struct platform_hibernation_ops *ops);
extern int hibernate(void);
--- a/kernel/power/power.h
+++ b/kernel/power/power.h
@@ -103,9 +103,6 @@ extern int in_suspend;
extern dev_t swsusp_resume_device;
extern sector_t swsusp_resume_block;
-extern asmlinkage int swsusp_arch_suspend(void);
-extern asmlinkage int swsusp_arch_resume(void);
-
extern int create_basic_memory_bitmaps(void);
extern void free_basic_memory_bitmaps(void);
extern int hibernate_preallocate_memory(void);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 080/329] firmware: dmi_scan: Fix handling of empty DMI strings
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 079/329] x86/power: Fix swsusp_arch_resume prototype Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 081/329] ACPI: processor_perflib: Do not send _PPC change notification if not ready Greg Kroah-Hartman
` (236 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jean Delvare, Parag Warudkar,
Ingo Molnar, Thomas Gleixner, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean Delvare <jdelvare@suse.de>
[ Upstream commit a7770ae194569e96a93c48aceb304edded9cc648 ]
The handling of empty DMI strings looks quite broken to me:
* Strings from 1 to 7 spaces are not considered empty.
* True empty DMI strings (string index set to 0) are not considered
empty, and result in allocating a 0-char string.
* Strings with invalid index also result in allocating a 0-char
string.
* Strings starting with 8 spaces are all considered empty, even if
non-space characters follow (sounds like a weird thing to do, but
I have actually seen occurrences of this in DMI tables before.)
* Strings which are considered empty are reported as 8 spaces,
instead of being actually empty.
Some of these issues are the result of an off-by-one error in memcmp,
the rest is incorrect by design.
So let's get it square: missing strings and strings made of only
spaces, regardless of their length, should be treated as empty and
no memory should be allocated for them. All other strings are
non-empty and should be allocated.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Fixes: 79da4721117f ("x86: fix DMI out of memory problems")
Cc: Parag Warudkar <parag.warudkar@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/dmi_scan.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -18,7 +18,7 @@ EXPORT_SYMBOL_GPL(dmi_kobj);
* of and an antecedent to, SMBIOS, which stands for System
* Management BIOS. See further: http://www.dmtf.org/standards
*/
-static const char dmi_empty_string[] = " ";
+static const char dmi_empty_string[] = "";
static u32 dmi_ver __initdata;
static u32 dmi_len;
@@ -44,25 +44,21 @@ static int dmi_memdev_nr;
static const char * __init dmi_string_nosave(const struct dmi_header *dm, u8 s)
{
const u8 *bp = ((u8 *) dm) + dm->length;
+ const u8 *nsp;
if (s) {
- s--;
- while (s > 0 && *bp) {
+ while (--s > 0 && *bp)
bp += strlen(bp) + 1;
- s--;
- }
- if (*bp != 0) {
- size_t len = strlen(bp)+1;
- size_t cmp_len = len > 8 ? 8 : len;
-
- if (!memcmp(bp, dmi_empty_string, cmp_len))
- return dmi_empty_string;
+ /* Strings containing only spaces are considered empty */
+ nsp = bp;
+ while (*nsp == ' ')
+ nsp++;
+ if (*nsp != '\0')
return bp;
- }
}
- return "";
+ return dmi_empty_string;
}
static const char * __init dmi_string(const struct dmi_header *dm, u8 s)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 081/329] ACPI: processor_perflib: Do not send _PPC change notification if not ready
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 080/329] firmware: dmi_scan: Fix handling of empty DMI strings Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 082/329] ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Greg Kroah-Hartman
` (235 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Smythies, Srinivas Pandruvada,
Yu Chen, Rafael J. Wysocki, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Yu <yu.c.chen@intel.com>
[ Upstream commit ba1edb9a5125a617d612f98eead14b9b84e75c3a ]
The following warning was triggered after resumed from S3 -
if all the nonboot CPUs were put offline before suspend:
[ 1840.329515] unchecked MSR access error: RDMSR from 0x771 at rIP: 0xffffffff86061e3a (native_read_msr+0xa/0x30)
[ 1840.329516] Call Trace:
[ 1840.329521] __rdmsr_on_cpu+0x33/0x50
[ 1840.329525] generic_exec_single+0x81/0xb0
[ 1840.329527] smp_call_function_single+0xd2/0x100
[ 1840.329530] ? acpi_ds_result_pop+0xdd/0xf2
[ 1840.329532] ? acpi_ds_create_operand+0x215/0x23c
[ 1840.329534] rdmsrl_on_cpu+0x57/0x80
[ 1840.329536] ? cpumask_next+0x1b/0x20
[ 1840.329538] ? rdmsrl_on_cpu+0x57/0x80
[ 1840.329541] intel_pstate_update_perf_limits+0xf3/0x220
[ 1840.329544] ? notifier_call_chain+0x4a/0x70
[ 1840.329546] intel_pstate_set_policy+0x4e/0x150
[ 1840.329548] cpufreq_set_policy+0xcd/0x2f0
[ 1840.329550] cpufreq_update_policy+0xb2/0x130
[ 1840.329552] ? cpufreq_update_policy+0x130/0x130
[ 1840.329556] acpi_processor_ppc_has_changed+0x65/0x80
[ 1840.329558] acpi_processor_notify+0x80/0x100
[ 1840.329561] acpi_ev_notify_dispatch+0x44/0x5c
[ 1840.329563] acpi_os_execute_deferred+0x14/0x20
[ 1840.329565] process_one_work+0x193/0x3c0
[ 1840.329567] worker_thread+0x35/0x3b0
[ 1840.329569] kthread+0x125/0x140
[ 1840.329571] ? process_one_work+0x3c0/0x3c0
[ 1840.329572] ? kthread_park+0x60/0x60
[ 1840.329575] ? do_syscall_64+0x67/0x180
[ 1840.329577] ret_from_fork+0x25/0x30
[ 1840.329585] unchecked MSR access error: WRMSR to 0x774 (tried to write 0x0000000000000000) at rIP: 0xffffffff86061f78 (native_write_msr+0x8/0x30)
[ 1840.329586] Call Trace:
[ 1840.329587] __wrmsr_on_cpu+0x37/0x40
[ 1840.329589] generic_exec_single+0x81/0xb0
[ 1840.329592] smp_call_function_single+0xd2/0x100
[ 1840.329594] ? acpi_ds_create_operand+0x215/0x23c
[ 1840.329595] ? cpumask_next+0x1b/0x20
[ 1840.329597] wrmsrl_on_cpu+0x57/0x70
[ 1840.329598] ? rdmsrl_on_cpu+0x57/0x80
[ 1840.329599] ? wrmsrl_on_cpu+0x57/0x70
[ 1840.329602] intel_pstate_hwp_set+0xd3/0x150
[ 1840.329604] intel_pstate_set_policy+0x119/0x150
[ 1840.329606] cpufreq_set_policy+0xcd/0x2f0
[ 1840.329607] cpufreq_update_policy+0xb2/0x130
[ 1840.329610] ? cpufreq_update_policy+0x130/0x130
[ 1840.329613] acpi_processor_ppc_has_changed+0x65/0x80
[ 1840.329615] acpi_processor_notify+0x80/0x100
[ 1840.329617] acpi_ev_notify_dispatch+0x44/0x5c
[ 1840.329619] acpi_os_execute_deferred+0x14/0x20
[ 1840.329620] process_one_work+0x193/0x3c0
[ 1840.329622] worker_thread+0x35/0x3b0
[ 1840.329624] kthread+0x125/0x140
[ 1840.329625] ? process_one_work+0x3c0/0x3c0
[ 1840.329626] ? kthread_park+0x60/0x60
[ 1840.329628] ? do_syscall_64+0x67/0x180
[ 1840.329631] ret_from_fork+0x25/0x30
This is because if there's only one online CPU, the MSR_PM_ENABLE
(package wide)can not be enabled after resumed, due to
intel_pstate_hwp_enable() will only be invoked on AP's online
process after resumed - if there's no AP online, the HWP remains
disabled after resumed (BIOS has disabled it in S3). Then if
there comes a _PPC change notification which touches HWP register
during this stage, the warning is triggered.
Since we don't call acpi_processor_register_performance() when
HWP is enabled, the pr->performance will be NULL. When this is
NULL we don't need to do _PPC change notification.
Reported-by: Doug Smythies <dsmythies@telus.net>
Suggested-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Yu Chen <yu.c.chen@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/processor_perflib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/processor_perflib.c
+++ b/drivers/acpi/processor_perflib.c
@@ -161,7 +161,7 @@ int acpi_processor_ppc_has_changed(struc
{
int ret;
- if (ignore_ppc) {
+ if (ignore_ppc || !pr->performance) {
/*
* Only when it is notification event, the _OST object
* will be evaluated. Otherwise it is skipped.
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 082/329] ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 081/329] ACPI: processor_perflib: Do not send _PPC change notification if not ready Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 083/329] bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Greg Kroah-Hartman
` (234 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 63347db0affadcbccd5613116ea8431c70139b3e ]
The acpi_get_bus_status wrapper for acpi_bus_get_status_handle has some
code to handle certain device quirks, in some cases we also need this
quirk handling for the initial _STA call.
Specifically on some devices calling _STA before all _DEP dependencies
are met results in errors like these:
[ 0.123579] ACPI Error: No handler for Region [ECRM] (00000000ba9edc4c)
[GenericSerialBus] (20170831/evregion-166)
[ 0.123601] ACPI Error: Region GenericSerialBus (ID=9) has no handler
(20170831/exfldio-299)
[ 0.123618] ACPI Error: Method parse/execution failed
\_SB.I2C1.BAT1._STA, AE_NOT_EXIST (20170831/psparse-550)
acpi_get_bus_status already has code to avoid this, so by using it we
also silence these errors from the initial _STA call.
Note that in order for the acpi_get_bus_status handling for this to work,
we initialize dep_unmet to 1 until acpi_device_dep_initialize gets called,
this means that battery devices will be instantiated with an initial
status of 0. This is not a problem, acpi_bus_attach will get called soon
after the instantiation anyways and it will update the status as first
point of order.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/scan.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -1422,6 +1422,8 @@ void acpi_init_device_object(struct acpi
device_initialize(&device->dev);
dev_set_uevent_suppress(&device->dev, true);
acpi_init_coherency(device);
+ /* Assume there are unmet deps until acpi_device_dep_initialize() runs */
+ device->dep_unmet = 1;
}
void acpi_device_add_finalize(struct acpi_device *device)
@@ -1445,6 +1447,14 @@ static int acpi_add_single_object(struct
}
acpi_init_device_object(device, handle, type, sta);
+ /*
+ * For ACPI_BUS_TYPE_DEVICE getting the status is delayed till here so
+ * that we can call acpi_bus_get_status() and use its quirk handling.
+ * Note this must be done before the get power-/wakeup_dev-flags calls.
+ */
+ if (type == ACPI_BUS_TYPE_DEVICE)
+ acpi_bus_get_status(device);
+
acpi_bus_get_power_flags(device);
acpi_bus_get_wakeup_device_flags(device);
@@ -1517,9 +1527,11 @@ static int acpi_bus_type_and_status(acpi
return -ENODEV;
*type = ACPI_BUS_TYPE_DEVICE;
- status = acpi_bus_get_status_handle(handle, sta);
- if (ACPI_FAILURE(status))
- *sta = 0;
+ /*
+ * acpi_add_single_object updates this once we've an acpi_device
+ * so that acpi_bus_get_status' quirk handling can be used.
+ */
+ *sta = 0;
break;
case ACPI_TYPE_PROCESSOR:
*type = ACPI_BUS_TYPE_PROCESSOR;
@@ -1621,6 +1633,8 @@ static void acpi_device_dep_initialize(s
acpi_status status;
int i;
+ adev->dep_unmet = 0;
+
if (!acpi_has_method(adev->handle, "_DEP"))
return;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 083/329] bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 082/329] ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 084/329] MIPS: generic: Fix machine compatible matching Greg Kroah-Hartman
` (233 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yonghong Song, Daniel Borkmann, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yonghong Song <yhs@fb.com>
[ Upstream commit 09584b406742413ac4c8d7e030374d4daa045b69 ]
With CONFIG_BPF_JIT_ALWAYS_ON is defined in the config file,
tools/testing/selftests/bpf/test_kmod.sh failed like below:
[root@localhost bpf]# ./test_kmod.sh
sysctl: setting key "net.core.bpf_jit_enable": Invalid argument
[ JIT enabled:0 hardened:0 ]
[ 132.175681] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
[ 132.458834] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
[ JIT enabled:1 hardened:0 ]
[ 133.456025] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
[ 133.730935] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
[ JIT enabled:1 hardened:1 ]
[ 134.769730] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
[ 135.050864] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
[ JIT enabled:1 hardened:2 ]
[ 136.442882] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
[ 136.821810] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
[root@localhost bpf]#
The test_kmod.sh load/remove test_bpf.ko multiple times with different
settings for sysctl net.core.bpf_jit_{enable,harden}. The failed test #297
of test_bpf.ko is designed such that JIT always fails.
Commit 290af86629b2 (bpf: introduce BPF_JIT_ALWAYS_ON config)
introduced the following tightening logic:
...
if (!bpf_prog_is_dev_bound(fp->aux)) {
fp = bpf_int_jit_compile(fp);
#ifdef CONFIG_BPF_JIT_ALWAYS_ON
if (!fp->jited) {
*err = -ENOTSUPP;
return fp;
}
#endif
...
With this logic, Test #297 always gets return value -ENOTSUPP
when CONFIG_BPF_JIT_ALWAYS_ON is defined, causing the test failure.
This patch fixed the failure by marking Test #297 as expected failure
when CONFIG_BPF_JIT_ALWAYS_ON is defined.
Fixes: 290af86629b2 (bpf: introduce BPF_JIT_ALWAYS_ON config)
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_bpf.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
--- a/lib/test_bpf.c
+++ b/lib/test_bpf.c
@@ -83,6 +83,7 @@ struct bpf_test {
__u32 result;
} test[MAX_SUBTESTS];
int (*fill_helper)(struct bpf_test *self);
+ int expected_errcode; /* used when FLAG_EXPECTED_FAIL is set in the aux */
__u8 frag_data[MAX_DATA];
};
@@ -1900,7 +1901,9 @@ static struct bpf_test tests[] = {
},
CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
{ },
- { }
+ { },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{
"check: div_k_0",
@@ -1910,7 +1913,9 @@ static struct bpf_test tests[] = {
},
CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
{ },
- { }
+ { },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{
"check: unknown insn",
@@ -1921,7 +1926,9 @@ static struct bpf_test tests[] = {
},
CLASSIC | FLAG_EXPECTED_FAIL,
{ },
- { }
+ { },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{
"check: out of range spill/fill",
@@ -1931,7 +1938,9 @@ static struct bpf_test tests[] = {
},
CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
{ },
- { }
+ { },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{
"JUMPS + HOLES",
@@ -2023,6 +2032,8 @@ static struct bpf_test tests[] = {
CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
{ },
{ },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{
"check: LDX + RET X",
@@ -2033,6 +2044,8 @@ static struct bpf_test tests[] = {
CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
{ },
{ },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{ /* Mainly checking JIT here. */
"M[]: alt STX + LDX",
@@ -2207,6 +2220,8 @@ static struct bpf_test tests[] = {
CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
{ },
{ },
+ .fill_helper = NULL,
+ .expected_errcode = -EINVAL,
},
{ /* Passes checker but fails during runtime. */
"LD [SKF_AD_OFF-1]",
@@ -4803,6 +4818,7 @@ static struct bpf_test tests[] = {
{ },
{ },
.fill_helper = bpf_fill_maxinsns4,
+ .expected_errcode = -EINVAL,
},
{ /* Mainly checking JIT here. */
"BPF_MAXINSNS: Very long jump",
@@ -4858,10 +4874,15 @@ static struct bpf_test tests[] = {
{
"BPF_MAXINSNS: Jump, gap, jump, ...",
{ },
+#ifdef CONFIG_BPF_JIT_ALWAYS_ON
+ CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL,
+#else
CLASSIC | FLAG_NO_DATA,
+#endif
{ },
{ { 0, 0xababcbac } },
.fill_helper = bpf_fill_maxinsns11,
+ .expected_errcode = -ENOTSUPP,
},
{
"BPF_MAXINSNS: ld_abs+get_processor_id",
@@ -5632,7 +5653,7 @@ static struct bpf_prog *generate_filter(
*err = bpf_prog_create(&fp, &fprog);
if (tests[which].aux & FLAG_EXPECTED_FAIL) {
- if (*err == -EINVAL) {
+ if (*err == tests[which].expected_errcode) {
pr_cont("PASS\n");
/* Verifier rejected filter as expected. */
*err = 0;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 084/329] MIPS: generic: Fix machine compatible matching
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 083/329] bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 085/329] MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Greg Kroah-Hartman
` (232 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hogan, Paul Burton,
Matt Redfearn, Ralf Baechle, linux-mips, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Hogan <jhogan@kernel.org>
[ Upstream commit 9a9ab3078e2744a1a55163cfaec73a5798aae33e ]
We now have a platform (Ranchu) in the "generic" platform which matches
based on the FDT compatible string using mips_machine_is_compatible(),
however that function doesn't stop at a blank struct
of_device_id::compatible as that is an array in the struct, not a
pointer to a string.
Fix the loop completion to check the first byte of the compatible array
rather than the address of the compatible array in the struct.
Fixes: eed0eabd12ef ("MIPS: generic: Introduce generic DT-based board support")
Signed-off-by: James Hogan <jhogan@kernel.org>
Reviewed-by: Paul Burton <paul.burton@mips.com>
Reviewed-by: Matt Redfearn <matt.redfearn@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/18580/
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/machine.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/include/asm/machine.h
+++ b/arch/mips/include/asm/machine.h
@@ -52,7 +52,7 @@ mips_machine_is_compatible(const struct
if (!mach->matches)
return NULL;
- for (match = mach->matches; match->compatible; match++) {
+ for (match = mach->matches; match->compatible[0]; match++) {
if (fdt_node_check_compatible(fdt, 0, match->compatible) == 0)
return match;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 085/329] MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 084/329] MIPS: generic: Fix machine compatible matching Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 086/329] xen-netfront: Fix race between device setup and open Greg Kroah-Hartman
` (231 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Redfearn, James Hogan,
Ralf Baechle, linux-mips, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Redfearn <matt.redfearn@mips.com>
[ Upstream commit 0cde5b44a30f1daaef1c34e08191239dc63271c4 ]
When commit b27311e1cace ("MIPS: TXx9: Add RBTX4939 board support")
added board support for the RBTX4939, it added a call to
led_classdev_register even if the LED class is built as a module.
Built-in arch code cannot call module code directly like this. Commit
b33b44073734 ("MIPS: TXX9: use IS_ENABLED() macro") subsequently
changed the inclusion of this code to a single check that
CONFIG_LEDS_CLASS is either builtin or a module, but the same issue
remains.
This leads to MIPS allmodconfig builds failing when CONFIG_MACH_TX49XX=y
is set:
arch/mips/txx9/rbtx4939/setup.o: In function `rbtx4939_led_probe':
setup.c:(.init.text+0xc0): undefined reference to `of_led_classdev_register'
make: *** [Makefile:999: vmlinux] Error 1
Fix this by using the IS_BUILTIN() macro instead.
Fixes: b27311e1cace ("MIPS: TXx9: Add RBTX4939 board support")
Signed-off-by: Matt Redfearn <matt.redfearn@mips.com>
Reviewed-by: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/18544/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/txx9/rbtx4939/setup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/mips/txx9/rbtx4939/setup.c
+++ b/arch/mips/txx9/rbtx4939/setup.c
@@ -186,7 +186,7 @@ static void __init rbtx4939_update_ioc_p
#define RBTX4939_MAX_7SEGLEDS 8
-#if IS_ENABLED(CONFIG_LEDS_CLASS)
+#if IS_BUILTIN(CONFIG_LEDS_CLASS)
static u8 led_val[RBTX4939_MAX_7SEGLEDS];
struct rbtx4939_led_data {
struct led_classdev cdev;
@@ -261,7 +261,7 @@ static inline void rbtx4939_led_setup(vo
static void __rbtx4939_7segled_putc(unsigned int pos, unsigned char val)
{
-#if IS_ENABLED(CONFIG_LEDS_CLASS)
+#if IS_BUILTIN(CONFIG_LEDS_CLASS)
unsigned long flags;
local_irq_save(flags);
/* bit7: reserved for LED class */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 086/329] xen-netfront: Fix race between device setup and open
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 085/329] MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 087/329] xen/grant-table: Use put_page instead of free_page Greg Kroah-Hartman
` (230 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ross Lagerwall, Boris Ostrovsky,
Juergen Gross, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ross Lagerwall <ross.lagerwall@citrix.com>
[ Upstream commit f599c64fdf7d9c108e8717fb04bc41c680120da4 ]
When a netfront device is set up it registers a netdev fairly early on,
before it has set up the queues and is actually usable. A userspace tool
like NetworkManager will immediately try to open it and access its state
as soon as it appears. The bug can be reproduced by hotplugging VIFs
until the VM runs out of grant refs. It registers the netdev but fails
to set up any queues (since there are no more grant refs). In the
meantime, NetworkManager opens the device and the kernel crashes trying
to access the queues (of which there are none).
Fix this in two ways:
* For initial setup, register the netdev much later, after the queues
are setup. This avoids the race entirely.
* During a suspend/resume cycle, the frontend reconnects to the backend
and the queues are recreated. It is possible (though highly unlikely) to
race with something opening the device and accessing the queues after
they have been destroyed but before they have been recreated. Extend the
region covered by the rtnl semaphore to protect against this race. There
is a possibility that we fail to recreate the queues so check for this
in the open function.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/xen-netfront.c | 46 +++++++++++++++++++++++----------------------
1 file changed, 24 insertions(+), 22 deletions(-)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -350,6 +350,9 @@ static int xennet_open(struct net_device
unsigned int i = 0;
struct netfront_queue *queue = NULL;
+ if (!np->queues)
+ return -ENODEV;
+
for (i = 0; i < num_queues; ++i) {
queue = &np->queues[i];
napi_enable(&queue->napi);
@@ -1377,18 +1380,8 @@ static int netfront_probe(struct xenbus_
#ifdef CONFIG_SYSFS
info->netdev->sysfs_groups[0] = &xennet_dev_group;
#endif
- err = register_netdev(info->netdev);
- if (err) {
- pr_warn("%s: register_netdev err=%d\n", __func__, err);
- goto fail;
- }
return 0;
-
- fail:
- xennet_free_netdev(netdev);
- dev_set_drvdata(&dev->dev, NULL);
- return err;
}
static void xennet_end_access(int ref, void *page)
@@ -1757,8 +1750,6 @@ static void xennet_destroy_queues(struct
{
unsigned int i;
- rtnl_lock();
-
for (i = 0; i < info->netdev->real_num_tx_queues; i++) {
struct netfront_queue *queue = &info->queues[i];
@@ -1767,8 +1758,6 @@ static void xennet_destroy_queues(struct
netif_napi_del(&queue->napi);
}
- rtnl_unlock();
-
kfree(info->queues);
info->queues = NULL;
}
@@ -1784,8 +1773,6 @@ static int xennet_create_queues(struct n
if (!info->queues)
return -ENOMEM;
- rtnl_lock();
-
for (i = 0; i < *num_queues; i++) {
struct netfront_queue *queue = &info->queues[i];
@@ -1794,7 +1781,7 @@ static int xennet_create_queues(struct n
ret = xennet_init_queue(queue);
if (ret < 0) {
- dev_warn(&info->netdev->dev,
+ dev_warn(&info->xbdev->dev,
"only created %d queues\n", i);
*num_queues = i;
break;
@@ -1808,10 +1795,8 @@ static int xennet_create_queues(struct n
netif_set_real_num_tx_queues(info->netdev, *num_queues);
- rtnl_unlock();
-
if (*num_queues == 0) {
- dev_err(&info->netdev->dev, "no queues\n");
+ dev_err(&info->xbdev->dev, "no queues\n");
return -EINVAL;
}
return 0;
@@ -1853,6 +1838,7 @@ static int talk_to_netback(struct xenbus
goto out;
}
+ rtnl_lock();
if (info->queues)
xennet_destroy_queues(info);
@@ -1863,6 +1849,7 @@ static int talk_to_netback(struct xenbus
info->queues = NULL;
goto out;
}
+ rtnl_unlock();
/* Create shared ring, alloc event channel -- for each queue */
for (i = 0; i < num_queues; ++i) {
@@ -1959,8 +1946,10 @@ abort_transaction_no_dev_fatal:
xenbus_transaction_end(xbt, 1);
destroy_ring:
xennet_disconnect_backend(info);
+ rtnl_lock();
xennet_destroy_queues(info);
out:
+ rtnl_unlock();
device_unregister(&dev->dev);
return err;
}
@@ -1996,6 +1985,15 @@ static int xennet_connect(struct net_dev
netdev_update_features(dev);
rtnl_unlock();
+ if (dev->reg_state == NETREG_UNINITIALIZED) {
+ err = register_netdev(dev);
+ if (err) {
+ pr_warn("%s: register_netdev err=%d\n", __func__, err);
+ device_unregister(&np->xbdev->dev);
+ return err;
+ }
+ }
+
/*
* All public and private state should now be sane. Get
* ready to start sending and receiving packets and give the driver
@@ -2186,10 +2184,14 @@ static int xennet_remove(struct xenbus_d
xennet_disconnect_backend(info);
- unregister_netdev(info->netdev);
+ if (info->netdev->reg_state == NETREG_REGISTERED)
+ unregister_netdev(info->netdev);
- if (info->queues)
+ if (info->queues) {
+ rtnl_lock();
xennet_destroy_queues(info);
+ rtnl_unlock();
+ }
xennet_free_netdev(info->netdev);
return 0;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 087/329] xen/grant-table: Use put_page instead of free_page
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 086/329] xen-netfront: Fix race between device setup and open Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 088/329] RDS: IB: Fix null pointer issue Greg Kroah-Hartman
` (229 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ross Lagerwall, Boris Ostrovsky,
Juergen Gross, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ross Lagerwall <ross.lagerwall@citrix.com>
[ Upstream commit 3ac7292a25db1c607a50752055a18aba32ac2176 ]
The page given to gnttab_end_foreign_access() to free could be a
compound page so use put_page() instead of free_page() since it can
handle both compound and single pages correctly.
This bug was discovered when migrating a Xen VM with several VIFs and
CONFIG_DEBUG_VM enabled. It hits a BUG usually after fewer than 10
iterations. All netfront devices disconnect from the backend during a
suspend/resume and this will call gnttab_end_foreign_access() if a
netfront queue has an outstanding skb. The mismatch between calling
get_page() and free_page() on a compound page causes a reference
counting error which is detected when DEBUG_VM is enabled.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/grant-table.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/xen/grant-table.c
+++ b/drivers/xen/grant-table.c
@@ -327,7 +327,7 @@ static void gnttab_handle_deferred(unsig
if (entry->page) {
pr_debug("freeing g.e. %#x (pfn %#lx)\n",
entry->ref, page_to_pfn(entry->page));
- __free_page(entry->page);
+ put_page(entry->page);
} else
pr_info("freeing g.e. %#x\n", entry->ref);
kfree(entry);
@@ -383,7 +383,7 @@ void gnttab_end_foreign_access(grant_ref
if (gnttab_end_foreign_access_ref(ref, readonly)) {
put_free_entry(ref);
if (page != 0)
- free_page(page);
+ put_page(virt_to_page(page));
} else
gnttab_add_deferred(ref, readonly,
page ? virt_to_page(page) : NULL);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 088/329] RDS: IB: Fix null pointer issue
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 087/329] xen/grant-table: Use put_page instead of free_page Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 089/329] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics Greg Kroah-Hartman
` (228 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guanglei Li, Honglei Wang,
Junxiao Bi, Yanjun Zhu, Leon Romanovsky, Santosh Shilimkar,
Doug Ledford, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guanglei Li <guanglei.li@oracle.com>
[ Upstream commit 2c0aa08631b86a4678dbc93b9caa5248014b4458 ]
Scenario:
1. Port down and do fail over
2. Ap do rds_bind syscall
PID: 47039 TASK: ffff89887e2fe640 CPU: 47 COMMAND: "kworker/u:6"
#0 [ffff898e35f159f0] machine_kexec at ffffffff8103abf9
#1 [ffff898e35f15a60] crash_kexec at ffffffff810b96e3
#2 [ffff898e35f15b30] oops_end at ffffffff8150f518
#3 [ffff898e35f15b60] no_context at ffffffff8104854c
#4 [ffff898e35f15ba0] __bad_area_nosemaphore at ffffffff81048675
#5 [ffff898e35f15bf0] bad_area_nosemaphore at ffffffff810487d3
#6 [ffff898e35f15c00] do_page_fault at ffffffff815120b8
#7 [ffff898e35f15d10] page_fault at ffffffff8150ea95
[exception RIP: unknown or invalid address]
RIP: 0000000000000000 RSP: ffff898e35f15dc8 RFLAGS: 00010282
RAX: 00000000fffffffe RBX: ffff889b77f6fc00 RCX:ffffffff81c99d88
RDX: 0000000000000000 RSI: ffff896019ee08e8 RDI:ffff889b77f6fc00
RBP: ffff898e35f15df0 R8: ffff896019ee08c8 R9:0000000000000000
R10: 0000000000000400 R11: 0000000000000000 R12:ffff896019ee08c0
R13: ffff889b77f6fe68 R14: ffffffff81c99d80 R15: ffffffffa022a1e0
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#8 [ffff898e35f15dc8] cma_ndev_work_handler at ffffffffa022a228 [rdma_cm]
#9 [ffff898e35f15df8] process_one_work at ffffffff8108a7c6
#10 [ffff898e35f15e58] worker_thread at ffffffff8108bda0
#11 [ffff898e35f15ee8] kthread at ffffffff81090fe6
PID: 45659 TASK: ffff880d313d2500 CPU: 31 COMMAND: "oracle_45659_ap"
#0 [ffff881024ccfc98] __schedule at ffffffff8150bac4
#1 [ffff881024ccfd40] schedule at ffffffff8150c2cf
#2 [ffff881024ccfd50] __mutex_lock_slowpath at ffffffff8150cee7
#3 [ffff881024ccfdc0] mutex_lock at ffffffff8150cdeb
#4 [ffff881024ccfde0] rdma_destroy_id at ffffffffa022a027 [rdma_cm]
#5 [ffff881024ccfe10] rds_ib_laddr_check at ffffffffa0357857 [rds_rdma]
#6 [ffff881024ccfe50] rds_trans_get_preferred at ffffffffa0324c2a [rds]
#7 [ffff881024ccfe80] rds_bind at ffffffffa031d690 [rds]
#8 [ffff881024ccfeb0] sys_bind at ffffffff8142a670
PID: 45659 PID: 47039
rds_ib_laddr_check
/* create id_priv with a null event_handler */
rdma_create_id
rdma_bind_addr
cma_acquire_dev
/* add id_priv to cma_dev->id_list */
cma_attach_to_dev
cma_ndev_work_handler
/* event_hanlder is null */
id_priv->id.event_handler
Signed-off-by: Guanglei Li <guanglei.li@oracle.com>
Signed-off-by: Honglei Wang <honglei.wang@oracle.com>
Reviewed-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Yanjun Zhu <yanjun.zhu@oracle.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rds/ib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/rds/ib.c
+++ b/net/rds/ib.c
@@ -336,7 +336,8 @@ static int rds_ib_laddr_check(struct net
/* Create a CMA ID and try to bind it. This catches both
* IB and iWARP capable NICs.
*/
- cm_id = rdma_create_id(&init_net, NULL, NULL, RDMA_PS_TCP, IB_QPT_RC);
+ cm_id = rdma_create_id(&init_net, rds_rdma_cm_event_handler,
+ NULL, RDMA_PS_TCP, IB_QPT_RC);
if (IS_ERR(cm_id))
return PTR_ERR(cm_id);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 089/329] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 088/329] RDS: IB: Fix null pointer issue Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 090/329] proc: fix /proc/*/map_files lookup Greg Kroah-Hartman
` (227 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catalin Marinas, Will Deacon, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 202fb4ef81e3ec765c23bd1e6746a5c25b797d0e ]
If the spinlock "next" ticket wraps around between the initial LDR
and the cmpxchg in the LSE version of spin_trylock, then we can erroneously
think that we have successfuly acquired the lock because we only check
whether the next ticket return by the cmpxchg is equal to the owner ticket
in our updated lock word.
This patch fixes the issue by performing a full 32-bit check of the lock
word when trying to determine whether or not the CASA instruction updated
memory.
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/spinlock.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/include/asm/spinlock.h
+++ b/arch/arm64/include/asm/spinlock.h
@@ -141,8 +141,8 @@ static inline int arch_spin_trylock(arch
" cbnz %w1, 1f\n"
" add %w1, %w0, %3\n"
" casa %w0, %w1, %2\n"
- " and %w1, %w1, #0xffff\n"
- " eor %w1, %w1, %w0, lsr #16\n"
+ " sub %w1, %w1, %3\n"
+ " eor %w1, %w1, %w0\n"
"1:")
: "=&r" (lockval), "=&r" (tmp), "+Q" (*lock)
: "I" (1 << TICKET_SHIFT)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 090/329] proc: fix /proc/*/map_files lookup
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 089/329] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 091/329] cifs: silence compiler warnings showing up with gcc-8.0.0 Greg Kroah-Hartman
` (226 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Dobriyan, Pavel Emelyanov,
Andrei Vagin, Andrew Morton, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Dobriyan <adobriyan@gmail.com>
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ]
Current code does:
if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
However sscanf() is broken garbage.
It silently accepts whitespace between format specifiers
(did you know that?).
It silently accepts valid strings which result in integer overflow.
Do not use sscanf() for any even remotely reliable parsing code.
OK
# readlink '/proc/1/map_files/55a23af39000-55a23b05b000'
/lib/systemd/systemd
broken
# readlink '/proc/1/map_files/ 55a23af39000-55a23b05b000'
/lib/systemd/systemd
broken
# readlink '/proc/1/map_files/55a23af39000-55a23b05b000 '
/lib/systemd/systemd
very broken
# readlink '/proc/1/map_files/1000000000000000055a23af39000-55a23b05b000'
/lib/systemd/systemd
Andrei said:
: This patch breaks criu. It was a bug in criu. And this bug is on a minor
: path, which works when memfd_create() isn't available. It is a reason why
: I ask to not backport this patch to stable kernels.
:
: In CRIU this bug can be triggered, only if this patch will be backported
: to a kernel which version is lower than v3.16.
Link: http://lkml.kernel.org/r/20171120212706.GA14325@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/base.c | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -94,6 +94,8 @@
#include "internal.h"
#include "fd.h"
+#include "../../lib/kstrtox.h"
+
/* NOTE:
* Implementing inode permission operations in /proc is almost
* certainly an error. Permission checks need to happen during
@@ -1864,8 +1866,33 @@ end_instantiate:
static int dname_to_vma_addr(struct dentry *dentry,
unsigned long *start, unsigned long *end)
{
- if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
+ const char *str = dentry->d_name.name;
+ unsigned long long sval, eval;
+ unsigned int len;
+
+ len = _parse_integer(str, 16, &sval);
+ if (len & KSTRTOX_OVERFLOW)
+ return -EINVAL;
+ if (sval != (unsigned long)sval)
return -EINVAL;
+ str += len;
+
+ if (*str != '-')
+ return -EINVAL;
+ str++;
+
+ len = _parse_integer(str, 16, &eval);
+ if (len & KSTRTOX_OVERFLOW)
+ return -EINVAL;
+ if (eval != (unsigned long)eval)
+ return -EINVAL;
+ str += len;
+
+ if (*str != '\0')
+ return -EINVAL;
+
+ *start = sval;
+ *end = eval;
return 0;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 091/329] cifs: silence compiler warnings showing up with gcc-8.0.0
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 090/329] proc: fix /proc/*/map_files lookup Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 092/329] bcache: properly set task state in bch_writeback_thread() Greg Kroah-Hartman
` (225 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Steve French, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit ade7db991b47ab3016a414468164f4966bd08202 ]
This bug was fixed before, but came up again with the latest
compiler in another function:
fs/cifs/cifssmb.c: In function 'CIFSSMBSetEA':
fs/cifs/cifssmb.c:6362:3: error: 'strncpy' offset 8 is out of the bounds [0, 4] [-Werror=array-bounds]
strncpy(parm_data->list[0].name, ea_name, name_len);
Let's apply the same fix that was used for the other instances.
Fixes: b2a3ad9ca502 ("cifs: silence compiler warnings showing up with gcc-4.7.0")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifssmb.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -6413,9 +6413,7 @@ SetEARetry:
pSMB->InformationLevel =
cpu_to_le16(SMB_SET_FILE_EA);
- parm_data =
- (struct fealist *) (((char *) &pSMB->hdr.Protocol) +
- offset);
+ parm_data = (void *)pSMB + offsetof(struct smb_hdr, Protocol) + offset;
pSMB->ParameterOffset = cpu_to_le16(param_offset);
pSMB->DataOffset = cpu_to_le16(offset);
pSMB->SetupCount = 1;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 092/329] bcache: properly set task state in bch_writeback_thread()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 091/329] cifs: silence compiler warnings showing up with gcc-8.0.0 Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 094/329] bcache: fix for data collapse after re-attaching an attached device Greg Kroah-Hartman
` (224 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Coly Li, Hannes Reinecke,
Michael Lyle, Junhui Tang, Jens Axboe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Coly Li <colyli@suse.de>
[ Upstream commit 99361bbf26337186f02561109c17a4c4b1a7536a ]
Kernel thread routine bch_writeback_thread() has the following code block,
447 down_write(&dc->writeback_lock);
448~450 if (check conditions) {
451 up_write(&dc->writeback_lock);
452 set_current_state(TASK_INTERRUPTIBLE);
453
454 if (kthread_should_stop())
455 return 0;
456
457 schedule();
458 continue;
459 }
If condition check is true, its task state is set to TASK_INTERRUPTIBLE
and call schedule() to wait for others to wake up it.
There are 2 issues in current code,
1, Task state is set to TASK_INTERRUPTIBLE after the condition checks, if
another process changes the condition and call wake_up_process(dc->
writeback_thread), then at line 452 task state is set back to
TASK_INTERRUPTIBLE, the writeback kernel thread will lose a chance to be
waken up.
2, At line 454 if kthread_should_stop() is true, writeback kernel thread
will return to kernel/kthread.c:kthread() with TASK_INTERRUPTIBLE and
call do_exit(). It is not good to enter do_exit() with task state
TASK_INTERRUPTIBLE, in following code path might_sleep() is called and a
warning message is reported by __might_sleep(): "WARNING: do not call
blocking ops when !TASK_RUNNING; state=1 set at [xxxx]".
For the first issue, task state should be set before condition checks.
Ineed because dc->writeback_lock is required when modifying all the
conditions, calling set_current_state() inside code block where dc->
writeback_lock is hold is safe. But this is quite implicit, so I still move
set_current_state() before all the condition checks.
For the second issue, frankley speaking it does not hurt when kernel thread
exits with TASK_INTERRUPTIBLE state, but this warning message scares users,
makes them feel there might be something risky with bcache and hurt their
data. Setting task state to TASK_RUNNING before returning fixes this
problem.
In alloc.c:allocator_wait(), there is also a similar issue, and is also
fixed in this patch.
Changelog:
v3: merge two similar fixes into one patch
v2: fix the race issue in v1 patch.
v1: initial buggy fix.
Signed-off-by: Coly Li <colyli@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Cc: Michael Lyle <mlyle@lyle.org>
Cc: Junhui Tang <tang.junhui@zte.com.cn>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/alloc.c | 4 +++-
drivers/md/bcache/writeback.c | 7 +++++--
2 files changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -284,8 +284,10 @@ do { \
break; \
\
mutex_unlock(&(ca)->set->bucket_lock); \
- if (kthread_should_stop()) \
+ if (kthread_should_stop()) { \
+ set_current_state(TASK_RUNNING); \
return 0; \
+ } \
\
schedule(); \
mutex_lock(&(ca)->set->bucket_lock); \
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -420,18 +420,21 @@ static int bch_writeback_thread(void *ar
while (!kthread_should_stop()) {
down_write(&dc->writeback_lock);
+ set_current_state(TASK_INTERRUPTIBLE);
if (!atomic_read(&dc->has_dirty) ||
(!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags) &&
!dc->writeback_running)) {
up_write(&dc->writeback_lock);
- set_current_state(TASK_INTERRUPTIBLE);
- if (kthread_should_stop())
+ if (kthread_should_stop()) {
+ set_current_state(TASK_RUNNING);
return 0;
+ }
schedule();
continue;
}
+ set_current_state(TASK_RUNNING);
searched_full_index = refill_dirty(dc);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 094/329] bcache: fix for data collapse after re-attaching an attached device
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 092/329] bcache: properly set task state in bch_writeback_thread() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 095/329] bcache: return attach error when no cache set exist Greg Kroah-Hartman
` (223 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tang Junhui, Michael Lyle,
Jens Axboe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui@zte.com.cn>
[ Upstream commit 73ac105be390c1de42a2f21643c9778a5e002930 ]
back-end device sdm has already attached a cache_set with ID
f67ebe1f-f8bc-4d73-bfe5-9dc88607f119, then try to attach with
another cache set, and it returns with an error:
[root]# cd /sys/block/sdm/bcache
[root]# echo 5ccd0a63-148e-48b8-afa2-aca9cbd6279f > attach
-bash: echo: write error: Invalid argument
After that, execute a command to modify the label of bcache
device:
[root]# echo data_disk1 > label
Then we reboot the system, when the system power on, the back-end
device can not attach to cache_set, a messages show in the log:
Feb 5 12:05:52 ceph152 kernel: [922385.508498] bcache:
bch_cached_dev_attach() couldn't find uuid for sdm in set
In sysfs_attach(), dc->sb.set_uuid was assigned to the value
which input through sysfs, no matter whether it is success
or not in bch_cached_dev_attach(). For example, If the back-end
device has already attached to an cache set, bch_cached_dev_attach()
would fail, but dc->sb.set_uuid was changed. Then modify the
label of bcache device, it will call bch_write_bdev_super(),
which would write the dc->sb.set_uuid to the super block, so we
record a wrong cache set ID in the super block, after the system
reboot, the cache set couldn't find the uuid of the back-end
device, so the bcache device couldn't exist and use any more.
In this patch, we don't assigned cache set ID to dc->sb.set_uuid
in sysfs_attach() directly, but input it into bch_cached_dev_attach(),
and assigned dc->sb.set_uuid to the cache set ID after the back-end
device attached to the cache set successful.
Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/bcache.h | 2 +-
drivers/md/bcache/super.c | 10 ++++++----
drivers/md/bcache/sysfs.c | 6 ++++--
3 files changed, 11 insertions(+), 7 deletions(-)
--- a/drivers/md/bcache/bcache.h
+++ b/drivers/md/bcache/bcache.h
@@ -904,7 +904,7 @@ void bcache_write_super(struct cache_set
int bch_flash_dev_create(struct cache_set *c, uint64_t size);
-int bch_cached_dev_attach(struct cached_dev *, struct cache_set *);
+int bch_cached_dev_attach(struct cached_dev *, struct cache_set *, uint8_t *);
void bch_cached_dev_detach(struct cached_dev *);
void bch_cached_dev_run(struct cached_dev *);
void bcache_device_stop(struct bcache_device *);
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -938,7 +938,8 @@ void bch_cached_dev_detach(struct cached
cached_dev_put(dc);
}
-int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c)
+int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c,
+ uint8_t *set_uuid)
{
uint32_t rtime = cpu_to_le32(get_seconds());
struct uuid_entry *u;
@@ -947,7 +948,8 @@ int bch_cached_dev_attach(struct cached_
bdevname(dc->bdev, buf);
- if (memcmp(dc->sb.set_uuid, c->sb.set_uuid, 16))
+ if ((set_uuid && memcmp(set_uuid, c->sb.set_uuid, 16)) ||
+ (!set_uuid && memcmp(dc->sb.set_uuid, c->sb.set_uuid, 16)))
return -ENOENT;
if (dc->disk.c) {
@@ -1191,7 +1193,7 @@ static void register_bdev(struct cache_s
list_add(&dc->list, &uncached_devices);
list_for_each_entry(c, &bch_cache_sets, list)
- bch_cached_dev_attach(dc, c);
+ bch_cached_dev_attach(dc, c, NULL);
if (BDEV_STATE(&dc->sb) == BDEV_STATE_NONE ||
BDEV_STATE(&dc->sb) == BDEV_STATE_STALE)
@@ -1714,7 +1716,7 @@ static void run_cache_set(struct cache_s
bcache_write_super(c);
list_for_each_entry_safe(dc, t, &uncached_devices, list)
- bch_cached_dev_attach(dc, c);
+ bch_cached_dev_attach(dc, c, NULL);
flash_devs_run(c);
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -263,11 +263,13 @@ STORE(__cached_dev)
}
if (attr == &sysfs_attach) {
- if (bch_parse_uuid(buf, dc->sb.set_uuid) < 16)
+ uint8_t set_uuid[16];
+
+ if (bch_parse_uuid(buf, set_uuid) < 16)
return -EINVAL;
list_for_each_entry(c, &bch_cache_sets, list) {
- v = bch_cached_dev_attach(dc, c);
+ v = bch_cached_dev_attach(dc, c, set_uuid);
if (!v)
return size;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 095/329] bcache: return attach error when no cache set exist
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 094/329] bcache: fix for data collapse after re-attaching an attached device Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 096/329] tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Greg Kroah-Hartman
` (222 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tang Junhui, Michael Lyle,
Jens Axboe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui@zte.com.cn>
[ Upstream commit 7f4fc93d4713394ee8f1cd44c238e046e11b4f15 ]
I attach a back-end device to a cache set, and the cache set is not
registered yet, this back-end device did not attach successfully, and no
error returned:
[root]# echo 87859280-fec6-4bcc-20df7ca8f86b > /sys/block/sde/bcache/attach
[root]#
In sysfs_attach(), the return value "v" is initialized to "size" in
the beginning, and if no cache set exist in bch_cache_sets, the "v" value
would not change any more, and return to sysfs, sysfs regard it as success
since the "size" is a positive number.
This patch fixes this issue by assigning "v" with "-ENOENT" in the
initialization.
Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/sysfs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -191,7 +191,7 @@ STORE(__cached_dev)
{
struct cached_dev *dc = container_of(kobj, struct cached_dev,
disk.kobj);
- ssize_t v = size;
+ ssize_t v;
struct cache_set *c;
struct kobj_uevent_env *env;
@@ -268,6 +268,7 @@ STORE(__cached_dev)
if (bch_parse_uuid(buf, set_uuid) < 16)
return -EINVAL;
+ v = -ENOENT;
list_for_each_entry(c, &bch_cache_sets, list) {
v = bch_cached_dev_attach(dc, c, set_uuid);
if (!v)
@@ -275,7 +276,7 @@ STORE(__cached_dev)
}
pr_err("Can't attach %s: cache set not found", buf);
- size = v;
+ return v;
}
if (attr == &sysfs_detach && dc->disk.c)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 096/329] tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 095/329] bcache: return attach error when no cache set exist Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 097/329] bpf: fix rlimit in reuseport net selftest Greg Kroah-Hartman
` (221 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jesper Dangaard Brouer,
Daniel Borkmann, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jesper Dangaard Brouer <brouer@redhat.com>
[ Upstream commit e3d91b0ca523d53158f435a3e13df7f0cb360ea2 ]
V3: More generic skipping of relo-section (suggested by Daniel)
If clang >= 4.0.1 is missing the option '-target bpf', it will cause
llc/llvm to create two ELF sections for "Exception Frames", with
section names '.eh_frame' and '.rel.eh_frame'.
The BPF ELF loader library libbpf fails when loading files with these
sections. The other in-kernel BPF ELF loader in samples/bpf/bpf_load.c,
handle this gracefully. And iproute2 loader also seems to work with these
"eh" sections.
The issue in libbpf is caused by bpf_object__elf_collect() skipping
some sections, and later when performing relocation it will be
pointing to a skipped section, as these sections cannot be found by
bpf_object__find_prog_by_idx() in bpf_object__collect_reloc().
This is a general issue that also occurs for other sections, like
debug sections which are also skipped and can have relo section.
As suggested by Daniel. To avoid keeping state about all skipped
sections, instead perform a direct qlookup in the ELF object. Lookup
the section that the relo-section points to and check if it contains
executable machine instructions (denoted by the sh_flags
SHF_EXECINSTR). Use this check to also skip irrelevant relo-sections.
Note, for samples/bpf/ the '-target bpf' parameter to clang cannot be used
due to incompatibility with asm embedded headers, that some of the samples
include. This is explained in more details by Yonghong Song in bpf_devel_QA.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/lib/bpf/libbpf.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -590,6 +590,24 @@ bpf_object__init_maps_name(struct bpf_ob
return 0;
}
+static bool section_have_execinstr(struct bpf_object *obj, int idx)
+{
+ Elf_Scn *scn;
+ GElf_Shdr sh;
+
+ scn = elf_getscn(obj->efile.elf, idx);
+ if (!scn)
+ return false;
+
+ if (gelf_getshdr(scn, &sh) != &sh)
+ return false;
+
+ if (sh.sh_flags & SHF_EXECINSTR)
+ return true;
+
+ return false;
+}
+
static int bpf_object__elf_collect(struct bpf_object *obj)
{
Elf *elf = obj->efile.elf;
@@ -673,6 +691,14 @@ static int bpf_object__elf_collect(struc
} else if (sh.sh_type == SHT_REL) {
void *reloc = obj->efile.reloc;
int nr_reloc = obj->efile.nr_reloc + 1;
+ int sec = sh.sh_info; /* points to other section */
+
+ /* Only do relo for section with exec instructions */
+ if (!section_have_execinstr(obj, sec)) {
+ pr_debug("skip relo %s(%d) for section(%d)\n",
+ name, idx, sec);
+ continue;
+ }
reloc = realloc(reloc,
sizeof(*obj->efile.reloc) * nr_reloc);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 097/329] bpf: fix rlimit in reuseport net selftest
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 096/329] tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 098/329] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Greg Kroah-Hartman
` (220 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naresh Kamboju, Daniel Borkmann,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Borkmann <daniel@iogearbox.net>
[ Upstream commit 941ff6f11c020913f5cddf543a9ec63475d7c082 ]
Fix two issues in the reuseport_bpf selftests that were
reported by Linaro CI:
[...]
+ ./reuseport_bpf
---- IPv4 UDP ----
Testing EBPF mod 10...
Reprograming, testing mod 5...
./reuseport_bpf: ebpf error. log:
0: (bf) r6 = r1
1: (20) r0 = *(u32 *)skb[0]
2: (97) r0 %= 10
3: (95) exit
processed 4 insns
: Operation not permitted
+ echo FAIL
[...]
---- IPv4 TCP ----
Testing EBPF mod 10...
./reuseport_bpf: failed to bind send socket: Address already in use
+ echo FAIL
[...]
For the former adjust rlimit since this was the cause of
failure for loading the BPF prog, and for the latter add
SO_REUSEADDR.
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Link: https://bugs.linaro.org/show_bug.cgi?id=3502
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/reuseport_bpf.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
--- a/tools/testing/selftests/net/reuseport_bpf.c
+++ b/tools/testing/selftests/net/reuseport_bpf.c
@@ -21,6 +21,7 @@
#include <sys/epoll.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/resource.h>
#include <unistd.h>
#ifndef ARRAY_SIZE
@@ -190,11 +191,14 @@ static void send_from(struct test_params
struct sockaddr * const saddr = new_any_sockaddr(p.send_family, sport);
struct sockaddr * const daddr =
new_loopback_sockaddr(p.send_family, p.recv_port);
- const int fd = socket(p.send_family, p.protocol, 0);
+ const int fd = socket(p.send_family, p.protocol, 0), one = 1;
if (fd < 0)
error(1, errno, "failed to create send socket");
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)))
+ error(1, errno, "failed to set reuseaddr");
+
if (bind(fd, saddr, sockaddr_size()))
error(1, errno, "failed to bind send socket");
@@ -433,6 +437,21 @@ void enable_fastopen(void)
}
}
+static struct rlimit rlim_old, rlim_new;
+
+static __attribute__((constructor)) void main_ctor(void)
+{
+ getrlimit(RLIMIT_MEMLOCK, &rlim_old);
+ rlim_new.rlim_cur = rlim_old.rlim_cur + (1UL << 20);
+ rlim_new.rlim_max = rlim_old.rlim_max + (1UL << 20);
+ setrlimit(RLIMIT_MEMLOCK, &rlim_new);
+}
+
+static __attribute__((destructor)) void main_dtor(void)
+{
+ setrlimit(RLIMIT_MEMLOCK, &rlim_old);
+}
+
int main(void)
{
fprintf(stderr, "---- IPv4 UDP ----\n");
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 098/329] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 097/329] bpf: fix rlimit in reuseport net selftest Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 099/329] locking/qspinlock: Ensure node->count is updated before initialising node Greg Kroah-Hartman
` (219 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia Zhang, Jiri Olsa, Al Viro,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, jolsa,
Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jia Zhang <zhang.jia@linux.alibaba.com>
[ Upstream commit 595dd46ebfc10be041a365d0a3fa99df50b6ba73 ]
Commit:
df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext data")
... introduced a bounce buffer to work around CONFIG_HARDENED_USERCOPY=y.
However, accessing the vsyscall user page will cause an SMAP fault.
Replace memcpy() with copy_from_user() to fix this bug works, but adding
a common way to handle this sort of user page may be useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jolsa@redhat.com
Link: http://lkml.kernel.org/r/1518446694-21124-2-git-send-email-zhang.jia@linux.alibaba.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/init_64.c | 3 +--
fs/proc/kcore.c | 4 ++++
include/linux/kcore.h | 1 +
3 files changed, 6 insertions(+), 2 deletions(-)
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1014,8 +1014,7 @@ void __init mem_init(void)
after_bootmem = 1;
/* Register memory areas for /proc/kcore */
- kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
- PAGE_SIZE, KCORE_OTHER);
+ kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR, PAGE_SIZE, KCORE_USER);
mem_init_print_info(NULL);
}
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -505,6 +505,10 @@ read_kcore(struct file *file, char __use
/* we have to zero-fill user buffer even if no read */
if (copy_to_user(buffer, buf, tsz))
return -EFAULT;
+ } else if (m->type == KCORE_USER) {
+ /* User page is handled prior to normal kernel page: */
+ if (copy_to_user(buffer, (char *)start, tsz))
+ return -EFAULT;
} else {
if (kern_addr_valid(start)) {
/*
--- a/include/linux/kcore.h
+++ b/include/linux/kcore.h
@@ -9,6 +9,7 @@ enum kcore_type {
KCORE_VMALLOC,
KCORE_RAM,
KCORE_VMEMMAP,
+ KCORE_USER,
KCORE_OTHER,
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 099/329] locking/qspinlock: Ensure node->count is updated before initialising node
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 098/329] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 100/329] irqchip/gic-v3: Ignore disabled ITS nodes Greg Kroah-Hartman
` (218 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 11dc13224c975efcec96647a4768a6f1bb7a19a8 ]
When queuing on the qspinlock, the count field for the current CPU's head
node is incremented. This needn't be atomic because locking in e.g. IRQ
context is balanced and so an IRQ will return with node->count as it
found it.
However, the compiler could in theory reorder the initialisation of
node[idx] before the increment of the head node->count, causing an
IRQ to overwrite the initialised node and potentially corrupt the lock
state.
Avoid the potential for this harmful compiler reordering by placing a
barrier() between the increment of the head node->count and the subsequent
node initialisation.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1518528177-19169-3-git-send-email-will.deacon@arm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/locking/qspinlock.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/kernel/locking/qspinlock.c
+++ b/kernel/locking/qspinlock.c
@@ -495,6 +495,14 @@ queue:
tail = encode_tail(smp_processor_id(), idx);
node += idx;
+
+ /*
+ * Ensure that we increment the head node->count before initialising
+ * the actual node. If the compiler is kind enough to reorder these
+ * stores, then an IRQ could overwrite our assignments.
+ */
+ barrier();
+
node->locked = 0;
node->next = NULL;
pv_init_node(node);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 100/329] irqchip/gic-v3: Ignore disabled ITS nodes
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 099/329] locking/qspinlock: Ensure node->count is updated before initialising node Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 101/329] cpumask: Make for_each_cpu_wrap() available on UP as well Greg Kroah-Hartman
` (217 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stuart Yoder, Laurentiu Tudor,
Marc Zyngier, Rajendra Nayak, Stephen Boyd, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Boyd <sboyd@codeaurora.org>
[ Upstream commit 95a2562590c2f64a0398183f978d5cf3db6d0284 ]
On some platforms there's an ITS available but it's not enabled
because reading or writing the registers is denied by the
firmware. In fact, reading or writing them will cause the system
to reset. We could remove the node from DT in such a case, but
it's better to skip nodes that are marked as "disabled" in DT so
that we can describe the hardware that exists and use the status
property to indicate how the firmware has configured things.
Cc: Stuart Yoder <stuyoder@gmail.com>
Cc: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Rajendra Nayak <rnayak@codeaurora.org>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 ++
drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 ++
drivers/irqchip/irq-gic-v3-its.c | 2 ++
drivers/staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 ++
4 files changed, 8 insertions(+)
--- a/drivers/irqchip/irq-gic-v3-its-pci-msi.c
+++ b/drivers/irqchip/irq-gic-v3-its-pci-msi.c
@@ -133,6 +133,8 @@ static int __init its_pci_of_msi_init(vo
for (np = of_find_matching_node(NULL, its_device_id); np;
np = of_find_matching_node(np, its_device_id)) {
+ if (!of_device_is_available(np))
+ continue;
if (!of_property_read_bool(np, "msi-controller"))
continue;
--- a/drivers/irqchip/irq-gic-v3-its-platform-msi.c
+++ b/drivers/irqchip/irq-gic-v3-its-platform-msi.c
@@ -80,6 +80,8 @@ static int __init its_pmsi_init(void)
for (np = of_find_matching_node(NULL, its_device_id); np;
np = of_find_matching_node(np, its_device_id)) {
+ if (!of_device_is_available(np))
+ continue;
if (!of_property_read_bool(np, "msi-controller"))
continue;
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -1807,6 +1807,8 @@ static int __init its_of_probe(struct de
for (np = of_find_matching_node(node, its_device_id); np;
np = of_find_matching_node(np, its_device_id)) {
+ if (!of_device_is_available(np))
+ continue;
if (!of_property_read_bool(np, "msi-controller")) {
pr_warn("%s: no msi-controller property, ITS ignored\n",
np->full_name);
--- a/drivers/staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c
+++ b/drivers/staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c
@@ -75,6 +75,8 @@ int __init its_fsl_mc_msi_init(void)
for (np = of_find_matching_node(NULL, its_device_id); np;
np = of_find_matching_node(np, its_device_id)) {
+ if (!of_device_is_available(np))
+ continue;
if (!of_property_read_bool(np, "msi-controller"))
continue;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 101/329] cpumask: Make for_each_cpu_wrap() available on UP as well
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 100/329] irqchip/gic-v3: Ignore disabled ITS nodes Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 102/329] irqchip/gic-v3: Change pr_debug message to pr_devel Greg Kroah-Hartman
` (216 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Michael Kelley,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, kys,
martin.petersen, mikelley, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Kelley <mhkelley@outlook.com>
[ Upstream commit d207af2eab3f8668b95ad02b21930481c42806fd ]
for_each_cpu_wrap() was originally added in the #else half of a
large "#if NR_CPUS == 1" statement, but was omitted in the #if
half. This patch adds the missing #if half to prevent compile
errors when NR_CPUS is 1.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Michael Kelley <mhkelley@outlook.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kys@microsoft.com
Cc: martin.petersen@oracle.com
Cc: mikelley@microsoft.com
Fixes: c743f0a5c50f ("sched/fair, cpumask: Export for_each_cpu_wrap()")
Link: http://lkml.kernel.org/r/SN6PR1901MB2045F087F59450507D4FCC17CBF50@SN6PR1901MB2045.namprd19.prod.outlook.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/cpumask.h | 2 ++
1 file changed, 2 insertions(+)
--- a/include/linux/cpumask.h
+++ b/include/linux/cpumask.h
@@ -164,6 +164,8 @@ static inline unsigned int cpumask_local
for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask)
#define for_each_cpu_not(cpu, mask) \
for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask)
+#define for_each_cpu_wrap(cpu, mask, start) \
+ for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask, (void)(start))
#define for_each_cpu_and(cpu, mask, and) \
for ((cpu) = 0; (cpu) < 1; (cpu)++, (void)mask, (void)and)
#else
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 102/329] irqchip/gic-v3: Change pr_debug message to pr_devel
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 101/329] cpumask: Make for_each_cpu_wrap() available on UP as well Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 103/329] ARC: Fix malformed ARC_EMUL_UNALIGNED default Greg Kroah-Hartman
` (215 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Salter, Marc Zyngier, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Salter <msalter@redhat.com>
[ Upstream commit b6dd4d83dc2f78cebc9a7e6e7e4bc2be4d29b94d ]
The pr_debug() in gic-v3 gic_send_sgi() can trigger a circular locking
warning:
GICv3: CPU10: ICC_SGI1R_EL1 5000400
======================================================
WARNING: possible circular locking dependency detected
4.15.0+ #1 Tainted: G W
------------------------------------------------------
dynamic_debug01/1873 is trying to acquire lock:
((console_sem).lock){-...}, at: [<0000000099c891ec>] down_trylock+0x20/0x4c
but task is already holding lock:
(&rq->lock){-.-.}, at: [<00000000842e1587>] __task_rq_lock+0x54/0xdc
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&rq->lock){-.-.}:
__lock_acquire+0x3b4/0x6e0
lock_acquire+0xf4/0x2a8
_raw_spin_lock+0x4c/0x60
task_fork_fair+0x3c/0x148
sched_fork+0x10c/0x214
copy_process.isra.32.part.33+0x4e8/0x14f0
_do_fork+0xe8/0x78c
kernel_thread+0x48/0x54
rest_init+0x34/0x2a4
start_kernel+0x45c/0x488
-> #1 (&p->pi_lock){-.-.}:
__lock_acquire+0x3b4/0x6e0
lock_acquire+0xf4/0x2a8
_raw_spin_lock_irqsave+0x58/0x70
try_to_wake_up+0x48/0x600
wake_up_process+0x28/0x34
__up.isra.0+0x60/0x6c
up+0x60/0x68
__up_console_sem+0x4c/0x7c
console_unlock+0x328/0x634
vprintk_emit+0x25c/0x390
dev_vprintk_emit+0xc4/0x1fc
dev_printk_emit+0x88/0xa8
__dev_printk+0x58/0x9c
_dev_info+0x84/0xa8
usb_new_device+0x100/0x474
hub_port_connect+0x280/0x92c
hub_event+0x740/0xa84
process_one_work+0x240/0x70c
worker_thread+0x60/0x400
kthread+0x110/0x13c
ret_from_fork+0x10/0x18
-> #0 ((console_sem).lock){-...}:
validate_chain.isra.34+0x6e4/0xa20
__lock_acquire+0x3b4/0x6e0
lock_acquire+0xf4/0x2a8
_raw_spin_lock_irqsave+0x58/0x70
down_trylock+0x20/0x4c
__down_trylock_console_sem+0x3c/0x9c
console_trylock+0x20/0xb0
vprintk_emit+0x254/0x390
vprintk_default+0x58/0x90
vprintk_func+0xbc/0x164
printk+0x80/0xa0
__dynamic_pr_debug+0x84/0xac
gic_raise_softirq+0x184/0x18c
smp_cross_call+0xac/0x218
smp_send_reschedule+0x3c/0x48
resched_curr+0x60/0x9c
check_preempt_curr+0x70/0xdc
wake_up_new_task+0x310/0x470
_do_fork+0x188/0x78c
SyS_clone+0x44/0x50
__sys_trace_return+0x0/0x4
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &p->pi_lock --> &rq->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->lock);
lock(&p->pi_lock);
lock(&rq->lock);
lock((console_sem).lock);
*** DEADLOCK ***
2 locks held by dynamic_debug01/1873:
#0: (&p->pi_lock){-.-.}, at: [<000000001366df53>] wake_up_new_task+0x40/0x470
#1: (&rq->lock){-.-.}, at: [<00000000842e1587>] __task_rq_lock+0x54/0xdc
stack backtrace:
CPU: 10 PID: 1873 Comm: dynamic_debug01 Tainted: G W 4.15.0+ #1
Hardware name: GIGABYTE R120-T34-00/MT30-GS2-00, BIOS T48 10/02/2017
Call trace:
dump_backtrace+0x0/0x188
show_stack+0x24/0x2c
dump_stack+0xa4/0xe0
print_circular_bug.isra.31+0x29c/0x2b8
check_prev_add.constprop.39+0x6c8/0x6dc
validate_chain.isra.34+0x6e4/0xa20
__lock_acquire+0x3b4/0x6e0
lock_acquire+0xf4/0x2a8
_raw_spin_lock_irqsave+0x58/0x70
down_trylock+0x20/0x4c
__down_trylock_console_sem+0x3c/0x9c
console_trylock+0x20/0xb0
vprintk_emit+0x254/0x390
vprintk_default+0x58/0x90
vprintk_func+0xbc/0x164
printk+0x80/0xa0
__dynamic_pr_debug+0x84/0xac
gic_raise_softirq+0x184/0x18c
smp_cross_call+0xac/0x218
smp_send_reschedule+0x3c/0x48
resched_curr+0x60/0x9c
check_preempt_curr+0x70/0xdc
wake_up_new_task+0x310/0x470
_do_fork+0x188/0x78c
SyS_clone+0x44/0x50
__sys_trace_return+0x0/0x4
GICv3: CPU0: ICC_SGI1R_EL1 12000
This could be fixed with printk_deferred() but that might lessen its
usefulness for debugging. So change it to pr_devel to keep it out of
production kernels. Developers working on gic-v3 can enable it as
needed in their kernels.
Signed-off-by: Mark Salter <msalter@redhat.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-gic-v3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -601,7 +601,7 @@ static void gic_send_sgi(u64 cluster_id,
MPIDR_TO_SGI_AFFINITY(cluster_id, 1) |
tlist << ICC_SGI1R_TARGET_LIST_SHIFT);
- pr_debug("CPU%d: ICC_SGI1R_EL1 %llx\n", smp_processor_id(), val);
+ pr_devel("CPU%d: ICC_SGI1R_EL1 %llx\n", smp_processor_id(), val);
gic_write_sgi1r(val);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 103/329] ARC: Fix malformed ARC_EMUL_UNALIGNED default
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 102/329] irqchip/gic-v3: Change pr_debug message to pr_devel Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 104/329] ptr_ring: prevent integer overflow when calculating size Greg Kroah-Hartman
` (214 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ulf Magnusson, Vineet Gupta, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ulf Magnusson <ulfalizer@gmail.com>
[ Upstream commit 827cc2fa024dd6517d62de7a44c7b42f32af371b ]
'default N' should be 'default n', though they happen to have the same
effect here, due to undefined symbols (N in this case) evaluating to n
in a tristate sense.
Remove the default from ARC_EMUL_UNALIGNED instead of changing it. bool
and tristate symbols implicitly default to n.
Discovered with the
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ulfalizer_Kconfiglib_blob_master_examples_list-5Fundefined.py&d=DwIBAg&c=DPL6_X_6JkXFx7AXWqB0tg&r=c14YS-cH-kdhTOW89KozFhBtBJgs1zXscZojEZQ0THs&m=WxxD8ozR7QQUVzNCBksiznaisBGO_crN7PBOvAoju8s&s=1LmxsNqxwT-7wcInVpZ6Z1J27duZKSoyKxHIJclXU_M&e=
script.
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/Kconfig | 1 -
1 file changed, 1 deletion(-)
--- a/arch/arc/Kconfig
+++ b/arch/arc/Kconfig
@@ -495,7 +495,6 @@ config ARC_CURR_IN_REG
config ARC_EMUL_UNALIGNED
bool "Emulate unaligned memory access (userspace only)"
- default N
select SYSCTL_ARCH_UNALIGN_NO_WARN
select SYSCTL_ARCH_UNALIGN_ALLOW
depends on ISA_ARCOMPACT
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 104/329] ptr_ring: prevent integer overflow when calculating size
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 103/329] ARC: Fix malformed ARC_EMUL_UNALIGNED default Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 105/329] libata: Fix compile warning with ATA_DEBUG enabled Greg Kroah-Hartman
` (213 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Jason Wang,
Michael S. Tsirkin, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Wang <jasowang@redhat.com>
[ Upstream commit 54e02162d4454a99227f520948bf4494c3d972d0 ]
Switch to use dividing to prevent integer overflow when size is too
big to calculate allocation size properly.
Reported-by: Eric Biggers <ebiggers3@gmail.com>
Fixes: 6e6e41c31122 ("ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ptr_ring.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/ptr_ring.h
+++ b/include/linux/ptr_ring.h
@@ -351,7 +351,7 @@ static inline void *ptr_ring_consume_bh(
static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
{
- if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
+ if (size > KMALLOC_MAX_SIZE / sizeof(void *))
return NULL;
return kcalloc(size, sizeof(void *), gfp);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 105/329] libata: Fix compile warning with ATA_DEBUG enabled
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 104/329] ptr_ring: prevent integer overflow when calculating size Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 106/329] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m Greg Kroah-Hartman
` (212 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dong Bo, Tejun Heo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dong Bo <dongbo4@huawei.com>
[ Upstream commit 0d3e45bc6507bd1f8728bf586ebd16c2d9e40613 ]
This fixs the following comile warnings with ATA_DEBUG enabled,
which detected by Linaro GCC 5.2-2015.11:
drivers/ata/libata-scsi.c: In function 'ata_scsi_dump_cdb':
./include/linux/kern_levels.h:5:18: warning: format '%d' expects
argument of type 'int', but argument 6 has type 'u64 {aka long
long unsigned int}' [-Wformat=]
tj: Patch hand-applied and description trimmed.
Signed-off-by: Dong Bo <dongbo4@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -4156,7 +4156,7 @@ static inline void ata_scsi_dump_cdb(str
#ifdef ATA_DEBUG
struct scsi_device *scsidev = cmd->device;
- DPRINTK("CDB (%u:%d,%d,%d) %9ph\n",
+ DPRINTK("CDB (%u:%d,%d,%lld) %9ph\n",
ap->print_id,
scsidev->channel, scsidev->id, scsidev->lun,
cmd->cmnd);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 106/329] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 105/329] libata: Fix compile warning with ATA_DEBUG enabled Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 108/329] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt Greg Kroah-Hartman
` (211 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naresh Kamboju, Kees Cook,
Shuah Khan, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naresh Kamboju <naresh.kamboju@linaro.org>
[ Upstream commit 9a379e77033f02c4a071891afdf0f0a01eff8ccb ]
pstore_tests and pstore_post_reboot_tests need CONFIG_PSTORE_RAM=m
Signed-off-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/pstore/config | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/pstore/config
+++ b/tools/testing/selftests/pstore/config
@@ -2,3 +2,4 @@ CONFIG_MISC_FILESYSTEMS=y
CONFIG_PSTORE=y
CONFIG_PSTORE_PMSG=y
CONFIG_PSTORE_CONSOLE=y
+CONFIG_PSTORE_RAM=m
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 108/329] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 106/329] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 109/329] ARM: OMAP3: Fix prm wake interrupt for resume Greg Kroah-Hartman
` (210 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qi Hou, Tony Lindgren, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qi Hou <qi.hou@windriver.com>
[ Upstream commit db35340c536f1af0108ec9a0b2126a05d358d14a ]
When more than one GP timers are used as kernel system timers and the
corresponding nodes in device-tree are marked with the same "disabled"
property, then the "attr" field of the property will be initialized
more than once as the property being added to sys file system via
__of_add_property_sysfs().
In __of_add_property_sysfs(), the "name" field of pp->attr.attr is set
directly to the return value of safe_name(), without taking care of
whether it's already a valid pointer to a memory block. If it is, its
old value will always be overwritten by the new one and the memory block
allocated before will a "ghost", then a kmemleak happened.
That the same "disabled" property being added to different nodes of device
tree would cause that kind of kmemleak overhead, at least once.
To fix it, allocate the property dynamically, and delete static one.
Signed-off-by: Qi Hou <qi.hou@windriver.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap2/timer.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/arch/arm/mach-omap2/timer.c
+++ b/arch/arm/mach-omap2/timer.c
@@ -136,12 +136,6 @@ static struct clock_event_device clockev
.tick_resume = omap2_gp_timer_shutdown,
};
-static struct property device_disabled = {
- .name = "status",
- .length = sizeof("disabled"),
- .value = "disabled",
-};
-
static const struct of_device_id omap_timer_match[] __initconst = {
{ .compatible = "ti,omap2420-timer", },
{ .compatible = "ti,omap3430-timer", },
@@ -183,8 +177,17 @@ static struct device_node * __init omap_
of_get_property(np, "ti,timer-secure", NULL)))
continue;
- if (!of_device_is_compatible(np, "ti,omap-counter32k"))
- of_add_property(np, &device_disabled);
+ if (!of_device_is_compatible(np, "ti,omap-counter32k")) {
+ struct property *prop;
+
+ prop = kzalloc(sizeof(*prop), GFP_KERNEL);
+ if (!prop)
+ return NULL;
+ prop->name = "status";
+ prop->value = "disabled";
+ prop->length = strlen(prop->value);
+ of_add_property(np, prop);
+ }
return np;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 109/329] ARM: OMAP3: Fix prm wake interrupt for resume
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 108/329] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 110/329] ARM: OMAP1: clock: Fix debugfs_create_*() usage Greg Kroah-Hartman
` (209 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grygorii Strashko, Tero Kristo,
Tony Lindgren, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit d3be6d2a08bd26580562d9714d3d97ea9ba22c73 ]
For platform_suspend_ops, the finish call is too late to re-enable wake
irqs and we need re-enable wake irqs on wake call instead.
Otherwise noirq resume for devices has already happened. And then
dev_pm_disarm_wake_irq() has already disabled the dedicated wake irqs
when the interrupt triggers and the wake irq is never handled.
For devices that are already in PM runtime suspended state when we
enter suspend this means that a possible wake irq will never trigger.
And this can lead into a situation where a device has a pending padconf
wake irq, and the device will stay unresponsive to any further wake
irqs.
This issue can be easily reproduced by setting serial console log level
to zero, letting the serial console idle, and suspend the system from
an ssh terminal. Then try to wake up the system by typing to the serial
console.
Note that this affects only omap3 PRM interrupt as that's currently
the only omap variant that does anything in omap_pm_wake().
In general, for the wake irqs to work, the interrupt must have either
IRQF_NO_SUSPEND or IRQF_EARLY_RESUME set for it to trigger before
dev_pm_disarm_wake_irq() disables the wake irqs.
Reported-by: Grygorii Strashko <grygorii.strashko@ti.com>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap2/pm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/mach-omap2/pm.c
+++ b/arch/arm/mach-omap2/pm.c
@@ -225,7 +225,7 @@ static void omap_pm_end(void)
cpu_idle_poll_ctrl(false);
}
-static void omap_pm_finish(void)
+static void omap_pm_wake(void)
{
if (cpu_is_omap34xx())
omap_prcm_irq_complete();
@@ -235,7 +235,7 @@ static const struct platform_suspend_ops
.begin = omap_pm_begin,
.end = omap_pm_end,
.enter = omap_pm_enter,
- .finish = omap_pm_finish,
+ .wake = omap_pm_wake,
.valid = suspend_valid_only_mem,
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 110/329] ARM: OMAP1: clock: Fix debugfs_create_*() usage
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 109/329] ARM: OMAP3: Fix prm wake interrupt for resume Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 111/329] ibmvnic: Free RX socket buffer in case of adapter error Greg Kroah-Hartman
` (208 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Aaro Koskinen,
Tony Lindgren, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 8cbbf1745dcde7ba7e423dc70619d223de90fd43 ]
When exposing data access through debugfs, the correct
debugfs_create_*() functions must be used, depending on data type.
Remove all casts from data pointers passed to debugfs_create_*()
functions, as such casts prevent the compiler from flagging bugs.
Correct all wrong usage:
- clk.rate is unsigned long, not u32,
- clk.flags is u8, not u32, which exposed the successive
clk.rate_offset and clk.src_offset fields.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-omap1/clock.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/mach-omap1/clock.c
+++ b/arch/arm/mach-omap1/clock.c
@@ -1031,17 +1031,17 @@ static int clk_debugfs_register_one(stru
return -ENOMEM;
c->dent = d;
- d = debugfs_create_u8("usecount", S_IRUGO, c->dent, (u8 *)&c->usecount);
+ d = debugfs_create_u8("usecount", S_IRUGO, c->dent, &c->usecount);
if (!d) {
err = -ENOMEM;
goto err_out;
}
- d = debugfs_create_u32("rate", S_IRUGO, c->dent, (u32 *)&c->rate);
+ d = debugfs_create_ulong("rate", S_IRUGO, c->dent, &c->rate);
if (!d) {
err = -ENOMEM;
goto err_out;
}
- d = debugfs_create_x32("flags", S_IRUGO, c->dent, (u32 *)&c->flags);
+ d = debugfs_create_x8("flags", S_IRUGO, c->dent, &c->flags);
if (!d) {
err = -ENOMEM;
goto err_out;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 111/329] ibmvnic: Free RX socket buffer in case of adapter error
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 110/329] ARM: OMAP1: clock: Fix debugfs_create_*() usage Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 112/329] iwlwifi: mvm: fix security bug in PN checking Greg Kroah-Hartman
` (207 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Falcon, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
[ Upstream commit 4b9b0f01350500173f17e2b2e65beb4df4ef99c7 ]
If a RX buffer is returned to the client driver with an error, free the
corresponding socket buffer before continuing.
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -994,6 +994,7 @@ restart_poll:
netdev_err(netdev, "rx error %x\n", next->rx_comp.rc);
/* free the entry */
next->rx_comp.first = 0;
+ dev_kfree_skb_any(rx_buff->skb);
remove_buff_from_pool(adapter, rx_buff);
break;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 112/329] iwlwifi: mvm: fix security bug in PN checking
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 111/329] ibmvnic: Free RX socket buffer in case of adapter error Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 113/329] iwlwifi: mvm: always init rs with 20mhz bandwidth rates Greg Kroah-Hartman
` (206 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit 5ab2ba931255d8bf03009c06d58dce97de32797c ]
A previous patch allowed the same PN for packets originating from the
same AMSDU by copying PN only for the last packet in the series.
This however is bogus since we cannot assume the last frame will be
received on the same queue, and if it is received on a different ueue
we will end up not incrementing the PN and possibly let the next
packet to have the same PN and pass through.
Change the logic instead to driver explicitly indicate for the second
sub frame and on to be allowed to have the same PN as the first
subframe. Indicate it to mac80211 as well for the fallback queue.
Fixes: f1ae02b186d9 ("iwlwifi: mvm: allow same PN for de-aggregated AMSDU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 39 +++++++++++++-------------
1 file changed, 20 insertions(+), 19 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -72,6 +72,7 @@ static inline int iwl_mvm_check_pn(struc
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
struct ieee80211_rx_status *stats = IEEE80211_SKB_RXCB(skb);
struct iwl_mvm_key_pn *ptk_pn;
+ int res;
u8 tid, keyidx;
u8 pn[IEEE80211_CCMP_PN_LEN];
u8 *extiv;
@@ -128,12 +129,13 @@ static inline int iwl_mvm_check_pn(struc
pn[4] = extiv[1];
pn[5] = extiv[0];
- if (memcmp(pn, ptk_pn->q[queue].pn[tid],
- IEEE80211_CCMP_PN_LEN) <= 0)
+ res = memcmp(pn, ptk_pn->q[queue].pn[tid], IEEE80211_CCMP_PN_LEN);
+ if (res < 0)
+ return -1;
+ if (!res && !(stats->flag & RX_FLAG_ALLOW_SAME_PN))
return -1;
- if (!(stats->flag & RX_FLAG_AMSDU_MORE))
- memcpy(ptk_pn->q[queue].pn[tid], pn, IEEE80211_CCMP_PN_LEN);
+ memcpy(ptk_pn->q[queue].pn[tid], pn, IEEE80211_CCMP_PN_LEN);
stats->flag |= RX_FLAG_PN_VALIDATED;
return 0;
@@ -295,28 +297,21 @@ static void iwl_mvm_rx_csum(struct ieee8
}
/*
- * returns true if a packet outside BA session is a duplicate and
- * should be dropped
+ * returns true if a packet is a duplicate and should be dropped.
+ * Updates AMSDU PN tracking info
*/
-static bool iwl_mvm_is_nonagg_dup(struct ieee80211_sta *sta, int queue,
- struct ieee80211_rx_status *rx_status,
- struct ieee80211_hdr *hdr,
- struct iwl_rx_mpdu_desc *desc)
+static bool iwl_mvm_is_dup(struct ieee80211_sta *sta, int queue,
+ struct ieee80211_rx_status *rx_status,
+ struct ieee80211_hdr *hdr,
+ struct iwl_rx_mpdu_desc *desc)
{
struct iwl_mvm_sta *mvm_sta;
struct iwl_mvm_rxq_dup_data *dup_data;
- u8 baid, tid, sub_frame_idx;
+ u8 tid, sub_frame_idx;
if (WARN_ON(IS_ERR_OR_NULL(sta)))
return false;
- baid = (le32_to_cpu(desc->reorder_data) &
- IWL_RX_MPDU_REORDER_BAID_MASK) >>
- IWL_RX_MPDU_REORDER_BAID_SHIFT;
-
- if (baid != IWL_RX_REORDER_DATA_INVALID_BAID)
- return false;
-
mvm_sta = iwl_mvm_sta_from_mac80211(sta);
dup_data = &mvm_sta->dup_data[queue];
@@ -346,6 +341,12 @@ static bool iwl_mvm_is_nonagg_dup(struct
dup_data->last_sub_frame[tid] >= sub_frame_idx))
return true;
+ /* Allow same PN as the first subframe for following sub frames */
+ if (dup_data->last_seq[tid] == hdr->seq_ctrl &&
+ sub_frame_idx > dup_data->last_sub_frame[tid] &&
+ desc->mac_flags2 & IWL_RX_MPDU_MFLG2_AMSDU)
+ rx_status->flag |= RX_FLAG_ALLOW_SAME_PN;
+
dup_data->last_seq[tid] = hdr->seq_ctrl;
dup_data->last_sub_frame[tid] = sub_frame_idx;
@@ -882,7 +883,7 @@ void iwl_mvm_rx_mpdu_mq(struct iwl_mvm *
if (ieee80211_is_data(hdr->frame_control))
iwl_mvm_rx_csum(sta, skb, desc);
- if (iwl_mvm_is_nonagg_dup(sta, queue, rx_status, hdr, desc)) {
+ if (iwl_mvm_is_dup(sta, queue, rx_status, hdr, desc)) {
kfree_skb(skb);
rcu_read_unlock();
return;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 113/329] iwlwifi: mvm: always init rs with 20mhz bandwidth rates
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 112/329] iwlwifi: mvm: fix security bug in PN checking Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 114/329] NFC: llcp: Limit size of SDP URI Greg Kroah-Hartman
` (205 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naftali Goldstein, Luca Coelho, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naftali Goldstein <naftali.goldstein@intel.com>
[ Upstream commit 6b7a5aea71b342ec0593d23b08383e1f33da4c9a ]
In AP mode, when a new station associates, rs is initialized immediately
upon association completion, before the phy context is updated with the
association parameters, so the sta bandwidth might be wider than the phy
context allows.
To avoid this issue, always initialize rs with 20mhz bandwidth rate, and
after authorization, when the phy context is already up-to-date, re-init
rs with the correct bw.
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +++
drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 28 +++++++++++++++-------
2 files changed, 24 insertions(+), 8 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -2585,6 +2585,10 @@ static int iwl_mvm_mac_sta_state(struct
/* enable beacon filtering */
WARN_ON(iwl_mvm_enable_beacon_filter(mvm, vif, 0));
+
+ iwl_mvm_rs_rate_init(mvm, sta, mvmvif->phy_ctxt->channel->band,
+ false);
+
ret = 0;
} else if (old_state == IEEE80211_STA_AUTHORIZED &&
new_state == IEEE80211_STA_ASSOC) {
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
@@ -2709,7 +2709,8 @@ static void rs_get_initial_rate(struct i
struct ieee80211_sta *sta,
struct iwl_lq_sta *lq_sta,
enum nl80211_band band,
- struct rs_rate *rate)
+ struct rs_rate *rate,
+ bool init)
{
int i, nentries;
unsigned long active_rate;
@@ -2763,14 +2764,25 @@ static void rs_get_initial_rate(struct i
*/
if (sta->vht_cap.vht_supported &&
best_rssi > IWL_RS_LOW_RSSI_THRESHOLD) {
- switch (sta->bandwidth) {
- case IEEE80211_STA_RX_BW_160:
- case IEEE80211_STA_RX_BW_80:
- case IEEE80211_STA_RX_BW_40:
+ /*
+ * In AP mode, when a new station associates, rs is initialized
+ * immediately upon association completion, before the phy
+ * context is updated with the association parameters, so the
+ * sta bandwidth might be wider than the phy context allows.
+ * To avoid this issue, always initialize rs with 20mhz
+ * bandwidth rate, and after authorization, when the phy context
+ * is already up-to-date, re-init rs with the correct bw.
+ */
+ u32 bw = init ? RATE_MCS_CHAN_WIDTH_20 : rs_bw_from_sta_bw(sta);
+
+ switch (bw) {
+ case RATE_MCS_CHAN_WIDTH_40:
+ case RATE_MCS_CHAN_WIDTH_80:
+ case RATE_MCS_CHAN_WIDTH_160:
initial_rates = rs_optimal_rates_vht;
nentries = ARRAY_SIZE(rs_optimal_rates_vht);
break;
- case IEEE80211_STA_RX_BW_20:
+ case RATE_MCS_CHAN_WIDTH_20:
initial_rates = rs_optimal_rates_vht_20mhz;
nentries = ARRAY_SIZE(rs_optimal_rates_vht_20mhz);
break;
@@ -2781,7 +2793,7 @@ static void rs_get_initial_rate(struct i
active_rate = lq_sta->active_siso_rate;
rate->type = LQ_VHT_SISO;
- rate->bw = rs_bw_from_sta_bw(sta);
+ rate->bw = bw;
} else if (sta->ht_cap.ht_supported &&
best_rssi > IWL_RS_LOW_RSSI_THRESHOLD) {
initial_rates = rs_optimal_rates_ht;
@@ -2863,7 +2875,7 @@ static void rs_initialize_lq(struct iwl_
tbl = &(lq_sta->lq_info[active_tbl]);
rate = &tbl->rate;
- rs_get_initial_rate(mvm, sta, lq_sta, band, rate);
+ rs_get_initial_rate(mvm, sta, lq_sta, band, rate, init);
rs_init_optimal_rate(mvm, sta, lq_sta);
WARN_ON_ONCE(rate->ant != ANT_A && rate->ant != ANT_B);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 114/329] NFC: llcp: Limit size of SDP URI
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 113/329] iwlwifi: mvm: always init rs with 20mhz bandwidth rates Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 115/329] rxrpc: Work around usercopy check Greg Kroah-Hartman
` (204 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
[ Upstream commit fe9c842695e26d8116b61b80bfb905356f07834b ]
The tlv_len is u8, so we need to limit the size of the SDP URI. Enforce
this both in the NLA policy and in the code that performs the allocation
and copy, to avoid writing past the end of the allocated buffer.
Fixes: d9b8d8e19b073 ("NFC: llcp: Service Name Lookup netlink interface")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/llcp_commands.c | 4 ++++
net/nfc/netlink.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -149,6 +149,10 @@ struct nfc_llcp_sdp_tlv *nfc_llcp_build_
pr_debug("uri: %s, len: %zu\n", uri, uri_len);
+ /* sdreq->tlv_len is u8, takes uri_len, + 3 for header, + 1 for NULL */
+ if (WARN_ON_ONCE(uri_len > U8_MAX - 4))
+ return NULL;
+
sdreq = kzalloc(sizeof(struct nfc_llcp_sdp_tlv), GFP_KERNEL);
if (sdreq == NULL)
return NULL;
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -68,7 +68,8 @@ static const struct nla_policy nfc_genl_
};
static const struct nla_policy nfc_sdp_genl_policy[NFC_SDP_ATTR_MAX + 1] = {
- [NFC_SDP_ATTR_URI] = { .type = NLA_STRING },
+ [NFC_SDP_ATTR_URI] = { .type = NLA_STRING,
+ .len = U8_MAX - 4 },
[NFC_SDP_ATTR_SAP] = { .type = NLA_U8 },
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 115/329] rxrpc: Work around usercopy check
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 114/329] NFC: llcp: Limit size of SDP URI Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 116/329] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Greg Kroah-Hartman
` (203 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Billings, David Howells,
Kees Cook, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit a16b8d0cf2ec1e626d24bc2a7b9e64ace6f7501d ]
Due to a check recently added to copy_to_user(), it's now not permitted to
copy from slab-held data to userspace unless the slab is whitelisted. This
affects rxrpc_recvmsg() when it attempts to place an RXRPC_USER_CALL_ID
control message in the userspace control message buffer. A warning is
generated by usercopy_warn() because the source is the copy of the
user_call_ID retained in the rxrpc_call struct.
Work around the issue by copying the user_call_ID to a variable on the
stack and passing that to put_cmsg().
The warning generated looks like:
Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'dmaengine-unmap-128' (offset 680, size 8)!
WARNING: CPU: 0 PID: 1401 at mm/usercopy.c:81 usercopy_warn+0x7e/0xa0
...
RIP: 0010:usercopy_warn+0x7e/0xa0
...
Call Trace:
__check_object_size+0x9c/0x1a0
put_cmsg+0x98/0x120
rxrpc_recvmsg+0x6fc/0x1010 [rxrpc]
? finish_wait+0x80/0x80
___sys_recvmsg+0xf8/0x240
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? __clear_rsb+0x25/0x3d
? __clear_rsb+0x15/0x3d
? finish_task_switch+0xa6/0x2b0
? trace_hardirqs_on_caller+0xed/0x180
? _raw_spin_unlock_irq+0x29/0x40
? __sys_recvmsg+0x4e/0x90
__sys_recvmsg+0x4e/0x90
do_syscall_64+0x7a/0x220
entry_SYSCALL_64_after_hwframe+0x26/0x9b
Reported-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Jonathan Billings <jsbillings@jsbillings.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rxrpc/recvmsg.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -493,9 +493,10 @@ try_again:
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
sizeof(unsigned int), &id32);
} else {
+ unsigned long idl = call->user_call_ID;
+
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
- sizeof(unsigned long),
- &call->user_call_ID);
+ sizeof(unsigned long), &idl);
}
if (ret < 0)
goto error;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 116/329] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 115/329] rxrpc: Work around usercopy check Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 117/329] mac80211: fix a possible leak of station stats Greg Kroah-Hartman
` (202 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 651b9920d7a694ffb1f885aef2bbb068a25d9d66 ]
This ensures that mac80211 allocated management frames are properly
aligned, which makes copying them more efficient.
For instance, mt76 uses iowrite32_copy to copy beacon frames to beacon
template memory on the chip.
Misaligned 32-bit accesses cause CPU exceptions on MIPS and should be
avoided.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/mac80211.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -4091,7 +4091,7 @@ void ieee80211_sta_uapsd_trigger(struct
* The TX headroom reserved by mac80211 for its own tx_status functions.
* This is enough for the radiotap header.
*/
-#define IEEE80211_TX_STATUS_HEADROOM 14
+#define IEEE80211_TX_STATUS_HEADROOM ALIGN(14, 4)
/**
* ieee80211_sta_set_buffered - inform mac80211 about driver-buffered frames
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 117/329] mac80211: fix a possible leak of station stats
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 116/329] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 118/329] mac80211: fix calling sleeping function in atomic context Greg Kroah-Hartman
` (201 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho,
Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit d78d9ee9d40aca4781d2c5334972544601a4c3a2 ]
If sta_info_alloc fails after allocating the per CPU statistics,
they are not properly freed.
Fixes: c9c5962b56c1 ("mac80211: enable collecting station statistics per-CPU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/sta_info.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -433,6 +433,7 @@ free_txq:
if (sta->sta.txq[0])
kfree(to_txq_info(sta->sta.txq[0]));
free:
+ free_percpu(sta->pcpu_rx_stats);
#ifdef CONFIG_MAC80211_MESH
kfree(sta->mesh);
#endif
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 118/329] mac80211: fix calling sleeping function in atomic context
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 117/329] mac80211: fix a possible leak of station stats Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 119/329] mac80211: Do not disconnect on invalid operating class Greg Kroah-Hartman
` (200 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho,
Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit 95f3ce6a77893ac828ba841df44421620de4314b ]
sta_info_alloc can be called from atomic paths (such as RX path)
so we need to call pcpu_alloc with the correct gfp.
Fixes: c9c5962b56c1 ("mac80211: enable collecting station statistics per-CPU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/sta_info.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -313,7 +313,7 @@ struct sta_info *sta_info_alloc(struct i
if (ieee80211_hw_check(hw, USES_RSS)) {
sta->pcpu_rx_stats =
- alloc_percpu(struct ieee80211_sta_rx_stats);
+ alloc_percpu_gfp(struct ieee80211_sta_rx_stats, gfp);
if (!sta->pcpu_rx_stats)
goto free;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 119/329] mac80211: Do not disconnect on invalid operating class
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 118/329] mac80211: fix calling sleeping function in atomic context Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 120/329] md raid10: fix NULL deference in handle_write_completed() Greg Kroah-Hartman
` (199 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho,
Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 191da271ac260700db3e5b4bb982a17ca78769d6 ]
Some APs include a non global operating class in their extended channel
switch information element. In such a case, as the operating class is not
known, mac80211 would decide to disconnect.
However the specification states that the operating class needs to be
taken from Annex E, but it does not specify from which table it should be
taken, so it is valid for an AP to use a non global operating class.
To avoid possibly unneeded disconnection, in such a case ignore the
operating class and assume that the current band is used, and if the
resulting channel and band configuration is invalid disconnect.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/spectmgmt.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/net/mac80211/spectmgmt.c
+++ b/net/mac80211/spectmgmt.c
@@ -8,6 +8,7 @@
* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2007-2008, Intel Corporation
* Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+ * Copyright (C) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -27,7 +28,7 @@ int ieee80211_parse_ch_switch_ie(struct
u32 sta_flags, u8 *bssid,
struct ieee80211_csa_ie *csa_ie)
{
- enum nl80211_band new_band;
+ enum nl80211_band new_band = current_band;
int new_freq;
u8 new_chan_no;
struct ieee80211_channel *new_chan;
@@ -53,15 +54,13 @@ int ieee80211_parse_ch_switch_ie(struct
elems->ext_chansw_ie->new_operating_class,
&new_band)) {
sdata_info(sdata,
- "cannot understand ECSA IE operating class %d, disconnecting\n",
+ "cannot understand ECSA IE operating class, %d, ignoring\n",
elems->ext_chansw_ie->new_operating_class);
- return -EINVAL;
}
new_chan_no = elems->ext_chansw_ie->new_ch_num;
csa_ie->count = elems->ext_chansw_ie->count;
csa_ie->mode = elems->ext_chansw_ie->mode;
} else if (elems->ch_switch_ie) {
- new_band = current_band;
new_chan_no = elems->ch_switch_ie->new_ch_num;
csa_ie->count = elems->ch_switch_ie->count;
csa_ie->mode = elems->ch_switch_ie->mode;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 120/329] md raid10: fix NULL deference in handle_write_completed()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 119/329] mac80211: Do not disconnect on invalid operating class Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 121/329] drm/exynos: g2d: use monotonic timestamps Greg Kroah-Hartman
` (198 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Yufen Yu, Shaohua Li, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yufen Yu <yuyufen@huawei.com>
[ Upstream commit 01a69cab01c184d3786af09e9339311123d63d22 ]
In the case of 'recover', an r10bio with R10BIO_WriteError &
R10BIO_IsRecover will be progressed by handle_write_completed().
This function traverses all r10bio->devs[copies].
If devs[m].repl_bio != NULL, it thinks conf->mirrors[dev].replacement
is also not NULL. However, this is not always true.
When there is an rdev of raid10 has replacement, then each r10bio
->devs[m].repl_bio != NULL in conf->r10buf_pool. However, in 'recover',
even if corresponded replacement is NULL, it doesn't clear r10bio
->devs[m].repl_bio, resulting in replacement NULL deference.
This bug was introduced when replacement support for raid10 was
added in Linux 3.3.
As NeilBrown suggested:
Elsewhere the determination of "is this device part of the
resync/recovery" is made by resting bio->bi_end_io.
If this is end_sync_write, then we tried to write here.
If it is NULL, then we didn't try to write.
Fixes: 9ad1aefc8ae8 ("md/raid10: Handle replacement devices during resync.")
Cc: stable (V3.3+)
Suggested-by: NeilBrown <neilb@suse.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid10.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -2636,7 +2636,8 @@ static void handle_write_completed(struc
for (m = 0; m < conf->copies; m++) {
int dev = r10_bio->devs[m].devnum;
rdev = conf->mirrors[dev].rdev;
- if (r10_bio->devs[m].bio == NULL)
+ if (r10_bio->devs[m].bio == NULL ||
+ r10_bio->devs[m].bio->bi_end_io == NULL)
continue;
if (!r10_bio->devs[m].bio->bi_error) {
rdev_clear_badblocks(
@@ -2651,7 +2652,8 @@ static void handle_write_completed(struc
md_error(conf->mddev, rdev);
}
rdev = conf->mirrors[dev].replacement;
- if (r10_bio->devs[m].repl_bio == NULL)
+ if (r10_bio->devs[m].repl_bio == NULL ||
+ r10_bio->devs[m].repl_bio->bi_end_io == NULL)
continue;
if (!r10_bio->devs[m].repl_bio->bi_error) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 121/329] drm/exynos: g2d: use monotonic timestamps
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 120/329] md raid10: fix NULL deference in handle_write_completed() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 122/329] drm/exynos: fix comparison to bitshift when dealing with a mask Greg Kroah-Hartman
` (197 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Jakobi, Arnd Bergmann,
Inki Dae, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit a588a8bb7b25a3fb4f7fed00feb7aec541fc2632 ]
The exynos DRM driver uses real-time 'struct timeval' values
for exporting its timestamps to user space. This has multiple
problems:
1. signed seconds overflow in y2038
2. the 'struct timeval' definition is deprecated in the kernel
3. time may jump or go backwards after a 'settimeofday()' syscall
4. other DRM timestamps are in CLOCK_MONOTONIC domain, so they
can't be compared
5. exporting microseconds requires a division by 1000, which may
be slow on some architectures.
The code existed in two places before, but the IPP portion was
removed in 8ded59413ccc ("drm/exynos: ipp: Remove Exynos DRM
IPP subsystem"), so we no longer need to worry about it.
Ideally timestamps should just use 64-bit nanoseconds instead, but
of course we can't change that now. Instead, this tries to address
the first four points above by using monotonic 'timespec' values.
According to Tobias Jakobi, user space doesn't care about the
timestamp at the moment, so we can change the format. Even if
there is something looking at them, it will work just fine with
monotonic times as long as the application only looks at the
relative values between two events.
Link: https://patchwork.kernel.org/patch/10038593/
Cc: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/exynos/exynos_drm_g2d.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
@@ -926,7 +926,7 @@ static void g2d_finish_event(struct g2d_
struct drm_device *drm_dev = g2d->subdrv.drm_dev;
struct g2d_runqueue_node *runqueue_node = g2d->runqueue_node;
struct drm_exynos_pending_g2d_event *e;
- struct timeval now;
+ struct timespec64 now;
if (list_empty(&runqueue_node->event_list))
return;
@@ -934,9 +934,9 @@ static void g2d_finish_event(struct g2d_
e = list_first_entry(&runqueue_node->event_list,
struct drm_exynos_pending_g2d_event, base.link);
- do_gettimeofday(&now);
+ ktime_get_ts64(&now);
e->event.tv_sec = now.tv_sec;
- e->event.tv_usec = now.tv_usec;
+ e->event.tv_usec = now.tv_nsec / NSEC_PER_USEC;
e->event.cmdlist_no = cmdlist_no;
drm_send_event(drm_dev, &e->base);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 122/329] drm/exynos: fix comparison to bitshift when dealing with a mask
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 121/329] drm/exynos: g2d: use monotonic timestamps Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 123/329] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Greg Kroah-Hartman
` (196 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Inki Dae, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 1293b6191010672c0c9dacae8f71c6f3e4d70cbe ]
Due to a typo, the mask was destroyed by a comparison instead of a bit
shift.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/exynos/regs-fimc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/exynos/regs-fimc.h
+++ b/drivers/gpu/drm/exynos/regs-fimc.h
@@ -569,7 +569,7 @@
#define EXYNOS_CIIMGEFF_FIN_EMBOSSING (4 << 26)
#define EXYNOS_CIIMGEFF_FIN_SILHOUETTE (5 << 26)
#define EXYNOS_CIIMGEFF_FIN_MASK (7 << 26)
-#define EXYNOS_CIIMGEFF_PAT_CBCR_MASK ((0xff < 13) | (0xff < 0))
+#define EXYNOS_CIIMGEFF_PAT_CBCR_MASK ((0xff << 13) | (0xff << 0))
/* Real input DMA size register */
#define EXYNOS_CIREAL_ISIZE_AUTOLOAD_ENABLE (1 << 31)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 123/329] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 122/329] drm/exynos: fix comparison to bitshift when dealing with a mask Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 124/329] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() Greg Kroah-Hartman
` (195 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Elfring, Inki Dae, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markus Elfring <elfring@users.sourceforge.net>
[ Upstream commit 6f0a60298bbbea43ab5e3955913ab19c153076f3 ]
Omit an extra message for a memory allocation failure in these functions.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/exynos/exynos_drm_g2d.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
@@ -286,7 +286,6 @@ static int g2d_init_cmdlist(struct g2d_d
node = kcalloc(G2D_CMDLIST_NUM, sizeof(*node), GFP_KERNEL);
if (!node) {
- dev_err(dev, "failed to allocate memory\n");
ret = -ENOMEM;
goto err;
}
@@ -1358,10 +1357,9 @@ int exynos_g2d_exec_ioctl(struct drm_dev
return -EFAULT;
runqueue_node = kmem_cache_alloc(g2d->runqueue_slab, GFP_KERNEL);
- if (!runqueue_node) {
- dev_err(dev, "failed to allocate memory\n");
+ if (!runqueue_node)
return -ENOMEM;
- }
+
run_cmdlist = &runqueue_node->run_cmdlist;
event_list = &runqueue_node->event_list;
INIT_LIST_HEAD(run_cmdlist);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 124/329] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 123/329] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 125/329] md: raid5: avoid string overflow warning Greg Kroah-Hartman
` (194 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrea Parri, Peter Zijlstra,
Paul E. McKenney, Alan Stern, Ivan Kokshaysky, Linus Torvalds,
Matt Turner, Richard Henderson, Thomas Gleixner, Will Deacon,
linux-alpha, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Parri <parri.andrea@gmail.com>
[ Upstream commit cb13b424e986aed68d74cbaec3449ea23c50e167 ]
Continuing along with the fight against smp_read_barrier_depends() [1]
(or rather, against its improper use), add an unconditional barrier to
cmpxchg. This guarantees that dependency ordering is preserved when a
dependency is headed by an unsuccessful cmpxchg. As it turns out, the
change could enable further simplification of LKMM as proposed in [2].
[1] https://marc.info/?l=linux-kernel&m=150884953419377&w=2
https://marc.info/?l=linux-kernel&m=150884946319353&w=2
https://marc.info/?l=linux-kernel&m=151215810824468&w=2
https://marc.info/?l=linux-kernel&m=151215816324484&w=2
[2] https://marc.info/?l=linux-kernel&m=151881978314872&w=2
Signed-off-by: Andrea Parri <parri.andrea@gmail.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-alpha@vger.kernel.org
Link: http://lkml.kernel.org/r/1519152356-4804-1-git-send-email-parri.andrea@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/asm/xchg.h | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
--- a/arch/alpha/include/asm/xchg.h
+++ b/arch/alpha/include/asm/xchg.h
@@ -127,10 +127,9 @@ ____xchg(, volatile void *ptr, unsigned
* store NEW in MEM. Return the initial value in MEM. Success is
* indicated by comparing RETURN with OLD.
*
- * The memory barrier should be placed in SMP only when we actually
- * make the change. If we don't change anything (so if the returned
- * prev is equal to old) then we aren't acquiring anything new and
- * we don't need any memory barrier as far I can tell.
+ * The memory barrier is placed in SMP unconditionally, in order to
+ * guarantee that dependency ordering is preserved when a dependency
+ * is headed by an unsuccessful operation.
*/
static inline unsigned long
@@ -149,8 +148,8 @@ ____cmpxchg(_u8, volatile char *m, unsig
" or %1,%2,%2\n"
" stq_c %2,0(%4)\n"
" beq %2,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
@@ -176,8 +175,8 @@ ____cmpxchg(_u16, volatile short *m, uns
" or %1,%2,%2\n"
" stq_c %2,0(%4)\n"
" beq %2,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
@@ -199,8 +198,8 @@ ____cmpxchg(_u32, volatile int *m, int o
" mov %4,%1\n"
" stl_c %1,%2\n"
" beq %1,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
@@ -222,8 +221,8 @@ ____cmpxchg(_u64, volatile long *m, unsi
" mov %4,%1\n"
" stq_c %1,%2\n"
" beq %1,3f\n"
- __ASM__MB
"2:\n"
+ __ASM__MB
".subsection 2\n"
"3: br 1b\n"
".previous"
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 125/329] md: raid5: avoid string overflow warning
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 124/329] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 126/329] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Greg Kroah-Hartman
` (193 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Shaohua Li, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 53b8d89ddbdbb0e4625a46d2cdbb6f106c52f801 ]
gcc warns about a possible overflow of the kmem_cache string, when adding
four characters to a string of the same length:
drivers/md/raid5.c: In function 'setup_conf':
drivers/md/raid5.c:2207:34: error: '-alt' directive writing 4 bytes into a region of size between 1 and 32 [-Werror=format-overflow=]
sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
^~~~
drivers/md/raid5.c:2207:2: note: 'sprintf' output between 5 and 36 bytes into a destination of size 32
sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If I'm counting correctly, we need 11 characters for the fixed part
of the string and 18 characters for a 64-bit pointer (when no gendisk
is used), so that leaves three characters for conf->level, which should
always be sufficient.
This makes the code use snprintf() with the correct length, to
make the code more robust against changes, and to get the compiler
to shut up.
In commit f4be6b43f1ac ("md/raid5: ensure we create a unique name for
kmem_cache when mddev has no gendisk") from 2010, Neil said that
the pointer could be removed "shortly" once devices without gendisk
are disallowed. I have no idea if that happened, but if it did, that
should probably be changed as well.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid5.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2049,15 +2049,16 @@ static int grow_one_stripe(struct r5conf
static int grow_stripes(struct r5conf *conf, int num)
{
struct kmem_cache *sc;
+ size_t namelen = sizeof(conf->cache_name[0]);
int devs = max(conf->raid_disks, conf->previous_raid_disks);
if (conf->mddev->gendisk)
- sprintf(conf->cache_name[0],
+ snprintf(conf->cache_name[0], namelen,
"raid%d-%s", conf->level, mdname(conf->mddev));
else
- sprintf(conf->cache_name[0],
+ snprintf(conf->cache_name[0], namelen,
"raid%d-%p", conf->level, conf->mddev);
- sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
+ snprintf(conf->cache_name[1], namelen, "%.27s-alt", conf->cache_name[0]);
conf->active_name = 0;
sc = kmem_cache_create(conf->cache_name[conf->active_name],
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 126/329] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 125/329] md: raid5: avoid string overflow warning Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 127/329] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Greg Kroah-Hartman
` (192 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Rientjes, Andrew Morton,
Jens Axboe, Dave Jiang, Al Viro, Dan Carpenter, Linus Torvalds,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Rientjes <rientjes@google.com>
[ Upstream commit 88913bd8ea2a75d7e460a4bed5f75e1c32660d7e ]
chan->n_subbufs is set by the user and relay_create_buf() does a kmalloc()
of chan->n_subbufs * sizeof(size_t *).
kmalloc_slab() will generate a warning when this fails if
chan->subbufs * sizeof(size_t *) > KMALLOC_MAX_SIZE.
Limit chan->n_subbufs to the maximum allowed kmalloc() size.
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1802061216100.122576@chino.kir.corp.google.com
Fixes: f6302f1bcd75 ("relay: prevent integer overflow in relay_open()")
Signed-off-by: David Rientjes <rientjes@google.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/relay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -163,7 +163,7 @@ static struct rchan_buf *relay_create_bu
{
struct rchan_buf *buf;
- if (chan->n_subbufs > UINT_MAX / sizeof(size_t *))
+ if (chan->n_subbufs > KMALLOC_MAX_SIZE / sizeof(size_t *))
return NULL;
buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 127/329] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 126/329] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 128/329] s390/cio: fix ccw_device_start_timeout API Greg Kroah-Hartman
` (191 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Lord, Naveen N. Rao,
Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Lord <mlord@pobox.com>
[ Upstream commit 083b20907185b076f21c265b30fe5b5f24c03d8c ]
I am using SECCOMP to filter syscalls on a ppc32 platform, and noticed
that the JIT compiler was failing on the BPF even though the
interpreter was working fine.
The issue was that the compiler was missing one of the instructions
used by SECCOMP, so here is a patch to enable JIT for that
instruction.
Fixes: eb84bab0fb38 ("ppc: Kconfig: Enable BPF JIT on ppc32")
Signed-off-by: Mark Lord <mlord@pobox.com>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/net/bpf_jit_comp.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/powerpc/net/bpf_jit_comp.c
+++ b/arch/powerpc/net/bpf_jit_comp.c
@@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
break;
+ case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
+ PPC_LWZ_OFFS(r_A, r_skb, K);
+ break;
case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
break;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 128/329] s390/cio: fix ccw_device_start_timeout API
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 127/329] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 129/329] s390/cio: fix return code after missing interrupt Greg Kroah-Hartman
` (190 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Ott, Martin Schwidefsky,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit f97a6b6c47d2f329a24f92cc0ca3c6df5727ba73 ]
There are cases a device driver can't start IO because the device is
currently in use by cio. In this case the device driver is notified
when the device is usable again.
Using ccw_device_start_timeout we would set the timeout (and change
an existing timeout) before we test for internal usage. Worst case
this could lead to an unexpected timer deletion.
Fix this by setting the timeout after we test for internal usage.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/device_ops.c | 72 ++++++++++++++++++------------------------
1 file changed, 32 insertions(+), 40 deletions(-)
--- a/drivers/s390/cio/device_ops.c
+++ b/drivers/s390/cio/device_ops.c
@@ -158,7 +158,7 @@ int ccw_device_clear(struct ccw_device *
}
/**
- * ccw_device_start_key() - start a s390 channel program with key
+ * ccw_device_start_timeout_key() - start a s390 channel program with timeout and key
* @cdev: target ccw device
* @cpa: logical start address of channel program
* @intparm: user specific interruption parameter; will be presented back to
@@ -169,10 +169,15 @@ int ccw_device_clear(struct ccw_device *
* @key: storage key to be used for the I/O
* @flags: additional flags; defines the action to be performed for I/O
* processing.
+ * @expires: timeout value in jiffies
*
* Start a S/390 channel program. When the interrupt arrives, the
* IRQ handler is called, either immediately, delayed (dev-end missing,
* or sense required) or never (no IRQ handler registered).
+ * This function notifies the device driver if the channel program has not
+ * completed during the time specified by @expires. If a timeout occurs, the
+ * channel program is terminated via xsch, hsch or csch, and the device's
+ * interrupt handler will be called with an irb containing ERR_PTR(-%ETIMEDOUT).
* Returns:
* %0, if the operation was successful;
* -%EBUSY, if the device is busy, or status pending;
@@ -181,9 +186,9 @@ int ccw_device_clear(struct ccw_device *
* Context:
* Interrupts disabled, ccw device lock held
*/
-int ccw_device_start_key(struct ccw_device *cdev, struct ccw1 *cpa,
- unsigned long intparm, __u8 lpm, __u8 key,
- unsigned long flags)
+int ccw_device_start_timeout_key(struct ccw_device *cdev, struct ccw1 *cpa,
+ unsigned long intparm, __u8 lpm, __u8 key,
+ unsigned long flags, int expires)
{
struct subchannel *sch;
int ret;
@@ -223,6 +228,8 @@ int ccw_device_start_key(struct ccw_devi
switch (ret) {
case 0:
cdev->private->intparm = intparm;
+ if (expires)
+ ccw_device_set_timeout(cdev, expires);
break;
case -EACCES:
case -ENODEV:
@@ -233,7 +240,7 @@ int ccw_device_start_key(struct ccw_devi
}
/**
- * ccw_device_start_timeout_key() - start a s390 channel program with timeout and key
+ * ccw_device_start_key() - start a s390 channel program with key
* @cdev: target ccw device
* @cpa: logical start address of channel program
* @intparm: user specific interruption parameter; will be presented back to
@@ -244,15 +251,10 @@ int ccw_device_start_key(struct ccw_devi
* @key: storage key to be used for the I/O
* @flags: additional flags; defines the action to be performed for I/O
* processing.
- * @expires: timeout value in jiffies
*
* Start a S/390 channel program. When the interrupt arrives, the
* IRQ handler is called, either immediately, delayed (dev-end missing,
* or sense required) or never (no IRQ handler registered).
- * This function notifies the device driver if the channel program has not
- * completed during the time specified by @expires. If a timeout occurs, the
- * channel program is terminated via xsch, hsch or csch, and the device's
- * interrupt handler will be called with an irb containing ERR_PTR(-%ETIMEDOUT).
* Returns:
* %0, if the operation was successful;
* -%EBUSY, if the device is busy, or status pending;
@@ -261,19 +263,12 @@ int ccw_device_start_key(struct ccw_devi
* Context:
* Interrupts disabled, ccw device lock held
*/
-int ccw_device_start_timeout_key(struct ccw_device *cdev, struct ccw1 *cpa,
- unsigned long intparm, __u8 lpm, __u8 key,
- unsigned long flags, int expires)
+int ccw_device_start_key(struct ccw_device *cdev, struct ccw1 *cpa,
+ unsigned long intparm, __u8 lpm, __u8 key,
+ unsigned long flags)
{
- int ret;
-
- if (!cdev)
- return -ENODEV;
- ccw_device_set_timeout(cdev, expires);
- ret = ccw_device_start_key(cdev, cpa, intparm, lpm, key, flags);
- if (ret != 0)
- ccw_device_set_timeout(cdev, 0);
- return ret;
+ return ccw_device_start_timeout_key(cdev, cpa, intparm, lpm, key,
+ flags, 0);
}
/**
@@ -488,18 +483,20 @@ void ccw_device_get_id(struct ccw_device
EXPORT_SYMBOL(ccw_device_get_id);
/**
- * ccw_device_tm_start_key() - perform start function
+ * ccw_device_tm_start_timeout_key() - perform start function
* @cdev: ccw device on which to perform the start function
* @tcw: transport-command word to be started
* @intparm: user defined parameter to be passed to the interrupt handler
* @lpm: mask of paths to use
* @key: storage key to use for storage access
+ * @expires: time span in jiffies after which to abort request
*
* Start the tcw on the given ccw device. Return zero on success, non-zero
* otherwise.
*/
-int ccw_device_tm_start_key(struct ccw_device *cdev, struct tcw *tcw,
- unsigned long intparm, u8 lpm, u8 key)
+int ccw_device_tm_start_timeout_key(struct ccw_device *cdev, struct tcw *tcw,
+ unsigned long intparm, u8 lpm, u8 key,
+ int expires)
{
struct subchannel *sch;
int rc;
@@ -526,37 +523,32 @@ int ccw_device_tm_start_key(struct ccw_d
return -EACCES;
}
rc = cio_tm_start_key(sch, tcw, lpm, key);
- if (rc == 0)
+ if (rc == 0) {
cdev->private->intparm = intparm;
+ if (expires)
+ ccw_device_set_timeout(cdev, expires);
+ }
return rc;
}
-EXPORT_SYMBOL(ccw_device_tm_start_key);
+EXPORT_SYMBOL(ccw_device_tm_start_timeout_key);
/**
- * ccw_device_tm_start_timeout_key() - perform start function
+ * ccw_device_tm_start_key() - perform start function
* @cdev: ccw device on which to perform the start function
* @tcw: transport-command word to be started
* @intparm: user defined parameter to be passed to the interrupt handler
* @lpm: mask of paths to use
* @key: storage key to use for storage access
- * @expires: time span in jiffies after which to abort request
*
* Start the tcw on the given ccw device. Return zero on success, non-zero
* otherwise.
*/
-int ccw_device_tm_start_timeout_key(struct ccw_device *cdev, struct tcw *tcw,
- unsigned long intparm, u8 lpm, u8 key,
- int expires)
+int ccw_device_tm_start_key(struct ccw_device *cdev, struct tcw *tcw,
+ unsigned long intparm, u8 lpm, u8 key)
{
- int ret;
-
- ccw_device_set_timeout(cdev, expires);
- ret = ccw_device_tm_start_key(cdev, tcw, intparm, lpm, key);
- if (ret != 0)
- ccw_device_set_timeout(cdev, 0);
- return ret;
+ return ccw_device_tm_start_timeout_key(cdev, tcw, intparm, lpm, key, 0);
}
-EXPORT_SYMBOL(ccw_device_tm_start_timeout_key);
+EXPORT_SYMBOL(ccw_device_tm_start_key);
/**
* ccw_device_tm_start() - perform start function
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 129/329] s390/cio: fix return code after missing interrupt
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 128/329] s390/cio: fix ccw_device_start_timeout API Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 130/329] s390/cio: clear timer when terminating driver I/O Greg Kroah-Hartman
` (189 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julian Wiedmann, Sebastian Ott,
Martin Schwidefsky, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit 770b55c995d171f026a9efb85e71e3b1ea47b93d ]
When a timeout occurs for users of ccw_device_start_timeout
we will stop the IO and call the drivers int handler with
the irb pointer set to ERR_PTR(-ETIMEDOUT). Sometimes
however we'd set the irb pointer to ERR_PTR(-EIO) which is
not intended. Just set the correct value in all codepaths.
Reported-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/device_fsm.c | 6 ++++--
drivers/s390/cio/io_sch.h | 1 +
2 files changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/s390/cio/device_fsm.c
+++ b/drivers/s390/cio/device_fsm.c
@@ -822,6 +822,7 @@ ccw_device_online_timeout(struct ccw_dev
ccw_device_set_timeout(cdev, 0);
cdev->private->iretry = 255;
+ cdev->private->async_kill_io_rc = -ETIMEDOUT;
ret = ccw_device_cancel_halt_clear(cdev);
if (ret == -EBUSY) {
ccw_device_set_timeout(cdev, 3*HZ);
@@ -898,7 +899,7 @@ ccw_device_killing_irq(struct ccw_device
/* OK, i/o is dead now. Call interrupt handler. */
if (cdev->handler)
cdev->handler(cdev, cdev->private->intparm,
- ERR_PTR(-EIO));
+ ERR_PTR(cdev->private->async_kill_io_rc));
}
static void
@@ -915,7 +916,7 @@ ccw_device_killing_timeout(struct ccw_de
ccw_device_online_verify(cdev, 0);
if (cdev->handler)
cdev->handler(cdev, cdev->private->intparm,
- ERR_PTR(-EIO));
+ ERR_PTR(cdev->private->async_kill_io_rc));
}
void ccw_device_kill_io(struct ccw_device *cdev)
@@ -923,6 +924,7 @@ void ccw_device_kill_io(struct ccw_devic
int ret;
cdev->private->iretry = 255;
+ cdev->private->async_kill_io_rc = -EIO;
ret = ccw_device_cancel_halt_clear(cdev);
if (ret == -EBUSY) {
ccw_device_set_timeout(cdev, 3*HZ);
--- a/drivers/s390/cio/io_sch.h
+++ b/drivers/s390/cio/io_sch.h
@@ -154,6 +154,7 @@ struct ccw_device_private {
unsigned long intparm; /* user interruption parameter */
struct qdio_irq *qdio_data;
struct irb irb; /* device status */
+ int async_kill_io_rc;
struct senseid senseid; /* SenseID info */
struct pgid pgid[8]; /* path group IDs per chpid*/
struct ccw1 iccws[2]; /* ccws for SNID/SID/SPGID commands */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 130/329] s390/cio: clear timer when terminating driver I/O
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 129/329] s390/cio: fix return code after missing interrupt Greg Kroah-Hartman
@ 2018-05-28 10:00 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 131/329] PKCS#7: fix direct verification of SignerInfo signature Greg Kroah-Hartman
` (188 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Ott, Martin Schwidefsky,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit 410d5e13e7638bc146321671e223d56495fbf3c7 ]
When we terminate driver I/O (because we need to stop using a certain
channel path) we also need to ensure that a timer (which may have been
set up using ccw_device_start_timeout) is cleared.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/cio/device_fsm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/s390/cio/device_fsm.c
+++ b/drivers/s390/cio/device_fsm.c
@@ -923,6 +923,7 @@ void ccw_device_kill_io(struct ccw_devic
{
int ret;
+ ccw_device_set_timeout(cdev, 0);
cdev->private->iretry = 255;
cdev->private->async_kill_io_rc = -EIO;
ret = ccw_device_cancel_halt_clear(cdev);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 131/329] PKCS#7: fix direct verification of SignerInfo signature
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2018-05-28 10:00 ` [PATCH 4.9 130/329] s390/cio: clear timer when terminating driver I/O Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 132/329] ARM: OMAP: Fix dmtimer init for omap1 Greg Kroah-Hartman
` (187 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, David Howells, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
[ Upstream commit 6459ae386699a5fe0dc52cf30255f75274fa43a4 ]
If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key. But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen. That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.
This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.
Fix it by setting 'sig' correctly for the direct verification case.
Fixes: 757932e6da6d ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/asymmetric_keys/pkcs7_trust.c | 1 +
1 file changed, 1 insertion(+)
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -106,6 +106,7 @@ static int pkcs7_validate_trust_one(stru
pr_devel("sinfo %u: Direct signer is key %x\n",
sinfo->index, key_serial(key));
x509 = NULL;
+ sig = sinfo->sig;
goto matched;
}
if (PTR_ERR(key) != -ENOKEY)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 132/329] ARM: OMAP: Fix dmtimer init for omap1
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 131/329] PKCS#7: fix direct verification of SignerInfo signature Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 133/329] smsc75xx: fix smsc75xx_set_features() Greg Kroah-Hartman
` (186 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Keerthy,
Ladislav Michl, Tony Lindgren, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit ba6887836178d43b3665b9da075c2c5dfe1d207c ]
We need to enable PM runtime on omap1 also as otherwise we
will get errors:
omap_timer omap_timer.1: omap_dm_timer_probe: pm_runtime_get_sync failed!
omap_timer: probe of omap_timer.1 failed with error -13
...
We are checking for OMAP_TIMER_NEEDS_RESET flag elsewhere so this is
safe to do.
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Keerthy <j-keerthy@ti.com>
Cc: Ladislav Michl <ladis@linux-mips.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/plat-omap/dmtimer.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/arch/arm/plat-omap/dmtimer.c
+++ b/arch/arm/plat-omap/dmtimer.c
@@ -890,11 +890,8 @@ static int omap_dm_timer_probe(struct pl
timer->irq = irq->start;
timer->pdev = pdev;
- /* Skip pm_runtime_enable for OMAP1 */
- if (!(timer->capability & OMAP_TIMER_NEEDS_RESET)) {
- pm_runtime_enable(dev);
- pm_runtime_irq_safe(dev);
- }
+ pm_runtime_enable(dev);
+ pm_runtime_irq_safe(dev);
if (!timer->reserved) {
ret = pm_runtime_get_sync(dev);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 133/329] smsc75xx: fix smsc75xx_set_features()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 132/329] ARM: OMAP: Fix dmtimer init for omap1 Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 134/329] regulatory: add NUL to request alpha2 Greg Kroah-Hartman
` (185 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Steve Glendinning,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 88e80c62671ceecdbb77c902731ec95a4bfa62f9 ]
If an attempt is made to disable RX checksums, USB adapter is changed
but netdev->features is not, because smsc75xx_set_features() returns a
non zero value.
This throws errors from netdev_rx_csum_fault() :
<devname>: hw csum failure
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/smsc75xx.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/net/usb/smsc75xx.c
+++ b/drivers/net/usb/smsc75xx.c
@@ -957,10 +957,11 @@ static int smsc75xx_set_features(struct
/* it's racing here! */
ret = smsc75xx_write_reg(dev, RFE_CTL, pdata->rfe_ctl);
- if (ret < 0)
+ if (ret < 0) {
netdev_warn(dev->net, "Error writing RFE_CTL\n");
-
- return ret;
+ return ret;
+ }
+ return 0;
}
static int smsc75xx_wait_ready(struct usbnet *dev, int in_pm)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 134/329] regulatory: add NUL to request alpha2
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 133/329] smsc75xx: fix smsc75xx_set_features() Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 135/329] integrity/security: fix digsig.c build error with header file Greg Kroah-Hartman
` (184 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 657308f73e674e86b60509a430a46e569bf02846 ]
Similar to the ancient commit a5fe8e7695dc ("regulatory: add NUL
to alpha2"), add another byte to alpha2 in the request struct so
that when we use nla_put_string(), we don't overrun anything.
Fixes: 73d54c9e74c4 ("cfg80211: add regulatory netlink multicast group")
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/regulatory.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/net/regulatory.h
+++ b/include/net/regulatory.h
@@ -78,7 +78,7 @@ struct regulatory_request {
int wiphy_idx;
enum nl80211_reg_initiator initiator;
enum nl80211_user_reg_hint_type user_reg_hint_type;
- char alpha2[2];
+ char alpha2[3];
enum nl80211_dfs_regions dfs_region;
bool intersect;
bool processed;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 135/329] integrity/security: fix digsig.c build error with header file
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 134/329] regulatory: add NUL to request alpha2 Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 136/329] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Greg Kroah-Hartman
` (183 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Randy Dunlap,
Mimi Zohar, linux-integrity, James Morris, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 120f3b11ef88fc38ce1d0ff9c9a4b37860ad3140 ]
security/integrity/digsig.c has build errors on some $ARCH due to a
missing header file, so add it.
security/integrity/digsig.c:146:2: error: implicit declaration of function 'vfree' [-Werror=implicit-function-declaration]
Reported-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-integrity@vger.kernel.org
Link: http://kisskb.ellerman.id.au/kisskb/head/13396/
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/digsig.c | 1 +
1 file changed, 1 insertion(+)
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -18,6 +18,7 @@
#include <linux/cred.h>
#include <linux/key-type.h>
#include <linux/digsig.h>
+#include <linux/vmalloc.h>
#include <crypto/public_key.h>
#include <keys/system_keyring.h>
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 136/329] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 135/329] integrity/security: fix digsig.c build error with header file Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 137/329] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations Greg Kroah-Hartman
` (182 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Andrea Parri,
Paul E. McKenney, Alan Stern, Andrew Morton, Ivan Kokshaysky,
Linus Torvalds, Matt Turner, Peter Zijlstra, Richard Henderson,
Thomas Gleixner, linux-alpha, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrea Parri <parri.andrea@gmail.com>
[ Upstream commit 472e8c55cf6622d1c112dc2bc777f68bbd4189db ]
Successful RMW operations are supposed to be fully ordered, but
Alpha's xchg() and cmpxchg() do not meet this requirement.
Will Deacon noticed the bug:
> So MP using xchg:
>
> WRITE_ONCE(x, 1)
> xchg(y, 1)
>
> smp_load_acquire(y) == 1
> READ_ONCE(x) == 0
>
> would be allowed.
... which thus violates the above requirement.
Fix it by adding a leading smp_mb() to the xchg() and cmpxchg() implementations.
Reported-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrea Parri <parri.andrea@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-alpha@vger.kernel.org
Link: http://lkml.kernel.org/r/1519291488-5752-1-git-send-email-parri.andrea@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/asm/xchg.h | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--- a/arch/alpha/include/asm/xchg.h
+++ b/arch/alpha/include/asm/xchg.h
@@ -11,6 +11,10 @@
* Atomic exchange.
* Since it can be used to implement critical sections
* it must clobber "memory" (also for interrupts in UP).
+ *
+ * The leading and the trailing memory barriers guarantee that these
+ * operations are fully ordered.
+ *
*/
static inline unsigned long
@@ -18,6 +22,7 @@ ____xchg(_u8, volatile char *m, unsigned
{
unsigned long ret, tmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %4,7,%3\n"
" insbl %1,%4,%1\n"
@@ -42,6 +47,7 @@ ____xchg(_u16, volatile short *m, unsign
{
unsigned long ret, tmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %4,7,%3\n"
" inswl %1,%4,%1\n"
@@ -66,6 +72,7 @@ ____xchg(_u32, volatile int *m, unsigned
{
unsigned long dummy;
+ smp_mb();
__asm__ __volatile__(
"1: ldl_l %0,%4\n"
" bis $31,%3,%1\n"
@@ -86,6 +93,7 @@ ____xchg(_u64, volatile long *m, unsigne
{
unsigned long dummy;
+ smp_mb();
__asm__ __volatile__(
"1: ldq_l %0,%4\n"
" bis $31,%3,%1\n"
@@ -127,9 +135,12 @@ ____xchg(, volatile void *ptr, unsigned
* store NEW in MEM. Return the initial value in MEM. Success is
* indicated by comparing RETURN with OLD.
*
- * The memory barrier is placed in SMP unconditionally, in order to
- * guarantee that dependency ordering is preserved when a dependency
- * is headed by an unsuccessful operation.
+ * The leading and the trailing memory barriers guarantee that these
+ * operations are fully ordered.
+ *
+ * The trailing memory barrier is placed in SMP unconditionally, in
+ * order to guarantee that dependency ordering is preserved when a
+ * dependency is headed by an unsuccessful operation.
*/
static inline unsigned long
@@ -137,6 +148,7 @@ ____cmpxchg(_u8, volatile char *m, unsig
{
unsigned long prev, tmp, cmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %5,7,%4\n"
" insbl %1,%5,%1\n"
@@ -164,6 +176,7 @@ ____cmpxchg(_u16, volatile short *m, uns
{
unsigned long prev, tmp, cmp, addr64;
+ smp_mb();
__asm__ __volatile__(
" andnot %5,7,%4\n"
" inswl %1,%5,%1\n"
@@ -191,6 +204,7 @@ ____cmpxchg(_u32, volatile int *m, int o
{
unsigned long prev, cmp;
+ smp_mb();
__asm__ __volatile__(
"1: ldl_l %0,%5\n"
" cmpeq %0,%3,%1\n"
@@ -214,6 +228,7 @@ ____cmpxchg(_u64, volatile long *m, unsi
{
unsigned long prev, cmp;
+ smp_mb();
__asm__ __volatile__(
"1: ldq_l %0,%5\n"
" cmpeq %0,%3,%1\n"
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 137/329] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 136/329] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 138/329] mac80211: drop frames with unexpected DS bits from fast-rx to slow path Greg Kroah-Hartman
` (181 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dou Liyang, Samuel Neves,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, jgross, luto,
prarit, vkuznets, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Samuel Neves <sneves@dei.uc.pt>
[ Upstream commit 4596749339e06dc7a424fc08a15eded850ed78b7 ]
Without this fix, /proc/cpuinfo will display an incorrect amount
of CPU cores, after bringing them offline and online again, as
exemplified below:
$ cat /proc/cpuinfo | grep cores
cpu cores : 4
cpu cores : 8
cpu cores : 8
cpu cores : 20
cpu cores : 4
cpu cores : 3
cpu cores : 2
cpu cores : 2
This patch fixes this by always zeroing the booted_cores variable
upon turning off a logical CPU.
Tested-by: Dou Liyang <douly.fnst@cn.fujitsu.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jgross@suse.com
Cc: luto@kernel.org
Cc: prarit@redhat.com
Cc: vkuznets@redhat.com
Link: http://lkml.kernel.org/r/20180221205036.5244-1-sneves@dei.uc.pt
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/smpboot.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -1497,6 +1497,7 @@ static void remove_siblinginfo(int cpu)
cpumask_clear(topology_core_cpumask(cpu));
c->phys_proc_id = 0;
c->cpu_core_id = 0;
+ c->booted_cores = 0;
cpumask_clear_cpu(cpu, cpu_sibling_setup_mask);
recompute_smt_state();
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 138/329] mac80211: drop frames with unexpected DS bits from fast-rx to slow path
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 137/329] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 139/329] arm64: fix unwind_frame() for filtered out fn for function graph tracing Greg Kroah-Hartman
` (180 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Johannes Berg, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit b323ac19b7734a1c464b2785a082ee50bccd3b91 ]
Fixes rx for 4-addr packets in AP mode. These may be used for setting
up a 4-addr link for stations that are allowed to do so.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3907,7 +3907,7 @@ static bool ieee80211_invoke_fast_rx(str
if ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FROMDS |
IEEE80211_FCTL_TODS)) !=
fast_rx->expected_ds_bits)
- goto drop;
+ return false;
/* assign the key to drop unencrypted frames (later)
* and strip the IV/MIC if necessary
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 139/329] arm64: fix unwind_frame() for filtered out fn for function graph tracing
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 138/329] mac80211: drop frames with unexpected DS bits from fast-rx to slow path Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 140/329] macvlan: fix use-after-free in macvlan_common_newlink() Greg Kroah-Hartman
` (179 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pratyush Anand, Jerome Marchand,
Catalin Marinas, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pratyush Anand <panand@redhat.com>
[ Upstream commit 9f416319f40cd857d2bb517630e5855a905ef3fb ]
do_task_stat() calls get_wchan(), which further does unwind_frame().
unwind_frame() restores frame->pc to original value in case function
graph tracer has modified a return address (LR) in a stack frame to hook
a function return. However, if function graph tracer has hit a filtered
function, then we can't unwind it as ftrace_push_return_trace() has
biased the index(frame->graph) with a 'huge negative'
offset(-FTRACE_NOTRACE_DEPTH).
Moreover, arm64 stack walker defines index(frame->graph) as unsigned
int, which can not compare a -ve number.
Similar problem we can have with calling of walk_stackframe() from
save_stack_trace_tsk() or dump_backtrace().
This patch fixes unwind_frame() to test the index for -ve value and
restore index accordingly before we can restore frame->pc.
Reproducer:
cd /sys/kernel/debug/tracing/
echo schedule > set_graph_notrace
echo 1 > options/display-graph
echo wakeup > current_tracer
ps -ef | grep -i agent
Above commands result in:
Unable to handle kernel paging request at virtual address ffff801bd3d1e000
pgd = ffff8003cbe97c00
[ffff801bd3d1e000] *pgd=0000000000000000, *pud=0000000000000000
Internal error: Oops: 96000006 [#1] SMP
[...]
CPU: 5 PID: 11696 Comm: ps Not tainted 4.11.0+ #33
[...]
task: ffff8003c21ba000 task.stack: ffff8003cc6c0000
PC is at unwind_frame+0x12c/0x180
LR is at get_wchan+0xd4/0x134
pc : [<ffff00000808892c>] lr : [<ffff0000080860b8>] pstate: 60000145
sp : ffff8003cc6c3ab0
x29: ffff8003cc6c3ab0 x28: 0000000000000001
x27: 0000000000000026 x26: 0000000000000026
x25: 00000000000012d8 x24: 0000000000000000
x23: ffff8003c1c04000 x22: ffff000008c83000
x21: ffff8003c1c00000 x20: 000000000000000f
x19: ffff8003c1bc0000 x18: 0000fffffc593690
x17: 0000000000000000 x16: 0000000000000001
x15: 0000b855670e2b60 x14: 0003e97f22cf1d0f
x13: 0000000000000001 x12: 0000000000000000
x11: 00000000e8f4883e x10: 0000000154f47ec8
x9 : 0000000070f367c0 x8 : 0000000000000000
x7 : 00008003f7290000 x6 : 0000000000000018
x5 : 0000000000000000 x4 : ffff8003c1c03cb0
x3 : ffff8003c1c03ca0 x2 : 00000017ffe80000
x1 : ffff8003cc6c3af8 x0 : ffff8003d3e9e000
Process ps (pid: 11696, stack limit = 0xffff8003cc6c0000)
Stack: (0xffff8003cc6c3ab0 to 0xffff8003cc6c4000)
[...]
[<ffff00000808892c>] unwind_frame+0x12c/0x180
[<ffff000008305008>] do_task_stat+0x864/0x870
[<ffff000008305c44>] proc_tgid_stat+0x3c/0x48
[<ffff0000082fde0c>] proc_single_show+0x5c/0xb8
[<ffff0000082b27e0>] seq_read+0x160/0x414
[<ffff000008289e6c>] __vfs_read+0x58/0x164
[<ffff00000828b164>] vfs_read+0x88/0x144
[<ffff00000828c2e8>] SyS_read+0x60/0xc0
[<ffff0000080834a0>] __sys_trace_return+0x0/0x4
Fixes: 20380bb390a4 (arm64: ftrace: fix a stack tracer's output under function graph tracer)
Signed-off-by: Pratyush Anand <panand@redhat.com>
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
[catalin.marinas@arm.com: replace WARN_ON with WARN_ON_ONCE]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/stacktrace.h | 2 +-
arch/arm64/kernel/stacktrace.c | 5 +++++
arch/arm64/kernel/time.c | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
--- a/arch/arm64/include/asm/stacktrace.h
+++ b/arch/arm64/include/asm/stacktrace.h
@@ -23,7 +23,7 @@ struct stackframe {
unsigned long sp;
unsigned long pc;
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
- unsigned int graph;
+ int graph;
#endif
};
--- a/arch/arm64/kernel/stacktrace.c
+++ b/arch/arm64/kernel/stacktrace.c
@@ -72,6 +72,11 @@ int notrace unwind_frame(struct task_str
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
if (tsk->ret_stack &&
(frame->pc == (unsigned long)return_to_handler)) {
+ if (WARN_ON_ONCE(frame->graph == -1))
+ return -EINVAL;
+ if (frame->graph < -1)
+ frame->graph += FTRACE_NOTRACE_DEPTH;
+
/*
* This is a case where function graph tracer has
* modified a return address (LR) in a stack frame
--- a/arch/arm64/kernel/time.c
+++ b/arch/arm64/kernel/time.c
@@ -53,7 +53,7 @@ unsigned long profile_pc(struct pt_regs
frame.sp = regs->sp;
frame.pc = regs->pc;
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
- frame.graph = -1; /* no task info */
+ frame.graph = current->curr_ret_stack;
#endif
do {
int ret = unwind_frame(NULL, &frame);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 140/329] macvlan: fix use-after-free in macvlan_common_newlink()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 139/329] arm64: fix unwind_frame() for filtered out fn for function graph tracing Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 141/329] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Greg Kroah-Hartman
` (178 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kodanev, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Kodanev <alexey.kodanev@oracle.com>
[ Upstream commit 4e14bf4236490306004782813b8b4494b18f5e60 ]
The following use-after-free was reported by KASan when running
LTP macvtap01 test on 4.16-rc2:
[10642.528443] BUG: KASAN: use-after-free in
macvlan_common_newlink+0x12ef/0x14a0 [macvlan]
[10642.626607] Read of size 8 at addr ffff880ba49f2100 by task ip/18450
...
[10642.963873] Call Trace:
[10642.994352] dump_stack+0x5c/0x7c
[10643.035325] print_address_description+0x75/0x290
[10643.092938] kasan_report+0x28d/0x390
[10643.137971] ? macvlan_common_newlink+0x12ef/0x14a0 [macvlan]
[10643.207963] macvlan_common_newlink+0x12ef/0x14a0 [macvlan]
[10643.275978] macvtap_newlink+0x171/0x260 [macvtap]
[10643.334532] rtnl_newlink+0xd4f/0x1300
...
[10646.256176] Allocated by task 18450:
[10646.299964] kasan_kmalloc+0xa6/0xd0
[10646.343746] kmem_cache_alloc_trace+0xf1/0x210
[10646.397826] macvlan_common_newlink+0x6de/0x14a0 [macvlan]
[10646.464386] macvtap_newlink+0x171/0x260 [macvtap]
[10646.522728] rtnl_newlink+0xd4f/0x1300
...
[10647.022028] Freed by task 18450:
[10647.061549] __kasan_slab_free+0x138/0x180
[10647.111468] kfree+0x9e/0x1c0
[10647.147869] macvlan_port_destroy+0x3db/0x650 [macvlan]
[10647.211411] rollback_registered_many+0x5b9/0xb10
[10647.268715] rollback_registered+0xd9/0x190
[10647.319675] register_netdevice+0x8eb/0xc70
[10647.370635] macvlan_common_newlink+0xe58/0x14a0 [macvlan]
[10647.437195] macvtap_newlink+0x171/0x260 [macvtap]
Commit d02fd6e7d293 ("macvlan: Fix one possible double free") handles
the case when register_netdevice() invokes ndo_uninit() on error and
as a result free the port. But 'macvlan_port_get_rtnl(dev))' check
(returns dev->rx_handler_data), which was added by this commit in order
to prevent double free, is not quite correct:
* for macvlan it always returns NULL because 'lowerdev' is the one that
was used to register rx handler (port) in macvlan_port_create() as
well as to unregister it in macvlan_port_destroy().
* for macvtap it always returns a valid pointer because macvtap registers
its own rx handler before macvlan_common_newlink().
Fixes: d02fd6e7d293 ("macvlan: Fix one possible double free")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macvlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -1384,7 +1384,7 @@ destroy_macvlan_port:
/* the macvlan port may be freed by macvlan_uninit when fail to register.
* so we destroy the macvlan port only when it's valid.
*/
- if (create && macvlan_port_get_rtnl(dev))
+ if (create && macvlan_port_get_rtnl(lowerdev))
macvlan_port_destroy(port->dev);
return err;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 141/329] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 140/329] macvlan: fix use-after-free in macvlan_common_newlink() Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 142/329] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add Greg Kroah-Hartman
` (177 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Ott, Christian Borntraeger,
Paolo Bonzini, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
[ Upstream commit 076467490b8176eb96eddc548a14d4135c7b5852 ]
Move the kvm_arch_irq_routing_update() prototype outside of
ifdef CONFIG_HAVE_KVM_EVENTFD guards to fix the following sparse warning:
arch/s390/kvm/../../../virt/kvm/irqchip.c:171:28: warning: symbol 'kvm_arch_irq_routing_update' was not declared. Should it be static?
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kvm_host.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -1070,7 +1070,6 @@ static inline void kvm_irq_routing_updat
{
}
#endif
-void kvm_arch_irq_routing_update(struct kvm *kvm);
static inline int kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
{
@@ -1079,6 +1078,8 @@ static inline int kvm_ioeventfd(struct k
#endif /* CONFIG_HAVE_KVM_EVENTFD */
+void kvm_arch_irq_routing_update(struct kvm *kvm);
+
static inline void kvm_make_request(int req, struct kvm_vcpu *vcpu)
{
/*
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 142/329] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 141/329] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 143/329] fs: dcache: Use READ_ONCE when accessing i_dir_seq Greg Kroah-Hartman
` (176 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Al Viro,
Naresh Madhusudana, Matthew Wilcox, Will Deacon, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 015555fd4d2930bc0c86952c46ad88b3392f66e4 ]
If d_alloc_parallel runs concurrently with __d_add, it is possible for
d_alloc_parallel to continuously retry whilst i_dir_seq has been
incremented to an odd value by __d_add:
CPU0:
__d_add
n = start_dir_add(dir);
cmpxchg(&dir->i_dir_seq, n, n + 1) == n
CPU1:
d_alloc_parallel
retry:
seq = smp_load_acquire(&parent->d_inode->i_dir_seq) & ~1;
hlist_bl_lock(b);
bit_spin_lock(0, (unsigned long *)b); // Always succeeds
CPU0:
__d_lookup_done(dentry)
hlist_bl_lock
bit_spin_lock(0, (unsigned long *)b); // Never succeeds
CPU1:
if (unlikely(parent->d_inode->i_dir_seq != seq)) {
hlist_bl_unlock(b);
goto retry;
}
Since the simple bit_spin_lock used to implement hlist_bl_lock does not
provide any fairness guarantees, then CPU1 can starve CPU0 of the lock
and prevent it from reaching end_dir_add(dir), therefore CPU1 cannot
exit its retry loop because the sequence number always has the bottom
bit set.
This patch resolves the livelock by not taking hlist_bl_lock in
d_alloc_parallel if the sequence counter is odd, since any subsequent
masked comparison with i_dir_seq will fail anyway.
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Naresh Madhusudana <naresh.madhusudana@arm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2474,7 +2474,7 @@ struct dentry *d_alloc_parallel(struct d
retry:
rcu_read_lock();
- seq = smp_load_acquire(&parent->d_inode->i_dir_seq) & ~1;
+ seq = smp_load_acquire(&parent->d_inode->i_dir_seq);
r_seq = read_seqbegin(&rename_lock);
dentry = __d_lookup_rcu(parent, name, &d_seq);
if (unlikely(dentry)) {
@@ -2495,6 +2495,12 @@ retry:
rcu_read_unlock();
goto retry;
}
+
+ if (unlikely(seq & 1)) {
+ rcu_read_unlock();
+ goto retry;
+ }
+
hlist_bl_lock(b);
if (unlikely(parent->d_inode->i_dir_seq != seq)) {
hlist_bl_unlock(b);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 143/329] fs: dcache: Use READ_ONCE when accessing i_dir_seq
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 142/329] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 144/329] md: fix a potential deadlock of raid5/raid10 reshape Greg Kroah-Hartman
` (175 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Will Deacon, Al Viro,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
[ Upstream commit 8cc07c808c9d595e81cbe5aad419b7769eb2e5c9 ]
i_dir_seq is subject to concurrent modification by a cmpxchg or
store-release operation, so ensure that the relaxed access in
d_alloc_parallel uses READ_ONCE.
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dcache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2502,7 +2502,7 @@ retry:
}
hlist_bl_lock(b);
- if (unlikely(parent->d_inode->i_dir_seq != seq)) {
+ if (unlikely(READ_ONCE(parent->d_inode->i_dir_seq) != seq)) {
hlist_bl_unlock(b);
rcu_read_unlock();
goto retry;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 144/329] md: fix a potential deadlock of raid5/raid10 reshape
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 143/329] fs: dcache: Use READ_ONCE when accessing i_dir_seq Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 145/329] md/raid1: fix NULL pointer dereference Greg Kroah-Hartman
` (174 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Wu, Chung-Chiang Cheng,
BingJing Chang, Shaohua Li, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: BingJing Chang <bingjingc@synology.com>
[ Upstream commit 8876391e440ba615b10eef729576e111f0315f87 ]
There is a potential deadlock if mount/umount happens when
raid5_finish_reshape() tries to grow the size of emulated disk.
How the deadlock happens?
1) The raid5 resync thread finished reshape (expanding array).
2) The mount or umount thread holds VFS sb->s_umount lock and tries to
write through critical data into raid5 emulated block device. So it
waits for raid5 kernel thread handling stripes in order to finish it
I/Os.
3) In the routine of raid5 kernel thread, md_check_recovery() will be
called first in order to reap the raid5 resync thread. That is,
raid5_finish_reshape() will be called. In this function, it will try
to update conf and call VFS revalidate_disk() to grow the raid5
emulated block device. It will try to acquire VFS sb->s_umount lock.
The raid5 kernel thread cannot continue, so no one can handle mount/
umount I/Os (stripes). Once the write-through I/Os cannot be finished,
mount/umount will not release sb->s_umount lock. The deadlock happens.
The raid5 kernel thread is an emulated block device. It is responible to
handle I/Os (stripes) from upper layers. The emulated block device
should not request any I/Os on itself. That is, it should not call VFS
layer functions. (If it did, it will try to acquire VFS locks to
guarantee the I/Os sequence.) So we have the resync thread to send
resync I/O requests and to wait for the results.
For solving this potential deadlock, we can put the size growth of the
emulated block device as the final step of reshape thread.
2017/12/29:
Thanks to Guoqing Jiang <gqjiang@suse.com>,
we confirmed that there is the same deadlock issue in raid10. It's
reproducible and can be fixed by this patch. For raid10.c, we can remove
the similar code to prevent deadlock as well since they has been called
before.
Reported-by: Alex Wu <alexwu@synology.com>
Reviewed-by: Alex Wu <alexwu@synology.com>
Reviewed-by: Chung-Chiang Cheng <cccheng@synology.com>
Signed-off-by: BingJing Chang <bingjingc@synology.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 13 +++++++++++++
drivers/md/raid10.c | 8 +-------
drivers/md/raid5.c | 8 +-------
3 files changed, 15 insertions(+), 14 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8200,6 +8200,19 @@ void md_do_sync(struct md_thread *thread
set_mask_bits(&mddev->flags, 0,
BIT(MD_CHANGE_PENDING) | BIT(MD_CHANGE_DEVS));
+ if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery) &&
+ !test_bit(MD_RECOVERY_INTR, &mddev->recovery) &&
+ mddev->delta_disks > 0 &&
+ mddev->pers->finish_reshape &&
+ mddev->pers->size &&
+ mddev->queue) {
+ mddev_lock_nointr(mddev);
+ md_set_array_sectors(mddev, mddev->pers->size(mddev, 0, 0));
+ mddev_unlock(mddev);
+ set_capacity(mddev->gendisk, mddev->array_sectors);
+ revalidate_disk(mddev->gendisk);
+ }
+
spin_lock(&mddev->lock);
if (!test_bit(MD_RECOVERY_INTR, &mddev->recovery)) {
/* We completed so min/max setting can be forgotten if used. */
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -4684,17 +4684,11 @@ static void raid10_finish_reshape(struct
return;
if (mddev->delta_disks > 0) {
- sector_t size = raid10_size(mddev, 0, 0);
- md_set_array_sectors(mddev, size);
if (mddev->recovery_cp > mddev->resync_max_sectors) {
mddev->recovery_cp = mddev->resync_max_sectors;
set_bit(MD_RECOVERY_NEEDED, &mddev->recovery);
}
- mddev->resync_max_sectors = size;
- if (mddev->queue) {
- set_capacity(mddev->gendisk, mddev->array_sectors);
- revalidate_disk(mddev->gendisk);
- }
+ mddev->resync_max_sectors = mddev->array_sectors;
} else {
int d;
rcu_read_lock();
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -7615,13 +7615,7 @@ static void raid5_finish_reshape(struct
if (!test_bit(MD_RECOVERY_INTR, &mddev->recovery)) {
- if (mddev->delta_disks > 0) {
- md_set_array_sectors(mddev, raid5_size(mddev, 0, 0));
- if (mddev->queue) {
- set_capacity(mddev->gendisk, mddev->array_sectors);
- revalidate_disk(mddev->gendisk);
- }
- } else {
+ if (mddev->delta_disks <= 0) {
int d;
spin_lock_irq(&conf->device_lock);
mddev->degraded = calc_degraded(conf);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 145/329] md/raid1: fix NULL pointer dereference
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 144/329] md: fix a potential deadlock of raid5/raid10 reshape Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 146/329] batman-adv: fix packet checksum in receive path Greg Kroah-Hartman
` (173 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Yufen Yu, Shaohua Li, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yufen Yu <yuyufen@huawei.com>
[ Upstream commit 3de59bb9d551428cbdc76a9ea57883f82e350b4d ]
In handle_write_finished(), if r1_bio->bios[m] != NULL, it thinks
the corresponding conf->mirrors[m].rdev is also not NULL. But, it
is not always true.
Even if some io hold replacement rdev(i.e. rdev->nr_pending.count > 0),
raid1_remove_disk() can also set the rdev as NULL. That means,
bios[m] != NULL, but mirrors[m].rdev is NULL, resulting in NULL
pointer dereference in handle_write_finished and sync_request_write.
This patch can fix BUGs as follows:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000140
IP: [<ffffffff815bbbbd>] raid1d+0x2bd/0xfc0
PGD 12ab52067 PUD 12f587067 PMD 0
Oops: 0000 [#1] SMP
CPU: 1 PID: 2008 Comm: md3_raid1 Not tainted 4.1.44+ #130
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
Call Trace:
? schedule+0x37/0x90
? prepare_to_wait_event+0x83/0xf0
md_thread+0x144/0x150
? wake_atomic_t_function+0x70/0x70
? md_start_sync+0xf0/0xf0
kthread+0xd8/0xf0
? kthread_worker_fn+0x160/0x160
ret_from_fork+0x42/0x70
? kthread_worker_fn+0x160/0x160
BUG: unable to handle kernel NULL pointer dereference at 00000000000000b8
IP: sync_request_write+0x9e/0x980
PGD 800000007c518067 P4D 800000007c518067 PUD 8002b067 PMD 0
Oops: 0000 [#1] SMP PTI
CPU: 24 PID: 2549 Comm: md3_raid1 Not tainted 4.15.0+ #118
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
Call Trace:
? sched_clock+0x5/0x10
? sched_clock_cpu+0xc/0xb0
? flush_pending_writes+0x3a/0xd0
? pick_next_task_fair+0x4d5/0x5f0
? __switch_to+0xa2/0x430
raid1d+0x65a/0x870
? find_pers+0x70/0x70
? find_pers+0x70/0x70
? md_thread+0x11c/0x160
md_thread+0x11c/0x160
? finish_wait+0x80/0x80
kthread+0x111/0x130
? kthread_create_worker_on_cpu+0x70/0x70
? do_syscall_64+0x6f/0x190
? SyS_exit_group+0x10/0x10
ret_from_fork+0x35/0x40
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid1.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1673,6 +1673,17 @@ static int raid1_remove_disk(struct mdde
struct md_rdev *repl =
conf->mirrors[conf->raid_disks + number].rdev;
freeze_array(conf, 0);
+ if (atomic_read(&repl->nr_pending)) {
+ /* It means that some queued IO of retry_list
+ * hold repl. Thus, we cannot set replacement
+ * as NULL, avoiding rdev NULL pointer
+ * dereference in sync_request_write and
+ * handle_write_finished.
+ */
+ err = -EBUSY;
+ unfreeze_array(conf);
+ goto abort;
+ }
clear_bit(Replacement, &repl->flags);
p->rdev = repl;
conf->mirrors[conf->raid_disks + number].rdev = NULL;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 146/329] batman-adv: fix packet checksum in receive path
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 145/329] md/raid1: fix NULL pointer dereference Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 147/329] batman-adv: invalidate checksum on fragment reassembly Greg Kroah-Hartman
` (172 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maximilian Wilhelm,
Matthias Schiffer, Sven Eckelmann, Simon Wunderlich, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <mschiffer@universe-factory.net>
[ Upstream commit abd6360591d3f8259f41c34e31ac4826dfe621b8 ]
eth_type_trans() internally calls skb_pull(), which does not adjust the
skb checksum; skb_postpull_rcsum() is necessary to avoid log spam of the
form "bat0: hw csum failure" when packets with CHECKSUM_COMPLETE are
received.
Note that in usual setups, packets don't reach batman-adv with
CHECKSUM_COMPLETE (I assume NICs bail out of checksumming when they see
batadv's ethtype?), which is why the log messages do not occur on every
system using batman-adv. I could reproduce this issue by stacking
batman-adv on top of a VXLAN interface.
Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
Tested-by: Maximilian Wilhelm <max@sdn.clinic>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/soft-interface.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -448,13 +448,7 @@ void batadv_interface_rx(struct net_devi
/* skb->dev & skb->pkt_type are set here */
skb->protocol = eth_type_trans(skb, soft_iface);
-
- /* should not be necessary anymore as we use skb_pull_rcsum()
- * TODO: please verify this and remove this TODO
- * -- Dec 21st 2009, Simon Wunderlich
- */
-
- /* skb->ip_summed = CHECKSUM_UNNECESSARY; */
+ skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
batadv_inc_counter(bat_priv, BATADV_CNT_RX);
batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 147/329] batman-adv: invalidate checksum on fragment reassembly
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 146/329] batman-adv: fix packet checksum in receive path Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 148/329] netfilter: ebtables: convert BUG_ONs to WARN_ONs Greg Kroah-Hartman
` (171 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maximilian Wilhelm,
Matthias Schiffer, Sven Eckelmann, Simon Wunderlich, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <mschiffer@universe-factory.net>
[ Upstream commit 3bf2a09da956b43ecfaa630a2ef9a477f991a46a ]
A more sophisticated implementation could try to combine fragment checksums
when all fragments have CHECKSUM_COMPLETE and are split at even offsets.
For now, we just set ip_summed to CHECKSUM_NONE to avoid "hw csum failure"
warnings in the kernel log when fragmented frames are received. In
consequence, skb_pull_rcsum() can be replaced with skb_pull().
Note that in usual setups, packets don't reach batman-adv with
CHECKSUM_COMPLETE (I assume NICs bail out of checksumming when they see
batadv's ethtype?), which is why the log messages do not occur on every
system using batman-adv. I could reproduce this issue by stacking
batman-adv on top of a VXLAN interface.
Fixes: 610bfc6bc99b ("batman-adv: Receive fragmented packets and merge")
Tested-by: Maximilian Wilhelm <max@sdn.clinic>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/fragmentation.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -276,7 +276,8 @@ batadv_frag_merge_packets(struct hlist_h
/* Move the existing MAC header to just before the payload. (Override
* the fragment header.)
*/
- skb_pull_rcsum(skb_out, hdr_size);
+ skb_pull(skb_out, hdr_size);
+ skb_out->ip_summed = CHECKSUM_NONE;
memmove(skb_out->data - ETH_HLEN, skb_mac_header(skb_out), ETH_HLEN);
skb_set_mac_header(skb_out, -ETH_HLEN);
skb_reset_network_header(skb_out);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 148/329] netfilter: ebtables: convert BUG_ONs to WARN_ONs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 147/329] batman-adv: invalidate checksum on fragment reassembly Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 149/329] batman-adv: Ignore invalid batadv_iv_gw during netlink send Greg Kroah-Hartman
` (170 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit fc6a5d0601c5ac1d02f283a46f60b87b2033e5ca ]
All of these conditions are not fatal and should have
been WARN_ONs from the get-go.
Convert them to WARN_ONs and bail out.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/netfilter/ebtables.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1625,7 +1625,8 @@ static int compat_match_to_user(struct e
int off = ebt_compat_match_offset(match, m->match_size);
compat_uint_t msize = m->match_size - off;
- BUG_ON(off >= m->match_size);
+ if (WARN_ON(off >= m->match_size))
+ return -EINVAL;
if (copy_to_user(cm->u.name, match->name,
strlen(match->name) + 1) || put_user(msize, &cm->match_size))
@@ -1652,7 +1653,8 @@ static int compat_target_to_user(struct
int off = xt_compat_target_offset(target);
compat_uint_t tsize = t->target_size - off;
- BUG_ON(off >= t->target_size);
+ if (WARN_ON(off >= t->target_size))
+ return -EINVAL;
if (copy_to_user(cm->u.name, target->name,
strlen(target->name) + 1) || put_user(tsize, &cm->match_size))
@@ -1880,7 +1882,8 @@ static int ebt_buf_add(struct ebt_entrie
if (state->buf_kern_start == NULL)
goto count_only;
- BUG_ON(state->buf_kern_offset + sz > state->buf_kern_len);
+ if (WARN_ON(state->buf_kern_offset + sz > state->buf_kern_len))
+ return -EINVAL;
memcpy(state->buf_kern_start + state->buf_kern_offset, data, sz);
@@ -1893,7 +1896,8 @@ static int ebt_buf_add_pad(struct ebt_en
{
char *b = state->buf_kern_start;
- BUG_ON(b && state->buf_kern_offset > state->buf_kern_len);
+ if (WARN_ON(b && state->buf_kern_offset > state->buf_kern_len))
+ return -EINVAL;
if (b != NULL && sz > 0)
memset(b + state->buf_kern_offset, 0, sz);
@@ -1970,8 +1974,10 @@ static int compat_mtw_from_user(struct c
pad = XT_ALIGN(size_kern) - size_kern;
if (pad > 0 && dst) {
- BUG_ON(state->buf_kern_len <= pad);
- BUG_ON(state->buf_kern_offset - (match_size + off) + size_kern > state->buf_kern_len - pad);
+ if (WARN_ON(state->buf_kern_len <= pad))
+ return -EINVAL;
+ if (WARN_ON(state->buf_kern_offset - (match_size + off) + size_kern > state->buf_kern_len - pad))
+ return -EINVAL;
memset(dst + size_kern, 0, pad);
}
return off + match_size;
@@ -2021,7 +2027,8 @@ static int ebt_size_mwt(struct compat_eb
if (ret < 0)
return ret;
- BUG_ON(ret < match32->match_size);
+ if (WARN_ON(ret < match32->match_size))
+ return -EINVAL;
growth += ret - match32->match_size;
growth += ebt_compat_entry_padsize();
@@ -2130,7 +2137,8 @@ static int size_entry_mwt(struct ebt_ent
startoff = state->buf_user_offset - startoff;
- BUG_ON(*total < startoff);
+ if (WARN_ON(*total < startoff))
+ return -EINVAL;
*total -= startoff;
return 0;
}
@@ -2257,7 +2265,8 @@ static int compat_do_replace(struct net
state.buf_kern_len = size64;
ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
- BUG_ON(ret < 0); /* parses same data again */
+ if (WARN_ON(ret < 0))
+ goto out_unlock;
vfree(entries_tmp);
tmp.entries_size = size64;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 149/329] batman-adv: Ignore invalid batadv_iv_gw during netlink send
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 148/329] netfilter: ebtables: convert BUG_ONs to WARN_ONs Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 150/329] batman-adv: Ignore invalid batadv_v_gw " Greg Kroah-Hartman
` (169 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Eckelmann, Simon Wunderlich,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
[ Upstream commit 10d570284258a30dc104c50787c5289ec49f3d23 ]
The function batadv_iv_gw_dump stops the processing loop when
batadv_iv_gw_dump_entry returns a non-0 return code. This should only
happen when the buffer is full. Otherwise, an empty message may be
returned by batadv_gw_dump. This empty message will then stop the netlink
dumping of gateway entries. At worst, not a single entry is returned to
userspace even when plenty of possible gateways exist.
Fixes: efb766af06e3 ("batman-adv: add B.A.T.M.A.N. IV bat_gw_dump implementations")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_iv_ogm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -2705,7 +2705,7 @@ static int batadv_iv_gw_dump_entry(struc
struct batadv_neigh_ifinfo *router_ifinfo = NULL;
struct batadv_neigh_node *router;
struct batadv_gw_node *curr_gw;
- int ret = -EINVAL;
+ int ret = 0;
void *hdr;
router = batadv_orig_router_get(gw_node->orig_node, BATADV_IF_DEFAULT);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 150/329] batman-adv: Ignore invalid batadv_v_gw during netlink send
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 149/329] batman-adv: Ignore invalid batadv_iv_gw during netlink send Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 153/329] nvme-pci: Fix nvme queue cleanup if IRQ setup fails Greg Kroah-Hartman
` (168 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Eckelmann, Simon Wunderlich,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
[ Upstream commit 011c935fceae5252619ef730baa610c655281dda ]
The function batadv_v_gw_dump stops the processing loop when
batadv_v_gw_dump_entry returns a non-0 return code. This should only
happen when the buffer is full. Otherwise, an empty message may be
returned by batadv_gw_dump. This empty message will then stop the netlink
dumping of gateway entries. At worst, not a single entry is returned to
userspace even when plenty of possible gateways exist.
Fixes: b71bb6f924fe ("batman-adv: add B.A.T.M.A.N. V bat_gw_dump implementations")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/bat_v.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -920,7 +920,7 @@ static int batadv_v_gw_dump_entry(struct
struct batadv_neigh_ifinfo *router_ifinfo = NULL;
struct batadv_neigh_node *router;
struct batadv_gw_node *curr_gw;
- int ret = -EINVAL;
+ int ret = 0;
void *hdr;
router = batadv_orig_router_get(gw_node->orig_node, BATADV_IF_DEFAULT);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 153/329] nvme-pci: Fix nvme queue cleanup if IRQ setup fails
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 150/329] batman-adv: Ignore invalid batadv_v_gw " Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 154/329] clocksource/drivers/fsl_ftm_timer: Fix error return checking Greg Kroah-Hartman
` (167 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianchao Wang, Keith Busch, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jianchao Wang <jianchao.w.wang@oracle.com>
[ Upstream commit f25a2dfc20e3a3ed8fe6618c331799dd7bd01190 ]
This patch fixes nvme queue cleanup if requesting an IRQ handler for
the queue's vector fails. It does this by resetting the cq_vector to
the uninitialized value of -1 so it is ignored for a controller reset.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
[changelog updates, removed misc whitespace changes]
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1120,7 +1120,7 @@ static int nvme_create_queue(struct nvme
nvmeq->cq_vector = qid - 1;
result = adapter_alloc_cq(dev, qid, nvmeq);
if (result < 0)
- return result;
+ goto release_vector;
result = adapter_alloc_sq(dev, qid, nvmeq);
if (result < 0)
@@ -1134,9 +1134,12 @@ static int nvme_create_queue(struct nvme
return result;
release_sq:
+ dev->online_queues--;
adapter_delete_sq(dev, qid);
release_cq:
adapter_delete_cq(dev, qid);
+ release_vector:
+ nvmeq->cq_vector = -1;
return result;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 154/329] clocksource/drivers/fsl_ftm_timer: Fix error return checking
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 153/329] nvme-pci: Fix nvme queue cleanup if IRQ setup fails Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 155/329] ceph: fix dentry leak when failing to init debugfs Greg Kroah-Hartman
` (166 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Thomas Gleixner,
Daniel Lezcano, kernel-janitors, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit f287eb9013ccf199cbfa4eabd80c36fedfc15a73 ]
The error checks on freq for a negative error return always fails because
freq is unsigned and can never be negative. Fix this by making freq a
signed long.
Detected with Coccinelle:
drivers/clocksource/fsl_ftm_timer.c:287:5-9: WARNING: Unsigned expression
compared with zero: freq <= 0
drivers/clocksource/fsl_ftm_timer.c:291:5-9: WARNING: Unsigned expression
compared with zero: freq <= 0
Fixes: 2529c3a33079 ("clocksource: Add Freescale FlexTimer Module (FTM) timer support")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: kernel-janitors@vger.kernel.org
Link: https://lkml.kernel.org/r/20180226113614.3092-1-colin.king@canonical.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clocksource/fsl_ftm_timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clocksource/fsl_ftm_timer.c
+++ b/drivers/clocksource/fsl_ftm_timer.c
@@ -281,7 +281,7 @@ static int __init __ftm_clk_init(struct
static unsigned long __init ftm_clk_init(struct device_node *np)
{
- unsigned long freq;
+ long freq;
freq = __ftm_clk_init(np, "ftm-evt-counter-en", "ftm-evt");
if (freq <= 0)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 155/329] ceph: fix dentry leak when failing to init debugfs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 154/329] clocksource/drivers/fsl_ftm_timer: Fix error return checking Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 156/329] ARM: orion5x: Revert commit 4904dbda41c8 Greg Kroah-Hartman
` (165 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengguang Xu, Yan, Zheng,
Ilya Dryomov, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengguang Xu <cgxu519@icloud.com>
[ Upstream commit 18106734b512664a8541026519ce4b862498b6c3 ]
When failing from ceph_fs_debugfs_init() in ceph_real_mount(),
there is lack of dput of root_dentry and it causes slab errors,
so change the calling order of ceph_fs_debugfs_init() and
open_root_dentry() and do some cleanups to avoid this issue.
Signed-off-by: Chengguang Xu <cgxu519@icloud.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/super.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -816,7 +816,6 @@ static struct dentry *ceph_real_mount(st
int err;
unsigned long started = jiffies; /* note the start time */
struct dentry *root;
- int first = 0; /* first vfsmount for this super_block */
dout("mount start %p\n", fsc);
mutex_lock(&fsc->client->mount_mutex);
@@ -834,17 +833,17 @@ static struct dentry *ceph_real_mount(st
path = fsc->mount_options->server_path + 1;
dout("mount opening path %s\n", path);
}
+
+ err = ceph_fs_debugfs_init(fsc);
+ if (err < 0)
+ goto out;
+
root = open_root_dentry(fsc, path, started);
if (IS_ERR(root)) {
err = PTR_ERR(root);
goto out;
}
fsc->sb->s_root = dget(root);
- first = 1;
-
- err = ceph_fs_debugfs_init(fsc);
- if (err < 0)
- goto fail;
} else {
root = dget(fsc->sb->s_root);
}
@@ -854,11 +853,6 @@ static struct dentry *ceph_real_mount(st
mutex_unlock(&fsc->client->mount_mutex);
return root;
-fail:
- if (first) {
- dput(fsc->sb->s_root);
- fsc->sb->s_root = NULL;
- }
out:
mutex_unlock(&fsc->client->mount_mutex);
return ERR_PTR(err);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 156/329] ARM: orion5x: Revert commit 4904dbda41c8.
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 155/329] ceph: fix dentry leak when failing to init debugfs Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 157/329] qrtr: add MODULE_ALIAS macro to smd Greg Kroah-Hartman
` (164 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit 13a55372b64e00e564a08d785ca87bd9d454ba30 ]
It is not valid for orion5x to use mac_pton().
First of all, the orion5x buffer is not NULL terminated. mac_pton()
has no business operating on non-NULL terminated buffers because
only the caller can know that this is valid and in what manner it
is ok to parse this NULL'less buffer.
Second of all, orion5x operates on an __iomem pointer, which cannot
be dereferenced using normal C pointer operations. Accesses to
such areas much be performed with the proper iomem accessors.
Fixes: 4904dbda41c8 ("ARM: orion5x: use mac_pton() helper")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-orion5x/Kconfig | 3 -
arch/arm/mach-orion5x/dns323-setup.c | 53 +++++++++++++++++++++++++++++++++--
arch/arm/mach-orion5x/tsx09-common.c | 49 +++++++++++++++++++++++++++++---
3 files changed, 95 insertions(+), 10 deletions(-)
--- a/arch/arm/mach-orion5x/Kconfig
+++ b/arch/arm/mach-orion5x/Kconfig
@@ -57,7 +57,6 @@ config MACH_KUROBOX_PRO
config MACH_DNS323
bool "D-Link DNS-323"
- select GENERIC_NET_UTILS
select I2C_BOARDINFO if I2C
help
Say 'Y' here if you want your kernel to support the
@@ -65,7 +64,6 @@ config MACH_DNS323
config MACH_TS209
bool "QNAP TS-109/TS-209"
- select GENERIC_NET_UTILS
help
Say 'Y' here if you want your kernel to support the
QNAP TS-109/TS-209 platform.
@@ -107,7 +105,6 @@ config MACH_LINKSTATION_LS_HGL
config MACH_TS409
bool "QNAP TS-409"
- select GENERIC_NET_UTILS
help
Say 'Y' here if you want your kernel to support the
QNAP TS-409 platform.
--- a/arch/arm/mach-orion5x/dns323-setup.c
+++ b/arch/arm/mach-orion5x/dns323-setup.c
@@ -173,10 +173,42 @@ static struct mv643xx_eth_platform_data
.phy_addr = MV643XX_ETH_PHY_ADDR(8),
};
+/* dns323_parse_hex_*() taken from tsx09-common.c; should a common copy of these
+ * functions be kept somewhere?
+ */
+static int __init dns323_parse_hex_nibble(char n)
+{
+ if (n >= '0' && n <= '9')
+ return n - '0';
+
+ if (n >= 'A' && n <= 'F')
+ return n - 'A' + 10;
+
+ if (n >= 'a' && n <= 'f')
+ return n - 'a' + 10;
+
+ return -1;
+}
+
+static int __init dns323_parse_hex_byte(const char *b)
+{
+ int hi;
+ int lo;
+
+ hi = dns323_parse_hex_nibble(b[0]);
+ lo = dns323_parse_hex_nibble(b[1]);
+
+ if (hi < 0 || lo < 0)
+ return -1;
+
+ return (hi << 4) | lo;
+}
+
static int __init dns323_read_mac_addr(void)
{
u_int8_t addr[6];
- void __iomem *mac_page;
+ int i;
+ char *mac_page;
/* MAC address is stored as a regular ol' string in /dev/mtdblock4
* (0x007d0000-0x00800000) starting at offset 196480 (0x2ff80).
@@ -185,8 +217,23 @@ static int __init dns323_read_mac_addr(v
if (!mac_page)
return -ENOMEM;
- if (!mac_pton((__force const char *) mac_page, addr))
- goto error_fail;
+ /* Sanity check the string we're looking at */
+ for (i = 0; i < 5; i++) {
+ if (*(mac_page + (i * 3) + 2) != ':') {
+ goto error_fail;
+ }
+ }
+
+ for (i = 0; i < 6; i++) {
+ int byte;
+
+ byte = dns323_parse_hex_byte(mac_page + (i * 3));
+ if (byte < 0) {
+ goto error_fail;
+ }
+
+ addr[i] = byte;
+ }
iounmap(mac_page);
printk("DNS-323: Found ethernet MAC address: %pM\n", addr);
--- a/arch/arm/mach-orion5x/tsx09-common.c
+++ b/arch/arm/mach-orion5x/tsx09-common.c
@@ -53,12 +53,53 @@ struct mv643xx_eth_platform_data qnap_ts
.phy_addr = MV643XX_ETH_PHY_ADDR(8),
};
+static int __init qnap_tsx09_parse_hex_nibble(char n)
+{
+ if (n >= '0' && n <= '9')
+ return n - '0';
+
+ if (n >= 'A' && n <= 'F')
+ return n - 'A' + 10;
+
+ if (n >= 'a' && n <= 'f')
+ return n - 'a' + 10;
+
+ return -1;
+}
+
+static int __init qnap_tsx09_parse_hex_byte(const char *b)
+{
+ int hi;
+ int lo;
+
+ hi = qnap_tsx09_parse_hex_nibble(b[0]);
+ lo = qnap_tsx09_parse_hex_nibble(b[1]);
+
+ if (hi < 0 || lo < 0)
+ return -1;
+
+ return (hi << 4) | lo;
+}
+
static int __init qnap_tsx09_check_mac_addr(const char *addr_str)
{
u_int8_t addr[6];
+ int i;
- if (!mac_pton(addr_str, addr))
- return -1;
+ for (i = 0; i < 6; i++) {
+ int byte;
+
+ /*
+ * Enforce "xx:xx:xx:xx:xx:xx\n" format.
+ */
+ if (addr_str[(i * 3) + 2] != ((i < 5) ? ':' : '\n'))
+ return -1;
+
+ byte = qnap_tsx09_parse_hex_byte(addr_str + (i * 3));
+ if (byte < 0)
+ return -1;
+ addr[i] = byte;
+ }
printk(KERN_INFO "tsx09: found ethernet mac address %pM\n", addr);
@@ -77,12 +118,12 @@ void __init qnap_tsx09_find_mac_addr(u32
unsigned long addr;
for (addr = mem_base; addr < (mem_base + size); addr += 1024) {
- void __iomem *nor_page;
+ char *nor_page;
int ret = 0;
nor_page = ioremap(addr, 1024);
if (nor_page != NULL) {
- ret = qnap_tsx09_check_mac_addr((__force const char *)nor_page);
+ ret = qnap_tsx09_check_mac_addr(nor_page);
iounmap(nor_page);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 157/329] qrtr: add MODULE_ALIAS macro to smd
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 156/329] ARM: orion5x: Revert commit 4904dbda41c8 Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 158/329] r8152: fix tx packets accounting Greg Kroah-Hartman
` (163 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ramon Fried, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ramon Fried <rfried@codeaurora.org>
[ Upstream commit c77f5fbbefc04612755117775e8555c2a7006cac ]
Added MODULE_ALIAS("rpmsg:IPCRTR") to ensure qrtr-smd and qrtr will load
when IPCRTR channel is detected.
Signed-off-by: Ramon Fried <rfried@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/qrtr/smd.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/qrtr/smd.c
+++ b/net/qrtr/smd.c
@@ -116,5 +116,6 @@ static struct qcom_smd_driver qcom_smd_q
module_qcom_smd_driver(qcom_smd_qrtr_driver);
+MODULE_ALIAS("rpmsg:IPCRTR");
MODULE_DESCRIPTION("Qualcomm IPC-Router SMD interface driver");
MODULE_LICENSE("GPL v2");
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 158/329] r8152: fix tx packets accounting
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 157/329] qrtr: add MODULE_ALIAS macro to smd Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 159/329] virtio-gpu: fix ioctl and expose the fixed status to userspace Greg Kroah-Hartman
` (162 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 4c27bf3c5b7434ccb9ab962301da661c26b467a4 ]
r8152 driver handles TSO packets (limited to ~16KB) quite well,
but pretends each TSO logical packet is a single packet on the wire.
There is also some error since headers are accounted once, but
error rate is small enough that we do not care.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/r8152.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -1693,7 +1693,7 @@ static int r8152_tx_agg_fill(struct r815
tx_data += len;
agg->skb_len += len;
- agg->skb_num++;
+ agg->skb_num += skb_shinfo(skb)->gso_segs ?: 1;
dev_kfree_skb_any(skb);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 159/329] virtio-gpu: fix ioctl and expose the fixed status to userspace.
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 158/329] r8152: fix tx packets accounting Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 160/329] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 Greg Kroah-Hartman
` (161 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Airlie, Gerd Hoffmann, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Airlie <airlied@redhat.com>
[ Upstream commit 9a191b114906457c4b2494c474f58ae4142d4e67 ]
This exposes to mesa that it can use the fixed ioctl for querying
later cap sets, cap set 1 is forever frozen in time.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180221015003.22884-1-airlied@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +++++++++++------
include/uapi/drm/virtgpu_drm.h | 1 +
2 files changed, 12 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -194,6 +194,9 @@ static int virtio_gpu_getparam_ioctl(str
case VIRTGPU_PARAM_3D_FEATURES:
value = vgdev->has_virgl_3d == true ? 1 : 0;
break;
+ case VIRTGPU_PARAM_CAPSET_QUERY_FIX:
+ value = 1;
+ break;
default:
return -EINVAL;
}
@@ -469,7 +472,7 @@ static int virtio_gpu_get_caps_ioctl(str
{
struct virtio_gpu_device *vgdev = dev->dev_private;
struct drm_virtgpu_get_caps *args = data;
- int size;
+ unsigned size, host_caps_size;
int i;
int found_valid = -1;
int ret;
@@ -478,6 +481,10 @@ static int virtio_gpu_get_caps_ioctl(str
if (vgdev->num_capsets == 0)
return -ENOSYS;
+ /* don't allow userspace to pass 0 */
+ if (args->size == 0)
+ return -EINVAL;
+
spin_lock(&vgdev->display_info_lock);
for (i = 0; i < vgdev->num_capsets; i++) {
if (vgdev->capsets[i].id == args->cap_set_id) {
@@ -493,11 +500,9 @@ static int virtio_gpu_get_caps_ioctl(str
return -EINVAL;
}
- size = vgdev->capsets[found_valid].max_size;
- if (args->size > size) {
- spin_unlock(&vgdev->display_info_lock);
- return -EINVAL;
- }
+ host_caps_size = vgdev->capsets[found_valid].max_size;
+ /* only copy to user the minimum of the host caps size or the guest caps size */
+ size = min(args->size, host_caps_size);
list_for_each_entry(cache_ent, &vgdev->cap_cache, head) {
if (cache_ent->id == args->cap_set_id &&
--- a/include/uapi/drm/virtgpu_drm.h
+++ b/include/uapi/drm/virtgpu_drm.h
@@ -63,6 +63,7 @@ struct drm_virtgpu_execbuffer {
};
#define VIRTGPU_PARAM_3D_FEATURES 1 /* do we have 3D features in the hw */
+#define VIRTGPU_PARAM_CAPSET_QUERY_FIX 2 /* do we have the capset fix */
struct drm_virtgpu_getparam {
__u64 param;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 160/329] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 159/329] virtio-gpu: fix ioctl and expose the fixed status to userspace Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 161/329] bcache: fix kcrashes with fio in RAID5 backend dev Greg Kroah-Hartman
` (160 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yoshihiro Shimoda, Simon Horman,
Vinod Koul, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
[ Upstream commit d716d9b702bb759dd6fb50804f10a174bd156d71 ]
According to R-Car Gen3 Rev.0.80 manual, the DMATCR can be set to
16,777,215 as maximum. So, this patch fixes the max_chunk_size for
safety on all of SoCs. Otherwise, a system may hang if the DMATCR
is set to 0 on R-Car Gen3.
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/sh/rcar-dmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma/sh/rcar-dmac.c
+++ b/drivers/dma/sh/rcar-dmac.c
@@ -870,7 +870,7 @@ rcar_dmac_chan_prep_sg(struct rcar_dmac_
rcar_dmac_chan_configure_desc(chan, desc);
- max_chunk_size = (RCAR_DMATCR_MASK + 1) << desc->xfer_shift;
+ max_chunk_size = RCAR_DMATCR_MASK << desc->xfer_shift;
/*
* Allocate and fill the transfer chunk descriptors. We own the only
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 161/329] bcache: fix kcrashes with fio in RAID5 backend dev
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 160/329] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 162/329] ip6_tunnel: fix IFLA_MTU ignored on NEWLINK Greg Kroah-Hartman
` (159 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Ferdinand, Tang Junhui,
Michael Lyle, Jens Axboe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tang Junhui <tang.junhui@zte.com.cn>
[ Upstream commit 60eb34ec5526e264c2bbaea4f7512d714d791caf ]
Kernel crashed when run fio in a RAID5 backend bcache device, the call
trace is bellow:
[ 440.012034] kernel BUG at block/blk-ioc.c:146!
[ 440.012696] invalid opcode: 0000 [#1] SMP NOPTI
[ 440.026537] CPU: 2 PID: 2205 Comm: md127_raid5 Not tainted 4.15.0 #8
[ 440.027441] Hardware name: HP ProLiant MicroServer Gen8, BIOS J06 07/16
/2015
[ 440.028615] RIP: 0010:put_io_context+0x8b/0x90
[ 440.029246] RSP: 0018:ffffa8c882b43af8 EFLAGS: 00010246
[ 440.029990] RAX: 0000000000000000 RBX: ffffa8c88294fca0 RCX: 0000000000
0f4240
[ 440.031006] RDX: 0000000000000004 RSI: 0000000000000286 RDI: ffffa8c882
94fca0
[ 440.032030] RBP: ffffa8c882b43b10 R08: 0000000000000003 R09: ffff949cb8
0c1700
[ 440.033206] R10: 0000000000000104 R11: 000000000000b71c R12: 00000000000
01000
[ 440.034222] R13: 0000000000000000 R14: ffff949cad84db70 R15: ffff949cb11
bd1e0
[ 440.035239] FS: 0000000000000000(0000) GS:ffff949cba280000(0000) knlGS:
0000000000000000
[ 440.060190] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 440.084967] CR2: 00007ff0493ef000 CR3: 00000002f1e0a002 CR4: 00000000001
606e0
[ 440.110498] Call Trace:
[ 440.135443] bio_disassociate_task+0x1b/0x60
[ 440.160355] bio_free+0x1b/0x60
[ 440.184666] bio_put+0x23/0x30
[ 440.208272] search_free+0x23/0x40 [bcache]
[ 440.231448] cached_dev_write_complete+0x31/0x70 [bcache]
[ 440.254468] closure_put+0xb6/0xd0 [bcache]
[ 440.277087] request_endio+0x30/0x40 [bcache]
[ 440.298703] bio_endio+0xa1/0x120
[ 440.319644] handle_stripe+0x418/0x2270 [raid456]
[ 440.340614] ? load_balance+0x17b/0x9c0
[ 440.360506] handle_active_stripes.isra.58+0x387/0x5a0 [raid456]
[ 440.380675] ? __release_stripe+0x15/0x20 [raid456]
[ 440.400132] raid5d+0x3ed/0x5d0 [raid456]
[ 440.419193] ? schedule+0x36/0x80
[ 440.437932] ? schedule_timeout+0x1d2/0x2f0
[ 440.456136] md_thread+0x122/0x150
[ 440.473687] ? wait_woken+0x80/0x80
[ 440.491411] kthread+0x102/0x140
[ 440.508636] ? find_pers+0x70/0x70
[ 440.524927] ? kthread_associate_blkcg+0xa0/0xa0
[ 440.541791] ret_from_fork+0x35/0x40
[ 440.558020] Code: c2 48 00 5b 41 5c 41 5d 5d c3 48 89 c6 4c 89 e7 e8 bb c2
48 00 48 8b 3d bc 36 4b 01 48 89 de e8 7c f7 e0 ff 5b 41 5c 41 5d 5d c3 <0f> 0b
0f 1f 00 0f 1f 44 00 00 55 48 8d 47 b8 48 89 e5 41 57 41
[ 440.610020] RIP: put_io_context+0x8b/0x90 RSP: ffffa8c882b43af8
[ 440.628575] ---[ end trace a1fd79d85643a73e ]--
All the crash issue happened when a bypass IO coming, in such scenario
s->iop.bio is pointed to the s->orig_bio. In search_free(), it finishes the
s->orig_bio by calling bio_complete(), and after that, s->iop.bio became
invalid, then kernel would crash when calling bio_put(). Maybe its upper
layer's faulty, since bio should not be freed before we calling bio_put(),
but we'd better calling bio_put() first before calling bio_complete() to
notify upper layer ending this bio.
This patch moves bio_complete() under bio_put() to avoid kernel crash.
[mlyle: fixed commit subject for character limits]
Reported-by: Matthias Ferdinand <bcache@mfedv.net>
Tested-by: Matthias Ferdinand <bcache@mfedv.net>
Signed-off-by: Tang Junhui <tang.junhui@zte.com.cn>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -633,11 +633,11 @@ static void do_bio_hook(struct search *s
static void search_free(struct closure *cl)
{
struct search *s = container_of(cl, struct search, cl);
- bio_complete(s);
if (s->iop.bio)
bio_put(s->iop.bio);
+ bio_complete(s);
closure_debug_destroy(cl);
mempool_free(s, s->d->c->search);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 162/329] ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 161/329] bcache: fix kcrashes with fio in RAID5 backend dev Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 163/329] sit: " Greg Kroah-Hartman
` (158 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianlin Shi, Xin Long,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit a6aa80446234ec0ad38eecdb8efc59e91daae565 ]
Commit 128bb975dc3c ("ip6_gre: init dev->mtu and dev->hard_header_len
correctly") fixed IFLA_MTU ignored on NEWLINK for ip6_gre. The same
mtu fix is also needed for ip6_tunnel.
Note that dev->hard_header_len setting for ip6_tunnel works fine,
no need to fix it.
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_tunnel.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1972,14 +1972,14 @@ static int ip6_tnl_newlink(struct net *s
{
struct net *net = dev_net(dev);
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
- struct ip6_tnl *nt, *t;
struct ip_tunnel_encap ipencap;
+ struct ip6_tnl *nt, *t;
+ int err;
nt = netdev_priv(dev);
if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
- int err = ip6_tnl_encap_setup(nt, &ipencap);
-
+ err = ip6_tnl_encap_setup(nt, &ipencap);
if (err < 0)
return err;
}
@@ -1995,7 +1995,11 @@ static int ip6_tnl_newlink(struct net *s
return -EEXIST;
}
- return ip6_tnl_create2(dev);
+ err = ip6_tnl_create2(dev);
+ if (!err && tb[IFLA_MTU])
+ ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
+
+ return err;
}
static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[],
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 163/329] sit: fix IFLA_MTU ignored on NEWLINK
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 162/329] ip6_tunnel: fix IFLA_MTU ignored on NEWLINK Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 164/329] ARM: dts: NSP: Fix amount of RAM on BCM958625HR Greg Kroah-Hartman
` (157 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianlin Shi, Xin Long,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 2b3957c34b6d7f03544b12ebbf875eee430745db ]
Commit 128bb975dc3c ("ip6_gre: init dev->mtu and dev->hard_header_len
correctly") fixed IFLA_MTU ignored on NEWLINK for ip6_gre. The same
mtu fix is also needed for sit.
Note that dev->hard_header_len setting for sit works fine, no need to
fix it. sit is actually ipv4 tunnel, it can't call ip6_tnl_change_mtu
to set mtu.
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/sit.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1572,6 +1572,13 @@ static int ipip6_newlink(struct net *src
if (err < 0)
return err;
+ if (tb[IFLA_MTU]) {
+ u32 mtu = nla_get_u32(tb[IFLA_MTU]);
+
+ if (mtu >= IPV6_MIN_MTU && mtu <= 0xFFF8 - dev->hard_header_len)
+ dev->mtu = mtu;
+ }
+
#ifdef CONFIG_IPV6_SIT_6RD
if (ipip6_netlink_6rd_parms(data, &ip6rd))
err = ipip6_tunnel_update_6rd(nt, &ip6rd);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 164/329] ARM: dts: NSP: Fix amount of RAM on BCM958625HR
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 163/329] sit: " Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 165/329] powerpc/boot: Fix random libfdt related build errors Greg Kroah-Hartman
` (156 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Mason, Florian Fainelli, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 0a5aff64f20d92c5a6e9aeed7b5950b0b817bcd9 ]
Jon attempted to fix the amount of RAM on the BCM958625HR in commit
c53beb47f621 ("ARM: dts: NSP: Correct RAM amount for BCM958625HR board")
but it seems like we tripped over some poorly documented schematics.
The top-level page of the schematics says the board has 2GB, but when
you end-up scrolling to page 6, you see two chips of 4GBit (512MB) but
what the bootloader really initializes only 512MB, any attempt to use
more than that results in data aborts. Fix this again back to 512MB.
Fixes: c53beb47f621 ("ARM: dts: NSP: Correct RAM amount for BCM958625HR board")
Acked-by: Jon Mason <jon.mason@broadcom.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/bcm958625hr.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/bcm958625hr.dts
+++ b/arch/arm/boot/dts/bcm958625hr.dts
@@ -49,7 +49,7 @@
memory {
device_type = "memory";
- reg = <0x60000000 0x80000000>;
+ reg = <0x60000000 0x20000000>;
};
gpio-restart {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 165/329] powerpc/boot: Fix random libfdt related build errors
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 164/329] ARM: dts: NSP: Fix amount of RAM on BCM958625HR Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 166/329] gianfar: Fix Rx byte accounting for ndev stats Greg Kroah-Hartman
` (155 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 64c3f648c25d108f346fdc96c15180c6b7d250e9 ]
Once in a while I see build errors similar to the following
when building images from a clean tree.
Building powerpc:virtex-ml507:44x/virtex5_defconfig ... failed
------------
Error log:
arch/powerpc/boot/treeboot-akebono.c:37:20: fatal error:
libfdt.h: No such file or directory
Building powerpc:bamboo:smpdev:44x/bamboo_defconfig ... failed
------------
Error log:
arch/powerpc/boot/treeboot-akebono.c:37:20: fatal error:
libfdt.h: No such file or directory
arch/powerpc/boot/treeboot-currituck.c:35:20: fatal error:
libfdt.h: No such file or directory
Rebuilds will succeed.
Turns out that several source files in arch/powerpc/boot/ include
libfdt.h, but Makefile dependencies are incomplete. Let's fix that.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/boot/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/powerpc/boot/Makefile
+++ b/arch/powerpc/boot/Makefile
@@ -92,7 +92,8 @@ $(addprefix $(obj)/,$(zlib-y)): \
libfdt := fdt.c fdt_ro.c fdt_wip.c fdt_sw.c fdt_rw.c fdt_strerror.c
libfdtheader := fdt.h libfdt.h libfdt_internal.h
-$(addprefix $(obj)/,$(libfdt) libfdt-wrapper.o simpleboot.o epapr.o opal.o): \
+$(addprefix $(obj)/,$(libfdt) libfdt-wrapper.o simpleboot.o epapr.o opal.o \
+ treeboot-akebono.o treeboot-currituck.o treeboot-iss4xx.o): \
$(addprefix $(obj)/,$(libfdtheader))
src-wlib-y := string.S crt0.S crtsavres.S stdio.c decompress.c main.c \
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 166/329] gianfar: Fix Rx byte accounting for ndev stats
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 165/329] powerpc/boot: Fix random libfdt related build errors Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 167/329] net/tcp/illinois: replace broken algorithm reference link Greg Kroah-Hartman
` (154 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Manoil, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Manoil <claudiu.manoil@nxp.com>
[ Upstream commit 590399ddf9561f2ed0839311c8ae1be21597ba68 ]
Don't include in the Rx bytecount of the packet sent up the stack:
the FCB (frame control block), and the padding bytes inserted by
the controller into the frame payload, nor the FCS. All these are
being pulled out of the skb by gfar_process_frame().
This issue is old, likely from the driver's beginnings, however
it was amplified by recent:
commit d903ec77118c ("gianfar: simplify FCS handling and fix memory leak")
which basically added the FCS to the Rx bytecount, and so brought
this to my attention.
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/gianfar.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -3075,9 +3075,6 @@ static void gfar_process_frame(struct ne
if (ndev->features & NETIF_F_RXCSUM)
gfar_rx_checksum(skb, fcb);
- /* Tell the skb what kind of packet this is */
- skb->protocol = eth_type_trans(skb, ndev);
-
/* There's need to check for NETIF_F_HW_VLAN_CTAG_RX here.
* Even if vlan rx accel is disabled, on some chips
* RXFCB_VLN is pseudo randomly set.
@@ -3148,13 +3145,15 @@ int gfar_clean_rx_ring(struct gfar_priv_
continue;
}
+ gfar_process_frame(ndev, skb);
+
/* Increment the number of packets */
total_pkts++;
total_bytes += skb->len;
skb_record_rx_queue(skb, rx_queue->qindex);
- gfar_process_frame(ndev, skb);
+ skb->protocol = eth_type_trans(skb, ndev);
/* Send the packet up the stack */
napi_gro_receive(&rx_queue->grp->napi_rx, skb);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 167/329] net/tcp/illinois: replace broken algorithm reference link
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 166/329] gianfar: Fix Rx byte accounting for ndev stats Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 168/329] nvmet: fix PSDT field check in command format Greg Kroah-Hartman
` (153 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joey Pabalinas, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joey Pabalinas <joeypabalinas@gmail.com>
[ Upstream commit ecc832758a654e375924ebf06a4ac971acb5ce60 ]
The link to the pdf containing the algorithm description is now a
dead link; it seems http://www.ifp.illinois.edu/~srikant/ has been
moved to https://sites.google.com/a/illinois.edu/srikant/ and none of
the original papers can be found there...
I have replaced it with the only working copy I was able to find.
n.b. there is also a copy available at:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.296.6350&rep=rep1&type=pdf
However, this seems to only be a *cached* version, so I am unsure
exactly how reliable that link can be expected to remain over time
and have decided against using that one.
Signed-off-by: Joey Pabalinas <joeypabalinas@gmail.com>
net/ipv4/tcp_illinois.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_illinois.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/tcp_illinois.c
+++ b/net/ipv4/tcp_illinois.c
@@ -6,7 +6,7 @@
* The algorithm is described in:
* "TCP-Illinois: A Loss and Delay-Based Congestion Control Algorithm
* for High-Speed Networks"
- * http://www.ifp.illinois.edu/~srikant/Papers/liubassri06perf.pdf
+ * http://tamerbasar.csl.illinois.edu/LiuBasarSrikantPerfEvalArtJun2008.pdf
*
* Implemented from description in paper and ns-2 simulation.
* Copyright (C) 2007 Stephen Hemminger <shemminger@linux-foundation.org>
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 168/329] nvmet: fix PSDT field check in command format
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 167/329] net/tcp/illinois: replace broken algorithm reference link Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 170/329] drm/sun4i: Fix dclk_set_phase Greg Kroah-Hartman
` (152 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Idan Burstein, Max Gurtovoy,
Christoph Hellwig, Keith Busch, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Gurtovoy <maxg@mellanox.com>
[ Upstream commit bffd2b61670feef18d2535e9b53364d270a1c991 ]
PSDT field section according to NVM_Express-1.3:
"This field specifies whether PRPs or SGLs are used for any data
transfer associated with the command. PRPs shall be used for all
Admin commands for NVMe over PCIe. SGLs shall be used for all Admin
and I/O commands for NVMe over Fabrics. This field shall be set to
01b for NVMe over Fabrics 1.0 implementations.
Suggested-by: Idan Burstein <idanb@mellanox.com>
Signed-off-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/target/core.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/nvme/target/core.c
+++ b/drivers/nvme/target/core.c
@@ -491,9 +491,12 @@ bool nvmet_req_init(struct nvmet_req *re
goto fail;
}
- /* either variant of SGLs is fine, as we don't support metadata */
- if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF &&
- (flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METASEG)) {
+ /*
+ * For fabrics, PSDT field shall describe metadata pointer (MPTR) that
+ * contains an address of a single contiguous physical buffer that is
+ * byte aligned.
+ */
+ if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF)) {
status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
goto fail;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 170/329] drm/sun4i: Fix dclk_set_phase
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 168/329] nvmet: fix PSDT field check in command format Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 171/329] Btrfs: send, fix issuing write op when processing hole in no data mode Greg Kroah-Hartman
` (151 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Giulio Benetti, Maxime Ripard, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Giulio Benetti <giulio.benetti@micronovasrl.com>
[ Upstream commit e64b6afa98f3629d0c0c46233bbdbe8acdb56f06 ]
Phase value is not shifted before writing.
Shift left of 28 bits to fit right bits
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1519836413-35023-1-git-send-email-giulio.benetti@micronovasrl.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/sun4i/sun4i_dotclock.c
+++ b/drivers/gpu/drm/sun4i/sun4i_dotclock.c
@@ -129,10 +129,13 @@ static int sun4i_dclk_get_phase(struct c
static int sun4i_dclk_set_phase(struct clk_hw *hw, int degrees)
{
struct sun4i_dclk *dclk = hw_to_dclk(hw);
+ u32 val = degrees / 120;
+
+ val <<= 28;
regmap_update_bits(dclk->regmap, SUN4I_TCON0_IO_POL_REG,
GENMASK(29, 28),
- degrees / 120);
+ val);
return 0;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 171/329] Btrfs: send, fix issuing write op when processing hole in no data mode
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 170/329] drm/sun4i: Fix dclk_set_phase Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 172/329] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable Greg Kroah-Hartman
` (150 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit d4dfc0f4d39475ccbbac947880b5464a74c30b99 ]
When doing an incremental send of a filesystem with the no-holes feature
enabled, we end up issuing a write operation when using the no data mode
send flag, instead of issuing an update extent operation. Fix this by
issuing the update extent operation instead.
Trivial reproducer:
$ mkfs.btrfs -f -O no-holes /dev/sdc
$ mkfs.btrfs -f /dev/sdd
$ mount /dev/sdc /mnt/sdc
$ mount /dev/sdd /mnt/sdd
$ xfs_io -f -c "pwrite -S 0xab 0 32K" /mnt/sdc/foobar
$ btrfs subvolume snapshot -r /mnt/sdc /mnt/sdc/snap1
$ xfs_io -c "fpunch 8K 8K" /mnt/sdc/foobar
$ btrfs subvolume snapshot -r /mnt/sdc /mnt/sdc/snap2
$ btrfs send /mnt/sdc/snap1 | btrfs receive /mnt/sdd
$ btrfs send --no-data -p /mnt/sdc/snap1 /mnt/sdc/snap2 \
| btrfs receive -vv /mnt/sdd
Before this change the output of the second receive command is:
receiving snapshot snap2 uuid=f6922049-8c22-e544-9ff9-fc6755918447...
utimes
write foobar, offset 8192, len 8192
utimes foobar
BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=f6922049-8c22-e544-9ff9-...
After this change it is:
receiving snapshot snap2 uuid=564d36a3-ebc8-7343-aec9-bf6fda278e64...
utimes
update_extent foobar: offset=8192, len=8192
utimes foobar
BTRFS_IOC_SET_RECEIVED_SUBVOL uuid=564d36a3-ebc8-7343-aec9-bf6fda278e64...
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/send.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -4822,6 +4822,9 @@ static int send_hole(struct send_ctx *sc
u64 len;
int ret = 0;
+ if (sctx->flags & BTRFS_SEND_FLAG_NO_FILE_DATA)
+ return send_update_extent(sctx, offset, end - offset);
+
p = fs_path_alloc();
if (!p)
return -ENOMEM;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 172/329] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 171/329] Btrfs: send, fix issuing write op when processing hole in no data mode Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 173/329] KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Greg Kroah-Hartman
` (149 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit cd4a6f3ab4d80cb919d15897eb3cbc85c2009d4b ]
The subpage_prot syscall is only functional when the system is using
the Hash MMU. Since commit 5b2b80714796 ("powerpc/mm: Invalidate
subpage_prot() system call on radix platforms") it returns ENOENT when
the Radix MMU is active. Currently this just makes the test fail.
Additionally the syscall is not available if the kernel is built with
4K pages, or if CONFIG_PPC_SUBPAGE_PROT=n, in which case it returns
ENOSYS because the syscall is missing entirely.
So check explicitly for ENOENT and ENOSYS and skip if we see either of
those.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/tools/testing/selftests/powerpc/mm/subpage_prot.c
+++ b/tools/testing/selftests/powerpc/mm/subpage_prot.c
@@ -135,6 +135,16 @@ static int run_test(void *addr, unsigned
return 0;
}
+static int syscall_available(void)
+{
+ int rc;
+
+ errno = 0;
+ rc = syscall(__NR_subpage_prot, 0, 0, 0);
+
+ return rc == 0 || (errno != ENOENT && errno != ENOSYS);
+}
+
int test_anon(void)
{
unsigned long align;
@@ -145,6 +155,8 @@ int test_anon(void)
void *mallocblock;
unsigned long mallocsize;
+ SKIP_IF(!syscall_available());
+
if (getpagesize() != 0x10000) {
fprintf(stderr, "Kernel page size must be 64K!\n");
return 1;
@@ -180,6 +192,8 @@ int test_file(void)
off_t filesize;
int fd;
+ SKIP_IF(!syscall_available());
+
fd = open(file_name, O_RDWR);
if (fd == -1) {
perror("failed to open file");
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 173/329] KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 172/329] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 174/329] iwlwifi: mvm: fix TX of CCMP 256 Greg Kroah-Hartman
` (148 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Mackerras, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Mackerras <paulus@ozlabs.org>
[ Upstream commit debd574f4195e205ba505b25e19b2b797f4bcd94 ]
The current code for initializing the VRMA (virtual real memory area)
for HPT guests requires the page size of the backing memory to be one
of 4kB, 64kB or 16MB. With a radix host we have the possibility that
the backing memory page size can be 2MB or 1GB. In these cases, if the
guest switches to HPT mode, KVM will not initialize the VRMA and the
guest will fail to run.
In fact it is not necessary that the VRMA page size is the same as the
backing memory page size; any VRMA page size less than or equal to the
backing memory page size is acceptable. Therefore we now choose the
largest page size out of the set {4k, 64k, 16M} which is not larger
than the backing memory page size.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kvm/book3s_hv.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -3107,15 +3107,17 @@ static int kvmppc_hv_setup_htab_rma(stru
goto up_out;
psize = vma_kernel_pagesize(vma);
- porder = __ilog2(psize);
up_read(¤t->mm->mmap_sem);
/* We can handle 4k, 64k or 16M pages in the VRMA */
- err = -EINVAL;
- if (!(psize == 0x1000 || psize == 0x10000 ||
- psize == 0x1000000))
- goto out_srcu;
+ if (psize >= 0x1000000)
+ psize = 0x1000000;
+ else if (psize >= 0x10000)
+ psize = 0x10000;
+ else
+ psize = 0x1000;
+ porder = __ilog2(psize);
/* Update VRMASD field in the LPCR */
senc = slb_pgsize_encoding(psize);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 174/329] iwlwifi: mvm: fix TX of CCMP 256
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 173/329] KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 175/329] watchdog: f71808e_wdt: Fix magic close handling Greg Kroah-Hartman
` (147 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sara Sharon, Luca Coelho, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sara Sharon <sara.sharon@intel.com>
[ Upstream commit de04d4fbf87b769ab18c480e4f020c53e74bbdd2 ]
We don't have enough room in the TX command for a CCMP 256
key, and need to use key from table.
Fixes: 3264bf032bd9 ("[BUGFIX] iwlwifi: mvm: Fix CCMP IV setting")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
@@ -406,11 +406,11 @@ static void iwl_mvm_set_tx_cmd_crypto(st
{
struct ieee80211_key_conf *keyconf = info->control.hw_key;
u8 *crypto_hdr = skb_frag->data + hdrlen;
+ enum iwl_tx_cmd_sec_ctrl type = TX_CMD_SEC_CCM;
u64 pn;
switch (keyconf->cipher) {
case WLAN_CIPHER_SUITE_CCMP:
- case WLAN_CIPHER_SUITE_CCMP_256:
iwl_mvm_set_tx_cmd_ccmp(info, tx_cmd);
iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
break;
@@ -434,13 +434,16 @@ static void iwl_mvm_set_tx_cmd_crypto(st
break;
case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
+ type = TX_CMD_SEC_GCMP;
+ /* Fall through */
+ case WLAN_CIPHER_SUITE_CCMP_256:
/* TODO: Taking the key from the table might introduce a race
* when PTK rekeying is done, having an old packets with a PN
* based on the old key but the message encrypted with a new
* one.
* Need to handle this.
*/
- tx_cmd->sec_ctl |= TX_CMD_SEC_GCMP | TX_CMD_SEC_KEY_FROM_TABLE;
+ tx_cmd->sec_ctl |= type | TX_CMD_SEC_KEY_FROM_TABLE;
tx_cmd->key[0] = keyconf->hw_key_idx;
iwl_mvm_set_tx_cmd_pn(info, crypto_hdr);
break;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 175/329] watchdog: f71808e_wdt: Fix magic close handling
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 174/329] iwlwifi: mvm: fix TX of CCMP 256 Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 176/329] watchdog: sbsa: use 32-bit read for WCV Greg Kroah-Hartman
` (146 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Pylypiv, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Igor Pylypiv <igor.pylypiv@gmail.com>
[ Upstream commit 7bd3e7b743956afbec30fb525bc3c5e22e3d475c ]
Watchdog close is "expected" when any byte is 'V' not just the last one.
Writing "V" to the device fails because the last byte is the end of string.
$ echo V > /dev/watchdog
f71808e_wdt: Unexpected close, not stopping watchdog!
Signed-off-by: Igor Pylypiv <igor.pylypiv@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/watchdog/f71808e_wdt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/watchdog/f71808e_wdt.c
+++ b/drivers/watchdog/f71808e_wdt.c
@@ -566,7 +566,8 @@ static ssize_t watchdog_write(struct fil
char c;
if (get_user(c, buf + i))
return -EFAULT;
- expect_close = (c == 'V');
+ if (c == 'V')
+ expect_close = true;
}
/* Properly order writes across fork()ed processes */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 176/329] watchdog: sbsa: use 32-bit read for WCV
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 175/329] watchdog: f71808e_wdt: Fix magic close handling Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 178/329] e1000e: Fix check_for_link return value with autoneg off Greg Kroah-Hartman
` (145 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jayachandran C, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jayachandran C <jnair@caviumnetworks.com>
[ Upstream commit 93ac3deb7c220cbcec032a967220a1f109d58431 ]
According to SBSA spec v3.1 section 5.3:
All registers are 32 bits in size and should be accessed using
32-bit reads and writes. If an access size other than 32 bits
is used then the results are IMPLEMENTATION DEFINED.
[...]
The Generic Watchdog is little-endian
The current code uses readq to read the watchdog compare register
which does a 64-bit access. This fails on ThunderX2 which does not
implement 64-bit access to this register.
Fix this by using lo_hi_readq() that does two 32-bit reads.
Signed-off-by: Jayachandran C <jnair@caviumnetworks.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/watchdog/sbsa_gwdt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/watchdog/sbsa_gwdt.c
+++ b/drivers/watchdog/sbsa_gwdt.c
@@ -50,6 +50,7 @@
*/
#include <linux/io.h>
+#include <linux/io-64-nonatomic-lo-hi.h>
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
@@ -159,7 +160,7 @@ static unsigned int sbsa_gwdt_get_timele
!(readl(gwdt->control_base + SBSA_GWDT_WCS) & SBSA_GWDT_WCS_WS0))
timeleft += readl(gwdt->control_base + SBSA_GWDT_WOR);
- timeleft += readq(gwdt->control_base + SBSA_GWDT_WCV) -
+ timeleft += lo_hi_readq(gwdt->control_base + SBSA_GWDT_WCV) -
arch_counter_get_cntvct();
do_div(timeleft, gwdt->clk);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 178/329] e1000e: Fix check_for_link return value with autoneg off
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 176/329] watchdog: sbsa: use 32-bit read for WCV Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 179/329] e1000e: allocate ring descriptors with dma_zalloc_coherent Greg Kroah-Hartman
` (144 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Poirier, Sasha Neftin,
Aaron Brown, Jeff Kirsher, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Poirier <bpoirier@suse.com>
[ Upstream commit 4e7dc08e57c95673d2edaba8983c3de4dd1f65f5 ]
When autoneg is off, the .check_for_link callback functions clear the
get_link_status flag and systematically return a "pseudo-error". This means
that the link is not detected as up until the next execution of the
e1000_watchdog_task() 2 seconds later.
Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up")
Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
Acked-by: Sasha Neftin <sasha.neftin@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +-
drivers/net/ethernet/intel/e1000e/mac.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
@@ -1600,7 +1600,7 @@ static s32 e1000_check_for_copper_link_i
* we have already determined whether we have link or not.
*/
if (!mac->autoneg)
- return -E1000_ERR_CONFIG;
+ return 1;
/* Auto-Neg is enabled. Auto Speed Detection takes care
* of MAC speed/duplex configuration. So we only need to
--- a/drivers/net/ethernet/intel/e1000e/mac.c
+++ b/drivers/net/ethernet/intel/e1000e/mac.c
@@ -450,7 +450,7 @@ s32 e1000e_check_for_copper_link(struct
* we have already determined whether we have link or not.
*/
if (!mac->autoneg)
- return -E1000_ERR_CONFIG;
+ return 1;
/* Auto-Neg is enabled. Auto Speed Detection takes care
* of MAC speed/duplex configuration. So we only need to
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 179/329] e1000e: allocate ring descriptors with dma_zalloc_coherent
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 178/329] e1000e: Fix check_for_link return value with autoneg off Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 180/329] ia64/err-inject: Use get_user_pages_fast() Greg Kroah-Hartman
` (143 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Yves Kerbrat, Marius Gligor,
Aaron Brown, Alexander Duyck, Jeff Kirsher, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pierre-Yves Kerbrat <pkerbrat@kalray.eu>
[ Upstream commit aea3fca005fb45f80869f2e8d56fd4e64c1d1fdb ]
Descriptor rings were not initialized at zero when allocated
When area contained garbage data, it caused skb_over_panic in
e1000_clean_rx_irq (if data had E1000_RXD_STAT_DD bit set)
This patch makes use of dma_zalloc_coherent to make sure the
ring is memset at 0 to prevent the area from containing garbage.
Following is the signature of the panic:
IODDR0@0.0: skbuff: skb_over_panic: text:80407b20 len:64010 put:64010 head:ab46d800 data:ab46d842 tail:0xab47d24c end:0xab46df40 dev:eth0
IODDR0@0.0: BUG: failure at net/core/skbuff.c:105/skb_panic()!
IODDR0@0.0: Kernel panic - not syncing: BUG!
IODDR0@0.0:
IODDR0@0.0: Process swapper/0 (pid: 0, threadinfo=81728000, task=8173cc00 ,cpu: 0)
IODDR0@0.0: SP = <815a1c0c>
IODDR0@0.0: Stack: 00000001
IODDR0@0.0: b2d89800 815e33ac
IODDR0@0.0: ea73c040 00000001
IODDR0@0.0: 60040003 0000fa0a
IODDR0@0.0: 00000002
IODDR0@0.0:
IODDR0@0.0: 804540c0 815a1c70
IODDR0@0.0: b2744000 602ac070
IODDR0@0.0: 815a1c44 b2d89800
IODDR0@0.0: 8173cc00 815a1c08
IODDR0@0.0:
IODDR0@0.0: 00000006
IODDR0@0.0: 815a1b50 00000000
IODDR0@0.0: 80079434 00000001
IODDR0@0.0: ab46df40 b2744000
IODDR0@0.0: b2d89800
IODDR0@0.0:
IODDR0@0.0: 0000fa0a 8045745c
IODDR0@0.0: 815a1c88 0000fa0a
IODDR0@0.0: 80407b20 b2789f80
IODDR0@0.0: 00000005 80407b20
IODDR0@0.0:
IODDR0@0.0:
IODDR0@0.0: Call Trace:
IODDR0@0.0: [<804540bc>] skb_panic+0xa4/0xa8
IODDR0@0.0: [<80079430>] console_unlock+0x2f8/0x6d0
IODDR0@0.0: [<80457458>] skb_put+0xa0/0xc0
IODDR0@0.0: [<80407b1c>] e1000_clean_rx_irq+0x2dc/0x3e8
IODDR0@0.0: [<80407b1c>] e1000_clean_rx_irq+0x2dc/0x3e8
IODDR0@0.0: [<804079c8>] e1000_clean_rx_irq+0x188/0x3e8
IODDR0@0.0: [<80407b1c>] e1000_clean_rx_irq+0x2dc/0x3e8
IODDR0@0.0: [<80468b48>] __dev_kfree_skb_any+0x88/0xa8
IODDR0@0.0: [<804101ac>] e1000e_poll+0x94/0x288
IODDR0@0.0: [<8046e9d4>] net_rx_action+0x19c/0x4e8
IODDR0@0.0: ...
IODDR0@0.0: Maximum depth to print reached. Use kstack=<maximum_depth_to_print> To specify a custom value (where 0 means to display the full backtrace)
IODDR0@0.0: ---[ end Kernel panic - not syncing: BUG!
Signed-off-by: Pierre-Yves Kerbrat <pkerbrat@kalray.eu>
Signed-off-by: Marius Gligor <mgligor@kalray.eu>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/netdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -2331,8 +2331,8 @@ static int e1000_alloc_ring_dma(struct e
{
struct pci_dev *pdev = adapter->pdev;
- ring->desc = dma_alloc_coherent(&pdev->dev, ring->size, &ring->dma,
- GFP_KERNEL);
+ ring->desc = dma_zalloc_coherent(&pdev->dev, ring->size, &ring->dma,
+ GFP_KERNEL);
if (!ring->desc)
return -ENOMEM;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 180/329] ia64/err-inject: Use get_user_pages_fast()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 179/329] e1000e: allocate ring descriptors with dma_zalloc_coherent Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 181/329] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA Greg Kroah-Hartman
` (142 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Tony Luck, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
[ Upstream commit 69c907022a7d9325cdc5c9dd064571e445df9a47 ]
At the point of sysfs callback, the call to gup is
done without mmap_sem (or any lock for that matter).
This is racy. As such, use the get_user_pages_fast()
alternative and safely avoid taking the lock, if possible.
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/ia64/kernel/err_inject.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/ia64/kernel/err_inject.c
+++ b/arch/ia64/kernel/err_inject.c
@@ -142,7 +142,7 @@ store_virtual_to_phys(struct device *dev
u64 virt_addr=simple_strtoull(buf, NULL, 16);
int ret;
- ret = get_user_pages(virt_addr, 1, FOLL_WRITE, NULL, NULL);
+ ret = get_user_pages_fast(virt_addr, 1, FOLL_WRITE, NULL);
if (ret<=0) {
#ifdef ERR_INJ_DEBUG
printk("Virtual address %lx is not existing.\n",virt_addr);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 181/329] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 180/329] ia64/err-inject: Use get_user_pages_fast() Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 182/329] RDMA/qedr: Fix iWARP write and send with immediate Greg Kroah-Hartman
` (141 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amit Radzi, Michal Kalderon,
Ariel Elior, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kalderon, Michal" <Michal.Kalderon@cavium.com>
[ Upstream commit e3fd112cbf21d049faf64ba1471d72b93c22109a ]
Race in qedr_poll_cq, lastest_cqe wasn't protected by lock,
leading to a case where two context's accessing poll_cq at
the same time lead to one of them having a pointer to an old
latest_cqe and reading an invalid cqe element
Signed-off-by: Amit Radzi <Amit.Radzi@cavium.com>
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/qedr/verbs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -3467,7 +3467,7 @@ int qedr_poll_cq(struct ib_cq *ibcq, int
{
struct qedr_dev *dev = get_qedr_dev(ibcq->device);
struct qedr_cq *cq = get_qedr_cq(ibcq);
- union rdma_cqe *cqe = cq->latest_cqe;
+ union rdma_cqe *cqe;
u32 old_cons, new_cons;
unsigned long flags;
int update = 0;
@@ -3477,6 +3477,7 @@ int qedr_poll_cq(struct ib_cq *ibcq, int
return qedr_gsi_poll_cq(ibcq, num_entries, wc);
spin_lock_irqsave(&cq->cq_lock, flags);
+ cqe = cq->latest_cqe;
old_cons = qed_chain_get_cons_idx_u32(&cq->pbl);
while (num_entries && is_valid_cqe(cq, cqe)) {
struct qedr_qp *qp;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 182/329] RDMA/qedr: Fix iWARP write and send with immediate
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 181/329] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 183/329] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Greg Kroah-Hartman
` (140 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kalderon, Ariel Elior,
Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kalderon, Michal" <Michal.Kalderon@cavium.com>
[ Upstream commit 551e1c67b4207455375a2e7a285dea1c7e8fc361 ]
iWARP does not support RDMA WRITE or SEND with immediate data.
Driver should check this before submitting to FW and return an
immediate error
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/qedr/verbs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -2807,6 +2807,11 @@ int __qedr_post_send(struct ib_qp *ibqp,
switch (wr->opcode) {
case IB_WR_SEND_WITH_IMM:
+ if (unlikely(rdma_protocol_iwarp(&dev->ibdev, 1))) {
+ rc = -EINVAL;
+ *bad_wr = wr;
+ break;
+ }
wqe->req_type = RDMA_SQ_REQ_TYPE_SEND_WITH_IMM;
swqe = (struct rdma_sq_send_wqe_1st *)wqe;
swqe->wqe_size = 2;
@@ -2848,6 +2853,11 @@ int __qedr_post_send(struct ib_qp *ibqp,
break;
case IB_WR_RDMA_WRITE_WITH_IMM:
+ if (unlikely(rdma_protocol_iwarp(&dev->ibdev, 1))) {
+ rc = -EINVAL;
+ *bad_wr = wr;
+ break;
+ }
wqe->req_type = RDMA_SQ_REQ_TYPE_RDMA_WR_WITH_IMM;
rwqe = (struct rdma_sq_rdma_wqe_1st *)wqe;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 183/329] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 182/329] RDMA/qedr: Fix iWARP write and send with immediate Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 184/329] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Greg Kroah-Hartman
` (139 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moni Shoua, Jack Morgenstein,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack Morgenstein <jackm@dev.mellanox.co.il>
[ Upstream commit 0077416a3d529baccbe07ab3242e8db541cfadf6 ]
When using IPv4 addresses in RoCEv2, the GID format for the mapped
IPv4 address should be: ::ffff:<4-byte IPv4 address>.
In the cited commit, IPv4 mapped IPV6 addresses had the 3 upper dwords
zeroed out by memset, which resulted in deleting the ffff field.
However, since procedure ipv6_addr_v4mapped() already verifies that the
gid has format ::ffff:<ipv4 address>, no change is needed for the gid,
and the memset can simply be removed.
Fixes: 7e57b85c444c ("IB/mlx4: Add support for setting RoCEv2 gids in hardware")
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx4/main.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -216,8 +216,6 @@ static int mlx4_ib_update_gids_v1_v2(str
gid_tbl[i].version = 2;
if (!ipv6_addr_v4mapped((struct in6_addr *)&gids[i].gid))
gid_tbl[i].type = 1;
- else
- memset(&gid_tbl[i].gid, 0, 12);
}
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 184/329] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 183/329] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 185/329] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() Greg Kroah-Hartman
` (138 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moni Shoua, Jack Morgenstein,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack M <jackm@dev.mellanox.co.il>
[ Upstream commit a18177925c252da7801149abe217c05b80884798 ]
The commit cited below added a gid_type field (RoCEv1 or RoCEv2)
to GID properties.
When adding GIDs, this gid_type field was copied over to the
hardware gid table. However, when deleting GIDs, the gid_type field
was not copied over to the hardware gid table.
As a result, when running RoCEv2, all RoCEv2 gids in the
hardware gid table were set to type RoCEv1 when any gid was deleted.
This problem would persist until the next gid was added (which would again
restore the gid_type field for all the gids in the hardware gid table).
Fix this by copying over the gid_type field to the hardware gid table
when deleting gids, so that the gid_type of all remaining gids is
preserved when a gid is deleted.
Fixes: b699a859d17b ("IB/mlx4: Add gid_type to GID properties")
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx4/main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -361,8 +361,13 @@ static int mlx4_ib_del_gid(struct ib_dev
if (!gids) {
ret = -ENOMEM;
} else {
- for (i = 0; i < MLX4_MAX_PORT_GIDS; i++)
- memcpy(&gids[i].gid, &port_gid_table->gids[i].gid, sizeof(union ib_gid));
+ for (i = 0; i < MLX4_MAX_PORT_GIDS; i++) {
+ memcpy(&gids[i].gid,
+ &port_gid_table->gids[i].gid,
+ sizeof(union ib_gid));
+ gids[i].gid_type =
+ port_gid_table->gids[i].gid_type;
+ }
}
}
spin_unlock_bh(&iboe->lock);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 185/329] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 184/329] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 186/329] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() Greg Kroah-Hartman
` (137 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 5d414b178e950ce9685c253994cc730893d5d887 ]
"err" is either zero or possibly uninitialized here. It should be
-EINVAL.
Fixes: 427c1e7bcd7e ("{IB, net}/mlx5: Move the modify QP operation table to mlx5_ib")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/qp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -2809,8 +2809,10 @@ static int __mlx5_ib_modify_qp(struct ib
mlx5_ib_qp_disable_pagefaults(qp);
if (mlx5_cur >= MLX5_QP_NUM_STATE || mlx5_new >= MLX5_QP_NUM_STATE ||
- !optab[mlx5_cur][mlx5_new])
+ !optab[mlx5_cur][mlx5_new]) {
+ err = -EINVAL;
goto out;
+ }
op = optab[mlx5_cur][mlx5_new];
optpar = ib_mask_to_mlx5_opt(attr_mask);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 186/329] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (171 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 185/329] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 187/329] fsl/fman: avoid sleeping in atomic context while adding an address Greg Kroah-Hartman
` (136 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Malone, Mathieu Malaterre,
Bartlomiej Zolnierkiewicz, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Malone <peter.malone@gmail.com>
[ Upstream commit 250c6c49e3b68756b14983c076183568636e2bde ]
Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
sbusfb_ioctl_helper().
'index' is defined as an int in sbusfb_ioctl_helper().
We retrieve this from the user:
if (get_user(index, &c->index) ||
__get_user(count, &c->count) ||
__get_user(ured, &c->red) ||
__get_user(ugreen, &c->green) ||
__get_user(ublue, &c->blue))
return -EFAULT;
and then we use 'index' in the following way:
red = cmap->red[index + i] >> 8;
green = cmap->green[index + i] >> 8;
blue = cmap->blue[index + i] >> 8;
This is a classic information leak vulnerability. 'index' should be
an unsigned int, given its usage above.
This patch is straight-forward; it changes 'index' to unsigned int
in two switch-cases: FBIOGETCMAP_SPARC && FBIOPUTCMAP_SPARC.
This patch fixes CVE-2018-6412.
Signed-off-by: Peter Malone <peter.malone@gmail.com>
Acked-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/sbuslib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/video/fbdev/sbuslib.c
+++ b/drivers/video/fbdev/sbuslib.c
@@ -121,7 +121,7 @@ int sbusfb_ioctl_helper(unsigned long cm
unsigned char __user *ured;
unsigned char __user *ugreen;
unsigned char __user *ublue;
- int index, count, i;
+ unsigned int index, count, i;
if (get_user(index, &c->index) ||
__get_user(count, &c->count) ||
@@ -160,7 +160,7 @@ int sbusfb_ioctl_helper(unsigned long cm
unsigned char __user *ugreen;
unsigned char __user *ublue;
struct fb_cmap *cmap = &info->cmap;
- int index, count, i;
+ unsigned int index, count, i;
u8 red, green, blue;
if (get_user(index, &c->index) ||
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 187/329] fsl/fman: avoid sleeping in atomic context while adding an address
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 186/329] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 188/329] net: qcom/emac: Use proper free methods during TX Greg Kroah-Hartman
` (135 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis Kirjanov, Madalin Bucur,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Denis Kirjanov <kda@linux-powerpc.org>
[ Upstream commit 803fafbe0cd522fa6b9e41ca3b96cfb2e2a2222d ]
__dev_mc_add grabs an adress spinlock so use
atomic context in kmalloc.
/ # ifconfig eth0 inet 192.168.0.111
[ 89.331622] BUG: sleeping function called from invalid context at mm/slab.h:420
[ 89.339002] in_atomic(): 1, irqs_disabled(): 0, pid: 1035, name: ifconfig
[ 89.345799] 2 locks held by ifconfig/1035:
[ 89.349908] #0: (rtnl_mutex){+.+.}, at: [<(ptrval)>] devinet_ioctl+0xc0/0x8a0
[ 89.357258] #1: (_xmit_ETHER){+...}, at: [<(ptrval)>] __dev_mc_add+0x28/0x80
[ 89.364520] CPU: 1 PID: 1035 Comm: ifconfig Not tainted 4.16.0-rc3-dirty #8
[ 89.371464] Call Trace:
[ 89.373908] [e959db60] [c066f948] dump_stack+0xa4/0xfc (unreliable)
[ 89.380177] [e959db80] [c00671d8] ___might_sleep+0x248/0x280
[ 89.385833] [e959dba0] [c01aec34] kmem_cache_alloc_trace+0x174/0x320
[ 89.392179] [e959dbd0] [c04ab920] dtsec_add_hash_mac_address+0x130/0x240
[ 89.398874] [e959dc00] [c04a9d74] set_multi+0x174/0x1b0
[ 89.404093] [e959dc30] [c04afb68] dpaa_set_rx_mode+0x68/0xe0
[ 89.409745] [e959dc40] [c057baf8] __dev_mc_add+0x58/0x80
[ 89.415052] [e959dc60] [c060fd64] igmp_group_added+0x164/0x190
[ 89.420878] [e959dca0] [c060ffa8] ip_mc_inc_group+0x218/0x460
[ 89.426617] [e959dce0] [c06120fc] ip_mc_up+0x3c/0x190
[ 89.431662] [e959dd10] [c0607270] inetdev_event+0x250/0x620
[ 89.437227] [e959dd50] [c005f190] notifier_call_chain+0x80/0xf0
[ 89.443138] [e959dd80] [c0573a74] __dev_notify_flags+0x54/0xf0
[ 89.448964] [e959dda0] [c05743f8] dev_change_flags+0x48/0x60
[ 89.454615] [e959ddc0] [c0606744] devinet_ioctl+0x544/0x8a0
[ 89.460180] [e959de10] [c060987c] inet_ioctl+0x9c/0x1f0
[ 89.465400] [e959de80] [c05479a8] sock_ioctl+0x168/0x460
[ 89.470708] [e959ded0] [c01cf3ec] do_vfs_ioctl+0xac/0x8c0
[ 89.476099] [e959df20] [c01cfc40] SyS_ioctl+0x40/0xc0
[ 89.481147] [e959df40] [c0011318] ret_from_syscall+0x0/0x3c
[ 89.486715] --- interrupt: c01 at 0x1006943c
[ 89.486715] LR = 0x100c45ec
Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org>
Acked-by: Madalin Bucur <madalin.bucur@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/fman/fman_dtsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/freescale/fman/fman_dtsec.c
+++ b/drivers/net/ethernet/freescale/fman/fman_dtsec.c
@@ -1036,7 +1036,7 @@ int dtsec_add_hash_mac_address(struct fm
set_bucket(dtsec->regs, bucket, true);
/* Create element to be added to the driver hash table */
- hash_entry = kmalloc(sizeof(*hash_entry), GFP_KERNEL);
+ hash_entry = kmalloc(sizeof(*hash_entry), GFP_ATOMIC);
if (!hash_entry)
return -ENOMEM;
hash_entry->addr = addr;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 188/329] net: qcom/emac: Use proper free methods during TX
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 187/329] fsl/fman: avoid sleeping in atomic context while adding an address Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 189/329] net: smsc911x: Fix unload crash when link is up Greg Kroah-Hartman
` (134 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hemanth Puranik, Timur Tabi,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hemanth Puranik <hpuranik@codeaurora.org>
[ Upstream commit cc5db3150e87fe7f7e947bf333b6c1c97f848ecb ]
This patch fixes the warning messages/call traces seen if DMA debug is
enabled, In case of fragmented skb's memory was allocated using
dma_map_page but freed using dma_unmap_single. This patch modifies buffer
allocations in TX path to use dma_map_page in all the places and
dma_unmap_page while freeing the buffers.
Signed-off-by: Hemanth Puranik <hpuranik@codeaurora.org>
Acked-by: Timur Tabi <timur@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qualcomm/emac/emac-mac.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
--- a/drivers/net/ethernet/qualcomm/emac/emac-mac.c
+++ b/drivers/net/ethernet/qualcomm/emac/emac-mac.c
@@ -1250,9 +1250,9 @@ void emac_mac_tx_process(struct emac_ada
while (tx_q->tpd.consume_idx != hw_consume_idx) {
tpbuf = GET_TPD_BUFFER(tx_q, tx_q->tpd.consume_idx);
if (tpbuf->dma_addr) {
- dma_unmap_single(adpt->netdev->dev.parent,
- tpbuf->dma_addr, tpbuf->length,
- DMA_TO_DEVICE);
+ dma_unmap_page(adpt->netdev->dev.parent,
+ tpbuf->dma_addr, tpbuf->length,
+ DMA_TO_DEVICE);
tpbuf->dma_addr = 0;
}
@@ -1409,9 +1409,11 @@ static void emac_tx_fill_tpd(struct emac
tpbuf = GET_TPD_BUFFER(tx_q, tx_q->tpd.produce_idx);
tpbuf->length = mapped_len;
- tpbuf->dma_addr = dma_map_single(adpt->netdev->dev.parent,
- skb->data, tpbuf->length,
- DMA_TO_DEVICE);
+ tpbuf->dma_addr = dma_map_page(adpt->netdev->dev.parent,
+ virt_to_page(skb->data),
+ offset_in_page(skb->data),
+ tpbuf->length,
+ DMA_TO_DEVICE);
ret = dma_mapping_error(adpt->netdev->dev.parent,
tpbuf->dma_addr);
if (ret)
@@ -1427,9 +1429,12 @@ static void emac_tx_fill_tpd(struct emac
if (mapped_len < len) {
tpbuf = GET_TPD_BUFFER(tx_q, tx_q->tpd.produce_idx);
tpbuf->length = len - mapped_len;
- tpbuf->dma_addr = dma_map_single(adpt->netdev->dev.parent,
- skb->data + mapped_len,
- tpbuf->length, DMA_TO_DEVICE);
+ tpbuf->dma_addr = dma_map_page(adpt->netdev->dev.parent,
+ virt_to_page(skb->data +
+ mapped_len),
+ offset_in_page(skb->data +
+ mapped_len),
+ tpbuf->length, DMA_TO_DEVICE);
ret = dma_mapping_error(adpt->netdev->dev.parent,
tpbuf->dma_addr);
if (ret)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 189/329] net: smsc911x: Fix unload crash when link is up
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 188/329] net: qcom/emac: Use proper free methods during TX Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 190/329] IB/core: Fix possible crash to access NULL netdev Greg Kroah-Hartman
` (133 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Sealey, Jeremy Linton,
Andrew Lunn, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeremy Linton <jeremy.linton@arm.com>
[ Upstream commit e06513d78d54e6c7026c9043a39e2c01ee25bdbe ]
The smsc911x driver will crash if it is rmmod'ed while the netdev
is up like:
Call trace:
phy_detach+0x94/0x150
phy_disconnect+0x40/0x50
smsc911x_stop+0x104/0x128 [smsc911x]
__dev_close_many+0xb4/0x138
dev_close_many+0xbc/0x190
rollback_registered_many+0x140/0x460
rollback_registered+0x68/0xb0
unregister_netdevice_queue+0x100/0x118
unregister_netdev+0x28/0x38
smsc911x_drv_remove+0x58/0x130 [smsc911x]
platform_drv_remove+0x30/0x50
device_release_driver_internal+0x15c/0x1f8
driver_detach+0x54/0x98
bus_remove_driver+0x64/0xe8
driver_unregister+0x34/0x60
platform_driver_unregister+0x20/0x30
smsc911x_cleanup_module+0x14/0xbca8 [smsc911x]
SyS_delete_module+0x1e8/0x238
__sys_trace_return+0x0/0x4
This is caused by the mdiobus being unregistered/free'd
and the code in phy_detach() attempting to manipulate mdio
related structures from unregister_netdev() calling close()
To fix this, we delay the mdiobus teardown until after
the netdev is deregistered.
Reported-by: Matt Sealey <matt.sealey@arm.com>
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/smsc/smsc911x.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/smsc/smsc911x.c
+++ b/drivers/net/ethernet/smsc/smsc911x.c
@@ -2330,14 +2330,14 @@ static int smsc911x_drv_remove(struct pl
pdata = netdev_priv(dev);
BUG_ON(!pdata);
BUG_ON(!pdata->ioaddr);
- WARN_ON(dev->phydev);
SMSC_TRACE(pdata, ifdown, "Stopping driver");
+ unregister_netdev(dev);
+
mdiobus_unregister(pdata->mii_bus);
mdiobus_free(pdata->mii_bus);
- unregister_netdev(dev);
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
"smsc911x-memory");
if (!res)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 190/329] IB/core: Fix possible crash to access NULL netdev
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 189/329] net: smsc911x: Fix unload crash when link is up Greg Kroah-Hartman
@ 2018-05-28 10:01 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 191/329] xen: xenbus: use put_device() instead of kfree() Greg Kroah-Hartman
` (132 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Jurgens, Parav Pandit,
Leon Romanovsky, Doug Ledford, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit bb7f8f199c354c4cf155b1d6d55f86eaaed7fa5a ]
resolved_dev returned might be NULL as ifindex is transient number.
Ignoring NULL check of resolved_dev might crash the kernel.
Therefore perform NULL check before accessing resolved_dev.
Additionally rdma_resolve_ip_route() invokes addr_resolve() which
performs check and address translation for loopback ifindex.
Therefore, checking it again in rdma_resolve_ip_route() is not helpful.
Therefore, the code is simplified to avoid IFF_LOOPBACK check.
Fixes: 200298326b27 ("IB/core: Validate route when we init ah")
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/sa_query.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1137,10 +1137,9 @@ int ib_init_ah_from_path(struct ib_devic
resolved_dev = dev_get_by_index(dev_addr.net,
dev_addr.bound_dev_if);
- if (resolved_dev->flags & IFF_LOOPBACK) {
- dev_put(resolved_dev);
- resolved_dev = idev;
- dev_hold(resolved_dev);
+ if (!resolved_dev) {
+ dev_put(idev);
+ return -ENODEV;
}
ndev = ib_get_ndev_from_path(rec);
rcu_read_lock();
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 191/329] xen: xenbus: use put_device() instead of kfree()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2018-05-28 10:01 ` [PATCH 4.9 190/329] IB/core: Fix possible crash to access NULL netdev Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 192/329] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery Greg Kroah-Hartman
` (131 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arvind Yadav, Juergen Gross, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arvind Yadav <arvind.yadav.cs@gmail.com>
[ Upstream commit 351b2bccede1cb673ec7957b35ea997ea24c8884 ]
Never directly free @dev after calling device_register(), even
if it returned an error! Always use put_device() to give up the
reference initialized.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/xenbus/xenbus_probe.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/xen/xenbus/xenbus_probe.c
+++ b/drivers/xen/xenbus/xenbus_probe.c
@@ -470,8 +470,11 @@ int xenbus_probe_node(struct xen_bus_typ
/* Register with generic device framework. */
err = device_register(&xendev->dev);
- if (err)
+ if (err) {
+ put_device(&xendev->dev);
+ xendev = NULL;
goto fail;
+ }
return 0;
fail:
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 192/329] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 191/329] xen: xenbus: use put_device() instead of kfree() Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 193/329] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock Greg Kroah-Hartman
` (130 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Catalin Marinas, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <marc.zyngier@arm.com>
[ Upstream commit e21da1c992007594d391e7b301779cf30f438691 ]
A recent update to the ARM SMCCC ARCH_WORKAROUND_1 specification
allows firmware to return a non zero, positive value to describe
that although the mitigation is implemented at the higher exception
level, the CPU on which the call is made is not affected.
Let's relax the check on the return value from ARCH_WORKAROUND_1
so that we only error out if the returned value is negative.
Fixes: b092201e0020 ("arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/cpu_errata.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -160,7 +160,7 @@ static int enable_smccc_arch_workaround_
case PSCI_CONDUIT_HVC:
arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
- if (res.a0)
+ if ((int)res.a0 < 0)
return 0;
cb = call_hvc_arch_workaround_1;
smccc_start = __smccc_workaround_1_hvc_start;
@@ -170,7 +170,7 @@ static int enable_smccc_arch_workaround_
case PSCI_CONDUIT_SMC:
arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
- if (res.a0)
+ if ((int)res.a0 < 0)
return 0;
cb = call_smc_arch_workaround_1;
smccc_start = __smccc_workaround_1_smc_start;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 193/329] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 192/329] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 194/329] netfilter: ebtables: fix erroneous reject of last rule Greg Kroah-Hartman
` (129 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Vinod Koul, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gregory CLEMENT <gregory.clement@bootlin.com>
[ Upstream commit 3cd2c313f1d618f92d1294addc6c685c17065761 ]
On the CP110 components which are present on the Armada 7K/8K SoC we need
to explicitly enable the clock for the registers. However it is not
needed for the AP8xx component, that's why this clock is optional.
With this patch both clock have now a name, but in order to be backward
compatible, the name of the first clock is not used. It allows to still
use this clock with a device tree using the old binding.
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/dma/mv-xor-v2.txt | 6 ++++
drivers/dma/mv_xor_v2.c | 25 ++++++++++++++++----
2 files changed, 25 insertions(+), 6 deletions(-)
--- a/Documentation/devicetree/bindings/dma/mv-xor-v2.txt
+++ b/Documentation/devicetree/bindings/dma/mv-xor-v2.txt
@@ -11,7 +11,11 @@ Required properties:
interrupts.
Optional properties:
-- clocks: Optional reference to the clock used by the XOR engine.
+- clocks: Optional reference to the clocks used by the XOR engine.
+- clock-names: mandatory if there is a second clock, in this case the
+ name must be "core" for the first clock and "reg" for the second
+ one
+
Example:
--- a/drivers/dma/mv_xor_v2.c
+++ b/drivers/dma/mv_xor_v2.c
@@ -152,6 +152,7 @@ struct mv_xor_v2_device {
void __iomem *dma_base;
void __iomem *glob_base;
struct clk *clk;
+ struct clk *reg_clk;
struct tasklet_struct irq_tasklet;
struct list_head free_sw_desc;
struct dma_device dmadev;
@@ -697,13 +698,26 @@ static int mv_xor_v2_probe(struct platfo
if (ret)
return ret;
+ xor_dev->reg_clk = devm_clk_get(&pdev->dev, "reg");
+ if (PTR_ERR(xor_dev->reg_clk) != -ENOENT) {
+ if (!IS_ERR(xor_dev->reg_clk)) {
+ ret = clk_prepare_enable(xor_dev->reg_clk);
+ if (ret)
+ return ret;
+ } else {
+ return PTR_ERR(xor_dev->reg_clk);
+ }
+ }
+
xor_dev->clk = devm_clk_get(&pdev->dev, NULL);
- if (IS_ERR(xor_dev->clk) && PTR_ERR(xor_dev->clk) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (IS_ERR(xor_dev->clk) && PTR_ERR(xor_dev->clk) == -EPROBE_DEFER) {
+ ret = EPROBE_DEFER;
+ goto disable_reg_clk;
+ }
if (!IS_ERR(xor_dev->clk)) {
ret = clk_prepare_enable(xor_dev->clk);
if (ret)
- return ret;
+ goto disable_reg_clk;
}
ret = platform_msi_domain_alloc_irqs(&pdev->dev, 1,
@@ -812,8 +826,9 @@ free_hw_desq:
free_msi_irqs:
platform_msi_domain_free_irqs(&pdev->dev);
disable_clk:
- if (!IS_ERR(xor_dev->clk))
- clk_disable_unprepare(xor_dev->clk);
+ clk_disable_unprepare(xor_dev->clk);
+disable_reg_clk:
+ clk_disable_unprepare(xor_dev->reg_clk);
return ret;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 194/329] netfilter: ebtables: fix erroneous reject of last rule
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 193/329] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 195/329] bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() Greg Kroah-Hartman
` (128 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 932909d9b28d27e807ff8eecb68c7748f6701628 ]
The last rule in the blob has next_entry offset that is same as total size.
This made "ebtables32 -A OUTPUT -d de:ad:be:ef:01:02" fail on 64 bit kernel.
Fixes: b71812168571fa ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/netfilter/ebtables.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2097,8 +2097,12 @@ static int size_entry_mwt(struct ebt_ent
* offsets are relative to beginning of struct ebt_entry (i.e., 0).
*/
for (i = 0; i < 4 ; ++i) {
- if (offsets[i] >= *total)
+ if (offsets[i] > *total)
return -EINVAL;
+
+ if (i < 3 && offsets[i] == *total)
+ return -EINVAL;
+
if (i == 0)
continue;
if (offsets[i-1] > offsets[i])
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 195/329] bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 194/329] netfilter: ebtables: fix erroneous reject of last rule Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 196/329] workqueue: use put_device() instead of kfree() Greg Kroah-Hartman
` (127 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Chan, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit 3c4fe80b32c685bdc02b280814d0cfe80d441c72 ]
During initialization, if we encounter errors, there is a code path that
calls bnxt_hwrm_vnic_set_tpa() with invalid VNIC ID. This may cause a
warning in firmware logs.
Fixes: c0c050c58d84 ("bnxt_en: New Broadcom ethernet driver.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -3401,6 +3401,9 @@ static int bnxt_hwrm_vnic_set_tpa(struct
struct bnxt_vnic_info *vnic = &bp->vnic_info[vnic_id];
struct hwrm_vnic_tpa_cfg_input req = {0};
+ if (vnic->fw_vnic_id == INVALID_HW_RING_ID)
+ return 0;
+
bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_VNIC_TPA_CFG, -1, -1);
if (tpa_flags) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 196/329] workqueue: use put_device() instead of kfree()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 195/329] bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 197/329] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu Greg Kroah-Hartman
` (126 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arvind Yadav, Tejun Heo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arvind Yadav <arvind.yadav.cs@gmail.com>
[ Upstream commit 537f4146c53c95aac977852b371bafb9c6755ee1 ]
Never directly free @dev after calling device_register(), even
if it returned an error! Always use put_device() to give up the
reference initialized in this function instead.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/workqueue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -5272,7 +5272,7 @@ int workqueue_sysfs_register(struct work
ret = device_register(&wq_dev->dev);
if (ret) {
- kfree(wq_dev);
+ put_device(&wq_dev->dev);
wq->wq_dev = NULL;
return ret;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 197/329] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 196/329] workqueue: use put_device() instead of kfree() Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 198/329] sunvnet: does not support GSO for sctp Greg Kroah-Hartman
` (125 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sabrina Dubroca, Stefano Brivio,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit d52e5a7e7ca49457dd31fc8b42fb7c0d58a31221 ]
Prior to the rework of PMTU information storage in commit
2c8cec5c10bc ("ipv4: Cache learned PMTU information in inetpeer."),
when a PMTU event advertising a PMTU smaller than
net.ipv4.route.min_pmtu was received, we would disable setting the DF
flag on packets by locking the MTU metric, and set the PMTU to
net.ipv4.route.min_pmtu.
Since then, we don't disable DF, and set PMTU to
net.ipv4.route.min_pmtu, so the intermediate router that has this link
with a small MTU will have to drop the packets.
This patch reestablishes pre-2.6.39 behavior by splitting
rtable->rt_pmtu into a bitfield with rt_mtu_locked and rt_pmtu.
rt_mtu_locked indicates that we shouldn't set the DF bit on that path,
and is checked in ip_dont_fragment().
One possible workaround is to set net.ipv4.route.min_pmtu to a value low
enough to accommodate the lowest MTU encountered.
Fixes: 2c8cec5c10bc ("ipv4: Cache learned PMTU information in inetpeer.")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/ip.h | 11 +++++++++--
include/net/ip_fib.h | 1 +
include/net/route.h | 3 ++-
net/ipv4/route.c | 26 +++++++++++++++++++-------
net/ipv4/xfrm4_policy.c | 1 +
5 files changed, 32 insertions(+), 10 deletions(-)
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -304,6 +304,13 @@ int ip_decrease_ttl(struct iphdr *iph)
return --iph->ttl;
}
+static inline int ip_mtu_locked(const struct dst_entry *dst)
+{
+ const struct rtable *rt = (const struct rtable *)dst;
+
+ return rt->rt_mtu_locked || dst_metric_locked(dst, RTAX_MTU);
+}
+
static inline
int ip_dont_fragment(const struct sock *sk, const struct dst_entry *dst)
{
@@ -311,7 +318,7 @@ int ip_dont_fragment(const struct sock *
return pmtudisc == IP_PMTUDISC_DO ||
(pmtudisc == IP_PMTUDISC_WANT &&
- !(dst_metric_locked(dst, RTAX_MTU)));
+ !ip_mtu_locked(dst));
}
static inline bool ip_sk_accept_pmtu(const struct sock *sk)
@@ -337,7 +344,7 @@ static inline unsigned int ip_dst_mtu_ma
struct net *net = dev_net(dst->dev);
if (net->ipv4.sysctl_ip_fwd_use_pmtu ||
- dst_metric_locked(dst, RTAX_MTU) ||
+ ip_mtu_locked(dst) ||
!forwarding)
return dst_mtu(dst);
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -57,6 +57,7 @@ struct fib_nh_exception {
int fnhe_genid;
__be32 fnhe_daddr;
u32 fnhe_pmtu;
+ bool fnhe_mtu_locked;
__be32 fnhe_gw;
unsigned long fnhe_expires;
struct rtable __rcu *fnhe_rth_input;
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -63,7 +63,8 @@ struct rtable {
__be32 rt_gateway;
/* Miscellaneous cached information */
- u32 rt_pmtu;
+ u32 rt_mtu_locked:1,
+ rt_pmtu:31;
u32 rt_table_id;
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -618,6 +618,7 @@ static inline u32 fnhe_hashfun(__be32 da
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
{
rt->rt_pmtu = fnhe->fnhe_pmtu;
+ rt->rt_mtu_locked = fnhe->fnhe_mtu_locked;
rt->dst.expires = fnhe->fnhe_expires;
if (fnhe->fnhe_gw) {
@@ -628,7 +629,7 @@ static void fill_route_from_fnhe(struct
}
static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw,
- u32 pmtu, unsigned long expires)
+ u32 pmtu, bool lock, unsigned long expires)
{
struct fnhe_hash_bucket *hash;
struct fib_nh_exception *fnhe;
@@ -665,8 +666,10 @@ static void update_or_create_fnhe(struct
fnhe->fnhe_genid = genid;
if (gw)
fnhe->fnhe_gw = gw;
- if (pmtu)
+ if (pmtu) {
fnhe->fnhe_pmtu = pmtu;
+ fnhe->fnhe_mtu_locked = lock;
+ }
fnhe->fnhe_expires = max(1UL, expires);
/* Update all cached dsts too */
rt = rcu_dereference(fnhe->fnhe_rth_input);
@@ -690,6 +693,7 @@ static void update_or_create_fnhe(struct
fnhe->fnhe_daddr = daddr;
fnhe->fnhe_gw = gw;
fnhe->fnhe_pmtu = pmtu;
+ fnhe->fnhe_mtu_locked = lock;
fnhe->fnhe_expires = expires;
/* Exception created; mark the cached routes for the nexthop
@@ -771,7 +775,8 @@ static void __ip_do_redirect(struct rtab
struct fib_nh *nh = &FIB_RES_NH(res);
update_or_create_fnhe(nh, fl4->daddr, new_gw,
- 0, jiffies + ip_rt_gc_timeout);
+ 0, false,
+ jiffies + ip_rt_gc_timeout);
}
if (kill_route)
rt->dst.obsolete = DST_OBSOLETE_KILL;
@@ -983,15 +988,18 @@ static void __ip_rt_update_pmtu(struct r
{
struct dst_entry *dst = &rt->dst;
struct fib_result res;
+ bool lock = false;
- if (dst_metric_locked(dst, RTAX_MTU))
+ if (ip_mtu_locked(dst))
return;
if (ipv4_mtu(dst) < mtu)
return;
- if (mtu < ip_rt_min_pmtu)
+ if (mtu < ip_rt_min_pmtu) {
+ lock = true;
mtu = ip_rt_min_pmtu;
+ }
if (rt->rt_pmtu == mtu &&
time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
@@ -1001,7 +1009,7 @@ static void __ip_rt_update_pmtu(struct r
if (fib_lookup(dev_net(dst->dev), fl4, &res, 0) == 0) {
struct fib_nh *nh = &FIB_RES_NH(res);
- update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
+ update_or_create_fnhe(nh, fl4->daddr, 0, mtu, lock,
jiffies + ip_rt_mtu_expires);
}
rcu_read_unlock();
@@ -1256,7 +1264,7 @@ static unsigned int ipv4_mtu(const struc
mtu = READ_ONCE(dst->dev->mtu);
- if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
+ if (unlikely(ip_mtu_locked(dst))) {
if (rt->rt_uses_gateway && mtu > 576)
mtu = 576;
}
@@ -1481,6 +1489,7 @@ struct rtable *rt_dst_alloc(struct net_d
rt->rt_is_input = 0;
rt->rt_iif = 0;
rt->rt_pmtu = 0;
+ rt->rt_mtu_locked = 0;
rt->rt_gateway = 0;
rt->rt_uses_gateway = 0;
rt->rt_table_id = 0;
@@ -2403,6 +2412,7 @@ struct dst_entry *ipv4_blackhole_route(s
rt->rt_is_input = ort->rt_is_input;
rt->rt_iif = ort->rt_iif;
rt->rt_pmtu = ort->rt_pmtu;
+ rt->rt_mtu_locked = ort->rt_mtu_locked;
rt->rt_genid = rt_genid_ipv4(net);
rt->rt_flags = ort->rt_flags;
@@ -2505,6 +2515,8 @@ static int rt_fill_info(struct net *net,
memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
if (rt->rt_pmtu && expires)
metrics[RTAX_MTU - 1] = rt->rt_pmtu;
+ if (rt->rt_mtu_locked && expires)
+ metrics[RTAX_LOCK - 1] |= BIT(RTAX_MTU);
if (rtnetlink_put_metrics(skb, metrics) < 0)
goto nla_put_failure;
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -97,6 +97,7 @@ static int xfrm4_fill_dst(struct xfrm_ds
xdst->u.rt.rt_gateway = rt->rt_gateway;
xdst->u.rt.rt_uses_gateway = rt->rt_uses_gateway;
xdst->u.rt.rt_pmtu = rt->rt_pmtu;
+ xdst->u.rt.rt_mtu_locked = rt->rt_mtu_locked;
xdst->u.rt.rt_table_id = rt->rt_table_id;
INIT_LIST_HEAD(&xdst->u.rt.rt_uncached);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 198/329] sunvnet: does not support GSO for sctp
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 197/329] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 199/329] drm/imx: move arming of the vblank event to atomic_flush Greg Kroah-Hartman
` (124 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cathy Zhou, Shannon Nelson,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cathy Zhou <Cathy.Zhou@Oracle.COM>
[ Upstream commit cf55612a945039476abfd73e39064b2e721c3272 ]
The NETIF_F_GSO_SOFTWARE implies support for GSO on SCTP, but the
sunvnet driver does not support GSO for sctp. Here we remove the
NETIF_F_GSO_SOFTWARE feature flag and only report NETIF_F_ALL_TSO
instead.
Signed-off-by: Cathy Zhou <Cathy.Zhou@Oracle.COM>
Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/sun/sunvnet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/sun/sunvnet.c
+++ b/drivers/net/ethernet/sun/sunvnet.c
@@ -198,7 +198,7 @@ static struct vnet *vnet_new(const u64 *
dev->ethtool_ops = &vnet_ethtool_ops;
dev->watchdog_timeo = VNET_TX_TIMEOUT;
- dev->hw_features = NETIF_F_TSO | NETIF_F_GSO | NETIF_F_GSO_SOFTWARE |
+ dev->hw_features = NETIF_F_TSO | NETIF_F_GSO | NETIF_F_ALL_TSO |
NETIF_F_HW_CSUM | NETIF_F_SG;
dev->features = dev->hw_features;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 199/329] drm/imx: move arming of the vblank event to atomic_flush
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 198/329] sunvnet: does not support GSO for sctp Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 200/329] microblaze: switch to NO_BOOTMEM Greg Kroah-Hartman
` (123 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Philipp Zabel, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit 6a055b92de15af987b4027826d43aa103c65a3c4 ]
Right now the vblank event completion is racing with the atomic update,
which is especially bad when the PRE is in use, as one of the hardware
issue workaround might extend the atomic commit for quite some time.
If the vblank IRQ happens to trigger during that time, we will prematurely
signal the atomic commit completion to userspace, which causes tearing
when userspace re-uses a framebuffer we haven't managed to flip away from
yet.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/imx/ipuv3-crtc.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/imx/ipuv3-crtc.c
+++ b/drivers/gpu/drm/imx/ipuv3-crtc.c
@@ -189,7 +189,11 @@ static void ipu_crtc_atomic_begin(struct
struct drm_crtc_state *old_crtc_state)
{
drm_crtc_vblank_on(crtc);
+}
+static void ipu_crtc_atomic_flush(struct drm_crtc *crtc,
+ struct drm_crtc_state *old_crtc_state)
+{
spin_lock_irq(&crtc->dev->event_lock);
if (crtc->state->event) {
WARN_ON(drm_crtc_vblank_get(crtc));
@@ -257,6 +261,7 @@ static const struct drm_crtc_helper_func
.mode_set_nofb = ipu_crtc_mode_set_nofb,
.atomic_check = ipu_crtc_atomic_check,
.atomic_begin = ipu_crtc_atomic_begin,
+ .atomic_flush = ipu_crtc_atomic_flush,
.atomic_disable = ipu_crtc_atomic_disable,
.enable = ipu_crtc_enable,
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 200/329] microblaze: switch to NO_BOOTMEM
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 199/329] drm/imx: move arming of the vblank event to atomic_flush Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 201/329] net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off Greg Kroah-Hartman
` (122 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Alvaro Gamez Machado,
Michal Simek, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Herring <robh@kernel.org>
[ Upstream commit 101646a24a2f9cdb61d7732459fbf068a7bbb542 ]
Microblaze doesn't set CONFIG_NO_BOOTMEM and so memblock_virt_alloc()
doesn't work for CONFIG_HAVE_MEMBLOCK && !CONFIG_NO_BOOTMEM.
Similar change was already done by others architectures
"ARM: mm: Remove bootmem code and switch to NO_BOOTMEM"
(sha1: 84f452b1e8fc73ac0e31254c66e3e2260ce5263d)
or
"openrisc: Consolidate setup to use memblock instead of bootmem"
(sha1: 266c7fad157265bb54d17db1c9545f2aaa488643)
or
"parisc: Drop bootmem and switch to memblock"
(sha1: 4fe9e1d957e45ad8eba9885ee860a0e93d13a7c7)
or
"powerpc: Remove bootmem allocator"
(sha1: 10239733ee8617bac3f1c1769af43a88ed979324)
or
"s390/mm: Convert bootmem to memblock"
(sha1: 50be634507284eea38df78154d22615d21200b42)
or
"sparc64: Convert over to NO_BOOTMEM."
(sha1: 625d693e9784f988371e69c2b41a2172c0be6c11)
or
"xtensa: drop sysmem and switch to memblock"
(sha1: 0e46c1115f5816949220d62dd3ff04aa68e7ac6b)
Issue was introduced by:
"of/fdt: use memblock_virt_alloc for early alloc"
(sha1: 0fa1c579349fdd90173381712ad78aa99c09d38b)
Signed-off-by: Rob Herring <robh@kernel.org>
Tested-by: Alvaro Gamez Machado <alvaro.gamez@hazent.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/microblaze/Kconfig | 1
arch/microblaze/mm/init.c | 56 ++++------------------------------------------
2 files changed, 7 insertions(+), 50 deletions(-)
--- a/arch/microblaze/Kconfig
+++ b/arch/microblaze/Kconfig
@@ -23,6 +23,7 @@ config MICROBLAZE
select HAVE_FTRACE_MCOUNT_RECORD
select HAVE_FUNCTION_GRAPH_TRACER
select HAVE_FUNCTION_TRACER
+ select NO_BOOTMEM
select HAVE_MEMBLOCK
select HAVE_MEMBLOCK_NODE_MAP
select HAVE_OPROFILE
--- a/arch/microblaze/mm/init.c
+++ b/arch/microblaze/mm/init.c
@@ -32,9 +32,6 @@ int mem_init_done;
#ifndef CONFIG_MMU
unsigned int __page_offset;
EXPORT_SYMBOL(__page_offset);
-
-#else
-static int init_bootmem_done;
#endif /* CONFIG_MMU */
char *klimit = _end;
@@ -117,7 +114,6 @@ static void __init paging_init(void)
void __init setup_memory(void)
{
- unsigned long map_size;
struct memblock_region *reg;
#ifndef CONFIG_MMU
@@ -174,17 +170,6 @@ void __init setup_memory(void)
pr_info("%s: max_low_pfn: %#lx\n", __func__, max_low_pfn);
pr_info("%s: max_pfn: %#lx\n", __func__, max_pfn);
- /*
- * Find an area to use for the bootmem bitmap.
- * We look for the first area which is at least
- * 128kB in length (128kB is enough for a bitmap
- * for 4GB of memory, using 4kB pages), plus 1 page
- * (in case the address isn't page-aligned).
- */
- map_size = init_bootmem_node(NODE_DATA(0),
- PFN_UP(TOPHYS((u32)klimit)), min_low_pfn, max_low_pfn);
- memblock_reserve(PFN_UP(TOPHYS((u32)klimit)) << PAGE_SHIFT, map_size);
-
/* Add active regions with valid PFNs */
for_each_memblock(memory, reg) {
unsigned long start_pfn, end_pfn;
@@ -196,32 +181,9 @@ void __init setup_memory(void)
&memblock.memory, 0);
}
- /* free bootmem is whole main memory */
- free_bootmem_with_active_regions(0, max_low_pfn);
-
- /* reserve allocate blocks */
- for_each_memblock(reserved, reg) {
- unsigned long top = reg->base + reg->size - 1;
-
- pr_debug("reserved - 0x%08x-0x%08x, %lx, %lx\n",
- (u32) reg->base, (u32) reg->size, top,
- memory_start + lowmem_size - 1);
-
- if (top <= (memory_start + lowmem_size - 1)) {
- reserve_bootmem(reg->base, reg->size, BOOTMEM_DEFAULT);
- } else if (reg->base < (memory_start + lowmem_size - 1)) {
- unsigned long trunc_size = memory_start + lowmem_size -
- reg->base;
- reserve_bootmem(reg->base, trunc_size, BOOTMEM_DEFAULT);
- }
- }
-
/* XXX need to clip this if using highmem? */
sparse_memory_present_with_active_regions(0);
-#ifdef CONFIG_MMU
- init_bootmem_done = 1;
-#endif
paging_init();
}
@@ -398,18 +360,12 @@ asmlinkage void __init mmu_init(void)
/* This is only called until mem_init is done. */
void __init *early_get_page(void)
{
- void *p;
- if (init_bootmem_done) {
- p = alloc_bootmem_pages(PAGE_SIZE);
- } else {
- /*
- * Mem start + kernel_tlb -> here is limit
- * because of mem mapping from head.S
- */
- p = __va(memblock_alloc_base(PAGE_SIZE, PAGE_SIZE,
- memory_start + kernel_tlb));
- }
- return p;
+ /*
+ * Mem start + kernel_tlb -> here is limit
+ * because of mem mapping from head.S
+ */
+ return __va(memblock_alloc_base(PAGE_SIZE, PAGE_SIZE,
+ memory_start + kernel_tlb));
}
#endif /* CONFIG_MMU */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 201/329] net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 200/329] microblaze: switch to NO_BOOTMEM Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 202/329] batman-adv: fix header size check in batadv_dbg_arp() Greg Kroah-Hartman
` (121 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brandon Carpenter, Toshiaki Makita,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
[ Upstream commit 4bbb3e0e8239f9079bf1fe20b3c0cb598714ae61 ]
When we have a bridge with vlan_filtering on and a vlan device on top of
it, packets would be corrupted in skb_vlan_untag() called from
br_dev_xmit().
The problem sits in skb_reorder_vlan_header() used in skb_vlan_untag(),
which makes use of skb->mac_len. In this function mac_len is meant for
handling rx path with vlan devices with reorder_header disabled, but in
tx path mac_len is typically 0 and cannot be used, which is the problem
in this case.
The current code even does not properly handle rx path (skb_vlan_untag()
called from __netif_receive_skb_core()) with reorder_header off actually.
In rx path single tag case, it works as follows:
- Before skb_reorder_vlan_header()
mac_header data
v v
+-------------------+-------------+------+----
| ETH | VLAN | ETH |
| ADDRS | TPID | TCI | TYPE |
+-------------------+-------------+------+----
<-------- mac_len --------->
<------------->
to be removed
- After skb_reorder_vlan_header()
mac_header data
v v
+-------------------+------+----
| ETH | ETH |
| ADDRS | TYPE |
+-------------------+------+----
<-------- mac_len --------->
This is ok, but in rx double tag case, it corrupts packets:
- Before skb_reorder_vlan_header()
mac_header data
v v
+-------------------+-------------+-------------+------+----
| ETH | VLAN | VLAN | ETH |
| ADDRS | TPID | TCI | TPID | TCI | TYPE |
+-------------------+-------------+-------------+------+----
<--------------- mac_len ---------------->
<------------->
should be removed
<--------------------------->
actually will be removed
- After skb_reorder_vlan_header()
mac_header data
v v
+-------------------+------+----
| ETH | ETH |
| ADDRS | TYPE |
+-------------------+------+----
<--------------- mac_len ---------------->
So, two of vlan tags are both removed while only inner one should be
removed and mac_header (and mac_len) is broken.
skb_vlan_untag() is meant for removing the vlan header at (skb->data - 2),
so use skb->data and skb->mac_header to calculate the right offset.
Reported-by: Brandon Carpenter <brandon.carpenter@cypherpath.com>
Fixes: a6e18ff11170 ("vlan: Fix untag operations of stacked vlans with REORDER_HEADER off")
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/if_ether.h | 1 +
net/core/skbuff.c | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/include/uapi/linux/if_ether.h
+++ b/include/uapi/linux/if_ether.h
@@ -29,6 +29,7 @@
*/
#define ETH_ALEN 6 /* Octets in one ethernet addr */
+#define ETH_TLEN 2 /* Octets in ethernet type field */
#define ETH_HLEN 14 /* Total octets in header. */
#define ETH_ZLEN 60 /* Min. octets in frame sans FCS */
#define ETH_DATA_LEN 1500 /* Max. octets in payload */
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4475,13 +4475,16 @@ EXPORT_SYMBOL_GPL(skb_gso_validate_mtu);
static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb)
{
+ int mac_len;
+
if (skb_cow(skb, skb_headroom(skb)) < 0) {
kfree_skb(skb);
return NULL;
}
- memmove(skb->data - ETH_HLEN, skb->data - skb->mac_len - VLAN_HLEN,
- 2 * ETH_ALEN);
+ mac_len = skb->data - skb_mac_header(skb);
+ memmove(skb_mac_header(skb) + VLAN_HLEN, skb_mac_header(skb),
+ mac_len - VLAN_HLEN - ETH_TLEN);
skb->mac_header += VLAN_HLEN;
return skb;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 202/329] batman-adv: fix header size check in batadv_dbg_arp()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 201/329] net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 203/329] batman-adv: Fix skbuff rcsum on packet reroute Greg Kroah-Hartman
` (120 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Schiffer, Sven Eckelmann,
Simon Wunderlich, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <mschiffer@universe-factory.net>
[ Upstream commit 6f27d2c2a8c236d296201c19abb8533ec20d212b ]
Checking for 0 is insufficient: when an SKB without a batadv header, but
with a VLAN header is received, hdr_size will be 4, making the following
code interpret the Ethernet header as a batadv header.
Fixes: be1db4f6615b ("batman-adv: make the Distributed ARP Table vlan aware")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/distributed-arp-table.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -391,7 +391,7 @@ static void batadv_dbg_arp(struct batadv
batadv_arp_hw_src(skb, hdr_size), &ip_src,
batadv_arp_hw_dst(skb, hdr_size), &ip_dst);
- if (hdr_size == 0)
+ if (hdr_size < sizeof(struct batadv_unicast_packet))
return;
unicast_4addr_packet = (struct batadv_unicast_4addr_packet *)skb->data;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 203/329] batman-adv: Fix skbuff rcsum on packet reroute
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 202/329] batman-adv: fix header size check in batadv_dbg_arp() Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 204/329] vti4: Dont count header length twice on tunnel setup Greg Kroah-Hartman
` (119 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Schiffer, Sven Eckelmann,
Simon Wunderlich, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sven Eckelmann <sven@narfation.org>
[ Upstream commit fc04fdb2c8a894283259f5621d31d75610701091 ]
batadv_check_unicast_ttvn may redirect a packet to itself or another
originator. This involves rewriting the ttvn and the destination address in
the batadv unicast header. These field were not yet pulled (with skb rcsum
update) and thus any change to them also requires a change in the receive
checksum.
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: a73105b8d4c7 ("batman-adv: improved client announcement mechanism")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/batman-adv/routing.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -724,6 +724,7 @@ out:
/**
* batadv_reroute_unicast_packet - update the unicast header for re-routing
* @bat_priv: the bat priv with all the soft interface information
+ * @skb: unicast packet to process
* @unicast_packet: the unicast header to be updated
* @dst_addr: the payload destination
* @vid: VLAN identifier
@@ -735,7 +736,7 @@ out:
* Return: true if the packet header has been updated, false otherwise
*/
static bool
-batadv_reroute_unicast_packet(struct batadv_priv *bat_priv,
+batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
struct batadv_unicast_packet *unicast_packet,
u8 *dst_addr, unsigned short vid)
{
@@ -764,8 +765,10 @@ batadv_reroute_unicast_packet(struct bat
}
/* update the packet header */
+ skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
ether_addr_copy(unicast_packet->dest, orig_addr);
unicast_packet->ttvn = orig_ttvn;
+ skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
ret = true;
out:
@@ -806,7 +809,7 @@ static bool batadv_check_unicast_ttvn(st
* the packet to
*/
if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) {
- if (batadv_reroute_unicast_packet(bat_priv, unicast_packet,
+ if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
ethhdr->h_dest, vid))
batadv_dbg_ratelimited(BATADV_DBG_TT,
bat_priv,
@@ -852,7 +855,7 @@ static bool batadv_check_unicast_ttvn(st
* destination can possibly be updated and forwarded towards the new
* target host
*/
- if (batadv_reroute_unicast_packet(bat_priv, unicast_packet,
+ if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
ethhdr->h_dest, vid)) {
batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv,
"Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n",
@@ -875,12 +878,14 @@ static bool batadv_check_unicast_ttvn(st
if (!primary_if)
return false;
+ /* update the packet header */
+ skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr);
+ unicast_packet->ttvn = curr_ttvn;
+ skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
batadv_hardif_put(primary_if);
- unicast_packet->ttvn = curr_ttvn;
-
return true;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 204/329] vti4: Dont count header length twice on tunnel setup
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 203/329] batman-adv: Fix skbuff rcsum on packet reroute Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 205/329] vti4: Dont override MTU passed on link creation via IFLA_MTU Greg Kroah-Hartman
` (118 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Brivio, Sabrina Dubroca,
Steffen Klassert, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefano Brivio <sbrivio@redhat.com>
[ Upstream commit dd1df24737727e119c263acf1be2a92763938297 ]
This re-introduces the effect of commit a32452366b72 ("vti4:
Don't count header length twice.") which was accidentally
reverted by merge commit f895f0cfbb77 ("Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec").
The commit message from Steffen Klassert said:
We currently count the size of LL_MAX_HEADER and struct iphdr
twice for vti4 devices, this leads to a wrong device mtu.
The size of LL_MAX_HEADER and struct iphdr is already counted in
ip_tunnel_bind_dev(), so don't do it again in vti_tunnel_init().
And this is still the case now: ip_tunnel_bind_dev() already
accounts for the header length of the link layer (not
necessarily LL_MAX_HEADER, if the output device is found), plus
one IP header.
For example, with a vti device on top of veth, with MTU of 1500,
the existing implementation would set the initial vti MTU to
1332, accounting once for LL_MAX_HEADER (128, included in
hard_header_len by vti) and twice for the same IP header (once
from hard_header_len, once from ip_tunnel_bind_dev()).
It should instead be 1480, because ip_tunnel_bind_dev() is able
to figure out that the output device is veth, so no additional
link layer header is attached, and will properly count one
single IP header.
The existing issue had the side effect of avoiding PMTUD for
most xfrm policies, by arbitrarily lowering the initial MTU.
However, the only way to get a consistent PMTU value is to let
the xfrm PMTU discovery do its course, and commit d6af1a31cc72
("vti: Add pmtu handling to vti_xmit.") now takes care of local
delivery cases where the application ignores local socket
notifications.
Fixes: b9959fd3b0fa ("vti: switch to new ip tunnel code")
Fixes: f895f0cfbb77 ("Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Acked-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_vti.c | 1 -
1 file changed, 1 deletion(-)
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -396,7 +396,6 @@ static int vti_tunnel_init(struct net_de
memcpy(dev->dev_addr, &iph->saddr, 4);
memcpy(dev->broadcast, &iph->daddr, 4);
- dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
dev->mtu = ETH_DATA_LEN;
dev->flags = IFF_NOARP;
dev->addr_len = 4;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 205/329] vti4: Dont override MTU passed on link creation via IFLA_MTU
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 204/329] vti4: Dont count header length twice on tunnel setup Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 206/329] perf/cgroup: Fix child event counting bug Greg Kroah-Hartman
` (117 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Brivio, Sabrina Dubroca,
Steffen Klassert, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefano Brivio <sbrivio@redhat.com>
[ Upstream commit 03080e5ec72740c1a62e6730f2a5f3f114f11b19 ]
Don't hardcode a MTU value on vti tunnel initialization,
ip_tunnel_newlink() is able to deal with this already. See also
commit ffc2b6ee4174 ("ip_gre: fix IFLA_MTU ignored on NEWLINK").
Fixes: 1181412c1a67 ("net/ipv4: VTI support new module for ip_vti.")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Acked-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_vti.c | 1 -
1 file changed, 1 deletion(-)
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -396,7 +396,6 @@ static int vti_tunnel_init(struct net_de
memcpy(dev->dev_addr, &iph->saddr, 4);
memcpy(dev->broadcast, &iph->daddr, 4);
- dev->mtu = ETH_DATA_LEN;
dev->flags = IFF_NOARP;
dev->addr_len = 4;
dev->features |= NETIF_F_LLTX;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 206/329] perf/cgroup: Fix child event counting bug
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 205/329] vti4: Dont override MTU passed on link creation via IFLA_MTU Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 207/329] brcmfmac: Fix check for ISO3166 code Greg Kroah-Hartman
` (116 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ephraim Park, Song Liu,
Peter Zijlstra (Intel),
jolsa, kernel-team, Alexander Shishkin, Arnaldo Carvalho de Melo,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Song Liu <songliubraving@fb.com>
[ Upstream commit c917e0f259908e75bd2a65877e25f9d90c22c848 ]
When a perf_event is attached to parent cgroup, it should count events
for all children cgroups:
parent_group <---- perf_event
\
- child_group <---- process(es)
However, in our tests, we found this perf_event cannot report reliable
results. Here is an example case:
# create cgroups
mkdir -p /sys/fs/cgroup/p/c
# start perf for parent group
perf stat -e instructions -G "p"
# on another console, run test process in child cgroup:
stressapptest -s 2 -M 1000 & echo $! > /sys/fs/cgroup/p/c/cgroup.procs
# after the test process is done, stop perf in the first console shows
<not counted> instructions p
The instruction should not be "not counted" as the process runs in the
child cgroup.
We found this is because perf_event->cgrp and cpuctx->cgrp are not
identical, thus perf_event->cgrp are not updated properly.
This patch fixes this by updating perf_cgroup properly for ancestor
cgroup(s).
Reported-by: Ephraim Park <ephiepark@fb.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <jolsa@redhat.com>
Cc: <kernel-team@fb.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Link: http://lkml.kernel.org/r/20180312165943.1057894-1-songliubraving@fb.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/core.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -634,9 +634,15 @@ static inline void __update_cgrp_time(st
static inline void update_cgrp_time_from_cpuctx(struct perf_cpu_context *cpuctx)
{
- struct perf_cgroup *cgrp_out = cpuctx->cgrp;
- if (cgrp_out)
- __update_cgrp_time(cgrp_out);
+ struct perf_cgroup *cgrp = cpuctx->cgrp;
+ struct cgroup_subsys_state *css;
+
+ if (cgrp) {
+ for (css = &cgrp->css; css; css = css->parent) {
+ cgrp = container_of(css, struct perf_cgroup, css);
+ __update_cgrp_time(cgrp);
+ }
+ }
}
static inline void update_cgrp_time_from_event(struct perf_event *event)
@@ -664,6 +670,7 @@ perf_cgroup_set_timestamp(struct task_st
{
struct perf_cgroup *cgrp;
struct perf_cgroup_info *info;
+ struct cgroup_subsys_state *css;
/*
* ctx->lock held by caller
@@ -674,8 +681,12 @@ perf_cgroup_set_timestamp(struct task_st
return;
cgrp = perf_cgroup_from_task(task, ctx);
- info = this_cpu_ptr(cgrp->info);
- info->timestamp = ctx->timestamp;
+
+ for (css = &cgrp->css; css; css = css->parent) {
+ cgrp = container_of(css, struct perf_cgroup, css);
+ info = this_cpu_ptr(cgrp->info);
+ info->timestamp = ctx->timestamp;
+ }
}
#define PERF_CGROUP_SWOUT 0x1 /* cgroup switch out every event */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 207/329] brcmfmac: Fix check for ISO3166 code
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 206/329] perf/cgroup: Fix child event counting bug Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 208/329] kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races Greg Kroah-Hartman
` (115 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Franky Lin,
Kalle Valo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 9b9322db5c5a1917a66c71fe47c3848a9a31227e ]
The commit "regulatory: add NUL to request alpha2" increases the length of
alpha2 to 3. This causes a regression on brcmfmac, because
brcmf_cfg80211_reg_notifier() expect valid ISO3166 codes in the complete
array. So fix this accordingly.
Fixes: 657308f73e67 ("regulatory: add NUL to request alpha2")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -6789,7 +6789,7 @@ static void brcmf_cfg80211_reg_notifier(
int i;
/* ignore non-ISO3166 country codes */
- for (i = 0; i < sizeof(req->alpha2); i++)
+ for (i = 0; i < 2; i++)
if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') {
brcmf_err("not a ISO3166 code (0x%02x 0x%02x)\n",
req->alpha2[0], req->alpha2[1]);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 208/329] kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 207/329] brcmfmac: Fix check for ISO3166 code Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 209/329] RDMA/ucma: Correct option size check using optlen Greg Kroah-Hartman
` (114 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Lindroth, Nicolas Pitre,
Masahiro Yamada, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Pitre <nicolas.pitre@linaro.org>
[ Upstream commit 825d487583089f9a33d31650c9c41f6474aab7fc ]
Some filesystems have timestamps with coarse precision that may allow
for a recently built object file to have the same timestamp as the
updated time on one of its dependency files. When that happens, the
object file doesn't get rebuilt as it should.
This is especially the case on filesystems that don't have sub-second
time precision, such as ext3 or Ext4 with 128B inodes.
Let's prevent that by making sure updated dependency files have a newer
timestamp than the first file we created (i.e. autoksyms.h.tmpnew).
Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/adjust_autoksyms.sh | 7 +++++++
1 file changed, 7 insertions(+)
--- a/scripts/adjust_autoksyms.sh
+++ b/scripts/adjust_autoksyms.sh
@@ -83,6 +83,13 @@ while read sympath; do
depfile="include/config/ksym/${sympath}.h"
mkdir -p "$(dirname "$depfile")"
touch "$depfile"
+ # Filesystems with coarse time precision may create timestamps
+ # equal to the one from a file that was very recently built and that
+ # needs to be rebuild. Let's guard against that by making sure our
+ # dep files are always newer than the first file we created here.
+ while [ ! "$depfile" -nt "$new_ksyms_file" ]; do
+ touch "$depfile"
+ done
echo $((count += 1))
done | tail -1 )
changed=${changed:-0}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 209/329] RDMA/ucma: Correct option size check using optlen
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 208/329] kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 210/329] RDMA/qedr: fix QPs ack timeout configuration Greg Kroah-Hartman
` (113 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chien Tin Tung, Shiraz Saleem,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chien Tin Tung <chien.tin.tung@intel.com>
[ Upstream commit 5f3e3b85cc0a5eae1c46d72e47d3de7bf208d9e2 ]
The option size check is using optval instead of optlen
causing the set option call to fail. Use the correct
field, optlen, for size check.
Fixes: 6a21dfc0d0db ("RDMA/ucma: Limit possible option size")
Signed-off-by: Chien Tin Tung <chien.tin.tung@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/ucma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -1296,7 +1296,7 @@ static ssize_t ucma_set_option(struct uc
if (IS_ERR(ctx))
return PTR_ERR(ctx);
- if (unlikely(cmd.optval > KMALLOC_MAX_SIZE))
+ if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE))
return -EINVAL;
optval = memdup_user((void __user *) (unsigned long) cmd.optval,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 210/329] RDMA/qedr: fix QPs ack timeout configuration
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 209/329] RDMA/ucma: Correct option size check using optlen Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 211/329] RDMA/qedr: Fix rc initialization on CNQ allocation failure Greg Kroah-Hartman
` (112 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kalderon, Ariel Elior,
Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kalderon, Michal" <Michal.Kalderon@cavium.com>
[ Upstream commit c3594f22302cca5e924e47ec1cc8edd265708f41 ]
QPs that were configured with ack timeout value lower than 1
msec will not implement re-transmission timeout.
This means that if a packet / ACK were dropped, the QP
will not retransmit this packet.
This can lead to an application hang.
Fixes: cecbcddf6 ("qedr: Add support for QP verbs")
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/qedr/verbs.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--- a/drivers/infiniband/hw/qedr/verbs.c
+++ b/drivers/infiniband/hw/qedr/verbs.c
@@ -1888,18 +1888,23 @@ int qedr_modify_qp(struct ib_qp *ibqp, s
SET_FIELD(qp_params.modify_flags,
QED_ROCE_MODIFY_QP_VALID_ACK_TIMEOUT, 1);
- qp_params.ack_timeout = attr->timeout;
- if (attr->timeout) {
- u32 temp;
-
- temp = 4096 * (1UL << attr->timeout) / 1000 / 1000;
- /* FW requires [msec] */
- qp_params.ack_timeout = temp;
- } else {
- /* Infinite */
+ /* The received timeout value is an exponent used like this:
+ * "12.7.34 LOCAL ACK TIMEOUT
+ * Value representing the transport (ACK) timeout for use by
+ * the remote, expressed as: 4.096 * 2^timeout [usec]"
+ * The FW expects timeout in msec so we need to divide the usec
+ * result by 1000. We'll approximate 1000~2^10, and 4.096 ~ 2^2,
+ * so we get: 2^2 * 2^timeout / 2^10 = 2^(timeout - 8).
+ * The value of zero means infinite so we use a 'max_t' to make
+ * sure that sub 1 msec values will be configured as 1 msec.
+ */
+ if (attr->timeout)
+ qp_params.ack_timeout =
+ 1 << max_t(int, attr->timeout - 8, 0);
+ else
qp_params.ack_timeout = 0;
- }
}
+
if (attr_mask & IB_QP_RETRY_CNT) {
SET_FIELD(qp_params.modify_flags,
QED_ROCE_MODIFY_QP_VALID_RETRY_CNT, 1);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 211/329] RDMA/qedr: Fix rc initialization on CNQ allocation failure
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 210/329] RDMA/qedr: fix QPs ack timeout configuration Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 212/329] macsec: missing dev_put() on error in macsec_newlink() Greg Kroah-Hartman
` (111 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kalderon, Ariel Elior,
Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Kalderon, Michal" <Michal.Kalderon@cavium.com>
[ Upstream commit b15606f47b89b0b09936d7f45b59ba6275527041 ]
Return code wasn't set properly when CNQ allocation failed.
This only affect error message logging, currently user will
receive an error message that says the qedr driver load failed
with rc '0', instead of ENOMEM
Fixes: ec72fce4 ("qedr: Add support for RoCE HW init")
Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com>
Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/qedr/main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/hw/qedr/main.c
+++ b/drivers/infiniband/hw/qedr/main.c
@@ -762,7 +762,8 @@ static struct qedr_dev *qedr_add(struct
dev->num_cnq = dev->ops->rdma_get_min_cnq_msix(cdev);
if (!dev->num_cnq) {
- DP_ERR(dev, "not enough CNQ resources.\n");
+ DP_ERR(dev, "Failed. At least one CNQ is required.\n");
+ rc = -ENOMEM;
goto init_err;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 212/329] macsec: missing dev_put() on error in macsec_newlink()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 211/329] RDMA/qedr: Fix rc initialization on CNQ allocation failure Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 213/329] mm/mempolicy.c: avoid use uninitialized preferred_node Greg Kroah-Hartman
` (110 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 5dcd8400884cc4a043a6d4617e042489e5d566a9 ]
We moved the dev_hold(real_dev); call earlier in the function but forgot
to update the error paths.
Fixes: 0759e552bce7 ("macsec: fix negative refcnt on parent link")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macsec.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -3244,7 +3244,7 @@ static int macsec_newlink(struct net *ne
err = netdev_upper_dev_link(real_dev, dev);
if (err < 0)
- goto unregister;
+ goto put_dev;
/* need to be already registered so that ->init has run and
* the MAC addr is set
@@ -3280,7 +3280,8 @@ del_dev:
macsec_del_dev(macsec);
unlink:
netdev_upper_dev_unlink(real_dev, dev);
-unregister:
+put_dev:
+ dev_put(real_dev);
unregister_netdevice(dev);
return err;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 213/329] mm/mempolicy.c: avoid use uninitialized preferred_node
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 212/329] macsec: missing dev_put() on error in macsec_newlink() Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 214/329] mm, thp: do not cause memcg oom for thp Greg Kroah-Hartman
` (109 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yisheng Xie, Alexander Potapenko,
Andrew Morton, Dmitriy Vyukov, Vlastimil Babka, Michal Hocko,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yisheng Xie <xieyisheng1@huawei.com>
[ Upstream commit 8970a63e965b43288c4f5f40efbc2bbf80de7f16 ]
Alexander reported a use of uninitialized memory in __mpol_equal(),
which is caused by incorrect use of preferred_node.
When mempolicy in mode MPOL_PREFERRED with flags MPOL_F_LOCAL, it uses
numa_node_id() instead of preferred_node, however, __mpol_equal() uses
preferred_node without checking whether it is MPOL_F_LOCAL or not.
[akpm@linux-foundation.org: slight comment tweak]
Link: http://lkml.kernel.org/r/4ebee1c2-57f6-bcb8-0e2d-1833d1ee0bb7@huawei.com
Fixes: fc36b8d3d819 ("mempolicy: use MPOL_F_LOCAL to Indicate Preferred Local Policy")
Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
Reported-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Michal Hocko <mhocko@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mempolicy.c | 3 +++
1 file changed, 3 insertions(+)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -2159,6 +2159,9 @@ bool __mpol_equal(struct mempolicy *a, s
case MPOL_INTERLEAVE:
return !!nodes_equal(a->v.nodes, b->v.nodes);
case MPOL_PREFERRED:
+ /* a's ->flags is the same as b's */
+ if (a->flags & MPOL_F_LOCAL)
+ return true;
return a->v.preferred_node == b->v.preferred_node;
default:
BUG();
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 214/329] mm, thp: do not cause memcg oom for thp
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 213/329] mm/mempolicy.c: avoid use uninitialized preferred_node Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 215/329] selftests: ftrace: Add probe event argument syntax testcase Greg Kroah-Hartman
` (108 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Rientjes, Kirill A. Shutemov,
Michal Hocko, Vlastimil Babka, Johannes Weiner, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Rientjes <rientjes@google.com>
[ Upstream commit 9d3c3354bb85bab4d865fe95039443f09a4c8394 ]
Commit 2516035499b9 ("mm, thp: remove __GFP_NORETRY from khugepaged and
madvised allocations") changed the page allocator to no longer detect
thp allocations based on __GFP_NORETRY.
It did not, however, modify the mem cgroup try_charge() path to avoid
oom kill for either khugepaged collapsing or thp faulting. It is never
expected to oom kill a process to allocate a hugepage for thp; reclaim
is governed by the thp defrag mode and MADV_HUGEPAGE, but allocations
(and charging) should fallback instead of oom killing processes.
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1803191409420.124411@chino.kir.corp.google.com
Fixes: 2516035499b9 ("mm, thp: remove __GFP_NORETRY from khugepaged and madvised allocations")
Signed-off-by: David Rientjes <rientjes@google.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/huge_memory.c | 5 +++--
mm/khugepaged.c | 8 ++++++--
2 files changed, 9 insertions(+), 4 deletions(-)
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -542,7 +542,8 @@ static int __do_huge_pmd_anonymous_page(
VM_BUG_ON_PAGE(!PageCompound(page), page);
- if (mem_cgroup_try_charge(page, vma->vm_mm, gfp, &memcg, true)) {
+ if (mem_cgroup_try_charge(page, vma->vm_mm, gfp | __GFP_NORETRY, &memcg,
+ true)) {
put_page(page);
count_vm_event(THP_FAULT_FALLBACK);
return VM_FAULT_FALLBACK;
@@ -1060,7 +1061,7 @@ alloc:
}
if (unlikely(mem_cgroup_try_charge(new_page, vma->vm_mm,
- huge_gfp, &memcg, true))) {
+ huge_gfp | __GFP_NORETRY, &memcg, true))) {
put_page(new_page);
split_huge_pmd(vma, fe->pmd, fe->address);
if (page)
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -963,7 +963,9 @@ static void collapse_huge_page(struct mm
goto out_nolock;
}
- if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
+ /* Do not oom kill for khugepaged charges */
+ if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp | __GFP_NORETRY,
+ &memcg, true))) {
result = SCAN_CGROUP_CHARGE_FAIL;
goto out_nolock;
}
@@ -1323,7 +1325,9 @@ static void collapse_shmem(struct mm_str
goto out;
}
- if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp, &memcg, true))) {
+ /* Do not oom kill for khugepaged charges */
+ if (unlikely(mem_cgroup_try_charge(new_page, mm, gfp | __GFP_NORETRY,
+ &memcg, true))) {
result = SCAN_CGROUP_CHARGE_FAIL;
goto out;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 215/329] selftests: ftrace: Add probe event argument syntax testcase
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 214/329] mm, thp: do not cause memcg oom for thp Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 216/329] selftests: ftrace: Add a testcase for string type with kprobe_event Greg Kroah-Hartman
` (107 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Steven Rostedt (VMware),
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit 871bef2000968c312a4000b2f56d370dcedbc93c ]
Add a testcase for probe event argument syntax which
ensures the kprobe_events interface correctly parses
given event arguments.
Link: http://lkml.kernel.org/r/152129033679.31874.12705519603869152799.stgit@devbox
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++++++++++
1 file changed, 97 insertions(+)
create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc
--- /dev/null
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc
@@ -0,0 +1,97 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0
+# description: Kprobe event argument syntax
+
+[ -f kprobe_events ] || exit_unsupported # this is configurable
+
+grep "x8/16/32/64" README > /dev/null || exit_unsupported # version issue
+
+echo 0 > events/enable
+echo > kprobe_events
+
+PROBEFUNC="vfs_read"
+GOODREG=
+BADREG=
+GOODSYM="_sdata"
+if ! grep -qw ${GOODSYM} /proc/kallsyms ; then
+ GOODSYM=$PROBEFUNC
+fi
+BADSYM="deaqswdefr"
+SYMADDR=0x`grep -w ${GOODSYM} /proc/kallsyms | cut -f 1 -d " "`
+GOODTYPE="x16"
+BADTYPE="y16"
+
+case `uname -m` in
+x86_64|i[3456]86)
+ GOODREG=%ax
+ BADREG=%ex
+;;
+aarch64)
+ GOODREG=%x0
+ BADREG=%ax
+;;
+arm*)
+ GOODREG=%r0
+ BADREG=%ax
+;;
+esac
+
+test_goodarg() # Good-args
+{
+ while [ "$1" ]; do
+ echo "p ${PROBEFUNC} $1" > kprobe_events
+ shift 1
+ done;
+}
+
+test_badarg() # Bad-args
+{
+ while [ "$1" ]; do
+ ! echo "p ${PROBEFUNC} $1" > kprobe_events
+ shift 1
+ done;
+}
+
+echo > kprobe_events
+
+: "Register access"
+test_goodarg ${GOODREG}
+test_badarg ${BADREG}
+
+: "Symbol access"
+test_goodarg "@${GOODSYM}" "@${SYMADDR}" "@${GOODSYM}+10" "@${GOODSYM}-10"
+test_badarg "@" "@${BADSYM}" "@${GOODSYM}*10" "@${GOODSYM}/10" \
+ "@${GOODSYM}%10" "@${GOODSYM}&10" "@${GOODSYM}|10"
+
+: "Stack access"
+test_goodarg "\$stack" "\$stack0" "\$stack1"
+test_badarg "\$stackp" "\$stack0+10" "\$stack1-10"
+
+: "Retval access"
+echo "r ${PROBEFUNC} \$retval" > kprobe_events
+! echo "p ${PROBEFUNC} \$retval" > kprobe_events
+
+: "Comm access"
+test_goodarg "\$comm"
+
+: "Indirect memory access"
+test_goodarg "+0(${GOODREG})" "-0(${GOODREG})" "+10(\$stack)" \
+ "+0(\$stack1)" "+10(@${GOODSYM}-10)" "+0(+10(+20(\$stack)))"
+test_badarg "+(${GOODREG})" "(${GOODREG}+10)" "-(${GOODREG})" "(${GOODREG})" \
+ "+10(\$comm)" "+0(${GOODREG})+10"
+
+: "Name assignment"
+test_goodarg "varname=${GOODREG}"
+test_badarg "varname=varname2=${GOODREG}"
+
+: "Type syntax"
+test_goodarg "${GOODREG}:${GOODTYPE}"
+test_badarg "${GOODREG}::${GOODTYPE}" "${GOODREG}:${BADTYPE}" \
+ "${GOODTYPE}:${GOODREG}"
+
+: "Combination check"
+
+test_goodarg "\$comm:string" "+0(\$stack):string"
+test_badarg "\$comm:x64" "\$stack:string" "${GOODREG}:string"
+
+echo > kprobe_events
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 216/329] selftests: ftrace: Add a testcase for string type with kprobe_event
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 215/329] selftests: ftrace: Add probe event argument syntax testcase Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 217/329] selftests: ftrace: Add a testcase for probepoint Greg Kroah-Hartman
` (106 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Steven Rostedt (VMware),
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit 5fbdbed797b6d12d043a5121fdbc8d8b49d10e80 ]
Add a testcase for string type with kprobe event.
This tests good/bad syntax combinations and also
the traced data is correct in several way.
Link: http://lkml.kernel.org/r/152129038381.31874.9201387794548737554.stgit@devbox
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc | 46 ++++++++++
1 file changed, 46 insertions(+)
create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc
--- /dev/null
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc
@@ -0,0 +1,46 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0
+# description: Kprobe event string type argument
+
+[ -f kprobe_events ] || exit_unsupported # this is configurable
+
+echo 0 > events/enable
+echo > kprobe_events
+
+case `uname -m` in
+x86_64)
+ ARG2=%si
+ OFFS=8
+;;
+i[3456]86)
+ ARG2=%cx
+ OFFS=4
+;;
+aarch64)
+ ARG2=%x1
+ OFFS=8
+;;
+arm*)
+ ARG2=%r1
+ OFFS=4
+;;
+*)
+ echo "Please implement other architecture here"
+ exit_untested
+esac
+
+: "Test get argument (1)"
+echo "p:testprobe create_trace_kprobe arg1=+0(+0(${ARG2})):string" > kprobe_events
+echo 1 > events/kprobes/testprobe/enable
+! echo test >> kprobe_events
+tail -n 1 trace | grep -qe "testprobe.* arg1=\"test\""
+
+echo 0 > events/kprobes/testprobe/enable
+: "Test get argument (2)"
+echo "p:testprobe create_trace_kprobe arg1=+0(+0(${ARG2})):string arg2=+0(+${OFFS}(${ARG2})):string" > kprobe_events
+echo 1 > events/kprobes/testprobe/enable
+! echo test1 test2 >> kprobe_events
+tail -n 1 trace | grep -qe "testprobe.* arg1=\"test1\" arg2=\"test2\""
+
+echo 0 > events/enable
+echo > kprobe_events
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 217/329] selftests: ftrace: Add a testcase for probepoint
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 216/329] selftests: ftrace: Add a testcase for string type with kprobe_event Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 220/329] ARM: 8748/1: mm: Define vdso_start, vdso_end as array Greg Kroah-Hartman
` (105 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Steven Rostedt (VMware),
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit dfa453bc90eca0febff33c8d292a656e53702158 ]
Add a testcase for probe point definition. This tests
symbol, address and symbol+offset syntax. The offset
must be positive and smaller than UINT_MAX.
Link: http://lkml.kernel.org/r/152129043097.31874.14273580606301767394.stgit@devbox
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc | 43 +++++++++++++
1 file changed, 43 insertions(+)
create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc
--- /dev/null
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc
@@ -0,0 +1,43 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0
+# description: Kprobe events - probe points
+
+[ -f kprobe_events ] || exit_unsupported # this is configurable
+
+TARGET_FUNC=create_trace_kprobe
+
+dec_addr() { # hexaddr
+ printf "%d" "0x"`echo $1 | tail -c 8`
+}
+
+set_offs() { # prev target next
+ A1=`dec_addr $1`
+ A2=`dec_addr $2`
+ A3=`dec_addr $3`
+ TARGET="0x$2" # an address
+ PREV=`expr $A1 - $A2` # offset to previous symbol
+ NEXT=+`expr $A3 - $A2` # offset to next symbol
+ OVERFLOW=+`printf "0x%x" ${PREV}` # overflow offset to previous symbol
+}
+
+# We have to decode symbol addresses to get correct offsets.
+# If the offset is not an instruction boundary, it cause -EILSEQ.
+set_offs `grep -A1 -B1 ${TARGET_FUNC} /proc/kallsyms | cut -f 1 -d " " | xargs`
+
+UINT_TEST=no
+# printf "%x" -1 returns (unsigned long)-1.
+if [ `printf "%x" -1 | wc -c` != 9 ]; then
+ UINT_TEST=yes
+fi
+
+echo 0 > events/enable
+echo > kprobe_events
+echo "p:testprobe ${TARGET_FUNC}" > kprobe_events
+echo "p:testprobe ${TARGET}" > kprobe_events
+echo "p:testprobe ${TARGET_FUNC}${NEXT}" > kprobe_events
+! echo "p:testprobe ${TARGET_FUNC}${PREV}" > kprobe_events
+if [ "${UINT_TEST}" = yes ]; then
+! echo "p:testprobe ${TARGET_FUNC}${OVERFLOW}" > kprobe_events
+fi
+echo > kprobe_events
+clear_trace
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 220/329] ARM: 8748/1: mm: Define vdso_start, vdso_end as array
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 217/329] selftests: ftrace: Add a testcase for probepoint Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 221/329] net: qmi_wwan: add BroadMobi BM806U 2020:2033 Greg Kroah-Hartman
` (104 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Jinbum Park, Russell King,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinbum Park <jinb.park7@gmail.com>
[ Upstream commit 73b9160d0dfe44dfdaffd6465dc1224c38a4a73c ]
Define vdso_start, vdso_end as array to avoid compile-time analysis error
for the case of built with CONFIG_FORTIFY_SOURCE.
and, since vdso_start, vdso_end are used in vdso.c only,
move extern-declaration from vdso.h to vdso.c.
If kernel is built with CONFIG_FORTIFY_SOURCE,
compile-time error happens at this code.
- if (memcmp(&vdso_start, "177ELF", 4))
The size of "&vdso_start" is recognized as 1 byte, but n is 4,
So that compile-time error is reported.
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/vdso.h | 2 --
arch/arm/kernel/vdso.c | 12 +++++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
--- a/arch/arm/include/asm/vdso.h
+++ b/arch/arm/include/asm/vdso.h
@@ -11,8 +11,6 @@ struct mm_struct;
void arm_install_vdso(struct mm_struct *mm, unsigned long addr);
-extern char vdso_start, vdso_end;
-
extern unsigned int vdso_total_pages;
#else /* CONFIG_VDSO */
--- a/arch/arm/kernel/vdso.c
+++ b/arch/arm/kernel/vdso.c
@@ -39,6 +39,8 @@
static struct page **vdso_text_pagelist;
+extern char vdso_start[], vdso_end[];
+
/* Total number of pages needed for the data and text portions of the VDSO. */
unsigned int vdso_total_pages __ro_after_init;
@@ -179,13 +181,13 @@ static int __init vdso_init(void)
unsigned int text_pages;
int i;
- if (memcmp(&vdso_start, "\177ELF", 4)) {
+ if (memcmp(vdso_start, "\177ELF", 4)) {
pr_err("VDSO is not a valid ELF object!\n");
return -ENOEXEC;
}
- text_pages = (&vdso_end - &vdso_start) >> PAGE_SHIFT;
- pr_debug("vdso: %i text pages at base %p\n", text_pages, &vdso_start);
+ text_pages = (vdso_end - vdso_start) >> PAGE_SHIFT;
+ pr_debug("vdso: %i text pages at base %p\n", text_pages, vdso_start);
/* Allocate the VDSO text pagelist */
vdso_text_pagelist = kcalloc(text_pages, sizeof(struct page *),
@@ -200,7 +202,7 @@ static int __init vdso_init(void)
for (i = 0; i < text_pages; i++) {
struct page *page;
- page = virt_to_page(&vdso_start + i * PAGE_SIZE);
+ page = virt_to_page(vdso_start + i * PAGE_SIZE);
vdso_text_pagelist[i] = page;
}
@@ -211,7 +213,7 @@ static int __init vdso_init(void)
cntvct_ok = cntvct_functional();
- patch_vdso(&vdso_start);
+ patch_vdso(vdso_start);
return 0;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 221/329] net: qmi_wwan: add BroadMobi BM806U 2020:2033
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 220/329] ARM: 8748/1: mm: Define vdso_start, vdso_end as array Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 222/329] perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs Greg Kroah-Hartman
` (103 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pawel Dembicki, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pawel Dembicki <paweldembicki@gmail.com>
[ Upstream commit 743989254ea9f132517806d8893ca9b6cf9dc86b ]
BroadMobi BM806U is an Qualcomm MDM9225 based 3G/4G modem.
Tested hardware BM806U is mounted on D-Link DWR-921-C3 router.
The USB id is added to qmi_wwan.c to allow QMI communication with
the BM806U.
Tested on 4.14 kernel and OpenWRT.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -889,6 +889,7 @@ static const struct usb_device_id produc
{QMI_FIXED_INTF(0x19d2, 0x2002, 4)}, /* ZTE (Vodafone) K3765-Z */
{QMI_FIXED_INTF(0x2001, 0x7e19, 4)}, /* D-Link DWM-221 B1 */
{QMI_FIXED_INTF(0x2001, 0x7e35, 4)}, /* D-Link DWM-222 */
+ {QMI_FIXED_INTF(0x2020, 0x2033, 4)}, /* BroadMobi BM806U */
{QMI_FIXED_INTF(0x0f3d, 0x68a2, 8)}, /* Sierra Wireless MC7700 */
{QMI_FIXED_INTF(0x114f, 0x68a2, 8)}, /* Sierra Wireless MC7750 */
{QMI_FIXED_INTF(0x1199, 0x68a2, 8)}, /* Sierra Wireless MC7710 in QMI mode */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 222/329] perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 221/329] net: qmi_wwan: add BroadMobi BM806U 2020:2033 Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 223/329] llc: properly handle dev_queue_xmit() return value Greg Kroah-Hartman
` (102 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephane Eranian, Alexander Shishkin,
Arnaldo Carvalho de Melo, Jiri Olsa, Linus Torvalds,
Peter Zijlstra, Thomas Gleixner, Vince Weaver, kan.liang,
Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephane Eranian <eranian@google.com>
[ Upstream commit 71eb9ee9596d8df3d5723c3cfc18774c6235e8b1 ]
this patch fix a bug in how the pebs->real_ip is handled in the PEBS
handler. real_ip only exists in Haswell and later processor. It is
actually the eventing IP, i.e., where the event occurred. As opposed
to the pebs->ip which is the PEBS interrupt IP which is always off
by one.
The problem is that the real_ip just like the IP needs to be fixed up
because PEBS does not record all the machine state registers, and
in particular the code segement (cs). This is why we have the set_linear_ip()
function. The problem was that set_linear_ip() was only used on the pebs->ip
and not the pebs->real_ip.
We have profiles which ran into invalid callstacks because of this.
Here is an example:
..... 0: ffffffffffffff80 recent entry, marker kernel v
..... 1: 000000000040044d <= user address in kernel space!
..... 2: fffffffffffffe00 marker enter user v
..... 3: 000000000040044d
..... 4: 00000000004004b6 oldest entry
Debugging output in get_perf_callchain():
[ 857.769909] CALLCHAIN: CPU8 ip=40044d regs->cs=10 user_mode(regs)=0
The problem is that the kernel entry in 1: points to a user level
address. How can that be?
The reason is that with PEBS sampling the instruction that caused the event
to occur and the instruction where the CPU was when the interrupt was posted
may be far apart. And sometime during that time window, the privilege level may
change. This happens, for instance, when the PEBS sample is taken close to a
kernel entry point. Here PEBS, eventing IP (real_ip) captured a user level
instruction. But by the time the PMU interrupt fired, the processor had already
entered kernel space. This is why the debug output shows a user address with
user_mode() false.
The problem comes from PEBS not recording the code segment (cs) register.
The register is used in x86_64 to determine if executing in kernel vs user
space. This is okay because the kernel has a software workaround called
set_linear_ip(). But the issue in setup_pebs_sample_data() is that
set_linear_ip() is never called on the real_ip value when it is available
(Haswell and later) and precise_ip > 1.
This patch fixes this problem and eliminates the callchain discrepancy.
The patch restructures the code around set_linear_ip() to minimize the number
of times the IP has to be set.
Signed-off-by: Stephane Eranian <eranian@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: kan.liang@intel.com
Link: http://lkml.kernel.org/r/1521788507-10231-1-git-send-email-eranian@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/ds.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -1110,6 +1110,7 @@ static void setup_pebs_sample_data(struc
if (pebs == NULL)
return;
+ regs->flags &= ~PERF_EFLAGS_EXACT;
sample_type = event->attr.sample_type;
dsrc = sample_type & PERF_SAMPLE_DATA_SRC;
@@ -1154,7 +1155,6 @@ static void setup_pebs_sample_data(struc
*/
*regs = *iregs;
regs->flags = pebs->flags;
- set_linear_ip(regs, pebs->ip);
if (sample_type & PERF_SAMPLE_REGS_INTR) {
regs->ax = pebs->ax;
@@ -1190,13 +1190,22 @@ static void setup_pebs_sample_data(struc
#endif
}
- if (event->attr.precise_ip > 1 && x86_pmu.intel_cap.pebs_format >= 2) {
- regs->ip = pebs->real_ip;
- regs->flags |= PERF_EFLAGS_EXACT;
- } else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(regs))
- regs->flags |= PERF_EFLAGS_EXACT;
- else
- regs->flags &= ~PERF_EFLAGS_EXACT;
+ if (event->attr.precise_ip > 1) {
+ /* Haswell and later have the eventing IP, so use it: */
+ if (x86_pmu.intel_cap.pebs_format >= 2) {
+ set_linear_ip(regs, pebs->real_ip);
+ regs->flags |= PERF_EFLAGS_EXACT;
+ } else {
+ /* Otherwise use PEBS off-by-1 IP: */
+ set_linear_ip(regs, pebs->ip);
+
+ /* ... and try to fix it up using the LBR entries: */
+ if (intel_pmu_pebs_fixup_ip(regs))
+ regs->flags |= PERF_EFLAGS_EXACT;
+ }
+ } else
+ set_linear_ip(regs, pebs->ip);
+
if ((sample_type & PERF_SAMPLE_ADDR) &&
x86_pmu.intel_cap.pebs_format >= 1)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 223/329] llc: properly handle dev_queue_xmit() return value
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 222/329] perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 224/329] builddeb: Fix header package regarding dtc source links Greg Kroah-Hartman
` (101 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noam Rathaus, Cong Wang,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit b85ab56c3f81c5a24b5a5213374f549df06430da ]
llc_conn_send_pdu() pushes the skb into write queue and
calls llc_conn_send_pdus() to flush them out. However, the
status of dev_queue_xmit() is not returned to caller,
in this case, llc_conn_state_process().
llc_conn_state_process() needs hold the skb no matter
success or failure, because it still uses it after that,
therefore we should hold skb before dev_queue_xmit() when
that skb is the one being processed by llc_conn_state_process().
For other callers, they can just pass NULL and ignore
the return value as they are.
Reported-by: Noam Rathaus <noamr@beyondsecurity.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/llc_conn.h | 2 +-
net/llc/llc_c_ac.c | 15 +++++++++------
net/llc/llc_conn.c | 32 +++++++++++++++++++++++---------
3 files changed, 33 insertions(+), 16 deletions(-)
--- a/include/net/llc_conn.h
+++ b/include/net/llc_conn.h
@@ -104,7 +104,7 @@ void llc_sk_reset(struct sock *sk);
/* Access to a connection */
int llc_conn_state_process(struct sock *sk, struct sk_buff *skb);
-void llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb);
+int llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb);
void llc_conn_rtn_pdu(struct sock *sk, struct sk_buff *skb);
void llc_conn_resend_i_pdu_as_cmd(struct sock *sk, u8 nr, u8 first_p_bit);
void llc_conn_resend_i_pdu_as_rsp(struct sock *sk, u8 nr, u8 first_f_bit);
--- a/net/llc/llc_c_ac.c
+++ b/net/llc/llc_c_ac.c
@@ -389,7 +389,7 @@ static int llc_conn_ac_send_i_cmd_p_set_
llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);
rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
if (likely(!rc)) {
- llc_conn_send_pdu(sk, skb);
+ rc = llc_conn_send_pdu(sk, skb);
llc_conn_ac_inc_vs_by_1(sk, skb);
}
return rc;
@@ -916,7 +916,7 @@ static int llc_conn_ac_send_i_rsp_f_set_
llc_pdu_init_as_i_cmd(skb, llc->ack_pf, llc->vS, llc->vR);
rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
if (likely(!rc)) {
- llc_conn_send_pdu(sk, skb);
+ rc = llc_conn_send_pdu(sk, skb);
llc_conn_ac_inc_vs_by_1(sk, skb);
}
return rc;
@@ -935,14 +935,17 @@ static int llc_conn_ac_send_i_rsp_f_set_
int llc_conn_ac_send_i_as_ack(struct sock *sk, struct sk_buff *skb)
{
struct llc_sock *llc = llc_sk(sk);
+ int ret;
if (llc->ack_must_be_send) {
- llc_conn_ac_send_i_rsp_f_set_ackpf(sk, skb);
+ ret = llc_conn_ac_send_i_rsp_f_set_ackpf(sk, skb);
llc->ack_must_be_send = 0 ;
llc->ack_pf = 0;
- } else
- llc_conn_ac_send_i_cmd_p_set_0(sk, skb);
- return 0;
+ } else {
+ ret = llc_conn_ac_send_i_cmd_p_set_0(sk, skb);
+ }
+
+ return ret;
}
/**
--- a/net/llc/llc_conn.c
+++ b/net/llc/llc_conn.c
@@ -30,7 +30,7 @@
#endif
static int llc_find_offset(int state, int ev_type);
-static void llc_conn_send_pdus(struct sock *sk);
+static int llc_conn_send_pdus(struct sock *sk, struct sk_buff *skb);
static int llc_conn_service(struct sock *sk, struct sk_buff *skb);
static int llc_exec_conn_trans_actions(struct sock *sk,
struct llc_conn_state_trans *trans,
@@ -193,11 +193,11 @@ out_skb_put:
return rc;
}
-void llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb)
+int llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb)
{
/* queue PDU to send to MAC layer */
skb_queue_tail(&sk->sk_write_queue, skb);
- llc_conn_send_pdus(sk);
+ return llc_conn_send_pdus(sk, skb);
}
/**
@@ -255,7 +255,7 @@ void llc_conn_resend_i_pdu_as_cmd(struct
if (howmany_resend > 0)
llc->vS = (llc->vS + 1) % LLC_2_SEQ_NBR_MODULO;
/* any PDUs to re-send are queued up; start sending to MAC */
- llc_conn_send_pdus(sk);
+ llc_conn_send_pdus(sk, NULL);
out:;
}
@@ -296,7 +296,7 @@ void llc_conn_resend_i_pdu_as_rsp(struct
if (howmany_resend > 0)
llc->vS = (llc->vS + 1) % LLC_2_SEQ_NBR_MODULO;
/* any PDUs to re-send are queued up; start sending to MAC */
- llc_conn_send_pdus(sk);
+ llc_conn_send_pdus(sk, NULL);
out:;
}
@@ -340,12 +340,16 @@ out:
/**
* llc_conn_send_pdus - Sends queued PDUs
* @sk: active connection
+ * @hold_skb: the skb held by caller, or NULL if does not care
*
- * Sends queued pdus to MAC layer for transmission.
+ * Sends queued pdus to MAC layer for transmission. When @hold_skb is
+ * NULL, always return 0. Otherwise, return 0 if @hold_skb is sent
+ * successfully, or 1 for failure.
*/
-static void llc_conn_send_pdus(struct sock *sk)
+static int llc_conn_send_pdus(struct sock *sk, struct sk_buff *hold_skb)
{
struct sk_buff *skb;
+ int ret = 0;
while ((skb = skb_dequeue(&sk->sk_write_queue)) != NULL) {
struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
@@ -357,10 +361,20 @@ static void llc_conn_send_pdus(struct so
skb_queue_tail(&llc_sk(sk)->pdu_unack_q, skb);
if (!skb2)
break;
- skb = skb2;
+ dev_queue_xmit(skb2);
+ } else {
+ bool is_target = skb == hold_skb;
+ int rc;
+
+ if (is_target)
+ skb_get(skb);
+ rc = dev_queue_xmit(skb);
+ if (is_target)
+ ret = rc;
}
- dev_queue_xmit(skb);
}
+
+ return ret;
}
/**
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 224/329] builddeb: Fix header package regarding dtc source links
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 223/329] llc: properly handle dev_queue_xmit() return value Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 225/329] mm/kmemleak.c: wait for scan completion before disabling free Greg Kroah-Hartman
` (100 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kiszka, Riku Voipio,
Masahiro Yamada, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kiszka <jan.kiszka@siemens.com>
[ Upstream commit f8437520704cfd9cc442a99d73ed708a3cdadaf9 ]
Since d5d332d3f7e8, a couple of links in scripts/dtc/include-prefixes
are additionally required in order to build device trees with the header
package.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/package/builddeb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
@@ -325,7 +325,7 @@ fi
# Build kernel header package
(cd $srctree; find . -name Makefile\* -o -name Kconfig\* -o -name \*.pl) > "$objtree/debian/hdrsrcfiles"
-(cd $srctree; find arch/*/include include scripts -type f) >> "$objtree/debian/hdrsrcfiles"
+(cd $srctree; find arch/*/include include scripts -type f -o -type l) >> "$objtree/debian/hdrsrcfiles"
(cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
(cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
if grep -q '^CONFIG_STACK_VALIDATION=y' $KCONFIG_CONFIG ; then
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 225/329] mm/kmemleak.c: wait for scan completion before disabling free
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 224/329] builddeb: Fix header package regarding dtc source links Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 226/329] net: Fix untag for vlan packets without ethernet header Greg Kroah-Hartman
` (99 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinayak Menon, Catalin Marinas,
Andrew Morton, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vinayak Menon <vinmenon@codeaurora.org>
[ Upstream commit 914b6dfff790544d9b77dfd1723adb3745ec9700 ]
A crash is observed when kmemleak_scan accesses the object->pointer,
likely due to the following race.
TASK A TASK B TASK C
kmemleak_write
(with "scan" and
NOT "scan=on")
kmemleak_scan()
create_object
kmem_cache_alloc fails
kmemleak_disable
kmemleak_do_cleanup
kmemleak_free_enabled = 0
kfree
kmemleak_free bails out
(kmemleak_free_enabled is 0)
slub frees object->pointer
update_checksum
crash - object->pointer
freed (DEBUG_PAGEALLOC)
kmemleak_do_cleanup waits for the scan thread to complete, but not for
direct call to kmemleak_scan via kmemleak_write. So add a wait for
kmemleak_scan completion before disabling kmemleak_free, and while at it
fix the comment on stop_scan_thread.
[vinmenon@codeaurora.org: fix stop_scan_thread comment]
Link: http://lkml.kernel.org/r/1522219972-22809-1-git-send-email-vinmenon@codeaurora.org
Link: http://lkml.kernel.org/r/1522063429-18992-1-git-send-email-vinmenon@codeaurora.org
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/kmemleak.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -1577,8 +1577,7 @@ static void start_scan_thread(void)
}
/*
- * Stop the automatic memory scanning thread. This function must be called
- * with the scan_mutex held.
+ * Stop the automatic memory scanning thread.
*/
static void stop_scan_thread(void)
{
@@ -1841,12 +1840,15 @@ static void kmemleak_do_cleanup(struct w
{
stop_scan_thread();
+ mutex_lock(&scan_mutex);
/*
- * Once the scan thread has stopped, it is safe to no longer track
- * object freeing. Ordering of the scan thread stopping and the memory
- * accesses below is guaranteed by the kthread_stop() function.
+ * Once it is made sure that kmemleak_scan has stopped, it is safe to no
+ * longer track object freeing. Ordering of the scan thread stopping and
+ * the memory accesses below is guaranteed by the kthread_stop()
+ * function.
*/
kmemleak_free_enabled = 0;
+ mutex_unlock(&scan_mutex);
if (!kmemleak_found_leaks)
__kmemleak_do_cleanup();
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 226/329] net: Fix untag for vlan packets without ethernet header
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 225/329] mm/kmemleak.c: wait for scan completion before disabling free Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 227/329] net: mvneta: fix enable of all initialized RXQs Greg Kroah-Hartman
` (98 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Toshiaki Makita,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
[ Upstream commit ae4745730cf8e693d354ccd4dbaf59ea440c09a9 ]
In some situation vlan packets do not have ethernet headers. One example
is packets from tun devices. Users can specify vlan protocol in tun_pi
field instead of IP protocol, and skb_vlan_untag() attempts to untag such
packets.
skb_vlan_untag() (more precisely, skb_reorder_vlan_header() called by it)
however did not expect packets without ethernet headers, so in such a case
size argument for memmove() underflowed and triggered crash.
====
BUG: unable to handle kernel paging request at ffff8801cccb8000
IP: __memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43
PGD 9cee067 P4D 9cee067 PUD 1d9401063 PMD 1cccb7063 PTE 2810100028101
Oops: 000b [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 17663 Comm: syz-executor2 Not tainted 4.16.0-rc7+ #368
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43
RSP: 0018:ffff8801cc046e28 EFLAGS: 00010287
RAX: ffff8801ccc244c4 RBX: fffffffffffffffe RCX: fffffffffff6c4c2
RDX: fffffffffffffffe RSI: ffff8801cccb7ffc RDI: ffff8801cccb8000
RBP: ffff8801cc046e48 R08: ffff8801ccc244be R09: ffffed0039984899
R10: 0000000000000001 R11: ffffed0039984898 R12: ffff8801ccc244c4
R13: ffff8801ccc244c0 R14: ffff8801d96b7c06 R15: ffff8801d96b7b40
FS: 00007febd562d700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801cccb8000 CR3: 00000001ccb2f006 CR4: 00000000001606e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
memmove include/linux/string.h:360 [inline]
skb_reorder_vlan_header net/core/skbuff.c:5031 [inline]
skb_vlan_untag+0x470/0xc40 net/core/skbuff.c:5061
__netif_receive_skb_core+0x119c/0x3460 net/core/dev.c:4460
__netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4627
netif_receive_skb_internal+0x10b/0x670 net/core/dev.c:4701
netif_receive_skb+0xae/0x390 net/core/dev.c:4725
tun_rx_batched.isra.50+0x5ee/0x870 drivers/net/tun.c:1555
tun_get_user+0x299e/0x3c20 drivers/net/tun.c:1962
tun_chr_write_iter+0xb9/0x160 drivers/net/tun.c:1990
call_write_iter include/linux/fs.h:1782 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x684/0x970 fs/read_write.c:482
vfs_write+0x189/0x510 fs/read_write.c:544
SYSC_write fs/read_write.c:589 [inline]
SyS_write+0xef/0x220 fs/read_write.c:581
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x454879
RSP: 002b:00007febd562cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007febd562d6d4 RCX: 0000000000454879
RDX: 0000000000000157 RSI: 0000000020000180 RDI: 0000000000000014
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000006b0 R14: 00000000006fc120 R15: 0000000000000000
Code: 90 90 90 90 90 90 90 48 89 f8 48 83 fa 20 0f 82 03 01 00 00 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f 9f 00 00 00 48 89 d1 <f3> a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20
RIP: __memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43 RSP: ffff8801cc046e28
CR2: ffff8801cccb8000
====
We don't need to copy headers for packets which do not have preceding
headers of vlan headers, so skip memmove() in that case.
Fixes: 4bbb3e0e8239 ("net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/skbuff.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4483,8 +4483,10 @@ static struct sk_buff *skb_reorder_vlan_
}
mac_len = skb->data - skb_mac_header(skb);
- memmove(skb_mac_header(skb) + VLAN_HLEN, skb_mac_header(skb),
- mac_len - VLAN_HLEN - ETH_TLEN);
+ if (likely(mac_len > VLAN_HLEN + ETH_TLEN)) {
+ memmove(skb_mac_header(skb) + VLAN_HLEN, skb_mac_header(skb),
+ mac_len - VLAN_HLEN - ETH_TLEN);
+ }
skb->mac_header += VLAN_HLEN;
return skb;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 227/329] net: mvneta: fix enable of all initialized RXQs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 226/329] net: Fix untag for vlan packets without ethernet header Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 228/329] sh: fix debug trap failure to process signals before return to user Greg Kroah-Hartman
` (97 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yelena Krivosheev, Thomas Petazzoni,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yelena Krivosheev <yelena@marvell.com>
[ Upstream commit e81b5e01c14add8395dfba7130f8829206bb507d ]
In mvneta_port_up() we enable relevant RX and TX port queues by write
queues bit map to an appropriate register.
q_map must be ZERO in the beginning of this process.
Signed-off-by: Yelena Krivosheev <yelena@marvell.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/marvell/mvneta.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -1080,6 +1080,7 @@ static void mvneta_port_up(struct mvneta
}
mvreg_write(pp, MVNETA_TXQ_CMD, q_map);
+ q_map = 0;
/* Enable all initialized RXQs. */
for (queue = 0; queue < rxq_number; queue++) {
struct mvneta_rx_queue *rxq = &pp->rxqs[queue];
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 228/329] sh: fix debug trap failure to process signals before return to user
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 227/329] net: mvneta: fix enable of all initialized RXQs Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 230/329] x86/pgtable: Dont set huge PUD/PMD on non-leaf entries Greg Kroah-Hartman
` (96 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rich Felker, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rich Felker <dalias@libc.org>
[ Upstream commit 96a598996f6ac518ac79839ecbb17c91af91f4f7 ]
When responding to a debug trap (breakpoint) in userspace, the
kernel's trap handler raised SIGTRAP but returned from the trap via a
code path that ignored pending signals, resulting in an infinite loop
re-executing the trapping instruction.
Signed-off-by: Rich Felker <dalias@libc.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/sh/kernel/entry-common.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/sh/kernel/entry-common.S
+++ b/arch/sh/kernel/entry-common.S
@@ -255,7 +255,7 @@ debug_trap:
mov.l @r8, r8
jsr @r8
nop
- bra __restore_all
+ bra ret_from_exception
nop
CFI_ENDPROC
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 230/329] x86/pgtable: Dont set huge PUD/PMD on non-leaf entries
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 228/329] sh: fix debug trap failure to process signals before return to user Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 231/329] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init Greg Kroah-Hartman
` (95 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David H. Gutteridge, Joerg Roedel,
Thomas Gleixner, Andrea Arcangeli, Andy Lutomirski,
Boris Ostrovsky, Borislav Petkov, Brian Gerst, Dave Hansen,
David Laight, Denys Vlasenko, Eduardo Valentin, Jiri Kosina,
Josh Poimboeuf, Juergen Gross, Linus Torvalds, Pavel Machek,
Peter Zijlstra, Waiman Long, Will Deacon, aliguori, daniel.gruss,
hughd, keescook, linux-mm, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joerg Roedel <joro@8bytes.org>
[ Upstream commit e3e288121408c3abeed5af60b87b95c847143845 ]
The pmd_set_huge() and pud_set_huge() functions are used from
the generic ioremap() code to establish large mappings where this
is possible.
But the generic ioremap() code does not check whether the
PMD/PUD entries are already populated with a non-leaf entry,
so that any page-table pages these entries point to will be
lost.
Further, on x86-32 with SHARED_KERNEL_PMD=0, this causes a
BUG_ON() in vmalloc_sync_one() when PMD entries are synced
from swapper_pg_dir to the current page-table. This happens
because the PMD entry from swapper_pg_dir was promoted to a
huge-page entry while the current PGD still contains the
non-leaf entry. Because both entries are present and point
to a different page, the BUG_ON() triggers.
This was actually triggered with pti-x32 enabled in a KVM
virtual machine by the graphics driver.
A real and better fix for that would be to improve the
page-table handling in the generic ioremap() code. But that is
out-of-scope for this patch-set and left for later work.
Reported-by: David H. Gutteridge <dhgutteridge@sympatico.ca>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Waiman Long <llong@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20180411152437.GC15462@8bytes.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/pgtable.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -1,5 +1,6 @@
#include <linux/mm.h>
#include <linux/gfp.h>
+#include <linux/hugetlb.h>
#include <asm/pgalloc.h>
#include <asm/pgtable.h>
#include <asm/tlb.h>
@@ -577,6 +578,10 @@ int pud_set_huge(pud_t *pud, phys_addr_t
(mtrr != MTRR_TYPE_WRBACK))
return 0;
+ /* Bail out if we are we on a populated non-leaf entry: */
+ if (pud_present(*pud) && !pud_huge(*pud))
+ return 0;
+
prot = pgprot_4k_2_large(prot);
set_pte((pte_t *)pud, pfn_pte(
@@ -605,6 +610,10 @@ int pmd_set_huge(pmd_t *pmd, phys_addr_t
return 0;
}
+ /* Bail out if we are we on a populated non-leaf entry: */
+ if (pmd_present(*pmd) && !pmd_huge(*pmd))
+ return 0;
+
prot = pgprot_4k_2_large(prot);
set_pte((pte_t *)pmd, pfn_pte(
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 231/329] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 230/329] x86/pgtable: Dont set huge PUD/PMD on non-leaf entries Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 232/329] fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Greg Kroah-Hartman
` (94 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Hansen, Kees Cook,
Andrea Arcangeli, Andy Lutomirski, Arjan van de Ven,
Borislav Petkov, Dan Williams, David Woodhouse, Hugh Dickins,
Josh Poimboeuf, Juergen Gross, Linus Torvalds, Nadav Amit,
Peter Zijlstra, Thomas Gleixner, linux-mm, Ingo Molnar,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Hansen <dave.hansen@linux.intel.com>
[ Upstream commit 639d6aafe437a7464399d2a77d006049053df06f ]
__ro_after_init data gets stuck in the .rodata section. That's normally
fine because the kernel itself manages the R/W properties.
But, if we run __change_page_attr() on an area which is __ro_after_init,
the .rodata checks will trigger and force the area to be immediately
read-only, even if it is early-ish in boot. This caused problems when
trying to clear the _PAGE_GLOBAL bit for these area in the PTI code:
it cleared _PAGE_GLOBAL like I asked, but also took it up on itself
to clear _PAGE_RW. The kernel then oopses the next time it wrote to
a __ro_after_init data structure.
To fix this, add the kernel_set_to_readonly check, just like we have
for kernel text, just a few lines below in this function.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Nadav Amit <namit@vmware.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20180406205514.8D898241@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/pageattr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -279,9 +279,11 @@ static inline pgprot_t static_protection
/*
* The .rodata section needs to be read-only. Using the pfn
- * catches all aliases.
+ * catches all aliases. This also includes __ro_after_init,
+ * so do not enforce until kernel_set_to_readonly is true.
*/
- if (within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT,
+ if (kernel_set_to_readonly &&
+ within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT,
__pa_symbol(__end_rodata) >> PAGE_SHIFT))
pgprot_val(forbidden) |= _PAGE_RW;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 232/329] fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 231/329] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 233/329] swap: divide-by-zero when zero length swap file on ssd Greg Kroah-Hartman
` (93 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Danilo Krummrich, Kees Cook,
Andrew Morton, Luis R . Rodriguez, Eric W. Biederman,
Alexey Dobriyan, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Danilo Krummrich <danilokrummrich@dk-develop.de>
[ Upstream commit a0b0d1c345d0317efe594df268feb5ccc99f651e ]
proc_sys_link_fill_cache() does not take currently unregistering sysctl
tables into account, which might result into a page fault in
sysctl_follow_link() - add a check to fix it.
This bug has been present since v3.4.
Link: http://lkml.kernel.org/r/20180228013506.4915-1-danilokrummrich@dk-develop.de
Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets")
Signed-off-by: Danilo Krummrich <danilokrummrich@dk-develop.de>
Acked-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: "Luis R . Rodriguez" <mcgrof@kernel.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/proc_sysctl.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -660,7 +660,10 @@ static bool proc_sys_link_fill_cache(str
struct ctl_table *table)
{
bool ret = true;
+
head = sysctl_head_grab(head);
+ if (IS_ERR(head))
+ return false;
if (S_ISLNK(table->mode)) {
/* It is not an error if we can not follow the link ignore it */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 233/329] swap: divide-by-zero when zero length swap file on ssd
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 232/329] fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 234/329] sr: get/drop reference to device in revalidate and check_events Greg Kroah-Hartman
` (92 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Abraham, Mark.Landis,
Andrew Morton, Randy Dunlap, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom Abraham <tabraham@suse.com>
[ Upstream commit a06ad633a37c64a0cd4c229fc605cee8725d376e ]
Calling swapon() on a zero length swap file on SSD can lead to a
divide-by-zero.
Although creating such files isn't possible with mkswap and they woud be
considered invalid, it would be better for the swapon code to be more
robust and handle this condition gracefully (return -EINVAL).
Especially since the fix is small and straightforward.
To help with wear leveling on SSD, the swapon syscall calculates a
random position in the swap file using modulo p->highest_bit, which is
set to maxpages - 1 in read_swap_header.
If the swap file is zero length, read_swap_header sets maxpages=1 and
last_page=0, resulting in p->highest_bit=0 and we divide-by-zero when we
modulo p->highest_bit in swapon syscall.
This can be prevented by having read_swap_header return zero if
last_page is zero.
Link: http://lkml.kernel.org/r/5AC747C1020000A7001FA82C@prv-mh.provo.novell.com
Signed-off-by: Thomas Abraham <tabraham@suse.com>
Reported-by: <Mark.Landis@Teradata.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/swapfile.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -2271,6 +2271,10 @@ static unsigned long read_swap_header(st
maxpages = swp_offset(pte_to_swp_entry(
swp_entry_to_pte(swp_entry(0, ~0UL)))) + 1;
last_page = swap_header->info.last_page;
+ if (!last_page) {
+ pr_warn("Empty swap-file\n");
+ return 0;
+ }
if (last_page > maxpages) {
pr_warn("Truncating oversized swap area, only using %luk out of %luk\n",
maxpages << (PAGE_SHIFT - 10),
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 234/329] sr: get/drop reference to device in revalidate and check_events
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 233/329] swap: divide-by-zero when zero length swap file on ssd Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 235/329] Force log to disk before reading the AGF during a fstrim Greg Kroah-Hartman
` (91 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lee Duncan, Jan Kara, Jens Axboe,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit 2d097c50212e137e7b53ffe3b37561153eeba87d ]
We can't just use scsi_cd() to get the scsi_cd structure, we have
to grab a live reference to the device. For both callbacks, we're
not inside an open where we already hold a reference to the device.
This fixes device removal/addition under concurrent device access,
which otherwise could result in the below oops.
NULL pointer dereference at 0000000000000010
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in:
sr 12:0:0:0: [sr2] scsi-1 drive
scsi_debug crc_t10dif crct10dif_generic crct10dif_common nvme nvme_core sb_edac xl
sr 12:0:0:0: Attached scsi CD-ROM sr2
sr_mod cdrom btrfs xor zstd_decompress zstd_compress xxhash lzo_compress zlib_defc
sr 12:0:0:0: Attached scsi generic sg7 type 5
igb ahci libahci i2c_algo_bit libata dca [last unloaded: crc_t10dif]
CPU: 43 PID: 4629 Comm: systemd-udevd Not tainted 4.16.0+ #650
Hardware name: Dell Inc. PowerEdge T630/0NT78X, BIOS 2.3.4 11/09/2016
RIP: 0010:sr_block_revalidate_disk+0x23/0x190 [sr_mod]
RSP: 0018:ffff883ff357bb58 EFLAGS: 00010292
RAX: ffffffffa00b07d0 RBX: ffff883ff3058000 RCX: ffff883ff357bb66
RDX: 0000000000000003 RSI: 0000000000007530 RDI: ffff881fea631000
RBP: 0000000000000000 R08: ffff881fe4d38400 R09: 0000000000000000
R10: 0000000000000000 R11: 00000000000001b6 R12: 000000000800005d
R13: 000000000800005d R14: ffff883ffd9b3790 R15: 0000000000000000
FS: 00007f7dc8e6d8c0(0000) GS:ffff883fff340000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000003ffda98005 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
? __invalidate_device+0x48/0x60
check_disk_change+0x4c/0x60
sr_block_open+0x16/0xd0 [sr_mod]
__blkdev_get+0xb9/0x450
? iget5_locked+0x1c0/0x1e0
blkdev_get+0x11e/0x320
? bdget+0x11d/0x150
? _raw_spin_unlock+0xa/0x20
? bd_acquire+0xc0/0xc0
do_dentry_open+0x1b0/0x320
? inode_permission+0x24/0xc0
path_openat+0x4e6/0x1420
? cpumask_any_but+0x1f/0x40
? flush_tlb_mm_range+0xa0/0x120
do_filp_open+0x8c/0xf0
? __seccomp_filter+0x28/0x230
? _raw_spin_unlock+0xa/0x20
? __handle_mm_fault+0x7d6/0x9b0
? list_lru_add+0xa8/0xc0
? _raw_spin_unlock+0xa/0x20
? __alloc_fd+0xaf/0x160
? do_sys_open+0x1a6/0x230
do_sys_open+0x1a6/0x230
do_syscall_64+0x5a/0x100
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Reviewed-by: Lee Duncan <lduncan@suse.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sr.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -582,18 +582,28 @@ out:
static unsigned int sr_block_check_events(struct gendisk *disk,
unsigned int clearing)
{
- struct scsi_cd *cd = scsi_cd(disk);
+ unsigned int ret = 0;
+ struct scsi_cd *cd;
- if (atomic_read(&cd->device->disk_events_disable_depth))
+ cd = scsi_cd_get(disk);
+ if (!cd)
return 0;
- return cdrom_check_events(&cd->cdi, clearing);
+ if (!atomic_read(&cd->device->disk_events_disable_depth))
+ ret = cdrom_check_events(&cd->cdi, clearing);
+
+ scsi_cd_put(cd);
+ return ret;
}
static int sr_block_revalidate_disk(struct gendisk *disk)
{
- struct scsi_cd *cd = scsi_cd(disk);
struct scsi_sense_hdr sshdr;
+ struct scsi_cd *cd;
+
+ cd = scsi_cd_get(disk);
+ if (!cd)
+ return -ENXIO;
/* if the unit is not ready, nothing more to do */
if (scsi_test_unit_ready(cd->device, SR_TIMEOUT, MAX_RETRIES, &sshdr))
@@ -602,6 +612,7 @@ static int sr_block_revalidate_disk(stru
sr_cd_check(&cd->cdi);
get_sectorsize(cd);
out:
+ scsi_cd_put(cd);
return 0;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 235/329] Force log to disk before reading the AGF during a fstrim
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 234/329] sr: get/drop reference to device in revalidate and check_events Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 236/329] cpufreq: CPPC: Initialize shared perf capabilities of CPUs Greg Kroah-Hartman
` (90 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Carlos Maiolino, Darrick J. Wong,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carlos Maiolino <cmaiolino@redhat.com>
[ Upstream commit 8c81dd46ef3c416b3b95e3020fb90dbd44e6140b ]
Forcing the log to disk after reading the agf is wrong, we might be
calling xfs_log_force with XFS_LOG_SYNC with a metadata lock held.
This can cause a deadlock when racing a fstrim with a filesystem
shutdown.
The deadlock has been identified due a miscalculation bug in device-mapper
dm-thin, which returns lack of space to its users earlier than the device itself
really runs out of space, changing the device-mapper volume into an error state.
The problem happened while filling the filesystem with a single file,
triggering the bug in device-mapper, consequently causing an IO error
and shutting down the filesystem.
If such file is removed, and fstrim executed before the XFS finishes the
shut down process, the fstrim process will end up holding the buffer
lock, and going to sleep on the cil wait queue.
At this point, the shut down process will try to wake up all the threads
waiting on the cil wait queue, but for this, it will try to hold the
same buffer log already held my the fstrim, locking up the filesystem.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_discard.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/fs/xfs/xfs_discard.c
+++ b/fs/xfs/xfs_discard.c
@@ -50,19 +50,19 @@ xfs_trim_extents(
pag = xfs_perag_get(mp, agno);
- error = xfs_alloc_read_agf(mp, NULL, agno, 0, &agbp);
- if (error || !agbp)
- goto out_put_perag;
-
- cur = xfs_allocbt_init_cursor(mp, NULL, agbp, agno, XFS_BTNUM_CNT);
-
/*
* Force out the log. This means any transactions that might have freed
- * space before we took the AGF buffer lock are now on disk, and the
+ * space before we take the AGF buffer lock are now on disk, and the
* volatile disk cache is flushed.
*/
xfs_log_force(mp, XFS_LOG_SYNC);
+ error = xfs_alloc_read_agf(mp, NULL, agno, 0, &agbp);
+ if (error || !agbp)
+ goto out_put_perag;
+
+ cur = xfs_allocbt_init_cursor(mp, NULL, agbp, agno, XFS_BTNUM_CNT);
+
/*
* Look up the longest btree in the AGF and start with it.
*/
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 236/329] cpufreq: CPPC: Initialize shared perf capabilities of CPUs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 235/329] Force log to disk before reading the AGF during a fstrim Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 237/329] dp83640: Ensure against premature access to PHY registers after reset Greg Kroah-Hartman
` (89 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Viresh Kumar, Shunyong Yang,
Rafael J. Wysocki, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shunyong Yang <shunyong.yang@hxt-semitech.com>
[ Upstream commit 8913315e9459b146e5888ab5138e10daa061b885 ]
When multiple CPUs are related in one cpufreq policy, the first online
CPU will be chosen by default to handle cpufreq operations. Let's take
cpu0 and cpu1 as an example.
When cpu0 is offline, policy->cpu will be shifted to cpu1. cpu1's perf
capabilities should be initialized. Otherwise, perf capabilities are 0s
and speed change can not take effect.
This patch copies perf capabilities of the first online CPU to other
shared CPUs when policy shared type is CPUFREQ_SHARED_TYPE_ANY.
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Shunyong Yang <shunyong.yang@hxt-semitech.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cppc_cpufreq.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -151,9 +151,19 @@ static int cppc_cpufreq_cpu_init(struct
policy->cpuinfo.transition_latency = cppc_get_transition_latency(cpu_num);
policy->shared_type = cpu->shared_type;
- if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY)
+ if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) {
+ int i;
+
cpumask_copy(policy->cpus, cpu->shared_cpu_map);
- else if (policy->shared_type == CPUFREQ_SHARED_TYPE_ALL) {
+
+ for_each_cpu(i, policy->cpus) {
+ if (unlikely(i == policy->cpu))
+ continue;
+
+ memcpy(&all_cpu_data[i]->perf_caps, &cpu->perf_caps,
+ sizeof(cpu->perf_caps));
+ }
+ } else if (policy->shared_type == CPUFREQ_SHARED_TYPE_ALL) {
/* Support only SW_ANY for now. */
pr_debug("Unsupported CPU co-ord type\n");
return -EFAULT;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 237/329] dp83640: Ensure against premature access to PHY registers after reset
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 236/329] cpufreq: CPPC: Initialize shared perf capabilities of CPUs Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 238/329] mm/ksm: fix interaction with THP Greg Kroah-Hartman
` (88 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Esben Haabendal, Andrew Lunn,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Esben Haabendal <eha@deif.com>
[ Upstream commit 76327a35caabd1a932e83d6a42b967aa08584e5d ]
The datasheet specifies a 3uS pause after performing a software
reset. The default implementation of genphy_soft_reset() does not
provide this, so implement soft_reset with the needed pause.
Signed-off-by: Esben Haabendal <eha@deif.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/dp83640.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/drivers/net/phy/dp83640.c
+++ b/drivers/net/phy/dp83640.c
@@ -1205,6 +1205,23 @@ static void dp83640_remove(struct phy_de
kfree(dp83640);
}
+static int dp83640_soft_reset(struct phy_device *phydev)
+{
+ int ret;
+
+ ret = genphy_soft_reset(phydev);
+ if (ret < 0)
+ return ret;
+
+ /* From DP83640 datasheet: "Software driver code must wait 3 us
+ * following a software reset before allowing further serial MII
+ * operations with the DP83640."
+ */
+ udelay(10); /* Taking udelay inaccuracy into account */
+
+ return 0;
+}
+
static int dp83640_config_init(struct phy_device *phydev)
{
struct dp83640_private *dp83640 = phydev->priv;
@@ -1498,6 +1515,7 @@ static struct phy_driver dp83640_driver
.flags = PHY_HAS_INTERRUPT,
.probe = dp83640_probe,
.remove = dp83640_remove,
+ .soft_reset = dp83640_soft_reset,
.config_init = dp83640_config_init,
.config_aneg = genphy_config_aneg,
.read_status = genphy_read_status,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 238/329] mm/ksm: fix interaction with THP
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 237/329] dp83640: Ensure against premature access to PHY registers after reset Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 239/329] mm: fix races between address_space dereference and free in page_evicatable Greg Kroah-Hartman
` (87 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudio Imbrenda, Andrew Morton,
Andrea Arcangeli, Minchan Kim, Kirill A. Shutemov, Hugh Dickins,
Christian Borntraeger, Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
[ Upstream commit 77da2ba0648a4fd52e5ff97b8b2b8dd312aec4b0 ]
This patch fixes a corner case for KSM. When two pages belong or
belonged to the same transparent hugepage, and they should be merged,
KSM fails to split the page, and therefore no merging happens.
This bug can be reproduced by:
* making sure ksm is running (in case disabling ksmtuned)
* enabling transparent hugepages
* allocating a THP-aligned 1-THP-sized buffer
e.g. on amd64: posix_memalign(&p, 1<<21, 1<<21)
* filling it with the same values
e.g. memset(p, 42, 1<<21)
* performing madvise to make it mergeable
e.g. madvise(p, 1<<21, MADV_MERGEABLE)
* waiting for KSM to perform a few scans
The expected outcome is that the all the pages get merged (1 shared and
the rest sharing); the actual outcome is that no pages get merged (1
unshared and the rest volatile)
The reason of this behaviour is that we increase the reference count
once for both pages we want to merge, but if they belong to the same
hugepage (or compound page), the reference counter used in both cases is
the one of the head of the compound page. This means that
split_huge_page will find a value of the reference counter too high and
will fail.
This patch solves this problem by testing if the two pages to merge
belong to the same hugepage when attempting to merge them. If so, the
hugepage is split safely. This means that the hugepage is not split if
not necessary.
Link: http://lkml.kernel.org/r/1521548069-24758-1-git-send-email-imbrenda@linux.vnet.ibm.com
Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Co-authored-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/ksm.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1469,8 +1469,22 @@ static void cmp_and_merge_page(struct pa
tree_rmap_item =
unstable_tree_search_insert(rmap_item, page, &tree_page);
if (tree_rmap_item) {
+ bool split;
+
kpage = try_to_merge_two_pages(rmap_item, page,
tree_rmap_item, tree_page);
+ /*
+ * If both pages we tried to merge belong to the same compound
+ * page, then we actually ended up increasing the reference
+ * count of the same compound page twice, and split_huge_page
+ * failed.
+ * Here we set a flag if that happened, and we use it later to
+ * try split_huge_page again. Since we call put_page right
+ * afterwards, the reference count will be correct and
+ * split_huge_page should succeed.
+ */
+ split = PageTransCompound(page)
+ && compound_head(page) == compound_head(tree_page);
put_page(tree_page);
if (kpage) {
/*
@@ -1495,6 +1509,20 @@ static void cmp_and_merge_page(struct pa
break_cow(tree_rmap_item);
break_cow(rmap_item);
}
+ } else if (split) {
+ /*
+ * We are here if we tried to merge two pages and
+ * failed because they both belonged to the same
+ * compound page. We will split the page now, but no
+ * merging will take place.
+ * We do not want to add the cost of a full lock; if
+ * the page is locked, it is better to skip it and
+ * perhaps try again later.
+ */
+ if (!trylock_page(page))
+ return;
+ split_huge_page(page);
+ unlock_page(page);
}
}
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 239/329] mm: fix races between address_space dereference and free in page_evicatable
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 238/329] mm/ksm: fix interaction with THP Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 240/329] Btrfs: bail out on error during replay_dir_deletes Greg Kroah-Hartman
` (86 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huang, Ying, Jan Kara, Andrew Morton,
Mel Gorman, Minchan Kim, Johannes Weiner, Michal Hocko,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huang Ying <ying.huang@intel.com>
[ Upstream commit e92bb4dd9673945179b1fc738c9817dd91bfb629 ]
When page_mapping() is called and the mapping is dereferenced in
page_evicatable() through shrink_active_list(), it is possible for the
inode to be truncated and the embedded address space to be freed at the
same time. This may lead to the following race.
CPU1 CPU2
truncate(inode) shrink_active_list()
... page_evictable(page)
truncate_inode_page(mapping, page);
delete_from_page_cache(page)
spin_lock_irqsave(&mapping->tree_lock, flags);
__delete_from_page_cache(page, NULL)
page_cache_tree_delete(..)
... mapping = page_mapping(page);
page->mapping = NULL;
...
spin_unlock_irqrestore(&mapping->tree_lock, flags);
page_cache_free_page(mapping, page)
put_page(page)
if (put_page_testzero(page)) -> false
- inode now has no pages and can be freed including embedded address_space
mapping_unevictable(mapping)
test_bit(AS_UNEVICTABLE, &mapping->flags);
- we've dereferenced mapping which is potentially already free.
Similar race exists between swap cache freeing and page_evicatable()
too.
The address_space in inode and swap cache will be freed after a RCU
grace period. So the races are fixed via enclosing the page_mapping()
and address_space usage in rcu_read_lock/unlock(). Some comments are
added in code to make it clear what is protected by the RCU read lock.
Link: http://lkml.kernel.org/r/20180212081227.1940-1-ying.huang@intel.com
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Minchan Kim <minchan@kernel.org>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/vmscan.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -3857,7 +3857,13 @@ int node_reclaim(struct pglist_data *pgd
*/
int page_evictable(struct page *page)
{
- return !mapping_unevictable(page_mapping(page)) && !PageMlocked(page);
+ int ret;
+
+ /* Prevent address_space of inode and swap cache from being freed */
+ rcu_read_lock();
+ ret = !mapping_unevictable(page_mapping(page)) && !PageMlocked(page);
+ rcu_read_unlock();
+ return ret;
}
#ifdef CONFIG_SHMEM
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 240/329] Btrfs: bail out on error during replay_dir_deletes
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 239/329] mm: fix races between address_space dereference and free in page_evicatable Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 241/329] Btrfs: fix NULL pointer dereference in log_dir_items Greg Kroah-Hartman
` (85 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Liu Bo,
David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Bo <bo.liu@linux.alibaba.com>
[ Upstream commit b98def7ca6e152ee55e36863dddf6f41f12d1dc6 ]
If errors were returned by btrfs_next_leaf(), replay_dir_deletes needs
to bail out, otherwise @ret would be forced to be 0 after 'break;' and
the caller won't be aware of it.
Fixes: e02119d5a7b4 ("Btrfs: Add a write ahead tree log to optimize synchronous operations")
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -2241,8 +2241,10 @@ again:
nritems = btrfs_header_nritems(path->nodes[0]);
if (path->slots[0] >= nritems) {
ret = btrfs_next_leaf(root, path);
- if (ret)
+ if (ret == 1)
break;
+ else if (ret < 0)
+ goto out;
}
btrfs_item_key_to_cpu(path->nodes[0], &found_key,
path->slots[0]);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 241/329] Btrfs: fix NULL pointer dereference in log_dir_items
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 240/329] Btrfs: bail out on error during replay_dir_deletes Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 242/329] btrfs: Fix possible softlock on single core machines Greg Kroah-Hartman
` (84 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Liu Bo,
David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Bo <bo.liu@linux.alibaba.com>
[ Upstream commit 80c0b4210a963e31529e15bf90519708ec947596 ]
0, 1 and <0 can be returned by btrfs_next_leaf(), and when <0 is
returned, path->nodes[0] could be NULL, log_dir_items lacks such a
check for <0 and we may run into a null pointer dereference panic.
Fixes: e02119d5a7b4 ("Btrfs: Add a write ahead tree log to optimize synchronous operations")
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3399,8 +3399,11 @@ static noinline int log_dir_items(struct
* from this directory and from this transaction
*/
ret = btrfs_next_leaf(root, path);
- if (ret == 1) {
- last_offset = (u64)-1;
+ if (ret) {
+ if (ret == 1)
+ last_offset = (u64)-1;
+ else
+ err = ret;
goto done;
}
btrfs_item_key_to_cpu(path->nodes[0], &tmp, path->slots[0]);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 242/329] btrfs: Fix possible softlock on single core machines
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (224 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 241/329] Btrfs: fix NULL pointer dereference in log_dir_items Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 243/329] ocfs2/dlm: dont handle migrate lockres if already in shutdown Greg Kroah-Hartman
` (83 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikolay Borisov <nborisov@suse.com>
[ Upstream commit 1e1c50a929bc9e49bc3f9935b92450d9e69f8158 ]
do_chunk_alloc implements a loop checking whether there is a pending
chunk allocation and if so causes the caller do loop. Generally this
loop is executed only once, however testing with btrfs/072 on a single
core vm machines uncovered an extreme case where the system could loop
indefinitely. This is due to a missing cond_resched when loop which
doesn't give a chance to the previous chunk allocator finish its job.
The fix is to simply add the missing cond_resched.
Fixes: 6d74119f1a3e ("Btrfs: avoid taking the chunk_mutex in do_chunk_alloc")
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -4527,6 +4527,7 @@ again:
if (wait_for_alloc) {
mutex_unlock(&fs_info->chunk_mutex);
wait_for_alloc = 0;
+ cond_resched();
goto again;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 243/329] ocfs2/dlm: dont handle migrate lockres if already in shutdown
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (225 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 242/329] btrfs: Fix possible softlock on single core machines Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 244/329] sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Greg Kroah-Hartman
` (82 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jun Piao, Yiwen Jiang, Joseph Qi,
Changwei Ge, Mark Fasheh, Joel Becker, Junxiao Bi, Andrew Morton,
Linus Torvalds, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jun Piao <piaojun@huawei.com>
[ Upstream commit bb34f24c7d2c98d0c81838a7700e6068325b17a0 ]
We should not handle migrate lockres if we are already in
'DLM_CTXT_IN_SHUTDOWN', as that will cause lockres remains after leaving
dlm domain. At last other nodes will get stuck into infinite loop when
requsting lock from us.
The problem is caused by concurrency umount between nodes. Before
receiveing N1's DLM_BEGIN_EXIT_DOMAIN_MSG, N2 has picked up N1 as the
migrate target. So N2 will continue sending lockres to N1 even though
N1 has left domain.
N1 N2 (owner)
touch file
access the file,
and get pr lock
begin leave domain and
pick up N1 as new owner
begin leave domain and
migrate all lockres done
begin migrate lockres to N1
end leave domain, but
the lockres left
unexpectedly, because
migrate task has passed
[piaojun@huawei.com: v3]
Link: http://lkml.kernel.org/r/5A9CBD19.5020107@huawei.com
Link: http://lkml.kernel.org/r/5A99F028.2090902@huawei.com
Signed-off-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Reviewed-by: Joseph Qi <jiangqi903@gmail.com>
Reviewed-by: Changwei Ge <ge.changwei@h3c.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/dlm/dlmdomain.c | 14 --------------
fs/ocfs2/dlm/dlmdomain.h | 25 ++++++++++++++++++++++++-
fs/ocfs2/dlm/dlmrecovery.c | 9 +++++++++
3 files changed, 33 insertions(+), 15 deletions(-)
--- a/fs/ocfs2/dlm/dlmdomain.c
+++ b/fs/ocfs2/dlm/dlmdomain.c
@@ -675,20 +675,6 @@ static void dlm_leave_domain(struct dlm_
spin_unlock(&dlm->spinlock);
}
-int dlm_shutting_down(struct dlm_ctxt *dlm)
-{
- int ret = 0;
-
- spin_lock(&dlm_domain_lock);
-
- if (dlm->dlm_state == DLM_CTXT_IN_SHUTDOWN)
- ret = 1;
-
- spin_unlock(&dlm_domain_lock);
-
- return ret;
-}
-
void dlm_unregister_domain(struct dlm_ctxt *dlm)
{
int leave = 0;
--- a/fs/ocfs2/dlm/dlmdomain.h
+++ b/fs/ocfs2/dlm/dlmdomain.h
@@ -28,7 +28,30 @@
extern spinlock_t dlm_domain_lock;
extern struct list_head dlm_domains;
-int dlm_shutting_down(struct dlm_ctxt *dlm);
+static inline int dlm_joined(struct dlm_ctxt *dlm)
+{
+ int ret = 0;
+
+ spin_lock(&dlm_domain_lock);
+ if (dlm->dlm_state == DLM_CTXT_JOINED)
+ ret = 1;
+ spin_unlock(&dlm_domain_lock);
+
+ return ret;
+}
+
+static inline int dlm_shutting_down(struct dlm_ctxt *dlm)
+{
+ int ret = 0;
+
+ spin_lock(&dlm_domain_lock);
+ if (dlm->dlm_state == DLM_CTXT_IN_SHUTDOWN)
+ ret = 1;
+ spin_unlock(&dlm_domain_lock);
+
+ return ret;
+}
+
void dlm_fire_domain_eviction_callbacks(struct dlm_ctxt *dlm,
int node_num);
--- a/fs/ocfs2/dlm/dlmrecovery.c
+++ b/fs/ocfs2/dlm/dlmrecovery.c
@@ -1378,6 +1378,15 @@ int dlm_mig_lockres_handler(struct o2net
if (!dlm_grab(dlm))
return -EINVAL;
+ if (!dlm_joined(dlm)) {
+ mlog(ML_ERROR, "Domain %s not joined! "
+ "lockres %.*s, master %u\n",
+ dlm->name, mres->lockname_len,
+ mres->lockname, mres->master);
+ dlm_put(dlm);
+ return -EINVAL;
+ }
+
BUG_ON(!(mres->flags & (DLM_MRES_RECOVERY|DLM_MRES_MIGRATION)));
real_master = mres->master;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 244/329] sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 243/329] ocfs2/dlm: dont handle migrate lockres if already in shutdown Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 246/329] fscache: Fix hanging wait on page discarded by writeback Greg Kroah-Hartman
` (81 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davidlohr Bueso, Matt Fleming,
Peter Zijlstra (Intel),
Linus Torvalds, Mike Galbraith, Thomas Gleixner, dave, rostedt,
Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
[ Upstream commit d29a20645d5e929aa7e8616f28e5d8e1c49263ec ]
While running rt-tests' pi_stress program I got the following splat:
rq->clock_update_flags < RQCF_ACT_SKIP
WARNING: CPU: 27 PID: 0 at kernel/sched/sched.h:960 assert_clock_updated.isra.38.part.39+0x13/0x20
[...]
<IRQ>
enqueue_top_rt_rq+0xf4/0x150
? cpufreq_dbs_governor_start+0x170/0x170
sched_rt_rq_enqueue+0x65/0x80
sched_rt_period_timer+0x156/0x360
? sched_rt_rq_enqueue+0x80/0x80
__hrtimer_run_queues+0xfa/0x260
hrtimer_interrupt+0xcb/0x220
smp_apic_timer_interrupt+0x62/0x120
apic_timer_interrupt+0xf/0x20
</IRQ>
[...]
do_idle+0x183/0x1e0
cpu_startup_entry+0x5f/0x70
start_secondary+0x192/0x1d0
secondary_startup_64+0xa5/0xb0
We can get rid of it be the "traditional" means of adding an
update_rq_clock() call after acquiring the rq->lock in
do_sched_rt_period_timer().
The case for the RT task throttling (which this workload also hits)
can be ignored in that the skip_update call is actually bogus and
quite the contrary (the request bits are removed/reverted).
By setting RQCF_UPDATED we really don't care if the skip is happening
or not and will therefore make the assert_clock_updated() check happy.
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dave@stgolabs.net
Cc: linux-kernel@vger.kernel.org
Cc: rostedt@goodmis.org
Link: http://lkml.kernel.org/r/20180402164954.16255-1-dave@stgolabs.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/rt.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -830,6 +830,8 @@ static int do_sched_rt_period_timer(stru
struct rq *rq = rq_of_rt_rq(rt_rq);
raw_spin_lock(&rq->lock);
+ update_rq_clock(rq);
+
if (rt_rq->rt_time) {
u64 runtime;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 246/329] fscache: Fix hanging wait on page discarded by writeback
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (227 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 244/329] sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 248/329] net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() Greg Kroah-Hartman
` (80 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit 2c98425720233ae3e135add0c7e869b32913502f ]
If the fscache asynchronous write operation elects to discard a page that's
pending storage to the cache because the page would be over the store limit
then it needs to wake the page as someone may be waiting on completion of
the write.
The problem is that the store limit may be updated by a different
asynchronous operation - and so may miss the write - and that the store
limit may not even get updated until later by the netfs.
Fix the kernel hang by making fscache_write_op() mark as written any pages
that are over the limit.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fscache/page.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/fs/fscache/page.c
+++ b/fs/fscache/page.c
@@ -776,6 +776,7 @@ static void fscache_write_op(struct fsca
_enter("{OP%x,%d}", op->op.debug_id, atomic_read(&op->op.usage));
+again:
spin_lock(&object->lock);
cookie = object->cookie;
@@ -816,10 +817,6 @@ static void fscache_write_op(struct fsca
goto superseded;
page = results[0];
_debug("gang %d [%lx]", n, page->index);
- if (page->index >= op->store_limit) {
- fscache_stat(&fscache_n_store_pages_over_limit);
- goto superseded;
- }
radix_tree_tag_set(&cookie->stores, page->index,
FSCACHE_COOKIE_STORING_TAG);
@@ -829,6 +826,9 @@ static void fscache_write_op(struct fsca
spin_unlock(&cookie->stores_lock);
spin_unlock(&object->lock);
+ if (page->index >= op->store_limit)
+ goto discard_page;
+
fscache_stat(&fscache_n_store_pages);
fscache_stat(&fscache_n_cop_write_page);
ret = object->cache->ops->write_page(op, page);
@@ -844,6 +844,11 @@ static void fscache_write_op(struct fsca
_leave("");
return;
+discard_page:
+ fscache_stat(&fscache_n_store_pages_over_limit);
+ fscache_end_page_write(object, page);
+ goto again;
+
superseded:
/* this writer is going away and there aren't any more things to
* write */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 248/329] net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (228 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 246/329] fscache: Fix hanging wait on page discarded by writeback Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 249/329] btrfs: tests/qgroup: Fix wrong tree backref level Greg Kroah-Hartman
` (79 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, David S. Miller,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 60d6e6f0b9e422dd01aeda39257ee0428e5e2a3f ]
bgmac_dma_tx_ring_free() assigns the ctl1 word which is a litle endian
32-bit word without using proper accessors, fix this, and because a
length cannot be negative, use unsigned int while at it.
Fixes: 9cde94506eac ("bgmac: implement scatter/gather support")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bgmac.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/broadcom/bgmac.c
+++ b/drivers/net/ethernet/broadcom/bgmac.c
@@ -529,7 +529,8 @@ static void bgmac_dma_tx_ring_free(struc
int i;
for (i = 0; i < BGMAC_TX_RING_SLOTS; i++) {
- int len = dma_desc[i].ctl1 & BGMAC_DESC_CTL1_LEN;
+ u32 ctl1 = le32_to_cpu(dma_desc[i].ctl1);
+ unsigned int len = ctl1 & BGMAC_DESC_CTL1_LEN;
slot = &ring->slots[i];
dev_kfree_skb(slot->skb);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 249/329] btrfs: tests/qgroup: Fix wrong tree backref level
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (229 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 248/329] net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 250/329] Btrfs: fix copy_items() return value when logging an inode Greg Kroah-Hartman
` (78 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 3c0efdf03b2d127f0e40e30db4e7aa0429b1b79a ]
The extent tree of the test fs is like the following:
BTRFS info (device (null)): leaf 16327509003777336587 total ptrs 1 free space 3919
item 0 key (4096 168 4096) itemoff 3944 itemsize 51
extent refs 1 gen 1 flags 2
tree block key (68719476736 0 0) level 1
^^^^^^^
ref#0: tree block backref root 5
And it's using an empty tree for fs tree, so there is no way that its
level can be 1.
For REAL (created by mkfs) fs tree backref with no skinny metadata, the
result should look like:
item 3 key (30408704 EXTENT_ITEM 4096) itemoff 3845 itemsize 51
refs 1 gen 4 flags TREE_BLOCK
tree block key (256 INODE_ITEM 0) level 0
^^^^^^^
tree block backref root 5
Fix the level to 0, so it won't break later tree level checker.
Fixes: faa2dbf004e8 ("Btrfs: add sanity tests for new qgroup accounting code")
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tests/qgroup-tests.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/tests/qgroup-tests.c
+++ b/fs/btrfs/tests/qgroup-tests.c
@@ -63,7 +63,7 @@ static int insert_normal_tree_ref(struct
btrfs_set_extent_generation(leaf, item, 1);
btrfs_set_extent_flags(leaf, item, BTRFS_EXTENT_FLAG_TREE_BLOCK);
block_info = (struct btrfs_tree_block_info *)(item + 1);
- btrfs_set_tree_block_level(leaf, block_info, 1);
+ btrfs_set_tree_block_level(leaf, block_info, 0);
iref = (struct btrfs_extent_inline_ref *)(block_info + 1);
if (parent > 0) {
btrfs_set_extent_inline_ref_type(leaf, iref,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 250/329] Btrfs: fix copy_items() return value when logging an inode
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (230 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 249/329] btrfs: tests/qgroup: Fix wrong tree backref level Greg Kroah-Hartman
@ 2018-05-28 10:02 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 251/329] btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Greg Kroah-Hartman
` (77 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit 8434ec46c6e3232cebc25a910363b29f5c617820 ]
When logging an inode, at tree-log.c:copy_items(), if we call
btrfs_next_leaf() at the loop which checks for the need to log holes, we
need to make sure copy_items() returns the value 1 to its caller and
not 0 (on success). This is because the path the caller passed was
released and is now different from what is was before, and the caller
expects a return value of 0 to mean both success and that the path
has not changed, while a return value of 1 means both success and
signals the caller that it can not reuse the path, it has to perform
another tree search.
Even though this is a case that should not be triggered on normal
circumstances or very rare at least, its consequences can be very
unpredictable (especially when replaying a log tree).
Fixes: 16e7549f045d ("Btrfs: incompatible format change to remove hole extents")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3854,6 +3854,7 @@ fill_holes:
ASSERT(ret == 0);
src = src_path->nodes[0];
i = 0;
+ need_find_last_extent = true;
}
btrfs_item_key_to_cpu(src, &key, i);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 251/329] btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (231 preceding siblings ...)
2018-05-28 10:02 ` [PATCH 4.9 250/329] Btrfs: fix copy_items() return value when logging an inode Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 252/329] rxrpc: Fix Tx ring annotation after initial Tx failure Greg Kroah-Hartman
` (76 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Mahoney, Liu Bo, David Sterba,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
[ Upstream commit 8a5a916d9a35e13576d79cc16e24611821b13e34 ]
While running btrfs/011, I hit the following lockdep splat.
This is the important bit:
pcpu_alloc+0x1ac/0x5e0
__percpu_counter_init+0x4e/0xb0
btrfs_init_fs_root+0x99/0x1c0 [btrfs]
btrfs_get_fs_root.part.54+0x5b/0x150 [btrfs]
resolve_indirect_refs+0x130/0x830 [btrfs]
find_parent_nodes+0x69e/0xff0 [btrfs]
btrfs_find_all_roots_safe+0xa0/0x110 [btrfs]
btrfs_find_all_roots+0x50/0x70 [btrfs]
btrfs_qgroup_prepare_account_extents+0x53/0x90 [btrfs]
btrfs_commit_transaction+0x3ce/0x9b0 [btrfs]
The percpu_counter_init call in btrfs_alloc_subvolume_writers
uses GFP_KERNEL, which we can't do during transaction commit.
This switches it to GFP_NOFS.
========================================================
WARNING: possible irq lock inversion dependency detected
4.12.14-kvmsmall #8 Tainted: G W
--------------------------------------------------------
kswapd0/50 just changed the state of lock:
(&delayed_node->mutex){+.+.-.}, at: [<ffffffffc06994fa>] __btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
but this lock took another, RECLAIM_FS-unsafe lock in the past:
(pcpu_alloc_mutex){+.+.+.}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Chain exists of:
&delayed_node->mutex --> &found->groups_sem --> pcpu_alloc_mutex
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(pcpu_alloc_mutex);
local_irq_disable();
lock(&delayed_node->mutex);
lock(&found->groups_sem);
<Interrupt>
lock(&delayed_node->mutex);
*** DEADLOCK ***
2 locks held by kswapd0/50:
#0: (shrinker_rwsem){++++..}, at: [<ffffffff811dc11f>] shrink_slab+0x7f/0x5b0
#1: (&type->s_umount_key#30){+++++.}, at: [<ffffffff8126dec6>] trylock_super+0x16/0x50
the shortest dependencies between 2nd lock and 1st lock:
-> (pcpu_alloc_mutex){+.+.+.} ops: 4904 {
HARDIRQ-ON-W at:
__mutex_lock+0x4e/0x8c0
pcpu_alloc+0x1ac/0x5e0
alloc_kmem_cache_cpus.isra.70+0x25/0xa0
__do_tune_cpucache+0x2c/0x220
do_tune_cpucache+0x26/0xc0
enable_cpucache+0x6d/0xf0
kmem_cache_init_late+0x42/0x75
start_kernel+0x343/0x4cb
x86_64_start_kernel+0x127/0x134
secondary_startup_64+0xa5/0xb0
SOFTIRQ-ON-W at:
__mutex_lock+0x4e/0x8c0
pcpu_alloc+0x1ac/0x5e0
alloc_kmem_cache_cpus.isra.70+0x25/0xa0
__do_tune_cpucache+0x2c/0x220
do_tune_cpucache+0x26/0xc0
enable_cpucache+0x6d/0xf0
kmem_cache_init_late+0x42/0x75
start_kernel+0x343/0x4cb
x86_64_start_kernel+0x127/0x134
secondary_startup_64+0xa5/0xb0
RECLAIM_FS-ON-W at:
__kmalloc+0x47/0x310
pcpu_extend_area_map+0x2b/0xc0
pcpu_alloc+0x3ec/0x5e0
alloc_kmem_cache_cpus.isra.70+0x25/0xa0
__do_tune_cpucache+0x2c/0x220
do_tune_cpucache+0x26/0xc0
enable_cpucache+0x6d/0xf0
__kmem_cache_create+0x1bf/0x390
create_cache+0xba/0x1b0
kmem_cache_create+0x1f8/0x2b0
ksm_init+0x6f/0x19d
do_one_initcall+0x50/0x1b0
kernel_init_freeable+0x201/0x289
kernel_init+0xa/0x100
ret_from_fork+0x3a/0x50
INITIAL USE at:
__mutex_lock+0x4e/0x8c0
pcpu_alloc+0x1ac/0x5e0
alloc_kmem_cache_cpus.isra.70+0x25/0xa0
setup_cpu_cache+0x2f/0x1f0
__kmem_cache_create+0x1bf/0x390
create_boot_cache+0x8b/0xb1
kmem_cache_init+0xa1/0x19e
start_kernel+0x270/0x4cb
x86_64_start_kernel+0x127/0x134
secondary_startup_64+0xa5/0xb0
}
... key at: [<ffffffff821d8e70>] pcpu_alloc_mutex+0x70/0xa0
... acquired at:
pcpu_alloc+0x1ac/0x5e0
__percpu_counter_init+0x4e/0xb0
btrfs_init_fs_root+0x99/0x1c0 [btrfs]
btrfs_get_fs_root.part.54+0x5b/0x150 [btrfs]
resolve_indirect_refs+0x130/0x830 [btrfs]
find_parent_nodes+0x69e/0xff0 [btrfs]
btrfs_find_all_roots_safe+0xa0/0x110 [btrfs]
btrfs_find_all_roots+0x50/0x70 [btrfs]
btrfs_qgroup_prepare_account_extents+0x53/0x90 [btrfs]
btrfs_commit_transaction+0x3ce/0x9b0 [btrfs]
transaction_kthread+0x176/0x1b0 [btrfs]
kthread+0x102/0x140
ret_from_fork+0x3a/0x50
-> (&fs_info->commit_root_sem){++++..} ops: 1566382 {
HARDIRQ-ON-W at:
down_write+0x3e/0xa0
cache_block_group+0x287/0x420 [btrfs]
find_free_extent+0x106c/0x12d0 [btrfs]
btrfs_reserve_extent+0xd8/0x170 [btrfs]
cow_file_range.isra.66+0x133/0x470 [btrfs]
run_delalloc_range+0x121/0x410 [btrfs]
writepage_delalloc.isra.50+0xfe/0x180 [btrfs]
__extent_writepage+0x19a/0x360 [btrfs]
extent_write_cache_pages.constprop.56+0x249/0x3e0 [btrfs]
extent_writepages+0x4d/0x60 [btrfs]
do_writepages+0x1a/0x70
__filemap_fdatawrite_range+0xa7/0xe0
btrfs_rename+0x5ee/0xdb0 [btrfs]
vfs_rename+0x52a/0x7e0
SyS_rename+0x351/0x3b0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
HARDIRQ-ON-R at:
down_read+0x35/0x90
caching_thread+0x57/0x560 [btrfs]
normal_work_helper+0x1c0/0x5e0 [btrfs]
process_one_work+0x1e0/0x5c0
worker_thread+0x44/0x390
kthread+0x102/0x140
ret_from_fork+0x3a/0x50
SOFTIRQ-ON-W at:
down_write+0x3e/0xa0
cache_block_group+0x287/0x420 [btrfs]
find_free_extent+0x106c/0x12d0 [btrfs]
btrfs_reserve_extent+0xd8/0x170 [btrfs]
cow_file_range.isra.66+0x133/0x470 [btrfs]
run_delalloc_range+0x121/0x410 [btrfs]
writepage_delalloc.isra.50+0xfe/0x180 [btrfs]
__extent_writepage+0x19a/0x360 [btrfs]
extent_write_cache_pages.constprop.56+0x249/0x3e0 [btrfs]
extent_writepages+0x4d/0x60 [btrfs]
do_writepages+0x1a/0x70
__filemap_fdatawrite_range+0xa7/0xe0
btrfs_rename+0x5ee/0xdb0 [btrfs]
vfs_rename+0x52a/0x7e0
SyS_rename+0x351/0x3b0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
SOFTIRQ-ON-R at:
down_read+0x35/0x90
caching_thread+0x57/0x560 [btrfs]
normal_work_helper+0x1c0/0x5e0 [btrfs]
process_one_work+0x1e0/0x5c0
worker_thread+0x44/0x390
kthread+0x102/0x140
ret_from_fork+0x3a/0x50
INITIAL USE at:
down_write+0x3e/0xa0
cache_block_group+0x287/0x420 [btrfs]
find_free_extent+0x106c/0x12d0 [btrfs]
btrfs_reserve_extent+0xd8/0x170 [btrfs]
cow_file_range.isra.66+0x133/0x470 [btrfs]
run_delalloc_range+0x121/0x410 [btrfs]
writepage_delalloc.isra.50+0xfe/0x180 [btrfs]
__extent_writepage+0x19a/0x360 [btrfs]
extent_write_cache_pages.constprop.56+0x249/0x3e0 [btrfs]
extent_writepages+0x4d/0x60 [btrfs]
do_writepages+0x1a/0x70
__filemap_fdatawrite_range+0xa7/0xe0
btrfs_rename+0x5ee/0xdb0 [btrfs]
vfs_rename+0x52a/0x7e0
SyS_rename+0x351/0x3b0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
}
... key at: [<ffffffffc0729578>] __key.61970+0x0/0xfffffffffff9aa88 [btrfs]
... acquired at:
cache_block_group+0x287/0x420 [btrfs]
find_free_extent+0x106c/0x12d0 [btrfs]
btrfs_reserve_extent+0xd8/0x170 [btrfs]
btrfs_alloc_tree_block+0x12f/0x4c0 [btrfs]
btrfs_create_tree+0xbb/0x2a0 [btrfs]
btrfs_create_uuid_tree+0x37/0x140 [btrfs]
open_ctree+0x23c0/0x2660 [btrfs]
btrfs_mount+0xd36/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
btrfs_mount+0x18c/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
do_mount+0x1c1/0xcc0
SyS_mount+0x7e/0xd0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> (&found->groups_sem){++++..} ops: 2134587 {
HARDIRQ-ON-W at:
down_write+0x3e/0xa0
__link_block_group+0x34/0x130 [btrfs]
btrfs_read_block_groups+0x33d/0x7b0 [btrfs]
open_ctree+0x2054/0x2660 [btrfs]
btrfs_mount+0xd36/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
btrfs_mount+0x18c/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
do_mount+0x1c1/0xcc0
SyS_mount+0x7e/0xd0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
HARDIRQ-ON-R at:
down_read+0x35/0x90
btrfs_calc_num_tolerated_disk_barrier_failures+0x113/0x1f0 [btrfs]
open_ctree+0x207b/0x2660 [btrfs]
btrfs_mount+0xd36/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
btrfs_mount+0x18c/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
do_mount+0x1c1/0xcc0
SyS_mount+0x7e/0xd0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
SOFTIRQ-ON-W at:
down_write+0x3e/0xa0
__link_block_group+0x34/0x130 [btrfs]
btrfs_read_block_groups+0x33d/0x7b0 [btrfs]
open_ctree+0x2054/0x2660 [btrfs]
btrfs_mount+0xd36/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
btrfs_mount+0x18c/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
do_mount+0x1c1/0xcc0
SyS_mount+0x7e/0xd0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
SOFTIRQ-ON-R at:
down_read+0x35/0x90
btrfs_calc_num_tolerated_disk_barrier_failures+0x113/0x1f0 [btrfs]
open_ctree+0x207b/0x2660 [btrfs]
btrfs_mount+0xd36/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
btrfs_mount+0x18c/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
do_mount+0x1c1/0xcc0
SyS_mount+0x7e/0xd0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
INITIAL USE at:
down_write+0x3e/0xa0
__link_block_group+0x34/0x130 [btrfs]
btrfs_read_block_groups+0x33d/0x7b0 [btrfs]
open_ctree+0x2054/0x2660 [btrfs]
btrfs_mount+0xd36/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
btrfs_mount+0x18c/0xf90 [btrfs]
mount_fs+0x3a/0x160
vfs_kern_mount+0x66/0x150
do_mount+0x1c1/0xcc0
SyS_mount+0x7e/0xd0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
}
... key at: [<ffffffffc0729488>] __key.59101+0x0/0xfffffffffff9ab78 [btrfs]
... acquired at:
find_free_extent+0xcb4/0x12d0 [btrfs]
btrfs_reserve_extent+0xd8/0x170 [btrfs]
btrfs_alloc_tree_block+0x12f/0x4c0 [btrfs]
__btrfs_cow_block+0x110/0x5b0 [btrfs]
btrfs_cow_block+0xd7/0x290 [btrfs]
btrfs_search_slot+0x1f6/0x960 [btrfs]
btrfs_lookup_inode+0x2a/0x90 [btrfs]
__btrfs_update_delayed_inode+0x65/0x210 [btrfs]
btrfs_commit_inode_delayed_inode+0x121/0x130 [btrfs]
btrfs_evict_inode+0x3fe/0x6a0 [btrfs]
evict+0xc4/0x190
__dentry_kill+0xbf/0x170
dput+0x2ae/0x2f0
SyS_rename+0x2a6/0x3b0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> (&delayed_node->mutex){+.+.-.} ops: 5580204 {
HARDIRQ-ON-W at:
__mutex_lock+0x4e/0x8c0
btrfs_delayed_update_inode+0x46/0x6e0 [btrfs]
btrfs_update_inode+0x83/0x110 [btrfs]
btrfs_dirty_inode+0x62/0xe0 [btrfs]
touch_atime+0x8c/0xb0
do_generic_file_read+0x818/0xb10
__vfs_read+0xdc/0x150
vfs_read+0x8a/0x130
SyS_read+0x45/0xa0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
SOFTIRQ-ON-W at:
__mutex_lock+0x4e/0x8c0
btrfs_delayed_update_inode+0x46/0x6e0 [btrfs]
btrfs_update_inode+0x83/0x110 [btrfs]
btrfs_dirty_inode+0x62/0xe0 [btrfs]
touch_atime+0x8c/0xb0
do_generic_file_read+0x818/0xb10
__vfs_read+0xdc/0x150
vfs_read+0x8a/0x130
SyS_read+0x45/0xa0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
IN-RECLAIM_FS-W at:
__mutex_lock+0x4e/0x8c0
__btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
btrfs_evict_inode+0x22c/0x6a0 [btrfs]
evict+0xc4/0x190
dispose_list+0x35/0x50
prune_icache_sb+0x42/0x50
super_cache_scan+0x139/0x190
shrink_slab+0x262/0x5b0
shrink_node+0x2eb/0x2f0
kswapd+0x2eb/0x890
kthread+0x102/0x140
ret_from_fork+0x3a/0x50
INITIAL USE at:
__mutex_lock+0x4e/0x8c0
btrfs_delayed_update_inode+0x46/0x6e0 [btrfs]
btrfs_update_inode+0x83/0x110 [btrfs]
btrfs_dirty_inode+0x62/0xe0 [btrfs]
touch_atime+0x8c/0xb0
do_generic_file_read+0x818/0xb10
__vfs_read+0xdc/0x150
vfs_read+0x8a/0x130
SyS_read+0x45/0xa0
do_syscall_64+0x79/0x1e0
entry_SYSCALL_64_after_hwframe+0x42/0xb7
}
... key at: [<ffffffffc072d488>] __key.56935+0x0/0xfffffffffff96b78 [btrfs]
... acquired at:
__lock_acquire+0x264/0x11c0
lock_acquire+0xbd/0x1e0
__mutex_lock+0x4e/0x8c0
__btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
btrfs_evict_inode+0x22c/0x6a0 [btrfs]
evict+0xc4/0x190
dispose_list+0x35/0x50
prune_icache_sb+0x42/0x50
super_cache_scan+0x139/0x190
shrink_slab+0x262/0x5b0
shrink_node+0x2eb/0x2f0
kswapd+0x2eb/0x890
kthread+0x102/0x140
ret_from_fork+0x3a/0x50
stack backtrace:
CPU: 1 PID: 50 Comm: kswapd0 Tainted: G W 4.12.14-kvmsmall #8 SLE15 (unreleased)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
Call Trace:
dump_stack+0x78/0xb7
print_irq_inversion_bug.part.38+0x19f/0x1aa
check_usage_forwards+0x102/0x120
? ret_from_fork+0x3a/0x50
? check_usage_backwards+0x110/0x110
mark_lock+0x16c/0x270
__lock_acquire+0x264/0x11c0
? pagevec_lookup_entries+0x1a/0x30
? truncate_inode_pages_range+0x2b3/0x7f0
lock_acquire+0xbd/0x1e0
? __btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
__mutex_lock+0x4e/0x8c0
? __btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
? __btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
? btrfs_evict_inode+0x1f6/0x6a0 [btrfs]
__btrfs_release_delayed_node+0x3a/0x1f0 [btrfs]
btrfs_evict_inode+0x22c/0x6a0 [btrfs]
evict+0xc4/0x190
dispose_list+0x35/0x50
prune_icache_sb+0x42/0x50
super_cache_scan+0x139/0x190
shrink_slab+0x262/0x5b0
shrink_node+0x2eb/0x2f0
kswapd+0x2eb/0x890
kthread+0x102/0x140
? mem_cgroup_shrink_node+0x2c0/0x2c0
? kthread_create_on_node+0x40/0x40
ret_from_fork+0x3a/0x50
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1281,7 +1281,7 @@ static struct btrfs_subvolume_writers *b
if (!writers)
return ERR_PTR(-ENOMEM);
- ret = percpu_counter_init(&writers->counter, 0, GFP_KERNEL);
+ ret = percpu_counter_init(&writers->counter, 0, GFP_NOFS);
if (ret < 0) {
kfree(writers);
return ERR_PTR(ret);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 252/329] rxrpc: Fix Tx ring annotation after initial Tx failure
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (232 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 251/329] btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 253/329] rxrpc: Dont treat call aborts as conn aborts Greg Kroah-Hartman
` (75 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit 03877bf6a30cca7d4bc3ffabd3c3e9464a7a1a19 ]
rxrpc calls have a ring of packets that are awaiting ACK or retransmission
and a parallel ring of annotations that tracks the state of those packets.
If the initial transmission of a packet on the underlying UDP socket fails
then the packet annotation is marked for resend - but the setting of this
mark accidentally erases the last-packet mark also stored in the same
annotation slot. If this happens, a call won't switch out of the Tx phase
when all the packets have been transmitted.
Fix this by retaining the last-packet mark and only altering the packet
state.
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rxrpc/sendmsg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -78,7 +78,9 @@ static inline void rxrpc_instant_resend(
spin_lock_bh(&call->lock);
if (call->state < RXRPC_CALL_COMPLETE) {
- call->rxtx_annotations[ix] = RXRPC_TX_ANNO_RETRANS;
+ call->rxtx_annotations[ix] =
+ (call->rxtx_annotations[ix] & RXRPC_TX_ANNO_LAST) |
+ RXRPC_TX_ANNO_RETRANS;
if (!test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events))
rxrpc_queue_call(call);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 253/329] rxrpc: Dont treat call aborts as conn aborts
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (233 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 252/329] rxrpc: Fix Tx ring annotation after initial Tx failure Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 254/329] xen/acpi: off by one in read_acpi_id() Greg Kroah-Hartman
` (74 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Dionne, David Howells, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit 57b0c9d49b94bbeb53649b7fbd264603c1ebd585 ]
If a call-level abort is received for the previous call to complete on a
connection channel, then that abort is queued for the connection processor
to handle. Unfortunately, the connection processor then assumes without
checking that the abort is connection-level (ie. callNumber is 0) and
distributes it over all active calls on that connection, thereby
incorrectly aborting them.
Fix this by discarding aborts aimed at a completed call.
Further, discard all packets aimed at a call that's complete if there's
currently an active call on a channel, since the DATA packets associated
with the new call automatically terminate the old call.
Fixes: 18bfeba50dfd ("rxrpc: Perform terminal call ACK/ABORT retransmission from conn processor")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rxrpc/input.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -1166,16 +1166,19 @@ void rxrpc_data_ready(struct sock *udp_s
goto discard_unlock;
if (sp->hdr.callNumber == chan->last_call) {
- /* For the previous service call, if completed successfully, we
- * discard all further packets.
+ if (chan->call ||
+ sp->hdr.type == RXRPC_PACKET_TYPE_ABORT)
+ goto discard_unlock;
+
+ /* For the previous service call, if completed
+ * successfully, we discard all further packets.
*/
if (rxrpc_conn_is_service(conn) &&
- (chan->last_type == RXRPC_PACKET_TYPE_ACK ||
- sp->hdr.type == RXRPC_PACKET_TYPE_ABORT))
+ chan->last_type == RXRPC_PACKET_TYPE_ACK)
goto discard_unlock;
- /* But otherwise we need to retransmit the final packet from
- * data cached in the connection record.
+ /* But otherwise we need to retransmit the final packet
+ * from data cached in the connection record.
*/
rxrpc_post_packet_to_conn(conn, skb);
goto out_unlock;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 254/329] xen/acpi: off by one in read_acpi_id()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (234 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 253/329] rxrpc: Dont treat call aborts as conn aborts Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 255/329] drivers: macintosh: rack-meter: really fix bogus memsets Greg Kroah-Hartman
` (73 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Joao Martins,
Juergen Gross, Boris Ostrovsky, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit c37a3c94775855567b90f91775b9691e10bd2806 ]
If acpi_id is == nr_acpi_bits, then we access one element beyond the end
of the acpi_psd[] array or we set one bit beyond the end of the bit map
when we do __set_bit(acpi_id, acpi_id_present);
Fixes: 59a568029181 ("xen/acpi-processor: C and P-state driver that uploads said data to hypervisor.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/xen-acpi-processor.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/xen/xen-acpi-processor.c
+++ b/drivers/xen/xen-acpi-processor.c
@@ -362,9 +362,9 @@ read_acpi_id(acpi_handle handle, u32 lvl
}
/* There are more ACPI Processor objects than in x2APIC or MADT.
* This can happen with incorrect ACPI SSDT declerations. */
- if (acpi_id > nr_acpi_bits) {
- pr_debug("We only have %u, trying to set %u\n",
- nr_acpi_bits, acpi_id);
+ if (acpi_id >= nr_acpi_bits) {
+ pr_debug("max acpi id %u, trying to set %u\n",
+ nr_acpi_bits - 1, acpi_id);
return AE_OK;
}
/* OK, There is a ACPI Processor object */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 255/329] drivers: macintosh: rack-meter: really fix bogus memsets
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (235 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 254/329] xen/acpi: off by one in read_acpi_id() Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 256/329] ACPI: acpi_pad: Fix memory leak in power saving threads Greg Kroah-Hartman
` (72 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Aaro Koskinen,
Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaro Koskinen <aaro.koskinen@iki.fi>
[ Upstream commit e283655b5abe26462d53d5196f186c5e8863af3b ]
We should zero an array using sizeof instead of number of elements.
Fixes the following compiler (GCC 7.3.0) warnings:
drivers/macintosh/rack-meter.c: In function 'rackmeter_do_pause':
drivers/macintosh/rack-meter.c:157:2: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
drivers/macintosh/rack-meter.c:158:2: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
Fixes: 4f7bef7a9f69 ("drivers: macintosh: rack-meter: fix bogus memsets")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/macintosh/rack-meter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/macintosh/rack-meter.c
+++ b/drivers/macintosh/rack-meter.c
@@ -154,8 +154,8 @@ static void rackmeter_do_pause(struct ra
DBDMA_DO_STOP(rm->dma_regs);
return;
}
- memset(rdma->buf1, 0, ARRAY_SIZE(rdma->buf1));
- memset(rdma->buf2, 0, ARRAY_SIZE(rdma->buf2));
+ memset(rdma->buf1, 0, sizeof(rdma->buf1));
+ memset(rdma->buf2, 0, sizeof(rdma->buf2));
rm->dma_buf_v->mark = 0;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 256/329] ACPI: acpi_pad: Fix memory leak in power saving threads
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (236 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 255/329] drivers: macintosh: rack-meter: really fix bogus memsets Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 257/329] powerpc/mpic: Check if cpu_possible() in mpic_physmask() Greg Kroah-Hartman
` (71 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lenny Szubowicz, Rafael J. Wysocki,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lenny Szubowicz <lszubowi@redhat.com>
[ Upstream commit 8b29d29abc484d638213dd79a18a95ae7e5bb402 ]
Fix once per second (round_robin_time) memory leak of about 1 KB in
each acpi_pad kernel idling thread that is activated.
Found by testing with kmemleak.
Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpi_pad.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/acpi/acpi_pad.c
+++ b/drivers/acpi/acpi_pad.c
@@ -109,6 +109,7 @@ static void round_robin_cpu(unsigned int
cpumask_andnot(tmp, cpu_online_mask, pad_busy_cpus);
if (cpumask_empty(tmp)) {
mutex_unlock(&round_robin_lock);
+ free_cpumask_var(tmp);
return;
}
for_each_cpu(cpu, tmp) {
@@ -126,6 +127,8 @@ static void round_robin_cpu(unsigned int
mutex_unlock(&round_robin_lock);
set_cpus_allowed_ptr(current, cpumask_of(preferred_cpu));
+
+ free_cpumask_var(tmp);
}
static void exit_round_robin(unsigned int tsk_index)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 257/329] powerpc/mpic: Check if cpu_possible() in mpic_physmask()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (237 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 256/329] ACPI: acpi_pad: Fix memory leak in power saving threads Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 258/329] m68k: set dma and coherent masks for platform FEC ethernets Greg Kroah-Hartman
` (70 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 0834d627fbea00c1444075eb3e448e1974da452d ]
In mpic_physmask() we loop over all CPUs up to 32, then get the hard
SMP processor id of that CPU.
Currently that's possibly walking off the end of the paca array, but
in a future patch we will change the paca array to be an array of
pointers, and in that case we will get a NULL for missing CPUs and
oops. eg:
Unable to handle kernel paging request for data at address 0x88888888888888b8
Faulting instruction address: 0xc00000000004e380
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP .mpic_set_affinity+0x60/0x1a0
LR .irq_do_set_affinity+0x48/0x100
Fix it by checking the CPU is possible, this also fixes the code if
there are gaps in the CPU numbering which probably never happens on
mpic systems but who knows.
Debugged-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/sysdev/mpic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/sysdev/mpic.c
+++ b/arch/powerpc/sysdev/mpic.c
@@ -626,7 +626,7 @@ static inline u32 mpic_physmask(u32 cpum
int i;
u32 mask = 0;
- for (i = 0; i < min(32, NR_CPUS); ++i, cpumask >>= 1)
+ for (i = 0; i < min(32, NR_CPUS) && cpu_possible(i); ++i, cpumask >>= 1)
mask |= (cpumask & 1) << get_hard_smp_processor_id(i);
return mask;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 258/329] m68k: set dma and coherent masks for platform FEC ethernets
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (238 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 257/329] powerpc/mpic: Check if cpu_possible() in mpic_physmask() Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 259/329] parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Greg Kroah-Hartman
` (69 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Ungerer <gerg@linux-m68k.org>
[ Upstream commit f61e64310b75733d782e930d1fb404b84699eed6 ]
As of commit 205e1b7f51e4 ("dma-mapping: warn when there is no
coherent_dma_mask") the Freescale FEC driver is issuing the following
warning on driver initialization on ColdFire systems:
WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516 0x40159e20
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc7-dirty #4
Stack from 41833dd8:
41833dd8 40259c53 40025534 40279e26 00000003 00000000 4004e514 41827000
400255de 40244e42 00000204 40159e20 00000009 00000000 00000000 4024531d
40159e20 40244e42 00000204 00000000 00000000 00000000 00000007 00000000
00000000 40279e26 4028d040 40226576 4003ae88 40279e26 418273f6 41833ef8
7fffffff 418273f2 41867028 4003c9a2 4180ac6c 00000004 41833f8c 4013e71c
40279e1c 40279e26 40226c16 4013ced2 40279e26 40279e58 4028d040 00000000
Call Trace:
[<40025534>] 0x40025534
[<4004e514>] 0x4004e514
[<400255de>] 0x400255de
[<40159e20>] 0x40159e20
[<40159e20>] 0x40159e20
It is not fatal, the driver and the system continue to function normally.
As per the warning the coherent_dma_mask is not set on this device.
There is nothing special about the DMA memory coherency on this hardware
so we can just set the mask to 32bits in the platform data for the FEC
ethernet devices.
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/m68k/coldfire/device.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/arch/m68k/coldfire/device.c
+++ b/arch/m68k/coldfire/device.c
@@ -135,7 +135,11 @@ static struct platform_device mcf_fec0 =
.id = 0,
.num_resources = ARRAY_SIZE(mcf_fec0_resources),
.resource = mcf_fec0_resources,
- .dev.platform_data = FEC_PDATA,
+ .dev = {
+ .dma_mask = &mcf_fec0.dev.coherent_dma_mask,
+ .coherent_dma_mask = DMA_BIT_MASK(32),
+ .platform_data = FEC_PDATA,
+ }
};
#ifdef MCFFEC_BASE1
@@ -167,7 +171,11 @@ static struct platform_device mcf_fec1 =
.id = 1,
.num_resources = ARRAY_SIZE(mcf_fec1_resources),
.resource = mcf_fec1_resources,
- .dev.platform_data = FEC_PDATA,
+ .dev = {
+ .dma_mask = &mcf_fec1.dev.coherent_dma_mask,
+ .coherent_dma_mask = DMA_BIT_MASK(32),
+ .platform_data = FEC_PDATA,
+ }
};
#endif /* MCFFEC_BASE1 */
#endif /* CONFIG_FEC */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 259/329] parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (239 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 258/329] m68k: set dma and coherent masks for platform FEC ethernets Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 260/329] hwmon: (nct6775) Fix writing pwmX_mode Greg Kroah-Hartman
` (68 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Carlo Pisani, Kyle McMartin,
Grant Grundler, Helge Deller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
[ Upstream commit b845f66f78bf42a4ce98e5cfe0e94fab41dd0742 ]
Carlo Pisani noticed that his C3600 workstation behaved unstable during heavy
I/O on the PCI bus with a VIA VT6421 IDE/SATA PCI card.
To avoid such instability, this patch switches the LBA PCI bus from Hard Fail
mode into Soft Fail mode. In this mode the bus will return -1UL for timed out
MMIO transactions, which is exactly how the x86 (and most other architectures)
PCI busses behave.
This patch is based on a proposal by Grant Grundler and Kyle McMartin 10
years ago:
https://www.spinics.net/lists/linux-parisc/msg01027.html
Cc: Carlo Pisani <carlojpisani@gmail.com>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Reviewed-by: Grant Grundler <grantgrundler@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/parisc/lba_pci.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
--- a/drivers/parisc/lba_pci.c
+++ b/drivers/parisc/lba_pci.c
@@ -1367,9 +1367,27 @@ lba_hw_init(struct lba_device *d)
WRITE_REG32(stat, d->hba.base_addr + LBA_ERROR_CONFIG);
}
- /* Set HF mode as the default (vs. -1 mode). */
+
+ /*
+ * Hard Fail vs. Soft Fail on PCI "Master Abort".
+ *
+ * "Master Abort" means the MMIO transaction timed out - usually due to
+ * the device not responding to an MMIO read. We would like HF to be
+ * enabled to find driver problems, though it means the system will
+ * crash with a HPMC.
+ *
+ * In SoftFail mode "~0L" is returned as a result of a timeout on the
+ * pci bus. This is like how PCI busses on x86 and most other
+ * architectures behave. In order to increase compatibility with
+ * existing (x86) PCI hardware and existing Linux drivers we enable
+ * Soft Faul mode on PA-RISC now too.
+ */
stat = READ_REG32(d->hba.base_addr + LBA_STAT_CTL);
+#if defined(ENABLE_HARDFAIL)
WRITE_REG32(stat | HF_ENABLE, d->hba.base_addr + LBA_STAT_CTL);
+#else
+ WRITE_REG32(stat & ~HF_ENABLE, d->hba.base_addr + LBA_STAT_CTL);
+#endif
/*
** Writing a zero to STAT_CTL.rf (bit 0) will clear reset signal
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 260/329] hwmon: (nct6775) Fix writing pwmX_mode
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (240 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 259/329] parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 261/329] powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Greg Kroah-Hartman
` (67 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 415eb2a1aaa4881cf85bd86c683356fdd8094a23 ]
pwmX_mode is defined in the ABI as 0=DC mode, 1=pwm mode. The chip
register bit is set to 1 for DC mode. This got mixed up, and writing
1 into pwmX_mode resulted in DC mode enabled. Fix it up by using
the ABI definition throughout the driver for consistency.
Fixes: 77eb5b3703d99 ("hwmon: (nct6775) Add support for pwm, pwm_mode, ... ")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/nct6775.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/hwmon/nct6775.c
+++ b/drivers/hwmon/nct6775.c
@@ -1393,7 +1393,7 @@ static void nct6775_update_pwm(struct de
duty_is_dc = data->REG_PWM_MODE[i] &&
(nct6775_read_value(data, data->REG_PWM_MODE[i])
& data->PWM_MODE_MASK[i]);
- data->pwm_mode[i] = duty_is_dc;
+ data->pwm_mode[i] = !duty_is_dc;
fanmodecfg = nct6775_read_value(data, data->REG_FAN_MODE[i]);
for (j = 0; j < ARRAY_SIZE(data->REG_PWM); j++) {
@@ -2270,7 +2270,7 @@ show_pwm_mode(struct device *dev, struct
struct nct6775_data *data = nct6775_update_device(dev);
struct sensor_device_attribute *sattr = to_sensor_dev_attr(attr);
- return sprintf(buf, "%d\n", !data->pwm_mode[sattr->index]);
+ return sprintf(buf, "%d\n", data->pwm_mode[sattr->index]);
}
static ssize_t
@@ -2291,9 +2291,9 @@ store_pwm_mode(struct device *dev, struc
if (val > 1)
return -EINVAL;
- /* Setting DC mode is not supported for all chips/channels */
+ /* Setting DC mode (0) is not supported for all chips/channels */
if (data->REG_PWM_MODE[nr] == 0) {
- if (val)
+ if (!val)
return -EINVAL;
return count;
}
@@ -2302,7 +2302,7 @@ store_pwm_mode(struct device *dev, struc
data->pwm_mode[nr] = val;
reg = nct6775_read_value(data, data->REG_PWM_MODE[nr]);
reg &= ~data->PWM_MODE_MASK[nr];
- if (val)
+ if (!val)
reg |= data->PWM_MODE_MASK[nr];
nct6775_write_value(data, data->REG_PWM_MODE[nr], reg);
mutex_unlock(&data->update_lock);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 261/329] powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (241 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 260/329] hwmon: (nct6775) Fix writing pwmX_mode Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 262/329] powerpc/perf: Fix kernel address leak via sampling registers Greg Kroah-Hartman
` (66 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Balbir Singh, Madhavan Srinivasan,
Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
[ Upstream commit bb19af816025d495376bd76bf6fbcf4244f9a06d ]
The current Branch History Rolling Buffer (BHRB) code does not check
for any privilege levels before updating the data from BHRB. This
could leak kernel addresses to userspace even when profiling only with
userspace privileges. Add proper checks to prevent it.
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/perf/core-book3s.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -448,6 +448,16 @@ static void power_pmu_bhrb_read(struct c
/* invalid entry */
continue;
+ /*
+ * BHRB rolling buffer could very much contain the kernel
+ * addresses at this point. Check the privileges before
+ * exporting it to userspace (avoid exposure of regions
+ * where we could have speculative execution)
+ */
+ if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN) &&
+ is_kernel_addr(addr))
+ continue;
+
/* Branches are read most recent first (ie. mfbhrb 0 is
* the most recent branch).
* There are two types of valid entries:
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 262/329] powerpc/perf: Fix kernel address leak via sampling registers
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (242 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 261/329] powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 263/329] tools/thermal: tmon: fix for segfault Greg Kroah-Hartman
` (65 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Madhavan Srinivasan,
Michael Ellerman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit e1ebd0e5b9d0a10ba65e63a3514b6da8c6a5a819 ]
Current code in power_pmu_disable() does not clear the sampling
registers like Sampling Instruction Address Register (SIAR) and
Sampling Data Address Register (SDAR) after disabling the PMU. Since
these are userspace readable and could contain kernel addresses, add
code to explicitly clear the content of these registers.
Also add a "context synchronizing instruction" to enforce no further
updates to these registers as suggested by Power ISA v3.0B. From
section 9.4, on page 1108:
"If an mtspr instruction is executed that changes the value of a
Performance Monitor register other than SIAR, SDAR, and SIER, the
change is not guaranteed to have taken effect until after a
subsequent context synchronizing instruction has been executed (see
Chapter 11. "Synchronization Requirements for Context Alterations"
on page 1133)."
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
[mpe: Massage change log and add ISA reference]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/perf/core-book3s.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -1198,6 +1198,7 @@ static void power_pmu_disable(struct pmu
*/
write_mmcr0(cpuhw, val);
mb();
+ isync();
/*
* Disable instruction sampling if it was enabled
@@ -1206,12 +1207,26 @@ static void power_pmu_disable(struct pmu
mtspr(SPRN_MMCRA,
cpuhw->mmcr[2] & ~MMCRA_SAMPLE_ENABLE);
mb();
+ isync();
}
cpuhw->disabled = 1;
cpuhw->n_added = 0;
ebb_switch_out(mmcr0);
+
+#ifdef CONFIG_PPC64
+ /*
+ * These are readable by userspace, may contain kernel
+ * addresses and are not switched by context switch, so clear
+ * them now to avoid leaking anything to userspace in general
+ * including to another process.
+ */
+ if (ppmu->flags & PPMU_ARCH_207S) {
+ mtspr(SPRN_SDAR, 0);
+ mtspr(SPRN_SIAR, 0);
+ }
+#endif
}
local_irq_restore(flags);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 263/329] tools/thermal: tmon: fix for segfault
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (243 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 262/329] powerpc/perf: Fix kernel address leak via sampling registers Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 264/329] selftests: Print the test were running to /dev/kmsg Greg Kroah-Hartman
` (64 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frank Asseg, Jiri Kosina, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank Asseg <frank.asseg@objecthunter.net>
[ Upstream commit 6c59f64b7ecf2bccbe73931d7d573d66ed13b537 ]
Fixes a segfault occurring when e.g. <TAB> is pressed multiple times in the
ncurses tmon application. The segfault is caused by incrementing
cur_thermal_record in the main function without checking if it's value reached
NR_THERMAL_RECORD immediately. Since the boundary check only occurred in
update_thermal_data a race condition existed, which lead to an attempted read
beyond the last element of the trec array.
The fix was implemented by moving the cur_thermal_record incrementation to the
update_thermal_data function using a temporary variable on which the boundary
condition is checked before updating cur_thread_record, so that the variable is
never incremented beyond the trec array's boundary.
It seems the segfault does not occur on every machine: On a HP EliteBook G4 the
segfault happens, while it does not happen on a Thinkpad T540p.
Signed-off-by: Frank Asseg <frank.asseg@objecthunter.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/thermal/tmon/sysfs.c | 12 +++++++-----
tools/thermal/tmon/tmon.c | 1 -
2 files changed, 7 insertions(+), 6 deletions(-)
--- a/tools/thermal/tmon/sysfs.c
+++ b/tools/thermal/tmon/sysfs.c
@@ -486,6 +486,7 @@ int zone_instance_to_index(int zone_inst
int update_thermal_data()
{
int i;
+ int next_thermal_record = cur_thermal_record + 1;
char tz_name[256];
static unsigned long samples;
@@ -495,9 +496,9 @@ int update_thermal_data()
}
/* circular buffer for keeping historic data */
- if (cur_thermal_record >= NR_THERMAL_RECORDS)
- cur_thermal_record = 0;
- gettimeofday(&trec[cur_thermal_record].tv, NULL);
+ if (next_thermal_record >= NR_THERMAL_RECORDS)
+ next_thermal_record = 0;
+ gettimeofday(&trec[next_thermal_record].tv, NULL);
if (tmon_log) {
fprintf(tmon_log, "%lu ", ++samples);
fprintf(tmon_log, "%3.1f ", p_param.t_target);
@@ -507,11 +508,12 @@ int update_thermal_data()
snprintf(tz_name, 256, "%s/%s%d", THERMAL_SYSFS, TZONE,
ptdata.tzi[i].instance);
sysfs_get_ulong(tz_name, "temp",
- &trec[cur_thermal_record].temp[i]);
+ &trec[next_thermal_record].temp[i]);
if (tmon_log)
fprintf(tmon_log, "%lu ",
- trec[cur_thermal_record].temp[i]/1000);
+ trec[next_thermal_record].temp[i] / 1000);
}
+ cur_thermal_record = next_thermal_record;
for (i = 0; i < ptdata.nr_cooling_dev; i++) {
char cdev_name[256];
unsigned long val;
--- a/tools/thermal/tmon/tmon.c
+++ b/tools/thermal/tmon/tmon.c
@@ -336,7 +336,6 @@ int main(int argc, char **argv)
show_data_w();
show_cooling_device();
}
- cur_thermal_record++;
time_elapsed += ticktime;
controller_handler(trec[0].temp[target_tz_index] / 1000,
&yk);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 264/329] selftests: Print the test were running to /dev/kmsg
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (244 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 263/329] tools/thermal: tmon: fix for segfault Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 265/329] net/mlx5: Protect from command bit overflow Greg Kroah-Hartman
` (63 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Shuah Khan, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 88893cf787d3062c631cc20b875068eb11756e03 ]
Some tests cause the kernel to print things to the kernel log
buffer (ie. printk), in particular oops and warnings etc. However when
running all the tests in succession it's not always obvious which
test(s) caused the kernel to print something.
We can narrow it down by printing which test directory we're running
in to /dev/kmsg, if it's writable.
Example output:
[ 170.149149] kselftest: Running tests in powerpc
[ 305.300132] kworker/dying (71) used greatest stack depth: 7776 bytes
left
[ 808.915456] kselftest: Running tests in pstore
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/Makefile | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -94,6 +94,7 @@ ifdef INSTALL_PATH
for TARGET in $(TARGETS); do \
echo "echo ; echo Running tests in $$TARGET" >> $(ALL_SCRIPT); \
echo "echo ========================================" >> $(ALL_SCRIPT); \
+ echo "[ -w /dev/kmsg ] && echo \"kselftest: Running tests in $$TARGET\" >> /dev/kmsg" >> $(ALL_SCRIPT); \
echo "cd $$TARGET" >> $(ALL_SCRIPT); \
make -s --no-print-directory -C $$TARGET emit_tests >> $(ALL_SCRIPT); \
echo "cd \$$ROOT" >> $(ALL_SCRIPT); \
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 265/329] net/mlx5: Protect from command bit overflow
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (245 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 264/329] selftests: Print the test were running to /dev/kmsg Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 266/329] ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Greg Kroah-Hartman
` (62 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leon Romanovsky, Saeed Mahameed, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Romanovsky <leonro@mellanox.com>
[ Upstream commit 957f6ba8adc7be401a74ccff427e4cfd88d3bfcb ]
The system with CONFIG_UBSAN enabled on produces the following error
during driver initialization. The reason to it that max_reg_cmds can be
larger enough to cause to "1 << max_reg_cmds" overflow the unsigned long.
================================================================================
UBSAN: Undefined behaviour in drivers/net/ethernet/mellanox/mlx5/core/cmd.c:1805:42
signed integer overflow:
-2147483648 - 1 cannot be represented in type 'int'
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2-00032-g06cda2358d9b-dirty #724
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
Call Trace:
dump_stack+0xe9/0x18f
? dma_virt_alloc+0x81/0x81
ubsan_epilogue+0xe/0x4e
handle_overflow+0x187/0x20c
mlx5_cmd_init+0x73a/0x12b0
mlx5_load_one+0x1c3d/0x1d30
init_one+0xd02/0xf10
pci_device_probe+0x26c/0x3b0
driver_probe_device+0x622/0xb40
__driver_attach+0x175/0x1b0
bus_for_each_dev+0xef/0x190
bus_add_driver+0x2db/0x490
driver_register+0x16b/0x1e0
__pci_register_driver+0x177/0x1b0
init+0x6d/0x92
do_one_initcall+0x15b/0x270
kernel_init_freeable+0x2d8/0x3d0
kernel_init+0x14/0x190
ret_from_fork+0x24/0x30
================================================================================
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -1765,7 +1765,7 @@ int mlx5_cmd_init(struct mlx5_core_dev *
cmd->checksum_disabled = 1;
cmd->max_reg_cmds = (1 << cmd->log_sz) - 1;
- cmd->bitmask = (1 << cmd->max_reg_cmds) - 1;
+ cmd->bitmask = (1UL << cmd->max_reg_cmds) - 1;
cmd->cmdif_rev = ioread32be(&dev->iseg->cmdif_rev_fw_sub) >> 16;
if (cmd->cmdif_rev > CMD_IF_REV) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 266/329] ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (246 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 265/329] net/mlx5: Protect from command bit overflow Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 267/329] cxgb4: Setup FW queues before registering netdev Greg Kroah-Hartman
` (61 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Karthikeyan Periyasamy, Kalle Valo,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karthikeyan Periyasamy <periyasa@codeaurora.org>
[ Upstream commit 8b2d93dd22615cb7f3046a5a2083a6f8bb8052ed ]
When attempt to run worker (ath10k_sta_rc_update_wk) after the station object
(ieee80211_sta) delete will trigger the kernel panic.
This problem arise in AP + Mesh configuration, Where the current node AP VAP
and neighbor node mesh VAP MAC address are same. When the current mesh node
try to establish the mesh link with neighbor node, driver peer creation for
the neighbor mesh node fails due to duplication MAC address. Already the AP
VAP created with same MAC address.
It is caused by the following scenario steps.
Steps:
1. In above condition, ath10k driver sta_state callback (ath10k_sta_state)
fails to do the state change for a station from IEEE80211_STA_NOTEXIST
to IEEE80211_STA_NONE due to peer creation fails. Sta_state callback is
called from ieee80211_add_station() to handle the new station
(neighbor mesh node) request from the wpa_supplicant.
2. Concurrently ath10k receive the sta_rc_update callback notification from
the mesh_neighbour_update() to handle the beacon frames of the above
neighbor mesh node. since its atomic callback, ath10k driver queue the
work (ath10k_sta_rc_update_wk) to handle rc update.
3. Due to driver sta_state callback fails (step 1), mac80211 free the station
object.
4. When the worker (ath10k_sta_rc_update_wk) scheduled to run, it will access
the station object which is already deleted. so it will trigger kernel
panic.
Added the peer exist check in sta_rc_update callback before queue the work.
Kernel Panic log:
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0204000
[00000000] *pgd=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
CPU: 1 PID: 1833 Comm: kworker/u4:2 Not tainted 3.14.77 #1
task: dcef0000 ti: d72b6000 task.ti: d72b6000
PC is at pwq_activate_delayed_work+0x10/0x40
LR is at pwq_activate_delayed_work+0xc/0x40
pc : [<c023f988>] lr : [<c023f984>] psr: 40000193
sp : d72b7f18 ip : 0000007a fp : d72b6000
r10: 00000000 r9 : dd404414 r8 : d8c31998
r7 : d72b6038 r6 : 00000004 r5 : d4907ec8 r4 : dcee1300
r3 : ffffffe0 r2 : 00000000 r1 : 00000001 r0 : 00000000
Flags: nZcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel
Control: 10c5787d Table: 595bc06a DAC: 00000015
...
Process kworker/u4:2 (pid: 1833, stack limit = 0xd72b6238)
Stack: (0xd72b7f18 to 0xd72b8000)
7f00: 00000001 dcee1300
7f20: 00000001 c02410dc d8c31980 dd404400 dd404400 c0242790 d8c31980 00000089
7f40: 00000000 d93e1340 00000000 d8c31980 c0242568 00000000 00000000 00000000
7f60: 00000000 c02474dc 00000000 00000000 000000f8 d8c31980 00000000 00000000
7f80: d72b7f80 d72b7f80 00000000 00000000 d72b7f90 d72b7f90 d72b7fac d93e1340
7fa0: c0247404 00000000 00000000 c0208d20 00000000 00000000 00000000 00000000
7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[<c023f988>] (pwq_activate_delayed_work) from [<c02410dc>] (pwq_dec_nr_in_flight+0x58/0xc4)
[<c02410dc>] (pwq_dec_nr_in_flight) from [<c0242790>] (worker_thread+0x228/0x360)
[<c0242790>] (worker_thread) from [<c02474dc>] (kthread+0xd8/0xec)
[<c02474dc>] (kthread) from [<c0208d20>] (ret_from_fork+0x14/0x34)
Code: e92d4038 e1a05000 ebffffbc[69210.619376] SMP: failed to stop secondary CPUs
Rebooting in 3 seconds..
Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -6928,10 +6928,20 @@ static void ath10k_sta_rc_update(struct
{
struct ath10k *ar = hw->priv;
struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
+ struct ath10k_vif *arvif = (void *)vif->drv_priv;
+ struct ath10k_peer *peer;
u32 bw, smps;
spin_lock_bh(&ar->data_lock);
+ peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
+ if (!peer) {
+ spin_unlock_bh(&ar->data_lock);
+ ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
+ sta->addr, arvif->vdev_id);
+ return;
+ }
+
ath10k_dbg(ar, ATH10K_DBG_MAC,
"mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
sta->addr, changed, sta->bandwidth, sta->rx_nss,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 267/329] cxgb4: Setup FW queues before registering netdev
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (247 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 266/329] ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 268/329] ima: Fallback to the builtin hash algorithm Greg Kroah-Hartman
` (60 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arjun Vynipadath, Casey Leedom,
Ganesh Goudar, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arjun Vynipadath <arjun@chelsio.com>
[ Upstream commit 843bd7db79c861b49e2912d723625f5fa8e94502 ]
When NetworkManager is enabled, there are chances that interface up
is called even before probe completes. This means we have not yet
allocated the FW sge queues, hence rest of ingress queue allocation
wont be proper. Fix this by calling setup_fw_sge_queues() before
register_netdev().
Fixes: 0fbc81b3ad51 ('chcr/cxgb4i/cxgbit/RDMA/cxgb4: Allocate resources dynamically for all cxgb4 ULD's')
Signed-off-by: Arjun Vynipadath <arjun@chelsio.com>
Signed-off-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -836,8 +836,6 @@ static int setup_fw_sge_queues(struct ad
err = t4_sge_alloc_rxq(adap, &s->fw_evtq, true, adap->port[0],
adap->msi_idx, NULL, fwevtq_handler, NULL, -1);
- if (err)
- t4_free_sge_resources(adap);
return err;
}
@@ -4940,6 +4938,13 @@ static int init_one(struct pci_dev *pdev
if (err)
goto out_free_dev;
+ err = setup_fw_sge_queues(adapter);
+ if (err) {
+ dev_err(adapter->pdev_dev,
+ "FW sge queue allocation failed, err %d", err);
+ goto out_free_dev;
+ }
+
/*
* The card is now ready to go. If any errors occur during device
* registration we do not fail the whole card but rather proceed only
@@ -4983,7 +4988,6 @@ static int init_one(struct pci_dev *pdev
}
print_adapter_info(adapter);
- setup_fw_sge_queues(adapter);
return 0;
sriov:
@@ -5035,6 +5039,7 @@ sriov:
#endif
out_free_dev:
+ t4_free_sge_resources(adapter);
free_some_resources(adapter);
if (adapter->flags & USING_MSIX)
free_msix_info(adapter);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 268/329] ima: Fallback to the builtin hash algorithm
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (248 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 267/329] cxgb4: Setup FW queues before registering netdev Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 269/329] virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Greg Kroah-Hartman
` (59 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Petr Vorel, Mimi Zohar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Petr Vorel <pvorel@suse.cz>
[ Upstream commit ab60368ab6a452466885ef4edf0cefd089465132 ]
IMA requires having it's hash algorithm be compiled-in due to it's
early use. The default IMA algorithm is protected by Kconfig to be
compiled-in.
The ima_hash kernel parameter allows to choose the hash algorithm. When
the specified algorithm is not available or available as a module, IMA
initialization fails, which leads to a kernel panic (mknodat syscall calls
ima_post_path_mknod()). Therefore as fallback we force IMA to use
the default builtin Kconfig hash algorithm.
Fixed crash:
$ grep CONFIG_CRYPTO_MD4 .config
CONFIG_CRYPTO_MD4=m
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.12.14-2.3-default root=UUID=74ae8202-9ca7-4e39-813b-22287ec52f7a video=1024x768-16 plymouth.ignore-serial-consoles console=ttyS0 console=tty resume=/dev/disk/by-path/pci-0000:00:07.0-part3 splash=silent showopts ima_hash=md4
...
[ 1.545190] ima: Can not allocate md4 (reason: -2)
...
[ 2.610120] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2.611903] IP: ima_match_policy+0x23/0x390
[ 2.612967] PGD 0 P4D 0
[ 2.613080] Oops: 0000 [#1] SMP
[ 2.613080] Modules linked in: autofs4
[ 2.613080] Supported: Yes
[ 2.613080] CPU: 0 PID: 1 Comm: systemd Not tainted 4.12.14-2.3-default #1
[ 2.613080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
[ 2.613080] task: ffff88003e2d0040 task.stack: ffffc90000190000
[ 2.613080] RIP: 0010:ima_match_policy+0x23/0x390
[ 2.613080] RSP: 0018:ffffc90000193e88 EFLAGS: 00010296
[ 2.613080] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000004
[ 2.613080] RDX: 0000000000000010 RSI: 0000000000000001 RDI: ffff880037071728
[ 2.613080] RBP: 0000000000008000 R08: 0000000000000000 R09: 0000000000000000
[ 2.613080] R10: 0000000000000008 R11: 61c8864680b583eb R12: 00005580ff10086f
[ 2.613080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000008000
[ 2.613080] FS: 00007f5c1da08940(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[ 2.613080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.613080] CR2: 0000000000000000 CR3: 0000000037002000 CR4: 00000000003406f0
[ 2.613080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2.613080] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2.613080] Call Trace:
[ 2.613080] ? shmem_mknod+0xbf/0xd0
[ 2.613080] ima_post_path_mknod+0x1c/0x40
[ 2.613080] SyS_mknod+0x210/0x220
[ 2.613080] entry_SYSCALL_64_fastpath+0x1a/0xa5
[ 2.613080] RIP: 0033:0x7f5c1bfde570
[ 2.613080] RSP: 002b:00007ffde1c90dc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 2.613080] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c1bfde570
[ 2.613080] RDX: 0000000000000000 RSI: 0000000000008000 RDI: 00005580ff10086f
[ 2.613080] RBP: 00007ffde1c91040 R08: 00005580ff10086f R09: 0000000000000000
[ 2.613080] R10: 0000000000104000 R11: 0000000000000246 R12: 00005580ffb99660
[ 2.613080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002
[ 2.613080] Code: 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41 57 41 56 44 8d 14 09 41 55 41 54 55 53 44 89 d3 09 cb 48 83 ec 38 48 8b 05 c5 03 29 01 <4c> 8b 20 4c 39 e0 0f 84 d7 01 00 00 4c 89 44 24 08 89 54 24 20
[ 2.613080] RIP: ima_match_policy+0x23/0x390 RSP: ffffc90000193e88
[ 2.613080] CR2: 0000000000000000
[ 2.613080] ---[ end trace 9a9f0a8a73079f6a ]---
[ 2.673052] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 2.673052]
[ 2.675337] Kernel Offset: disabled
[ 2.676405] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima_crypto.c | 2 ++
security/integrity/ima/ima_main.c | 13 +++++++++++++
2 files changed, 15 insertions(+)
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -78,6 +78,8 @@ int __init ima_init_crypto(void)
hash_algo_name[ima_hash_algo], rc);
return rc;
}
+ pr_info("Allocated hash algorithm: %s\n",
+ hash_algo_name[ima_hash_algo]);
return 0;
}
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -16,6 +16,9 @@
* implements the IMA hooks: ima_bprm_check, ima_file_mmap,
* and ima_file_check.
*/
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/module.h>
#include <linux/file.h>
#include <linux/binfmts.h>
@@ -426,6 +429,16 @@ static int __init init_ima(void)
hash_setup(CONFIG_IMA_DEFAULT_HASH);
error = ima_init();
+
+ if (error && strcmp(hash_algo_name[ima_hash_algo],
+ CONFIG_IMA_DEFAULT_HASH) != 0) {
+ pr_info("Allocating %s failed, going to use default hash algorithm %s\n",
+ hash_algo_name[ima_hash_algo], CONFIG_IMA_DEFAULT_HASH);
+ hash_setup_done = 0;
+ hash_setup(CONFIG_IMA_DEFAULT_HASH);
+ error = ima_init();
+ }
+
if (!error) {
ima_initialized = 1;
ima_update_policy_flag();
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 269/329] virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (249 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 268/329] ima: Fallback to the builtin hash algorithm Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 270/329] arm: dts: socfpga: fix GIC PPI warning Greg Kroah-Hartman
` (58 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael S. Tsirkin, Jason Wang,
Ben Hutchings, Jay Vosburgh, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jay Vosburgh <jay.vosburgh@canonical.com>
[ Upstream commit bda7fab54828bbef2164bb23c0f6b1a7d05cc718 ]
The operstate update logic will leave an interface in the
default UNKNOWN operstate if the interface carrier state never changes
from the default carrier up state set at creation. This includes the
case of an explicit call to netif_carrier_on, as the carrier on to on
transition has no effect on operstate.
This affects virtio-net for the case that the virtio peer does
not support VIRTIO_NET_F_STATUS (the feature that provides carrier state
updates). Without this feature, the virtio specification states that
"the link should be assumed active," so, logically, the operstate should
be UP instead of UNKNOWN. This has impact on user space applications
that use the operstate to make availability decisions for the interface.
Resolve this by changing the virtio probe logic slightly to call
netif_carrier_off for both the "with" and "without" VIRTIO_NET_F_STATUS
cases, and then the existing call to netif_carrier_on for the "without"
case will cause an operstate transition.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/virtio_net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1949,8 +1949,8 @@ static int virtnet_probe(struct virtio_d
/* Assume link up if device can't report link status,
otherwise get link status from config. */
+ netif_carrier_off(dev);
if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_STATUS)) {
- netif_carrier_off(dev);
schedule_work(&vi->config_work);
} else {
vi->status = VIRTIO_NET_S_LINK_UP;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 270/329] arm: dts: socfpga: fix GIC PPI warning
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (250 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 269/329] virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 271/329] cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Greg Kroah-Hartman
` (57 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Puschmann, Dinh Nguyen, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Philipp Puschmann <pp@emlix.com>
[ Upstream commit 6d97d5aba08b26108f95dc9fb7bbe4d9436c769c ]
Fixes the warning "GIC: PPI13 is secure or misconfigured" by
changing the interrupt type from level_low to edge_raising
Signed-off-by: Philipp Puschmann <pp@emlix.com>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/socfpga.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/socfpga.dtsi
+++ b/arch/arm/boot/dts/socfpga.dtsi
@@ -759,7 +759,7 @@
timer@fffec600 {
compatible = "arm,cortex-a9-twd-timer";
reg = <0xfffec600 0x100>;
- interrupts = <1 13 0xf04>;
+ interrupts = <1 13 0xf01>;
clocks = <&mpu_periph_clk>;
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 271/329] cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (251 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 270/329] arm: dts: socfpga: fix GIC PPI warning Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 272/329] zorro: Set up z->dev.dma_mask for the DMA API Greg Kroah-Hartman
` (56 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chunyu Hu, Viresh Kumar,
Rafael J. Wysocki, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chunyu Hu <chuhu@redhat.com>
[ Upstream commit 55b55abc17f238c61921360e61dde90dd9a326d1 ]
Kmemleak reported the below leak. When cppc_cpufreq_init went into
failure path, the cpu mask is not freed. After fix, this report is
gone. And to avaoid potential NULL pointer reference, check the cpu
value first.
unreferenced object 0xffff800fd5ea4880 (size 128):
comm "swapper/0", pid 1, jiffies 4294939510 (age 668.680s)
hex dump (first 32 bytes):
00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 .... ...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffff0000082c4ae4>] __kmalloc_node+0x278/0x634
[<ffff0000088f4a74>] alloc_cpumask_var_node+0x28/0x60
[<ffff0000088f4af0>] zalloc_cpumask_var+0x14/0x1c
[<ffff000008d20254>] cppc_cpufreq_init+0xd0/0x19c
[<ffff000008083828>] do_one_initcall+0xec/0x15c
[<ffff000008cd1018>] kernel_init_freeable+0x1f4/0x2a4
[<ffff0000089099b0>] kernel_init+0x18/0x10c
[<ffff000008084d50>] ret_from_fork+0x10/0x18
[<ffffffffffffffff>] 0xffffffffffffffff
Signed-off-by: Chunyu Hu <chuhu@redhat.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cppc_cpufreq.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -228,8 +228,13 @@ static int __init cppc_cpufreq_init(void
return ret;
out:
- for_each_possible_cpu(i)
- kfree(all_cpu_data[i]);
+ for_each_possible_cpu(i) {
+ cpu = all_cpu_data[i];
+ if (!cpu)
+ break;
+ free_cpumask_var(cpu->shared_cpu_map);
+ kfree(cpu);
+ }
kfree(all_cpu_data);
return -ENODEV;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 272/329] zorro: Set up z->dev.dma_mask for the DMA API
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (252 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 271/329] cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 273/329] bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Greg Kroah-Hartman
` (55 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Schmitz, Christoph Hellwig,
Geert Uytterhoeven, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Schmitz <schmitzmic@gmail.com>
[ Upstream commit 55496d3fe2acd1a365c43cbd613a20ecd4d74395 ]
The generic DMA API uses dev->dma_mask to check the DMA addressable
memory bitmask, and warns if no mask is set or even allocated.
Set z->dev.dma_coherent_mask on Zorro bus scan, and make z->dev.dma_mask
to point to z->dev.dma_coherent_mask so device drivers that need DMA have
everything set up to avoid warnings from dma_alloc_coherent(). Drivers can
still use dma_set_mask_and_coherent() to explicitly set their DMA bit mask.
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
[geert: Handle Zorro II with 24-bit address space]
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/zorro/zorro.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/zorro/zorro.c
+++ b/drivers/zorro/zorro.c
@@ -16,6 +16,7 @@
#include <linux/bitops.h>
#include <linux/string.h>
#include <linux/platform_device.h>
+#include <linux/dma-mapping.h>
#include <linux/slab.h>
#include <asm/byteorder.h>
@@ -185,6 +186,17 @@ static int __init amiga_zorro_probe(stru
z->dev.parent = &bus->dev;
z->dev.bus = &zorro_bus_type;
z->dev.id = i;
+ switch (z->rom.er_Type & ERT_TYPEMASK) {
+ case ERT_ZORROIII:
+ z->dev.coherent_dma_mask = DMA_BIT_MASK(32);
+ break;
+
+ case ERT_ZORROII:
+ default:
+ z->dev.coherent_dma_mask = DMA_BIT_MASK(24);
+ break;
+ }
+ z->dev.dma_mask = &z->dev.coherent_dma_mask;
}
/* ... then register them */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 273/329] bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (253 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 272/329] zorro: Set up z->dev.dma_mask for the DMA API Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 274/329] ACPICA: Events: add a return on failure from acpi_hw_register_read Greg Kroah-Hartman
` (54 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Coly Li, Michael Lyle,
Hannes Reinecke, Huijun Tang, Jens Axboe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Coly Li <colyli@suse.de>
[ Upstream commit fadd94e05c02afec7b70b0b14915624f1782f578 ]
In patch "bcache: fix cached_dev->count usage for bch_cache_set_error()",
cached_dev_get() is called when creating dc->writeback_thread, and
cached_dev_put() is called when exiting dc->writeback_thread. This
modification works well unless people detach the bcache device manually by
'echo 1 > /sys/block/bcache<N>/bcache/detach'
Because this sysfs interface only calls bch_cached_dev_detach() which wakes
up dc->writeback_thread but does not stop it. The reason is, before patch
"bcache: fix cached_dev->count usage for bch_cache_set_error()", inside
bch_writeback_thread(), if cache is not dirty after writeback,
cached_dev_put() will be called here. And in cached_dev_make_request() when
a new write request makes cache from clean to dirty, cached_dev_get() will
be called there. Since we don't operate dc->count in these locations,
refcount d->count cannot be dropped after cache becomes clean, and
cached_dev_detach_finish() won't be called to detach bcache device.
This patch fixes the issue by checking whether BCACHE_DEV_DETACHING is
set inside bch_writeback_thread(). If this bit is set and cache is clean
(no existing writeback_keys), break the while-loop, call cached_dev_put()
and quit the writeback thread.
Please note if cache is still dirty, even BCACHE_DEV_DETACHING is set the
writeback thread should continue to perform writeback, this is the original
design of manually detach.
It is safe to do the following check without locking, let me explain why,
+ if (!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags) &&
+ (!atomic_read(&dc->has_dirty) || !dc->writeback_running)) {
If the kenrel thread does not sleep and continue to run due to conditions
are not updated in time on the running CPU core, it just consumes more CPU
cycles and has no hurt. This should-sleep-but-run is safe here. We just
focus on the should-run-but-sleep condition, which means the writeback
thread goes to sleep in mistake while it should continue to run.
1, First of all, no matter the writeback thread is hung or not,
kthread_stop() from cached_dev_detach_finish() will wake up it and
terminate by making kthread_should_stop() return true. And in normal
run time, bit on index BCACHE_DEV_DETACHING is always cleared, the
condition
!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags)
is always true and can be ignored as constant value.
2, If one of the following conditions is true, the writeback thread should
go to sleep,
"!atomic_read(&dc->has_dirty)" or "!dc->writeback_running)"
each of them independently controls the writeback thread should sleep or
not, let's analyse them one by one.
2.1 condition "!atomic_read(&dc->has_dirty)"
If dc->has_dirty is set from 0 to 1 on another CPU core, bcache will
call bch_writeback_queue() immediately or call bch_writeback_add() which
indirectly calls bch_writeback_queue() too. In bch_writeback_queue(),
wake_up_process(dc->writeback_thread) is called. It sets writeback
thread's task state to TASK_RUNNING and following an implicit memory
barrier, then tries to wake up the writeback thread.
In writeback thread, its task state is set to TASK_INTERRUPTIBLE before
doing the condition check. If other CPU core sets the TASK_RUNNING state
after writeback thread setting TASK_INTERRUPTIBLE, the writeback thread
will be scheduled to run very soon because its state is not
TASK_INTERRUPTIBLE. If other CPU core sets the TASK_RUNNING state before
writeback thread setting TASK_INTERRUPTIBLE, the implict memory barrier
of wake_up_process() will make sure modification of dc->has_dirty on
other CPU core is updated and observed on the CPU core of writeback
thread. Therefore the condition check will correctly be false, and
continue writeback code without sleeping.
2.2 condition "!dc->writeback_running)"
dc->writeback_running can be changed via sysfs file, every time it is
modified, a following bch_writeback_queue() is alwasy called. So the
change is always observed on the CPU core of writeback thread. If
dc->writeback_running is changed from 0 to 1 on other CPU core, this
condition check will observe the modification and allow writeback
thread to continue to run without sleeping.
Now we can see, even without a locking protection, multiple conditions
check is safe here, no deadlock or process hang up will happen.
I compose a separte patch because that patch "bcache: fix cached_dev->count
usage for bch_cache_set_error()" already gets a "Reviewed-by:" from Hannes
Reinecke. Also this fix is not trivial and good for a separate patch.
Signed-off-by: Coly Li <colyli@suse.de>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Huijun Tang <tang.junhui@zte.com.cn>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/writeback.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -421,9 +421,15 @@ static int bch_writeback_thread(void *ar
while (!kthread_should_stop()) {
down_write(&dc->writeback_lock);
set_current_state(TASK_INTERRUPTIBLE);
- if (!atomic_read(&dc->has_dirty) ||
- (!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags) &&
- !dc->writeback_running)) {
+ /*
+ * If the bache device is detaching, skip here and continue
+ * to perform writeback. Otherwise, if no dirty data on cache,
+ * or there is dirty data on cache but writeback is disabled,
+ * the writeback thread should sleep here and wait for others
+ * to wake up it.
+ */
+ if (!test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags) &&
+ (!atomic_read(&dc->has_dirty) || !dc->writeback_running)) {
up_write(&dc->writeback_lock);
if (kthread_should_stop()) {
@@ -444,6 +450,14 @@ static int bch_writeback_thread(void *ar
cached_dev_put(dc);
SET_BDEV_STATE(&dc->sb, BDEV_STATE_CLEAN);
bch_write_bdev_super(dc, NULL);
+ /*
+ * If bcache device is detaching via sysfs interface,
+ * writeback thread should stop after there is no dirty
+ * data on cache. BCACHE_DEV_DETACHING flag is set in
+ * bch_cached_dev_detach().
+ */
+ if (test_bit(BCACHE_DEV_DETACHING, &dc->disk.flags))
+ break;
}
up_write(&dc->writeback_lock);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 274/329] ACPICA: Events: add a return on failure from acpi_hw_register_read
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (254 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 273/329] bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 275/329] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Greg Kroah-Hartman
` (53 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erik Schmauss, Rafael J. Wysocki,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Erik Schmauss <erik.schmauss@intel.com>
[ Upstream commit b4c0de312613ca676db5bd7e696a44b56795612a ]
This ensures that acpi_ev_fixed_event_detect() does not use fixed_status
and and fixed_enable as uninitialized variables.
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpica/evevent.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/acpi/acpica/evevent.c
+++ b/drivers/acpi/acpica/evevent.c
@@ -204,6 +204,7 @@ u32 acpi_ev_fixed_event_detect(void)
u32 fixed_status;
u32 fixed_enable;
u32 i;
+ acpi_status status;
ACPI_FUNCTION_NAME(ev_fixed_event_detect);
@@ -211,8 +212,12 @@ u32 acpi_ev_fixed_event_detect(void)
* Read the fixed feature status and enable registers, as all the cases
* depend on their values. Ignore errors here.
*/
- (void)acpi_hw_register_read(ACPI_REGISTER_PM1_STATUS, &fixed_status);
- (void)acpi_hw_register_read(ACPI_REGISTER_PM1_ENABLE, &fixed_enable);
+ status = acpi_hw_register_read(ACPI_REGISTER_PM1_STATUS, &fixed_status);
+ status |=
+ acpi_hw_register_read(ACPI_REGISTER_PM1_ENABLE, &fixed_enable);
+ if (ACPI_FAILURE(status)) {
+ return (int_status);
+ }
ACPI_DEBUG_PRINT((ACPI_DB_INTERRUPTS,
"Fixed Event Block: Enable %08X Status %08X\n",
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 275/329] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (255 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 274/329] ACPICA: Events: add a return on failure from acpi_hw_register_read Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 276/329] cxgb4: Fix queue free path of ULD drivers Greg Kroah-Hartman
` (52 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Seunghun Han, Erik Schmauss,
Rafael J. Wysocki, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Seunghun Han <kkamagui@gmail.com>
[ Upstream commit 97f3c0a4b0579b646b6b10ae5a3d59f0441cc12c ]
I found an ACPI cache leak in ACPI early termination and boot continuing case.
When early termination occurs due to malicious ACPI table, Linux kernel
terminates ACPI function and continues to boot process. While kernel terminates
ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.
Boot log of ACPI operand cache leak is as follows:
>[ 0.464168] ACPI: Added _OSI(Module Device)
>[ 0.467022] ACPI: Added _OSI(Processor Device)
>[ 0.469376] ACPI: Added _OSI(3.0 _SCP Extensions)
>[ 0.471647] ACPI: Added _OSI(Processor Aggregator Device)
>[ 0.477997] ACPI Error: Null stack entry at ffff880215c0aad8 (20170303/exresop-174)
>[ 0.482706] ACPI Exception: AE_AML_INTERNAL, While resolving operands for [opcode_name unavailable] (20170303/dswexec-461)
>[ 0.487503] ACPI Error: Method parse/execution failed [\DBG] (Node ffff88021710ab40), AE_AML_INTERNAL (20170303/psparse-543)
>[ 0.492136] ACPI Error: Method parse/execution failed [\_SB._INI] (Node ffff88021710a618), AE_AML_INTERNAL (20170303/psparse-543)
>[ 0.497683] ACPI: Interpreter enabled
>[ 0.499385] ACPI: (supports S0)
>[ 0.501151] ACPI: Using IOAPIC for interrupt routing
>[ 0.503342] ACPI Error: Null stack entry at ffff880215c0aad8 (20170303/exresop-174)
>[ 0.506522] ACPI Exception: AE_AML_INTERNAL, While resolving operands for [opcode_name unavailable] (20170303/dswexec-461)
>[ 0.510463] ACPI Error: Method parse/execution failed [\DBG] (Node ffff88021710ab40), AE_AML_INTERNAL (20170303/psparse-543)
>[ 0.514477] ACPI Error: Method parse/execution failed [\_PIC] (Node ffff88021710ab18), AE_AML_INTERNAL (20170303/psparse-543)
>[ 0.518867] ACPI Exception: AE_AML_INTERNAL, Evaluating _PIC (20170303/bus-991)
>[ 0.522384] kmem_cache_destroy Acpi-Operand: Slab cache still has objects
>[ 0.524597] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26
>[ 0.526795] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006
>[ 0.529668] Call Trace:
>[ 0.530811] ? dump_stack+0x5c/0x81
>[ 0.532240] ? kmem_cache_destroy+0x1aa/0x1c0
>[ 0.533905] ? acpi_os_delete_cache+0xa/0x10
>[ 0.535497] ? acpi_ut_delete_caches+0x3f/0x7b
>[ 0.537237] ? acpi_terminate+0xa/0x14
>[ 0.538701] ? acpi_init+0x2af/0x34f
>[ 0.540008] ? acpi_sleep_proc_init+0x27/0x27
>[ 0.541593] ? do_one_initcall+0x4e/0x1a0
>[ 0.543008] ? kernel_init_freeable+0x19e/0x21f
>[ 0.546202] ? rest_init+0x80/0x80
>[ 0.547513] ? kernel_init+0xa/0x100
>[ 0.548817] ? ret_from_fork+0x25/0x30
>[ 0.550587] vgaarb: loaded
>[ 0.551716] EDAC MC: Ver: 3.0.0
>[ 0.553744] PCI: Probing PCI hardware
>[ 0.555038] PCI host bridge to bus 0000:00
> ... Continue to boot and log is omitted ...
I analyzed this memory leak in detail and found acpi_ns_evaluate() function
only removes Info->return_object in AE_CTRL_RETURN_VALUE case. But, when errors
occur, the status value is not AE_CTRL_RETURN_VALUE, and Info->return_object is
also not null. Therefore, this causes acpi operand memory leak.
This cache leak causes a security threat because an old kernel (<= 4.9) shows
memory locations of kernel functions in stack dump. Some malicious users
could use this information to neutralize kernel ASLR.
I made a patch to fix ACPI operand cache leak.
Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpica/nseval.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/acpi/acpica/nseval.c
+++ b/drivers/acpi/acpica/nseval.c
@@ -308,6 +308,14 @@ acpi_status acpi_ns_evaluate(struct acpi
/* Map AE_CTRL_RETURN_VALUE to AE_OK, we are done with it */
status = AE_OK;
+ } else if (ACPI_FAILURE(status)) {
+
+ /* If return_object exists, delete it */
+
+ if (info->return_object) {
+ acpi_ut_remove_reference(info->return_object);
+ info->return_object = NULL;
+ }
}
ACPI_DEBUG_PRINT((ACPI_DB_NAMES,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 276/329] cxgb4: Fix queue free path of ULD drivers
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (256 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 275/329] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 277/329] i2c: mv64xxx: Apply errata delay only in standard mode Greg Kroah-Hartman
` (51 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arjun Vynipadath, Casey Leedom,
Ganesh Goudhar, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arjun Vynipadath <arjun@chelsio.com>
[ Upstream commit d7cb44496a9bb458632cb3c18acb08949c210448 ]
Setting sge_uld_rxq_info to NULL in free_queues_uld().
We are referencing sge_uld_rxq_info in cxgb_up(). This
will fix a panic when interface is brought up after a
ULDq creation failure.
Fixes: 94cdb8bb993a (cxgb4: Add support for dynamic allocation
of resources for ULD)
Signed-off-by: Arjun Vynipadath <arjun@chelsio.com>
Signed-off-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: Ganesh Goudhar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c
@@ -342,6 +342,7 @@ static void free_queues_uld(struct adapt
{
struct sge_uld_rxq_info *rxq_info = adap->sge.uld_rxq_info[uld_type];
+ adap->sge.uld_rxq_info[uld_type] = NULL;
kfree(rxq_info->rspq_id);
kfree(rxq_info->uldrxq);
kfree(rxq_info);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 277/329] i2c: mv64xxx: Apply errata delay only in standard mode
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (257 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 276/329] cxgb4: Fix queue free path of ULD drivers Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 279/329] perf top: Fix top.call-graph config option reading Greg Kroah-Hartman
` (50 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gregory CLEMENT <gregory.clement@bootlin.com>
[ Upstream commit 31184d8c6ea49ea0676d100cdd7e1f102ad025b5 ]
The errata FE-8471889 description has been updated. There is still a
timing violation for repeated start. But the errata now states that it
was only the case for the Standard mode (100 kHz), in Fast mode (400 kHz)
there is no issue.
This patch limit the errata fix to the Standard mode.
It has been tesed successfully on the clearfog (Aramda 388 based board).
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-mv64xxx.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/i2c/busses/i2c-mv64xxx.c
+++ b/drivers/i2c/busses/i2c-mv64xxx.c
@@ -848,12 +848,16 @@ mv64xxx_of_config(struct mv64xxx_i2c_dat
*/
if (of_device_is_compatible(np, "marvell,mv78230-i2c")) {
drv_data->offload_enabled = true;
- drv_data->errata_delay = true;
+ /* The delay is only needed in standard mode (100kHz) */
+ if (bus_freq <= 100000)
+ drv_data->errata_delay = true;
}
if (of_device_is_compatible(np, "marvell,mv78230-a0-i2c")) {
drv_data->offload_enabled = false;
- drv_data->errata_delay = true;
+ /* The delay is only needed in standard mode (100kHz) */
+ if (bus_freq <= 100000)
+ drv_data->errata_delay = true;
}
if (of_device_is_compatible(np, "allwinner,sun6i-a31-i2c"))
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 279/329] perf top: Fix top.call-graph config option reading
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (258 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 277/329] i2c: mv64xxx: Apply errata delay only in standard mode Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 280/329] perf stat: Fix core dump when flag T is used Greg Kroah-Hartman
` (49 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yisheng Xie,
Arnaldo Carvalho de Melo, Alexander Shishkin, Jiri Olsa,
Namhyung Kim, Peter Zijlstra, Wang Nan, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yisheng Xie <xieyisheng1@huawei.com>
[ Upstream commit a3a4a3b37c9b911af4c375b2475cea0fd2b84d38 ]
When trying to add the "call-graph" variable for top into the
.perfconfig file, like:
[top]
call-graph = fp
I that perf_top_config() do not parse this variable.
Fix it by calling perf_default_config() when the top.call-graph variable
is set.
Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Wang Nan <wangnan0@huawei.com>
Fixes: b8cbb349061e ("perf config: Bring perf_default_config to the very beginning at main()")
Link: http://lkml.kernel.org/r/1520853957-36106-1-git-send-email-xieyisheng1@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/builtin-top.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/tools/perf/builtin-top.c
+++ b/tools/perf/builtin-top.c
@@ -1061,8 +1061,10 @@ parse_callchain_opt(const struct option
static int perf_top_config(const char *var, const char *value, void *cb __maybe_unused)
{
- if (!strcmp(var, "top.call-graph"))
- var = "call-graph.record-mode"; /* fall-through */
+ if (!strcmp(var, "top.call-graph")) {
+ var = "call-graph.record-mode";
+ return perf_default_config(var, value, cb);
+ }
if (!strcmp(var, "top.children")) {
symbol_conf.cumulate_callchain = perf_config_bool(var, value);
return 0;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 280/329] perf stat: Fix core dump when flag T is used
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (259 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 279/329] perf top: Fix top.call-graph config option reading Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 281/329] IB/core: Honor port_num while resolving GID for IB link layer Greg Kroah-Hartman
` (48 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Richter, Heiko Carstens,
Hendrik Brueckner, Martin Schwidefsky, Arnaldo Carvalho de Melo,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Richter <tmricht@linux.vnet.ibm.com>
[ Upstream commit fca32340a5e8b896f57d41fd94b8b1701df25eb1 ]
Executing command 'perf stat -T -- ls' dumps core on x86 and s390.
Here is the call back chain (done on x86):
# gdb ./perf
....
(gdb) r stat -T -- ls
...
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff56d1963 in vasprintf () from /lib64/libc.so.6
(gdb) where
#0 0x00007ffff56d1963 in vasprintf () from /lib64/libc.so.6
#1 0x00007ffff56ae484 in asprintf () from /lib64/libc.so.6
#2 0x00000000004f1982 in __parse_events_add_pmu (parse_state=0x7fffffffd580,
list=0xbfb970, name=0xbf3ef0 "cpu",
head_config=0xbfb930, auto_merge_stats=false) at util/parse-events.c:1233
#3 0x00000000004f1c8e in parse_events_add_pmu (parse_state=0x7fffffffd580,
list=0xbfb970, name=0xbf3ef0 "cpu",
head_config=0xbfb930) at util/parse-events.c:1288
#4 0x0000000000537ce3 in parse_events_parse (_parse_state=0x7fffffffd580,
scanner=0xbf4210) at util/parse-events.y:234
#5 0x00000000004f2c7a in parse_events__scanner (str=0x6b66c0
"task-clock,{instructions,cycles,cpu/cycles-t/,cpu/tx-start/}",
parse_state=0x7fffffffd580, start_token=258) at util/parse-events.c:1673
#6 0x00000000004f2e23 in parse_events (evlist=0xbe9990, str=0x6b66c0
"task-clock,{instructions,cycles,cpu/cycles-t/,cpu/tx-start/}", err=0x0)
at util/parse-events.c:1713
#7 0x000000000044e137 in add_default_attributes () at builtin-stat.c:2281
#8 0x000000000044f7b5 in cmd_stat (argc=1, argv=0x7fffffffe3b0) at
builtin-stat.c:2828
#9 0x00000000004c8b0f in run_builtin (p=0xab01a0 <commands+288>, argc=4,
argv=0x7fffffffe3b0) at perf.c:297
#10 0x00000000004c8d7c in handle_internal_command (argc=4,
argv=0x7fffffffe3b0) at perf.c:349
#11 0x00000000004c8ece in run_argv (argcp=0x7fffffffe20c,
argv=0x7fffffffe200) at perf.c:393
#12 0x00000000004c929c in main (argc=4, argv=0x7fffffffe3b0) at perf.c:537
(gdb)
It turns out that a NULL pointer is referenced. Here are the
function calls:
...
cmd_stat()
+---> add_default_attributes()
+---> parse_events(evsel_list, transaction_attrs, NULL);
3rd parameter set to NULL
Function parse_events(xx, xx, struct parse_events_error *err) dives
into a bison generated scanner and creates
parser state information for it first:
struct parse_events_state parse_state = {
.list = LIST_HEAD_INIT(parse_state.list),
.idx = evlist->nr_entries,
.error = err, <--- NULL POINTER !!!
.evlist = evlist,
};
Now various functions inside the bison scanner are called to end up in
__parse_events_add_pmu(struct parse_events_state *parse_state, ..) with
first parameter being a pointer to above structure definition.
Now the PMU event name is not found (because being executed in a VM) and
this function tries to create an error message with
asprintf(&parse_state->error.str, ....)
which references a NULL pointer and dumps core.
Fix this by providing a pointer to the necessary error information
instead of NULL. Technically only the else part is needed to avoid the
core dump, just lets be safe...
Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Link: http://lkml.kernel.org/r/20180308145735.64717-1-tmricht@linux.vnet.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/builtin-stat.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/tools/perf/builtin-stat.c
+++ b/tools/perf/builtin-stat.c
@@ -2042,11 +2042,16 @@ static int add_default_attributes(void)
return 0;
if (transaction_run) {
+ struct parse_events_error errinfo;
+
if (pmu_have_event("cpu", "cycles-ct") &&
pmu_have_event("cpu", "el-start"))
- err = parse_events(evsel_list, transaction_attrs, NULL);
+ err = parse_events(evsel_list, transaction_attrs,
+ &errinfo);
else
- err = parse_events(evsel_list, transaction_limited_attrs, NULL);
+ err = parse_events(evsel_list,
+ transaction_limited_attrs,
+ &errinfo);
if (err) {
fprintf(stderr, "Cannot set up transaction events\n");
return -1;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 281/329] IB/core: Honor port_num while resolving GID for IB link layer
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (260 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 280/329] perf stat: Fix core dump when flag T is used Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 282/329] regulator: gpio: Fix some error handling paths in gpio_regulator_probe() Greg Kroah-Hartman
` (47 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Jurgens, Parav Pandit,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parav Pandit <parav@mellanox.com>
[ Upstream commit 563c4ba3bd2b8b0b21c65669ec2226b1cfa1138b ]
ah_attr contains the port number to which cm_id is bound. However, while
searching for GID table for matching GID entry, the port number is
ignored.
This could cause the wrong GID to be used when the ah_attr is converted to
an AH.
Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/multicast.c | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
--- a/drivers/infiniband/core/multicast.c
+++ b/drivers/infiniband/core/multicast.c
@@ -724,21 +724,19 @@ int ib_init_ah_from_mcmember(struct ib_d
{
int ret;
u16 gid_index;
- u8 p;
- if (rdma_protocol_roce(device, port_num)) {
- ret = ib_find_cached_gid_by_port(device, &rec->port_gid,
- gid_type, port_num,
- ndev,
- &gid_index);
- } else if (rdma_protocol_ib(device, port_num)) {
- ret = ib_find_cached_gid(device, &rec->port_gid,
- IB_GID_TYPE_IB, NULL, &p,
- &gid_index);
- } else {
- ret = -EINVAL;
- }
+ /* GID table is not based on the netdevice for IB link layer,
+ * so ignore ndev during search.
+ */
+ if (rdma_protocol_ib(device, port_num))
+ ndev = NULL;
+ else if (!rdma_protocol_roce(device, port_num))
+ return -EINVAL;
+ ret = ib_find_cached_gid_by_port(device, &rec->port_gid,
+ gid_type, port_num,
+ ndev,
+ &gid_index);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 282/329] regulator: gpio: Fix some error handling paths in gpio_regulator_probe()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (261 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 281/329] IB/core: Honor port_num while resolving GID for IB link layer Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 283/329] spi: bcm-qspi: fIX some error handling paths Greg Kroah-Hartman
` (46 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Mark Brown, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Jaillet <christophe.jaillet@wanadoo.fr>
[ Upstream commit ed8cffda27dea6fd3dafb3ee881c5a786edac9ca ]
Re-order error handling code and gotos to avoid leaks in error handling
paths.
Fixes: 9f946099fe19 ("regulator: gpio: fix parsing of gpio list")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/gpio-regulator.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
--- a/drivers/regulator/gpio-regulator.c
+++ b/drivers/regulator/gpio-regulator.c
@@ -268,8 +268,7 @@ static int gpio_regulator_probe(struct p
drvdata->desc.name = kstrdup(config->supply_name, GFP_KERNEL);
if (drvdata->desc.name == NULL) {
dev_err(&pdev->dev, "Failed to allocate supply name\n");
- ret = -ENOMEM;
- goto err;
+ return -ENOMEM;
}
if (config->nr_gpios != 0) {
@@ -289,7 +288,7 @@ static int gpio_regulator_probe(struct p
dev_err(&pdev->dev,
"Could not obtain regulator setting GPIOs: %d\n",
ret);
- goto err_memstate;
+ goto err_memgpio;
}
}
@@ -300,7 +299,7 @@ static int gpio_regulator_probe(struct p
if (drvdata->states == NULL) {
dev_err(&pdev->dev, "Failed to allocate state data\n");
ret = -ENOMEM;
- goto err_memgpio;
+ goto err_stategpio;
}
drvdata->nr_states = config->nr_states;
@@ -321,7 +320,7 @@ static int gpio_regulator_probe(struct p
default:
dev_err(&pdev->dev, "No regulator type set\n");
ret = -EINVAL;
- goto err_memgpio;
+ goto err_memstate;
}
/* build initial state from gpio init data. */
@@ -358,22 +357,21 @@ static int gpio_regulator_probe(struct p
if (IS_ERR(drvdata->dev)) {
ret = PTR_ERR(drvdata->dev);
dev_err(&pdev->dev, "Failed to register regulator: %d\n", ret);
- goto err_stategpio;
+ goto err_memstate;
}
platform_set_drvdata(pdev, drvdata);
return 0;
-err_stategpio:
- gpio_free_array(drvdata->gpios, drvdata->nr_gpios);
err_memstate:
kfree(drvdata->states);
+err_stategpio:
+ gpio_free_array(drvdata->gpios, drvdata->nr_gpios);
err_memgpio:
kfree(drvdata->gpios);
err_name:
kfree(drvdata->desc.name);
-err:
return ret;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 283/329] spi: bcm-qspi: fIX some error handling paths
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (262 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 282/329] regulator: gpio: Fix some error handling paths in gpio_regulator_probe() Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 284/329] MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Greg Kroah-Hartman
` (45 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Mark Brown, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Jaillet <christophe.jaillet@wanadoo.fr>
[ Upstream commit bc3cc75281b3c2b1c5355d88d147b66a753bb9a5 ]
For some reason, commit c0368e4db4a3 ("spi: bcm-qspi: Fix use after free
in bcm_qspi_probe() in error path") has updated some gotos, but not all of
them.
This looks spurious, so fix it.
Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-bcm-qspi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/spi/spi-bcm-qspi.c
+++ b/drivers/spi/spi-bcm-qspi.c
@@ -1220,7 +1220,7 @@ int bcm_qspi_probe(struct platform_devic
qspi->base[MSPI] = devm_ioremap_resource(dev, res);
if (IS_ERR(qspi->base[MSPI])) {
ret = PTR_ERR(qspi->base[MSPI]);
- goto qspi_probe_err;
+ goto qspi_resource_err;
}
} else {
goto qspi_resource_err;
@@ -1231,7 +1231,7 @@ int bcm_qspi_probe(struct platform_devic
qspi->base[BSPI] = devm_ioremap_resource(dev, res);
if (IS_ERR(qspi->base[BSPI])) {
ret = PTR_ERR(qspi->base[BSPI]);
- goto qspi_probe_err;
+ goto qspi_resource_err;
}
qspi->bspi_mode = true;
} else {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 284/329] MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (263 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 283/329] spi: bcm-qspi: fIX some error handling paths Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 285/329] PCI: Restore config space on runtime resume despite being unbound Greg Kroah-Hartman
` (44 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Kresin, Ralf Baechle,
linux-mips, James Hogan, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Kresin <dev@kresin.me>
[ Upstream commit 05454c1bde91fb013c0431801001da82947e6b5a ]
According to the QCA u-boot source the "PCIE Phase Lock Loop
Configuration (PCIE_PLL_CONFIG)" register is for all SoCs except the
QCA955X and QCA956X at offset 0x10.
Since the PCIE PLL config register is only defined for the AR724x fix
only this value. The value is wrong since the day it was added and isn't
used by any driver yet.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16048/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
+++ b/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
@@ -167,7 +167,7 @@
#define AR71XX_AHB_DIV_MASK 0x7
#define AR724X_PLL_REG_CPU_CONFIG 0x00
-#define AR724X_PLL_REG_PCIE_CONFIG 0x18
+#define AR724X_PLL_REG_PCIE_CONFIG 0x10
#define AR724X_PLL_FB_SHIFT 0
#define AR724X_PLL_FB_MASK 0x3ff
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 285/329] PCI: Restore config space on runtime resume despite being unbound
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (264 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 284/329] MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 286/329] ipmi_ssif: Fix kernel panic at msg_done_handler Greg Kroah-Hartman
` (43 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas, Rafael J. Wysocki,
Lukas Wunner, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Rafael J. Wysocki" <rjw@rjwysocki.net>
[ Upstream commit 5775b843a619b3c93f946e2b55a208d9f0f48b59 ]
We leave PCI devices not bound to a driver in D0 during runtime suspend.
But they may have a parent which is bound and can be transitioned to
D3cold at runtime. Once the parent goes to D3cold, the unbound child
may go to D3cold as well. When the child goes to D3cold, its internal
state, including configuration of BARs, MSI, ASPM, MPS, etc., is lost.
One example are recent hybrid graphics laptops which cut power to the
discrete GPU when the root port above it goes to ACPI power state D3.
Users may provoke this by unbinding the GPU driver and allowing runtime
PM on the GPU via sysfs: The PM core will then treat the GPU as
"suspended", which in turn allows the root port to runtime suspend,
causing the power resources listed in its _PR3 object to be powered off.
The GPU's BARs will be uninitialized when a driver later probes it.
Another example are hybrid graphics laptops where the GPU itself (rather
than the root port) is capable of runtime suspending to D3cold. If the
GPU's integrated HDA controller is not bound and the GPU's driver
decides to runtime suspend to D3cold, the HDA controller's BARs will be
uninitialized when a driver later probes it.
Fix by saving and restoring config space over a runtime suspend cycle
even if the device is not bound.
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Peter Wu <peter@lekensteyn.nl> # Nvidia Optimus
Tested-by: Lukas Wunner <lukas@wunner.de> # MacBook Pro
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[lukas: add commit message, bikeshed code comments for clarity]
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://patchwork.freedesktop.org/patch/msgid/92fb6e6ae2730915eb733c08e2f76c6a313e3860.1520068884.git.lukas@wunner.de
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci-driver.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
--- a/drivers/pci/pci-driver.c
+++ b/drivers/pci/pci-driver.c
@@ -1147,11 +1147,14 @@ static int pci_pm_runtime_suspend(struct
int error;
/*
- * If pci_dev->driver is not set (unbound), the device should
- * always remain in D0 regardless of the runtime PM status
+ * If pci_dev->driver is not set (unbound), we leave the device in D0,
+ * but it may go to D3cold when the bridge above it runtime suspends.
+ * Save its config space in case that happens.
*/
- if (!pci_dev->driver)
+ if (!pci_dev->driver) {
+ pci_save_state(pci_dev);
return 0;
+ }
if (!pm || !pm->runtime_suspend)
return -ENOSYS;
@@ -1199,16 +1202,18 @@ static int pci_pm_runtime_resume(struct
const struct dev_pm_ops *pm = dev->driver ? dev->driver->pm : NULL;
/*
- * If pci_dev->driver is not set (unbound), the device should
- * always remain in D0 regardless of the runtime PM status
+ * Restoring config space is necessary even if the device is not bound
+ * to a driver because although we left it in D0, it may have gone to
+ * D3cold when the bridge above it runtime suspended.
*/
+ pci_restore_standard_config(pci_dev);
+
if (!pci_dev->driver)
return 0;
if (!pm || !pm->runtime_resume)
return -ENOSYS;
- pci_restore_standard_config(pci_dev);
pci_fixup_device(pci_fixup_resume_early, pci_dev);
__pci_enable_wake(pci_dev, PCI_D0, true, false);
pci_fixup_device(pci_fixup_resume, pci_dev);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 286/329] ipmi_ssif: Fix kernel panic at msg_done_handler
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (265 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 285/329] PCI: Restore config space on runtime resume despite being unbound Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 288/329] f2fs: fix to check extent cache in f2fs_drop_extent_tree Greg Kroah-Hartman
` (42 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kamlakant Patel, Corey Minyard, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kamlakant Patel <kamlakant.patel@cavium.com>
[ Upstream commit f002612b9d86613bc6fde0a444e0095225f6053e ]
This happens when BMC doesn't return any data and the code is trying
to print the value of data[2].
Getting following crash:
[ 484.728410] Unable to handle kernel NULL pointer dereference at virtual address 00000002
[ 484.736496] pgd = ffff0000094a2000
[ 484.739885] [00000002] *pgd=00000047fcffe003, *pud=00000047fcffd003, *pmd=0000000000000000
[ 484.748158] Internal error: Oops: 96000005 [#1] SMP
[...]
[ 485.101451] Call trace:
[...]
[ 485.188473] [<ffff000000a46e68>] msg_done_handler+0x668/0x700 [ipmi_ssif]
[ 485.195249] [<ffff000000a456b8>] ipmi_ssif_thread+0x110/0x128 [ipmi_ssif]
[ 485.202038] [<ffff0000080f1430>] kthread+0x108/0x138
[ 485.206994] [<ffff0000080838e0>] ret_from_fork+0x10/0x30
[ 485.212294] Code: aa1903e1 aa1803e0 b900227f 95fef6a5 (39400aa3)
Adding a check to validate the data len before printing data[2] to fix this issue.
Signed-off-by: Kamlakant Patel <kamlakant.patel@cavium.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_ssif.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -761,7 +761,7 @@ static void msg_done_handler(struct ssif
ssif_info->ssif_state = SSIF_NORMAL;
ipmi_ssif_unlock_cond(ssif_info, flags);
pr_warn(PFX "Error getting flags: %d %d, %x\n",
- result, len, data[2]);
+ result, len, (len >= 3) ? data[2] : 0);
} else if (data[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
|| data[1] != IPMI_GET_MSG_FLAGS_CMD) {
/*
@@ -783,7 +783,7 @@ static void msg_done_handler(struct ssif
if ((result < 0) || (len < 3) || (data[2] != 0)) {
/* Error clearing flags */
pr_warn(PFX "Error clearing flags: %d %d, %x\n",
- result, len, data[2]);
+ result, len, (len >= 3) ? data[2] : 0);
} else if (data[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
|| data[1] != IPMI_CLEAR_MSG_FLAGS_CMD) {
pr_warn(PFX "Invalid response clearing flags: %x %x\n",
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 288/329] f2fs: fix to check extent cache in f2fs_drop_extent_tree
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (266 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 286/329] ipmi_ssif: Fix kernel panic at msg_done_handler Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 289/329] perf/core: Fix perf_output_read_group() Greg Kroah-Hartman
` (41 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit bf617f7a92edc6bb2909db2bfa4576f50b280ee5 ]
If noextent_cache mount option is on, we will never initialize extent tree
in inode, but still we're going to access it in f2fs_drop_extent_tree,
result in kernel panic as below:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
IP: _raw_write_lock+0xc/0x30
Call Trace:
? f2fs_drop_extent_tree+0x41/0x70 [f2fs]
f2fs_fallocate+0x5a0/0xdd0 [f2fs]
? common_file_perm+0x47/0xc0
? apparmor_file_permission+0x1a/0x20
vfs_fallocate+0x15b/0x290
SyS_fallocate+0x44/0x70
do_syscall_64+0x6e/0x160
entry_SYSCALL64_slow_path+0x25/0x25
This patch fixes to check extent cache status before using in
f2fs_drop_extent_tree.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/extent_cache.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/f2fs/extent_cache.c
+++ b/fs/f2fs/extent_cache.c
@@ -647,6 +647,9 @@ void f2fs_drop_extent_tree(struct inode
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct extent_tree *et = F2FS_I(inode)->extent_tree;
+ if (!f2fs_may_extent_tree(inode))
+ return;
+
set_inode_flag(inode, FI_NO_EXTENT);
write_lock(&et->lock);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 289/329] perf/core: Fix perf_output_read_group()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (267 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 288/329] f2fs: fix to check extent cache in f2fs_drop_extent_tree Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 290/329] drm/panel: simple: Fix the bus format for the Ontat panel Greg Kroah-Hartman
` (40 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 9e5b127d6f33468143d90c8a45ca12410e4c3fa7 ]
Mark reported his arm64 perf fuzzer runs sometimes splat like:
armv8pmu_read_counter+0x1e8/0x2d8
armpmu_event_update+0x8c/0x188
armpmu_read+0xc/0x18
perf_output_read+0x550/0x11e8
perf_event_read_event+0x1d0/0x248
perf_event_exit_task+0x468/0xbb8
do_exit+0x690/0x1310
do_group_exit+0xd0/0x2b0
get_signal+0x2e8/0x17a8
do_signal+0x144/0x4f8
do_notify_resume+0x148/0x1e8
work_pending+0x8/0x14
which asserts that we only call pmu::read() on ACTIVE events.
The above callchain does:
perf_event_exit_task()
perf_event_exit_task_context()
task_ctx_sched_out() // INACTIVE
perf_event_exit_event()
perf_event_set_state(EXIT) // EXIT
sync_child_event()
perf_event_read_event()
perf_output_read()
perf_output_read_group()
leader->pmu->read()
Which results in doing a pmu::read() on an !ACTIVE event.
I _think_ this is 'new' since we added attr.inherit_stat, which added
the perf_event_read_event() to the exit path, without that
perf_event_read_output() would only trigger from samples and for
@event to trigger a sample, it's leader _must_ be ACTIVE too.
Still, adding this check makes it consistent with the @sub case for
the siblings.
Reported-and-Tested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5700,7 +5700,8 @@ static void perf_output_read_group(struc
if (read_format & PERF_FORMAT_TOTAL_TIME_RUNNING)
values[n++] = running;
- if (leader != event)
+ if ((leader != event) &&
+ (leader->state == PERF_EVENT_STATE_ACTIVE))
leader->pmu->read(leader);
values[n++] = perf_event_count(leader);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 290/329] drm/panel: simple: Fix the bus format for the Ontat panel
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (268 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 289/329] perf/core: Fix perf_output_read_group() Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 291/329] hwmon: (pmbus/max8688) Accept negative page register values Greg Kroah-Hartman
` (39 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Anholt, Thierry Reding,
Thierry Reding, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Anholt <eric@anholt.net>
[ Upstream commit 5651e5e094591f479adad5830ac1bc45196a39b3 ]
This fixes bad color output. When I was first testing the device I
had the DPI hardware set to 666 mode, but apparently in the refactor
to use the bus_format information from the panel driver, I failed to
actually update the panel.
Signed-off-by: Eric Anholt <eric@anholt.net>
Fixes: e8b6f561b2ee ("drm/panel: simple: Add the 7" DPI panel from Adafruit")
Cc: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180309233332.1769-1-eric@anholt.net
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/panel/panel-simple.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -1250,7 +1250,7 @@ static const struct panel_desc ontat_yx7
.width = 154,
.height = 83,
},
- .bus_format = MEDIA_BUS_FMT_RGB888_1X24,
+ .bus_format = MEDIA_BUS_FMT_RGB666_1X18,
};
static const struct drm_display_mode ortustech_com43h4m85ulc_mode = {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 291/329] hwmon: (pmbus/max8688) Accept negative page register values
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (269 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 290/329] drm/panel: simple: Fix the bus format for the Ontat panel Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 292/329] hwmon: (pmbus/adm1275) " Greg Kroah-Hartman
` (38 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit a46f8cd696624ef757be0311eb28f119c36778e8 ]
A negative page register value means that no page needs to be
selected. This is used by status register evaluations and needs
to be accepted.
Fixes: da8e48ab483e1 ("hwmon: (pmbus) Always call _pmbus_read_byte in core driver")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/pmbus/max8688.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/hwmon/pmbus/max8688.c
+++ b/drivers/hwmon/pmbus/max8688.c
@@ -45,7 +45,7 @@ static int max8688_read_word_data(struct
{
int ret;
- if (page)
+ if (page > 0)
return -ENXIO;
switch (reg) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 292/329] hwmon: (pmbus/adm1275) Accept negative page register values
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (270 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 291/329] hwmon: (pmbus/max8688) Accept negative page register values Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 293/329] perf/x86/intel: Properly save/restore the PMU state in the NMI handler Greg Kroah-Hartman
` (37 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit ecb29abd4cb0670c616fb563a078f25d777ce530 ]
A negative page register value means that no page needs to be
selected. This is used by status register read operations and needs
to be accepted. The failure to do so so results in missed status
and limit registers.
Fixes: da8e48ab483e1 ("hwmon: (pmbus) Always call _pmbus_read_byte in core driver")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/pmbus/adm1275.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/hwmon/pmbus/adm1275.c
+++ b/drivers/hwmon/pmbus/adm1275.c
@@ -154,7 +154,7 @@ static int adm1275_read_word_data(struct
const struct adm1275_data *data = to_adm1275_data(info);
int ret = 0;
- if (page)
+ if (page > 0)
return -ENXIO;
switch (reg) {
@@ -240,7 +240,7 @@ static int adm1275_write_word_data(struc
const struct adm1275_data *data = to_adm1275_data(info);
int ret;
- if (page)
+ if (page > 0)
return -ENXIO;
switch (reg) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 293/329] perf/x86/intel: Properly save/restore the PMU state in the NMI handler
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (271 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 292/329] hwmon: (pmbus/adm1275) " Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 294/329] cdrom: do not call check_disk_change() inside cdrom_open() Greg Kroah-Hartman
` (36 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
acme, kernel test robot, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit 82d71ed0277efc45360828af8c4e4d40e1b45352 ]
The PMU is disabled in intel_pmu_handle_irq(), but cpuc->enabled is not updated
accordingly.
This is fine in current usage because no-one checks it - but fix it
for future code: for example, the drain_pebs() will be modified to
fix an auto-reload bug.
Properly save/restore the old PMU state.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: acme@kernel.org
Cc: kernel test robot <fengguang.wu@intel.com>
Link: http://lkml.kernel.org/r/6f44ee84-56f8-79f1-559b-08e371eaeb78@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/core.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -2066,16 +2066,23 @@ static int intel_pmu_handle_irq(struct p
int bit, loops;
u64 status;
int handled;
+ int pmu_enabled;
cpuc = this_cpu_ptr(&cpu_hw_events);
/*
+ * Save the PMU state.
+ * It needs to be restored when leaving the handler.
+ */
+ pmu_enabled = cpuc->enabled;
+ /*
* No known reason to not always do late ACK,
* but just in case do it opt-in.
*/
if (!x86_pmu.late_ack)
apic_write(APIC_LVTPC, APIC_DM_NMI);
intel_bts_disable_local();
+ cpuc->enabled = 0;
__intel_pmu_disable_all();
handled = intel_pmu_drain_bts_buffer();
handled += intel_bts_interrupt();
@@ -2173,7 +2180,8 @@ again:
done:
/* Only restore PMU state when it's active. See x86_pmu_disable(). */
- if (cpuc->enabled)
+ cpuc->enabled = pmu_enabled;
+ if (pmu_enabled)
__intel_pmu_enable_all(0, true);
intel_bts_enable_local();
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 294/329] cdrom: do not call check_disk_change() inside cdrom_open()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (272 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 293/329] perf/x86/intel: Properly save/restore the PMU state in the NMI handler Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 295/329] perf/x86/intel: Fix large period handling on Broadwell CPUs Greg Kroah-Hartman
` (35 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maurizio Lombardi, Jens Axboe, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maurizio Lombardi <mlombard@redhat.com>
[ Upstream commit 2bbea6e117357d17842114c65e9a9cf2d13ae8a3 ]
when mounting an ISO filesystem sometimes (very rarely)
the system hangs because of a race condition between two tasks.
PID: 6766 TASK: ffff88007b2a6dd0 CPU: 0 COMMAND: "mount"
#0 [ffff880078447ae0] __schedule at ffffffff8168d605
#1 [ffff880078447b48] schedule_preempt_disabled at ffffffff8168ed49
#2 [ffff880078447b58] __mutex_lock_slowpath at ffffffff8168c995
#3 [ffff880078447bb8] mutex_lock at ffffffff8168bdef
#4 [ffff880078447bd0] sr_block_ioctl at ffffffffa00b6818 [sr_mod]
#5 [ffff880078447c10] blkdev_ioctl at ffffffff812fea50
#6 [ffff880078447c70] ioctl_by_bdev at ffffffff8123a8b3
#7 [ffff880078447c90] isofs_fill_super at ffffffffa04fb1e1 [isofs]
#8 [ffff880078447da8] mount_bdev at ffffffff81202570
#9 [ffff880078447e18] isofs_mount at ffffffffa04f9828 [isofs]
#10 [ffff880078447e28] mount_fs at ffffffff81202d09
#11 [ffff880078447e70] vfs_kern_mount at ffffffff8121ea8f
#12 [ffff880078447ea8] do_mount at ffffffff81220fee
#13 [ffff880078447f28] sys_mount at ffffffff812218d6
#14 [ffff880078447f80] system_call_fastpath at ffffffff81698c49
RIP: 00007fd9ea914e9a RSP: 00007ffd5d9bf648 RFLAGS: 00010246
RAX: 00000000000000a5 RBX: ffffffff81698c49 RCX: 0000000000000010
RDX: 00007fd9ec2bc210 RSI: 00007fd9ec2bc290 RDI: 00007fd9ec2bcf30
RBP: 0000000000000000 R8: 0000000000000000 R9: 0000000000000010
R10: 00000000c0ed0001 R11: 0000000000000206 R12: 00007fd9ec2bc040
R13: 00007fd9eb6b2380 R14: 00007fd9ec2bc210 R15: 00007fd9ec2bcf30
ORIG_RAX: 00000000000000a5 CS: 0033 SS: 002b
This task was trying to mount the cdrom. It allocated and configured a
super_block struct and owned the write-lock for the super_block->s_umount
rwsem. While exclusively owning the s_umount lock, it called
sr_block_ioctl and waited to acquire the global sr_mutex lock.
PID: 6785 TASK: ffff880078720fb0 CPU: 0 COMMAND: "systemd-udevd"
#0 [ffff880078417898] __schedule at ffffffff8168d605
#1 [ffff880078417900] schedule at ffffffff8168dc59
#2 [ffff880078417910] rwsem_down_read_failed at ffffffff8168f605
#3 [ffff880078417980] call_rwsem_down_read_failed at ffffffff81328838
#4 [ffff8800784179d0] down_read at ffffffff8168cde0
#5 [ffff8800784179e8] get_super at ffffffff81201cc7
#6 [ffff880078417a10] __invalidate_device at ffffffff8123a8de
#7 [ffff880078417a40] flush_disk at ffffffff8123a94b
#8 [ffff880078417a88] check_disk_change at ffffffff8123ab50
#9 [ffff880078417ab0] cdrom_open at ffffffffa00a29e1 [cdrom]
#10 [ffff880078417b68] sr_block_open at ffffffffa00b6f9b [sr_mod]
#11 [ffff880078417b98] __blkdev_get at ffffffff8123ba86
#12 [ffff880078417bf0] blkdev_get at ffffffff8123bd65
#13 [ffff880078417c78] blkdev_open at ffffffff8123bf9b
#14 [ffff880078417c90] do_dentry_open at ffffffff811fc7f7
#15 [ffff880078417cd8] vfs_open at ffffffff811fc9cf
#16 [ffff880078417d00] do_last at ffffffff8120d53d
#17 [ffff880078417db0] path_openat at ffffffff8120e6b2
#18 [ffff880078417e48] do_filp_open at ffffffff8121082b
#19 [ffff880078417f18] do_sys_open at ffffffff811fdd33
#20 [ffff880078417f70] sys_open at ffffffff811fde4e
#21 [ffff880078417f80] system_call_fastpath at ffffffff81698c49
RIP: 00007f29438b0c20 RSP: 00007ffc76624b78 RFLAGS: 00010246
RAX: 0000000000000002 RBX: ffffffff81698c49 RCX: 0000000000000000
RDX: 00007f2944a5fa70 RSI: 00000000000a0800 RDI: 00007f2944a5fa70
RBP: 00007f2944a5f540 R8: 0000000000000000 R9: 0000000000000020
R10: 00007f2943614c40 R11: 0000000000000246 R12: ffffffff811fde4e
R13: ffff880078417f78 R14: 000000000000000c R15: 00007f2944a4b010
ORIG_RAX: 0000000000000002 CS: 0033 SS: 002b
This task tried to open the cdrom device, the sr_block_open function
acquired the global sr_mutex lock. The call to check_disk_change()
then saw an event flag indicating a possible media change and tried
to flush any cached data for the device.
As part of the flush, it tried to acquire the super_block->s_umount
lock associated with the cdrom device.
This was the same super_block as created and locked by the previous task.
The first task acquires the s_umount lock and then the sr_mutex_lock;
the second task acquires the sr_mutex_lock and then the s_umount lock.
This patch fixes the issue by moving check_disk_change() out of
cdrom_open() and let the caller take care of it.
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/paride/pcd.c | 2 ++
drivers/cdrom/cdrom.c | 3 ---
drivers/cdrom/gdrom.c | 3 +++
drivers/ide/ide-cd.c | 2 ++
drivers/scsi/sr.c | 2 ++
5 files changed, 9 insertions(+), 3 deletions(-)
--- a/drivers/block/paride/pcd.c
+++ b/drivers/block/paride/pcd.c
@@ -230,6 +230,8 @@ static int pcd_block_open(struct block_d
struct pcd_unit *cd = bdev->bd_disk->private_data;
int ret;
+ check_disk_change(bdev);
+
mutex_lock(&pcd_mutex);
ret = cdrom_open(&cd->info, bdev, mode);
mutex_unlock(&pcd_mutex);
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -1154,9 +1154,6 @@ int cdrom_open(struct cdrom_device_info
cd_dbg(CD_OPEN, "entering cdrom_open\n");
- /* open is event synchronization point, check events first */
- check_disk_change(bdev);
-
/* if this was a O_NONBLOCK open and we should honor the flags,
* do a quick open without drive/disc integrity checks. */
cdi->use_count++;
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -497,6 +497,9 @@ static struct cdrom_device_ops gdrom_ops
static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
{
int ret;
+
+ check_disk_change(bdev);
+
mutex_lock(&gdrom_mutex);
ret = cdrom_open(gd.cd_info, bdev, mode);
mutex_unlock(&gdrom_mutex);
--- a/drivers/ide/ide-cd.c
+++ b/drivers/ide/ide-cd.c
@@ -1593,6 +1593,8 @@ static int idecd_open(struct block_devic
struct cdrom_info *info;
int rc = -ENXIO;
+ check_disk_change(bdev);
+
mutex_lock(&ide_cd_mutex);
info = ide_cd_get(bdev->bd_disk);
if (!info)
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -522,6 +522,8 @@ static int sr_block_open(struct block_de
struct scsi_cd *cd;
int ret = -ENXIO;
+ check_disk_change(bdev);
+
mutex_lock(&sr_mutex);
cd = scsi_cd_get(bdev->bd_disk);
if (cd) {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 295/329] perf/x86/intel: Fix large period handling on Broadwell CPUs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (273 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 294/329] cdrom: do not call check_disk_change() inside cdrom_open() Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 296/329] perf/x86/intel: Fix event update for auto-reload Greg Kroah-Hartman
` (34 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit f605cfca8c39ffa2b98c06d2b9f30ba64f1e54e3 ]
Large fixed period values could be truncated on Broadwell, for example:
perf record -e cycles -c 10000000000
Here the fixed period is 0x2540BE400, but the period which finally applied is
0x540BE400 - which is wrong.
The reason is that x86_pmu::limit_period() uses an u32 parameter, so the
high 32 bits of 'period' get truncated.
This bug was introduced in:
commit 294fe0f52a44 ("perf/x86/intel: Add INST_RETIRED.ALL workarounds")
It's safe to use u64 instead of u32:
- Although the 'left' is s64, the value of 'left' must be positive when
calling limit_period().
- bdw_limit_period() only modifies the lowest 6 bits, it doesn't touch
the higher 32 bits.
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: 294fe0f52a44 ("perf/x86/intel: Add INST_RETIRED.ALL workarounds")
Link: http://lkml.kernel.org/r/1519926894-3520-1-git-send-email-kan.liang@linux.intel.com
[ Rewrote unacceptably bad changelog. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/core.c | 2 +-
arch/x86/events/perf_event.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -3027,7 +3027,7 @@ hsw_get_event_constraints(struct cpu_hw_
* Therefore the effective (average) period matches the requested period,
* despite coarser hardware granularity.
*/
-static unsigned bdw_limit_period(struct perf_event *event, unsigned left)
+static u64 bdw_limit_period(struct perf_event *event, u64 left)
{
if ((event->hw.config & INTEL_ARCH_EVENT_MASK) ==
X86_CONFIG(.event=0xc0, .umask=0x01)) {
--- a/arch/x86/events/perf_event.h
+++ b/arch/x86/events/perf_event.h
@@ -548,7 +548,7 @@ struct x86_pmu {
struct x86_pmu_quirk *quirks;
int perfctr_second_write;
bool late_ack;
- unsigned (*limit_period)(struct perf_event *event, unsigned l);
+ u64 (*limit_period)(struct perf_event *event, u64 l);
/*
* sysfs attrs
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 296/329] perf/x86/intel: Fix event update for auto-reload
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (274 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 295/329] perf/x86/intel: Fix large period handling on Broadwell CPUs Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 297/329] arm64: dts: qcom: Fix SPI5 config on MSM8996 Greg Kroah-Hartman
` (33 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Peter Zijlstra (Intel),
Alexander Shishkin, Arnaldo Carvalho de Melo, Jiri Olsa,
Linus Torvalds, Stephane Eranian, Thomas Gleixner, Vince Weaver,
acme, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit d31fc13fdcb20e1c317f9a7dd6273c18fbd58308 ]
There is a bug when reading event->count with large PEBS enabled.
Here is an example:
# ./read_count
0x71f0
0x122c0
0x1000000001c54
0x100000001257d
0x200000000bdc5
In fixed period mode, the auto-reload mechanism could be enabled for
PEBS events, but the calculation of event->count does not take the
auto-reload values into account.
Anyone who reads event->count will get the wrong result, e.g x86_pmu_read().
This bug was introduced with the auto-reload mechanism enabled since
commit:
851559e35fd5 ("perf/x86/intel: Use the PEBS auto reload mechanism when possible")
Introduce intel_pmu_save_and_restart_reload() to calculate the
event->count only for auto-reload.
Since the counter increments a negative counter value and overflows on
the sign switch, giving the interval:
[-period, 0]
the difference between two consequtive reads is:
A) value2 - value1;
when no overflows have happened in between,
B) (0 - value1) + (value2 - (-period));
when one overflow happened in between,
C) (0 - value1) + (n - 1) * (period) + (value2 - (-period));
when @n overflows happened in between.
Here A) is the obvious difference, B) is the extension to the discrete
interval, where the first term is to the top of the interval and the
second term is from the bottom of the next interval and C) the extension
to multiple intervals, where the middle term is the whole intervals
covered.
The equation for all cases is:
value2 - value1 + n * period
Previously the event->count is updated right before the sample output.
But for case A, there is no PEBS record ready. It needs to be specially
handled.
Remove the auto-reload code from x86_perf_event_set_period() since
we'll not longer call that function in this case.
Based-on-code-from: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: acme@kernel.org
Fixes: 851559e35fd5 ("perf/x86/intel: Use the PEBS auto reload mechanism when possible")
Link: http://lkml.kernel.org/r/1518474035-21006-2-git-send-email-kan.liang@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/core.c | 15 ++-----
arch/x86/events/intel/ds.c | 92 +++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 94 insertions(+), 13 deletions(-)
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -1155,16 +1155,13 @@ int x86_perf_event_set_period(struct per
per_cpu(pmc_prev_left[idx], smp_processor_id()) = left;
- if (!(hwc->flags & PERF_X86_EVENT_AUTO_RELOAD) ||
- local64_read(&hwc->prev_count) != (u64)-left) {
- /*
- * The hw event starts counting from this event offset,
- * mark it to be able to extra future deltas:
- */
- local64_set(&hwc->prev_count, (u64)-left);
+ /*
+ * The hw event starts counting from this event offset,
+ * mark it to be able to extra future deltas:
+ */
+ local64_set(&hwc->prev_count, (u64)-left);
- wrmsrl(hwc->event_base, (u64)(-left) & x86_pmu.cntval_mask);
- }
+ wrmsrl(hwc->event_base, (u64)(-left) & x86_pmu.cntval_mask);
/*
* Due to erratum on certan cpu we need
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -1272,17 +1272,84 @@ get_next_pebs_record_by_bit(void *base,
return NULL;
}
+/*
+ * Special variant of intel_pmu_save_and_restart() for auto-reload.
+ */
+static int
+intel_pmu_save_and_restart_reload(struct perf_event *event, int count)
+{
+ struct hw_perf_event *hwc = &event->hw;
+ int shift = 64 - x86_pmu.cntval_bits;
+ u64 period = hwc->sample_period;
+ u64 prev_raw_count, new_raw_count;
+ s64 new, old;
+
+ WARN_ON(!period);
+
+ /*
+ * drain_pebs() only happens when the PMU is disabled.
+ */
+ WARN_ON(this_cpu_read(cpu_hw_events.enabled));
+
+ prev_raw_count = local64_read(&hwc->prev_count);
+ rdpmcl(hwc->event_base_rdpmc, new_raw_count);
+ local64_set(&hwc->prev_count, new_raw_count);
+
+ /*
+ * Since the counter increments a negative counter value and
+ * overflows on the sign switch, giving the interval:
+ *
+ * [-period, 0]
+ *
+ * the difference between two consequtive reads is:
+ *
+ * A) value2 - value1;
+ * when no overflows have happened in between,
+ *
+ * B) (0 - value1) + (value2 - (-period));
+ * when one overflow happened in between,
+ *
+ * C) (0 - value1) + (n - 1) * (period) + (value2 - (-period));
+ * when @n overflows happened in between.
+ *
+ * Here A) is the obvious difference, B) is the extension to the
+ * discrete interval, where the first term is to the top of the
+ * interval and the second term is from the bottom of the next
+ * interval and C) the extension to multiple intervals, where the
+ * middle term is the whole intervals covered.
+ *
+ * An equivalent of C, by reduction, is:
+ *
+ * value2 - value1 + n * period
+ */
+ new = ((s64)(new_raw_count << shift) >> shift);
+ old = ((s64)(prev_raw_count << shift) >> shift);
+ local64_add(new - old + count * period, &event->count);
+
+ perf_event_update_userpage(event);
+
+ return 0;
+}
+
static void __intel_pmu_pebs_event(struct perf_event *event,
struct pt_regs *iregs,
void *base, void *top,
int bit, int count)
{
+ struct hw_perf_event *hwc = &event->hw;
struct perf_sample_data data;
struct pt_regs regs;
void *at = get_next_pebs_record_by_bit(base, top, bit);
- if (!intel_pmu_save_and_restart(event) &&
- !(event->hw.flags & PERF_X86_EVENT_AUTO_RELOAD))
+ if (hwc->flags & PERF_X86_EVENT_AUTO_RELOAD) {
+ /*
+ * Now, auto-reload is only enabled in fixed period mode.
+ * The reload value is always hwc->sample_period.
+ * May need to change it, if auto-reload is enabled in
+ * freq mode later.
+ */
+ intel_pmu_save_and_restart_reload(event, count);
+ } else if (!intel_pmu_save_and_restart(event))
return;
while (count > 1) {
@@ -1334,8 +1401,11 @@ static void intel_pmu_drain_pebs_core(st
return;
n = top - at;
- if (n <= 0)
+ if (n <= 0) {
+ if (event->hw.flags & PERF_X86_EVENT_AUTO_RELOAD)
+ intel_pmu_save_and_restart_reload(event, 0);
return;
+ }
__intel_pmu_pebs_event(event, iregs, at, top, 0, n);
}
@@ -1358,8 +1428,22 @@ static void intel_pmu_drain_pebs_nhm(str
ds->pebs_index = ds->pebs_buffer_base;
- if (unlikely(base >= top))
+ if (unlikely(base >= top)) {
+ /*
+ * The drain_pebs() could be called twice in a short period
+ * for auto-reload event in pmu::read(). There are no
+ * overflows have happened in between.
+ * It needs to call intel_pmu_save_and_restart_reload() to
+ * update the event->count for this case.
+ */
+ for_each_set_bit(bit, (unsigned long *)&cpuc->pebs_enabled,
+ x86_pmu.max_pebs_events) {
+ event = cpuc->events[bit];
+ if (event->hw.flags & PERF_X86_EVENT_AUTO_RELOAD)
+ intel_pmu_save_and_restart_reload(event, 0);
+ }
return;
+ }
for (at = base; at < top; at += x86_pmu.pebs_record_size) {
struct pebs_record_nhm *p = at;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 297/329] arm64: dts: qcom: Fix SPI5 config on MSM8996
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (275 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 296/329] perf/x86/intel: Fix event update for auto-reload Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 298/329] soc: qcom: wcnss_ctrl: Fix increment in NV upload Greg Kroah-Hartman
` (32 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilia Lin, Andy Gross, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilia Lin <ilialin@codeaurora.org>
[ Upstream commit e723795c702b52cfceb3bb3faa63059eb4658313 ]
Set correct clocks and interrupt values.
Fixes the incorrect SPI master configuration. This is
mandatory to make the SPI5 interface functional.
Signed-off-by: Ilia Lin <ilialin@codeaurora.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/boot/dts/qcom/msm8996.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi
@@ -326,8 +326,8 @@
blsp2_spi5: spi@075ba000{
compatible = "qcom,spi-qup-v2.2.1";
reg = <0x075ba000 0x600>;
- interrupts = <GIC_SPI 107 IRQ_TYPE_LEVEL_HIGH>;
- clocks = <&gcc GCC_BLSP2_QUP5_SPI_APPS_CLK>,
+ interrupts = <GIC_SPI 106 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&gcc GCC_BLSP2_QUP6_SPI_APPS_CLK>,
<&gcc GCC_BLSP2_AHB_CLK>;
clock-names = "core", "iface";
pinctrl-names = "default", "sleep";
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 298/329] soc: qcom: wcnss_ctrl: Fix increment in NV upload
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (276 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 297/329] arm64: dts: qcom: Fix SPI5 config on MSM8996 Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 299/329] gfs2: Fix fallocate chunk size Greg Kroah-Hartman
` (31 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Newton, Bjorn Andersson,
Andy Gross, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit 90c29ed7627b6b4aeb603ee197650173c8434512 ]
hdr.len includes both the size of the header and the fragment, so using
this when stepping through the firmware causes us to skip 16 bytes every
chunk of 3072 bytes; causing only the first fragment to actually be
valid data.
Instead use fragment size steps through the firmware blob.
Fixes: ea7a1f275cf0 ("soc: qcom: Introduce WCNSS_CTRL SMD client")
Reported-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/wcnss_ctrl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/soc/qcom/wcnss_ctrl.c
+++ b/drivers/soc/qcom/wcnss_ctrl.c
@@ -247,7 +247,7 @@ static int wcnss_download_nv(struct wcns
/* Increment for next fragment */
req->seq++;
- data += req->hdr.len;
+ data += NV_FRAGMENT_SIZE;
left -= NV_FRAGMENT_SIZE;
} while (left > 0);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 299/329] gfs2: Fix fallocate chunk size
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (277 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 298/329] soc: qcom: wcnss_ctrl: Fix increment in NV upload Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 300/329] x86/devicetree: Initialize device tree before using it Greg Kroah-Hartman
` (30 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Bob Peterson,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit 174d1232ebc84fcde8f5889d1171c9c7e74a10a7 ]
The chunk size of allocations in __gfs2_fallocate is calculated
incorrectly. The size can collapse, causing __gfs2_fallocate to
allocate one block at a time, which is very inefficient. This needs
fixing in two places:
In gfs2_quota_lock_check, always set ap->allowed to UINT_MAX to indicate
that there is no quota limit. This fixes callers that rely on
ap->allowed to be set even when quotas are off.
In __gfs2_fallocate, reset max_blks to UINT_MAX in each iteration of the
loop to make sure that allocation limits from one resource group won't
spill over into another resource group.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/file.c | 5 +++--
fs/gfs2/quota.h | 2 ++
2 files changed, 5 insertions(+), 2 deletions(-)
--- a/fs/gfs2/file.c
+++ b/fs/gfs2/file.c
@@ -801,7 +801,7 @@ static long __gfs2_fallocate(struct file
struct gfs2_inode *ip = GFS2_I(inode);
struct gfs2_alloc_parms ap = { .aflags = 0, };
unsigned int data_blocks = 0, ind_blocks = 0, rblocks;
- loff_t bytes, max_bytes, max_blks = UINT_MAX;
+ loff_t bytes, max_bytes, max_blks;
int error;
const loff_t pos = offset;
const loff_t count = len;
@@ -853,7 +853,8 @@ static long __gfs2_fallocate(struct file
return error;
/* ap.allowed tells us how many blocks quota will allow
* us to write. Check if this reduces max_blks */
- if (ap.allowed && ap.allowed < max_blks)
+ max_blks = UINT_MAX;
+ if (ap.allowed)
max_blks = ap.allowed;
error = gfs2_inplace_reserve(ip, &ap);
--- a/fs/gfs2/quota.h
+++ b/fs/gfs2/quota.h
@@ -45,6 +45,8 @@ static inline int gfs2_quota_lock_check(
{
struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
int ret;
+
+ ap->allowed = UINT_MAX; /* Assume we are permitted a whole lot */
if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
return 0;
ret = gfs2_quota_lock(ip, NO_UID_QUOTA_CHANGE, NO_GID_QUOTA_CHANGE);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 300/329] x86/devicetree: Initialize device tree before using it
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (278 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 299/329] gfs2: Fix fallocate chunk size Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 301/329] x86/devicetree: Fix device IRQ settings in DT Greg Kroah-Hartman
` (29 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ivan Gorinov, Thomas Gleixner,
Mark Rutland, Rob Herring, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Gorinov <ivan.gorinov@intel.com>
[ Upstream commit 628df9dc5ad886b0a9b33c75a7b09710eb859ca1 ]
Commit 08d53aa58cb1 added CRC32 calculation in early_init_dt_verify() and
checking in late initcall of_fdt_raw_init(), making early_init_dt_verify()
mandatory.
The required call to early_init_dt_verify() was not added to the
x86-specific implementation, causing failure to create the sysfs entry in
of_fdt_raw_init().
Fixes: 08d53aa58cb1 ("of/fdt: export fdt blob as /sys/firmware/fdt")
Signed-off-by: Ivan Gorinov <ivan.gorinov@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Rob Herring <robh+dt@kernel.org>
Link: https://lkml.kernel.org/r/c8c7e941efc63b5d25ebf9b6350b0f3df38f6098.1520450752.git.ivan.gorinov@intel.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/devicetree.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/arch/x86/kernel/devicetree.c
+++ b/arch/x86/kernel/devicetree.c
@@ -11,6 +11,7 @@
#include <linux/of_address.h>
#include <linux/of_platform.h>
#include <linux/of_irq.h>
+#include <linux/libfdt.h>
#include <linux/slab.h>
#include <linux/pci.h>
#include <linux/of_pci.h>
@@ -276,14 +277,15 @@ static void __init x86_flattree_get_conf
map_len = max(PAGE_SIZE - (initial_dtb & ~PAGE_MASK), (u64)128);
- initial_boot_params = dt = early_memremap(initial_dtb, map_len);
- size = of_get_flat_dt_size();
+ dt = early_memremap(initial_dtb, map_len);
+ size = fdt_totalsize(dt);
if (map_len < size) {
early_memunmap(dt, map_len);
- initial_boot_params = dt = early_memremap(initial_dtb, size);
+ dt = early_memremap(initial_dtb, size);
map_len = size;
}
+ early_init_dt_verify(dt);
unflatten_and_copy_device_tree();
early_memunmap(dt, map_len);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 301/329] x86/devicetree: Fix device IRQ settings in DT
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (279 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 300/329] x86/devicetree: Initialize device tree before using it Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 302/329] ALSA: vmaster: Propagate slave error Greg Kroah-Hartman
` (28 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ivan Gorinov, Thomas Gleixner,
Mark Rutland, Rob Herring, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Gorinov <ivan.gorinov@intel.com>
[ Upstream commit 0a5169add90e43ab45ab1ba34223b8583fcaf675 ]
IRQ parameters for the SoC devices connected directly to I/O APIC lines
(without PCI IRQ routing) may be specified in the Device Tree.
Called from DT IRQ parser, irq_create_fwspec_mapping() calls
irq_domain_alloc_irqs() with a pointer to irq_fwspec structure as @arg.
But x86-specific DT IRQ allocation code casts @arg to of_phandle_args
structure pointer and crashes trying to read the IRQ parameters. The
function was not converted when the mapping descriptor was changed to
irq_fwspec in the generic irqdomain code.
Fixes: 11e4438ee330 ("irqdomain: Introduce a firmware-specific IRQ specifier structure")
Signed-off-by: Ivan Gorinov <ivan.gorinov@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Rob Herring <robh+dt@kernel.org>
Link: https://lkml.kernel.org/r/a234dee27ea60ce76141872da0d6bdb378b2a9ee.1520450752.git.ivan.gorinov@intel.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/devicetree.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/arch/x86/kernel/devicetree.c
+++ b/arch/x86/kernel/devicetree.c
@@ -200,19 +200,22 @@ static struct of_ioapic_type of_ioapic_t
static int dt_irqdomain_alloc(struct irq_domain *domain, unsigned int virq,
unsigned int nr_irqs, void *arg)
{
- struct of_phandle_args *irq_data = (void *)arg;
+ struct irq_fwspec *fwspec = (struct irq_fwspec *)arg;
struct of_ioapic_type *it;
struct irq_alloc_info tmp;
+ int type_index;
- if (WARN_ON(irq_data->args_count < 2))
+ if (WARN_ON(fwspec->param_count < 2))
return -EINVAL;
- if (irq_data->args[1] >= ARRAY_SIZE(of_ioapic_type))
+
+ type_index = fwspec->param[1];
+ if (type_index >= ARRAY_SIZE(of_ioapic_type))
return -EINVAL;
- it = &of_ioapic_type[irq_data->args[1]];
+ it = &of_ioapic_type[type_index];
ioapic_set_alloc_attr(&tmp, NUMA_NO_NODE, it->trigger, it->polarity);
tmp.ioapic_id = mpc_ioapic_id(mp_irqdomain_ioapic_idx(domain));
- tmp.ioapic_pin = irq_data->args[0];
+ tmp.ioapic_pin = fwspec->param[0];
return mp_irqdomain_alloc(domain, virq, nr_irqs, &tmp);
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 302/329] ALSA: vmaster: Propagate slave error
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (280 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 301/329] x86/devicetree: Fix device IRQ settings in DT Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 303/329] dmaengine: pl330: fix a race condition in case of threaded irqs Greg Kroah-Hartman
` (27 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 2e2c177ca84aff092c3c96714b0f6a12900f3946 ]
In slave_update() of vmaster code ignores the error from the slave
get() callback and copies the values. It's not only about the missing
error code but also that this may potentially lead to a leak of
uninitialized variables when the slave get() don't clear them.
This patch fixes slave_update() not to copy the potentially
uninitialized values when an error is returned from the slave get()
callback, and to propagate the error value properly.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/vmaster.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/sound/core/vmaster.c
+++ b/sound/core/vmaster.c
@@ -68,10 +68,13 @@ static int slave_update(struct link_slav
return -ENOMEM;
uctl->id = slave->slave.id;
err = slave->slave.get(&slave->slave, uctl);
+ if (err < 0)
+ goto error;
for (ch = 0; ch < slave->info.count; ch++)
slave->vals[ch] = uctl->value.integer.value[ch];
+ error:
kfree(uctl);
- return 0;
+ return err < 0 ? err : 0;
}
/* get the slave ctl info and save the initial values */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 303/329] dmaengine: pl330: fix a race condition in case of threaded irqs
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (281 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 302/329] ALSA: vmaster: Propagate slave error Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 304/329] dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() Greg Kroah-Hartman
` (26 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frank Mori Hess, Qi Hou, Vinod Koul,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qi Hou <qi.hou@windriver.com>
[ Upstream commit a3ca831249ca8c4c226e4ceafee04e280152e59d ]
When booting up with "threadirqs" in command line, all irq handlers of the DMA
controller pl330 will be threaded forcedly. These threads will race for the same
list, pl330->req_done.
Before the callback, the spinlock was released. And after it, the spinlock was
taken. This opened an race window where another threaded irq handler could steal
the spinlock and be permitted to delete entries of the list, pl330->req_done.
If the later deleted an entry that was still referred to by the former, there would
be a kernel panic when the former was scheduled and tried to get the next sibling
of the deleted entry.
The scenario could be depicted as below:
Thread: T1 pl330->req_done Thread: T2
| | |
| -A-B-C-D- |
Locked | |
| | Waiting
Del A | |
| -B-C-D- |
Unlocked | |
| | Locked
Waiting | |
| | Del B
| | |
| -C-D- Unlocked
Waiting | |
|
Locked
|
get C via B
\
- Kernel panic
The kernel panic looked like as below:
Unable to handle kernel paging request at virtual address dead000000000108
pgd = ffffff8008c9e000
[dead000000000108] *pgd=000000027fffe003, *pud=000000027fffe003, *pmd=0000000000000000
Internal error: Oops: 96000044 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 85 Comm: irq/59-66330000 Not tainted 4.8.24-WR9.0.0.12_standard #2
Hardware name: Broadcom NS2 SVK (DT)
task: ffffffc1f5cc3c00 task.stack: ffffffc1f5ce0000
PC is at pl330_irq_handler+0x27c/0x390
LR is at pl330_irq_handler+0x2a8/0x390
pc : [<ffffff80084cb694>] lr : [<ffffff80084cb6c0>] pstate: 800001c5
sp : ffffffc1f5ce3d00
x29: ffffffc1f5ce3d00 x28: 0000000000000140
x27: ffffffc1f5c530b0 x26: dead000000000100
x25: dead000000000200 x24: 0000000000418958
x23: 0000000000000001 x22: ffffffc1f5ccd668
x21: ffffffc1f5ccd590 x20: ffffffc1f5ccd418
x19: dead000000000060 x18: 0000000000000001
x17: 0000000000000007 x16: 0000000000000001
x15: ffffffffffffffff x14: ffffffffffffffff
x13: ffffffffffffffff x12: 0000000000000000
x11: 0000000000000001 x10: 0000000000000840
x9 : ffffffc1f5ce0000 x8 : ffffffc1f5cc3338
x7 : ffffff8008ce2020 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001
x3 : dead000000000200 x2 : dead000000000100
x1 : 0000000000000140 x0 : ffffffc1f5ccd590
Process irq/59-66330000 (pid: 85, stack limit = 0xffffffc1f5ce0020)
Stack: (0xffffffc1f5ce3d00 to 0xffffffc1f5ce4000)
3d00: ffffffc1f5ce3d80 ffffff80080f09d0 ffffffc1f5ca0c00 ffffffc1f6f7c600
3d20: ffffffc1f5ce0000 ffffffc1f6f7c600 ffffffc1f5ca0c00 ffffff80080f0998
3d40: ffffffc1f5ce0000 ffffff80080f0000 0000000000000000 0000000000000000
3d60: ffffff8008ce202c ffffff8008ce2020 ffffffc1f5ccd668 ffffffc1f5c530b0
3d80: ffffffc1f5ce3db0 ffffff80080f0d70 ffffffc1f5ca0c40 0000000000000001
3da0: ffffffc1f5ce0000 ffffff80080f0cfc ffffffc1f5ce3e20 ffffff80080bf4f8
3dc0: ffffffc1f5ca0c80 ffffff8008bf3798 ffffff8008955528 ffffffc1f5ca0c00
3de0: ffffff80080f0c30 0000000000000000 0000000000000000 0000000000000000
3e00: 0000000000000000 0000000000000000 0000000000000000 ffffff80080f0b68
3e20: 0000000000000000 ffffff8008083690 ffffff80080bf420 ffffffc1f5ca0c80
3e40: 0000000000000000 0000000000000000 0000000000000000 ffffff80080cb648
3e60: ffffff8008b1c780 0000000000000000 0000000000000000 ffffffc1f5ca0c00
3e80: ffffffc100000000 ffffff8000000000 ffffffc1f5ce3e90 ffffffc1f5ce3e90
3ea0: 0000000000000000 ffffff8000000000 ffffffc1f5ce3eb0 ffffffc1f5ce3eb0
3ec0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3ee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3f80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3fa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
3fc0: 0000000000000000 0000000000000005 0000000000000000 0000000000000000
3fe0: 0000000000000000 0000000000000000 0000000275ce3ff0 0000000275ce3ff8
Call trace:
Exception stack(0xffffffc1f5ce3b30 to 0xffffffc1f5ce3c60)
3b20: dead000000000060 0000008000000000
3b40: ffffffc1f5ce3d00 ffffff80084cb694 0000000000000008 0000000000000e88
3b60: ffffffc1f5ce3bb0 ffffff80080dac68 ffffffc1f5ce3b90 ffffff8008826fe4
3b80: 00000000000001c0 00000000000001c0 ffffffc1f5ce3bb0 ffffff800848dfcc
3ba0: 0000000000020000 ffffff8008b15ae4 ffffffc1f5ce3c00 ffffff800808f000
3bc0: 0000000000000010 ffffff80088377f0 ffffffc1f5ccd590 0000000000000140
3be0: dead000000000100 dead000000000200 0000000000000001 0000000000000000
3c00: 0000000000000000 ffffff8008ce2020 ffffffc1f5cc3338 ffffffc1f5ce0000
3c20: 0000000000000840 0000000000000001 0000000000000000 ffffffffffffffff
3c40: ffffffffffffffff ffffffffffffffff 0000000000000001 0000000000000007
[<ffffff80084cb694>] pl330_irq_handler+0x27c/0x390
[<ffffff80080f09d0>] irq_forced_thread_fn+0x38/0x88
[<ffffff80080f0d70>] irq_thread+0x140/0x200
[<ffffff80080bf4f8>] kthread+0xd8/0xf0
[<ffffff8008083690>] ret_from_fork+0x10/0x40
Code: f2a00838 f9405763 aa1c03e1 aa1503e0 (f9000443)
---[ end trace f50005726d31199c ]---
Kernel panic - not syncing: Fatal exception in interrupt
SMP: stopping secondary CPUs
SMP: failed to stop secondary CPUs 0-1
Kernel Offset: disabled
Memory Limit: none
---[ end Kernel panic - not syncing: Fatal exception in interrupt
To fix this, re-start with the list-head after dropping the lock then
re-takeing it.
Reviewed-by: Frank Mori Hess <fmh6jj@gmail.com>
Tested-by: Frank Mori Hess <fmh6jj@gmail.com>
Signed-off-by: Qi Hou <qi.hou@windriver.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/pl330.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -1570,7 +1570,7 @@ static void pl330_dotask(unsigned long d
/* Returns 1 if state was updated, 0 otherwise */
static int pl330_update(struct pl330_dmac *pl330)
{
- struct dma_pl330_desc *descdone, *tmp;
+ struct dma_pl330_desc *descdone;
unsigned long flags;
void __iomem *regs;
u32 val;
@@ -1648,7 +1648,9 @@ static int pl330_update(struct pl330_dma
}
/* Now that we are in no hurry, do the callbacks */
- list_for_each_entry_safe(descdone, tmp, &pl330->req_done, rqd) {
+ while (!list_empty(&pl330->req_done)) {
+ descdone = list_first_entry(&pl330->req_done,
+ struct dma_pl330_desc, rqd);
list_del(&descdone->rqd);
spin_unlock_irqrestore(&pl330->lock, flags);
dma_pl330_rqcb(descdone, PL330_ERR_NONE);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 304/329] dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (282 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 303/329] dmaengine: pl330: fix a race condition in case of threaded irqs Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 305/329] enic: enable rq before updating rq descriptors Greg Kroah-Hartman
` (25 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nguyen Viet Dung, Yoshihiro Shimoda,
Vinod Koul, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
[ Upstream commit 3e081628d510b2ddbe493371d9c574d9275da17e ]
This patch fixes an issue that a race condition happens between a client
driver and the rcar-dmac driver:
- The rcar_dmac_isr_transfer_end() is called.
- The done list appears, and desc.running is the next active list.
- rcar_dmac_chan_get_residue() is called by a client driver before
rcar_dmac_isr_channel_thread() is called.
- The rcar_dmac_chan_get_residue() will not find any descriptors.
- And, the following WARNING happens:
WARN(1, "No descriptor for cookie!");
The sh-sci driver with HSCIF (921,600bps) on R-Car H3 can cause this
situation.
So, this patch checks the done lists in rcar_dmac_chan_get_residue()
and returns zero if the done lists has the argument cookie.
Tested-by: Nguyen Viet Dung <dung.nguyen.aj@renesas.com>
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/sh/rcar-dmac.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/dma/sh/rcar-dmac.c
+++ b/drivers/dma/sh/rcar-dmac.c
@@ -1246,8 +1246,17 @@ static unsigned int rcar_dmac_chan_get_r
* If the cookie doesn't correspond to the currently running transfer
* then the descriptor hasn't been processed yet, and the residue is
* equal to the full descriptor size.
+ * Also, a client driver is possible to call this function before
+ * rcar_dmac_isr_channel_thread() runs. In this case, the "desc.running"
+ * will be the next descriptor, and the done list will appear. So, if
+ * the argument cookie matches the done list's cookie, we can assume
+ * the residue is zero.
*/
if (cookie != desc->async_tx.cookie) {
+ list_for_each_entry(desc, &chan->desc.done, node) {
+ if (cookie == desc->async_tx.cookie)
+ return 0;
+ }
list_for_each_entry(desc, &chan->desc.pending, node) {
if (cookie == desc->async_tx.cookie)
return desc->size;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 305/329] enic: enable rq before updating rq descriptors
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (283 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 304/329] dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 306/329] hwrng: stm32 - add reset during probe Greg Kroah-Hartman
` (24 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Govindarajulu Varadarajan,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Govindarajulu Varadarajan <gvaradar@cisco.com>
[ Upstream commit e8588e268509292550634d9a35f2723a207683b2 ]
rq should be enabled before posting the buffers to rq desc. If not hw sees
stale value and casuses DMAR errors.
Signed-off-by: Govindarajulu Varadarajan <gvaradar@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/cisco/enic/enic_main.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/cisco/enic/enic_main.c
+++ b/drivers/net/ethernet/cisco/enic/enic_main.c
@@ -1726,6 +1726,8 @@ static int enic_open(struct net_device *
}
for (i = 0; i < enic->rq_count; i++) {
+ /* enable rq before updating rq desc */
+ vnic_rq_enable(&enic->rq[i]);
vnic_rq_fill(&enic->rq[i], enic_rq_alloc_buf);
/* Need at least one buffer on ring to get going */
if (vnic_rq_desc_used(&enic->rq[i]) == 0) {
@@ -1737,8 +1739,6 @@ static int enic_open(struct net_device *
for (i = 0; i < enic->wq_count; i++)
vnic_wq_enable(&enic->wq[i]);
- for (i = 0; i < enic->rq_count; i++)
- vnic_rq_enable(&enic->rq[i]);
if (!enic_is_dynamic(enic) && !enic_is_sriov_vf(enic))
enic_dev_add_station_addr(enic);
@@ -1765,8 +1765,12 @@ static int enic_open(struct net_device *
return 0;
err_out_free_rq:
- for (i = 0; i < enic->rq_count; i++)
+ for (i = 0; i < enic->rq_count; i++) {
+ err = vnic_rq_disable(&enic->rq[i]);
+ if (err)
+ return err;
vnic_rq_clean(&enic->rq[i], enic_free_rq_buf);
+ }
enic_dev_notify_unset(enic);
err_out_free_intr:
enic_unset_affinity_hint(enic);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 306/329] hwrng: stm32 - add reset during probe
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (284 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 305/329] enic: enable rq before updating rq descriptors Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 307/329] dmaengine: qcom: bam_dma: get num-channels and num-ees from dt Greg Kroah-Hartman
` (23 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lionel Debieve, Herbert Xu, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: "lionel.debieve@st.com" <lionel.debieve@st.com>
[ Upstream commit 326ed382256475aa4b8b7eae8a2f60689fd25e78 ]
Avoid issue when probing the RNG without
reset if bad status has been detected previously
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hw_random/stm32-rng.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/char/hw_random/stm32-rng.c
+++ b/drivers/char/hw_random/stm32-rng.c
@@ -21,6 +21,7 @@
#include <linux/of_address.h>
#include <linux/of_platform.h>
#include <linux/pm_runtime.h>
+#include <linux/reset.h>
#include <linux/slab.h>
#define RNG_CR 0x00
@@ -46,6 +47,7 @@ struct stm32_rng_private {
struct hwrng rng;
void __iomem *base;
struct clk *clk;
+ struct reset_control *rst;
};
static int stm32_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
@@ -140,6 +142,13 @@ static int stm32_rng_probe(struct platfo
if (IS_ERR(priv->clk))
return PTR_ERR(priv->clk);
+ priv->rst = devm_reset_control_get(&ofdev->dev, NULL);
+ if (!IS_ERR(priv->rst)) {
+ reset_control_assert(priv->rst);
+ udelay(2);
+ reset_control_deassert(priv->rst);
+ }
+
dev_set_drvdata(dev, priv);
priv->rng.name = dev_driver_string(dev),
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 307/329] dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (285 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 306/329] hwrng: stm32 - add reset during probe Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 308/329] net: stmmac: ensure that the device has released ownership before reading data Greg Kroah-Hartman
` (22 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla, Vinod Koul, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit 48d163b1aa6e7f650c0b7a4f9c61c387a6def868 ]
When Linux is master of BAM, it can directly read registers to know number
of supported channels, however when its remotely controlled reading these
registers would trigger a crash if the BAM is not yet initialized or
powered up on the remote side.
This patch allows driver to read num-channels and num-ees from Device Tree
for remotely controlled BAM.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/qcom/bam_dma.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
--- a/drivers/dma/qcom/bam_dma.c
+++ b/drivers/dma/qcom/bam_dma.c
@@ -387,6 +387,7 @@ struct bam_device {
struct device_dma_parameters dma_parms;
struct bam_chan *channels;
u32 num_channels;
+ u32 num_ees;
/* execution environment ID, from DT */
u32 ee;
@@ -1076,15 +1077,19 @@ static int bam_init(struct bam_device *b
u32 val;
/* read revision and configuration information */
- val = readl_relaxed(bam_addr(bdev, 0, BAM_REVISION)) >> NUM_EES_SHIFT;
- val &= NUM_EES_MASK;
+ if (!bdev->num_ees) {
+ val = readl_relaxed(bam_addr(bdev, 0, BAM_REVISION));
+ bdev->num_ees = (val >> NUM_EES_SHIFT) & NUM_EES_MASK;
+ }
/* check that configured EE is within range */
- if (bdev->ee >= val)
+ if (bdev->ee >= bdev->num_ees)
return -EINVAL;
- val = readl_relaxed(bam_addr(bdev, 0, BAM_NUM_PIPES));
- bdev->num_channels = val & BAM_NUM_PIPES_MASK;
+ if (!bdev->num_channels) {
+ val = readl_relaxed(bam_addr(bdev, 0, BAM_NUM_PIPES));
+ bdev->num_channels = val & BAM_NUM_PIPES_MASK;
+ }
if (bdev->controlled_remotely)
return 0;
@@ -1179,6 +1184,18 @@ static int bam_dma_probe(struct platform
bdev->controlled_remotely = of_property_read_bool(pdev->dev.of_node,
"qcom,controlled-remotely");
+ if (bdev->controlled_remotely) {
+ ret = of_property_read_u32(pdev->dev.of_node, "num-channels",
+ &bdev->num_channels);
+ if (ret)
+ dev_err(bdev->dev, "num-channels unspecified in dt\n");
+
+ ret = of_property_read_u32(pdev->dev.of_node, "qcom,num-ees",
+ &bdev->num_ees);
+ if (ret)
+ dev_err(bdev->dev, "num-ees unspecified in dt\n");
+ }
+
bdev->bamclk = devm_clk_get(bdev->dev, "bam_clk");
if (IS_ERR(bdev->bamclk))
return PTR_ERR(bdev->bamclk);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 308/329] net: stmmac: ensure that the device has released ownership before reading data
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (286 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 307/329] dmaengine: qcom: bam_dma: get num-channels and num-ees from dt Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 309/329] net: stmmac: ensure that the MSS desc is the last desc to set the own bit Greg Kroah-Hartman
` (21 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Niklas Cassel <niklas.cassel@axis.com>
[ Upstream commit a6b25da5e7ba212af5826a662e6a035a79bffabd ]
According to Documentation/memory-barriers.txt, we need to use a
dma_rmb() after reading the status/own bit, to ensure that all
descriptor fields are read after reading the own bit.
This way, we ensure that the DMA engine is done with the DMA
descriptor before we read the other descriptor fields, e.g. reading
the tx hardware timestamp (if PTP is enabled).
Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -1343,6 +1343,11 @@ static void stmmac_tx_clean(struct stmma
if (unlikely(status & tx_dma_own))
break;
+ /* Make sure descriptor fields are read after reading
+ * the own bit.
+ */
+ dma_rmb();
+
/* Just consider the last segment and ...*/
if (likely(!(status & tx_not_ls))) {
/* ... verify the status error condition */
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 309/329] net: stmmac: ensure that the MSS desc is the last desc to set the own bit
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (287 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 308/329] net: stmmac: ensure that the device has released ownership before reading data Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 310/329] cpufreq: Reorder cpufreq_online() error code path Greg Kroah-Hartman
` (20 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Niklas Cassel <niklas.cassel@axis.com>
[ Upstream commit 15d2ee42a3087089e73ad52fd8c1b37ab496b87c ]
A dma_wmb() is used to guarantee the ordering, with respect to
other writes, to cache coherent DMA memory.
There is a dma_wmb() in prepare_tx_desc()/prepare_tso_tx_desc() which
ensures that TDES0/1/2 is written before TDES3 (which contains the own
bit), for First Desc.
However, in the rare case that MSS changes, there will be a MSS
context descriptor in front of the regular DMA descriptors:
<MSS desc> <- DMA Next Descriptor
<First Desc>
<desc n>
<Last Desc>
Thus, for this special case, we need a dma_wmb()
after prepare_tso_tx_desc()/before writing the own bit to the MSS desc,
so that we flush the write to TDES3 for First Desc,
in order to ensure that the MSS descriptor is the last descriptor to
set the own bit.
Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -2141,8 +2141,15 @@ static netdev_tx_t stmmac_tso_xmit(struc
tcp_hdrlen(skb) / 4, (skb->len - proto_hdr_len));
/* If context desc is used to change MSS */
- if (mss_desc)
+ if (mss_desc) {
+ /* Make sure that first descriptor has been completely
+ * written, including its own bit. This is because MSS is
+ * actually before first descriptor, so we need to make
+ * sure that MSS's own bit is the last thing written.
+ */
+ dma_wmb();
priv->hw->desc->set_tx_owner(mss_desc);
+ }
/* The own bit must be the latest setting done when prepare the
* descriptor and then barrier is needed to make sure that
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 310/329] cpufreq: Reorder cpufreq_online() error code path
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (288 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 309/329] net: stmmac: ensure that the MSS desc is the last desc to set the own bit Greg Kroah-Hartman
@ 2018-05-28 10:03 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 311/329] PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Greg Kroah-Hartman
` (19 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Viresh Kumar, Rafael J. Wysocki, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit b24b6478e65f140610ab1ffaadc7bc6bf0be8aad ]
Ideally the de-allocation of resources should happen in the exact
opposite order in which they were allocated. It helps maintain the code
in long term, even if nothing really breaks with incorrect ordering.
That wasn't followed in cpufreq_online() and it has some
inconsistencies. For example, the symlinks were created from within
the locked region while they are removed only after putting the locks.
Also ->exit() should have been called only after the symlinks are
removed and the lock is dropped, as that was the case when ->init()
was first called.
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
[ rjw: Subject ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/cpufreq.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1288,14 +1288,14 @@ static int cpufreq_online(unsigned int c
return 0;
out_exit_policy:
+ for_each_cpu(j, policy->real_cpus)
+ remove_cpu_dev_symlink(policy, get_cpu_device(j));
+
up_write(&policy->rwsem);
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
- for_each_cpu(j, policy->real_cpus)
- remove_cpu_dev_symlink(policy, get_cpu_device(j));
-
out_free_policy:
cpufreq_policy_free(policy, !new_policy);
return ret;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 311/329] PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (289 preceding siblings ...)
2018-05-28 10:03 ` [PATCH 4.9 310/329] cpufreq: Reorder cpufreq_online() error code path Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 313/329] ARM: dts: bcm283x: Fix probing of bcm2835-i2s Greg Kroah-Hartman
` (18 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Vincent-Cross, Bjorn Helgaas,
Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Vincent-Cross <me@tvc.id.au>
[ Upstream commit 832e4e1f76b8a84991e9db56fdcef1ebce839b8b ]
Add Marvell 88SE9220 DMA quirk as found and tested on bug 42679.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=42679
Signed-off-by: Thomas Vincent-Cross <me@tvc.id.au>
Signed-off-by: Bjorn Helgaas <helgaas@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -3874,6 +3874,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_M
/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c46 */
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x91a0,
quirk_dma_func1_alias);
+/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c127 */
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9220,
+ quirk_dma_func1_alias);
/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c49 */
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9230,
quirk_dma_func1_alias);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 313/329] ARM: dts: bcm283x: Fix probing of bcm2835-i2s
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (290 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 311/329] PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 314/329] audit: return on memory error to avoid null pointer dereference Greg Kroah-Hartman
` (17 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Eric Anholt,
Matthias Reichl, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 79c81facdc0b43b1cef37b8d5689a8c8b78f8be0 ]
Since 517e7a1537a ("ASoC: bcm2835: move to use the clock framework")
the bcm2835-i2s requires a clock as DT property. Unfortunately
the necessary DT change has never been applied. While we are at it
also fix the first PCM register range to cover the PCM_GRAY register.
Fixes: 517e7a1537a ("ASoC: bcm2835: move to use the clock framework")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Tested-by: Matthias Reichl <hias@horus.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/bcm283x.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/dts/bcm283x.dtsi
+++ b/arch/arm/boot/dts/bcm283x.dtsi
@@ -146,8 +146,8 @@
i2s: i2s@7e203000 {
compatible = "brcm,bcm2835-i2s";
- reg = <0x7e203000 0x20>,
- <0x7e101098 0x02>;
+ reg = <0x7e203000 0x24>;
+ clocks = <&clocks BCM2835_CLOCK_PCM>;
dmas = <&dma 2>,
<&dma 3>;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 314/329] audit: return on memory error to avoid null pointer dereference
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (291 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 313/329] ARM: dts: bcm283x: Fix probing of bcm2835-i2s Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 315/329] rcu: Call touch_nmi_watchdog() while printing stall warnings Greg Kroah-Hartman
` (16 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Guy Briggs, Paul Moore, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Guy Briggs <rgb@redhat.com>
[ Upstream commit 23138ead270045f1b3e912e667967b6094244999 ]
If there is a memory allocation error when trying to change an audit
kernel feature value, the ignored allocation error will trigger a NULL
pointer dereference oops on subsequent use of that pointer. Return
instead.
Passes audit-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/76
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: not necessary (other funcs check for NULL), but a good practice]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/audit.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -742,6 +742,8 @@ static void audit_log_feature_change(int
return;
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
+ if (!ab)
+ return;
audit_log_task_info(ab, current);
audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
audit_feature_names[which], !!old_feature, !!new_feature,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 315/329] rcu: Call touch_nmi_watchdog() while printing stall warnings
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (292 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 314/329] audit: return on memory error to avoid null pointer dereference Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 316/329] pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group Greg Kroah-Hartman
` (15 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
[ Upstream commit 3caa973b7a260e7a2a69edc94c300ab9c65148c3 ]
When RCU stall warning triggers, it can print out a lot of messages
while holding spinlocks. If the console device is slow (e.g. an
actual or IPMI serial console), it may end up triggering NMI hard
lockup watchdog like the following.
---
kernel/rcu/tree_plugin.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/kernel/rcu/tree_plugin.h
+++ b/kernel/rcu/tree_plugin.h
@@ -521,8 +521,14 @@ static void rcu_print_detail_task_stall_
}
t = list_entry(rnp->gp_tasks->prev,
struct task_struct, rcu_node_entry);
- list_for_each_entry_continue(t, &rnp->blkd_tasks, rcu_node_entry)
+ list_for_each_entry_continue(t, &rnp->blkd_tasks, rcu_node_entry) {
+ /*
+ * We could be printing a lot while holding a spinlock.
+ * Avoid triggering hard lockup.
+ */
+ touch_nmi_watchdog();
sched_show_task(t);
+ }
raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
}
@@ -1629,6 +1635,12 @@ static void print_cpu_stall_info(struct
char *ticks_title;
unsigned long ticks_value;
+ /*
+ * We could be printing a lot while holding a spinlock. Avoid
+ * triggering hard lockup.
+ */
+ touch_nmi_watchdog();
+
if (rsp->gpnum == rdp->gpnum) {
ticks_title = "ticks this GP";
ticks_value = rdp->ticks_this_gp;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 316/329] pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (293 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 315/329] rcu: Call touch_nmi_watchdog() while printing stall warnings Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 317/329] MIPS: Octeon: Fix logging messages with spurious periods after newlines Greg Kroah-Hartman
` (14 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takeshi Kihara, Ulrich Hecht,
Simon Horman, Geert Uytterhoeven, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takeshi Kihara <takeshi.kihara.df@renesas.com>
[ Upstream commit b418c4609d5052d174668ad6d13efe023c45c595 ]
This patch fixes MOD_SEL1 bit20 and MOD_SEL2 bit20, bit21 pin assignment
for SSI pins group.
This is a correction to the incorrect implementation of MOD_SEL register
pin assignment for R8A7796 SoC specification of R-Car Gen3 Hardware
User's Manual Rev.0.51E or later.
Fixes: f9aece7344bd ("pinctrl: sh-pfc: Initial R8A7796 PFC support")
Signed-off-by: Takeshi Kihara <takeshi.kihara.df@renesas.com>
Signed-off-by: Ulrich Hecht <ulrich.hecht+renesas@gmail.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/sh-pfc/pfc-r8a7796.c | 40 +++++++++++++++++------------------
1 file changed, 20 insertions(+), 20 deletions(-)
--- a/drivers/pinctrl/sh-pfc/pfc-r8a7796.c
+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7796.c
@@ -1,7 +1,7 @@
/*
* R8A7796 processor support - PFC hardware block.
*
- * Copyright (C) 2016 Renesas Electronics Corp.
+ * Copyright (C) 2016-2017 Renesas Electronics Corp.
*
* This file is based on the drivers/pinctrl/sh-pfc/pfc-r8a7795.c
*
@@ -476,7 +476,7 @@ FM(IP16_31_28) IP16_31_28 FM(IP17_31_28)
#define MOD_SEL1_26 FM(SEL_TIMER_TMU_0) FM(SEL_TIMER_TMU_1)
#define MOD_SEL1_25_24 FM(SEL_SSP1_1_0) FM(SEL_SSP1_1_1) FM(SEL_SSP1_1_2) FM(SEL_SSP1_1_3)
#define MOD_SEL1_23_22_21 FM(SEL_SSP1_0_0) FM(SEL_SSP1_0_1) FM(SEL_SSP1_0_2) FM(SEL_SSP1_0_3) FM(SEL_SSP1_0_4) F_(0, 0) F_(0, 0) F_(0, 0)
-#define MOD_SEL1_20 FM(SEL_SSI_0) FM(SEL_SSI_1)
+#define MOD_SEL1_20 FM(SEL_SSI1_0) FM(SEL_SSI1_1)
#define MOD_SEL1_19 FM(SEL_SPEED_PULSE_0) FM(SEL_SPEED_PULSE_1)
#define MOD_SEL1_18_17 FM(SEL_SIMCARD_0) FM(SEL_SIMCARD_1) FM(SEL_SIMCARD_2) FM(SEL_SIMCARD_3)
#define MOD_SEL1_16 FM(SEL_SDHI2_0) FM(SEL_SDHI2_1)
@@ -1208,7 +1208,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP13_11_8, HSCK0),
PINMUX_IPSR_MSEL(IP13_11_8, MSIOF1_SCK_D, SEL_MSIOF1_3),
PINMUX_IPSR_MSEL(IP13_11_8, AUDIO_CLKB_A, SEL_ADG_B_0),
- PINMUX_IPSR_MSEL(IP13_11_8, SSI_SDATA1_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP13_11_8, SSI_SDATA1_B, SEL_SSI1_1),
PINMUX_IPSR_MSEL(IP13_11_8, TS_SCK0_D, SEL_TSIF0_3),
PINMUX_IPSR_MSEL(IP13_11_8, STP_ISCLK_0_D, SEL_SSP1_0_3),
PINMUX_IPSR_MSEL(IP13_11_8, RIF0_CLK_C, SEL_DRIF0_2),
@@ -1216,14 +1216,14 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP13_15_12, HRX0),
PINMUX_IPSR_MSEL(IP13_15_12, MSIOF1_RXD_D, SEL_MSIOF1_3),
- PINMUX_IPSR_MSEL(IP13_15_12, SSI_SDATA2_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP13_15_12, SSI_SDATA2_B, SEL_SSI2_1),
PINMUX_IPSR_MSEL(IP13_15_12, TS_SDEN0_D, SEL_TSIF0_3),
PINMUX_IPSR_MSEL(IP13_15_12, STP_ISEN_0_D, SEL_SSP1_0_3),
PINMUX_IPSR_MSEL(IP13_15_12, RIF0_D0_C, SEL_DRIF0_2),
PINMUX_IPSR_GPSR(IP13_19_16, HTX0),
PINMUX_IPSR_MSEL(IP13_19_16, MSIOF1_TXD_D, SEL_MSIOF1_3),
- PINMUX_IPSR_MSEL(IP13_19_16, SSI_SDATA9_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP13_19_16, SSI_SDATA9_B, SEL_SSI9_1),
PINMUX_IPSR_MSEL(IP13_19_16, TS_SDAT0_D, SEL_TSIF0_3),
PINMUX_IPSR_MSEL(IP13_19_16, STP_ISD_0_D, SEL_SSP1_0_3),
PINMUX_IPSR_MSEL(IP13_19_16, RIF0_D1_C, SEL_DRIF0_2),
@@ -1231,7 +1231,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP13_23_20, HCTS0_N),
PINMUX_IPSR_MSEL(IP13_23_20, RX2_B, SEL_SCIF2_1),
PINMUX_IPSR_MSEL(IP13_23_20, MSIOF1_SYNC_D, SEL_MSIOF1_3),
- PINMUX_IPSR_MSEL(IP13_23_20, SSI_SCK9_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP13_23_20, SSI_SCK9_A, SEL_SSI9_0),
PINMUX_IPSR_MSEL(IP13_23_20, TS_SPSYNC0_D, SEL_TSIF0_3),
PINMUX_IPSR_MSEL(IP13_23_20, STP_ISSYNC_0_D, SEL_SSP1_0_3),
PINMUX_IPSR_MSEL(IP13_23_20, RIF0_SYNC_C, SEL_DRIF0_2),
@@ -1240,7 +1240,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP13_27_24, HRTS0_N),
PINMUX_IPSR_MSEL(IP13_27_24, TX2_B, SEL_SCIF2_1),
PINMUX_IPSR_MSEL(IP13_27_24, MSIOF1_SS1_D, SEL_MSIOF1_3),
- PINMUX_IPSR_MSEL(IP13_27_24, SSI_WS9_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP13_27_24, SSI_WS9_A, SEL_SSI9_0),
PINMUX_IPSR_MSEL(IP13_27_24, STP_IVCXO27_0_D, SEL_SSP1_0_3),
PINMUX_IPSR_MSEL(IP13_27_24, BPFCLK_A, SEL_FM_0),
PINMUX_IPSR_GPSR(IP13_27_24, AUDIO_CLKOUT2_A),
@@ -1255,7 +1255,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_MSEL(IP14_3_0, RX5_A, SEL_SCIF5_0),
PINMUX_IPSR_MSEL(IP14_3_0, NFWP_N_A, SEL_NDF_0),
PINMUX_IPSR_MSEL(IP14_3_0, AUDIO_CLKA_C, SEL_ADG_A_2),
- PINMUX_IPSR_MSEL(IP14_3_0, SSI_SCK2_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP14_3_0, SSI_SCK2_A, SEL_SSI2_0),
PINMUX_IPSR_MSEL(IP14_3_0, STP_IVCXO27_0_C, SEL_SSP1_0_2),
PINMUX_IPSR_GPSR(IP14_3_0, AUDIO_CLKOUT3_A),
PINMUX_IPSR_MSEL(IP14_3_0, TCLK1_B, SEL_TIMER_TMU_1),
@@ -1264,7 +1264,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_MSEL(IP14_7_4, TX5_A, SEL_SCIF5_0),
PINMUX_IPSR_MSEL(IP14_7_4, MSIOF1_SS2_D, SEL_MSIOF1_3),
PINMUX_IPSR_MSEL(IP14_7_4, AUDIO_CLKC_A, SEL_ADG_C_0),
- PINMUX_IPSR_MSEL(IP14_7_4, SSI_WS2_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP14_7_4, SSI_WS2_A, SEL_SSI2_0),
PINMUX_IPSR_MSEL(IP14_7_4, STP_OPWM_0_D, SEL_SSP1_0_3),
PINMUX_IPSR_GPSR(IP14_7_4, AUDIO_CLKOUT_D),
PINMUX_IPSR_MSEL(IP14_7_4, SPEEDIN_B, SEL_SPEED_PULSE_1),
@@ -1292,10 +1292,10 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_MSEL(IP14_31_28, MSIOF1_SS2_F, SEL_MSIOF1_5),
/* IPSR15 */
- PINMUX_IPSR_MSEL(IP15_3_0, SSI_SDATA1_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP15_3_0, SSI_SDATA1_A, SEL_SSI1_0),
- PINMUX_IPSR_MSEL(IP15_7_4, SSI_SDATA2_A, SEL_SSI_0),
- PINMUX_IPSR_MSEL(IP15_7_4, SSI_SCK1_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP15_7_4, SSI_SDATA2_A, SEL_SSI2_0),
+ PINMUX_IPSR_MSEL(IP15_7_4, SSI_SCK1_B, SEL_SSI1_1),
PINMUX_IPSR_GPSR(IP15_11_8, SSI_SCK34),
PINMUX_IPSR_MSEL(IP15_11_8, MSIOF1_SS1_A, SEL_MSIOF1_0),
@@ -1381,11 +1381,11 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_MSEL(IP16_27_24, RIF1_D1_A, SEL_DRIF1_0),
PINMUX_IPSR_MSEL(IP16_27_24, RIF3_D1_A, SEL_DRIF3_0),
- PINMUX_IPSR_MSEL(IP16_31_28, SSI_SDATA9_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP16_31_28, SSI_SDATA9_A, SEL_SSI9_0),
PINMUX_IPSR_MSEL(IP16_31_28, HSCK2_B, SEL_HSCIF2_1),
PINMUX_IPSR_MSEL(IP16_31_28, MSIOF1_SS1_C, SEL_MSIOF1_2),
PINMUX_IPSR_MSEL(IP16_31_28, HSCK1_A, SEL_HSCIF1_0),
- PINMUX_IPSR_MSEL(IP16_31_28, SSI_WS1_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP16_31_28, SSI_WS1_B, SEL_SSI1_1),
PINMUX_IPSR_GPSR(IP16_31_28, SCK1),
PINMUX_IPSR_MSEL(IP16_31_28, STP_IVCXO27_1_A, SEL_SSP1_1_0),
PINMUX_IPSR_GPSR(IP16_31_28, SCK5_A),
@@ -1417,7 +1417,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP17_19_16, USB1_PWEN),
PINMUX_IPSR_MSEL(IP17_19_16, SIM0_CLK_C, SEL_SIMCARD_2),
- PINMUX_IPSR_MSEL(IP17_19_16, SSI_SCK1_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP17_19_16, SSI_SCK1_A, SEL_SSI1_0),
PINMUX_IPSR_MSEL(IP17_19_16, TS_SCK0_E, SEL_TSIF0_4),
PINMUX_IPSR_MSEL(IP17_19_16, STP_ISCLK_0_E, SEL_SSP1_0_4),
PINMUX_IPSR_MSEL(IP17_19_16, FMCLK_B, SEL_FM_1),
@@ -1427,7 +1427,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP17_23_20, USB1_OVC),
PINMUX_IPSR_MSEL(IP17_23_20, MSIOF1_SS2_C, SEL_MSIOF1_2),
- PINMUX_IPSR_MSEL(IP17_23_20, SSI_WS1_A, SEL_SSI_0),
+ PINMUX_IPSR_MSEL(IP17_23_20, SSI_WS1_A, SEL_SSI1_0),
PINMUX_IPSR_MSEL(IP17_23_20, TS_SDAT0_E, SEL_TSIF0_4),
PINMUX_IPSR_MSEL(IP17_23_20, STP_ISD_0_E, SEL_SSP1_0_4),
PINMUX_IPSR_MSEL(IP17_23_20, FMIN_B, SEL_FM_1),
@@ -1437,7 +1437,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP17_27_24, USB30_PWEN),
PINMUX_IPSR_GPSR(IP17_27_24, AUDIO_CLKOUT_B),
- PINMUX_IPSR_MSEL(IP17_27_24, SSI_SCK2_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP17_27_24, SSI_SCK2_B, SEL_SSI2_1),
PINMUX_IPSR_MSEL(IP17_27_24, TS_SDEN1_D, SEL_TSIF1_3),
PINMUX_IPSR_MSEL(IP17_27_24, STP_ISEN_1_D, SEL_SSP1_1_2),
PINMUX_IPSR_MSEL(IP17_27_24, STP_OPWM_0_E, SEL_SSP1_0_4),
@@ -1449,7 +1449,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP17_31_28, USB30_OVC),
PINMUX_IPSR_GPSR(IP17_31_28, AUDIO_CLKOUT1_B),
- PINMUX_IPSR_MSEL(IP17_31_28, SSI_WS2_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP17_31_28, SSI_WS2_B, SEL_SSI2_1),
PINMUX_IPSR_MSEL(IP17_31_28, TS_SPSYNC1_D, SEL_TSIF1_3),
PINMUX_IPSR_MSEL(IP17_31_28, STP_ISSYNC_1_D, SEL_SSP1_1_3),
PINMUX_IPSR_MSEL(IP17_31_28, STP_IVCXO27_0_E, SEL_SSP1_0_4),
@@ -1460,7 +1460,7 @@ static const u16 pinmux_data[] = {
/* IPSR18 */
PINMUX_IPSR_GPSR(IP18_3_0, GP6_30),
PINMUX_IPSR_GPSR(IP18_3_0, AUDIO_CLKOUT2_B),
- PINMUX_IPSR_MSEL(IP18_3_0, SSI_SCK9_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP18_3_0, SSI_SCK9_B, SEL_SSI9_1),
PINMUX_IPSR_MSEL(IP18_3_0, TS_SDEN0_E, SEL_TSIF0_4),
PINMUX_IPSR_MSEL(IP18_3_0, STP_ISEN_0_E, SEL_SSP1_0_4),
PINMUX_IPSR_MSEL(IP18_3_0, RIF2_D0_B, SEL_DRIF2_1),
@@ -1471,7 +1471,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_GPSR(IP18_7_4, GP6_31),
PINMUX_IPSR_GPSR(IP18_7_4, AUDIO_CLKOUT3_B),
- PINMUX_IPSR_MSEL(IP18_7_4, SSI_WS9_B, SEL_SSI_1),
+ PINMUX_IPSR_MSEL(IP18_7_4, SSI_WS9_B, SEL_SSI9_1),
PINMUX_IPSR_MSEL(IP18_7_4, TS_SPSYNC0_E, SEL_TSIF0_4),
PINMUX_IPSR_MSEL(IP18_7_4, STP_ISSYNC_0_E, SEL_SSP1_0_4),
PINMUX_IPSR_MSEL(IP18_7_4, RIF2_D1_B, SEL_DRIF2_1),
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 317/329] MIPS: Octeon: Fix logging messages with spurious periods after newlines
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (294 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 316/329] pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 319/329] x86/apic: Set up through-local-APIC mode on the boot CPU if noapic specified Greg Kroah-Hartman
` (13 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Perches, Ralf Baechle,
linux-mips, James Hogan, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Perches <joe@perches.com>
[ Upstream commit db6775ca6e0353d2618ca7d5e210fc36ad43bbd4 ]
Using a period after a newline causes bad output.
Fixes: 64b139f97c01 ("MIPS: OCTEON: irq: add CIB and other fixes")
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/17886/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/cavium-octeon/octeon-irq.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/arch/mips/cavium-octeon/octeon-irq.c
+++ b/arch/mips/cavium-octeon/octeon-irq.c
@@ -2271,7 +2271,7 @@ static int __init octeon_irq_init_cib(st
parent_irq = irq_of_parse_and_map(ciu_node, 0);
if (!parent_irq) {
- pr_err("ERROR: Couldn't acquire parent_irq for %s\n.",
+ pr_err("ERROR: Couldn't acquire parent_irq for %s\n",
ciu_node->name);
return -EINVAL;
}
@@ -2283,7 +2283,7 @@ static int __init octeon_irq_init_cib(st
addr = of_get_address(ciu_node, 0, NULL, NULL);
if (!addr) {
- pr_err("ERROR: Couldn't acquire reg(0) %s\n.", ciu_node->name);
+ pr_err("ERROR: Couldn't acquire reg(0) %s\n", ciu_node->name);
return -EINVAL;
}
host_data->raw_reg = (u64)phys_to_virt(
@@ -2291,7 +2291,7 @@ static int __init octeon_irq_init_cib(st
addr = of_get_address(ciu_node, 1, NULL, NULL);
if (!addr) {
- pr_err("ERROR: Couldn't acquire reg(1) %s\n.", ciu_node->name);
+ pr_err("ERROR: Couldn't acquire reg(1) %s\n", ciu_node->name);
return -EINVAL;
}
host_data->en_reg = (u64)phys_to_virt(
@@ -2299,7 +2299,7 @@ static int __init octeon_irq_init_cib(st
r = of_property_read_u32(ciu_node, "cavium,max-bits", &val);
if (r) {
- pr_err("ERROR: Couldn't read cavium,max-bits from %s\n.",
+ pr_err("ERROR: Couldn't read cavium,max-bits from %s\n",
ciu_node->name);
return r;
}
@@ -2309,7 +2309,7 @@ static int __init octeon_irq_init_cib(st
&octeon_irq_domain_cib_ops,
host_data);
if (!cib_domain) {
- pr_err("ERROR: Couldn't irq_domain_add_linear()\n.");
+ pr_err("ERROR: Couldn't irq_domain_add_linear()\n");
return -ENOMEM;
}
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 319/329] x86/apic: Set up through-local-APIC mode on the boot CPU if noapic specified
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (295 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 317/329] MIPS: Octeon: Fix logging messages with spurious periods after newlines Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 320/329] perf tests: Use arch__compare_symbol_names to compare symbols Greg Kroah-Hartman
` (12 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, Eric W. Biederman,
Linus Torvalds, Peter Zijlstra, Thomas Gleixner, douly.fnst,
joro, prarit, uobergfe, Ingo Molnar, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baoquan He <bhe@redhat.com>
[ Upstream commit bee3204ec3c49f6f53add9c3962c9012a5c036fa ]
Currently the kdump kernel becomes very slow if 'noapic' is specified.
Normal kernel doesn't have this bug.
Kernel parameter 'noapic' is used to disable IO-APIC in system for
testing or special purpose. Here the root cause is that in kdump
kernel LAPIC is disabled since commit:
522e664644 ("x86/apic: Disable I/O APIC before shutdown of the local APIC")
In this case we need set up through-local-APIC on boot CPU in
setup_local_APIC().
In normal kernel the legacy irq mode is enabled by the BIOS. If
it is virtual wire mode, the local-APIC has been enabled and set as
through-local-APIC.
Though we fixed the regression introduced by commit 522e664644,
to further improve robustness set up the through-local-APIC mode
explicitly, do not rely on the default boot IRQ mode.
Signed-off-by: Baoquan He <bhe@redhat.com>
Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: douly.fnst@cn.fujitsu.com
Cc: joro@8bytes.org
Cc: prarit@redhat.com
Cc: uobergfe@redhat.com
Link: http://lkml.kernel.org/r/20180214054656.3780-7-bhe@redhat.com
[ Rewrote the changelog. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/apic/apic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1403,7 +1403,7 @@ void setup_local_APIC(void)
* TODO: set up through-local-APIC from through-I/O-APIC? --macro
*/
value = apic_read(APIC_LVT0) & APIC_LVT_MASKED;
- if (!cpu && (pic_mode || !value)) {
+ if (!cpu && (pic_mode || !value || skip_ioapic_setup)) {
value = APIC_DM_EXTINT;
apic_printk(APIC_VERBOSE, "enabled ExtINT on CPU#%d\n", cpu);
} else {
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 320/329] perf tests: Use arch__compare_symbol_names to compare symbols
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (296 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 319/329] x86/apic: Set up through-local-APIC mode on the boot CPU if noapic specified Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 321/329] perf report: Fix memory corruption in --branch-history mode --branch-history Greg Kroah-Hartman
` (11 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Olsa, Naveen N. Rao,
Alexander Shishkin, David Ahern, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
[ Upstream commit ab6e9a99345131cd8e54268d1d0dc04a33f7ed11 ]
The symbol search called by machine__find_kernel_symbol_by_name is using
internally arch__compare_symbol_names function to compare 2 symbol
names, because different archs have different ways of comparing symbols.
Mostly for skipping '.' prefixes and similar.
In test 1 when we try to find matching symbols in kallsyms and vmlinux,
by address and by symbol name. When either is found we compare the pair
symbol names by simple strcmp, which is not good enough for reasons
explained in previous paragraph.
On powerpc this can cause lockup, because even thought we found the
pair, the compared names are different and don't match simple strcmp.
Following code path is executed, that leads to lockup:
- we find the pair in kallsyms by sym->start
next_pair:
- we compare the names and it fails
- we find the pair by sym->name
- the pair addresses match so we call goto next_pair
because we assume the names match in this case
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Tested-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: 031b84c407c3 ("perf probe ppc: Enable matching against dot symbols automatically")
Link: http://lkml.kernel.org/r/20180215122635.24029-10-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/tests/vmlinux-kallsyms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/tests/vmlinux-kallsyms.c
+++ b/tools/perf/tests/vmlinux-kallsyms.c
@@ -123,7 +123,7 @@ int test__vmlinux_matches_kallsyms(int s
if (pair && UM(pair->start) == mem_start) {
next_pair:
- if (strcmp(sym->name, pair->name) == 0) {
+ if (arch__compare_symbol_names(sym->name, pair->name) == 0) {
/*
* kallsyms don't have the symbol end, so we
* set that by using the next symbol start - 1,
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 321/329] perf report: Fix memory corruption in --branch-history mode --branch-history
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (297 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 320/329] perf tests: Use arch__compare_symbol_names to compare symbols Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 322/329] selftests/net: fixes psock_fanout eBPF test case Greg Kroah-Hartman
` (10 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Olsa, Jin Yao,
Alexander Shishkin, Andi Kleen, Kan Liang, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@redhat.com>
[ Upstream commit e3ebaa465136ecfedf9c6f4671df02bf625f8125 ]
Jin Yao reported memory corrupton in perf report with
branch info used for stack trace:
> Following command lines will cause perf crash.
> perf record -j call -g -a <application>
> perf report --branch-history
>
> *** Error in `perf': double free or corruption (!prev): 0x00000000104aa040 ***
> ======= Backtrace: =========
> /lib/x86_64-linux-gnu/libc.so.6(+0x77725)[0x7f6b37254725]
> /lib/x86_64-linux-gnu/libc.so.6(+0x7ff4a)[0x7f6b3725cf4a]
> /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7f6b37260abc]
> perf[0x51b914]
> perf(hist_entry_iter__add+0x1e5)[0x51f305]
> perf[0x43cf01]
> perf[0x4fa3bf]
> perf[0x4fa923]
> perf[0x4fd396]
> perf[0x4f9614]
> perf(perf_session__process_events+0x89e)[0x4fc38e]
> perf(cmd_report+0x15d2)[0x43f202]
> perf[0x4a059f]
> perf(main+0x631)[0x427b71]
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f6b371fd830]
> perf(_start+0x29)[0x427d89]
For the cumulative output, we allocate the he_cache array based on the
--max-stack option value and populate it with data from 'callchain_cursor'.
The --max-stack option value does not ensure now the limit for number of
callchain_cursor nodes, so the cumulative iter code will allocate smaller array
than it's actually needed and cause above corruption.
I think the --max-stack limit does not apply here anyway, because we add
callchain data as normal hist entries, while the --max-stack control the limit
of single entry callchain depth.
Using the callchain_cursor.nr as he_cache array count to fix this. Also
removing struct hist_entry_iter::max_stack, because there's no longer any use
for it.
We need more fixes to ensure that the branch stack code follows properly the
logic of --max-stack, which is not the case at the moment.
Original-patch-by: Jin Yao <yao.jin@linux.intel.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Reported-by: Jin Yao <yao.jin@linux.intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20180216123619.GA9945@krava
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/hist.c | 4 +---
tools/perf/util/hist.h | 1 -
2 files changed, 1 insertion(+), 4 deletions(-)
--- a/tools/perf/util/hist.c
+++ b/tools/perf/util/hist.c
@@ -865,7 +865,7 @@ iter_prepare_cumulative_entry(struct his
* cumulated only one time to prevent entries more than 100%
* overhead.
*/
- he_cache = malloc(sizeof(*he_cache) * (iter->max_stack + 1));
+ he_cache = malloc(sizeof(*he_cache) * (callchain_cursor.nr + 1));
if (he_cache == NULL)
return -ENOMEM;
@@ -1030,8 +1030,6 @@ int hist_entry_iter__add(struct hist_ent
if (err)
return err;
- iter->max_stack = max_stack_depth;
-
err = iter->ops->prepare_entry(iter, al);
if (err)
goto out;
--- a/tools/perf/util/hist.h
+++ b/tools/perf/util/hist.h
@@ -102,7 +102,6 @@ struct hist_entry_iter {
int curr;
bool hide_unresolved;
- int max_stack;
struct perf_evsel *evsel;
struct perf_sample *sample;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 322/329] selftests/net: fixes psock_fanout eBPF test case
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (298 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 321/329] perf report: Fix memory corruption in --branch-history mode --branch-history Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 323/329] netlabel: If PF_INET6, check sk_buff ip header version Greg Kroah-Hartman
` (9 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prashant Bhole, Willem de Bruijn,
David S. Miller, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
[ Upstream commit ddd0010392d9cbcb95b53d11b7cafc67b373ab56 ]
eBPF test fails due to verifier failure because log_buf is too small.
Fixed by increasing log_buf size
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/psock_fanout.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/tools/testing/selftests/net/psock_fanout.c
+++ b/tools/testing/selftests/net/psock_fanout.c
@@ -97,6 +97,8 @@ static int sock_fanout_open(uint16_t typ
static void sock_fanout_set_ebpf(int fd)
{
+ static char log_buf[65536];
+
const int len_off = __builtin_offsetof(struct __sk_buff, len);
struct bpf_insn prog[] = {
{ BPF_ALU64 | BPF_MOV | BPF_X, 6, 1, 0, 0 },
@@ -109,7 +111,6 @@ static void sock_fanout_set_ebpf(int fd)
{ BPF_ALU | BPF_MOV | BPF_K, 0, 0, 0, 0 },
{ BPF_JMP | BPF_EXIT, 0, 0, 0, 0 }
};
- char log_buf[512];
union bpf_attr attr;
int pfd;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 323/329] netlabel: If PF_INET6, check sk_buff ip header version
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (299 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 322/329] selftests/net: fixes psock_fanout eBPF test case Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 324/329] regmap: Correct comparison in regmap_cached Greg Kroah-Hartman
` (8 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Haines, Paul Moore, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Haines <richard_c_haines@btinternet.com>
[ Upstream commit 213d7f94775322ba44e0bbb55ec6946e9de88cea ]
When resolving a fallback label, check the sk_buff version as it
is possible (e.g. SCTP) to have family = PF_INET6 while
receiving ip_hdr(skb)->version = 4.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netlabel/netlabel_unlabeled.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1469,6 +1469,16 @@ int netlbl_unlabel_getattr(const struct
iface = rcu_dereference(netlbl_unlhsh_def);
if (iface == NULL || !iface->valid)
goto unlabel_getattr_nolabel;
+
+#if IS_ENABLED(CONFIG_IPV6)
+ /* When resolving a fallback label, check the sk_buff version as
+ * it is possible (e.g. SCTP) to have family = PF_INET6 while
+ * receiving ip_hdr(skb)->version = 4.
+ */
+ if (family == PF_INET6 && ip_hdr(skb)->version == 4)
+ family = PF_INET;
+#endif /* IPv6 */
+
switch (family) {
case PF_INET: {
struct iphdr *hdr4;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 324/329] regmap: Correct comparison in regmap_cached
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (300 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 323/329] netlabel: If PF_INET6, check sk_buff ip header version Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 325/329] ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet Greg Kroah-Hartman
` (7 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Keepax <ckeepax@opensource.cirrus.com>
[ Upstream commit 71df179363a5a733a8932e9afb869760d7559383 ]
The cache pointer points to the actual memory used by the cache, as the
comparison here is looking for the type of the cache it should check
against cache_type.
Fixes: 1ea975cf1ef5 ("regmap: Add a function to check if a regmap register is cached")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/regmap/regmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -98,7 +98,7 @@ bool regmap_cached(struct regmap *map, u
int ret;
unsigned int val;
- if (map->cache == REGCACHE_NONE)
+ if (map->cache_type == REGCACHE_NONE)
return false;
if (!map->cache_ops)
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 325/329] ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (301 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 324/329] regmap: Correct comparison in regmap_cached Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 326/329] ARM: dts: porter: Fix HDMI output routing Greg Kroah-Hartman
` (6 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aapo Vienamo, Shawn Guo, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aapo Vienamo <aapo@tuxera.com>
[ Upstream commit 2bada7ac1fdcbf79a9689bd2ff65fa515ca7a31f ]
The missing last digit of the CONFIG values is added. Looks like a typo
of some sort when comparing to the downstream dt. This fixes
intermittent behavior behaviour of the ethernet controllers.
Signed-off-by: Aapo Vienamo <aapo@tuxera.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 52 ++++++++++++++++----------------
1 file changed, 26 insertions(+), 26 deletions(-)
--- a/arch/arm/boot/dts/imx7d-cl-som-imx7.dts
+++ b/arch/arm/boot/dts/imx7d-cl-som-imx7.dts
@@ -213,37 +213,37 @@
&iomuxc {
pinctrl_enet1: enet1grp {
fsl,pins = <
- MX7D_PAD_SD2_CD_B__ENET1_MDIO 0x3
- MX7D_PAD_SD2_WP__ENET1_MDC 0x3
- MX7D_PAD_ENET1_RGMII_TXC__ENET1_RGMII_TXC 0x1
- MX7D_PAD_ENET1_RGMII_TD0__ENET1_RGMII_TD0 0x1
- MX7D_PAD_ENET1_RGMII_TD1__ENET1_RGMII_TD1 0x1
- MX7D_PAD_ENET1_RGMII_TD2__ENET1_RGMII_TD2 0x1
- MX7D_PAD_ENET1_RGMII_TD3__ENET1_RGMII_TD3 0x1
- MX7D_PAD_ENET1_RGMII_TX_CTL__ENET1_RGMII_TX_CTL 0x1
- MX7D_PAD_ENET1_RGMII_RXC__ENET1_RGMII_RXC 0x1
- MX7D_PAD_ENET1_RGMII_RD0__ENET1_RGMII_RD0 0x1
- MX7D_PAD_ENET1_RGMII_RD1__ENET1_RGMII_RD1 0x1
- MX7D_PAD_ENET1_RGMII_RD2__ENET1_RGMII_RD2 0x1
- MX7D_PAD_ENET1_RGMII_RD3__ENET1_RGMII_RD3 0x1
- MX7D_PAD_ENET1_RGMII_RX_CTL__ENET1_RGMII_RX_CTL 0x1
+ MX7D_PAD_SD2_CD_B__ENET1_MDIO 0x30
+ MX7D_PAD_SD2_WP__ENET1_MDC 0x30
+ MX7D_PAD_ENET1_RGMII_TXC__ENET1_RGMII_TXC 0x11
+ MX7D_PAD_ENET1_RGMII_TD0__ENET1_RGMII_TD0 0x11
+ MX7D_PAD_ENET1_RGMII_TD1__ENET1_RGMII_TD1 0x11
+ MX7D_PAD_ENET1_RGMII_TD2__ENET1_RGMII_TD2 0x11
+ MX7D_PAD_ENET1_RGMII_TD3__ENET1_RGMII_TD3 0x11
+ MX7D_PAD_ENET1_RGMII_TX_CTL__ENET1_RGMII_TX_CTL 0x11
+ MX7D_PAD_ENET1_RGMII_RXC__ENET1_RGMII_RXC 0x11
+ MX7D_PAD_ENET1_RGMII_RD0__ENET1_RGMII_RD0 0x11
+ MX7D_PAD_ENET1_RGMII_RD1__ENET1_RGMII_RD1 0x11
+ MX7D_PAD_ENET1_RGMII_RD2__ENET1_RGMII_RD2 0x11
+ MX7D_PAD_ENET1_RGMII_RD3__ENET1_RGMII_RD3 0x11
+ MX7D_PAD_ENET1_RGMII_RX_CTL__ENET1_RGMII_RX_CTL 0x11
>;
};
pinctrl_enet2: enet2grp {
fsl,pins = <
- MX7D_PAD_EPDC_GDSP__ENET2_RGMII_TXC 0x1
- MX7D_PAD_EPDC_SDCE2__ENET2_RGMII_TD0 0x1
- MX7D_PAD_EPDC_SDCE3__ENET2_RGMII_TD1 0x1
- MX7D_PAD_EPDC_GDCLK__ENET2_RGMII_TD2 0x1
- MX7D_PAD_EPDC_GDOE__ENET2_RGMII_TD3 0x1
- MX7D_PAD_EPDC_GDRL__ENET2_RGMII_TX_CTL 0x1
- MX7D_PAD_EPDC_SDCE1__ENET2_RGMII_RXC 0x1
- MX7D_PAD_EPDC_SDCLK__ENET2_RGMII_RD0 0x1
- MX7D_PAD_EPDC_SDLE__ENET2_RGMII_RD1 0x1
- MX7D_PAD_EPDC_SDOE__ENET2_RGMII_RD2 0x1
- MX7D_PAD_EPDC_SDSHR__ENET2_RGMII_RD3 0x1
- MX7D_PAD_EPDC_SDCE0__ENET2_RGMII_RX_CTL 0x1
+ MX7D_PAD_EPDC_GDSP__ENET2_RGMII_TXC 0x11
+ MX7D_PAD_EPDC_SDCE2__ENET2_RGMII_TD0 0x11
+ MX7D_PAD_EPDC_SDCE3__ENET2_RGMII_TD1 0x11
+ MX7D_PAD_EPDC_GDCLK__ENET2_RGMII_TD2 0x11
+ MX7D_PAD_EPDC_GDOE__ENET2_RGMII_TD3 0x11
+ MX7D_PAD_EPDC_GDRL__ENET2_RGMII_TX_CTL 0x11
+ MX7D_PAD_EPDC_SDCE1__ENET2_RGMII_RXC 0x11
+ MX7D_PAD_EPDC_SDCLK__ENET2_RGMII_RD0 0x11
+ MX7D_PAD_EPDC_SDLE__ENET2_RGMII_RD1 0x11
+ MX7D_PAD_EPDC_SDOE__ENET2_RGMII_RD2 0x11
+ MX7D_PAD_EPDC_SDSHR__ENET2_RGMII_RD3 0x11
+ MX7D_PAD_EPDC_SDCE0__ENET2_RGMII_RX_CTL 0x11
>;
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 326/329] ARM: dts: porter: Fix HDMI output routing
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (302 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 325/329] ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 327/329] regulator: of: Add a missing of_node_put() in an error handling path of of_regulator_match() Greg Kroah-Hartman
` (5 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Simon Horman, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
[ Upstream commit d4b78db6ac3e084e2bdc57d5518bd247c727f396 ]
The HDMI encoder is connected to the RGB output of the DU, which is
port@0, not port@1. Fix the incorrect DT description.
Fixes: c5af8a4248d3 ("ARM: dts: porter: add DU DT support")
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/r8a7791-porter.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/r8a7791-porter.dts
+++ b/arch/arm/boot/dts/r8a7791-porter.dts
@@ -428,7 +428,7 @@
"dclkin.0", "dclkin.1";
ports {
- port@1 {
+ port@0 {
endpoint {
remote-endpoint = <&adv7511_in>;
};
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 327/329] regulator: of: Add a missing of_node_put() in an error handling path of of_regulator_match()
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (303 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 326/329] ARM: dts: porter: Fix HDMI output routing Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 328/329] pinctrl: msm: Use dynamic GPIO numbering Greg Kroah-Hartman
` (4 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Mark Brown, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 30966861a7a2051457be8c49466887d78cc47e97 ]
If an unlikely failure in 'of_get_regulator_init_data()' occurs, we must
release the reference on the current 'child' node before returning.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/of_regulator.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/regulator/of_regulator.c
+++ b/drivers/regulator/of_regulator.c
@@ -282,6 +282,7 @@ int of_regulator_match(struct device *de
dev_err(dev,
"failed to parse DT for regulator %s\n",
child->name);
+ of_node_put(child);
return -EINVAL;
}
match->of_node = of_node_get(child);
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 328/329] pinctrl: msm: Use dynamic GPIO numbering
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (304 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 327/329] regulator: of: Add a missing of_node_put() in an error handling path of of_regulator_match() Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 329/329] kdb: make "mdr" command repeat Greg Kroah-Hartman
` (3 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Timur Tabi, Bjorn Andersson,
Linus Walleij, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit a7aa75a2a7dba32594291a71c3704000a2fd7089 ]
The base of the TLMM gpiochip should not be statically defined as 0, fix
this to not artificially restrict the existence of multiple pinctrl-msm
devices.
Fixes: f365be092572 ("pinctrl: Add Qualcomm TLMM driver")
Reported-by: Timur Tabi <timur@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-msm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pinctrl/qcom/pinctrl-msm.c
+++ b/drivers/pinctrl/qcom/pinctrl-msm.c
@@ -790,7 +790,7 @@ static int msm_gpio_init(struct msm_pinc
return -EINVAL;
chip = &pctrl->chip;
- chip->base = 0;
+ chip->base = -1;
chip->ngpio = ngpio;
chip->label = dev_name(pctrl->dev);
chip->parent = pctrl->dev;
^ permalink raw reply [flat|nested] 311+ messages in thread
* [PATCH 4.9 329/329] kdb: make "mdr" command repeat
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (305 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 328/329] pinctrl: msm: Use dynamic GPIO numbering Greg Kroah-Hartman
@ 2018-05-28 10:04 ` Greg Kroah-Hartman
2018-05-29 0:44 ` [PATCH 4.9 000/329] 4.9.104-stable review Guenter Roeck
` (2 subsequent siblings)
309 siblings, 0 replies; 311+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-28 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Daniel Thompson,
Jason Wessel, kgdb-bugreport, Sasha Levin
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 1e0ce03bf142454f38a5fc050bf4fd698d2d36d8 ]
The "mdr" command should repeat (continue) when only Enter/Return
is pressed, so make it do so.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Jason Wessel <jason.wessel@windriver.com>
Cc: kgdb-bugreport@lists.sourceforge.net
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/debug/kdb/kdb_main.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1564,6 +1564,7 @@ static int kdb_md(int argc, const char *
int symbolic = 0;
int valid = 0;
int phys = 0;
+ int raw = 0;
kdbgetintenv("MDCOUNT", &mdcount);
kdbgetintenv("RADIX", &radix);
@@ -1573,9 +1574,10 @@ static int kdb_md(int argc, const char *
repeat = mdcount * 16 / bytesperword;
if (strcmp(argv[0], "mdr") == 0) {
- if (argc != 2)
+ if (argc == 2 || (argc == 0 && last_addr != 0))
+ valid = raw = 1;
+ else
return KDB_ARGCOUNT;
- valid = 1;
} else if (isdigit(argv[0][2])) {
bytesperword = (int)(argv[0][2] - '0');
if (bytesperword == 0) {
@@ -1611,7 +1613,10 @@ static int kdb_md(int argc, const char *
radix = last_radix;
bytesperword = last_bytesperword;
repeat = last_repeat;
- mdcount = ((repeat * bytesperword) + 15) / 16;
+ if (raw)
+ mdcount = repeat;
+ else
+ mdcount = ((repeat * bytesperword) + 15) / 16;
}
if (argc) {
@@ -1628,7 +1633,10 @@ static int kdb_md(int argc, const char *
diag = kdbgetularg(argv[nextarg], &val);
if (!diag) {
mdcount = (int) val;
- repeat = mdcount * 16 / bytesperword;
+ if (raw)
+ repeat = mdcount;
+ else
+ repeat = mdcount * 16 / bytesperword;
}
}
if (argc >= nextarg+1) {
@@ -1638,8 +1646,15 @@ static int kdb_md(int argc, const char *
}
}
- if (strcmp(argv[0], "mdr") == 0)
- return kdb_mdr(addr, mdcount);
+ if (strcmp(argv[0], "mdr") == 0) {
+ int ret;
+ last_addr = addr;
+ ret = kdb_mdr(addr, mdcount);
+ last_addr += mdcount;
+ last_repeat = mdcount;
+ last_bytesperword = bytesperword; // to make REPEAT happy
+ return ret;
+ }
switch (radix) {
case 10:
^ permalink raw reply [flat|nested] 311+ messages in thread
* Re: [PATCH 4.9 000/329] 4.9.104-stable review
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (306 preceding siblings ...)
2018-05-28 10:04 ` [PATCH 4.9 329/329] kdb: make "mdr" command repeat Greg Kroah-Hartman
@ 2018-05-29 0:44 ` Guenter Roeck
2018-05-29 5:35 ` Naresh Kamboju
2018-05-29 19:50 ` Shuah Khan
309 siblings, 0 replies; 311+ messages in thread
From: Guenter Roeck @ 2018-05-29 0:44 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, shuah, patches, ben.hutchings, lkft-triage, stable
On 05/28/2018 02:58 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.104 release.
> There are 329 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed May 30 10:00:51 UTC 2018.
> Anything received after that time might be too late.
>
Build results:
total: 146 pass: 146 fail: 0
Qemu test results:
total: 139 pass: 139 fail: 0
Details are available at http://kerneltests.org/builders.
Guenter
^ permalink raw reply [flat|nested] 311+ messages in thread
* Re: [PATCH 4.9 000/329] 4.9.104-stable review
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (307 preceding siblings ...)
2018-05-29 0:44 ` [PATCH 4.9 000/329] 4.9.104-stable review Guenter Roeck
@ 2018-05-29 5:35 ` Naresh Kamboju
2018-05-29 19:50 ` Shuah Khan
309 siblings, 0 replies; 311+ messages in thread
From: Naresh Kamboju @ 2018-05-29 5:35 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: open list, Shuah Khan, patches, lkft-triage, Ben Hutchings,
linux- stable, Andrew Morton, Linus Torvalds, Guenter Roeck
On 28 May 2018 at 15:28, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 4.9.104 release.
> There are 329 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed May 30 10:00:51 UTC 2018.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.104-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm and x86_64.
NOTE:
The failed LTP test case "cve-2017-5669" is a waiver here.
Summary
------------------------------------------------------------------------
kernel: 4.9.104-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.9.y
git commit: e11d3afa71760bdd9a9687b439d3e28c0b0fd3af
git describe: v4.9.103-330-ge11d3afa7176
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.9-oe/build/v4.9.103-330-ge11d3afa7176
No regressions (compared to build v4.9.103-331-g892592b6a7d3)
Ran 11129 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_x86_64
- x15 - arm
- x86_64
Test Suites
-----------
* boot
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-containers-tests
* ltp-cve-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 311+ messages in thread
* Re: [PATCH 4.9 000/329] 4.9.104-stable review
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
` (308 preceding siblings ...)
2018-05-29 5:35 ` Naresh Kamboju
@ 2018-05-29 19:50 ` Shuah Khan
309 siblings, 0 replies; 311+ messages in thread
From: Shuah Khan @ 2018-05-29 19:50 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
stable, Shuah Khan
On 05/28/2018 03:58 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.104 release.
> There are 329 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed May 30 10:00:51 UTC 2018.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.104-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 311+ messages in thread
end of thread, other threads:[~2018-05-29 19:50 UTC | newest]
Thread overview: 311+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-28 9:58 [PATCH 4.9 000/329] 4.9.104-stable review Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 001/329] MIPS: c-r4k: Fix data corruption related to cache coherence Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 002/329] MIPS: ptrace: Expose FIR register through FP regset Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 003/329] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 004/329] KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 005/329] affs_lookup(): close a race with affs_remove_link() Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 006/329] aio: fix io_destroy(2) vs. lookup_ioctx() race Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 007/329] ALSA: timer: Fix pause event notification Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 008/329] do d_instantiate/unlock_new_inode combinations safely Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 009/329] mmc: sdhci-iproc: remove hard coded mmc cap 1.8v Greg Kroah-Hartman
2018-05-28 9:58 ` [PATCH 4.9 010/329] mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 011/329] libata: Blacklist some Sandisk SSDs for NCQ Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 012/329] libata: blacklist Micron 500IT SSD with MU01 firmware Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 013/329] xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 014/329] drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 015/329] IB/hfi1: Use after free race condition in send context error path Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 016/329] Revert "ipc/shm: Fix shmat mmap nil-page protection" Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 017/329] ipc/shm: fix shmat() nil address after round-down when remapping Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 018/329] kasan: fix memory hotplug during boot Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 019/329] kernel/sys.c: fix potential Spectre v1 issue Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 020/329] kernel/signal.c: avoid undefined behaviour in kill_something_info Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 022/329] KVM: s390: vsie: fix < 8k check for the itdba Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 025/329] firewire-ohci: work around oversized DMA reads on JMicron controllers Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 026/329] x86/tsc: Allow TSC calibration without PIT Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 027/329] NFSv4: always set NFS_LOCK_LOST when a lock is lost Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 028/329] ALSA: hda - Use IS_REACHABLE() for dependency on input Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 030/329] netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 031/329] tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 032/329] PCI: Add function 1 DMA alias quirk for Marvell 9128 Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 033/329] Input: psmouse - fix Synaptics detection when protocol is disabled Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 034/329] i40iw: Zero-out consumer key on allocate stag for FMR Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 035/329] tools lib traceevent: Simplify pointer print logic and fix %pF Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 036/329] perf callchain: Fix attr.sample_max_stack setting Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 037/329] tools lib traceevent: Fix get_field_str() for dynamic strings Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 038/329] perf record: Fix failed memory allocation for get_cpuid_str Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 039/329] iommu/vt-d: Use domain instead of cache fetching Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 040/329] dm thin: fix documentation relative to low water mark threshold Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 041/329] net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 042/329] net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 043/329] nfs: Do not convert nfs_idmap_cache_timeout to jiffies Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 045/329] kconfig: Dont leak main menus during parsing Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 046/329] kconfig: Fix automatic menu creation mem leak Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 047/329] kconfig: Fix expr_free() E_NOT leak Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 048/329] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 049/329] ipmi/powernv: Fix error return code in ipmi_powernv_probe() Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 050/329] Btrfs: set plug for fsync Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 051/329] btrfs: Fix out of bounds access in btrfs_search_slot Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 052/329] Btrfs: fix scrub to repair raid6 corruption Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 053/329] btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 054/329] HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 055/329] fm10k: fix "failed to kill vid" message for VF Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 056/329] device property: Define type of PROPERTY_ENRTY_*() macros Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 057/329] jffs2: Fix use-after-free bug in jffs2_iget()s error handling path Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 058/329] powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 059/329] powerpc/numa: Ensure nodes initialized for hotplug Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 060/329] RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 061/329] ntb_transport: Fix bug with max_mw_size parameter Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 062/329] gianfar: prevent integer wrapping in the rx handler Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 063/329] tcp_nv: fix potential integer overflow in tcpnv_acked Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 065/329] ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 066/329] ocfs2/acl: use ip_xattr_sem to protect getting extended attribute Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 067/329] ocfs2: return error when we attempt to access a dirty bh in jbd2 Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 068/329] mm/mempolicy: fix the check of nodemask from user Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 069/329] mm/mempolicy: add nodes_empty check in SYSC_migrate_pages Greg Kroah-Hartman
2018-05-28 9:59 ` [PATCH 4.9 070/329] asm-generic: provide generic_pmdp_establish() Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 071/329] sparc64: update pmdp_invalidate() to return old pmd value Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 073/329] mm: pin address_space before dereferencing it while isolating an LRU page Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 074/329] mm/fadvise: discard partial page if endbyte is also EOF Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 075/329] openvswitch: Remove padding from packet before L3+ conntrack processing Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 076/329] IB/ipoib: Fix for potential no-carrier state Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 077/329] drm/nouveau/pmu/fuc: dont use movw directly anymore Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 078/329] netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 079/329] x86/power: Fix swsusp_arch_resume prototype Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 080/329] firmware: dmi_scan: Fix handling of empty DMI strings Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 081/329] ACPI: processor_perflib: Do not send _PPC change notification if not ready Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 082/329] ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 083/329] bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 084/329] MIPS: generic: Fix machine compatible matching Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 085/329] MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 086/329] xen-netfront: Fix race between device setup and open Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 087/329] xen/grant-table: Use put_page instead of free_page Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 088/329] RDS: IB: Fix null pointer issue Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 089/329] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 090/329] proc: fix /proc/*/map_files lookup Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 091/329] cifs: silence compiler warnings showing up with gcc-8.0.0 Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 092/329] bcache: properly set task state in bch_writeback_thread() Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 094/329] bcache: fix for data collapse after re-attaching an attached device Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 095/329] bcache: return attach error when no cache set exist Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 096/329] tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 097/329] bpf: fix rlimit in reuseport net selftest Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 098/329] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 099/329] locking/qspinlock: Ensure node->count is updated before initialising node Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 100/329] irqchip/gic-v3: Ignore disabled ITS nodes Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 101/329] cpumask: Make for_each_cpu_wrap() available on UP as well Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 102/329] irqchip/gic-v3: Change pr_debug message to pr_devel Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 103/329] ARC: Fix malformed ARC_EMUL_UNALIGNED default Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 104/329] ptr_ring: prevent integer overflow when calculating size Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 105/329] libata: Fix compile warning with ATA_DEBUG enabled Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 106/329] selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 108/329] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 109/329] ARM: OMAP3: Fix prm wake interrupt for resume Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 110/329] ARM: OMAP1: clock: Fix debugfs_create_*() usage Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 111/329] ibmvnic: Free RX socket buffer in case of adapter error Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 112/329] iwlwifi: mvm: fix security bug in PN checking Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 113/329] iwlwifi: mvm: always init rs with 20mhz bandwidth rates Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 114/329] NFC: llcp: Limit size of SDP URI Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 115/329] rxrpc: Work around usercopy check Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 116/329] mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 117/329] mac80211: fix a possible leak of station stats Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 118/329] mac80211: fix calling sleeping function in atomic context Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 119/329] mac80211: Do not disconnect on invalid operating class Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 120/329] md raid10: fix NULL deference in handle_write_completed() Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 121/329] drm/exynos: g2d: use monotonic timestamps Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 122/329] drm/exynos: fix comparison to bitshift when dealing with a mask Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 123/329] drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 124/329] locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 125/329] md: raid5: avoid string overflow warning Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 126/329] kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 127/329] powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 128/329] s390/cio: fix ccw_device_start_timeout API Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 129/329] s390/cio: fix return code after missing interrupt Greg Kroah-Hartman
2018-05-28 10:00 ` [PATCH 4.9 130/329] s390/cio: clear timer when terminating driver I/O Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 131/329] PKCS#7: fix direct verification of SignerInfo signature Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 132/329] ARM: OMAP: Fix dmtimer init for omap1 Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 133/329] smsc75xx: fix smsc75xx_set_features() Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 134/329] regulatory: add NUL to request alpha2 Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 135/329] integrity/security: fix digsig.c build error with header file Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 136/329] locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 137/329] x86/topology: Update the cpu cores field in /proc/cpuinfo correctly across CPU hotplug operations Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 138/329] mac80211: drop frames with unexpected DS bits from fast-rx to slow path Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 139/329] arm64: fix unwind_frame() for filtered out fn for function graph tracing Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 140/329] macvlan: fix use-after-free in macvlan_common_newlink() Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 141/329] kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 142/329] fs: dcache: Avoid livelock between d_alloc_parallel and __d_add Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 143/329] fs: dcache: Use READ_ONCE when accessing i_dir_seq Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 144/329] md: fix a potential deadlock of raid5/raid10 reshape Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 145/329] md/raid1: fix NULL pointer dereference Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 146/329] batman-adv: fix packet checksum in receive path Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 147/329] batman-adv: invalidate checksum on fragment reassembly Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 148/329] netfilter: ebtables: convert BUG_ONs to WARN_ONs Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 149/329] batman-adv: Ignore invalid batadv_iv_gw during netlink send Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 150/329] batman-adv: Ignore invalid batadv_v_gw " Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 153/329] nvme-pci: Fix nvme queue cleanup if IRQ setup fails Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 154/329] clocksource/drivers/fsl_ftm_timer: Fix error return checking Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 155/329] ceph: fix dentry leak when failing to init debugfs Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 156/329] ARM: orion5x: Revert commit 4904dbda41c8 Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 157/329] qrtr: add MODULE_ALIAS macro to smd Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 158/329] r8152: fix tx packets accounting Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 159/329] virtio-gpu: fix ioctl and expose the fixed status to userspace Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 160/329] dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 161/329] bcache: fix kcrashes with fio in RAID5 backend dev Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 162/329] ip6_tunnel: fix IFLA_MTU ignored on NEWLINK Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 163/329] sit: " Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 164/329] ARM: dts: NSP: Fix amount of RAM on BCM958625HR Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 165/329] powerpc/boot: Fix random libfdt related build errors Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 166/329] gianfar: Fix Rx byte accounting for ndev stats Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 167/329] net/tcp/illinois: replace broken algorithm reference link Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 168/329] nvmet: fix PSDT field check in command format Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 170/329] drm/sun4i: Fix dclk_set_phase Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 171/329] Btrfs: send, fix issuing write op when processing hole in no data mode Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 172/329] selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 173/329] KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 174/329] iwlwifi: mvm: fix TX of CCMP 256 Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 175/329] watchdog: f71808e_wdt: Fix magic close handling Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 176/329] watchdog: sbsa: use 32-bit read for WCV Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 178/329] e1000e: Fix check_for_link return value with autoneg off Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 179/329] e1000e: allocate ring descriptors with dma_zalloc_coherent Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 180/329] ia64/err-inject: Use get_user_pages_fast() Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 181/329] RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 182/329] RDMA/qedr: Fix iWARP write and send with immediate Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 183/329] IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 184/329] IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 185/329] IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 186/329] fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 187/329] fsl/fman: avoid sleeping in atomic context while adding an address Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 188/329] net: qcom/emac: Use proper free methods during TX Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 189/329] net: smsc911x: Fix unload crash when link is up Greg Kroah-Hartman
2018-05-28 10:01 ` [PATCH 4.9 190/329] IB/core: Fix possible crash to access NULL netdev Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 191/329] xen: xenbus: use put_device() instead of kfree() Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 192/329] arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 193/329] dmaengine: mv_xor_v2: Fix clock resource by adding a register clock Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 194/329] netfilter: ebtables: fix erroneous reject of last rule Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 195/329] bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 196/329] workqueue: use put_device() instead of kfree() Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 197/329] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 198/329] sunvnet: does not support GSO for sctp Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 199/329] drm/imx: move arming of the vblank event to atomic_flush Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 200/329] microblaze: switch to NO_BOOTMEM Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 201/329] net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 202/329] batman-adv: fix header size check in batadv_dbg_arp() Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 203/329] batman-adv: Fix skbuff rcsum on packet reroute Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 204/329] vti4: Dont count header length twice on tunnel setup Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 205/329] vti4: Dont override MTU passed on link creation via IFLA_MTU Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 206/329] perf/cgroup: Fix child event counting bug Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 207/329] brcmfmac: Fix check for ISO3166 code Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 208/329] kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 209/329] RDMA/ucma: Correct option size check using optlen Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 210/329] RDMA/qedr: fix QPs ack timeout configuration Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 211/329] RDMA/qedr: Fix rc initialization on CNQ allocation failure Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 212/329] macsec: missing dev_put() on error in macsec_newlink() Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 213/329] mm/mempolicy.c: avoid use uninitialized preferred_node Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 214/329] mm, thp: do not cause memcg oom for thp Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 215/329] selftests: ftrace: Add probe event argument syntax testcase Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 216/329] selftests: ftrace: Add a testcase for string type with kprobe_event Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 217/329] selftests: ftrace: Add a testcase for probepoint Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 220/329] ARM: 8748/1: mm: Define vdso_start, vdso_end as array Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 221/329] net: qmi_wwan: add BroadMobi BM806U 2020:2033 Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 222/329] perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 223/329] llc: properly handle dev_queue_xmit() return value Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 224/329] builddeb: Fix header package regarding dtc source links Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 225/329] mm/kmemleak.c: wait for scan completion before disabling free Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 226/329] net: Fix untag for vlan packets without ethernet header Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 227/329] net: mvneta: fix enable of all initialized RXQs Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 228/329] sh: fix debug trap failure to process signals before return to user Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 230/329] x86/pgtable: Dont set huge PUD/PMD on non-leaf entries Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 231/329] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 232/329] fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 233/329] swap: divide-by-zero when zero length swap file on ssd Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 234/329] sr: get/drop reference to device in revalidate and check_events Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 235/329] Force log to disk before reading the AGF during a fstrim Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 236/329] cpufreq: CPPC: Initialize shared perf capabilities of CPUs Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 237/329] dp83640: Ensure against premature access to PHY registers after reset Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 238/329] mm/ksm: fix interaction with THP Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 239/329] mm: fix races between address_space dereference and free in page_evicatable Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 240/329] Btrfs: bail out on error during replay_dir_deletes Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 241/329] Btrfs: fix NULL pointer dereference in log_dir_items Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 242/329] btrfs: Fix possible softlock on single core machines Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 243/329] ocfs2/dlm: dont handle migrate lockres if already in shutdown Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 244/329] sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 246/329] fscache: Fix hanging wait on page discarded by writeback Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 248/329] net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 249/329] btrfs: tests/qgroup: Fix wrong tree backref level Greg Kroah-Hartman
2018-05-28 10:02 ` [PATCH 4.9 250/329] Btrfs: fix copy_items() return value when logging an inode Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 251/329] btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 252/329] rxrpc: Fix Tx ring annotation after initial Tx failure Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 253/329] rxrpc: Dont treat call aborts as conn aborts Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 254/329] xen/acpi: off by one in read_acpi_id() Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 255/329] drivers: macintosh: rack-meter: really fix bogus memsets Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 256/329] ACPI: acpi_pad: Fix memory leak in power saving threads Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 257/329] powerpc/mpic: Check if cpu_possible() in mpic_physmask() Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 258/329] m68k: set dma and coherent masks for platform FEC ethernets Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 259/329] parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 260/329] hwmon: (nct6775) Fix writing pwmX_mode Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 261/329] powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 262/329] powerpc/perf: Fix kernel address leak via sampling registers Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 263/329] tools/thermal: tmon: fix for segfault Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 264/329] selftests: Print the test were running to /dev/kmsg Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 265/329] net/mlx5: Protect from command bit overflow Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 266/329] ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 267/329] cxgb4: Setup FW queues before registering netdev Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 268/329] ima: Fallback to the builtin hash algorithm Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 269/329] virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 270/329] arm: dts: socfpga: fix GIC PPI warning Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 271/329] cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 272/329] zorro: Set up z->dev.dma_mask for the DMA API Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 273/329] bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 274/329] ACPICA: Events: add a return on failure from acpi_hw_register_read Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 275/329] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 276/329] cxgb4: Fix queue free path of ULD drivers Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 277/329] i2c: mv64xxx: Apply errata delay only in standard mode Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 279/329] perf top: Fix top.call-graph config option reading Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 280/329] perf stat: Fix core dump when flag T is used Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 281/329] IB/core: Honor port_num while resolving GID for IB link layer Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 282/329] regulator: gpio: Fix some error handling paths in gpio_regulator_probe() Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 283/329] spi: bcm-qspi: fIX some error handling paths Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 284/329] MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 285/329] PCI: Restore config space on runtime resume despite being unbound Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 286/329] ipmi_ssif: Fix kernel panic at msg_done_handler Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 288/329] f2fs: fix to check extent cache in f2fs_drop_extent_tree Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 289/329] perf/core: Fix perf_output_read_group() Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 290/329] drm/panel: simple: Fix the bus format for the Ontat panel Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 291/329] hwmon: (pmbus/max8688) Accept negative page register values Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 292/329] hwmon: (pmbus/adm1275) " Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 293/329] perf/x86/intel: Properly save/restore the PMU state in the NMI handler Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 294/329] cdrom: do not call check_disk_change() inside cdrom_open() Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 295/329] perf/x86/intel: Fix large period handling on Broadwell CPUs Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 296/329] perf/x86/intel: Fix event update for auto-reload Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 297/329] arm64: dts: qcom: Fix SPI5 config on MSM8996 Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 298/329] soc: qcom: wcnss_ctrl: Fix increment in NV upload Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 299/329] gfs2: Fix fallocate chunk size Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 300/329] x86/devicetree: Initialize device tree before using it Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 301/329] x86/devicetree: Fix device IRQ settings in DT Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 302/329] ALSA: vmaster: Propagate slave error Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 303/329] dmaengine: pl330: fix a race condition in case of threaded irqs Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 304/329] dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 305/329] enic: enable rq before updating rq descriptors Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 306/329] hwrng: stm32 - add reset during probe Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 307/329] dmaengine: qcom: bam_dma: get num-channels and num-ees from dt Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 308/329] net: stmmac: ensure that the device has released ownership before reading data Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 309/329] net: stmmac: ensure that the MSS desc is the last desc to set the own bit Greg Kroah-Hartman
2018-05-28 10:03 ` [PATCH 4.9 310/329] cpufreq: Reorder cpufreq_online() error code path Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 311/329] PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 313/329] ARM: dts: bcm283x: Fix probing of bcm2835-i2s Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 314/329] audit: return on memory error to avoid null pointer dereference Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 315/329] rcu: Call touch_nmi_watchdog() while printing stall warnings Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 316/329] pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 317/329] MIPS: Octeon: Fix logging messages with spurious periods after newlines Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 319/329] x86/apic: Set up through-local-APIC mode on the boot CPU if noapic specified Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 320/329] perf tests: Use arch__compare_symbol_names to compare symbols Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 321/329] perf report: Fix memory corruption in --branch-history mode --branch-history Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 322/329] selftests/net: fixes psock_fanout eBPF test case Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 323/329] netlabel: If PF_INET6, check sk_buff ip header version Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 324/329] regmap: Correct comparison in regmap_cached Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 325/329] ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 326/329] ARM: dts: porter: Fix HDMI output routing Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 327/329] regulator: of: Add a missing of_node_put() in an error handling path of of_regulator_match() Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 328/329] pinctrl: msm: Use dynamic GPIO numbering Greg Kroah-Hartman
2018-05-28 10:04 ` [PATCH 4.9 329/329] kdb: make "mdr" command repeat Greg Kroah-Hartman
2018-05-29 0:44 ` [PATCH 4.9 000/329] 4.9.104-stable review Guenter Roeck
2018-05-29 5:35 ` Naresh Kamboju
2018-05-29 19:50 ` Shuah Khan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).